Security, Privacy and Economics of Online Advertising THÈSE NO 5664 (2013) PRÉSENTÉE LE 22 MARS 2013 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE POUR LES COMMUNICATIONS INFORMATIQUES ET LEURS APPLICATIONS 1 PROGRAMME DOCTORAL EN INFORMATIQUE, COMMUNICATIONS ET INFORMATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Nevena VRATONJIC acceptée sur proposition du jury: Prof. K. Aberer, président du jury Prof. J.-P. Hubaux, directeur de thèse Prof. A. Argyraki, rapporteur Prof. J. Grossklags, rapporteur Dr M. Strasser, rapporteur Suisse 2013 To my family Abstract Online advertising is at the core of today’s Web: it is the main business model, generating large annual revenues expressed in tens of billions of dollars that sponsor most of the online content and services. Online advertising consists of delivering marketing messages, embedded intoWebcontent,toatargetedaudience. Inthismodel,entitiesattractWebtrafficbyoffering the content and services for free and charge advertisers for including advertisements in this traffic (i.e., advertisers pay for users’ attention and interests). Online advertising is a very successfulformofadvertisingasitallowsforadvertisements(ads)tobetargetedtoindividual users’ interests; especially when advertisements are served on users’ mobile devices, as ads can be targeted to users’ locations and the corresponding context. However, online advertising also introduces a number of problems. Given the high ad revenue at stake, fraudsters have economic incentives to exploit the ad system and generate profitfromit. Unfortunately,toachievethisgoal,theyoftencompromiseusers’onlinesecurity (e.g.,viamalware,phishing,etc.). Forthepurposeofmaximizingtherevenuebymatchingads tousers’interests, anumberoftechniquesaredeployed, aimedattrackingandprofilingusers’ digital footprints, i.e., their behavior in the digital world. These techniques introduce new threats to users’ privacy. Consequently, some users adopt ad-avoidance tools that prevent the download of advertisements and partially thwart user profiling. Such user behavior, as well as exploits of ad systems, have economic implications as they undermine the online advertising business model. Meddling with advertising revenue disrupts the current economic model of the Web, the consequences of which are unclear. Given that today’s Web model relies on online advertising revenue in order for users to have access and consume content and services for“free”, coupled with the fact that there are many threats that could jeopardize this model, in this thesis we address the security, privacy and economic issues stemming from this fundamental element of the Web. In the first part of the thesis, we investigate the vulnerabilities of online advertising sys- tems. We identify how an adversary can exploit the ad system to generate profit for itself, notably by performing inflight modification of ad traffic. We provide a proof-of-concept im- plementation of the identified threat on Wi-Fi routers. We propose a collaborative approach for securing online advertising and Web browsing against such threats. By investigating how a certificate-based authentication is deployed in practice, we assess the potential of relying on certificate-based authentication as a building block of a solution to protect the ad revenue. We propose a multidisciplinary approach for improving the current state of certificate-based authentication on the Web. In the second part of the thesis, we study the economics of ad systems’ exploits and certain potential countermeasures. We evaluate the potential of different solutions aimed at protectingadrevenuebeingimplementedbythestakeholders(e.g., InternetServiceProviders or ad networks) and the conditions under which this is likely to happen. We also study the i economic ramifications of ad-avoidance technologies on the monetization of online content. Weusegame-theorytomodelthestrategicbehaviorofinvolvedentitiesandtheirinteractions. In the third part of the thesis, we focus on privacy implications of online advertising. We identify a novel threat to users’ location privacy that enables service providers to geolocate users with high accuracy, which is needed to serve location-targeted ads for local businesses. We draw attention to the large scale of the threat and the potential impact on users’ location privacy. Keywords: online advertising, ad fraud, inflight ad-traffic modification, economics, game theory, Web certificates, botnets, ISPs, location privacy ii Résumé Lapublicit´eenligneestaucoeurduWebd’aujourd’hui: elleestleprincipalmod`eled’affaires, g´en´erant d’´enormes revenus annuels (dizaines de milliards de dollars) qui financent la plupart des contenus et services en ligne. La publicit´e en ligne consiste `a distribuer des messages marketing, int´egr´es dans du contenu Web, `a un public cibl´e. Dans ce mod`ele, des entit´es attirent du trafic Web en offrant du contenu et des services gratuitement et en faisant payer les publicitaires pour inclure des publicit´es dans ce trafic (i.e., les publicitaires paient pour l’attention et les int´erˆets des utilisateurs). La publicit´e en ligne est une forme de publicit´e tr`es fructueuse car elle permet de cibler la publicit´e par rapport aux int´erˆets des utilisateurs. Sp´ecialement quand les publicit´es sont d´elivr´ees sur les appareils mobiles des utilisateurs car ces publicit´es peuvent ˆetre adapt´ees `a la localisation et au contexte des utilisateurs. Cependant, la publicit´e en ligne g´en`ere aussi un certain nombre de probl`emes. Etant donn´e les revenus´elev´es en jeu, les fraudeurs ont un int´erˆet´economique `a exploiter le syst`eme de publicit´e `a leur propre profit. Malheureusement, ils compromettent souvent la s´ecurit´e des utilisateurs afin d’atteindre leur but (par ex., par des malwares, de l’hame¸connage, etc.). Afin de maximiser les profits en personnalisant les publicit´es aux int´erˆets des utilisateurs, de nombreuses techniques sont d´eploy´ees, tra¸cant et profilant les empreintes num´eriques des utilisateurs, i.e., leur comportement dans le monde num´erique. Ces techniques entraˆınent de nouvelles menaces sur la protection des donn´ees priv´ees des utilisateurs. Par cons´equent, certainsutilisateursinstallentdesoutilsdeblocagedespublicit´esquiempˆechentlet´el´echarge- ment de ces publicit´es et d´ejouent partiellement le profilage. De tels comportements, ainsi que l’utilisation malicieuse des syst`emes publicitaires, ont des implications ´economiques car ils sapent le mod`ele d’affaires de la publicit´e en ligne. L’alt´eration du revenu de la publicit´e perturbe le mod`ele ´economique actuel du Web, et ses cons´equences sont encore floues. Etant donn´e que le Web repose sur les revenus publicitaires afin de donner acc`es“gratu- itement” a` du contenu et des services aux utilisateurs, ainsi que le fait qu’il y ait de nom- breuses menaces qui puissent compromettre ce mod`ele, cette th`ese aborde les probl´ematiques ´economiques, de s´ecurit´e, et de protection des donn´ees d´ecoulant de cet ´el´ement essentiel du Web. Dans la premi`ere partie de la th`ese, nous examinons les vuln´erabilit´es des syst`emes de publicit´e en ligne. Nous d´ecrivons commment un attaquant peut exploiter le syst`eme pub- licitaire pour g´en´erer des profits personnels, notamment en modifiant le trafic publicitaire en transit. Nous fournissons une impl´ementation d´emontrant la menace sur un routeur WiFi. Nous proposons une approche collaborative pour s´ecuriser la publicit´e en ligne et la naviga- tion Web contre de telles menaces. Nous ´evaluons le potentiel de l’authentification bas´ee sur des certificats comme composante d’une solution pour prot´eger les revenus publicitaires, en ´etudiant comment cette authentification est d´eploy´ee en pratique. Nous proposons une ap- proche pluridisciplinaire afin d’am´eliorer la situation actuelle de l’authentification bas´ee sur iii des certificats sur le Web. Dans la seconde partie de la th`ese, nous ´etudions l’´economie des attaques contre les sys- t`emes publicitaires et les potentielles contre-mesures. Nous ´evaluons diff´erentes solutions visant `a prot´eger les revenus publicitaires impl´ement´ees par les parties prenantes (par ex., fournisseurs d’acc`es Internet ou r´eseaux publicitaires) et les conditions dans lesquelles celles- ci ont des chances de s’appliquer. Nous ´etudions ´egalement les implications ´economiques des technologies de blocage des publicit´es vis-`a-vis de la mon´etisation du contenu en ligne. Nous utilisons la th´eorie des jeux pour mod´eliser le comportement strat´egique des entit´es impliqu´ees, et leurs interactions. Dans la troisi`eme partie de la