research-article

Privado: Privacy-preserving Group-based Advertising Using Multiple Independent Social Network Providers

Authors:

Sanaz Taheri Boshrooyeh,

Alptekin Küpçü,

Öznur ÖzkasapAuthors Info & Claims

ACM Transactions on Privacy and Security (TOPS), Volume 23, Issue 3

Article No.: 12, Pages 1 - 36

https://doi.org/10.1145/3386154

Published: 06 June 2020 Publication History

Abstract

Online Social Networks (OSNs) offer free storage and social networking services through which users can communicate personal information with one another. The personal information of the users collected by the OSN provider comes with privacy problems when being monetized for advertising purposes. To protect user privacy, existing studies propose utilizing data encryption that immediately prevents OSNs from monetizing users data and hence leaves secure OSNs with no convincing commercial model. To address this problem, we propose Privado as a privacy-preserving group-based advertising mechanism to be integrated into secure OSNs to re-empower monetizing ability. Privado is run by N servers, each provided by an independent provider. User privacy is protected against an active malicious adversary controlling N − 1 providers, all the advertisers, and a large fraction of the users. We base our design on the group-based advertising notion to protect user privacy, which is not possible in the personalized variant. Our design also delivers advertising transparency; the procedure of identifying target customers is operated solely by the OSN servers without getting users and advertisers involved. We carry out experiments to examine the advertising running time under various number of servers and group sizes. We also argue about the optimum number of servers with respect to user privacy and advertising running time.

References

[1]

Prabhanjan Ananth, Nishanth Chandran, Vipul Goyal, Bhavana Kanukurthi, and Rafail Ostrovsky. 2014. Achieving privacy in verifiable computation with multiple servers--without FHE and without pre-processing. In Proceedings of the International Workshop on Public Key Cryptography. Springer, 149--166.

Digital Library

[2]

Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, and Daniel Starin. 2009. Persona: An online social network with user-defined privacy. In Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication (SIGCOMM’09).

Digital Library

[3]

Alessandro Barenghi, Michele Beretta, Alessandro Di Federico, and Gerardo Pelosi. 2014. Snake: An end-to-end encrypted online social network. In Proceedings of the IEEE International Conference on Embedded Software and Systems (ICESS’14). IEEE.

Digital Library

[4]

Debmalya Biswas, Stephan Haller, and Florian Kerschbaum. 2010. Privacy-preserving outsourced profiling. In Proceedings of the IEEE Congress on Evolutionary Computation (CEC’10). IEEE.

Digital Library

[5]

Marina Blanton and Fattaneh Bayatbabolghani. 2016. Efficient server-aided secure two-party function evaluation with applications to genomic computation. Proc. Privacy Enhanc. Technol. 2016, 4 (2016), 144--164.

[6]

Burton H. Bloom. 1970. Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13, 7 (1970), 422--426.

Digital Library

[7]

Dan Boneh, Giovanni Di Crescenzo, Rafail Ostrovsky, and Giuseppe Persiano. 2004. Public key encryption with keyword search. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 506--522.

[8]

Sanaz Taheri Boshrooyeh, Alptekin Küpçü, and Öznur Özkasap. 2018. PPAD: Privacy preserving group-based ADvertising in online social networks. In Proceedings of the International Federation for Information Processing (IFIP’18). IEEE, Zurich, Switzerland, 541--549.

[9]

Bruce Schneier. 2015. Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition. https://www.wiley.com/en-gb/Applied+Cryptography%3A+Protocols%2C+Algorithms+and+Source+Code+in+C%2C+20th+Anniversary+Edition-p-9781119096726. 784 Pages.

[10]

Sonja Buchegger, Doris Schiöberg, Le-Hung Vu, and Anwitaman Datta. 2009. PeerSoN: P2P social networking: Early experiences and insights. In Proceedings of the 2nd ACM EuroSys Workshop on Social Network Systems. ACM, 46--52.

Digital Library

[11]

Henry Carter, Benjamin Mood, Patrick Traynor, and Kevin Butler. 2015. Outsourcing secure two-party computation as a black box. In Proceedings of the Conference on Cryptology and Network Security.

[12]

Henry Carter, Benjamin Mood, Patrick Traynor, and Kevin Butler. 2016. Secure outsourced garbled circuit evaluation for mobile devices. J. Comput. Secur. 24, 2 (2016), 137--180.

[13]

Miguel Castro and Barbara Liskov. 2002. Practical Byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20, 4 (2002), 398--461.

Digital Library

[14]

Ronald Cramer, Ivan Damgård, and Jesper B. Nielsen. 2001. Multiparty computation from threshold homomorphic encryption. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 280--300.

[15]

Ivan Damgård and Jesper Buus Nielsen. 2003. Universally composable efficient multiparty computation from threshold homomorphic encryption. In Proceedings of the Annual International Cryptology Conference. Springer, 247--264.

[16]

Ivan Damgård, Valerio Pastro, Nigel Smart, and Sarah Zakarias. 2012. Multiparty computation from somewhat homomorphic encryption. In Proceedings of the Annual Cryptology Conference. Springer, 643--662.

Digital Library

[17]

Emiliano De Cristofaro, Claudio Soriente, Gene Tsudik, and Albert Williams. 2012. Hummingbird: Privacy at the time of Twitter. In Proceedings of the Conference on Security and Privacy (SP’12). IEEE.

Digital Library

[18]

Ariel J. Feldman, Aaron Blankstein, Michael J. Freedman, and Edward W. Felten. 2012. Social networking with frientegrity: Privacy and integrity with an untrusted provider. In Proceedings of the USENIX Security Symposium.

[19]

Amos Fiat and Adi Shamir. 1986. How to prove yourself: Practical solutions to identification and signature problems. In Proceedings of the Conference on Advances in Cryptology (CRYPTO’86). Springer, 186--194.

Digital Library

[20]

Saikat Guha, Bin Cheng, and Paul Francis. 2011. Privad: Practical privacy in online advertising. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI’11).

[21]

Yahya Hassanzadeh-Nazarabadi, Alptekin Küpçü, and Öznur Özkasap. 2019. LightChain: A DHT-based blockchain for resource constrained environments. arXiv preprint arXiv:1904.00375. https://arxiv.org/abs/1904.00375.

[22]

Carmit Hazay and Yehuda Lindell. 2010. Efficient Secure Two-party Protocols: Techniques and Constructions. Springer Science 8 Business Media.

[23]

Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, and Tomas Toft. 2011. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. Retrieved from https://eprint.iacr.org/2011/494.pdf.

[24]

Carmit Hazay, Gert Læssøe Mikkelsen, Tal Rabin, and Tomas Toft. 2012. Efficient RSA key generation and threshold paillier in the two-party setting. In Proceedings of the Cryptographers’ Track at the RSA Conference. Springer, 313--331.

Digital Library

[25]

Debiao He, Mimi Ma, Sherali Zeadally, Neeraj Kumar, and Kaitai Liang. 2018. Certificateless public key authenticated encryption with keyword search for industrial internet of things. IEEE Trans. Industr. Inform. 14, 8 (2018), 3618--3627.

[26]

Amir Herzberg and Haya Shulman. 2013. Oblivious and fair server-aided two-party computation. Info. Secur. Tech. Rep. 17, 2 (2013), 210--226.

[27]

Qiong Huang and Hongbo Li. 2017. An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks. Info. Sci. 403 (2017), 1--14.

[28]

Thomas P. Jakobsen, Jesper Buus Nielsen, and Claudio Orlandi. 2014. A framework for outsourcing of secure computation. In Proceedings of the 6th ACM Workshop on Cloud Computing Security. ACM, 81--92.

Digital Library

[29]

Ari Juels. 2001. Targeted advertising...and privacy too. In Proceedings of the Cryptographers Track of the RSA Conference (CT-RSA’01). Springer.

[30]

Seny Kamara, Payman Mohassel, and Mariana Raykova. 2011. Outsourcing multi-party computation. IACR Cryptol. ePrint Archive: Report 2011/272. https://eprint.iacr.org/2011/272.

[31]

Seny Kamara, Payman Mohassel, Mariana Raykova, and Saeed Sadeghian. 2014. Scaling private set intersection to billion-element sets. In Proceedings of the International Conference on Frontier Computing (FC). Springer.

[32]

Seny Kamara, Payman Mohassel, and Ben Riva. 2012. Salus: A system for server-aided secure function evaluation. In Proceedings of the ACM Computer and Communications Security Conference (CCS’12). ACM.

Digital Library

[33]

Jonathan Katz and Yehuda Lindell. 2014. Introduction to Modern Cryptography. CRC Press.

Digital Library

[34]

Florian Kerschbaum. 2009. Adapting privacy-preserving computation to the service provider model. In Proceedings of the SIAM Conference on Computational Science and Engineering (CSE’09). IEEE.

Digital Library

[35]

Florian Kerschbaum. 2012. Collusion-resistant outsourcing of private set intersection. In Applied Computing. ACM.

[36]

Florian Kerschbaum. 2012. Outsourced private set intersection using homomorphic encryption. In Proceedings of the ACM Computer and Communications Security Conference (CCS’12). ACM.

