PPSB: An Open and Flexible Platform for Privacy-Preserving Safe Browsing

• Published in: IEEE transactions on dependable and secure computing Vol. 18; no. 4; pp. 1762 - 1778
• Main Authors: Cui, Helei, Zhou, Yajin, Wang, Cong, Wang, Xinyu, Du, Yuefeng, Wang, Qian
• Format: Journal Article
• Language: English
• Published: Washington IEEE 01.07.2021; IEEE Computer Society
• Subjects: Blacklisting; Blocklists; Browsers; Browsing; Computer privacy; Cryptography; malware; phishing; Privacy; Privacy preserving; safe browsing; Search engines; Servers; Source code; Uniform resource locators; URLs; User experience; web browser; Websites
• ISSN: 1545-5971; 1941-0018
• DOI: 10.1109/TDSC.2019.2937783

Safe Browsing (SB) is an important security feature in modern web browsers to help detect new unsafe websites. Although useful, recent studies have pointed out that the widely adopted SB services, such as Google Safe Browsing and Microsoft SmartScreen, can raise privacy concerns since users' browsing history might be subject to unauthorized leakage to service providers. In this paper, we present a Privacy-Preserving Safe Browsing (PPSB) platform. It bridges the browser that uses the service and the third-party blacklist providers who provide unsafe URLs, with the guaranteed privacy of users and blacklist providers. Particularly, in PPSB, the actual URL to be checked, as well as its associated hashes or hash prefixes, never leave the browser in cleartext. This protects the user's browsing history from being directly leaked or indirectly inferred. Moreover, these lists of unsafe URLs, the most valuable asset for the blacklist providers, are always encrypted and kept private within our platform. Extensive evaluations using real datasets (with over 1 million unsafe URLs) demonstrate that our prototype can function as intended without sacrificing normal user experience, and block unsafe URLs at the millisecond level. All resources, including Chrome extension, Docker image, and source code, are available for public use.