Evaluating VPN Defenses Against Video Fingerprinting: A Case Study of DAITA

Abstract

Virtual Private Networks aim to obfuscate and hide the user’s internet traffic by encrypting it and rerouting it through the service providers own servers. This is no longer enough since by examining the frequency and size of the packets sent over the network, an attacker can with the help of a database of fingerprinted videos from different streaming services correctly identify which video is being streamed, despite a VPN connection being active. The VPN company Mullvad has developed a feature called DAITA for their service aiming to solve this issue through various methods. In this paper, a type of fingerprinting attack on video data that was developed by the authors of “Endangered Privacy: Large-Scale Monitoring of Video Streaming Services” is used. The attack exploits the information leak of modern video streaming protocols which are patterns that are referred to as “bursts”. These bursts are unique and can be mapped to fingerprints of specific videos. This paper aims to examine how the DAITA feature and other defensive measures affect the given video fingerprinting attack’s performance and evaluate the data derived from the tests of the attack on these different protections. We find that the attack works against the regular use of VPN as expected, and that the padding of packets is not what breaks the attack. The attack will still work so long as the traffic is translatable into bursts and similar enough to the fingerprints. When a VPN connection with DAITA enabled has a defense active that is able to disrupt the traffic pattern enough to confuse the bursts from the fingeprints, the attack fails. However, we show that DAITA does not always break the attack.