Encryption on the internet with the shift to HTTPS has been an important step to improve the privacy of internet users. However, there is an increasing body of work about extracting information from encrypted internet traffic without having to decrypt it. Such attacks bypass security guarantees assumed to be given by HTTPS and thus need to be understood. Prior works showed that the variable bitrates of video streams are sufficient to identify which video someone is watching. These works generally have to make trade-offs in aspects such as accuracy, scalability, robustness, etc. These trade-offs complicate the practical use of these attacks. To that end, we propose a deep metric learning framework based on the triplet loss method. Through this framework, we achieve robust, generalisable, scalable and transferable encrypted video stream detection. First, the triplet loss is better able to deal with video streams not seen during training. Second, our approach can accurately classify videos not seen during training. Third, we show that our method scales well to a dataset of over 1000 videos. Finally, we show that a model trained on video streams over Chrome can also classify streams over Firefox. Our results suggest that this side-channel attack is more broadly applicable than originally thought. We provide our code alongside a diverse and up-to-date dataset for future research.

, , ,
22nd IEEE/WIC International Conference on Web Intelligence and Intelligent Agent Technology, 2023
Centrum Wiskunde & Informatica, Amsterdam (CWI), The Netherlands

Gansekoele, A., Bot, T., van der Mei, R., Bhulai, S., & Hoogendoorn, M. (2023). Unveiling the potential: Harnessing deep metric learning to circumvent video streaming encryption. In IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (pp. 163–170). doi:10.1109/WI-IAT59888.2023.00028