Empirical Analysis of Remote Keystroke Inference Attacks and Defenses on Incremental Search

IF 3.5 1区计算机科学 Q1 Multidisciplinary

Tsinghua Science and Technology Pub Date : 2025-07-04 DOI:10.26599/TST.2024.9010100

Zhiyu Chen;Jian Mao;Qixiao Lin;Liran Ma;Jianwei Liu

{"title":"Empirical Analysis of Remote Keystroke Inference Attacks and Defenses on Incremental Search","authors":"Zhiyu Chen;Jian Mao;Qixiao Lin;Liran Ma;Jianwei Liu","doi":"10.26599/TST.2024.9010100","DOIUrl":null,"url":null,"abstract":"Incremental search provides real-time suggestions as users type their queries. However, recent studies demonstrate that its encrypted search traffic can disclose privacy-sensitive data through side channels. Specifically, attackers can derive information about user keystrokes from observable traffic features, like packet sizes, timings, and directions, thereby inferring the victim's entered search query. This vulnerability is known as a remote keystroke inference attack. While various attacks leveraging different traffic features have been developed, accompanied by obfuscation-based countermeasures, there is still a lack of overall and in-depth understanding regarding these attacks and defenses. To fill this gap, we conduct the first comprehensive evaluation of existing remote keystroke inference attacks and defenses. We carry out extensive experiments on five well-known incremental search websites, all listed in Alexa's top 50, to evaluate and compare their real-world performance. The results demonstrate that attacks utilizing multidimensional request features pose the greatest risk to user privacy, and random padding is currently considered the optimal defense balancing both efficacy and resource demands. Our work sheds light on the real-world implications of remote keystroke inference attacks and provides developers with guidelines to enhance privacy protection strategies.","PeriodicalId":48690,"journal":{"name":"Tsinghua Science and Technology","volume":"30 6","pages":"2434-2451"},"PeriodicalIF":3.5000,"publicationDate":"2025-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11072067","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Tsinghua Science and Technology","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11072067/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Multidisciplinary","Score":null,"Total":0}

引用次数: 0

Abstract

Incremental search provides real-time suggestions as users type their queries. However, recent studies demonstrate that its encrypted search traffic can disclose privacy-sensitive data through side channels. Specifically, attackers can derive information about user keystrokes from observable traffic features, like packet sizes, timings, and directions, thereby inferring the victim's entered search query. This vulnerability is known as a remote keystroke inference attack. While various attacks leveraging different traffic features have been developed, accompanied by obfuscation-based countermeasures, there is still a lack of overall and in-depth understanding regarding these attacks and defenses. To fill this gap, we conduct the first comprehensive evaluation of existing remote keystroke inference attacks and defenses. We carry out extensive experiments on five well-known incremental search websites, all listed in Alexa's top 50, to evaluate and compare their real-world performance. The results demonstrate that attacks utilizing multidimensional request features pose the greatest risk to user privacy, and random padding is currently considered the optimal defense balancing both efficacy and resource demands. Our work sheds light on the real-world implications of remote keystroke inference attacks and provides developers with guidelines to enhance privacy protection strategies.

查看原文本刊更多论文

基于增量搜索的远程击键推理攻击与防御实证分析

增量搜索在用户输入查询时提供实时建议。然而，最近的研究表明，其加密的搜索流量可能会通过侧通道泄露隐私敏感数据。具体来说，攻击者可以从可观察到的流量特征（如数据包大小、时间和方向）中获得有关用户击键的信息，从而推断受害者输入的搜索查询。这个漏洞被称为远程击键推断攻击。虽然利用不同流量特征的各种攻击已经被开发出来，并伴随着基于混淆的对策，但对这些攻击和防御仍然缺乏全面和深入的了解。为了填补这一空白，我们对现有的远程击键推理攻击和防御进行了首次全面评估。我们在五个知名的增量搜索网站上进行了广泛的实验，所有这些网站都列在Alexa的前50名中，以评估和比较它们在现实世界中的表现。结果表明，利用多维请求特征的攻击对用户隐私构成了最大的风险，而随机填充目前被认为是平衡效率和资源需求的最佳防御方法。我们的工作揭示了远程击键推断攻击的现实影响，并为开发人员提供了增强隐私保护策略的指导方针。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Tsinghua Science and Technology COMPUTER SCIENCE, INFORMATION SYSTEMSCOMPU-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

10.20

自引率

10.60%

发文量

2340

期刊介绍： Tsinghua Science and Technology (Tsinghua Sci Technol) started publication in 1996. It is an international academic journal sponsored by Tsinghua University and is published bimonthly. This journal aims at presenting the up-to-date scientific achievements in computer science, electronic engineering, and other IT fields. Contributions all over the world are welcome.