Encrypted traffic analysis (ETA) is a process that can be used by network adversaries to infer web browsing activities of targeted Internet users, even when the communication is encrypted using HTTPS, VPN and Tor. Attacks that use ETA are totally non-intrusive to the end points and do not require compromising the decryption key. Instead, the attacker employs statistical techniques on the encrypted traffic to reveal some meta information about the browsing activity of targeted users.

So far, several research works have highlighted the vulnerability of HTTP/1.x (with SSL/TLS) based websites to these encrypted traffic analysis (ETA) attacks. However, recent advancements in web technology have resulted in the emergence of new protocols and applications for communication over the Internet. Two such contemporary communication systems are -- (1) Interactive video streaming platform developed by Netflix, and; (2) the HTTP/2 communication protocol. Our preliminary studies show that state-of-the-art ETA techniques are not suitable for inferring fine-grained browsing information of users of these contemporary communication systems. Therefore, in this work, we study the vulnerability of the two aforementioned contemporary communication systems to ETA-based privacy attacks.

First, we evaluate the interactive video streaming platform developed by Netflix. Recently, Netflix released the first mainstream interactive movie called ‘Black Mirror: Bandersnatch’. In this work, we use this movie as a case-study to develop techniques for revealing information from encrypted interactive video traffic. We show for the first time that information such as the choices made by viewers can be revealed based on the characteristics of encrypted control traffic exchanged with Netflix. To evaluate our proposed technique, we built the first interactive video traffic dataset of 100 viewers. Our technique was able to reveal the choices 96% of the time in the case of ‘Black Mirror: Bandersnatch’ and they were also equally or more successful for all other interactive movies released by Netflix so far. Second, we evaluate the HTTP/2 communication protocol. HTTP/2 introduced multi-threaded server operation for performance improvement over HTTP/1.1. Recent works have discovered that multi-threaded operation results in multiplexed object transmission that can also have an unanticipated positive effect on TLS/SSL privacy. Orthogonal to these works, we examine if the privacy offered by such schemes work in practice. We show that it is possible for a network adversary with modest capabilities to completely break the privacy offered by the schemes that leverage HTTP/2 multiplexing. Our adversary was able to break the privacy of a real-world HTTP/2 website (isidewith.com) 90% of the time. To the best of our knowledge, this is the first privacy attack on HTTP/2.