Andrew Reed
ABSTRACT
After more than a year of research and development, Netflix recently upgraded their infrastructure to provide HTTPS encryption of video streams in order to protect the privacy of their viewers. Despite this upgrade, we demonstrate that it is possible to accurately identify Netflix videos from passive traffic capture in real-time with very limited hardware requirements. Specifically, we developed a system that can report the Netflix video being delivered by a TCP connection using only the information provided by TCP/IP headers. To support our analysis, we created a fingerprint database comprised of 42,027 Netflix videos. Given this collection of fingerprints, we show that our system can differentiate between videos with greater than 99.99% accuracy. Moreover, when tested against 200 random 20-minute video streams, our system identified 99.5% of the videos with the majority of the identifications occurring less than two and a half minutes into the video stream.
- J. L. Bentley. Multidimensional Binary Search Trees Used for Associative Searching. In Communications of the ACM, September 1975. Google Scholar
Digital Library
- DOM Standard, https://dom.spec.whatwg.org/.Google Scholar
- S. Englehardt and A. Narayanan. Online Tracking: A 1-Million-Site Measurement and Analysis. In ACM Conference on Computer and Communications Security, 2016. Google ScholarDigital Library
- GitHub Repository, https://github.com/andrewreed.Google Scholar
- ISO/IEC 14496--12:2012, http://standards.iso.org/ittf/ PubliclyAvailableStandards/c061988_ISO_IEC_14496--12_2012.zip.Google Scholar
- Microsoft Silverlight, https://www.microsoft.com/silverlight.Google Scholar
- mitmproxy, https://mitmproxy.org.Google Scholar
- Netflix has tons of hidden categories -- here's how to see them, http://mashable.com/2016/01/11/netflix-search-codes.Google Scholar
- The Netflix Tech Blog: Protecting Netflix Viewing Privacy at Scale, http://techblog.netflix.com/2016/08/protecting-netflix-viewing-privacy-at.html.Google Scholar
- A. Reed and B. Klimkowski. Leaky Streams: Identifying Variable Bitrate DASH Videos Streamed over Encrypted 802.11n Connections. In IEEE Consumer Communications and Networking Conference, 2016.Google ScholarCross Ref
- Sandvine Report: Netflix's Encoding Optimizations Result In North American Traffic Share Decline, https://www.sandvine.com/pr/2016/6/22/sandvine-report-netflix-encoding-optimizations-result-in-north-american-traffic-share-decline.html.Google Scholar
- T. S. Saponas, J. Lester, C. Hartung, S. Agarwal, and T. Kohno. Devices that Tell on You: Privacy Trends in Consumer Ubiquitous Computing. In USENIX Security Symposium, 2007. Google ScholarDigital Library
- Selenium, http://www.seleniumhq.org.Google Scholar
- J. Terrell, K. Jeffay, F. D. Smith, J. Gogan, and J. Keller. Passive, Streaming Inference of TCP Connection Structure for Network Server Management. In IEEE International Traffic Monitoring and Analysis Workshop, 2009. Google ScholarDigital Library
- A. White, A. Matthews, K. Snow, and F. Monrose. Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks. In IEEE Symposium on Security and Privacy, 2011. Google ScholarDigital Library
- J. Zhang, X. Chen, Y. Xiang, W. Zhou, and J. Wu. Robust Network Traffic Classification. In IEEE/ACM Transactions on Networking, August 2015. Google ScholarDigital Library
Index Terms
- Identifying HTTPS-Protected Netflix Videos in Real-Time
Recommendations
Measurement study of Netflix, Hulu, and a tale of three CDNs
Netflix and Hulu are leading Over-the-Top (OTT) content service providers in the US and Canada. Netflix alone accounts for 29.7% of the peak downstream traffic in the US in 2011. Understanding the system architectures and performance of Netflix and Hulu ...
An evaluation of dynamic adaptive streaming over HTTP in vehicular environments
MoVid '12: Proceedings of the 4th Workshop on Mobile VideoMPEGs' Dynamic Adaptive Streaming over HTTP (MPEG-DASH) is an emerging standard designed for media delivery over the top of existing infrastructures and able to handle varying bandwidth conditions during a streaming session. This requirement is very ...
Comparison of Tools for Data Mining and Retrieval in High Volume Data Stream
WKDD '09: Proceedings of the 2009 Second International Workshop on Knowledge Discovery and Data MiningApplications querying real time data streams in order to identify trends, patterns, or anomalies can often benefit from comparing the live stream data with archived historical stream data. This is especially true for applications involving live & ...
Comments