Keystroke Timing Analysis of on-the-fly Web Apps

Author

Chee Meng TEY, Singapore Management UniversityFollow
Payas GUPTA, Singapore Management UniversityFollow
Debin GAO, Singapore Management UniversityFollow
YAN ZHANG

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

6-2013

Abstract

The Google Suggestions service used in Google Search is one example of an interactivity rich Javascript application. In this paper, we analyse the timing side channel of Google Suggestions by reverse engineering the communication model from obfuscated Javascript code. We consider an attacker who attempts to infer the typing pattern of a victim. From our experiments involving 11 participants, we found that for each keypair with at least 20 samples, the mean of the inter-keystroke timing can be determined with an error of less than 20%.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Applied Cryptography and Network Security: 11th International Conference ACNS 2013, Banff, AB, Canada, June 25-28: Proceedings

Volume

7954

First Page

405

Last Page

413

ISBN

9783642389801

Identifier

10.1007/978-3-642-38980-1_25

Publisher

Springer Verlag

City or Country

Banff, Alberta, Canada

Citation

TEY, Chee Meng; GUPTA, Payas; GAO, Debin; and ZHANG, YAN. Keystroke Timing Analysis of on-the-fly Web Apps. (2013). Applied Cryptography and Network Security: 11th International Conference ACNS 2013, Banff, AB, Canada, June 25-28: Proceedings. 7954, 405-413.
Available at: https://ink.library.smu.edu.sg/sis_research/2037

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://dx.doi.org/10.1007/978-3-642-38980-1_25