On Privacy Risks of Watching YouTube over Cellular Networks with Carrier Aggregation

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 54
  • Download : 0
One's core values, personality, and social status may be reflected in the watch history of online video streaming services such as YouTube. Unfortunately, several prior research work demonstrates that man-in-the-middle or malware-assisted attackers can accurately infer the titles of encrypted streaming videos by exploiting the inherent correlation between the encoded video contents and the traffic rate changes. In this paper, we present a novel video-inference attack called Moba that further exacerbates the problem by only requiring the adversary to simply eavesdrop the broadcast messages of a primary cell of a targeted user's cellular phone. Our attack utilizes a side channel in modern cellular networks that leaks the number of actively transmitting cells for each user. We show that this seemingly harmless system information leakage can be used to achieve practical video-inference attacks. To design effective video-inference attacks, we augment the coarse-grained side-channel measurements with precise timing information and estimate the traffic bursts of encrypted video contents. The Moba attack considers an adversary-chosen set of suspect YouTube videos, from which a targeted user may watch some videos during the attack. We confirm the feasibility of Moba in identifying the exact YouTube video title (if it is from the suspect set) via our over-the-air experiments conducted in LTE-Advanced networks in two countries. Moba can be effective in verifying whether a targeted user watches any of the suspect videos or not; e.g., precision of 0.98 is achieved after observing six-minutes of a single video play. When further allowed to observe multiple video plays, Moba adversary is able to identify whether the targeted user frequently watches the suspect videos with a probability close to one and a near-zero false positive rate. Finally, we present a simple padding-based countermeasure that significantly reduces the attack effectiveness without sacrificing any cellular radio resources.
Publisher
ACM
Issue Date
2022-09-13
Language
English
Citation

UbiComp 2022

URI
http://hdl.handle.net/10203/299622
Appears in Collection
CS-Conference Papers(학술회의논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0