Information Leakage in the Slingbox

Interesting:

…despite the use of encryption, a passive eavesdropper can still learn private information about what someone is watching via their Slingbox Pro.

[…]

First, in order to conserve bandwidth, the Slingbox Pro uses something called variable bitrate (VBR) encoding. VBR is a standard approach for compressing streaming multimedia. At a very abstract level, the idea is to only transmit the differences between frames. This means that if a scene changes rapidly, the Slingbox Pro must still transmit a lot of data. But if the scene changes slowly, the Slingbox Pro will only have to transmit a small amount of data—a great bandwidth saver.

Now notice that different movies have different visual effects (e.g., some movies have frequent and rapid scene changes, others don’t). The use of VBR encodings therefore means that the amount data transmitted over time can serve as a fingerprint for a movie. And, since encryption alone won’t fully conceal the number of bytes transmitted, this fingerprint can survive encryption!

We experimented with fingerprinting encrypted Slingbox Pro movie transmissions in our lab. We took 26 of our favorite movies (we tried to pick movies from the same director, or multiple movies in a series), and we played them over our Slingbox Pro. Sometimes we streamed them to a laptop attached to a wired network, and sometimes we streamed them to a laptop connected to an 802.11 wireless network. In all cases the laptop was one hop away.

We trained our system on some of those traces. We then took new query traces for these movies and tried to match them to our database. For over half of the movies, we were able to correctly identify the movie over 98% of the time. This is well above the less than 4% accuracy that one would get by random chance.

More details in the paper.

Tags: , , ,

Posted on June 4, 2007 at 1:24 PM27 Comments

Comments

so what? June 4, 2007 2:23 PM

Does this matter? In this context, the encryption exists not to prevent others from knowing what you are watching, rather, it exists to prevent others from watching it themselves. It’s an enforcement mechanism for the Slingbox’s the “one viewer at a time” rule. Sure, it’s imperfect, but they want to minimize risk of getting sued for copyright infringement. AFAIK, they do not claim to protect the identity of the content you stream.

Anonymous June 4, 2007 2:51 PM

It’s pretty worthwhile keeping this in the back of your mind next time you tune into “Debbie does Dallas”.

Mind you, I’ve known about this attack for years. It’s howcome someone always calls during the best bit of the film. (Not DDD, I hasten to point out!)

Ed T. June 4, 2007 2:57 PM

I can give you one reason why this matters:

Robert Bork.

If you are even thinking of becoming a public figure, your personal habits (esp. those that might be embarrassing, or that you might not want published in the newspaper for your mother’s church group to read about) require that you guard them closely.

~EdT.

Nico June 4, 2007 3:06 PM

RE: “Debbie does Dallas”

Someone would have to already have the fingerprint for Debbie Does Dallas. Most likely, any sort of “embarassing” movie that someone is watching is not in the fingerprint database.

Joshua June 4, 2007 3:20 PM

For over half of the movies, we were able to correctly identify the movie over 98% of the time.

Yeah, for half of the movies. What was the hit rate on the other half?

So I checked the paper, and the overall hit rate is 77%. Still really damned good, especially considering baseline chance odds. The construction I quoted really irks me, though, since it hides the real result to make the algorithm sounds more impressive.

Seriously, 77% is still an awesome hit rate, and well worth touting on its own.

This is definitely a clever attack on Slingbox. Presumably, the advantages of VBR from a bandwidth usage standpoint outweigh the privacy risk for the most part, but wouldn’t it be possible at least in theory to foil this sort of attack by introducing random padding to the data stream? Or, you know… switch to CBR. 😉

RE: "Debbie does Dallas" June 4, 2007 3:21 PM

If the internet has taught me anything it is that Debbie does Dallas will be in the database along with every other smutt film you could every possibly imagine.

And if one was building a database of movie finger print for the sole purpose of determining what someone is watching, who cares about anything besides ‘Men in Lockup 3’.

Joshua June 4, 2007 3:22 PM

Nico: That seems like an unjustified assumption. Why wouldn’t an attacker make an effort to fingerprint potentially compromising films? (Presumably for later blackmail/character assassination purposes or whatever.)

David June 4, 2007 3:30 PM

Padding gets rid of the advantage of VBR. However, mightn’t it be possible, with a bit of a buffer, to accumulate the VBR data and send fixed-sized chunks at a time? This, it seems, fixes the privacy issue while retaining the reduced bandwidth/preservation of quality of VBR, at the cost of some RAM/disk space – seems to me a good tradeoff.

Bryan Feir June 4, 2007 3:58 PM

@David:

That approach will also increase the latency significantly, of course. Granted, in a one-way streaming application that’s not as important as in a two-way communication.

Not to mention that it doesn’t fix the entire problem, as the timing of the transmissions still tells you what the bit rate was, it just averages it out so you don’t get the ‘instantaneous’ rate.

Interesting June 4, 2007 4:07 PM

@Joshua
“…but wouldn’t it be possible at least in theory to foil this sort of attack by introducing random padding to the data stream?”

That is interesting. The first thought that comes to mind is that while adding random bits would change the signature, it could perhaps become closer to an even less desireable signature. Especially since the signature is really somewhat indeterminate to begin with (with only a 77% hit rate).

Arik June 4, 2007 4:45 PM

It’s not about whether this particular attack matters or not.

It’s about a nice side-channel analysis attack on a communication channel. It’s cool and important in its own merit.

— Arik

X the Unknown June 4, 2007 5:32 PM

This technique can probably be applied to a wider set of targets than snooping on SlingBoxes.

For example, if China wants to suppress viewing of “subversive videos”, but people are using encrypted data-feeds (SSL, or whatever), this technique might be adaptable to scanning for “fruitful” sites at which to have the thought-police pay a visit.

Jon Sowden June 4, 2007 8:47 PM

@ Arik,
“It’s not about whether this particular attack matters or not.

It’s about a nice side-channel analysis attack on a communication channel. It’s cool and important in its own merit.”

IIRC, this kind of attack* is one of the tools the British used to unpack Enigma transmissions.

Regards
Jon

*ie, “we can’t decrypt this section, but it’s three characters long, and we know this area of the message is for month, so it’s probably ‘May'”

Chris June 4, 2007 10:11 PM

Sounds like we need a Grid Virtual Slingbox, where each endpoint is doing shares of the work for many streams.

(Note: not a serious idea. Unless it works.)

Gp June 5, 2007 1:25 AM

It seems to me that a simple change in the transmission could foil this attack. The device could download the video as fast as is reasonable up to some pre-set cache limit. There is still infomation leakage such as the size of the movie and an approximation of play time for a chunk of data. But video services have bandwidth problems as-is. There is zero chance of them padding the data.

Bittorrent style distribution offers some protection. Of course any peers will know what you just grabbed. Something like Freenet is required if you really must have total anonymity.

Jeremy H June 5, 2007 1:44 AM

“So I checked the paper, and the overall hit rate is 77%. Still really damned good,”

Not really with a sample size or 26. It’s pretty easy to pull out unique identifiers for such a small sample. I’d be more interested in seeing how this would hold up against a database of 10,000 entries. I suspect that the false positive rate would suffer in the same way that facial recognition algorithms have.

The query step also seems to be very computationally intensive, and likely wouldn’t scale. They have to do a substring match (which takes linear time) on each movie fingerprint. A fingerprint is 600K per hour. 10,000 films @ 2 hours each is 11.5 gigs. That’s a lot of data to scan per query.

Also, note that film “O” had a 10% false positive rate.

supersnail June 5, 2007 2:17 AM

Classic example of “signals analysis” — the art of deducing intelligence from encrypted traffic even when you cannot decrypt.

Foxyshadis June 5, 2007 4:29 AM

Jeremy, it’s not really that bad, the problem is trivially parallelizable and can very easily be modified to start coarse and iterate over finer versions to quickly winnow the field. You could grab the fingerprint(s) overnight, upload them to your rented/borrowed/hijacked cluster and get the news back that evening.

Even minor intentional perturbations would probably completely eliminate the method’s effectiveness though.

Too bad they quit measuring after 48 hours, since a couple hundred would make for a more realistic measure. I’d love to see a graph of how accurate the matching was for every five more they added; I’m sure it would drop at an alarming rate.

Clive Robinson June 5, 2007 5:46 AM

It is a form of Traffic Analysis that effectivly uses a weakness in the design (from the security perspective) but is more efficient (from the network perspective)

Showing yet again that being efficient allows information to leak…

There is a discussion about Traffic Analysis and how it can be used at Internet eXchange points to attack low latency PET systems like TOR over on the Camb Labs blog,

http://www.lightbluetouchpaper.org/2007/05/28/sampled-traffic-analysis-by-internet-exchange-level-adversaries

Clive Robinson June 5, 2007 5:51 AM

@Jeremy H,

“The query step also seems to be very computationally intensive, and likely wouldn’t scale. They have to do a substring match (which takes linear time) on each movie fingerprint. A fingerprint is 600K per hour. 10,000 films @ 2 hours each is 11.5 gigs. That’s a lot of data to scan per query.”

Remember this is a simple non optomised attack. There are a lot of ways this could be easily optomised. The very simplist of which is to store your fingerprints in a way that, provides a quite efficient time trade off.

bob June 5, 2007 6:57 AM

Interesing, but doesnt seem all that valuable. They were able to extract essentially a 5-bit value (the domain required to uniquely identify 26 movies) in ~an hour of tracking with a 77% accuracy rate. I suspect the accuracy will go down precipitously as the domain approaches infinity. Besides, if the server is running Vista it will put random gibberish in the download anyway just to show you who is boss 🙂

derf June 5, 2007 10:15 AM

If they’re busy trying to figure out what movie I’m watching, they aren’t breaking into my home, car, or computer. Please – enjoy figuring out what I’m streaming.

Ale June 5, 2007 12:12 PM

What if the VBR coded stream is randomly split into substreams, each sent through a spatially diverse path? The attack is still possible, but the bar is raised: measurements must be taken at all paths, and correlated.

guvn'r June 5, 2007 12:31 PM

@derf, parallel processing means they could be fingerprinting your movie and breaking into your car, home, and computer all at the same time. be afraid.

@nico, not necessarily. you watch DDD or something even more embarassing and somebody records your slingbox tracks, five years from now when you’re elected to office they match your history against the db they constructed three years ago and you’re owned.

just cause June 22, 2012 6:28 PM

What about hacking Slingbox and using the encrypted stream to access the ROM and HHD on the client box

MC November 15, 2017 1:23 PM

So I guess this hack can be defeated by creating false bitrates. Creating a variable “constant” false bit rate with an ever changing but invisible amount of data would screw up attempts to fingerprint, as variability in the encrypted traffic would be largely eliminated and basically subject to distrust. WAS that a high bitrate scene ? or just a green screen without any action on it and an off screen mask mimicking an explosion with particle scatter? I suppose encrypted , keyed noise can be introduced at the origin and masked out and discarded with a key at the reception . Bandwidth can be averaged over the proceeding 5 to 10 min of content and a mask applied that completely falsifies the real VBR fingerprint ; without affecting content to the viewer and without significantly increasing bitrates. In addition , buffers can “average out bitrates during transport and reassemble them into proper lengths at the destination, making sure the transport stream stays deceptively constant . Albeit with a shortc delay at the other end as the frames are reassembled… no?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.