research-article

CSI: inferring mobile ABR video adaptation behavior under HTTPS and QUIC

Authors:
Shichang Xu

University of Michigan

University of Michigan
View Profile

,
Subhabrata Sen

Research

Research
View Profile

,
Z. Morley Mao

University of Michigan

University of Michigan
View Profile

EuroSys '20: Proceedings of the Fifteenth European Conference on Computer SystemsApril 2020Article No.: 33Pages 1–16https://doi.org/10.1145/3342195.3387558

Published:17 April 2020Publication History

EuroSys '20: Proceedings of the Fifteenth European Conference on Computer Systems

Pages 1–16

ABSTRACT

Mobile video streaming services have widely adopted Adaptive Bitrate (ABR) streaming to dynamically adapt the streaming quality to variable network conditions. A wide range of third-party entities such as network providers and testing services need to understand such adaptation behavior for purposes such as QoE monitoring and network management. The traditional approach involved conducting test runs and analyzing the HTTP-level information from the associated network traffic to understand the adaptation behavior under different network conditions. However, end-to-end traffic encryption protocols such as HTTPS and QUIC are being increasingly used by streaming services, hindering such traditional traffic analysis approaches.

To address this, we develop CSI (Chunk Sequence Inferencer), a general system that enables third-parties to conduct active measurements and infer mobile ABR video adaptation behavior based on packet size and timing information still available in the encrypted traffic. We perform extensive evaluations and demonstrate that CSI achieves high inference accuracy for video encodings of popular streaming services covering various ABR system designs. As an illustration, for a popular mobile video service, we show that CSI can effectively help understand the video QoE implications of network traffic shaping policies and develop optimized policies, even in the presence of encryption.

References

[n.d.]. Big Buck Bunny. https://peach.blender.org/.Google Scholar
[n.d.]. Chrome Devtools. https://developers.google.com/web/tools/chrome-devtools/.Google Scholar
[n.d.]. draft-ietf-quic-tls-13 - Using Transport Layer Security (TLS) to Secure QUIC. https://tools.ietf.org/html/draft-ietf-quic-tls-13.Google Scholar
[n.d.]. FFmpeg. http://ffmpeg.org.Google Scholar
[n.d.]. Firefox Developer Tools. https://developer.mozilla.org/en-US/docs/Tools.Google Scholar
[n.d.]. GOCR. http://jocr.sourceforge.net/.Google Scholar
[n.d.]. google/ExoPlayer: An extensible media player for Android. https://github.com/google/exoplayer.Google Scholar
[n.d.]. google/shaka-player: JavaScript player library / DASH client / MSE-EME player. https://github.com/google/shaka-player.Google Scholar
[n.d.]. HBO Now Terms of Use. https://play.hbonow.com/terms.Google Scholar
[n.d.]. Hulu Terms of Use. https://secure.hulu.com/terms.Google Scholar
[n.d.]. Man-in-the-middle attack. https://en.wikipedia.org/wiki/Man-in-the-middle_attack.Google Scholar
[n.d.]. MP4Box: GPAC multimedia packager. https://gpac.wp.imt.fr/mp4box/.Google Scholar
[n.d.]. Netflix Terms of Use. https://help.netflix.com/legal/termsofuse.Google Scholar
[n.d.]. Optimized shot-based encodes: Now Streaming! https://medium.com/netflix-techblog/optimized-shot-based-encodes-now-streaming-4b9464204830.Google Scholar
[n.d.]. Per-Title Encode Optimization. https://medium.com/netflix-techblog/per-title-encode-optimization-7e99442b62a2.Google Scholar
[n.d.]. Quick Start Guide to Using Cronet. https://chromium.googlesource.com/chromium/src/+/master/components/cronet.Google Scholar
[n.d.]. RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2. https://tools.ietf.org/html/rfc5246.Google Scholar
[n.d.]. RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3. https://tools.ietf.org/html/rfc8446#section-5.4.Google Scholar
[n.d.]. Squid web proxy SSL bump feature. https://wiki.squid-cache.org/Features/SslBump.Google Scholar
[n.d.]. SSL MITM Proxy. https://crypto.stanford.edu/ssl-mitm/.Google Scholar
[n.d.]. Stream More Video, Use Less Data with Stream Saver - AT&T. https://www.att.com/offers/streamsaver.html.Google Scholar
[n.d.]. Tesseract OCR. https://github.com/tesseract-ocr/tesseract.Google Scholar
[n.d.]. Test patterns | Netflix. https://www.netflix.com/title/80018499.Google Scholar
[n.d.]. UI Automator. https://developer.android.com/training/testing/ui-automator.Google Scholar
[n.d.]. UI Automator. https://linux.die.net/man/8/tc-tbf.Google Scholar
[n.d.]. Why is it so hard to "root" a smartphone? https://www.androidcentral.com/why-it-so-hard-root-smartphone.Google Scholar
[n.d.]. Why you shouldn't root your Android phone. https://www.howtogeek.com/132115/the-case-against-root-why-android-devices-dont-come-rooted/.Google Scholar
[n.d.]. Youtube brings us stats for nerds. http://tubularinsights.com/youtube-stats-for-nerds/.Google Scholar
[n.d.]. Youtube Data API. https://developers.google.com/youtube/v3/.Google Scholar
[n.d.]. youtube-dl: Download videos from YouTube. https://rg3.github.io/youtube-dl/.Google Scholar
2012. ISO/IEC 23009-1, Information technology - Dynamic adaptive streaming over HTTP (DASH). http://standards.iso.org/ittf/PubliclyAvailableStandards/c057623_ISO_IEC_23009-1_2012.zip.Google Scholar
2016. ExoPlayer 2 - Why, what and when? https://medium.com/google-exoplayer/exoplayer-2-x-why-what-and-when-74fd9cb139.Google Scholar
2016. ExoPlayer from the other side. https://medium.com/google-exoplayer/exoplayer-from-the-other-side-5909553abae2.Google Scholar
2016. Protecting Netflix Viewing Privacy at Scale. https://medium.com/netflix-techblog/protecting-netflix-viewing-privacy-at-scale-39c675d88f45.Google Scholar
2016. WhatsApp For Android Devices. https://tech.blorge.com/2016/09/23/whatsapp-2-16-274-download-available/-android-devices-new-emojis/155538.Google Scholar
2016. YouTube's road to HTTPS. https://youtube-eng.googleblog.com/2016/08/youtubes-road-to-https.html.Google Scholar
2017. Android Network Security Configuration. https://developer.android.com/training/articles/security-config.html.Google Scholar
2017. App share of total mobile minutes in leading online markets. https://www.statista.com/statistics/692752/app-share-of-mobile-minutes-countries/.Google Scholar
2017. Building Periscope for Android. http://nerds.airbnb.com/building-periscope-for-android/.Google Scholar
2017. Cisco Visual Networking Index: Forecast and Methodology, 2016-2021. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/mobile-white-paper-c11-520862.html.Google Scholar
2017. Openwave Mobility Mobile Video Index, Dec 2017. https://owmobility.com/whitepapers/.Google Scholar
2017. The 2017 U.S. Mobile App Report. https://www.comscore.com/Insights/Presentations-and-Whitepapers/2017/The-2017--US-Mobile-App-Report.Google Scholar
2018. IETF QUIC working group. https://datatracker.ietf.org/wg/quic.Google Scholar
2018. Mobile App versus Mobile Website Statistics. https://jmango360.com/wiki/mobile-app-vs-mobile-website-statistics/.Google Scholar
Saamer Akhshabi, Ali C Begen, and Constantine Dovrolis. 2011. An experimental evaluation of rate-adaptation algorithms in adaptive streaming over HTTP. In Proceedings of the second annual ACM conference on Multimedia systems. ACM, 157--168.Google ScholarDigital Library
Johanna Amann, Oliver Gasser, Quirin Scheitle, Lexi Brent, Georg Carle, and Ralph Holz. 2017. Mission accomplished?: HTTPS security after diginotar. In Proceedings of the 2017 Internet Measurement Conference. ACM, 325--340.Google ScholarDigital Library
Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. 2012. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 605--616.Google ScholarDigital Library
Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer, and contributors. 2010--. mitmproxy: A free and open source interactive HTTPS proxy. https://mitmproxy.org/ [Version 4.0].Google Scholar
Scott E Coull and Kevin P Dyer. 2014. Traffic analysis of encrypted messaging services: Apple imessage and beyond. ACM SIGCOMM Computer Communication Review 44, 5 (2014), 5--11.Google ScholarDigital Library
Jan De Cock, Aditya Mavlankar, Anush Moorthy, and Anne Aaron. 2016. A large-scale video codec comparison of x264, x265 and libvpx for practical VOD applications. In Applications of Digital Image Processing XXXIX, Vol. 9971. International Society for Optics and Photonics, 997116.Google Scholar
Edsger W Dijkstra. 1959. A note on two problems in connexion with graphs. Numerische mathematik 1, 1 (1959), 269--271.Google Scholar
Giorgos Dimopoulos, Ilias Leontiadis, Pere Barlet-Ros, and Konstantina Papagiannaki. 2016. Measuring video QoE from encrypted traffic. In Proceedings of the 2016 Internet Measurement Conference. ACM, 513--526.Google ScholarDigital Library
Kevin P Dyer, Scott E Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-boo, i still see you: Why efficient traffic analysis countermeasures fail. In Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 332--346.Google ScholarDigital Library
Tobias Flach, Pavlos Papageorge, Andreas Terzis, Luis Pedrosa, Yuchung Cheng, Tayeb Karim, Ethan Katz-Bassett, and Ramesh Govindan. 2016. An Internet-wide analysis of traffic policing. In Proceedings of the 2016 ACM SIGCOMM Conference. ACM, 468--482.Google ScholarDigital Library
Jiaxi Gu, Jiliang Wang, Zhiwen Yu, and Kele Shen. 2018. Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming. In INFOCOM 2018-IEEE Conference on Computer Communications, IEEE. IEEE.Google Scholar
Jian He, Mubashir Adnan Qureshi, Lili Qiu, Jin Li, Feng Li, and Lei Han. 2018. Favor: fine-grained video rate adaptation. In MMSys.Google Scholar
Te-Yuan Huang, Nikhil Handigol, Brandon Heller, Nick McKeown, and Ramesh Johari. 2012. Confused, timid, and unstable: picking a video streaming rate is hard. In Proceedings of the 2012 ACM conference on Internet measurement conference. ACM, 225--238.Google ScholarDigital Library
Te-Yuan Huang, Ramesh Johari, Nick McKeown, Matthew Trunnell, and Mark Watson. 2015. A buffer-based approach to rate adaptation: Evidence from a large video streaming service. ACM SIGCOMM Computer Communication Review 44, 4 (2015), 187--198.Google ScholarDigital Library
Alfonso Iacovazzi, Andrea Baiocchi, and Ludovico Bettini. 2013. What are you Googling?-Inferring search type information through a statistical classifier. In Global Communications Conference (GLOBECOM), 2013 IEEE. IEEE, 747--753.Google ScholarCross Ref
Junchen Jiang, Vyas Sekar, and Hui Zhang. 2014. Improving fairness, efficiency, and stability in http-based adaptive video streaming with festive. IEEE/ACM Transactions on Networking (TON) 22, 1 (2014), 326--340.Google ScholarDigital Library
Arash Molavi Kakhki, Samuel Jero, David Choffnes, Cristina Nita-Rotaru, and Alan Mislove. 2017. Taking a long look at QUIC: an approach for rigorous evaluation of rapidly evolving transport protocols. In Proceedings of the 2017 Internet Measurement Conference. ACM, 290--303.Google ScholarDigital Library
Arash Molavi Kakhki, Fangfan Li, David Choffnes, Ethan Katz-Bassett, and Alan Mislove. 2016. Bingeon under the microscope: Understanding T-Mobiles zero-rating implementation. In Proceedings of the 2016 workshop on QoE-based Analysis and Management of Data Communication Networks. ACM, 43--48.Google ScholarDigital Library
Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier, and Srinivas Devadas. 2015. Circuit fingerprinting attacks: Passive deanonymization of tor hidden services. In 24th USENIX Security Symposium (USENIX Security 15).Google ScholarDigital Library
TV Lakshman, Antonio Ortega, and Amy R Reibman. 1998. VBR video: Tradeoffs and potentials. Proc. IEEE (1998).Google Scholar
Adam Langley, Alistair Riddoch, Alyssa Wilk, Antonio Vicente, Charles Krasic, Dan Zhang, Fan Yang, Fedor Kouranov, Ian Swett, Janardhan Iyengar, et al. 2017. The QUIC transport protocol: Design and Internet-scale deployment. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. ACM, 183--196.Google ScholarDigital Library
Tarun Mangla, Emir Halepovic, Mostafa Ammar, and Ellen Zegura. 2018. eMIMIC: Estimating HTTP-based Video QoE Metrics from Encrypted Network Traffic. In IEEE/IFIP Conference on Traffic Measurement and Analysis 2018.Google ScholarCross Ref
Tarun Mangla, Emir Halepovic, Rittwk Jana, Kyung-Wook Hwang, Marco Platania, and Mostafa Ammar. 2018. VideoNOC: Assessing Video QoE for Network Operators using Passive Measurements. In Proceedings of ACM Multimedia Systems Conference. ACM.Google ScholarDigital Library
Ahmed Mansy, Mostafa Ammar, Jaideep Chandrashekar, and Anmol Sheth. 2014. Characterizing client behavior of commercial mobile video streaming services. In Proceedings of Workshop on Mobile Video Delivery. ACM, 8.Google Scholar
Hongzi Mao, Ravi Netravali, and Mohammad Alizadeh. 2017. Neural adaptive video streaming with pensieve. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. ACM, 197--210.Google ScholarDigital Library
M Hammad Mazhar and Zubair Shafiq. 2018. Real-time Video Quality of Experience Monitoring for HTTPS and QUIC. In INFOCOM 2018-IEEE Conference on Computer Communications, IEEE. IEEE.Google Scholar
Brad Miller, Ling Huang, Anthony D Joseph, and J Doug Tygar. 2014. I know why you went to the clinic: Risks and realization of https traffic analysis. In International Symposium on Privacy Enhancing Technologies Symposium. Springer, 143--163.Google ScholarCross Ref
Irena Orsolic, Dario Pevec, Mirko Suznjevic, and Lea Skorin-Kapov. 2016. Youtube QoE estimation based on the analysis of encrypted network traffic using machine learning. In Globecom Workshops (GC Wkshps), 2016 IEEE. IEEE, 1--6.Google ScholarCross Ref
Irena Orsolic, Dario Pevec, Mirko Suznjevic, and Lea Skorin-Kapov. 2017. A machine learning approach to classifying YouTube QoE based on encrypted network traffic. Multimedia tools and applications 76, 21 (2017), 22267--22301.Google Scholar
Wubin Pan, Gaung Cheng, Hua Wu, and Yongning Tang. 2016. Towards QoE assessment of encrypted YouTube adaptive video streaming in mobile networks. In 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS). IEEE, 1--6.Google Scholar
Roger Pantos and William May. 2016. HTTP live streaming. (2016).Google Scholar
Yanyuan Qin, Shuai Hao, KR Pattipati, Feng Qian, Subhabrata Sen, Bing Wang, and Chaoqun Yue. 2018. ABR streaming of VBR-encoded videos: characterization, challenges, and solutions. In Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies. ACM, 366--378.Google ScholarDigital Library
Andrew Reed and Benjamin Klimkowski. 2016. Leaky streams: Identifying variable bitrate DASH videos streamed over encrypted 802.11 n connections. In Consumer Communications & Networking Conference (CCNC), 2016 13th IEEE Annual. IEEE, 1107--1112.Google ScholarDigital Library
Andrew Reed and Michael Kranch. 2017. Identifying HTTPS-protected Netflix videos in real-time. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. ACM, 361--368.Google ScholarDigital Library
Paul Schmitt, Francesco Bronzino, Sara Ayoubi, Guilherme Martins, Renata Teixeira, and Nick Feamster. 2020. Inferring Streaming Video Quality from Encrypted Traffic: Practical Models and Deployment Experience. Proceedings of the ACM on Measurement and Analysis of Computing Systems (2020).Google Scholar
Kevin Spiteri, Rahul Urgaonkar, and Ramesh K Sitaraman. 2016. BOLA: near-optimal bitrate adaptation for online videos. In Computer Communications, IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on. IEEE, 1--9.Google ScholarDigital Library
Qixiang Sun, Daniel R Simon, Yi-Min Wang, Wilf Russell, Venkata N Padmanabhan, and Lili Qiu. 2002. Statistical identification of encrypted web browsing traffic. In Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on. IEEE, 19--30.Google ScholarDigital Library
Andrew M White, Austin R Matthews, Kevin Z Snow, and Fabian Monrose. 2011. Phonotactic reconstruction of encrypted voip conversations: Hookt on fon-iks. In Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, 3--18.Google ScholarDigital Library
Shichang Xu, Subhabrata Sen, Z Morley Mao, and Yunhan Jia. 2017. Dissecting VOD services for cellular: performance, root causes and best practices. In Proceedings of the 2017 Internet Measurement Conference. ACM, 220--234.Google ScholarDigital Library
Xiaoqi Yin, Abhishek Jindal, Vyas Sekar, and Bruno Sinopoli. 2015. A control-theoretic approach for dynamic adaptive video streaming over HTTP. In ACM SIGCOMM Computer Communication Review, Vol. 45. ACM, 325--338.Google ScholarDigital Library

