Identifying HTTPS-Protected Netflix Videos in Real-Time

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
34,253
Researchers at the United States Military Academy at West Point have discovered that despite Netflix recently implementing TLS (HTTPS) encryption on their video streams to protect the privacy of their viewers, they can identify what video people are watching with 99.99% accuracy, using a fingerprint method. The researchers created a fingerprint database of 42,027 encrypted streams using the encrypted metadata contained at the beginning of each mpeg4 stream and were able to use it to identify these streams when played, most in less than two and a half minutes.

This vulnerability highlights the problem of using current TLS encryption techniques when the potential data being encrypted is known. It then becomes a fingerprinting exercise. It is very effective when you don't know what encrypted data is being transferred, but when you can narrow it down to a database of possibilities, and are able to fingerprint what they look like, in the case of Netflix by watching the clips yourself, once encrypted, that database can be used to identify the encrypted data.

We have made our code available at [4]. The rest of our paper is organized as follows. In Section 2, we describe the previous work that we leverage in our paper. In Section 3, we detail our method for obtaining Netflix fingerprints, and we explain our video identification pipeline in Section 4. Section 5 describes our testing and results. Related work is reviewed in Section 6 and suggestions for future work are outlined in Section 7.
 

Grimlaking

2[H]4U
Joined
May 9, 2006
Messages
3,246
So if it's a new stream identifying the stream itself will be harder. So now providers can just throttle all traffic from netflix instead of just video traffic.
 

Azrak

[H]ard|Gawd
Joined
Oct 4, 2015
Messages
1,068
I can see it now...

Comcast email template:
"We noticed that you were streaming the movie "$MOVIENAME" on $DATETIME. Did you know that we offer the same movie with OnDemand for just $3.99 and guarantee that there will be no service interruptions while the movie is playing? Netflix cannot make the same guarantee. Choose Comcast for all of your current movie needs and get the stutter-free streaming movie experience that you deserve!"
 

Seventyfive

[H]ard|Gawd
Joined
Jul 14, 2004
Messages
1,347
Our system identified 99.5% of the videos in less than two and a half minutes into the video stream. 99.8% of the time, Amy Schumer's "The Leather Special" was turned off in less than seven minutes into the video stream

Pretty good research if you ask me
 

Seventyfive

[H]ard|Gawd
Joined
Jul 14, 2004
Messages
1,347
the porn places chop it up into multiple streams....or so i've heard.

I think the fact that it takes 2.5 minutes to identify from the beginning of the stream and most people skip to the end of the stream might also throw them off. ... or so i've heard...
 

Wiffle

Limp Gawd
Joined
Oct 2, 2011
Messages
292
I think people are misreading the bigger message here. This is basically the feds saying "We don't have to break encryption to know what you are doing, we have other ways around it." People will want to sit here and say "Lol who cares if the feds know what I watched on Netflix" but they will be missing the point. If you can obtain information, you have the means to manipulate it as well. Call me a paranoid fool, but more than one person has been thrown in jail because evidence has been falsified by prosecution.

In relation to this:

http://www.cnbc.com/2015/12/10/the-us-postal-service-will-email-scans-of-your-mail-to-you.html

The postal service is in the process of being able to track every single piece of mail that comes into the system. Its fully functional and being offered to employees of certain areas for testing purposes. This is a big deal for those who don't realize it, because until now the USPS has had no reliable way to track letter mail from start to finish. Once its fully rolled out, they will be able to track down mail from up to 90 days i think, as the parcel information is in the system for quite some time so I would assume the letter information would be as well. Could be longer, I haven't fully explored how much info the USPS keeps. Their goal is to have every piece tracked from pick up location to delivery location in real time with GPS data... At some point in the future I would imagine visual data of the pickup/delivery point will be recorded as well.

Not trying to cause a stir, just inform people. You are being watched, by millions of electronic eyes. Assume that anything you do or say may or will be used against you at some point in time.

Welcome to the 21st Century! Please stay on the well marked path, we will know if you step off it...
 

Grimlaking

2[H]4U
Joined
May 9, 2006
Messages
3,246
If you use a VPN service that then uses IP blending for your traffic then they can't tell because the packets coming to you have no netflix pattern.

Just saying.
 

the_servicer

[H]ard|Gawd
Joined
Aug 16, 2013
Messages
1,995
So would this change if Netflix would intentionally alter the stream's metadata? Even the smallest change to a normal file will dramatically change that file's sha256sum result. So my conjecture is that Netflix could create new metadata each time a movie is streamed. The content of that field would be tiny and somewhat randomly generated, but enough to mess up the hash. If this occurs once every few seconds during a stream then maybe it would be enough to make detection harder.

I could be way off but it's just an idea.
 
Top