Towards lightweight secure user-transparent and privacy-preserving web metering

Privacy is an issue today as more people are actively connecting and participating in the Internet. Problems arise when such concerning issue is coupled with security requirements of online applications. The web metering problem is the problem of counting the number of visits done by users to a webserver, additionally capturing data about these visits. There are trade-offs between designing secure web metering solutions and preserving users’ privacy. There is also a dilemma between privacypreserving solutions versus accuracy of results. The problem becomes more difficult when the main interacting party, the user, is not inherently interested to participate and operations need to be carried out transparently. This thesis addresses the web metering problem in a hostile environment and proposes different web metering solutions. The web metering solutions operate in an environment where webservers or attackers are capable of invading users’ privacy or modifying the web metering result. Threats in such environment are identified, using a well established threat model with certain assumptions, which are then used to derive privacy, security and functional requirements. Those requirements are used to show shortcomings in previous web metering schemes, which are then addressed by our proposed solutions. The central theme of this thesis is user’s privacy by user-transparent solutions.