short-paper

Identifying HTTPS-Protected Netflix Videos in Real-Time

Authors:

Michael KranchAuthors Info & Claims

CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy

Pages 361 - 368

https://doi.org/10.1145/3029806.3029821

Published: 22 March 2017 Publication History

Abstract

After more than a year of research and development, Netflix recently upgraded their infrastructure to provide HTTPS encryption of video streams in order to protect the privacy of their viewers. Despite this upgrade, we demonstrate that it is possible to accurately identify Netflix videos from passive traffic capture in real-time with very limited hardware requirements. Specifically, we developed a system that can report the Netflix video being delivered by a TCP connection using only the information provided by TCP/IP headers. To support our analysis, we created a fingerprint database comprised of 42,027 Netflix videos. Given this collection of fingerprints, we show that our system can differentiate between videos with greater than 99.99% accuracy. Moreover, when tested against 200 random 20-minute video streams, our system identified 99.5% of the videos with the majority of the identifications occurring less than two and a half minutes into the video stream.

References

[1]

J. L. Bentley. Multidimensional Binary Search Trees Used for Associative Searching. In Communications of the ACM, September 1975.

Digital Library

[2]

DOM Standard, https://dom.spec.whatwg.org/.

[3]

S. Englehardt and A. Narayanan. Online Tracking: A 1-Million-Site Measurement and Analysis. In ACM Conference on Computer and Communications Security, 2016.

Digital Library

[4]

GitHub Repository, https://github.com/andrewreed.

[5]

ISO/IEC 14496--12:2012, http://standards.iso.org/ittf/ PubliclyAvailableStandards/c061988_ISO_IEC_14496--12_2012.zip.

[6]

Microsoft Silverlight, https://www.microsoft.com/silverlight.

[7]

mitmproxy, https://mitmproxy.org.

[8]

Netflix has tons of hidden categories -- here's how to see them, http://mashable.com/2016/01/11/netflix-search-codes.

[9]

The Netflix Tech Blog: Protecting Netflix Viewing Privacy at Scale, http://techblog.netflix.com/2016/08/protecting-netflix-viewing-privacy-at.html.

[10]

A. Reed and B. Klimkowski. Leaky Streams: Identifying Variable Bitrate DASH Videos Streamed over Encrypted 802.11n Connections. In IEEE Consumer Communications and Networking Conference, 2016.

[11]

Sandvine Report: Netflix's Encoding Optimizations Result In North American Traffic Share Decline, https://www.sandvine.com/pr/2016/6/22/sandvine-report-netflix-encoding-optimizations-result-in-north-american-traffic-share-decline.html.

[12]

T. S. Saponas, J. Lester, C. Hartung, S. Agarwal, and T. Kohno. Devices that Tell on You: Privacy Trends in Consumer Ubiquitous Computing. In USENIX Security Symposium, 2007.

Digital Library

[13]

Selenium, http://www.seleniumhq.org.

[14]

J. Terrell, K. Jeffay, F. D. Smith, J. Gogan, and J. Keller. Passive, Streaming Inference of TCP Connection Structure for Network Server Management. In IEEE International Traffic Monitoring and Analysis Workshop, 2009.

Digital Library

[15]

A. White, A. Matthews, K. Snow, and F. Monrose. Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks. In IEEE Symposium on Security and Privacy, 2011.

Digital Library

[16]

J. Zhang, X. Chen, Y. Xiang, W. Zhou, and J. Wu. Robust Network Traffic Classification. In IEEE/ACM Transactions on Networking, August 2015.

Digital Library

Cited By

Carlson AHasselquist DWitwer EJohansson NCarlsson NAyday EVaidya J(2024)Understanding and Improving Video Fingerprinting Attack Accuracy under Challenging ConditionsProceedings of the 23rd Workshop on Privacy in the Electronic Society10.1145/3689943.3695045(141-154)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689943.3695045
Ginige YDahanayaka TSeneviratne S(2024)TrafficGPT: An LLM Approach for Open-Set Encrypted Traffic ClassificationProceedings of the Asian Internet Engineering Conference 202410.1145/3674213.3674217(26-35)Online publication date: 9-Aug-2024
https://dl.acm.org/doi/10.1145/3674213.3674217
Smolovic PDahanayaka TThilakarathna K(2024)TripletViNet: Mitigating Misinformation Video Spread Across PlatformsProceedings of the 1st Workshop on Security-Centric Strategies for Combating Information Disorder10.1145/3660512.3665519(1-12)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3660512.3665519
Show More Cited By

