Voice chat and conferencing services may be assumed to be private and secure because of strong encryption algorithms applied to the video stream. We show that information leakage is occurring in video over IP traffic, including for encrypted payloads. It is possible to detect motion and scene changes, such as a person standing up or walking past a camera streaming live video. We accomplish this through analysis of network traffic metadata including arrival time between packets, packet sizes, and video stream bandwidth. Event detection through metadata analysis is possible even when common encryption techniques are applied to the video stream such as SSL or AES. We have observed information leakage across multiple codes and cameras. Through measurements of the x264 codec, we establish a basis for detectability of events via packet timing. Our laboratory experiments confirm that this event detection is possible and repeatable with commercial video streaming software.
