How to act without being observed: Progressive privacy architecture in desktop-as-a-service

摘要

This paper describes the design, implementation and experimental evaluation of a progressive privacy solution for a DaaS system. Progressive privacy is a privacy preserving model which can be configurable (possibly on-demand) by a user not only quantitatively but rather qualitatively. The user can discriminate what type of information must be preserved and to what extent, according to her/his desired profiles of privacy. A lightweight client-side proxy named Hedge Proxy has been designed such that non-intelligible user contents and non-traceable user actions are guaranteed by enabling homomorphic encryption, oblivious transfer and query obfuscation schemes in the proxy. The paper also proposes an implementation and evaluation of the Hedge Proxy based on a specific DaaS environment developed at the University of Rome and called Virtual Distro Dispatcher (VDD). Results of such evaluation are discussed and aim at assessing the performances experienced by users of VDD against the progressive privacy achievements that can be obtained. As expected, the perceived client performances when using VDD highly decrease when augmenting the level of privacy protection (e.g., using large key encryption size, high obfuscation density). Nevertheless, experiments show that for light encrypted data streams the system can reach fair level of privacy with small keys without significantly deteriorating user experienced performances.