ABSTRACT
This paper introduces Ibex, an advertising system that reduces the amount of data that is collected on users while still allowing advertisers to bid on real-time ad auctions and measure the effectiveness of their ad campaigns. Specifically, Ibex addresses an issue in recent proposals such as Google's Privacy Sandbox Topics API in which browsers send information about topics that are of interest to a user to advertisers and demand-side platforms (DSPs). DSPs use this information to (1) determine how much to bid on the auction for a user who is interested in particular topics, and (2) measure how well their ad campaign does for a given audience (i.e., measure conversions). While Topics and related proposals reduce the amount of user information that is exposed, they still reveal user preferences. In Ibex, browsers send user information in an encrypted form that still allows DSPs and advertisers to measure conversions, compute aggregate statistics such as histograms about users and their interests, and obliviously bid on auctions without learning for whom they are bidding. Our implementation of Ibex shows that creating histograms is 1.-2.5× more expensive for browsers than disclosing user information, and Ibex's oblivious bidding protocol can finish auctions within 550 ms. We think this makes Ibex capable of preserving a good experience while improving user privacy.
- 2010. Cookie Synching. https://www.admonsters.com/cookie-synching/. (2010).Google Scholar
- 2017. Find Out How You Stack Up to New Industry Benchmarks for Mobile Page Speed. https://think.storage.googleapis.com/docs/mobile-page-speed-newindustry-benchmarks.pdf. (2017).Google Scholar
- 2019. Here's what we learned about page speed. https://backlinko.com/page-speed-stats. (2019).Google Scholar
- 2019. wrk2: a HTTP benchmarking tool based mostly on wrk. https://github.com/giltene/wrk2. (2019).Google Scholar
- 2020. Cookie Matching. https://developers.google.com/authorized-buyers/rtb/cookie-guide. (2020).Google Scholar
- 2020. Number of active advertisers on Facebook from 1st quarter 2016 to 3rd quarter 2020. https://www.statista.com/statistics/778191/active-facebook-advertisers/. (2020).Google Scholar
- 2020. The GNU Multiple Precision Arithmetic Library. https://gmplib.org/gmp6.2. (2020).Google Scholar
- 2021. Attribution Reporting API. https://github.com/WICG/conversion-measurement-api. (2021).Google Scholar
- 2021. Back to Basics: What is Header Bidding? https://www.lotame.com/back-basics-header-bidding/. (2021).Google Scholar
- 2021. FLoC Origin Trial & Clustering. https://www.chromium.org/Home/chromium-privacy/privacy-sandbox/floc. (2021).Google Scholar
- 2021. iCloud Private Relay Overview. https: //www.apple.com/icloud/docs/iCloud_Private_Relay_Overview_Dec2021.pdf. (2021).Google Scholar
- 2021. Masked Learning, Aggregation and Reporting worKflow (Masked LARK). https://github.com/WICG/privacy-preservingads/blob/main/MaskedLARK.md. (2021).Google Scholar
- 2021. Multi-party Computation of Ads on the Web (MaCAW). https://github.com/WICG/privacy-preserving-ads/blob/main/MACAW.md. (2021).Google Scholar
- 2021. PARAKEET. https://github.com/WICG/privacy-preserving-ads/blob/main/Parakeet.md. (2021).Google Scholar
- 2021. Privacy analysis of FLoC. https://blog.mozilla.org/en/mozilla/privacy-analysis-of-floc/. (2021).Google Scholar
- 2021. Private aggregation. https://github.com/WICG/conversion-measurementapi/blob/main/SERVICE.md. (2021).Google Scholar
- 2022. About PageSpeed Insights. https://developers.google.com/speed/docs/insights/v5/about. (2022).Google Scholar
- 2022. Aggregation Service for the Attribution Reporting API. https://github.com/WICG/attribution-reportingapi/blob/main/AGGREGATION_SERVICE_TEE.md. (2022).Google Scholar
- 2022. Divvi Up: A privacy-respecting system for aggregate statistics. https://divviup.org/. (2022).Google Scholar
- 2022. EMP sh2pc. https://github.com/emp-toolkit/emp-sh2pc. (2022).Google Scholar
- 2022. FLEDGE API. https://developer.chrome.com/docs/privacy-sandbox/fledge/. (2022).Google Scholar
- 2022. Google Has a New Plan to Kill Cookies. People Are Still Mad. https://www.wired.co.uk/article/google-floc-cookies-chrome-topics. (2022).Google Scholar
- 2022. Google's Topics API: Rebranding FLoC Without Addressing Key Privacy Issues. https://brave.com/web-standards-at-brave/7-googles-topics-api/. (2022).Google Scholar
- 2022. Internet Security Research Group. https://abetterinternet.org/. (2022).Google Scholar
- 2022. Let's Encrypt: A nonprofit Certificate Authority providing TLS certificates to 260 million websites. https://letsencrypt.org/. (2022).Google Scholar
- 2022. Microsoft SEAL (release 4.0). https://github.com/Microsoft/SEAL. (March 2022).Google Scholar
- 2022. OpenRTB Protocol Buffer 2.5.0. https://developers.google.com/authorizedbuyers/rtb/downloads/openrtb-proto. (2022).Google Scholar
- 2022. OpenSSL. (2022). https://www.openssl.org.Google Scholar
- 2022. Privacy Preserving Attribution for Advertising. https: //blog.mozilla.org/en/mozilla/privacy-preserving-attribution-for-advertising/. (2022).Google Scholar
- 2022. SealPIR: A computational PIR library that achieves low communication costs and high performance. https://github.com/microsoft/SealPIR. (2022).Google Scholar
- 2022. SimilarWeb. https://www.similarweb.com. (2022).Google Scholar
- 2022. The Topics API. https://github.com/patcg-individual-drafts/topics/. (2022).Google Scholar
- 2022. This is how Google plans to track you now. https: //www.slashgear.com/this-is-how-google-plans-to-track-you-now-25708910/. (2022).Google Scholar
- 2022. Understand your conversion tracking data. https://support.google.com/google-ads/answer/6270625. (2022).Google Scholar
- 2022. What is fingerprinting and why you should block it. https://www.mozilla.org/en-US/firefox/features/block-fingerprinting/. (2022).Google Scholar
- Erik Anderson, Melissa Chase, F. Betul Durak, Esha Ghosh, Kim Laine, and Chenkai Weng. 2021. Aggregate Measurement via Oblivious Shuffling. Cryptology ePrint Archive, Paper 2021/1490. (2021). https://ia.cr/2021/1490.Google Scholar
- Sebastian Angel, Hao Chen, Kim Laine, and Srinath Setty. 2018. PIR with Compressed Queries and Amortized Query Processing. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- Sebastian Angel and Michael Walfish. 2013. Verifiable Auctions for Online Ad Exchanges. In Proceedings of the ACM SIGCOMM Conference.Google ScholarDigital Library
- Michael Backes, Aniket Kate, Matteo Maffei, and Kim Pecina. 2012. ObliviAd: Provably Secure and Practical Online Behavioral Advertising. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google ScholarDigital Library
- Samiran Bag, Feng Hao, Siamak F. Shahandashti, and Indranil Ghosh Ray. 2020. SEAL: Sealed-Bid Auction Without Auctioneers. IEEE Transactions on Information Forensics and Security 15 (2020).Google Scholar
- Donald Beaver. 1991. Efficient Multiparty Protocols Using Circuit Randomization. In Proceedings of the International Cryptology Conference (CRYPTO).Google Scholar
- Dan Boneh, Elette Boyle, Henry Corrigan-Gibbs, Niv Gilboa, and Yuval Ishai. 2021. Lightweight Techniques for Private Heavy Hitters. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- Sanaz Taheri Boshrooyeh, Alptekin Küpçü, and Öznur Özkasap. 2018. PPAD: Privacy Preserving Group-Based ADvertising in Online Social Networks. In 2018 IFIP Networking Conference (IFIP Networking) and Workshops.Google Scholar
- Elette Boyle, Niv Gilboa, and Yuval Ishai. 2016. Function Secret Sharing: Improvements and Extensions. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).Google ScholarDigital Library
- Zvika Brakerski. 2012. Fully homomorphic encryption without modulus switching from classical GapSVP. In Proceedings of the International Cryptology Conference (CRYPTO).Google ScholarDigital Library
- Felix Brandt. 2002. A verifiable, bidder-resolved Auction Protocol. In Proceedings of the 5th International Workshop on Deception, Fraud and Trust in Agent Societies.Google Scholar
- Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In Proceedings of the USENIX Security Symposium.Google Scholar
- David Chaum and Eugène van Heyst. 1991. Group Signatures. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).Google Scholar
- Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. 2019. SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Henry Corrigan-Gibbs and Dan Boneh. 2017. Prio: Private, Robust, and Scalable Computation of Aggregate Statistics. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. In Proceedings of the USENIX Security Symposium.Google ScholarDigital Library
- Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating noise to sensitivity in private data analysis. In Proceedings of the Theory of Cryptography Conference (TCC).Google ScholarDigital Library
- Cynthia Dwork and Aaron Roth. 2014. The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9, 3--4 (2014).Google ScholarDigital Library
- Taher ElGamal. 1985. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 4 (1985).Google ScholarDigital Library
- Junfeng Fan and Frederik Vercauteren. 2012. Somewhat Practical Fully Homomorphic Encryption. Cryptology ePrint Archive, Report 2012/144. (2012). https://ia.cr/2012/144.Google Scholar
- Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Fully Homomorphic Encryption with Polylog Overhead. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).Google Scholar
- Shafi Goldwasser and Silvio Micali. 1982. Probabilistic Encryption; How to Play Mental Poker Keeping Secret All Partial Information. In Proceedings of the ACM Symposium on Theory of Computing (STOC).Google ScholarDigital Library
- Shafi Goldwasser and Silvio Micali. 1984. Probabilistic encryption. J. Comput. System Sci. 28, 2 (1984).Google ScholarCross Ref
- Matthew Green, Watson Ladd, and Ian Miers. 2016. A Protocol for Privately Reporting Ad Impressions at Scale. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).Google ScholarDigital Library
- Saikat Guha, Bin Cheng, and Paul Francis. 2011. Privad: Practical Privacy in Online Advertising. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar
- Saikat Guha, Alexey Reznichenko, Kevin Tang, Hamed Haddadi, and Paul Francis. 2009. Serving Ads from localhost for Performance, Privacy, and Profit. In Proceedings of the ACM Workshop on Hot Topics in Networks (HotNets).Google Scholar
- Michael Harkavy, J. D. Tygar, and Hiroaki Kikuchi. 1998. Electronic Auctions with Private Bids. In 3rd USENIX Workshop on Electronic Commerce (EC 98).Google Scholar
- Leon J. Helsloot, Gamze Tillem, and Zekeriya Erkin. 2018. BAdASS: Preserving Privacy in Behavioural Advertising with Applied Secret Sharing. In Provable Security.Google Scholar
- Alexandra Henzinger, Matthew M. Hong, Henry Corrigan-Gibbs, Sarah Meiklejohn, and Vinod Vaikuntanathan. 2022. One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval. Cryptology ePrint Archive, Paper 2022/949. (2022). https://eprint.iacr.org/2022/949.Google Scholar
- Hiroaki Kikuchi, Shinji Hotta, Kensuke Abe, and Shohachiro Nakanishi. 2000. Distributed Auction Servers Resolving Winner and Winning Bid without Revealing Privacy of Bids. In Proceedings of the Seventh International Conference on Parallel and Distributed Systems: Workshops.Google ScholarCross Ref
- Dmitry Kogan and Henry Corrigan-Gibbs. 2021. Private Blocklist Lookups with Checklist. In Proceedings of the USENIX Security Symposium.Google Scholar
- Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In Proceedings of the USENIX Security Symposium.Google Scholar
- Hairen Liao, Lingxiao Peng, Zhenchuan Liu, and Xuehua Shen. 2014. IPinYou Global RTB Bidding Algorithm Competition Dataset. In Proceedings of the Eighth International Workshop on Data Mining for Online Advertising.Google ScholarDigital Library
- Benoît Libert, San Ling, Fabrice Mouhartem, Khoa Nguyen, and Huaxiong Wang. 2016. Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions. In International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT).Google ScholarDigital Library
- Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013. On Ideal Lattices and Learning with Errors over Rings. J. ACM (2013).Google Scholar
- Yiping Ma, Ke Zhong, Tal Rabin, and Sebastian Angel. 2022. Incremental Offline/Online PIR. In Proceedings of the USENIX Security Symposium.Google Scholar
- Samir Jordan Menon and David J. Wu. 2022. Spiral: Fast, High-Rate Single-Server PIR via FHE Composition. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Ilya Mironov. 2017. Rényi Differential Privacy. In Proceedings of the IEEE Computer Security Foundations Symposium.Google ScholarCross Ref
