Meta and Media Data Stream Forensics in the Encrypted Domain of Video Conferences

R. Altschaffel, Jonas Hielscher, Stefan Kiltz, J. Dittmann
{"title":"Meta and Media Data Stream Forensics in the Encrypted Domain of Video Conferences","authors":"R. Altschaffel, Jonas Hielscher, Stefan Kiltz, J. Dittmann","doi":"10.1145/3437880.3460412","DOIUrl":null,"url":null,"abstract":"Our paper presents a systematic approach to investigate whether and how events can be identified and extracted during the use of video conferencing software. Our approach is based on the encrypted meta and multimedia data exchanged during video conference sessions. It relies on the network data stream which contains data interpretable without decryption (plain data) and encrypted data (encrypted content) some of which is decrypted using our approach (decrypted content). This systematic approach uses a forensic process model and the fission of network data streams before applying methods on the specific individual data types. Our approach is applied exemplary to the Zoom Videoconferencing Service with Client Version 5.4.57862.0110 [4], the mobile Android App Client Version 5.5.2 (1328) [4], the webbased client and the servers (accessed between Jan 21st and Feb 4th). The investigation includes over 50 different configurations. For the heuristic speaker identification, two series of nine sets for eight different speakers are collected. The results show that various user data can be derived from characteristics of encrypted media streams, even if end-to-end encryption is used. The findings suggest user privacy risks. Our approach offers the identification of various events, which enable activity tracking (e.g. camera on/off, increased activity in front of camera) by evaluating heuristic features of the network streams. Further research into user identification within the encrypted audio stream based on pattern recognition using heuristic features of the corresponding network data stream is conducted and suggests the possibility to identify users within a specific set.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3437880.3460412","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

Abstract

Our paper presents a systematic approach to investigate whether and how events can be identified and extracted during the use of video conferencing software. Our approach is based on the encrypted meta and multimedia data exchanged during video conference sessions. It relies on the network data stream which contains data interpretable without decryption (plain data) and encrypted data (encrypted content) some of which is decrypted using our approach (decrypted content). This systematic approach uses a forensic process model and the fission of network data streams before applying methods on the specific individual data types. Our approach is applied exemplary to the Zoom Videoconferencing Service with Client Version 5.4.57862.0110 [4], the mobile Android App Client Version 5.5.2 (1328) [4], the webbased client and the servers (accessed between Jan 21st and Feb 4th). The investigation includes over 50 different configurations. For the heuristic speaker identification, two series of nine sets for eight different speakers are collected. The results show that various user data can be derived from characteristics of encrypted media streams, even if end-to-end encryption is used. The findings suggest user privacy risks. Our approach offers the identification of various events, which enable activity tracking (e.g. camera on/off, increased activity in front of camera) by evaluating heuristic features of the network streams. Further research into user identification within the encrypted audio stream based on pattern recognition using heuristic features of the corresponding network data stream is conducted and suggests the possibility to identify users within a specific set.
视频会议加密域的元数据流和媒体数据流取证
本文提出了一种系统的方法来研究在使用视频会议软件期间是否以及如何识别和提取事件。我们的方法是基于在视频会议期间交换的加密元数据和多媒体数据。它依赖于网络数据流,其中包含无需解密即可解释的数据(普通数据)和加密数据(加密内容),其中一些数据使用我们的方法解密(解密内容)。这种系统的方法在对特定的个人数据类型应用方法之前,使用了一个取证过程模型和网络数据流的裂变。我们的方法应用于Zoom视频会议服务,客户端版本5.4.57862.0110[4],移动Android应用客户端版本5.5.2(1328)[4],基于web的客户端和服务器(在1月21日至2月4日之间访问)。调查包括50多种不同的配置。对于启发式说话人识别,收集了两个系列,每组9组,分别代表8个不同的说话人。结果表明,即使使用端到端加密,也可以从加密媒体流的特征中获得各种用户数据。调查结果表明,用户隐私存在风险。我们的方法提供了各种事件的识别,通过评估网络流的启发式特征来实现活动跟踪(例如,摄像机开/关,摄像机前的活动增加)。利用相应网络数据流的启发式特征,基于模式识别对加密音频流中的用户识别进行了进一步研究,并提出了在特定集合中识别用户的可能性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信