The problem is information in TCP/IP headers are enough to leak content information. An infosec educator from the United States Military Academy at West Point has taken a look at Netflix's HTTPS implementation, and reckons all he needs to know what programs you like is a bit of passive traffic capture.
It is explained that the TCP/IP headers of a Netflix HTTPS stream provide a 99.5 per cent content fingerprint. Yes, HTTPS is meant to provide privacy, but the variable bitrate (VBR) encoding happens to yield up predictable behaviour, particularly in how the byte-range portion of HTTP GET commands perfectly aligns with individual video segment boundaries. With a database indexing the content metadata (harvested by setting up a server to automatically “watch” videos) against the fingerprints, it's pretty straightforward to capture the fingerprint on someone else's connection and use it to look up the video.
The server used by the expert in his work was hardly a monster: he used a decade-old box with two quad-core Xeon 2.0 processors running at 2 GHz, with Linux Mint 17.3 MATE as the OS. Even that kit loaded the 184 million fingerprints in 15 minutes, and their assessment found that 99.9989 percent of the “windows” were unique. It is said that on an average, the algorithm identified the videos within three minutes, 55 seconds, with more than half of the videos identified before 2:30.
No comments:
Post a Comment