Keystroke Timing Analysis of on-the-fly Web Apps

The Google Suggestions service used in Google Search is one example of an interactivity rich Javascript application. In this paper, we analyse the timing side channel of Google Suggestions by reverse engineering the communication model from obfuscated Javascript code. We consider an attacker who att...

Full description

Saved in:
Bibliographic Details
Main Authors: TEY, Chee Meng, GUPTA, Payas, GAO, Debin, ZHANG, YAN
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2013
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/2037
https://ink.library.smu.edu.sg/context/sis_research/article/3036/viewcontent/acns13.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-3036
record_format dspace
spelling sg-smu-ink.sis_research-30362014-02-04T11:54:04Z Keystroke Timing Analysis of on-the-fly Web Apps TEY, Chee Meng GUPTA, Payas GAO, Debin ZHANG, YAN The Google Suggestions service used in Google Search is one example of an interactivity rich Javascript application. In this paper, we analyse the timing side channel of Google Suggestions by reverse engineering the communication model from obfuscated Javascript code. We consider an attacker who attempts to infer the typing pattern of a victim. From our experiments involving 11 participants, we found that for each keypair with at least 20 samples, the mean of the inter-keystroke timing can be determined with an error of less than 20%. 2013-06-25T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2037 info:doi/10.1007/978-3-642-38980-1_25 https://ink.library.smu.edu.sg/context/sis_research/article/3036/viewcontent/acns13.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Information Security
spellingShingle Information Security
TEY, Chee Meng
GUPTA, Payas
GAO, Debin
ZHANG, YAN
Keystroke Timing Analysis of on-the-fly Web Apps
description The Google Suggestions service used in Google Search is one example of an interactivity rich Javascript application. In this paper, we analyse the timing side channel of Google Suggestions by reverse engineering the communication model from obfuscated Javascript code. We consider an attacker who attempts to infer the typing pattern of a victim. From our experiments involving 11 participants, we found that for each keypair with at least 20 samples, the mean of the inter-keystroke timing can be determined with an error of less than 20%.
format text
author TEY, Chee Meng
GUPTA, Payas
GAO, Debin
ZHANG, YAN
author_facet TEY, Chee Meng
GUPTA, Payas
GAO, Debin
ZHANG, YAN
author_sort TEY, Chee Meng
title Keystroke Timing Analysis of on-the-fly Web Apps
title_short Keystroke Timing Analysis of on-the-fly Web Apps
title_full Keystroke Timing Analysis of on-the-fly Web Apps
title_fullStr Keystroke Timing Analysis of on-the-fly Web Apps
title_full_unstemmed Keystroke Timing Analysis of on-the-fly Web Apps
title_sort keystroke timing analysis of on-the-fly web apps
publisher Institutional Knowledge at Singapore Management University
publishDate 2013
url https://ink.library.smu.edu.sg/sis_research/2037
https://ink.library.smu.edu.sg/context/sis_research/article/3036/viewcontent/acns13.pdf
_version_ 1770571778112880640