Privacy and Fairness for Online Targeted Advertising

Abstract

Online advertising produces billions in revenue each year, which supports free web content providers through the sale of ad space. Targeted advertising, the most common form of online advertising, improves the accuracy of ads displayed and increases engagement with those ads. To facilitate targeted advertising, individual user information is collected by an ad exchange through tracking the user across the web. Ad exchanges manage the matching between advertisers and users by running internal auctions each time a user visits a web page. Although the benefits of targeted advertising are numerous, there are serious security and privacy threats that affect the system participants. Web user privacy is threatened by the collecting and sharing of their information, which could contain sensitive information that could put the user at risk. Also, users have no way of knowing what information is collected about them, along with why the ad was served to them. Other concerns stem from the ad exchange running fair auctions for ad space. Advertisers have no way to ensure ads are selected fairly, allowing the ad exchange to make decisions that may benefit them, instead of adhering to a fair auction. The goal of this thesis is to mitigate these privacy and fairness concerns of web users through novel cryptographic schemes. We present a privacy-preserving ad exchange protocol that allows the ad exchange to function without requiring the disclosure of user information to any party. To achieve this, a novel inner product encryption scheme is developed that allows pre-defined profiles, by both the user and advertisers, to be compared and the resultant ads displayed to the user. Secondly, we present a verifiable and privacy-preserving auction protocol that gives advertisers the ability to verify the result of an ad auction, ensuring that the auction ran fairly. This scheme utilizes order-revealing encryption with delegatable operations, alongside an asymmetric encryption scheme, to achieve our goals. Finally, we propose a verifiable and privacy-preserving ad exchange protocol that allows users to verify why they received an ad placement, thus giving the users more transparency and fairness in the advertising system.