Digital Library

[37]

Handan Kılınç and Alptekin Küpçü. 2015. Optimally efficient multi-party fair exchange and fair secure multi-party computation. In Proceedings of the Cryptographers’ Track at the RSA Conference. Springer, 330--349.

[38]

Balachander Krishnamurthy and Craig E. Wills. 2008. Characterizing privacy in online social networks. In Proceedings of the Workshop on Online Social Networks (WOSN’08). ACM.

[39]

Jiguo Li, Xiaonan Lin, Yichen Zhang, and Jinguang Han. 2017. KSF-OABE: Outsourced attribute-based encryption with keyword search function for cloud storage. IEEE Trans. Services Comput. 10, 5 (2017), 715--725.

[40]

Yehuda Lindell. 2007. Foundations of Cryptography, Vol. 1. https://www.cambridge.org/tr/academic/subjects/computer-science/cryptography-cryptology-and-coding/foundations-cryptography-volume-1?format=PB8isbn=9780521035361.

[41]

Payman Mohassel, Ostap Orobets, and Ben Riva. 2016. Efficient server-aided 2pc for mobile phones. Proc. Privacy Enhanc. Technol. 2016, 2 (2016), 82--99.

[42]

Tal Moran and Moni Naor. 2010. Split-ballot voting: Everlasting privacy with distributed trust. ACM Trans. Info. Syst. Secur. 13, 2 (2010), 16.

[43]

Arvind Narayanan and Vitaly Shmatikov. 2009. De-anonymizing social networks. In Security and Privacy. IEEE.

[44]

Ozgur Oksuz, Iraklis Leontiadis, Sixia Chen, Alexander Russell, Qiang Tang, and Bing Wang. 2017. SEVDSI: Secure, Efficient and Verifiable Data Set Intersection. Technical Report. Cryptology ePrint Archive Report 2017/215. Retrieved from http://ia. cr/2017/215.

[45]

Constantinos Patsakis, Athanasios Zigomitros, and Agusti Solanas. 2015. Privacy-aware genome mining: Server-assisted protocols for private set intersection and pattern matching. In Proceedings of the International Symposium on Computer-based Medical Systems (CBMS’15). IEEE.

Digital Library

[46]

Kun Peng and Feng Bao. 2010. A shuffling scheme with strict and strong security. In Proceedings of the 4th International Conference on Emerging Security Information Systems and Technologies (SECURWARE’10). IEEE, 201--206.

Digital Library

[47]

Nina Pettersen. 2016. Applications of Paillier s Cryptosystem.Master’s thesis. NTNU.

[48]

Benny Pinkas, Thomas Schneider, and Michael Zohner. 2018. Scalable private set intersection based on ot extension. ACM Trans. Privacy Secur. 21, 2 (2018), 7.

[49]

Krishna Sampigethaya and Radha Poovendran. 2006. A survey on mix networks and their secure applications. Proc. IEEE 94, 12 (2006), 2142--2181.

[50]

Berry Schoenmakers and Meilof Veeningen. 2015. Universally verifiable multiparty computation from threshold homomorphic cryptosystems. In Proceedings of the International Conference on Applied Cryptography and Network Security. Springer, 3--22.

[51]

Jinyuan Sun, Xiaoyan Zhu, and Yuguang Fang. 2010. A privacy-preserving scheme for online social networks with efficient revocation. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’10). IEEE.

[52]

Amin Tootoonchian, Stefan Saroiu, Yashar Ganjali, and Alec Wolman. 2009. Lockr: Better privacy for social networks. In Proceedings of the International Conference on Emerging Networking Experiments and Technologies (CoNEXT’09). ACM.

Digital Library

[53]

Vincent Toubiana, Arvind Narayanan, Dan Boneh, Helen Nissenbaum, and Solon Barocas. 2010. Adnostic: Privacy preserving targeted advertising. In Proceedings of the Network and Distributed System Security Symposium (NDSS’10).

[54]

Nikolaj Volgushev, Malte Schwarzkopf, Ben Getchell, Mayank Varia, Andrei Lapets, and Azer Bestavros. 2019. Conclave: Secure multi-party computation on big data. In Proceedings of the European Conference on Computer Systems.

Digital Library

[55]

Yuan Zhang, Qingjun Chen, and Sheng Zhong. 2016. Privacy-preserving data aggregation in mobile phone sensing. IEEE Trans. Info. Forensics Secur. 11, 5 (2016), 980--992.

Digital Library

[56]

Qingji Zheng and Shouhuai Xu. 2015. Verifiable delegated set intersection operations on outsourced encrypted data. In Proceedings of the IEEE International Conference on Cloud Engineering (IC2E’15). IEEE.

Digital Library

[57]

Binrui Zhu, Jiameng Sun, Jing Qin, and Jixin Ma. 2017. The public verifiability of public key encryption with keyword search. In Proceedings of the International Conference on Mobile Networks and Management. Springer, 299--312.

[58]

Xukai Zou, Huian Li, Yan Sui, Wei Peng, and Feng Li. 2014. Assurable, transparent, and mutual restraining e-voting involving multiple conflicting parties. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’14). IEEE, 136--144.

Cited By

Żywiołek JTrigo ARosak-Szyrocka JKhan M(2022)Security and Privacy of Customer Data as an Element Creating the Image of the CompanyManagement Systems in Production Engineering10.2478/mspe-2022-001930:2(156-162)Online publication date: 19-May-2022
https://doi.org/10.2478/mspe-2022-0019
Hassanzadeh-Nazarabadi YHaji Ali MNayal N(2021)Opera: Scalable Simulator for Distributed SystemsIEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFOCOMWKSHPS51825.2021.9484524(1-2)Online publication date: 10-May-2021
https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484524
Liu WXu ZTian JZhang Y(2021)Towards In-Network Compact Representation: Mergeable Counting Bloom Filter Vis Cuckoo SchedulingIEEE Access10.1109/ACCESS.2021.30709829(55329-55339)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3070982
Show More Cited By

Index Terms

Privado: Privacy-preserving Group-based Advertising Using Multiple Independent Social Network Providers
1. Security and privacy

Recommendations

ObliviAd: Provably Secure and Practical Online Behavioral Advertising
SP '12: Proceedings of the 2012 IEEE Symposium on Security and Privacy

Online behavioral advertising (OBA) involves the tracking of web users' online activities in order to deliver tailored advertisements. OBA has become a rapidly increasing source of revenue for a number of web services, and it is typically conducted by ...
Do online social network friends still threaten my privacy?
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

A user's online social network (OSN) friends commonly share information on their OSN profiles that might also characterize the user him-/herself. Therefore, OSN friends are potentially jeopardizing users' privacy. Previous studies demonstrated that ...
UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs
WPES '16: Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society

UnlimitID is a method for enhancing the privacy of commodity OAuth and applications such as OpenID Connect, using anonymous attribute-based credentials based on algebraic Message Authentication Codes (aMACs). OAuth is one of the most widely used ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security

ACM Transactions on Privacy and Security Volume 23, Issue 3

August 2020

158 pages

ISSN:2471-2566

EISSN:2471-2574

DOI:10.1145/3403643

Editor:
David Basin
ETH Zurich, Switzerland

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2020

Online AM: 07 May 2020

Accepted: 01 February 2020

Revised: 01 December 2019

Received: 01 April 2019

Published in TOPS Volume 23, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Türkiye Bilimler Akademisi
TÜBITAK
Royal Society
EU Cost Action

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
412
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)4

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Żywiołek JTrigo ARosak-Szyrocka JKhan M(2022)Security and Privacy of Customer Data as an Element Creating the Image of the CompanyManagement Systems in Production Engineering10.2478/mspe-2022-001930:2(156-162)Online publication date: 19-May-2022
https://doi.org/10.2478/mspe-2022-0019
Hassanzadeh-Nazarabadi YHaji Ali MNayal N(2021)Opera: Scalable Simulator for Distributed SystemsIEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFOCOMWKSHPS51825.2021.9484524(1-2)Online publication date: 10-May-2021
https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484524
Liu WXu ZTian JZhang Y(2021)Towards In-Network Compact Representation: Mergeable Counting Bloom Filter Vis Cuckoo SchedulingIEEE Access10.1109/ACCESS.2021.30709829(55329-55339)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3070982
Majeed ALee S(2021)Anonymization Techniques for Privacy Preserving Data Publishing: A Comprehensive SurveyIEEE Access10.1109/ACCESS.2020.30457009(8512-8545)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2020.3045700
Voloch NGal-Oz NGudes E(2021)A Trust based Privacy Providing Model for Online Social NetworksOnline Social Networks and Media10.1016/j.osnem.2021.10013824(100138)Online publication date: Jul-2021
https://doi.org/10.1016/j.osnem.2021.100138
Zarezadeh MMala HKhajeh H(2020)Preserving Privacy of Software-Defined Networking Policies by Secure Multi-Party ComputationJournal of Computer Science and Technology10.1007/s11390-020-9247-535:4(863-874)Online publication date: 27-Jul-2020
https://doi.org/10.1007/s11390-020-9247-5

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents