A Content Delivery Network (CDN) is a distributed system composed of a large number of nodes that allows users to request objects from nearby nodes. CDN not only reduces end-to-end latency on the user side but also offloads Content Providers (CPs), providing resilience against Distributed Denial of Service (DDoS) attacks. However, by caching objects and processing user requests, CDN providers could infer user preferences and the popularity of objects, thus resulting in information leakage. Unfortunately, such information leakage may result in loss of user privacy and reveal business-specific information to untrusted or compromised CDN providers. State-of-the-art solutions can protect the content of sensitive objects but cannot prevent CDN providers from inferring user preferences and the popularity of objects. In this work, we present a privacy-preserving encrypted CDN system to hide not only the content of objects and user requests, but also protect user preferences and the popularity of objects from curious CDN providers. We employ encryption to protect the objects and user requests in a way that both the CDNs and CPs can perform the search operations without accessing objects and requests in cleartext. Our proposed system is based on a scalable key management approach for multi-user access, where no key regeneration and data re-encryption are needed for user revocation. We have implemented a prototype of the system and show its practical efficiency.
|Number of pages||16|
|Journal||IEEE Transactions on Dependable and Secure Computing|
|Publication status||Published - Sept 2020|
- access pattern
- request pattern
- searchable encryption