Date of Submission
Master of Science in Computer Science (MSCS)
MPEG-DASH is a video streaming standard that outlines protocols for sending audio and video content from a server to a client over HTTP. The standard has been widely utilized by the video streaming industry. However, it creates an opportunity for an adversary to invade users’ privacy. While a user is watching a video, information is leaked in the form of meta-data, the size and time that the server sent data to the user. This information is not protected by encryption and can be used to create a fingerprint for a video. Once the fingerprint is created, the adversary can use this to identify whether a target user is watching the corresponding video. Successful attack schemes have been proposed based on this leakage of user data using both Machine Learning (ML) and algorithmic approaches. Only one defense strategy has been proposed to deal with this problem: using differential privacy that adds a sufficient amount of noise in order to muddle the attacks. However, this strategy still suffers from the trade-off between the privacy level and efficiency for both the server and the client. To break through the problem, this paper proposes two schemes. A server-side defense and a client-side defense against the attacks with rigorous privacy and performance constraints, creating a totally private, scalable solution that outperforms the extant schemes. Our two proposed schemes, No Data are Alone (NDA) and a proposed scheme that uses only a single cluster (Single Cluster Solution), are developed based on KMeans clustering and are highly efficient. The experimental results show that our schemes are more than two times as efficient, in terms of excess downloaded video (represented as waste), than the most efficient differential privacy-based scheme. Additionally, no classifier can achieve an accuracy above 7.07% against videos obfuscated with our scheme NDA and 2.5% against our Single Cluster Solution.