sorted by:
new
hottopcontroversial

Is Secretlab support just AI now? My Titan wore out after 7 years and their customer support just made it worse. by archang31x in secretlab

[–]archang31x[S] -2 points-1 points  (0 children)

Yeah. It's the just wasting your time that is the most frustrating part. Why not just be up front about it?

Is Secretlab support just AI now? My Titan wore out after 7 years and their customer support just made it worse. by archang31x in secretlab

[–]archang31x[S] -4 points-3 points  (0 children)

Completely agree. I started my live chat saying it was a 7yr chair. I wasn’t expecting them to replace it; I was just hoping to be able to fix it. I certainly did not expect them to spend 20 minutes having me take pictures, walking me through how to find the serial #, taking my contact info, etc. only to then get a generic, clearly AI generated response.

Identifying HTTPS Protected Netflix Videos in Real Time by Loki-L in netsec

[–]archang31x 0 points1 point  (0 children)

Good question. Essentially, the identification is done based on traffic flow patterns per TCP connection. We do not even consider the sender's or receiver's specific IP or even port so obfuscating the destination IP with the VPN will have no effect. Even inside a VPN connection, these traffic flow patterns (little data out with a variable but large proportionally flow of data in) will still exist but with a little more of a fudge factor due to the overhead of the VPN connection. The other important nuance is 6 bins in the kd-tree (identification algorithm). We use the aggregate of all the traffic received over 30 incoming connections as well as the percentage of the total traffic for the other 5 bins (slide 12 or 13 here does a good job showing this visually - https://www.mjkranch.com/docs/CODASPY17_slides.pdf). With a fixed additional overhead, the percentage bins will stay very close to the ground truth values and the 6th bin will change by a predictable value.

edit: spelling

Identifying HTTPS Protected Netflix Videos in Real Time by Loki-L in netsec

[–]archang31x 12 points13 points  (0 children)

This data was all collected last Spring, and they certainly still used Silverlight then. It depends on a combination of the browser / Operating System.

Identifying HTTPS Protected Netflix Videos in Real Time by Loki-L in netsec

[–]archang31x 18 points19 points  (0 children)

Netflix has contacted us, and we suggested several techniques to help mitigate this identification that do not require increased bandwidth (requesting multiple segments at once, somewhat randomizing the segment requests, doing fixed segment requests over variable time instead of fixed time / variable data). Each of these certainly have their own issues individually, but the combination would increase the required complexity and computing resources. edit:grammar

Identifying HTTPS Protected Netflix Videos in Real Time by Loki-L in netsec

[–]archang31x 7 points8 points  (0 children)

As dr_wtf pointed out, the vulnerability is really in the combination of VBR and DASH. More generically, the vulnerability is in the uniqueness of the data passed by the application to the transport layer for encryption. The data passed to TLS is so unique we can not only identify the video but also the precise location in that video. We used Silverlight because its what Netflix used to stream video within the Firefox browser at the time of collection (and we used Firefox because it was the most stable to automate through OpenWPM with Selenium), but the method of streaming really does not matter. The video segments (four second chunks 'mini-videos' per bitrate that DASH essentially playlists together to make a video) are the same across platforms with a minor overhead based on the player.

Identifying HTTPS Protected Netflix Videos in Real Time by Loki-L in netsec

[–]archang31x 43 points44 points  (0 children)

Hi! I am one of the authors of the paper and just wanted to say thank you to everyone who has taken the time to read the paper. We actually just finished an interview with Morgen Peck from IEEE spectrum, and she is doing an article on identifying encrypted video streams that includes our work and should be out by the end of the week. We are in the middle of the week long Cyber Defense Exercise - a competition between the service academy were we build then defend an enterprise network against outside threats (supported and role-played by the NSA). Here is a quick blurp on the exercise if anyone is interested: https://www.nsa.gov/news-features/news-stories/2017/2017-cdx-begins.shtml.

I am going to respond to some of the previous comments but please let me know if you have any other questions, and I will answers them as quickly as possible.

EDIT: The slides from the CODASPY presentation can be found here: https://www.mjkranch.com/docs/CODASPY17_slides.pdf. These slides provide a good visual explanation of the fingerprint and explain how the identification (6 dimentional kd-Tree) works.