PCSF: Privacy-Preserving Content-based Spam Filter

Publication Name

IEEE Transactions on Information Forensics and Security


The purpose of privacy-preserving spam filtering is to inspect email while preserving the privacy of its detection rules and the email content. Although many solutions have emerged, they suffer from the following: 1) The privacy provided is insufficient as the email content or detection rules may be exposed to third parties; 2) Due to improper use of encryption, exhaustive word search attacks are possible, potentially breaking the confidentiality of encrypted emails; 3) When spam filtering is outsourced, email is given to the outsource, where user privacy may be compromised if privacy protection measures are not properly put in place; 4) Confirmation of whether the encrypted email is spam is only determined after the receiver receives the email, which can lead to a situation in which spam is loaded to the memory of the receiver’s terminal for spam filtering. This can be harmful, for example, when an attacker inserts a web browser vulnerability into the body of an email to lure users to a phishing site simply by reading the email; 5) Computationally expensive operations are unavoidable to provide required features of privacy-preserving spam filtering. We present Privacy-preserving Content-based Spam Filter (PCSF), which is a spam filter system that does not suffer from the aforementioned issues. Additionally, our system provides pre-validation before the receiver reads the email. We provide an implementation of our system based on the Naive Bayes spam filter and prove its security.

Open Access Status

This publication is not available as open access



Link to publisher version (DOI)