Privacy-Preserving Caching in ISP Networks

Content Providers (CPs) typically encrypt the content sent over the telecom network to improve security and privacy of their final users, as well as to protect business-critical information (e.g., contents' popularity). Due to this encryption, Internet Service Providers (ISPs) can not easily apply caching strategies that require the inspection of traffic traversing their networks to select the most popular contents. The most common approach to solve the conflict between privacy and caching consists in allowing a CP to manage the caches (e.g., by storing and delivering the contents) directly from inside the area of the ISP. However, in this way ISPs lose the legitimate control on a portion of traffic traversing their networks. An alternative approach is enabled by recently-proposed architectural solutions that allow a CP to encrypt the contents and associate pseudonyms to them, and the ISP to count the occurrences of such identifiers to infer popularity-related information without inspecting the original contents. However, we observe that ISPs can still obtain valuable information about contents' popularity that may threaten CPs' privacy. In this paper, we formalize a strategy of association between pseudonyms and contents that effectively improves privacy but leads to a degradation of caching performance. We formally define privacy in this context and study the trade-off between caching and privacy considering differerent metrics, such as the hit-rate and the retrieval latency. The results, obtained by means of simulations over both real and synthetic data, show that privacy can be significantly improved while accepting a minor impact on the hit-rate of caching and suggest the applicability of the considered architecture in a real scenario of content delivery.