SLIDE 1
ObliviAd: Provably Secure and Practical Online Behavioral Advertising
[IEEE S&P ’12]
Michael Backes1,2 Aniket Kate1 Matteo Maffei2 Kim Pecina2
1MPI-SWS, Germany 2Saarland University, Germany
ObliviAd : Provably Secure and Practical Online Behavioral - - PowerPoint PPT Presentation
ObliviAd : Provably Secure and Practical Online Behavioral - - PowerPoint PPT Presentation
ObliviAd : Provably Secure and Practical Online Behavioral Advertising [IEEE S&P 12] Michael Backes 1 , 2 Aniket Kate 1 Matteo Maffei 2 Kim Pecina 2 1 MPI-SWS, Germany 2 Saarland University, Germany Tracking in the Advertising World Today
SLIDE 2
SLIDE 3
Tracking in the Advertising World Today
2
SLIDE 4
Tracking in the Advertising World Today
2
SLIDE 5
Tracking in the Advertising World Today
2
SLIDE 6
Tracking in the Advertising World Today
2
SLIDE 7
Outline
Privacy-Preserving Online Behavioral Advertising
Online Behavioral Advertising—OBA Privacy-Preserving OBA Goals Private Information Retrieval (PIR) using Trusted Hardware Our Solutions: ObliviAd Performance and Formal Analysis
3
SLIDE 8
OBA 101
- 0. Registration
4
SLIDE 9
OBA 101
- 1. Page Rendering
4
SLIDE 10
OBA 101
- 2. Ad Request
4
SLIDE 11
OBA 101
- 3. Ads Auction
4
SLIDE 12
OBA 101
- 4. Ad Rendering
4
SLIDE 13
OBA 101
- 5. Billing
4
SLIDE 14
Privacy-Preserving OBA
Privacy Goals
Profile Privacy. The broker cannot associate any unit of learned
information (e.g., clicked ads) with any user
Profile Unlinkability. The broker cannot associate separate units of
learned information with a single profile
5
SLIDE 15
Privacy-Preserving OBA
Privacy Goals
Profile Privacy. The broker cannot associate any unit of learned
information (e.g., clicked ads) with any user
Profile Unlinkability. The broker cannot associate separate units of
learned information with a single profile
Systems Goals
Client-side Fraud Detection. The likeliness of detection of clients’
malicious behaviors should not decrease
Click Success Measures. Computations of success measures
such as click-through rate should be possible
- Performance. Privacy-preserving mechanisms should not hamper
the system performance and efficacy
5
SLIDE 16
OBA with User-side Profiles
does not provide the required privacy
6
SLIDE 17
OBA with User-side Profiles
does not provide the required privacy
6
SLIDE 18
Private Information Retrieval—PIR
7
SLIDE 19
Private Information Retrieval—PIR
[Chor et al., FOCS’95]
7
SLIDE 20
Private Information Retrieval—PIR
[Chor et al., FOCS’95] The existing computational PIR solutions are not much better than downloading the complete database
7
SLIDE 21
Oblivious RAM
[Goldreich, STOC’87] Access privacy with (O(logk n) for k > 0) communication and computation
8
SLIDE 22
PIR using ORAM and Trusted Hardware
[Williams and Sion, NDSS’08] A secure coprocessor on the server performs ORAM with the database to answer client’s PIR queries
9
SLIDE 23
ObliviAd: Distribution Phase
10
SLIDE 24
ObliviAd: Tallying Phase
11
SLIDE 25
ObliviAd: Tallying Phase
11
SLIDE 26
ObliviAd: Tallying Phase
11
SLIDE 27
ObliviAd: Tallying Phase
11
SLIDE 28
ObliviAd: Features
A provably secure privacy-preserving OBA architecture Without any reduction in the precision of ads selection No trusted third party Reasonable performance, which will only improve as the better ORAM constructions are available
12
SLIDE 29
Prototype Implementation
We adopt the binary tree-based ORAM construction by Shi et
- al. [AsiaCrypt’11] having O(log2(n)) computation
- Keyword-based ORAM instead of Index-based ORAM
Microbenchmarks: Ad Distribution
10 15 20 25 30 0.2 0.4 0.6 0.8 1 1.2
Tree depth = log(#Ads) Time in s Read operation
Experiment Setup: Intel i5 quad-core processor with 3.3 GHz and 8 GB RAM. The hard drive speed is 7200 RPM with 16 MB cache. Ad sizes: up to 40KB
13
SLIDE 30
Performance
Other computation and communication delays are not significant An implementation on the latest IBM 4765 PCIe cryptographic coprocessor is in progress
14
SLIDE 31
Performance
Other computation and communication delays are not significant An implementation on the latest IBM 4765 PCIe cryptographic coprocessor is in progress
Possible Optimizations
Database Replication and Concurrency Modifying Shi et al. scheme for efficiency
- Evicting while reading
More efficient ORAM constructions are expected in the near future
14
SLIDE 32
Formal Analysis
We modeled our protocol in the applied pi-calculus and used ProVerif to formally prove the correctness and privacy properties: Profile Privacy Profile Unlinkability Billing Correctness
15
SLIDE 33
Other Possibilities
Onion routing (Tor). Privacy through anonymity
- What about (click) fraud detections?
donottrack.us. Universal Web Tracking Opt Out
- It may hamper the ad-world economy
- A cat-and-mouse race
- Privad. Proxy-based Mixing [NSDI’11]
- How to implement an honest-but-curious proxy?
- Traffic Analysis
- Adnostic. Download a few (say 20) random ads [NDSS’10]
- Quality of OBA
16
SLIDE 34
Summary
Privacy concerns in OBA are receiving an increasing attention Practical privacy-preserving OBA is possible without hampering
- the quality ads and
- the economic model of the ad network
We are developing a complete implementation on IBM 4765 PCIe cryptographic coprocessor Project Webpage: http://www.lbs.cs.uni-saarland.de/obliviad
17
SLIDE 35
Summary
Privacy concerns in OBA are receiving an increasing attention Practical privacy-preserving OBA is possible without hampering
- the quality ads and
- the economic model of the ad network