Index Terms

Identifying HTTPS-Protected Netflix Videos in Real-Time
1. Security and privacy

Recommendations

Measurement study of Netflix, Hulu, and a tale of three CDNs

Netflix and Hulu are leading Over-the-Top (OTT) content service providers in the US and Canada. Netflix alone accounts for 29.7% of the peak downstream traffic in the US in 2011. Understanding the system architectures and performance of Netflix and Hulu ...
An evaluation of dynamic adaptive streaming over HTTP in vehicular environments
MoVid '12: Proceedings of the 4th Workshop on Mobile Video

MPEGs' Dynamic Adaptive Streaming over HTTP (MPEG-DASH) is an emerging standard designed for media delivery over the top of existing infrastructures and able to handle varying bandwidth conditions during a streaming session. This requirement is very ...
Comparison of Tools for Data Mining and Retrieval in High Volume Data Stream
WKDD '09: Proceedings of the 2009 Second International Workshop on Knowledge Discovery and Data Mining

Applications querying real time data streams in order to identify trends, patterns, or anomalies can often benefit from comparing the live stream data with archived historical stream data. This is especially true for applications involving live & ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '17: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy

March 2017

382 pages

ISBN:9781450345231

DOI:10.1145/3029806

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Alexander Pretschner
Technische Universität München, Germany
,
Gabriel Ghinita
University of Massachusetts Boston, USA

Copyright © 2017 Public Domain.

This paper is authored by an employee(s) of the United States Government and is in the public domain. Non-exclusive copying or redistribution is allowed, provided that the article citation is given and the authors and agency are clearly identified as its source.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Poster

Author Tags

Qualifiers

Short-paper

Conference

CODASPY '17

Sponsor:

SIGSAC

CODASPY '17: Seventh ACM Conference on Data and Application Security and Privacy

March 22 - 24, 2017

Arizona, Scottsdale, USA

Acceptance Rates

CODASPY '17 Paper Acceptance Rate 21 of 134 submissions, 16%;

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

59
Total Citations
View Citations
1,303
Total Downloads

Downloads (Last 12 months)82
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Carlson AHasselquist DWitwer EJohansson NCarlsson NAyday EVaidya J(2024)Understanding and Improving Video Fingerprinting Attack Accuracy under Challenging ConditionsProceedings of the 23rd Workshop on Privacy in the Electronic Society10.1145/3689943.3695045(141-154)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689943.3695045
Ginige YDahanayaka TSeneviratne S(2024)TrafficGPT: An LLM Approach for Open-Set Encrypted Traffic ClassificationProceedings of the Asian Internet Engineering Conference 202410.1145/3674213.3674217(26-35)Online publication date: 9-Aug-2024
https://dl.acm.org/doi/10.1145/3674213.3674217
Smolovic PDahanayaka TThilakarathna K(2024)TripletViNet: Mitigating Misinformation Video Spread Across PlatformsProceedings of the 1st Workshop on Security-Centric Strategies for Combating Information Disorder10.1145/3660512.3665519(1-12)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3660512.3665519
Zhao YWu HChen LLiu SCheng GHu XRizk AVega M(2024)Identifying Video Resolution from Encrypted QUIC Streams in Segment-combined Transmission ScenariosProceedings of the 34th edition of the Workshop on Network and Operating System Support for Digital Audio and Video10.1145/3651863.3651883(50-56)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3651863.3651883
Walsh TThomas TBarton A(2024)Exploring the Capabilities and Limitations of Video Stream Fingerprinting2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00008(28-39)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00008
Hu NWu HZhao HNi SCheng G(2024)Breaking Through the Diversity: Encrypted Video Identification Attack Based on QUIC FeaturesComputer Security – ESORICS 202410.1007/978-3-031-70903-6_9(166-186)Online publication date: 5-Sep-2024
https://doi.org/10.1007/978-3-031-70903-6_9
de Carné de Carnavalet Xvan Oorschot P(2023)A Survey and Analysis of TLS Interception Mechanisms and Motivations: Exploring how end-to-end TLS is made “end-to-me” for web trafficACM Computing Surveys10.1145/358052255:13s(1-40)Online publication date: 13-Jul-2023
https://dl.acm.org/doi/10.1145/3580522
Wu HLi XWang GCheng GHu X(2023)Resolution Identification of Encrypted Video Streaming Based on HTTP/2 FeaturesACM Transactions on Multimedia Computing, Communications, and Applications10.1145/355189119:2(1-23)Online publication date: 6-Feb-2023
https://dl.acm.org/doi/10.1145/3551891
Gansekoele ABot Tvan der Mei RBhulai SHoogendoorn M(2023)Unveiling the Potential: Harnessing Deep Metric Learning to Circumvent Video Streaming Encryption2023 IEEE International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT)10.1109/WI-IAT59888.2023.00028(163-170)Online publication date: 26-Oct-2023
https://doi.org/10.1109/WI-IAT59888.2023.00028
Sun ZShmatikov V(2023)Telepath: A Minecraft-based Covert Communication System2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179335(2223-2237)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179335
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents