PPSB: An Open and Flexible Platform for Privacy-Preserving Safe Browsing

Safe Browsing (SB) is an important security feature in modern web browsers to help detect new unsafe websites. Although useful, recent studies have pointed out that the widely adopted SB services, such as Google Safe Browsing and Microsoft SmartScreen, can raise privacy concerns since users' browsing history might be subject to unauthorized leakage to service providers. In this paper, we present a Privacy-Preserving Safe Browsing (PPSB) platform. It bridges the browser that uses the service and the third-party blacklist providers who provide unsafe URLs, with the guaranteed privacy of users and blacklist providers. Particularly, in PPSB, the actual URL to be checked, as well as its associated hashes or hash prefixes, never leave the browser in cleartext. This protects the user's browsing history from being directly leaked or indirectly inferred. Moreover, these lists of unsafe URLs, the most valuable asset for the blacklist providers, are always encrypted and kept private within our platform. Extensive evaluations using real datasets (with over 1 million unsafe URLs) demonstrate that our prototype can function as intended without sacrificing normal user experience, and block unsafe URLs at the millisecond level. All resources, including Chrome extension, Docker image, and source code, are available for public use.

[1]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[2]  Daniel Moore,et al.  EC-OPRF: Oblivious Pseudorandom Functions using Elliptic Curves , 2017, IACR Cryptol. ePrint Arch..

[3]  Qian Wang,et al.  Towards Private and Scalable Cross-Media Retrieval , 2021, IEEE Transactions on Dependable and Secure Computing.

[4]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[5]  Ghassan O. Karame,et al.  Transparent Data Deduplication in the Cloud , 2015, CCS.

[6]  Bin Fan,et al.  Cuckoo Filter: Practically Better Than Bloom , 2014, CoNEXT.

[7]  Pere Barlet-Ros,et al.  A Survey on Web Tracking: Mechanisms, Implications, and Defenses , 2017, Proceedings of the IEEE.

[8]  Qian Wang,et al.  Searchable Encryption over Feature-Rich Data , 2018, IEEE Transactions on Dependable and Secure Computing.

[9]  Hugo Krawczyk,et al.  Outsourced symmetric private information retrieval , 2013, IACR Cryptol. ePrint Arch..

[10]  Raphael Bost,et al.  ∑oφoς: Forward Secure Searchable Encryption , 2016, CCS.

[11]  Vinod Yegneswaran,et al.  BLADE: an attack-agnostic approach for preventing drive-by malware infections , 2010, CCS '10.

[12]  Valtteri Niemi,et al.  Private Membership Test Protocol with Low Communication Complexity , 2017, NSS.

[13]  Kui Ren,et al.  Towards Privacy-Preserving Malware Detection Systems for Android , 2018, 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS).

[14]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[15]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[16]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[17]  Cédric Lauradoux,et al.  The Pitfalls of Hashing for Privacy , 2018, IEEE Communications Surveys & Tutorials.

[18]  Brice Minaud,et al.  Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives , 2017, CCS.

[19]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[20]  Emily Halili,et al.  Apache JMeter , 2008 .

[21]  Yanjiao Chen,et al.  Privacy-Preserving Collaborative Model Learning: The Case of Word Vector Training , 2018, IEEE Transactions on Knowledge and Data Engineering.

[22]  Cong Wang,et al.  Towards Encrypted In-Network Storage Services with Secure Near-Duplicate Detection , 2021, IEEE Transactions on Services Computing.

[23]  Yajin Zhou,et al.  SPEED: Accelerating Enclave Applications Via Secure Deduplication , 2019, 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS).

[24]  Woo-Hwan Kim,et al.  Forward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates , 2017, CCS.

[25]  Cédric Lauradoux,et al.  A Privacy Analysis of Google and Yandex Safe Browsing , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[26]  Roy T. Fielding,et al.  Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.

[27]  Tsz Hon Yuen,et al.  An Efficient Non-interactive Multi-client Searchable Encryption with Support for Boolean Queries , 2016, ESORICS.

[28]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[29]  Jian Liu,et al.  Private Membership Test for Bloom Filters , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[30]  Murat Kantarcioglu,et al.  Efficient Similarity Search over Encrypted Data , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[31]  Vern Paxson,et al.  Data Breaches, Phishing, or Malware?: Understanding the Risks of Stolen Credentials , 2017, CCS.

[32]  Andreas Peter,et al.  A Survey of Provably Secure Searchable Encryption , 2014, ACM Comput. Surv..