PEBA: Enhancing User Privacy and Coverage of Safe Browsing Services

To keep web users away from unsafe websites, modern web browsers enable the embedded feature of safe browsing (SB) by default. In this work, through theoretical analysis and empirical evidence, we reveal two major shortcomings in the current SB infrastructure. Firstly, we derive a feasible tracking...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2023-09, p.1-15
Main Authors: Du, Yuefeng, Duan, Huayi, Xu, Lei, Cui, Helei, Wang, Cong, Wang, Qian
Format: Article
Language:English
Subjects:
Blacklist Query Service
Blocklists
Browsers
Integrated Service
Malware
Phishing
Privacy
Privacy Drawback
Privacy Preserving
Safe Browsing
Security
Servers
Target tracking
Uniform resource locators
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To keep web users away from unsafe websites, modern web browsers enable the embedded feature of safe browsing (SB) by default. In this work, through theoretical analysis and empirical evidence, we reveal two major shortcomings in the current SB infrastructure. Firstly, we derive a feasible tracking technique for industry best practice. We show that the current mitigation techniques cannot eliminate the threat of de-anonymization permanently. Secondly, we gauge the effectiveness of blacklists provided by major vendors. Our discovery indicates the urge for blacklist integration in order to boost service quality. In light of this, we propose a new three-party paradigm {\sf PEBA} with an intermediate third party decoupling the direct interaction of users and proprietary blacklist vendors. To satisfy practical usage requirements, we instantiate our design with trusted hardware, detailing how it can be leveraged to fulfill the requirements of privacy enhancement and broader content coverage at the same time. We also tackle numerous implementation challenges that emerged from this proxy-based and hardware-enabled solution. Extensive evaluation confirms that {\sf PEBA} can balance well among desirable goals of security, usability, performance, and elasticity, making it suitable for deployment in practice.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2022.3204767