Wednesday April 12, 2017

Identifying HTTPS-Protected Netflix Videos in Real-Time

Researchers at the United States Military Academy at West Point have discovered that despite Netflix recently implementing TLS (HTTPS) encryption on their video streams to protect the privacy of their viewers, they can identify what video people are watching with 99.99% accuracy, using a fingerprint method. The researchers created a fingerprint database of 42,027 encrypted streams using the encrypted metadata contained at the beginning of each mpeg4 stream and were able to use it to identify these streams when played, most in less than two and a half minutes.

This vulnerability highlights the problem of using current TLS encryption techniques when the potential data being encrypted is known. It then becomes a fingerprinting exercise. It is very effective when you don't know what encrypted data is being transferred, but when you can narrow it down to a database of possibilities, and are able to fingerprint what they look like, in the case of Netflix by watching the clips yourself, once encrypted, that database can be used to identify the encrypted data.

News Image

We have made our code available at [4]. The rest of our paper is organized as follows. In Section 2, we describe the previous work that we leverage in our paper. In Section 3, we detail our method for obtaining Netflix fingerprints, and we explain our video identification pipeline in Section 4. Section 5 describes our testing and results. Related work is reviewed in Section 6 and suggestions for future work are outlined in Section 7.