Endangered Privacy: Identification of VPN-protected Video Streams At Scale

Abstract

Despite the widespread adoption of HTTPS for enhanced web privacy, encrypted network traffic may still leave traces that can lead to privacy breaches. One such case concerns MPEG-DASH, one of the most popular protocols for video streaming, where video identification attacks have exploited the protocol’s side-channel vulnerabilities. As shown by several works in recent years, despite HTTPS protection, the distinctive traffic patterns generated by DASH’s adaptive bitrate streaming reveal streamed content despite encryption. However, these earlier studies have not shown that the vulnerability can still be exploited in large-scale attack scenarios and when the target is using privacy-preserving measures such as Virtual Private Networks (VPNs). To that end, this work presents a robust recognition system capable of identifying video streams even in the presence of a VPN or even when the attacker lacks network access; and demonstrates the attack over the largest dataset to date with a database exceeding 45,000 videos. By leveraging a combination of k-d tree search and time series methods, our protocol-agnostic framework surpasses all existing methods and achieves over 99.5% accuracy in real-time video stream recognition, even in noisy environments. We complement our work with an analysis of the vulnerability root cause when using adaptive bitrate streaming and propose a mitigation strategy to stand against such vulnerabilities. Since large-scale video identification can compromise user privacy and enable potential mass surveillance of video services, we release our tools and datasets to foster awareness and prompt timely solutions within the video streaming ecosystem to address these privacy concerns effectively.