Looking Through Walls: Inferring Scenes from Video-Surveillance Encrypted Traffic

Nowadays living environments are characterized by networks of inter-connected sensing devices that accomplish different tasks, e.g., video surveillance of an environment by a network of CCTV cameras. A malicious user could gather sensitive details on people’s activities by eavesdropping the exchanged data packets. To overcome this problem, video streams are protected by encryption systems, but even secured channels may still leak some information. In this paper, we show that it is possible to infer visual data by intercepting the encrypted video stream of a surveillance system, and how this may be leveraged to track the movements of a person inside the secured area. We trained an automatic classifier on a computer graphic simulator and tested it on real videos, with standard encryption protocols. Experiments proved the transferability of the classifier trained on synthetic sequences, succeeding in the detection of up to four different walking directions on real videos, with a limited amount of intercepted traffic.

[1]  Oswald Lanz,et al.  Exploiting Color Constancy for Robust Tracking Under Non-uniform Illumination , 2014, ICIAR.

[2]  Ivan Martinovic,et al.  Who do you sync you are?: smartphone fingerprinting via application behaviour , 2013, WiSec '13.

[3]  Walid Dabbous,et al.  Network characteristics of video streaming traffic , 2011, CoNEXT '11.

[4]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[5]  Tao Hu,et al.  Learning the Scene Illumination for Color-Based People Tracking in Dynamic Environment , 2013, ICIAP.

[6]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[7]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[8]  Ryan Shea,et al.  A Castle of Glass: Leaky IoT Appliances in Modern Smart Homes , 2018, IEEE Wireless Communications.

[9]  Deborah Estrin,et al.  A first look at traffic on smartphones , 2010, IMC '10.

[10]  Biswanath Mukherjee,et al.  Insights from Analysis of Video Streaming Data to Improve Resource Management , 2018, 2018 IEEE 7th International Conference on Cloud Networking (CloudNet).

[11]  Mauro Conti,et al.  AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[12]  Andrew Reed,et al.  Identifying HTTPS-Protected Netflix Videos in Real-Time , 2017, CODASPY.

[13]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[14]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[15]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[16]  Dawn Xiaodong Song,et al.  NetworkProfiler: Towards automatic fingerprinting of Android apps , 2013, 2013 Proceedings IEEE INFOCOM.

[17]  Raheem Beyah,et al.  Information Leakage in Encrypted IP Video Traffic , 2014, GLOBECOM 2014.

[18]  Giovanni Vigna,et al.  ClearShot: Eavesdropping on Keyboard Input from Video , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[19]  Jiguo Yu,et al.  Side-channel information leakage of encrypted video stream in video surveillance systems , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[20]  Wenyuan Xu,et al.  HomeSpy: Inferring User Presence via Encrypted Traffic of Home Surveillance Camera , 2017, 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS).

[21]  Johannes Obermaier,et al.  Analyzing the Security and Privacy of Cloud-based Video Surveillance Systems , 2016, IoTPTS@AsiaCCS.

[22]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[23]  Nino Vincenzo Verde,et al.  Can't You Hear Me Knocking: Identification of User Actions on Android Apps via Traffic Analysis , 2014, CODASPY.