- Hamid Mozaffari and Amir Houmansadr. 2020. Heterogeneous Private Information Retrieval. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google ScholarCross Ref
- Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. 2020. Plundervolt: Software-based Fault Injection Attacks against Intel SGX. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P'20).Google ScholarCross Ref
- Pascal Paillier. 1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).Google ScholarCross Ref
- David C. Parkes, Michael O. Rabin, Stuart M. Shieber, and Christopher Thorpe. 2008. Practical secrecy-preserving, verifiably correct and trustworthy auctions. Electronic Commerce Research and Applications (2008).Google Scholar
- Eric Rescorla and Martin Thomson. 2021. Technical Comments on FLoC Privacy. https://mozilla.github.io/ppa-docs/floc_report.pdf. (2021).Google Scholar
- Sacha Servan-Schreiber, Kyle Hogan, and Srinivas Devadas. 2021. AdVeil: A Private Targeted-Advertising Ecosystem. Cryptology ePrint Archive, Report 2021/1032. (2021). https://eprint.iacr.org/2021/1032 https://eprint.iacr.org/2021/1032.Google Scholar
- Vincent Toubiana, Arvind Narayanan, Dan Boneh, Helen Nissenbaum, and Solon Barocas. 2010. Adnostic: Privacy Preserving Targeted Advertising. In Proceedings of the Network and Distributed System Security Symposium (NDSS).Google Scholar
- Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yarom Yuval, Berk Sunar, Daniel Gruss, and Frank Piessens. 2020. LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Xiao Wang, Alex J. Malozemoff, and Jonathan Katz. 2016. EMP-toolkit: Efficient MultiParty computation toolkit. https://github.com/emp-toolkit. (2016).Google Scholar
- Xiao Sophia Wang, Aruna Balasubramanian, Arvind Krishnamurthy, and David Wetherall. 2013. Demystifying Page Load Performance with WProf. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar
- Yao Xiao and Josh Karlin. 2021. Federated Learning of Cohorts. https://wicg.github.io/floc/. (2021).Google Scholar
- Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).Google ScholarDigital Library
- Shuai Yuan, Jun Wang, Bowei Chen, Peter Mason, and Sam Seljan. 2014. An Empirical Study of Reserve Price Optimisation in Real-Time Bidding. In Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.Google ScholarDigital Library
- Weinan Zhang, Shuai Yuan, Jun Wang, and Xuehua Shen. 2015. Real-Time Bidding Benchmarking with iPinYou Dataset. https://arxiv.org/abs/1407.7073. (2015).Google Scholar
- Ke Zhong, Yiping Ma, and Sebastian Angel. 2022. Ibex: Privacy-preserving ad conversion tracking and bidding (full version). Cryptology ePrint Archive, Paper 2022/1174. (Sept. 2022). https://eprint.iacr.org/2022/1174 https://eprint.iacr.org/2022/1174.Google ScholarDigital Library
- Ke Zhong, Yiping Ma, Yifeng Mao, and Sebastian Angel. 2023. Addax: A fast, private, and accountable ad exchange infrastructure. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar
Index Terms
- Ibex: Privacy-preserving Ad Conversion Tracking and Bidding
Recommendations
Haze: privacy-preserving real-time traffic statistics
SIGSPATIAL'13: Proceedings of the 21st ACM SIGSPATIAL International Conference on Advances in Geographic Information SystemsWe consider mobile applications that let users learn traffic conditions based on reports from other users. However, the providers of these mobile services have access to such sensitive information as timestamped locations and movements of its users. In ...
Practical private information aggregation in large networks
NordSec'10: Proceedings of the 15th Nordic conference on Information Security Technology for ApplicationsEmerging approaches to network monitoring involve large numbers of agents collaborating to produce performance or security related statistics on huge, partial mesh networks. The aggregation process often involves security or business-critical ...
Private Aggregation with Custom Collusion Tolerance
Information Security and CryptologyAbstractWhile multiparty computations are becoming more and more efficient, their performance has not yet reached the required level for wide adoption. Nevertheless, many applications need this functionality, while others need it for simpler computations; ...
Comments