Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Cyberwar | Main | Outfitting Moths with Sensors »
June 4, 2007
Information Leakage in the Slingbox
...despite the use of encryption, a passive eavesdropper can still learn private information about what someone is watching via their Slingbox Pro.[...]
First, in order to conserve bandwidth, the Slingbox Pro uses something called variable bitrate (VBR) encoding. VBR is a standard approach for compressing streaming multimedia. At a very abstract level, the idea is to only transmit the differences between frames. This means that if a scene changes rapidly, the Slingbox Pro must still transmit a lot of data. But if the scene changes slowly, the Slingbox Pro will only have to transmit a small amount of data -- a great bandwidth saver.
Now notice that different movies have different visual effects (e.g., some movies have frequent and rapid scene changes, others don’t). The use of VBR encodings therefore means that the amount data transmitted over time can serve as a fingerprint for a movie. And, since encryption alone won’t fully conceal the number of bytes transmitted, this fingerprint can survive encryption!
We experimented with fingerprinting encrypted Slingbox Pro movie transmissions in our lab. We took 26 of our favorite movies (we tried to pick movies from the same director, or multiple movies in a series), and we played them over our Slingbox Pro. Sometimes we streamed them to a laptop attached to a wired network, and sometimes we streamed them to a laptop connected to an 802.11 wireless network. In all cases the laptop was one hop away.
We trained our system on some of those traces. We then took new query traces for these movies and tried to match them to our database. For over half of the movies, we were able to correctly identify the movie over 98% of the time. This is well above the less than 4% accuracy that one would get by random chance.
More details in the paper.
Posted on June 4, 2007 at 1:24 PM • 26 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Does this matter? In this context, the encryption exists not to prevent others from knowing what you are watching, rather, it exists to prevent others from watching it themselves. It's an enforcement mechanism for the Slingbox's the "one viewer at a time" rule. Sure, it's imperfect, but they want to minimize risk of getting sued for copyright infringement. AFAIK, they do not claim to protect the identity of the content you stream.
Posted by: so what? at June 4, 2007 2:23 PM
It's pretty worthwhile keeping this in the back of your mind next time you tune into "Debbie does Dallas".
Mind you, I've known about this attack for years. It's howcome someone always calls during the best bit of the film. (Not DDD, I hasten to point out!)
Posted by: Anonymous at June 4, 2007 2:51 PM
I can give you one reason why this matters:
Robert Bork.
If you are even *thinking* of becoming a public figure, your personal habits (esp. those that might be embarrassing, or that you might not want published in the newspaper for your mother's church group to read about) require that you guard them closely.
~EdT.
Posted by: Ed T. at June 4, 2007 2:57 PM
RE: "Debbie does Dallas"
Someone would have to already have the fingerprint for Debbie Does Dallas. Most likely, any sort of "embarassing" movie that someone is watching is not in the fingerprint database.
Posted by: Nico at June 4, 2007 3:06 PM
For over half of the movies, we were able to correctly identify the movie over 98% of the time.
Yeah, for half of the movies. What was the hit rate on the other half?
So I checked the paper, and the overall hit rate is 77%. Still really damned good, especially considering baseline chance odds. The construction I quoted really irks me, though, since it hides the real result to make the algorithm sounds more impressive.
Seriously, 77% is still an awesome hit rate, and well worth touting on its own.
This is definitely a clever attack on Slingbox. Presumably, the advantages of VBR from a bandwidth usage standpoint outweigh the privacy risk for the most part, but wouldn't it be possible at least in theory to foil this sort of attack by introducing random padding to the data stream? Or, you know... switch to CBR. ;)
Posted by: Joshua at June 4, 2007 3:20 PM
If the internet has taught me anything it is that Debbie does Dallas will be in the database along with every other smutt film you could every possibly imagine.
And if one was building a database of movie finger print for the sole purpose of determining what someone is watching, who cares about anything besides 'Men in Lockup 3'.
Posted by: RE: "Debbie does Dallas" at June 4, 2007 3:21 PM
Nico: That seems like an unjustified assumption. Why wouldn't an attacker make an effort to fingerprint potentially compromising films? (Presumably for later blackmail/character assassination purposes or whatever.)
Posted by: Joshua at June 4, 2007 3:22 PM
Padding gets rid of the advantage of VBR. However, mightn't it be possible, with a bit of a buffer, to accumulate the VBR data and send fixed-sized chunks at a time? This, it seems, fixes the privacy issue while retaining the reduced bandwidth/preservation of quality of VBR, at the cost of some RAM/disk space - seems to me a good tradeoff.
Posted by: David at June 4, 2007 3:30 PM
@David:
That approach will also increase the latency significantly, of course. Granted, in a one-way streaming application that's not as important as in a two-way communication.
Not to mention that it doesn't fix the entire problem, as the timing of the transmissions still tells you what the bit rate was, it just averages it out so you don't get the 'instantaneous' rate.
Posted by: Bryan Feir at June 4, 2007 3:58 PM
@Joshua
"...but wouldn't it be possible at least in theory to foil this sort of attack by introducing random padding to the data stream?"
That is interesting. The first thought that comes to mind is that while adding random bits would change the signature, it could perhaps become closer to an even less desireable signature. Especially since the signature is really somewhat indeterminate to begin with (with only a 77% hit rate).
Posted by: Interesting at June 4, 2007 4:07 PM
It's not about whether this particular attack matters or not.
It's about a nice side-channel analysis attack on a communication channel. It's cool and important in its own merit.
-- Arik
Posted by: Arik at June 4, 2007 4:45 PM
This technique can probably be applied to a wider set of targets than snooping on SlingBoxes.
For example, if China wants to suppress viewing of "subversive videos", but people are using encrypted data-feeds (SSL, or whatever), this technique might be adaptable to scanning for "fruitful" sites at which to have the thought-police pay a visit.
Posted by: X the Unknown at June 4, 2007 5:32 PM
@ Arik,
"It's not about whether this particular attack matters or not.
It's about a nice side-channel analysis attack on a communication channel. It's cool and important in its own merit."
IIRC, this kind of attack* is one of the tools the British used to unpack Enigma transmissions.
Regards
Jon
*ie, "we can't decrypt this section, but it's three characters long, and we know this area of the message is for month, so it's probably 'May'"
Posted by: Jon Sowden at June 4, 2007 8:47 PM
Sounds like we need a Grid Virtual Slingbox, where each endpoint is doing shares of the work for many streams.
(Note: not a serious idea. Unless it works.)
Posted by: Chris at June 4, 2007 10:11 PM
It seems to me that a simple change in the transmission could foil this attack. The device could download the video as fast as is reasonable up to some pre-set cache limit. There is still information leakage such as the size of the movie and an approximation of play time for a chunk of data. But video services have bandwidth problems as-is. There is zero chance of them padding the data.
Bittorrent style distribution offers some protection. Of course any peers will know what you just grabbed. Something like Freenet is required if you really must have total anonymity.
Posted by: Gp at June 5, 2007 1:25 AM
It seems to me that a simple change in the transmission could foil this attack. The device could download the video as fast as is reasonable up to some pre-set cache limit. There is still infomation leakage such as the size of the movie and an approximation of play time for a chunk of data. But video services have bandwidth problems as-is. There is zero chance of them padding the data.
Bittorrent style distribution offers some protection. Of course any peers will know what you just grabbed. Something like Freenet is required if you really must have total anonymity.
Posted by: Gp at June 5, 2007 1:25 AM
"So I checked the paper, and the overall hit rate is 77%. Still really damned good,"
Not really with a sample size or 26. It's pretty easy to pull out unique identifiers for such a small sample. I'd be more interested in seeing how this would hold up against a database of 10,000 entries. I suspect that the false positive rate would suffer in the same way that facial recognition algorithms have.
The query step also seems to be very computationally intensive, and likely wouldn't scale. They have to do a substring match (which takes linear time) on each movie fingerprint. A fingerprint is 600K per hour. 10,000 films @ 2 hours each is 11.5 gigs. That's a lot of data to scan per query.
Also, note that film "O" had a 10% false positive rate.
Posted by: Jeremy H at June 5, 2007 1:44 AM
Classic example of "signals analysis" -- the art of deducing intelligence from encrypted traffic even when you cannot decrypt.
Posted by: supersnail at June 5, 2007 2:17 AM
Jeremy, it's not really that bad, the problem is trivially parallelizable and can very easily be modified to start coarse and iterate over finer versions to quickly winnow the field. You could grab the fingerprint(s) overnight, upload them to your rented/borrowed/hijacked cluster and get the news back that evening.
Even minor intentional perturbations would probably completely eliminate the method's effectiveness though.
Too bad they quit measuring after 48 hours, since a couple hundred would make for a more realistic measure. I'd love to see a graph of how accurate the matching was for every five more they added; I'm sure it would drop at an alarming rate.
Posted by: Foxyshadis at June 5, 2007 4:29 AM
It is a form of Traffic Analysis that effectivly uses a weakness in the design (from the security perspective) but is more efficient (from the network perspective)
Showing yet again that being efficient allows information to leak...
There is a discussion about Traffic Analysis and how it can be used at Internet eXchange points to attack low latency PET systems like TOR over on the Camb Labs blog,
Posted by: Clive Robinson at June 5, 2007 5:46 AM
@Jeremy H,
"The query step also seems to be very computationally intensive, and likely wouldn't scale. They have to do a substring match (which takes linear time) on each movie fingerprint. A fingerprint is 600K per hour. 10,000 films @ 2 hours each is 11.5 gigs. That's a lot of data to scan per query."
Remember this is a simple non optomised attack. There are a lot of ways this could be easily optomised. The very simplist of which is to store your fingerprints in a way that, provides a quite efficient time trade off.
Posted by: Clive Robinson at June 5, 2007 5:51 AM
Interesing, but doesnt seem all that valuable. They were able to extract essentially a 5-bit value (the domain required to uniquely identify 26 movies) in ~an hour of tracking with a 77% accuracy rate. I suspect the accuracy will go down precipitously as the domain approaches infinity. Besides, if the server is running Vista it will put random gibberish in the download anyway just to show you who is boss :)
Posted by: bob at June 5, 2007 6:57 AM
If they're busy trying to figure out what movie I'm watching, they aren't breaking into my home, car, or computer. Please - enjoy figuring out what I'm streaming.
Posted by: derf at June 5, 2007 10:15 AM
What if the VBR coded stream is randomly split into substreams, each sent through a spatially diverse path? The attack is still possible, but the bar is raised: measurements must be taken at all paths, and correlated.
Posted by: Ale at June 5, 2007 12:12 PM
@derf, parallel processing means they could be fingerprinting your movie and breaking into your car, home, and computer all at the same time. be afraid.
@nico, not necessarily. you watch DDD or something even more embarassing and somebody records your slingbox tracks, five years from now when you're elected to office they match your history against the db they constructed three years ago and you're owned.
Posted by: guvn'r at June 5, 2007 12:31 PM
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Blog Menu |
SearchBlog Home Page
Archives by Date2012 J F
  |
| Latest Book |
more books by Bruce Schneier |
| Syndication |
|
Full Text Feed
Excerpts Feed |
| Translations |
|
German
Italian |
| Crypto-Gram Newsletter |
|
If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.
read more |
Comments