Beauty and the Burst: Remote Identification of Encrypted Video Streams

Website Maintenance Alert

Due to scheduled maintenance, the USENIX website will not be available on Tuesday, December 17, from 10:00 am to 2:00 pm Pacific Daylight Time (UTC -7). We apologize for the inconvenience.

If you are trying to register for Enigma 2020, please complete your registration before or after this time period.

Authors: 

Roei Schuster, Tel Aviv University, Cornell Tech; Vitaly Shmatikov, Cornell Tech; Eran Tromer, Tel Aviv University, Columbia University

Abstract: 

The MPEG-DASH streaming video standard contains an information leak: even if the stream is encrypted, the segmentation prescribed by the standard causes content-dependent packet bursts. We show that many video streams are uniquely characterized by their burst patterns, and classifiers based on convolutional neural networks can accurately identify these patterns given very coarse network measurements. We demonstrate that this attack can be performed even by a Web attacker who does not directly observe the stream, e.g., a JavaScript ad confined in a Web browser on a nearby machine.

Note: This video recording for this paper was removed due to a copyright claim against some of the content in this presentation.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {203850,
author = {Roei Schuster and Vitaly Shmatikov and Eran Tromer},
title = {Beauty and the Burst: Remote Identification of Encrypted Video Streams},
booktitle = {26th {USENIX} Security Symposium ({USENIX} Security 17)},
year = {2017},
isbn = {978-1-931971-40-9},
address = {Vancouver, BC},
pages = {1357--1374},
url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/schuster},
publisher = {{USENIX} Association},
month = aug,
}