I see what you’re watching on your streaming service: Fast identification of dash encrypted network traces
Paper i proceeding, 2023

In recent years, concerns about the privacy of users data have raised as testified by the wide adoption of the HTTPS protocol over its unencrypted predecessor. This work demonstrates, however, that the encryption used in HTTPS does not guarantee that the user’s data is hidden when streaming videos using the DASH protocol. We show that the encryption can be bypassed by exploiting recognizable and predictable patterns produced by DASH in side-channels. To demonstrate our attack, we have collected 100k fingerprints from the SVT Play streaming platform, and have shown that encrypted videos can reliably and quickly be identified by capturing streamed HTTPS traffic and comparing it against the fingerprint database. Compared with previous work, our evaluation demonstrates the superior accuracy in our approach as well as its capacity of swiftly identify videos that are playing from an arbitrary timestamp. Our prototype is, to the best of our knowledge, the fastest and most accurate video streaming recognizer to date, only requiring as little as 12 seconds of network traffic to infer a video title with more than 98% accuracy among a catalogue of 20k videos. Our results call for future updates in the DASH protocol designed to circumvent the privacy leak we have shown. An open- source implementation of our prototype is publicly available at https://github.com/embeage/streaming-identification.

privacy

wireless networks

DASH

video streaming

SVT Play

traffic analy- sis

Författare

Martin Björklund Hultman

Nätverk och System

Marcus Julin

Chalmers, Data- och informationsteknik

Philip Antonsson

Chalmers, Data- och informationsteknik

Andreas Stenwreth

Chalmers, Data- och informationsteknik

Malte Åkvist

Chalmers, Data- och informationsteknik

Tobias Hjalmarsson

Chalmers, Data- och informationsteknik

Romaric Duvignau

Nätverk och System

2023 20th IEEE Annual Consumer Communication & Networking Conference (CCNC)

IEEE Consumer Communications & Networking Conference
Las Vegas, USA,

TRUSTCOM: Paketspårningsigenkänning över instabila kommunikationskanaler

Data- och informationsteknik, 2023-02-01 -- 2024-01-31.

PAN5G: 5G Passive Attacks

Chalmers, 2022-01-01 -- 2022-06-30.

Ämneskategorier

Medieteknik

Kommunikationssystem

Datavetenskap (datalogi)

Styrkeområden

Informations- och kommunikationsteknik

DOI

10.1109/CCNC51644.2023.10060390

Mer information

Senast uppdaterat

2023-03-23