Pri-RTB: Privacy-preserving real-time bidding for securing mobile advertisement in ubiquitous computing

Abstract Real-time bidding (RTB), one of the major trading mechanisms used for online advertising, allows the advertiser to make an impression-level bid decision. However, the security and privacy concerns of RTB are gaining increasing attention with the recent enforcement of the European Union General Data Protection Regulation (GDPR). In this study, we present a novel privacy-preserving RTB (Pri-RTB) protocol, which aims at preserving both data privacy and utility by performing additively homomorphic encryption on the user profile. To our knowledge, this is the first work to address the privacy issue of the RTB paradigm. We present a formal proof for the security of Pri-RTB under the assumption of the decisional Diffie–Hellman (DDH) problem. We analyze and elaborate the superiority of Pri-RTB over other related works. We also developed a prototype for Pri-RTB and conducted several experiments to evaluate its feasibility and efficiency under different parameters. Our experiments demonstrate that Pri-RTB can work highly efficiently in a practical setting (for example, a scenario with approximately 200 advertisers per auction).

[1]  Zvika Brakerski,et al.  Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP , 2012, CRYPTO.

[2]  Qin Liu,et al.  Cooperative private searching in clouds , 2012, J. Parallel Distributed Comput..

[3]  Qiang Zhang,et al.  Enabling Cooperative Privacy-preserving Personalized search in cloud environments , 2019, Inf. Sci..

[4]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[5]  Mianxiong Dong,et al.  Location Privacy in Usage-Based Automotive Insurance: Attacks and Countermeasures , 2019, IEEE Transactions on Information Forensics and Security.

[6]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[7]  Jun Wang,et al.  Real-time bidding for online advertising: measurement and analysis , 2013, ADKDD '13.

[8]  Ron Steinfeld,et al.  Faster Fully Homomorphic Encryption , 2010, ASIACRYPT.

[9]  Paul Francis,et al.  Private-by-Design Advertising Meets the Real World , 2014, CCS.

[10]  Saikat Guha,et al.  Serving Ads from localhost for Performance, Privacy, and Profit , 2009, HotNets.

[11]  Haojin Zhu,et al.  Privacy Leakage via De-Anonymization and Aggregation in Heterogeneous Social Networks , 2020, IEEE Transactions on Dependable and Secure Computing.

[12]  Jie Cui,et al.  OOABKS: Online/offline attribute-based encryption for keyword search in mobile cloud , 2019, Inf. Sci..

[13]  Aniket Kate,et al.  ObliviAd: Provably Secure and Practical Online Behavioral Advertising , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  Hamed Haddadi,et al.  Targeted Advertising on the Handset: Privacy and Security Challenges , 2011, Pervasive Advertising.

[15]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[16]  Guojun Wang,et al.  PRMS: A Personalized Mobile Search Over Encrypted Outsourced Data , 2018, IEEE Access.

[17]  Ronald Cramer,et al.  A secure and optimally efficient multi-authority election scheme , 1997, Eur. Trans. Telecommun..

[18]  Le Yu,et al.  POSTER: LocMask: A Location Privacy Protection Framework in Android System , 2014, CCS.

[19]  Jie Wu,et al.  Secure and privacy preserving keyword searching for cloud storage services , 2012, J. Netw. Comput. Appl..

[20]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[21]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[22]  Keke Gai,et al.  Intelligent cryptography approach for secure distributed big data storage in cloud computing , 2017, Inf. Sci..

[23]  Jie Wu,et al.  Effective Query Grouping Strategy in Clouds , 2017, Journal of Computer Science and Technology.

[24]  Matthew Green,et al.  A Protocol for Privately Reporting Ad Impressions at Scale , 2016, CCS.

[25]  Ari Juels,et al.  Targeted Advertising ... And Privacy Too , 2001, CT-RSA.

[26]  Hari Balakrishnan,et al.  CryptDB: processing queries on an encrypted database , 2012, CACM.

[27]  Xiaohui Liang,et al.  Privacy Leakage of Location Sharing in Mobile Social Networks: Attacks and Defense , 2016, IEEE Transactions on Dependable and Secure Computing.

[28]  Jung Hee Cheon,et al.  Homomorphic Encryption for Arithmetic of Approximate Numbers , 2017, ASIACRYPT.

[29]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[30]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[31]  Craig Gentry,et al.  Fully Homomorphic Encryption with Polylog Overhead , 2012, EUROCRYPT.

[32]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[33]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[34]  Xiaolei Dong,et al.  Security and privacy for storage and computation in cloud computing , 2014, Inf. Sci..