Title: Security and Privacy Preservation in Mobile Advertising
Date: August 11, 2020
Time: 10:30 AM
Place: REMOTE PARTICIPATION
Supervisor(s): Shen, Sherman
Mobile advertising is emerging as a promising advertising strategy, which leverages prescriptive analytics, location-based distribution, and feedback-driven marketing to engage consumers with timely and targeted advertisements. In the current mobile advertising system, a third-party ad broker (e.g. Google or Facebook) collects and manages advertisements for merchants who would like to promote their business to mobile users. Based on its large-scale database of user proﬁles, the ad broker can help the merchants to better reach out to customers with related interests and charges the merchants for ad dissemination services. Recently, mobile advertising technology has dominated the digital advertising industry and has become the main source of income for IT giants. However, there are many security and privacy challenges that may hinder the continuous success of the mobile adverting industry. First, there is a lack of advertising transparency in the current mobile adverting system. For example, mobile users are concerned about the reliability and trustworthiness of the ad dissemination process and advertising review system. Without proper countermeasures, mobile users can install ad-blocking software to ﬁlter out irrelevant or even misleading advertisements, which may lower the advertising investments from merchants. Second, as more strict privacy regulations (e.g. European General Data Privacy Regulations) take eﬀect, it is critical to protect mobile users’ personal proﬁles from illegal sharing and exposure in the mobile advertising system.
In this thesis, three security and privacy challenges for the mobile advertising system are identiﬁed and addressed with the designs, implementations, and evaluations of a blockchain-based architecture. First, we study the anonymous review system for the mobile advertising industry. When receiving advertisements from a speciﬁc merchant (e.g. a nearby restaurant), mobile users are more likely to browse the previous reviews about the merchant for quality-of-service assessments. However, current review systems are known for the lack of system transparency and are subject to many attacks, such as double reviews and deletions of negative reviews. We exploit the tamper-proof nature and the distributed consensus mechanism of the blockchain technology, to design a blockchain-based review system for mobile advertising, where review accumulations are transparent and veriﬁable to the public. To preserve user review privacy, we further design an anonymous review token generation scheme, where users are encouraged to leave reviews anonymously while still ensuring the review authenticity. We also explore the implementation challenges of the blockchain-based system on an Ethereum testing network and the experimental results demonstrate the application feasibility of the proposed anonymous review system. Second, we investigate the transparency issues for the targeted ad dissemination process. Speciﬁcally, we focus on a speciﬁc mobile advertising application: vehicular local adverting, where vehicular users send spatial-keyword queries to ad brokers to receive location-aware advertisements. To build a transparent advertising system, the ad brokers are required to provide mobile users with explanations on the ad dissemination process, e.g., why a speciﬁc ad is disseminated to a mobile user. However, such transparency explanations are often found incomplete and sometimes even misleading, which may lower the user trust on the advertising system if without proper countermeasures. Therefore, we design an advertising smart contract to eﬃciently realize a publicly veriﬁable spatial-keyword query scheme. Instead of directly implementing the spatial-keyword query scheme on the smart contract with prohibitive storage and computation cost, we exploit the on/oﬀ chain computation models to trade the expensive on-chain cost for cheap oﬀ-chain cost. With two design strategies: digest-and-verify and divide-then-assemble, the on-chain cost for a single spatial keyword query is reduced to constant regardless of the scale of the spatial-keyword database. Comprehensive experiments are conducted to provide both on-chain and oﬀ-chain benchmarks with a veriﬁable computation framework and the Ethereum testing network. Third, we explore another critical requirement of the mobile advertising system: public accountability enforcement against advertising misconducts, if (1) mobile users receive irrelevant ads, or (2) advertising policies of merchants are not correctly computed in the ad dissemination process. This requires the design of a composite Succinct Non-interactive ARGument (SNARG), that can be tailored for diﬀerent advertising transparency requirements and is eﬃcient for the blockchain implementations. Moreover, pursuing public accountability should also achieve a strict privacy guarantee for the user proﬁle. We also propose an accountability contract which can receive explanation requirements from both mobile users and merchants. To promote prompt on chain responses, we design an incentive mechanism based on the pre-deposits of involved parties, i.e., ad brokers, mobile users, and merchants. If any advertising misconduct is identiﬁed, public accountability can be enforced by conﬁscating the pre-deposits of the misbehaving party. Extensive experiments and analyses are conducted to demonstrate the versatile functionalities and feasibility of the accountability contract.
In summary, we have designed, implemented, and evaluated a blockchain-based architecture for security and privacy preservations in the mobile adverting. The designed architecture can not only enhance the transparency and accountability for a more trustworthy mobile advertising system, but has also achieve notably on-chain efficiency and privacy for real-world implementations. The results from the thesis should shed light on the future research and practice of a blockchain-based infrastructure for the privacy regulation compliance in the mobile advertising.