Beauty and the Burst

Transcription

1 Beauty and the Burst Remote Identification of Encrypted Video Streams Roei Schuster Cornell Tech, Tel Aviv University Vitaly Shmatikov Cornell Tech Eran Tromer Columbia University, Tel Aviv University

2 Video traffic is interesting

3 Video traffic is encrypted

4 Video traffic is encrypted What can still be learned?

5 Traffic analysis for video identification streaming service victim

6 Traffic analysis for video identification streaming service victim

7 Traffic analysis for video identification streaming service Metadata! packet times, sizes, victim

8 Traffic analysis for video identification streaming service Metadata! packet times, sizes, Victim is watching Beauty and the Beast! victim

9 packet size (bytes) Initial buffering, then on / off bursts time (seconds)

10 packet size (bytes) Initial buffering, then on / off bursts time (seconds)

11 packet size (bytes) Initial buffering, then on / off bursts time (seconds) [RLLTBD 11], [ARNL 12], [MFWS 13],

12 packet size (bytes) Initial buffering, then on / off bursts time (seconds) [RLLTBD 11], [ARNL 12], [MFWS 13], Where do bursts come from?

13 Video representation on server streaming service

14 Video representation on server streaming service

15 Video representation on server Pulp Fiction Die Hard Armageddon streaming service 12 Monkeys The Fifth Element Die Hard II

16 Video representation on server MPEG-DASH standard: widely adopted by Netflix, YouTube, others Die Hard Armageddon Pulp Fiction 12 Monkeys The Fifth Element Die Hard II

17 Video representation on server MPEG-DASH standard: widely adopted by Netflix, YouTube, others Die Hard video stored in segment-files segment1.m4s segment2.m4s segment3.m4s segment4.m4s Armageddon Pulp Fiction 12 Monkeys Die Hard II The Fifth Element

18 Video representation on server MPEG-DASH standard: widely adopted by Netflix, YouTube, others Die Hard segment = a few seconds of playback 0-5sec 5-10sec 10-15sec 15-20sec video stored in segment-files segment1.m4s segment2.m4s segment3.m4s segment4.m4s Armageddon Pulp Fiction 12 Monkeys Die Hard II The Fifth Element

19 DASH client-server interaction (simplified) client server server buffer below threshold? no yes request next segment segment1.m4s segment2.m4s segment3.m4s segment4.m4s segment5.m4s segment6.m4s

20 DASH client-server interaction (simplified) client buffer below threshold? no yes request next segment segment fetched every few seconds server server segment1.m4s segment2.m4s segment3.m4s segment4.m4s segment5.m4s segment6.m4s

21 DASH client-server interaction (simplified) client buffer below threshold? no yes request next segment segment fetched every few seconds fetching causes a traffic burst server server segment1.m4s segment2.m4s segment3.m4s segment4.m4s segment5.m4s segment6.m4s

22 Bitrate (bytes) Variable bit rate encoding Time (seconds) Different video seconds require different amount of bytes to encode Iguana vs. Snakes VBR

23 Phases of Iguana vs Snakes in Bitrate Bitrate (bits per second) scenery, movement, tension rising Time (seconds)

24 Phases of Iguana vs Snakes in Bitrate Bitrate (bits per second) tension peaking, iguana is still Time (seconds)

25 Phases of Iguana vs Snakes in Bitrate Bitrate (bits per second) chase Time (seconds)

26 Phases of Iguana vs Snakes in Bitrate Bitrate (bits per second) chase iguana almost captured Time (seconds)

27 Phases of Iguana vs Snakes in Bitrate Bitrate (bits per second) iguana safe, resting

28 Bitrate (bytes) Variable bit rate encoding Time (seconds) Different video seconds require different amount of bytes to encode Iguana vs. Snakes VBR

29 Variable bit rate variable segment size Die Hard 0-5sec 5-10sec 10-15sec 15-20sec 20-25sec Segment1.m4s Segment2.m4s Segment3.m4s Segment4.m4s Segment5.m4s Pulp Fiction Armageddon 12 Monkeys Die Hard II The Fifth Element

30 burst size (bytes) Variable segment size variable burst size Time (seconds) buffering On/off bursts

31 burst size (bytes) Variable segment size variable burst size Time (seconds) buffering On/off bursts

32 MPEG-DASH leak content VBR pattern segments burst sizes stream time

33 From a leak to a fingerprint burst sizes Does the pattern of burst (segment) sizes uniquely characterize a title? Can we learn a title s identifying pattern? stream time

34 From a leak to a fingerprint burst sizes Does the pattern of burst (segment) sizes uniquely characterize a title? Diversity: empirically measure pairwise distances for 3500 downloaded and segmented YouTube titles Can we learn a title s identifying pattern? stream time

35 From a leak to a fingerprint burst sizes Does the pattern of burst (segment) sizes uniquely characterize a title? Diversity: empirically measure pairwise distances for 3500 downloaded and segmented YouTube titles Can we learn a title s identifying pattern? Consistency: empirically evaluate attacker s measurement error bound stream time

36 From a leak to a fingerprint burst sizes Does the pattern of burst (segment) sizes uniquely characterize a title? Diversity: empirically measure pairwise distances for 3500 downloaded and segmented YouTube titles Can we learn a title s identifying pattern? Consistency: empirically evaluate attacker s measurement error bound stream time ~20% of YouTube titles have fingerprints

37 Attack overview attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys victim network

38 Attack overview attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys victim network

39 Attack overview attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata victim network

40 Attack overview attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata training victim network detectors

41 Attack overview attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata training victim network detectors

42 Attack overview attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata training victim network detectors

43 Attack overview attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata training detectors Victim is watching Armageddon! victim network

44 Attack details attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata training vantage point? victim network detectors

45 Scenario I: on-path attack bursts on-path vantage point Wi-Fi access points, proxies, routers, enterprise or national network censors, ISPs

46 Attack details attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata training machine learning victim network detectors

47 Deep neural networks Very good at learning high-level concepts that are hard to express formally (e.g., traffic traces are similar ) Existing NN architectures very accurate on classification and detection problems

48 Advantages of neural networks Robust: can operate on noisy and coarse measurements Agnostic to protocol-specific attributes (e.g., QUIC vs. TLS) Can learn features other than burst patterns, e.g., arrival patterns of individual packets Can use multiple session representations, train on all at once

49 packet size Features Each feature is a time-series, sampled at 0.25-second intervals (example: bytes per second) time (seconds) Features considered: downstream/upstream/total values of bytes per second, packet per second, average packet length, and burst sizes

50 Attack attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata training neural net On-path attacker victim network detectors

51 Datasets and identification experiments 100 titles minute sessions 18 titles minute sessions sessions of different other titles 10 titles minute sessions 10 titles minute sessions

52 Datasets and identification experiments 100 titles minute sessions 100 classes 18 titles minute sessions sessions of different other titles 10 titles minute sessions 10 titles minute sessions

53 Datasets and identification experiments 100 titles minute sessions 100 classes 18 titles minute sessions sessions of different other titles open-world identification 18+1=19 classes 10 titles minute sessions 10 titles minute sessions

54 Datasets and identification experiments 100 titles minute sessions 100 classes 18 titles minute sessions sessions of different other titles open-world identification 18+1=19 classes 10 titles minute sessions 10 classes 10 titles minute sessions 10 classes

55 Datasets and identification experiments 100 titles minute sessions 100 classes 98.5% accuracy 18 titles minute sessions sessions of different other titles open-world identification 18+1=19 classes 99.5% accuracy 10 titles minute sessions 10 classes 92.5% accuracy 10 titles minute sessions 10 classes 98.6% accuracy

56 Empirical results: confusion matrices YouTube (feature: total burst size) Netflix (feature: total burst size) Predicted label unknown class, 3500 samples Predicted label

57 Empirical results: confusion matrices YouTube (feature: total burst size) Netflix (feature: total burst size) Predicted label Exactly 2 false positives unknown class, 3500 samples Predicted label No recurrent confusions (despite many same-series titles)

58 Tuning for precision YouTube (feature: total burst size) Netflix (feature: total burst size) 0 false positives with recall false positive rate with 0.93 recall

59 Attack details attacker network Die Hard Pulp Fiction Armageddon 12 Monkeys metadata training neural net vantage point? victim network detectors

60 Off-path attackers victim network bursts Wi-Fi access points, proxies, routers, enterprise or national network censors, ISPs on-path vantage point

61 Off-path attackers victim network bursts

62 Off-path attackers victim network bursts A visited webpage? A smartphone app?

63 Off-path attackers victim network bursts Example: A visited webpage? checking Facebook feed while streaming A smartphone Armageddon app?

64 Off-path attackers victim network bursts Example: A visited webpage? checking Facebook feed while streaming A smartphone Armageddon app?

65 Off-path attackers victim network bursts Example: A visited webpage? checking Facebook feed while streaming A smartphone Armageddon app?

66 Off-path attackers victim network bursts Example: A visited webpage? checking Facebook feed while streaming A smartphone Armageddon app? Web ad

67 Off-path attackers victim network bursts Example: A visited webpage? checking Facebook feed while streaming A smartphone Armageddon app? Web ad

68 Off-path attackers victim network bursts Three-fold confinement: different device, browser process, sandboxed iframe Example: A visited webpage? checking Facebook feed while streaming A smartphone Armageddon app? Web ad

69 Cross-device attack viewer Browser neighbor

70 Cross-device attack viewer Browser attacker Web site JavaScript attacker client neighbor

71 Cross-device attack viewer attacker Web site messages Browser JavaScript attacker client neighbor

72 Cross-device attack viewer Congestion attacker Web site messages Browser JavaScript attacker client neighbor

73 Cross-device attack viewer bursts Congestion attacker Web site messages Browser JavaScript attacker client neighbor

74 Cross-device attack viewer bursts Congestion Browser delays attacker Web site messages JavaScript attacker client neighbor

75 Cross-device attack viewer bursts Congestion Browser delays attacker Web site messages JavaScript attacker client Noisy, coarse estimate of actual traffic bursts neighbor

76 Delay-bursts delay (milliseconds) Message delays traffic burst sizes (scaled down) time (seconds)

77 delay (milliseconds) Delay-bursts Message delays traffic burst sizes (scaled down) For each traffic burst, compute aggregate delay induced. Use resulting time-series as input to neural network time (seconds)

78 Delay-bursts vs. traffic bursts delay-bursts time series: the delays induced by traffic bursts

79 1/10 cross-device attack: precision vs. recall Accuracy: false positive rate: 0.003, recall 0.933

80 Cross-device attack viewer Browser attacker Web site JavaScript detector code neighbor

81 Cross-site attack victim PC browser window Streaming client attacker Web site browser window JavaScript detector code

82 Mitigating the DASH leak Modern streaming traffic characteristics Title bitrate pattern unique when sampled at few-seconds granularity Fetching at segment granularity (= every few seconds) Buffer below threshold? no yes fetch next segment Maximizes quality of experience, server load, and network bandwidth utilization However, information leakage is intrinsic

83 Thank you! Further information and the paper: