Understanding and Improving Video Fingerprinting Attack Accuracy under Challenging Conditions
Authors: 
August Carlson, David Hasselquist, Ethan Witwer, Niklas Johansson, 
Niklas CarlssonAuthors Info & Claims
August Carlson, David Hasselquist, Ethan Witwer, Niklas Johansson, Niklas CarlssonAuthors Info & ClaimsPages 141 - 154
Abstract
The threat of video fingerprinting attacks poses significant privacy concerns. These attacks can identify streamed videos with high accuracy despite the use of encryption, leveraging both heuristic-based and deep learning techniques. However, the real-world effectiveness of such attacks remains underexplored, as most research assumes ideal conditions. In this paper, we address the challenges posed by variable network conditions and live-streaming latency, which complicate the attacker's ability to collect useful training data. First, we evaluate several deep learning model architectures against video data under diverse network conditions, including two adaptations of existing website fingerprinting attacks tailored to video that we show boast notable improvements over the base attacks and previous state-of-the-art video fingerprinting attacks. Second, we introduce two augmentation techniques and demonstrate that they substantially enhance attack performance in suboptimal conditions, without knowledge of the victim's live latency. Finally, we analyze the effects of data limitations such as observation time, dataset size, and training time. Overall, our work provides new insights into the impact that several real-world challenges have on attack accuracy, presents new and improved attacks, and details two augmentation techniques that can further boost the performance of the new attacks. Combined, these significant advancements highlight the urgent need for effective defense mechanisms.
References
[1]
Waleed Afandi, Syed Muhammad Ammar Hassan Bukhari, Muhammad U. S. Khan, Tahir Maqsood, and Samee U. Khan. 2022. Fingerprinting Technique for YouTube Videos Identification in Network Traffic. IEEE Access, Vol. 10 (2022).
[2]
Dilawer Ahmed, Aafaq Sabir, and Anupam Das. 2023. Spying through Your Voice Assistants: Realistic Voice Command Fingerprinting. In Proc. USENIX Security.
[3]
J.S. Atkinson, M. Rio, J.E. Mitchell, and G. Matich. 2014. Your WiFi Is Leaking: Ignoring Encryption, Using Histograms to Remotely Detect Skype Traffic. In Proc. IEEE Military Communications Conference (MILCOM).
[4]
Sangwook Bae, Mincheol Son, Dongkwan Kim, CheolJun Park, Jiho Lee, Sooel Son, and Yongdae Kim. 2022. Watching the Watchers: Practical Video Identification Attack in LTE Networks. In Proc. USENIX Security.
[5]
Alireza Bahramali, Ardavan Bozorgi, and Amir Houmansadr. 2023. Realistic Website Fingerprinting By Augmenting Network Traces. In Proc. ACM Computer and Communications Security (CCS).
[6]
Alireza Bahramali, Ramin Soltani, Amir Houmansadr, Dennis Goeckel, and Don Towsley. 2020. Practical traffic analysis attacks on secure messaging applications. In Proc. Network and Distributed System Security (NDSS).
[7]
Sanjit Bhat, David Lu, Albert Kwon, and Srinivas Devadas. 2018. Var-CNN: A data-efficient website fingerprinting attack based on deep learning. In Proc. Privacy Enhancing Technologies (PETS).
[8]
Dario Bonfiglio, Marco Mellia, Michela Meo, Dario Rossi, and Paolo Tofanelli. 2007. Revealing Skype traffic: when randomness plays with you. SIGCOMM CCR (2007).
[9]
Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, and Ian Goldberg. 2014. A Systematic Approach to Developing and Evaluating Website Fingerprinting Defenses. In Proc. ACM Computer and Communications Security (CCS).
[10]
Giovanni Cherubin, Rob Jansen, and Carmela Troncoso. 2022. Online website fingerprinting: Evaluating website fingerprinting attacks on tor in the real world. In Proc. USENIX Security.
[11]
Thilini Dahanayaka, Guillaume Jourjon, and Suranga Seneviratne. 2022. Dissecting traffic fingerprinting CNNs with filter activations. Computer Networks (2022).
[12]
Shuaifu Dai, Alok Tongaonkar, Xiaoyin Wang, Antonio Nucci, and Dawn Song. 2013. NetworkProfiler: Towards automatic fingerprinting of Android apps. In Proc. IEEE INFOCOM.
[13]
Wladimir De la Cadena, Asya Mitseva, Jens Hiller, Jan Pennekamp, Sebastian Reuter, Julian Filter, Thomas Engel, Klaus Wehrle, and Andriy Panchenko. 2020. TrafficSliver: Fighting Website Fingerprinting Attacks with Traffic Splitting. In Proc. ACM CCS.
[14]
Xinhao Deng, Qilei Yin, Zhuotao Liu, Xiyuan Zhao, Qi Li, Mingwei Xu, Ke Xu, and Jianping Wu. 2023. Robust multi-tab website fingerprinting attacks in the wild. In Proc. IEEE Security and Privacy (S&P).
[15]
Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. In Proc. USENIX Security.
[16]
Meijie Du, Minchao Xu, Kedong Liu, Weitao Tang, Lijuan Zheng, and Qingyun Liu. 2023. Long-Short Terms Frequency: A Method for Encrypted Video Streaming Identification. In Proc. Computer Supported Cooperative Work in Design (CSCWD).
[17]
Ran Dubin, Amit Dvir, Ofir Pele, and Ofer Hadar. 2017. I Know What You Saw Last Minute?Encrypted HTTP Adaptive Video Streaming Title Classification. IEEE Trans. on Information Forensics and Security (TIFS) (2017).
[18]
Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In Proc. IEEE Security and Privacy (S&P).
[19]
Yanjie Fu, Hui Xiong, Xinjiang Lu, Jin Yang, and Can Chen. 2016. Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans. on Mobile Computing (2016).
[20]
Jiajun Gong and Tao Wang. 2020. Zero-delay Lightweight Defenses against Website Fingerprinting. In Proc. USENIX Security.
[21]
Jiajun Gong, Wuqi Zhang, Charles Zhang, and Tao Wang. 2022. Surakav: Generating Realistic Traces for a Strong Website Fingerprinting Defense. In Proc. IEEE Security and Privacy (S&P).
[22]
Jiajun Gong, Wuqi Zhang, Charles Zhang, and Tao Wang. 2023. WFDefProxy: Real World Implementation and Evaluation of Website Fingerprinting Defenses. IEEE Trans. on Information Forensics and Security (TIFS) (2023).
[23]
Jiaxi Gu, Jiliang Wang, Zhiwen Yu, and Kele Shen. 2018. Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming. In Proc. IEEE INFOCOM.
[24]
David Hasselquist, Martin Lindblom, and Niklas Carlsson. 2022. Lightweight fingerprint attack and encrypted traffic analysis on news articles. In Proc. IFIP Networking.
[25]
David Hasselquist, Christian Vestlund, Niklas Johansson, and Niklas Carlsson. 2022. Twitch Chat Fingerprinting. In Proc. IFIP Network Traffic Measurement and Analysis Conference (TMA).
[26]
David Hasselquist, Ethan Witwer, August Carlson, Niklas Johansson, and Niklas Carlsson. 2024. Raising the Bar: Improved Fingerprinting Attacks and Defenses for Video Streaming Traffic. In Proc. Privacy Enhancing Technologies (PETS).
[27]
Jamie Hayes and George Danezis. 2016. k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. In Proc. USENIX Security.
[28]
Sébastien Henri, Gines Garcia-Aviles, Pablo Serrano, Albert Banchs, and Patrick Thiran. 2020. Protecting against Website Fingerprinting with Multihoming. In Proc. Privacy Enhancing Technologies (PETS).
[29]
Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. 2009. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na"ive-bayes classifier. In Proc. ACM Workshop on Cloud Computing Security.
[30]
Andrew Hintz. 2002. Fingerprinting websites using traffic analysis. In Proc. Workshop on Privacy Enhancing Technologies (PETS).
[31]
James K Holland and Nicholas Hopper. 2022. RegulaTor: A Straightforward Website Fingerprinting Defense. In Proc. Privacy Enhancing Technologies (PETS).
[32]
Rob Jansen, Ryan Wails, and Aaron Johnson. 2024. A Measurement of Genuine Tor Traces for Realistic Website Fingerprinting. arXiv:2404.07892 (2024).
[33]
Zhaoxin Jin, Tianbo Lu, Shuang Luo, and Jiaze Shang. 2023. Transformer-based Model for Multi-tab Website Fingerprinting Attack. In Proc. ACM Computer and Communications Security (CCS).
[34]
Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, and Rachel Greenstadt. 2014. A critical evaluation of website fingerprinting attacks. In Proc. ACM Computer and Communications Security (CCS).
[35]
Marc Juarez, Mohsen Imani, Mike Perry, Claudia Diaz, and Matthew Wright. 2016. Toward an efficient website fingerprinting defense. In Proc. European Symposium on Research in Computer Security (ESORICS).
[36]
Antonis Kalogeropoulos, Federica Cherubini, and Nic Newman. 2016. The Future of Online News Video. Digital News Project (2016).
[37]
Vengatanathan Krishnamoorthi, Niklas Carlsson, Emir Halepovic, and Eric Petajan. 2017. BUFFEST: Predicting Buffer Conditions and Real-time Requirements of HTTP(S) Adaptive Streaming Clients. In Proc. ACM Multimedia Systems Conference (MMSys).
[38]
Feng Li, Jae Won Chung, and Mark Claypool. 2018. Silhouette: Identifying YouTube Video Flows from Encrypted Traffic. In Proc. ACM SIGMM Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV).
[39]
Jianfeng Li, Shuohan Wu, Hao Zhou, Xiapu Luo, Ting Wang, Yangyang Liu, and Xiaobo Ma. 2022. Packet-Level Open-World App Fingerprinting on Wireless Traffic. In Proc. Network and Distributed System Security (NDSS).
[40]
Ying Li, Yi Huang, Richard Xu, Suranga Seneviratne, Kanchana Thilakarathna, Adriel Cheng, Darren Webb, and Guillaume Jourjon. 2018. Deep Content: Unveiling Video Streaming Content from Encrypted WiFi Traffic. In Proc. IEEE Network Computing and Applications (NCA).
[41]
Nate Mathews, James K Holland, Se Eun Oh, Mohammad Saidur Rahman, Nicholas Hopper, and Matthew Wright. 2023. SoK: A critical evaluation of efficient website fingerprinting defenses. In Proc. IEEE Security and Privacy (S&P).
[42]
Asya Mitseva and Andriy Panchenko. 2024. Stop, Don't Click Here Anymore: Boosting Website Fingerprinting By Considering Sets of Subpages. In USENIX Security.
[43]
Milad Nasr, Alireza Bahramali, and Amir Houmansadr. 2021. Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations. In Proc. USENIX Security.
[44]
Nic Newman, Richard Fletcher, Kirsten Eddy, Craig T. Robertson, and Rasmus Kleis Nielsen. 2023. Digital News Report. Reuters Institute for the study of Journalism (2023).
[45]
Rishab Nithyanand, Xiang Cai, and Rob Johnson. 2014. Glove: A Bespoke Website Fingerprinting Defense. In Proc. ACM Workshop on Privacy in the Electronic Society (WPES).
[46]
Se Eun Oh, Nate Mathews, Mohammad Saidur Rahman, Matthew Wright, and Nicholas Hopper. 2021. GANDaLF: GAN for data-limited fingerprinting. In Proc. Privacy Enhancing Technologies (PETS).
[47]
Andriy Panchenko, Fabian Lanze, Jan Pennekamp, Thomas Engel, Andreas Zinnen, Martin Henze, and Klaus Wehrle. 2016. Website Fingerprinting at Internet Scale. In Proc. Network and Distributed System Security (NDSS).
[48]
Mike Perry and George Kadianakis. 2020. Circuit Padding Developer Documentation. https://github.com/torproject/tor/blob/main/doc/HACKING/CircuitPaddingDevelopment.md.
[49]
Pew Research Center. 2023. Social Media and News Fact Sheet. https://www.pewresearch.org/journalism/fact-sheet/social-media-and-news-fact-sheet/.
[50]
Tobias Pulls. 2020. Towards Effective and Efficient Padding Machines for Tor. arXiv:2011.13471 (2020).
[51]
Tobias Pulls and Ethan Witwer. 2023. Maybenot: A Framework for Traffic Analysis Defenses. In Proc. ACM Workshop on Privacy in the Electronic Society (WPES).
[52]
Darijo Raca, Jason J Quinlan, Ahmed H Zahran, and Cormac J Sreenan. 2018. Beyond throughput: A 4G LTE dataset with channel and context metrics. In Proc. ACM Multimedia Systems Conference (MMSys).
[53]
Mohammad Saidur Rahman, Mohsen Imani, Nate Mathews, and Matthew Wright. 2021. Mockingbird: Defending against deep-learning-based website fingerprinting attacks with adversarial traces. IEEE Trans. on Information Forensics and Security (TIFS) (2021).
[54]
Mohammad Saidur Rahman, Payap Sirinam, Nate Mathews, Kantha Girish Gangadhara, and Matthew Wright. 2020. Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks. In Proc. Privacy Enhancing Technologies (PETS).
[55]
Andrew Reed and Benjamin Klimkowski. 2016. Leaky streams: Identifying variable bitrate DASH videos streamed over encrypted 802.11n connections. In Proc. IEEE Consumer Communications & Networking Conference (CCNC).
[56]
Andrew Reed and Michael Kranch. 2017. Identifying HTTPS-Protected Netflix Videos in Real-Time. In Proc. ACM Conference on Data and Application Security and Privacy (CODASPY).
[57]
Vera Rimmer, Davy Preuveneers, Marc Juarez, Tom Van Goethem, and Wouter Joosen. 2018. Automated Website Fingerprinting through Deep Learning. In Proc. Network and Distributed System Security (NDSS).
[58]
Sandvine. 2024. 2024 Global Internet Phenomena Report. https://www.sandvine.com/global-internet-phenomena-report-2024.
[59]
Roei Schuster, Vitaly Shmatikov, and Eran Tromer. 2017. Beauty and the Burst: Remote Identification of Encrypted Video Streams. In Proc. USENIX Security.
[60]
Meng Shen, Kexin Ji, Zhenbo Gao, Qi Li, Liehuang Zhu, and Ke Xu. 2023. Subverting Website Fingerprinting Defenses with Robust Traffic Representation. In Proc. USENIX Security.
[61]
Meng Shen, Yiting Liu, Liehuang Zhu, Xiaojiang Du, and Jiankun Hu. 2020. Fine-grained webpage fingerprinting using only packet length information of encrypted traffic. IEEE Trans. on Information Forensics and Security (TIFS) (2020).
[62]
Payap Sirinam, Mohsen Imani, Marc Juarez, and Matthew Wright. 2018. Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. In Proc. ACM Computer and Communications Security (CCS).
[63]
Payap Sirinam, Nate Mathews, Mohammad Saidur Rahman, and Matthew Wright. 2019. Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning. In Proc. ACM Computer and Communications Security (CCS).
[64]
Iraj Sodagar. 2011. The MPEG-DASH Standard for Multimedia Streaming Over the Internet. IEEE MultiMedia (2011).
[65]
Vincent F. Taylor, Riccardo Spolaor, Mauro Conti, and Ivan Martinovic. 2018. Robust Smartphone App Identification via Encrypted Network Traffic Analysis. IEEE Trans. on Information Forensics and Security (TIFS) (2018).
[66]
Alexander Vaskevich, Thilini Dahanayaka, Guillaume Jourjon, and Suranga Seneviratne. 2021. Smaug: Streaming media augmentation using CGANs as a defence against video fingerprinting. In Proc. IEEE Network Computing and Applications (NCA).
[67]
Tim Walsh, Trevor Thomas, and Armon Barton. 2024. Exploring the Capabilities and Limitations of Video Stream Fingerprinting. In Proc. IEEE Security and Privacy Workshops (SPW).
[68]
Chenggang Wang, Jimmy Dani, Xiang Li, Xiaodong Jia, and Boyang Wang. 2021. Adaptive Fingerprinting: Website Fingerprinting over Few Encrypted Traffic. In Proc. ACM Conference on Data and Application Security and Privacy (CODASPY).
[69]
Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting. In Proc. USENIX Security.
[70]
Tao Wang and Ian Goldberg. 2017. Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks. In Proc. USENIX Security.
[71]
Xinyuan Wang, Shiping Chen, and Sushil Jajodia. 2005. Tracking anonymous peer-to-peer VoIP calls on the internet. In Proc. ACM Computer and Communications Security (CCS).
[72]
Ethan Witwer, James K Holland, and Nicholas Hopper. 2022. Padding-only defenses add delay in Tor. In Proc. ACM Workshop on Privacy in the Electronic Society (WPES).
[73]
Hua Wu, Zhenhua Yu, Guang Cheng, and Shuyi Guo. 2020. Identification of encrypted video streaming based on differential fingerprints. In Proc. IEEE Computer Communications Workshops (INFOCOM WKSHPS).
[74]
Luming Yang, Shaojing Fu, Yuchuan Luo, and Jiangyong Shi. 2020. Markov probability fingerprints: A method for identifying encrypted video traffic. In Proc. Mobility, Sensing and Networking (MSN).
[75]
Xiaokuan Zhang, Jihun Hamm, Michael K Reiter, and Yinqian Zhang. 2019. Statistical privacy for streaming traffic. In Proc. Network and Distributed System Security (NDSS).
[76]
Xiyuan Zhang, Gang Xiong, Zhen Li, Chen Yang, Xinjie Lin, Gaopeng Gou, and Binxing Fang. 2024. Traffic spills the beans: A robust video identification attack against YouTube. Computers & Security (2024).
Index Terms
- Understanding and Improving Video Fingerprinting Attack Accuracy under Challenging Conditions
Recommendations
Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityWebsite fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight ...
Defending Against Deep Learning-Based Traffic Fingerprinting Attacks With Adversarial Examples
In an increasingly digital and interconnected world, online anonymity and privacy are paramount issues for Internet users. To address this, tools like The Onion Router (Tor) offer anonymous and private communication by routing traffic through multiple ...
Optimal collusion attack for digital fingerprinting
MM '10: Proceedings of the 18th ACM international conference on MultimediaThe collusion attack is a cost-efficient attack against digital finger-printing where classes of users combine their fingerprinted content for the purpose of attenuating or removing the fingerprints. A recently introduced gradient attack which appeared ...
Comments
Information & Contributors
Information
Published In
November 2024
219 pages
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 November 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Wallenberg AI, Autonomous Systems and Software Program (WASP)
- Swedish Foundation for Strategic Research (SSF)
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 106 of 355 submissions, 30%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 117Total Downloads
- Downloads (Last 12 months)117
- Downloads (Last 6 weeks)47
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in