th`ese, nous nous concentrons sur les implications de la publicit´e en ligne vis-`a-vis de la sph`ere priv´ee. Nous identifions une nouvelle menace sur la protection des donn´ees de localisation des utilisateurs qui permet aux fournisseurs de service de g´eolocaliser les utilisateurs avec une grande pr´ecision, ce qui est n´ecessaire afin de fournir des publicit´es cibl´ees par la localisation. Nous attirons l’attention sur cette menace `a grande ´echelle et l’impact potentiel sur la protection des donn´ees de localisation des utilisateurs. Mots-clés: publicit´eenligne,fraudepublicitaire,modificationdutraficpublicitaireentran- sit, ´economie, th´eorie des jeux, certificats Web, botnets, FAIs, protection des donn´ees de localisation iv Acknowledgments I would like to express my gratitude to all the wonderful people who have contributed to this thesis and who have made my PhD years such a wonderful time of my life. First and foremost, I am grateful to my advisor Prof. Jean-Pierre Hubaux for giving me the opportunity to do research in a positive and stimulating environment of LCA1, and above all, for his invaluable guidance and support throughout the PhD process. I have learned a lot from him, on both a professional and personal level. Jean-Pierre, thank you for everything. I would like to thank my thesis committee members: Prof. Katerina Argyraki, Prof. Jens Grossklags, Dr Mario Strasser and Prof. Karl Aberer, for the time and effort they put into reviewing this dissertation. Special thanks to Prof. Jens Grossklags; during his stay at EPFL we elaborated the ideas on the problem of online content monetization. My appreciation goes to my co-authors for fruitful collaborations and for contributing considerably to this thesis: Prof. Hossein Manshaei, Dr Julien Freudiger, Dr Maxim Raya, Prof. Jens Grossklags, Prof. David Parkes, Prof. M´ark F´elegyh´azi, Dr K´evin Huguenin and Vincent Bindschaedler. In particular, thanks to Julien and Mark for our early work related to online advertising systems, the foundation for this thesis. I am thankful to all my colleagues at EPFL who have also contributed to this thesis in many ways: Marcin, Igor, Mathias, Reza, Jacques, Berker, Murtuza, Panos, Aravind, Priya, Steve, George, Pedram, Wojciech, Mirco, for discussing ideas, challenging and reviewing my work and creating a great atmosphere. I would like to express my gratitude to Patricia, DanielleandAngelaforalltheirhelpwithadministrationissues,andtoHollyforherpersistent efforts to improve my English and to system administrators for providing a great computing infrastructure. The years of my PhD experience have been enriched with many wonderful people I have metandthegreatexperienceswehaveshared. SpecialthankstoKasia,Michal,Adriana,Gleb, Maxim and all DOSErs for the many fun events, extraordinary discussions and the enjoyable time spent together; to Julien, for the numerous interesting conversations, for sharing his time, ideas and expertise; and to my officemate Marcin, for being a good friend and for all the support, patience, discussions and advice throughout our PhD life in BC 200. I am indebted to my Serbian friends for making me feel at home. Furthermore, I am grateful to Ruzica for her unconditional friendship; to Milica and Andrijana for all the joyful girly times and laughs we shared; and to Bane, for all the wonderful times he has generously shared with me and for his help in numerous occasions. My appreciation goes to my flatmate Aleksandar, for always being cheerful and filling our house with laughter. I am thankful to Ana and Zarko for making our first days in Lausanne much easier and enjoyable. I also want to pay tribute to my friends with whom I shared many special moments at home in Serbia and around the world, Milena, Natasa, Nevena, Maja, Marko, Milos, Vlada. Thank you for cherishing and nurturing our friendship regardless of the distance. v MyheartfeltthanksgotoSam, forhisendlessunderstanding, supportandencouragement each step of the way. Thank you for your love and for bringing happiness into my life. Finally, I want to thank my family, my parents Danica and Milan, and my sister Milena, fortheirunconditionalsupportandencouragement. Theyhavemyeternalgratitudeandlove. To them, I dedicate this thesis. Mama, tata, Milena, hvala vam puno na svemu. Vama posve´cujem ovu tezu. vi