PPSB : An Open and Flexible Platform for Privacy-Preserving Safe Browsing

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

1 Scopus Citations
View graph of relations

Detail(s)

Original languageEnglish
Pages (from-to)1762-1778
Journal / PublicationIEEE Transactions on Dependable and Secure Computing
Volume18
Issue number4
Online published27 Aug 2019
Publication statusPublished - Jul 2021

Abstract

Safe Browsing (SB) is an important security feature in modern web browsers to help detect new unsafe websites. Although useful, recent studies have pointed out that the widely adopted SB services, such as Google Safe Browsing and Microsoft SmartScreen, can raise privacy concerns since users’ browsing history might be subject to unauthorized leakage to service providers. In this paper, we present a Privacy-Preserving Safe Browsing (PPSB) platform. It bridges the browser that uses the service and the third-party blacklist providers who provide unsafe URLs, with the guaranteed privacy of users and blacklist providers. Particularly, in PPSB, the actual URL to be checked, as well as its associated hashes or hash prefixes, never leave the browser in cleartext. This protects the user’s browsing history from being directly leaked or indirectly inferred. Moreover, these lists of unsafe URLs, the most valuable asset for the blacklist providers, are always encrypted and kept private within our platform. Extensive evaluations using real datasets (with over 1 million unsafe URLs) demonstrate that our prototype can function as intended without sacrificing normal user experience, and block unsafe URLs at the millisecond level. All resources, including Chrome extension, Docker image, and source code, are available for public use. 

Research Area(s)

  • Blacklisting, Browsers, Cryptography, Google, malware, phishing, Privacy, Privacy preserving, safe browsing, Servers, Uniform resource locators, web browser