research-article

Public Access

Ibex: Privacy-preserving Ad Conversion Tracking and Bidding

Authors:
Ke Zhong

University of Pennsylvania, Philadelphia, PA, USA

University of Pennsylvania, Philadelphia, PA, USA
View Profile

,
Yiping Ma

University of Pennsylvania, Philadelphia, PA, USA

University of Pennsylvania, Philadelphia, PA, USA
View Profile

,
Sebastian Angel

University of Pennsylvania & Microsoft Research, Philadelphia, PA, USA

University of Pennsylvania & Microsoft Research, Philadelphia, PA, USA
View Profile

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2022Pages 3223–3237https://doi.org/10.1145/3548606.3560651

Published:07 November 2022Publication History

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 3223–3237

ABSTRACT

This paper introduces Ibex, an advertising system that reduces the amount of data that is collected on users while still allowing advertisers to bid on real-time ad auctions and measure the effectiveness of their ad campaigns. Specifically, Ibex addresses an issue in recent proposals such as Google's Privacy Sandbox Topics API in which browsers send information about topics that are of interest to a user to advertisers and demand-side platforms (DSPs). DSPs use this information to (1) determine how much to bid on the auction for a user who is interested in particular topics, and (2) measure how well their ad campaign does for a given audience (i.e., measure conversions). While Topics and related proposals reduce the amount of user information that is exposed, they still reveal user preferences. In Ibex, browsers send user information in an encrypted form that still allows DSPs and advertisers to measure conversions, compute aggregate statistics such as histograms about users and their interests, and obliviously bid on auctions without learning for whom they are bidding. Our implementation of Ibex shows that creating histograms is 1.-2.5× more expensive for browsers than disclosing user information, and Ibex's oblivious bidding protocol can finish auctions within 550 ms. We think this makes Ibex capable of preserving a good experience while improving user privacy.

References

2010. Cookie Synching. https://www.admonsters.com/cookie-synching/. (2010).Google Scholar
2017. Find Out How You Stack Up to New Industry Benchmarks for Mobile Page Speed. https://think.storage.googleapis.com/docs/mobile-page-speed-newindustry-benchmarks.pdf. (2017).Google Scholar
2019. Here's what we learned about page speed. https://backlinko.com/page-speed-stats. (2019).Google Scholar
2019. wrk2: a HTTP benchmarking tool based mostly on wrk. https://github.com/giltene/wrk2. (2019).Google Scholar
2020. Cookie Matching. https://developers.google.com/authorized-buyers/rtb/cookie-guide. (2020).Google Scholar
2020. Number of active advertisers on Facebook from 1st quarter 2016 to 3rd quarter 2020. https://www.statista.com/statistics/778191/active-facebook-advertisers/. (2020).Google Scholar
2020. The GNU Multiple Precision Arithmetic Library. https://gmplib.org/gmp6.2. (2020).Google Scholar
2021. Attribution Reporting API. https://github.com/WICG/conversion-measurement-api. (2021).Google Scholar
2021. Back to Basics: What is Header Bidding? https://www.lotame.com/back-basics-header-bidding/. (2021).Google Scholar
2021. FLoC Origin Trial & Clustering. https://www.chromium.org/Home/chromium-privacy/privacy-sandbox/floc. (2021).Google Scholar
2021. iCloud Private Relay Overview. https: //www.apple.com/icloud/docs/iCloud_Private_Relay_Overview_Dec2021.pdf. (2021).Google Scholar
2021. Masked Learning, Aggregation and Reporting worKflow (Masked LARK). https://github.com/WICG/privacy-preservingads/blob/main/MaskedLARK.md. (2021).Google Scholar
2021. Multi-party Computation of Ads on the Web (MaCAW). https://github.com/WICG/privacy-preserving-ads/blob/main/MACAW.md. (2021).Google Scholar
2021. PARAKEET. https://github.com/WICG/privacy-preserving-ads/blob/main/Parakeet.md. (2021).Google Scholar
2021. Privacy analysis of FLoC. https://blog.mozilla.org/en/mozilla/privacy-analysis-of-floc/. (2021).Google Scholar
2021. Private aggregation. https://github.com/WICG/conversion-measurementapi/blob/main/SERVICE.md. (2021).Google Scholar
2022. About PageSpeed Insights. https://developers.google.com/speed/docs/insights/v5/about. (2022).Google Scholar
2022. Aggregation Service for the Attribution Reporting API. https://github.com/WICG/attribution-reportingapi/blob/main/AGGREGATION_SERVICE_TEE.md. (2022).Google Scholar
2022. Divvi Up: A privacy-respecting system for aggregate statistics. https://divviup.org/. (2022).Google Scholar
2022. EMP sh2pc. https://github.com/emp-toolkit/emp-sh2pc. (2022).Google Scholar
2022. FLEDGE API. https://developer.chrome.com/docs/privacy-sandbox/fledge/. (2022).Google Scholar
2022. Google Has a New Plan to Kill Cookies. People Are Still Mad. https://www.wired.co.uk/article/google-floc-cookies-chrome-topics. (2022).Google Scholar
2022. Google's Topics API: Rebranding FLoC Without Addressing Key Privacy Issues. https://brave.com/web-standards-at-brave/7-googles-topics-api/. (2022).Google Scholar
2022. Internet Security Research Group. https://abetterinternet.org/. (2022).Google Scholar
2022. Let's Encrypt: A nonprofit Certificate Authority providing TLS certificates to 260 million websites. https://letsencrypt.org/. (2022).Google Scholar
2022. Microsoft SEAL (release 4.0). https://github.com/Microsoft/SEAL. (March 2022).Google Scholar
2022. OpenRTB Protocol Buffer 2.5.0. https://developers.google.com/authorizedbuyers/rtb/downloads/openrtb-proto. (2022).Google Scholar
2022. OpenSSL. (2022). https://www.openssl.org.Google Scholar
2022. Privacy Preserving Attribution for Advertising. https: //blog.mozilla.org/en/mozilla/privacy-preserving-attribution-for-advertising/. (2022).Google Scholar
2022. SealPIR: A computational PIR library that achieves low communication costs and high performance. https://github.com/microsoft/SealPIR. (2022).Google Scholar
2022. SimilarWeb. https://www.similarweb.com. (2022).Google Scholar
2022. The Topics API. https://github.com/patcg-individual-drafts/topics/. (2022).Google Scholar
2022. This is how Google plans to track you now. https: //www.slashgear.com/this-is-how-google-plans-to-track-you-now-25708910/. (2022).Google Scholar
2022. Understand your conversion tracking data. https://support.google.com/google-ads/answer/6270625. (2022).Google Scholar
2022. What is fingerprinting and why you should block it. https://www.mozilla.org/en-US/firefox/features/block-fingerprinting/. (2022).Google Scholar
Erik Anderson, Melissa Chase, F. Betul Durak, Esha Ghosh, Kim Laine, and Chenkai Weng. 2021. Aggregate Measurement via Oblivious Shuffling. Cryptology ePrint Archive, Paper 2021/1490. (2021). https://ia.cr/2021/1490.Google Scholar
Sebastian Angel, Hao Chen, Kim Laine, and Srinath Setty. 2018. PIR with Compressed Queries and Amortized Query Processing. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
Sebastian Angel and Michael Walfish. 2013. Verifiable Auctions for Online Ad Exchanges. In Proceedings of the ACM SIGCOMM Conference.Google ScholarDigital Library
Michael Backes, Aniket Kate, Matteo Maffei, and Kim Pecina. 2012. ObliviAd: Provably Secure and Practical Online Behavioral Advertising. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google ScholarDigital Library
Samiran Bag, Feng Hao, Siamak F. Shahandashti, and Indranil Ghosh Ray. 2020. SEAL: Sealed-Bid Auction Without Auctioneers. IEEE Transactions on Information Forensics and Security 15 (2020).Google Scholar
Donald Beaver. 1991. Efficient Multiparty Protocols Using Circuit Randomization. In Proceedings of the International Cryptology Conference (CRYPTO).Google Scholar
Dan Boneh, Elette Boyle, Henry Corrigan-Gibbs, Niv Gilboa, and Yuval Ishai. 2021. Lightweight Techniques for Private Heavy Hitters. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
Sanaz Taheri Boshrooyeh, Alptekin Küpçü, and Öznur Özkasap. 2018. PPAD: Privacy Preserving Group-Based ADvertising in Online Social Networks. In 2018 IFIP Networking Conference (IFIP Networking) and Workshops.Google Scholar
Elette Boyle, Niv Gilboa, and Yuval Ishai. 2016. Function Secret Sharing: Improvements and Extensions. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).Google ScholarDigital Library
Zvika Brakerski. 2012. Fully homomorphic encryption without modulus switching from classical GapSVP. In Proceedings of the International Cryptology Conference (CRYPTO).Google ScholarDigital Library
Felix Brandt. 2002. A verifiable, bidder-resolved Auction Protocol. In Proceedings of the 5th International Workshop on Deception, Fraud and Trust in Agent Societies.Google Scholar
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In Proceedings of the USENIX Security Symposium.Google Scholar
David Chaum and Eugène van Heyst. 1991. Group Signatures. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).Google Scholar
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. 2019. SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google Scholar
Henry Corrigan-Gibbs and Dan Boneh. 2017. Prio: Private, Robust, and Scalable Computation of Aggregate Statistics. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar
Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. In Proceedings of the USENIX Security Symposium.Google ScholarDigital Library
Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating noise to sensitivity in private data analysis. In Proceedings of the Theory of Cryptography Conference (TCC).Google ScholarDigital Library
Cynthia Dwork and Aaron Roth. 2014. The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9, 3--4 (2014).Google ScholarDigital Library
Taher ElGamal. 1985. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 4 (1985).Google ScholarDigital Library
Junfeng Fan and Frederik Vercauteren. 2012. Somewhat Practical Fully Homomorphic Encryption. Cryptology ePrint Archive, Report 2012/144. (2012). https://ia.cr/2012/144.Google Scholar
Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Fully Homomorphic Encryption with Polylog Overhead. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).Google Scholar
Shafi Goldwasser and Silvio Micali. 1982. Probabilistic Encryption; How to Play Mental Poker Keeping Secret All Partial Information. In Proceedings of the ACM Symposium on Theory of Computing (STOC).Google ScholarDigital Library
Shafi Goldwasser and Silvio Micali. 1984. Probabilistic encryption. J. Comput. System Sci. 28, 2 (1984).Google ScholarCross Ref
Matthew Green, Watson Ladd, and Ian Miers. 2016. A Protocol for Privately Reporting Ad Impressions at Scale. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).Google ScholarDigital Library
Saikat Guha, Bin Cheng, and Paul Francis. 2011. Privad: Practical Privacy in Online Advertising. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar
Saikat Guha, Alexey Reznichenko, Kevin Tang, Hamed Haddadi, and Paul Francis. 2009. Serving Ads from localhost for Performance, Privacy, and Profit. In Proceedings of the ACM Workshop on Hot Topics in Networks (HotNets).Google Scholar
Michael Harkavy, J. D. Tygar, and Hiroaki Kikuchi. 1998. Electronic Auctions with Private Bids. In 3rd USENIX Workshop on Electronic Commerce (EC 98).Google Scholar
Leon J. Helsloot, Gamze Tillem, and Zekeriya Erkin. 2018. BAdASS: Preserving Privacy in Behavioural Advertising with Applied Secret Sharing. In Provable Security.Google Scholar
Alexandra Henzinger, Matthew M. Hong, Henry Corrigan-Gibbs, Sarah Meiklejohn, and Vinod Vaikuntanathan. 2022. One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval. Cryptology ePrint Archive, Paper 2022/949. (2022). https://eprint.iacr.org/2022/949.Google Scholar
Hiroaki Kikuchi, Shinji Hotta, Kensuke Abe, and Shohachiro Nakanishi. 2000. Distributed Auction Servers Resolving Winner and Winning Bid without Revealing Privacy of Bids. In Proceedings of the Seventh International Conference on Parallel and Distributed Systems: Workshops.Google ScholarCross Ref
Dmitry Kogan and Henry Corrigan-Gibbs. 2021. Private Blocklist Lookups with Checklist. In Proceedings of the USENIX Security Symposium.Google Scholar
Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In Proceedings of the USENIX Security Symposium.Google Scholar
Hairen Liao, Lingxiao Peng, Zhenchuan Liu, and Xuehua Shen. 2014. IPinYou Global RTB Bidding Algorithm Competition Dataset. In Proceedings of the Eighth International Workshop on Data Mining for Online Advertising.Google ScholarDigital Library
Benoît Libert, San Ling, Fabrice Mouhartem, Khoa Nguyen, and Huaxiong Wang. 2016. Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions. In International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT).Google ScholarDigital Library
Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013. On Ideal Lattices and Learning with Errors over Rings. J. ACM (2013).Google Scholar
Yiping Ma, Ke Zhong, Tal Rabin, and Sebastian Angel. 2022. Incremental Offline/Online PIR. In Proceedings of the USENIX Security Symposium.Google Scholar
Samir Jordan Menon and David J. Wu. 2022. Spiral: Fast, High-Rate Single-Server PIR via FHE Composition. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google Scholar
Ilya Mironov. 2017. Rényi Differential Privacy. In Proceedings of the IEEE Computer Security Foundations Symposium.Google ScholarCross Ref
Hamid Mozaffari and Amir Houmansadr. 2020. Heterogeneous Private Information Retrieval. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google ScholarCross Ref
Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. 2020. Plundervolt: Software-based Fault Injection Attacks against Intel SGX. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P'20).Google ScholarCross Ref
Pascal Paillier. 1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).Google ScholarCross Ref
David C. Parkes, Michael O. Rabin, Stuart M. Shieber, and Christopher Thorpe. 2008. Practical secrecy-preserving, verifiably correct and trustworthy auctions. Electronic Commerce Research and Applications (2008).Google Scholar
Eric Rescorla and Martin Thomson. 2021. Technical Comments on FLoC Privacy. https://mozilla.github.io/ppa-docs/floc_report.pdf. (2021).Google Scholar
Sacha Servan-Schreiber, Kyle Hogan, and Srinivas Devadas. 2021. AdVeil: A Private Targeted-Advertising Ecosystem. Cryptology ePrint Archive, Report 2021/1032. (2021). https://eprint.iacr.org/2021/1032 https://eprint.iacr.org/2021/1032.Google Scholar
Vincent Toubiana, Arvind Narayanan, Dan Boneh, Helen Nissenbaum, and Solon Barocas. 2010. Adnostic: Privacy Preserving Targeted Advertising. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yarom Yuval, Berk Sunar, Daniel Gruss, and Frank Piessens. 2020. LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google Scholar
Xiao Wang, Alex J. Malozemoff, and Jonathan Katz. 2016. EMP-toolkit: Efficient MultiParty computation toolkit. https://github.com/emp-toolkit. (2016).Google Scholar
Xiao Sophia Wang, Aruna Balasubramanian, Arvind Krishnamurthy, and David Wetherall. 2013. Demystifying Page Load Performance with WProf. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar
Yao Xiao and Josh Karlin. 2021. Federated Learning of Cohorts. https://wicg.github.io/floc/. (2021).Google Scholar
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google ScholarDigital Library
Shuai Yuan, Jun Wang, Bowei Chen, Peter Mason, and Sam Seljan. 2014. An Empirical Study of Reserve Price Optimisation in Real-Time Bidding. In Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.Google ScholarDigital Library
Weinan Zhang, Shuai Yuan, Jun Wang, and Xuehua Shen. 2015. Real-Time Bidding Benchmarking with iPinYou Dataset. https://arxiv.org/abs/1407.7073. (2015).Google Scholar
Ke Zhong, Yiping Ma, and Sebastian Angel. 2022. Ibex: Privacy-preserving ad conversion tracking and bidding (full version). Cryptology ePrint Archive, Paper 2022/1174. (Sept. 2022). https://eprint.iacr.org/2022/1174 https://eprint.iacr.org/2022/1174.Google ScholarDigital Library
Ke Zhong, Yiping Ma, Yifeng Mao, and Sebastian Angel. 2023. Addax: A fast, private, and accountable ad exchange infrastructure. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar

Index Terms

Ibex: Privacy-preserving Ad Conversion Tracking and Bidding
1. Information systems
  1. World Wide Web
    1. Online advertising
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Security services
    1. Privacy-preserving protocols

Recommendations

Haze: privacy-preserving real-time traffic statistics
SIGSPATIAL'13: Proceedings of the 21st ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

We consider mobile applications that let users learn traffic conditions based on reports from other users. However, the providers of these mobile services have access to such sensitive information as timestamped locations and movements of its users. In ...
Read More
Practical private information aggregation in large networks
NordSec'10: Proceedings of the 15th Nordic conference on Information Security Technology for Applications

Emerging approaches to network monitoring involve large numbers of agents collaborating to produce performance or security related statistics on huge, partial mesh networks. The aggregation process often involves security or business-critical ...
Read More
Private Aggregation with Custom Collusion Tolerance
Information Security and Cryptology
Abstract
While multiparty computations are becoming more and more efficient, their performance has not yet reached the required level for wide adoption. Nevertheless, many applications need this functionality, while others need it for simpler computations; ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
November 2022
3598 pages
ISBN:9781450394505
DOI:10.1145/3548606
General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 November 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
oblivious bidding
online advertising privacy
private aggregation
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate1,261of6,999submissions,18%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 422
  Total Downloads
- Downloads (Last 12 months)255
- Downloads (Last 6 weeks)49
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Ibex: Privacy-preserving Ad Conversion Tracking and Bidding

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Haze: privacy-preserving real-time traffic statistics

Practical private information aggregation in large networks

Private Aggregation with Custom Collusion Tolerance

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Ibex: Privacy-preserving Ad Conversion Tracking and Bidding

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Haze: privacy-preserving real-time traffic statistics

Practical private information aggregation in large networks

Private Aggregation with Custom Collusion Tolerance

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media