Keystroke timing analysis of on-the-fly web apps

Authors:
Chee Meng Tey;Payas Gupta;Debin Gao;Yan Zhang
Affiliations:
Singapore Management University, Singapore;Singapore Management University, Singapore;Singapore Management University, Singapore;State Key Laboratory Of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, China
Venue:
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Year:
2013

Citing 8
Cited 0

Identity authentication based on keystroke latencies

Communications of the ACM
Keystroke dynamics as a biometric for authentication

Future Generation Computer Systems - Special issue on security on the Web
Typing Patterns: A Key to User Identification

IEEE Security and Privacy
Ajax Design Patterns

Ajax Design Patterns
Timing analysis of keystrokes and timing attacks on SSH

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Why did my detector do that?!: predicting keystroke-dynamics error rates

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
User authentication through typing biometrics features

IEEE Transactions on Signal Processing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Google Suggestions service used in Google Search is one example of an interactivity rich Javascript application. In this paper, we analyse the timing side channel of Google Suggestions by reverse engineering the communication model from obfuscated Javascript code. We consider an attacker who attempts to infer the typing pattern of a victim. From our experiments involving 11 participants, we found that for each keypair with at least 20 samples, the mean of the inter-keystroke timing can be determined with an error of less than 20%.