Abstract
The purpose of privacy-preserving spam filtering is to inspect email while preserving the privacy of its detection rules and the email content. Although many solutions have emerged, they suffer from the following: 1) privacy provided is insufficient as the email content or detection rules may be exposed to third parties; 2) due to improper use of encryption, exhaustive word search attacks are possible, potentially breaking the confidentiality of encrypted emails; 3) when spam filtering is outsourced, email is given to the outsource, where user privacy may be compromised if privacy protection measures are not properly put in place; 4) confirmation of whether the encrypted email is spam is only determined after the receiver receives the email, which can lead to a situation in which spam is loaded to the memory of the receiver's terminal for spam filtering. This can be harmful, for example, when an attacker inserts a web browser vulnerability into the body of an email to lure users to a phishing site simply by reading the email; 5) computationally expensive operations are unavoidable to provide required features of privacy-preserving spam filtering. We present Privacy-preserving Content-based Spam Filter (PCSF), which is a spam filter system that does not suffer from the aforementioned issues. Additionally, our system provides pre-validation before the receiver reads the email. We provide an implementation of our system based on the Naive Bayes spam filter and prove its security.
Original language | English |
---|---|
Pages (from-to) | 2856-2869 |
Number of pages | 14 |
Journal | IEEE Transactions on Information Forensics and Security |
Volume | 18 |
DOIs | |
State | Published - 2023 |
Bibliographical note
Publisher Copyright:© 2005-2012 IEEE.
Keywords
- outsourcing
- pre-validation
- Privacy-preserving
- rule-hiding
- spam filter