Recommendations

Downlink resource allocation for OFDMA-based multiservice networks with imperfect CSI
ICC'09: Proceedings of the 2009 IEEE international conference on Communications

This paper addresses practical implementation issues of resource allocation in OFDMA networks: inaccuracy of channel state information (CSI) available to the resource allocation unit (RAU) and diversity of subscribers' quality of service (QoS) ...
Read More
Process model-based atomic service discovery and composition of composite semantic web services using web ontology language for services OWL-S

Web Service composition has become indispensable as a single web service cannot satisfy complex functional requirements. Composition of services has received much interest to support business-to-business B2B or enterprise application integration. An ...
Read More
Study On Purchase Intention In Different Live Streaming Scenarios Based On Experimental Approach
ICEBI '22: Proceedings of the 2022 6th International Conference on E-Business and Internet

Live streaming e-commerce has exploded recently. While the live streaming traffic is dominated by the top live streamers, merchants and ordinary live streamers attempt to establish self-operating live streaming, but the number of fans and sales ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
EuroSys '20: Proceedings of the Fifteenth European Conference on Computer Systems
April 2020
49 pages
ISBN:9781450368827
DOI:10.1145/3342195
General Chairs:
Angelos Bilas
University of Crete and FORTH-ICS
,
Kostas Magoutis
University of Crete and FORTH-ICS
,
Evangelos Markatos
University of Crete and FORTH-ICS
,
Program Chairs:
Dejan Kostic
KTH Royal Institute of Technology, Sweden
,
Margo Seltzer
The University of British Columbia, Canada
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 17 April 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- research-article
Conference

Acceptance Rates
EuroSys '20 Paper Acceptance Rate43of234submissions,18%Overall Acceptance Rate241of1,308submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 14
  Total Citations
  View Citations
- 666
  Total Downloads
- Downloads (Last 12 months)74
- Downloads (Last 6 weeks)11
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

CSI: inferring mobile ABR video adaptation behavior under HTTPS and QUIC

EuroSys '20: Proceedings of the Fifteenth European Conference on Computer Systems

ABSTRACT

References

Cited By

Recommendations

Downlink resource allocation for OFDMA-based multiservice networks with imperfect CSI

Process model-based atomic service discovery and composition of composite semantic web services using web ontology language for services OWL-S

Study On Purchase Intention In Different Live Streaming Scenarios Based On Experimental Approach