Enabling Privacy Preserving Mobile Advertising via Private Information Retrieval

We propose a privacy preserving mobile advertising system for in-app ad placement, that enables user profiling and targeted ads without revealing user interests to the mobile advertising companies. Our proposal relies on device-based user profiles, derived from app activity, on the use of Private Information Retrieval (PIR) to query ads database(s) for matching (to profile) ads, without the database(s) learning the content or the result of queries. We implement a Proof of Concept (POC) solution comprising critical system components for Android devices, including the profile builder and the PIR mechanism based on Percy++ library (ported to Android). We evaluate the practicality of selected PIR techniques in a mobile ads system using measured real world parameters. Overall, we show that a mobile PIR client can be effectively used for private advertising: for a single client connecting to a desktop PIR server, the Information theoretic (IT) and Hybrid PIR mechanisms allow close to real time ad retrieval. E.g., when querying a 1GB ad database for a block of 4 ads (total of 64KB), the ads are retrieved with a delay of around 2.5sec and utilising (for IT PIR) 1.25MB of data. The selected Computational PIR mechanism, however, introduces unacceptable overheads (the delay is of the order of 1300sec and 9.4GB of data is exchanged between the Android client and server for the same ad block). Further multi-client scalability tests indicate that, for all schemes, the server side is a performance bottleneck and, in addition to using commercial grade equipment, implementation enhancements including parallel processing would be necessary to have close to real time system responsiveness.

[1]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[2]  Wen-Guey Tzeng,et al.  Efficient k-out-of-n Oblivious Transfer Schemes , 2008, J. Univers. Comput. Sci..

[3]  Norman M. Sadeh,et al.  What do they know about me? Contents and Concerns of Online Behavioral Profiles , 2015, ArXiv.

[4]  Philippe Gaborit,et al.  A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol , 2007, IACR Cryptol. ePrint Arch..

[5]  Ian Goldberg,et al.  Privacy-Preserving Queries over Relational Databases , 2010, Privacy Enhancing Technologies.

[6]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[7]  Suman Nath,et al.  Bloom Cookies: Web Search Personalization without User Tracking , 2015, NDSS.

[8]  Ian Goldberg,et al.  Practical PIR for electronic commerce , 2011, CCS '11.

[9]  Nina Taft,et al.  How to hide the elephant- or the donkey- in the room: Practical privacy against statistical inference for large data , 2013, 2013 IEEE Global Conference on Signal and Information Processing.

[10]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[11]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[12]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[13]  Matthew Green,et al.  A Protocol for Privately Reporting Ad Impressions at Scale , 2016, CCS.

[14]  Hamed Haddadi,et al.  MobiAd: private and scalable mobile advertising , 2010, MobiArch '10.

[15]  Moni Naor,et al.  Private Information Retrieval by Keywords , 1998, IACR Cryptol. ePrint Arch..

[16]  D. Wetherall,et al.  A Study of Third-Party Tracking by Mobile Apps in the Wild , 2012 .

[17]  Roksana Boreli,et al.  Characterising user targeting for in-App Mobile Ads , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[18]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[19]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[20]  Aniket Kate,et al.  ObliviAd: Provably Secure and Practical Online Behavioral Advertising , 2012, 2012 IEEE Symposium on Security and Privacy.

[21]  Ian Goldberg,et al.  The Best of Both Worlds: Combining Information-Theoretic and Computational PIR for Communication Efficiency , 2014, Privacy Enhancing Technologies.

[22]  Xiaochun Yang,et al.  Protecting Individual Information Against Inference Attacks in Data Publishing , 2007, DASFAA.

[23]  Dan Boneh,et al.  An Analysis of Private Browsing Modes in Modern Browsers , 2010, USENIX Security Symposium.

[24]  Stratis Ioannidis,et al.  BlurMe: inferring and obfuscating user gender based on ratings , 2012, RecSys.

[25]  Roksana Boreli,et al.  Information leakage through mobile analytics services , 2014, HotMobile.

[26]  Helen Nissenbaum,et al.  Trackmenot: Resisting Surveillance in Web Search , 2015 .

[27]  Ian Goldberg,et al.  Revisiting the Computational Practicality of Private Information Retrieval , 2011, Financial Cryptography.

[28]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[29]  Paul Francis,et al.  Towards Statistical Queries over Distributed Private User Data , 2012, NSDI.

[30]  Suman Nath,et al.  Privacy-aware personalization for mobile advertising , 2012, CCS.

[31]  Roksana Boreli,et al.  ProfileGuard: Privacy Preserving Obfuscation for Mobile User Profiles , 2014, WPES.

[32]  Paul Francis,et al.  SplitX: high-performance private analytics , 2013, SIGCOMM.

[33]  Ivan Damgård,et al.  Commitment Schemes and Zero-Knowledge Protocols , 1998, Lectures on Data Security.

[34]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..