ObliviAd: Provably secure and practical online behavioral advertising

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2012, Pages 257-271

  Backes, Michael ^a,b   Kate, Aniket ^a   Maffei, Matteo ^b   Pecina, Kim ^b  

^a MAX PLANCK INSTITUTE FOR SOFTWARE SYSTEMS   (Germany)

^b SAARLAND UNIVERSITY   (Germany)

Author keywords

behavorial advertising; formal verification; oblivious ram; privacy; private information retrieval; trusted hardware; unlinkability

Indexed keywords

BEHAVIORAL RESEARCH; FORMAL VERIFICATION; INFORMATION RETRIEVAL; MARKETING; PRIVACY-PRESERVING TECHNIQUES; USER PROFILE; WEBSITES;

ADVERTISING SYSTEMS; ADVERTIZING; BEHAVORIAL ADVERTIZING; OBLIVIOUS RAM; ONLINE BEHAVIORAL ADVERTISINGS; PRIVACY; PRIVATE INFORMATION RETRIEVAL; PROVABLY SECURE; TRUSTED HARDWARES; UNLINKABILITY;

WEB SERVICES;

EID: 84874786070     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2012.25     Document Type: Conference Paper

References (51)

1. M. Abadi and C. Fournet, "Mobile values, new names, and secure communication," in Proc. Symposium on Principles of Programming Languages (POPL'01). ACM Press, 2001, pp. 104-115.
2. http://www.anonymizer.com.
3. M. Backes, A. Kate, M. Maffei, and K. Pecina, "ObliviAd ProVerif Scripts," http://lbs.cs.uni-saarland.de/obliviad.
4. M. Bellare, J. A. Garay, and T. Rabin, "Fast Batch Verification for Modular Exponentiation and Digital Signatures," in Advances in Cryptology (EUROCRYPT'98), 1998, pp. 236-250.
5. M. Bellare and C. Namprempre, "Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm," Journal of Cryptology, vol. 21, no. 4, pp. 469-491, 2008.
6. B. Blanchet, "An Efficient Cryptographic Protocol Verifier Based on Prolog Rules." in Proc. IEEE Computer Security Foundations Workshop (CSFW'01). IEEE Computer Society Press, 2001, pp. 82-96.
7. A. W. Branscomb, "Anonymity, Autonomy, and Accountability: Challenges to the First Amendment in Cyberspaces," The Yale Law Journal, vol. 104, no. 7, 1995.
8. A. Brown and J. Chase, "Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications," in The ACM Cloud Computing Security Workshop (CCSW'11), 2011.
9. D. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms," Journal of the ACM, vol. 24, no. 2, pp. 84-88, 1981. (Pubitemid 11480996)
10. -, "Blind Signatures for Untraceable Payments," in Proc. Advances in Cryptology (CRYPTO'87), 1982, pp. 199-203.
11. D. Chaum, A. Fiat, and M. Naor, "Untraceable Electronic Cash," in Proc. Advances in Cryptology (CRYPTO'88), 1990, pp. 319-327.
12. B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan, "Private information retrieval," in Proc. IEEE Symposium on Foundations of Computer Science (FOCS'95), 1995, pp. 41-50.
13. C. Coarfa, P. Druschel, and D. S. Wallach, "Performance analysis of TLS Web servers," ACM Trans. Comput. Syst., vol. 24, no. 1, pp. 39-69, 2006.
14. F. T. Commission, "FTC Staff Report: Self-Regulatory Principles For Online Behavioral Advertising," http://www.ftc.gov/opa/2009/02/behavad. shtm, Feb 2009, accessed October 2011.
15. http://www.aboutads.info/choices/.
16. S. Delaune, S. Kremer, and M. Ryan, "Verifying privacy-type properties of electronic voting protocols," JCS, vol. 17, pp. 435-487, 2009.
17. X. Ding, Y. Yang, R. H. Deng, and S. Wang, "A new hardware-assisted PIR with O(n) shuffle cost," Inter. Journal of Information Security, vol. 9, no. 4, pp. 237-252, 2010.
18. D. S. Evans, "The Online Advertising Industry: Economics, Evolution, and Privacy," Journal of Economic Perspectives, vol. 23, no. 3, pp. 37-60, 2009.
19. J. Feng, H. K. Bhargava, and D. M. Pennock, "Implementing Sponsored Search in Web Search Engines: Computational Evaluation of Alternative Mechanisms," INFORMS J. on Computing, vol. 19, pp. 137-148, January 2007.
20. M. Fredrikson and B. Livshits, "RePriv: Re-imagining Content Personalization and In-browser Privacy," in Proc. IEEE Symposium on Security & Privacy (S&P'11), 2011, pp. 131-146.
21. O. Goldreich, "Towards a theory of software protection and simulation by oblivious RAMs," in Proc. ACM Symposium on Theory of Computing (STOC'87), 1987, pp. 182-194.
22. -, Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001.
23. O. Goldreich and R. Ostrovsky, "Software Protection and Simulation on Oblivious RAMs," Journal of the ACM, vol. 43, pp. 431-473, May 1996. (Pubitemid 126607640)
24. M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia, "Oblivious RAM Simulation with Efficient Worst-Case Access Overhead," in Proc. ACM Workshop on Cloud Computing Security (CCSW'11), 2011, pp. 95-100.
25. S. Guha, B. Cheng, and P. Francis, "Privad: Practical Privacy in Online Advertising," in Proc. Symposium on Networked Systems Design and Implementation (NSDI'11), Mar 2011.
26. S. Guha, A. Reznichenko, K. Tang, H. Haddadi, and P. Francis, "Serving Ads from localhost for Performance, Privacy, and Profit," in Proc. Workshop on Hot Topics in Networks (HotNets), 2009.
27. http://www-03.ibm.com/security/cryptocards/.
28. A. Juels, "Targeted Advertising ... And Privacy Too," in CT-RSA'01, 2001, pp. 408-424.
29. P. Kazienko and M. Adamski, "AdROSA - Adaptive personalization of web advertising," Inf. Sci., vol. 177, no. 11, pp. 2269-2295, 2007. (Pubitemid 46435500)
30. N. J. King, "Why privacy discussions about pervasive online customer profiling should focus on the expanding roles of third-parties," International Journal of Private Law, vol. 4, no. 2, pp. 193-229, 2011.
31. S. Komanduri, R. Shay, B. U. Greg Norcie, and L. F. Cranor, "AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements," Carnegie Mellon University, Tech. Rep. CMU-CyLab-11-005, October 2011.
32. B. Krishnamurthy and C. E. Wills, "Cat and mouse: content delivery tradeoffs in web access," in Proc. International World WideWeb Conference (WWW'06), 2006, pp. 337-346.
33. -, "Privacy diffusion on the web: a longitudinal perspective," in Proc. International World Wide Web Conference (WWW'09), 2009, pp. 541-550.
34. G. Lowe, "A Hierarchy of Authentication Specifications," in Proc. IEEE Computer Security Foundations Workshop (CSFW'97). IEEE Computer Society Press, 1997, pp. 31-44.
35. J. Mayer and A. Narayanan, "Do Not Track: Universal Web Tracking Opt-Out," http://donottrack.us, Stanford University, accessed October 2011.
36. J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, "Flicker: an execution infrastructure for tcb minimization," in Proc. European Professional Society on Computer Systems (EUROSYS'08). ACM Press, 2008, pp. 315-328.
37. J. McLachlan, A. Tran, N. Hopper, and Y. Kim, "Scalable onion routing with torsk," in Proc. ACM Conference on Computer and Communications Security (CCS'09), 2009, pp. 590-599.
38. F. Olumofin and I. Goldberg, "Revisiting the Computational Practicality of Private Information Retrieval," in Proc. Inter. Conference on Financial Cryptography and Data Security (FC'11), 2011.
39. A. Perrig, S. W. Smith, D. X. Song, and J. D. Tygar, "SAM: A Flexible and Secure Auction Architecture Using Trusted Hardware," in Proc. International Parallel & Distributed Processing Symposium (IPDPS'01), 2001, p. 170, http://sparrow.ece.cmu.edu/~adrian/projects/SAM/.
40. http://www.privacychoice.org/privacymark.
41. A. Reznichenko, S. Guha, and P. Francis, "Auctions in Do-Not-Track Compliant Internet Advertising," in Proc. ACM Conference on Computer and Communications Security (CCS'11), 2011, pp. 667-676.
42. N. Santos, K. P. Gummadi, and R. Rodrigues, "Towards trusted cloud computing," in Proc. Conference on Hot topics in Cloud Computing (HotCloud'09), 2009.
43. E. Shi, T.-H. H. Chan, E. Stefanov, and M. Li, "Oblivious RAM with O ((logN) 3) Worst-Case Cost," in Advances in Cryptology (ASIACRYPT'11), 2011, pp. 197-214.
44. R. Sion and B. Carbunar, "On the Practicality of Private Information Retrieval," in Proc. ISOC Network and Distributed System Security Symposium (NDSS'07). Internet Society, 2007.
45. E. G. Sirer, W. de Bruijn, P. Reynolds, A. Shieh, K. Walsh, D. Williams, and F. B. Schneider, "Logical attestation: an authorization architecture for trustworthy computing," in Proc. Symposium on Operating Principles (SOSP'11), 2011, pp. 249-264, http://www.cs.cornell.edu/people/egs/nexus/.
46. S. W. Smith, "Outbound Authentication for Programmable Secure Coprocessors," Inter. Journal of Information Security, vol. 3, no. 1, pp. 28-41, 2004.
47. S. W. Smith and S. Weingart, "Building a high-performance, programmable secure coprocessor," Computer Networks, vol. 31, no. 8, pp. 831-860, 1999.
48. "The Tor Project," https://www.torproject.org/, 2003, accessed October 2011.
49. V. Toubiana, A. Narayanan, D. Boneh, H. Nissenbaum, and S. Barocas, "Adnostic: Privacy Preserving Targeted Advertising," in Proc. Network and Distributed System Security Symposium (NDSS'10), 2010.
50. S. Wang, X. Ding, R. H. Deng, and F. Bao, "Private Information Retrieval Using Trusted Hardware," in Proc. European Symposium on Research in Computer Security (ESORICS'06), 2006, pp. 49-64.
51. P. Williams and R. Sion, "Usable PIR," in Proc. ISOC Network and Distributed System Security Symposium (NDSS'08), 2008.