short-paper

Identifying HTTPS-Protected Netflix Videos in Real-Time

Authors:

Andrew Reed and

Michael KranchAuthors Info & Claims

CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy

March 2017

Pages 361 - 368

https://doi.org/10.1145/3029806.3029821

Published: 22 March 2017 Publication History

Abstract

After more than a year of research and development, Netflix recently upgraded their infrastructure to provide HTTPS encryption of video streams in order to protect the privacy of their viewers. Despite this upgrade, we demonstrate that it is possible to accurately identify Netflix videos from passive traffic capture in real-time with very limited hardware requirements. Specifically, we developed a system that can report the Netflix video being delivered by a TCP connection using only the information provided by TCP/IP headers. To support our analysis, we created a fingerprint database comprised of 42,027 Netflix videos. Given this collection of fingerprints, we show that our system can differentiate between videos with greater than 99.99% accuracy. Moreover, when tested against 200 random 20-minute video streams, our system identified 99.5% of the videos with the majority of the identifications occurring less than two and a half minutes into the video stream.

References

[1]

J. L. Bentley. Multidimensional Binary Search Trees Used for Associative Searching. In Communications of the ACM, September 1975.

Digital Library

[2]

DOM Standard, https://dom.spec.whatwg.org/.

[3]

S. Englehardt and A. Narayanan. Online Tracking: A 1-Million-Site Measurement and Analysis. In ACM Conference on Computer and Communications Security, 2016.

Digital Library

[4]

GitHub Repository, https://github.com/andrewreed.

[5]

ISO/IEC 14496--12:2012, http://standards.iso.org/ittf/ PubliclyAvailableStandards/c061988_ISO_IEC_14496--12_2012.zip.

[6]

Microsoft Silverlight, https://www.microsoft.com/silverlight.

[7]

mitmproxy, https://mitmproxy.org.

[8]

Netflix has tons of hidden categories -- here's how to see them, http://mashable.com/2016/01/11/netflix-search-codes.

[9]

The Netflix Tech Blog: Protecting Netflix Viewing Privacy at Scale, http://techblog.netflix.com/2016/08/protecting-netflix-viewing-privacy-at.html.

[10]

A. Reed and B. Klimkowski. Leaky Streams: Identifying Variable Bitrate DASH Videos Streamed over Encrypted 802.11n Connections. In IEEE Consumer Communications and Networking Conference, 2016.

[11]

Sandvine Report: Netflix's Encoding Optimizations Result In North American Traffic Share Decline, https://www.sandvine.com/pr/2016/6/22/sandvine-report-netflix-encoding-optimizations-result-in-north-american-traffic-share-decline.html.

[12]

T. S. Saponas, J. Lester, C. Hartung, S. Agarwal, and T. Kohno. Devices that Tell on You: Privacy Trends in Consumer Ubiquitous Computing. In USENIX Security Symposium, 2007.

Digital Library

[13]

Selenium, http://www.seleniumhq.org.

[14]

J. Terrell, K. Jeffay, F. D. Smith, J. Gogan, and J. Keller. Passive, Streaming Inference of TCP Connection Structure for Network Server Management. In IEEE International Traffic Monitoring and Analysis Workshop, 2009.

Digital Library

[15]

A. White, A. Matthews, K. Snow, and F. Monrose. Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks. In IEEE Symposium on Security and Privacy, 2011.

Digital Library

[16]

J. Zhang, X. Chen, Y. Xiang, W. Zhou, and J. Wu. Robust Network Traffic Classification. In IEEE/ACM Transactions on Networking, August 2015.

Digital Library

Cited By

Zhao YWu HChen LLiu SCheng GHu XRizk AVega M(2024)Identifying Video Resolution from Encrypted QUIC Streams in Segment-combined Transmission ScenariosProceedings of the 34th edition of the Workshop on Network and Operating System Support for Digital Audio and Video10.1145/3651863.3651883(50-56)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3651863.3651883
de Carné de Carnavalet Xvan Oorschot P(2023)A Survey and Analysis of TLS Interception Mechanisms and Motivations: Exploring how end-to-end TLS is made “end-to-me” for web trafficACM Computing Surveys10.1145/358052255:13s(1-40)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3580522
Wu HLi XWang GCheng GHu X(2023)Resolution Identification of Encrypted Video Streaming Based on HTTP/2 FeaturesACM Transactions on Multimedia Computing, Communications, and Applications10.1145/355189119:2(1-23)Online publication date: 6-Feb-2023
https://dl.acm.org/doi/10.1145/3551891
Show More Cited By

Index Terms

Identifying HTTPS-Protected Netflix Videos in Real-Time
1. Security and privacy

Recommendations

Measurement study of Netflix, Hulu, and a tale of three CDNs

Netflix and Hulu are leading Over-the-Top (OTT) content service providers in the US and Canada. Netflix alone accounts for 29.7% of the peak downstream traffic in the US in 2011. Understanding the system architectures and performance of Netflix and Hulu ...
Read More
An evaluation of dynamic adaptive streaming over HTTP in vehicular environments
MoVid '12: Proceedings of the 4th Workshop on Mobile Video

MPEGs' Dynamic Adaptive Streaming over HTTP (MPEG-DASH) is an emerging standard designed for media delivery over the top of existing infrastructures and able to handle varying bandwidth conditions during a streaming session. This requirement is very ...
Read More
Comparison of Tools for Data Mining and Retrieval in High Volume Data Stream
WKDD '09: Proceedings of the 2009 Second International Workshop on Knowledge Discovery and Data Mining

Applications querying real time data streams in order to identify trends, patterns, or anomalies can often benefit from comparing the live stream data with archived historical stream data. This is especially true for applications involving live & ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy

March 2017

382 pages

ISBN:9781450345231

DOI:10.1145/3029806

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Alexander Pretschner
Technische Universität München, Germany
,
Gabriel Ghinita
University of Massachusetts Boston, USA

Copyright © 2017 Public Domain.

This paper is authored by an employee(s) of the United States Government and is in the public domain. Non-exclusive copying or redistribution is allowed, provided that the article citation is given and the authors and agency are clearly identified as its source.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Poster

Author Tags

Qualifiers

Short-paper

Conference

CODASPY '17

Sponsor:

SIGSAC

CODASPY '17: Seventh ACM Conference on Data and Application Security and Privacy

March 22 - 24, 2017

Arizona, Scottsdale, USA

Acceptance Rates

CODASPY '17 Paper Acceptance Rate 21 of 134 submissions, 16%;

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

53
Total Citations
View Citations
1,283
Total Downloads

Downloads (Last 12 months)96
Downloads (Last 6 weeks)7

Other Metrics

View Author Metrics

Citations

Cited By

Zhao YWu HChen LLiu SCheng GHu XRizk AVega M(2024)Identifying Video Resolution from Encrypted QUIC Streams in Segment-combined Transmission ScenariosProceedings of the 34th edition of the Workshop on Network and Operating System Support for Digital Audio and Video10.1145/3651863.3651883(50-56)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3651863.3651883
de Carné de Carnavalet Xvan Oorschot P(2023)A Survey and Analysis of TLS Interception Mechanisms and Motivations: Exploring how end-to-end TLS is made “end-to-me” for web trafficACM Computing Surveys10.1145/358052255:13s(1-40)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3580522
Wu HLi XWang GCheng GHu X(2023)Resolution Identification of Encrypted Video Streaming Based on HTTP/2 FeaturesACM Transactions on Multimedia Computing, Communications, and Applications10.1145/355189119:2(1-23)Online publication date: 6-Feb-2023
https://dl.acm.org/doi/10.1145/3551891
Gansekoele ABot Tvan der Mei RBhulai SHoogendoorn M(2023)Unveiling the Potential: Harnessing Deep Metric Learning to Circumvent Video Streaming Encryption2023 IEEE International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT)10.1109/WI-IAT59888.2023.00028(163-170)Online publication date: 26-Oct-2023
https://doi.org/10.1109/WI-IAT59888.2023.00028
Sun ZShmatikov V(2023)Telepath: A Minecraft-based Covert Communication System2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179335(2223-2237)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179335
Yang LWang YFu SLiu LLuo Y(2023)EVS2vec: A Low-dimensional Embedding Method for Encrypted Video Stream Analysis2023 20th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)10.1109/SECON58729.2023.10287432(537-545)Online publication date: 11-Sep-2023
https://doi.org/10.1109/SECON58729.2023.10287432
Essa MSabah HAbosinnee AImran TAl-Jawahry H(2023)Distributed Cache Performance Improvement Middleware Session2023 6th International Conference on Engineering Technology and its Applications (IICETA)10.1109/IICETA57613.2023.10351207(313-317)Online publication date: 15-Jul-2023
https://doi.org/10.1109/IICETA57613.2023.10351207
Björklund MJulin MAntonsson PStenwreth AÅkvist MHjalmarsson TDuvignau R(2023)I See What You're Watching on Your Streaming Service: Fast Identification of DASH Encrypted Network Traces2023 IEEE 20th Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51644.2023.10060390(1116-1122)Online publication date: 8-Jan-2023
https://doi.org/10.1109/CCNC51644.2023.10060390
Afandi WBukhari SKhan MMaqsood TFayyaz MAnsari ANawaz R(2023)Explainable YouTube Video Identification Using Sufficient Input SubsetsIEEE Access10.1109/ACCESS.2023.326156211(33178-33188)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3261562
Hoque MFinley BRao AKumar AHui PAmmar MTarkoma S(2023)Context-driven encrypted multimedia traffic classification on mobile devicesPervasive and Mobile Computing10.1016/j.pmcj.2022.10173788:COnline publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.pmcj.2022.101737
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents