On Privacy Risks of Watching YouTube over Cellular Networks with Carrier Aggregation-Reference-Cited by-同舟云学术

On Privacy Risks of Watching YouTube over Cellular Networks with Carrier Aggregation

Published:2022-03-29 Issue:1 Volume:6 Page:1-22
ISSN:2474-9567
Container-title:Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
language:en
Short-container-title:Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

Author:

Lakshmanan Nitya¹,Bentaleb Abdelhak¹,Choi Byoungjun²,Zimmermann Roger¹,Han Jun³,Kang Min Suk²

Affiliation:

1. National University of Singapore, Singapore

2. Korea Advanced Institute of Science and Technology, Korea

3. Yonsei University, Korea

Abstract

One's core values, personality, and social status may be reflected in the watch history of online video streaming services such as YouTube. Unfortunately, several prior research work demonstrates that man-in-the-middle or malware-assisted attackers can accurately infer the titles of encrypted streaming videos by exploiting the inherent correlation between the encoded video contents and the traffic rate changes. In this paper, we present a novel video-inference attack called Moba that further exacerbates the problem by only requiring the adversary to simply eavesdrop the broadcast messages of a primary cell of a targeted user's cellular phone. Our attack utilizes a side channel in modern cellular networks that leaks the number of actively transmitting cells for each user. We show that this seemingly harmless system information leakage can be used to achieve practical video-inference attacks. To design effective video-inference attacks, we augment the coarse-grained side-channel measurements with precise timing information and estimate the traffic bursts of encrypted video contents. The Moba attack considers an adversary-chosen set of suspect YouTube videos, from which a targeted user may watch some videos during the attack. We confirm the feasibility of Moba in identifying the exact YouTube video title (if it is from the suspect set) via our over-the-air experiments conducted in LTE-Advanced networks in two countries. Moba can be effective in verifying whether a targeted user watches any of the suspect videos or not; e.g., precision of 0.98 is achieved after observing six-minutes of a single video play. When further allowed to observe multiple video plays, Moba adversary is able to identify whether the targeted user frequently watches the suspect videos with a probability close to one and a near-zero false positive rate. Finally, we present a simple padding-based countermeasure that significantly reduces the attack effectiveness without sacrificing any cellular radio resources.

Funder

National Research Foundation of Korea

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction

Link

https://dl.acm.org/doi/pdf/10.1145/3517261

Reference72 articles.

1. 3GPP. 2013. Carrier Aggregation Explained. https://bit.ly/38O0FiH. 3GPP. 2013. Carrier Aggregation Explained. https://bit.ly/38O0FiH.

2. 3GPP. 2016. TS 36.211 v13.0: Physical Channels and Modulation. 3GPP. 2016. TS 36.211 v13.0: Physical Channels and Modulation.

3. 3GPP. 2016. TS 36.300 v13.0: Overall Description. 3GPP. 2016. TS 36.300 v13.0: Overall Description.

4. 3GPP. 2016. TS 36.321 v13.0: Medium Access Control (MAC) Protocol Specification. 3GPP. 2016. TS 36.321 v13.0: Medium Access Control (MAC) Protocol Specification.

5. 3GPP. 2016. TS 36.331 v13.0: Radio Resource Control (RRC) Protocol Specification. 3GPP. 2016. TS 36.331 v13.0: Radio Resource Control (RRC) Protocol Specification.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Poster: Exploiting Keystroke Dynamics via mmWave Radar for Application Profiling;Proceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services;2024-06-03