Background: Video fingerprinting, similar to the more well-known website fingerprinting, is a class of techniques used to identify which videos a user is watching by analyzing their network traffic. A common setting involves an attacker that monitors the link between the user’s device and a video server, collects the encrypted traffic, and determines which video the encrypted communication corresponds to by using classification models. This works because the traffic, despite encryption, contains characteristic patterns that are unique to the underlying video. While many video fingerprinting attacks have been presented, practical, purpose-built defenses are lacking.
Two notes for context: DASH is the most common video streaming standard in use on the web today. It splits videos into small segments (of a few seconds) that video players request on demand. Each video has an MPD, which is an XML file with metadata about the video, including its segments.
Description: The paper presents Dodge, a client-side framework for application-layer video fingerprinting defenses, implemented as a fork of the dash.js video player. Dodge generalizes the telltale request-response sequence of DASH video streaming, replacing segment downloads with customizable cycles that are specified in a JSON file called an extended manifest, used in place of the DASH MPD. This provides a significant degree of control over the sequence of request and response sizes in a video stream, enabling quick and easy deployment of different types of traffic analysis defenses without any required changes to servers or network infrastructure. Dodge can be used as is or as a reference when implementing defenses in other video players.
As a proof of concept, the paper also includes a mimicry defense, Dodge-mimic, which groups the videos in a dataset into groups with similar sequences of segment sizes and ensures that the videos in each group have the same sequence of cycles. While this approach is based on k-anonymity (guaranteeing that each observable traffic flow is indistinguishable from at least k − 1 others), which is vulnerable to several attacks and must be deployed carefully — if at all — it demonstrates Dodge’s support for precise control over video traffic patterns and shows how one might go about crafting defenses for Dodge.