AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (4.5 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Empirical Analysis of Remote Keystroke Inference Attacks and Defenses on Incremental Search

School of Cyber Science and Technology, Beihang University, Beijing 100191, China
School of Cyber Science and Technology, Beihang University, Beijing 100191, China, and with Tianmushan Laboratory, Hangzhou 311121, China, and also with Hangzhou Innovattion Institute, Beihang University, Hangzhou 310000, China
Department of Computer Science, Texas Christian University, Fort Worth, TX 76129, USA
Show Author Information

Abstract

Incremental search provides real-time suggestions as users type their queries. However, recent studies demonstrate that its encrypted search traffic can disclose privacy-sensitive data through side channels. Specifically, attackers can derive information about user keystrokes from observable traffic features, like packet sizes, timings, and directions, thereby inferring the victim’s entered search query. This vulnerability is known as a remote keystroke inference attack. While various attacks leveraging different traffic features have been developed, accompanied by obfuscation-based countermeasures, there is still a lack of overall and in-depth understanding regarding these attacks and defenses. To fill this gap, we conduct the first comprehensive evaluation of existing remote keystroke inference attacks and defenses. We carry out extensive experiments on five well-known incremental search websites, all listed in Alexa’s top 50, to evaluate and compare their real-world performance. The results demonstrate that attacks utilizing multidimensional request features pose the greatest risk to user privacy, and random padding is currently considered the optimal defense balancing both efficacy and resource demands. Our work sheds light on the real-world implications of remote keystroke inference attacks and provides developers with guidelines to enhance privacy protection strategies.

References

【1】
【1】
 
 
Tsinghua Science and Technology
Pages 2434-2451

{{item.num}}

Comments on this article

Go to comment

< Back to all reports

Review Status: {{reviewData.commendedNum}} Commended , {{reviewData.revisionRequiredNum}} Revision Required , {{reviewData.notCommendedNum}} Not Commended Under Peer Review

Review Comment

Close
Close
Cite this article:
Chen Z, Mao J, Lin Q, et al. Empirical Analysis of Remote Keystroke Inference Attacks and Defenses on Incremental Search. Tsinghua Science and Technology, 2025, 30(6): 2434-2451. https://doi.org/10.26599/TST.2024.9010100

1427

Views

100

Downloads

2

Crossref

2

Web of Science

0

Scopus

0

CSCD

Received: 15 September 2023
Revised: 06 March 2024
Accepted: 24 May 2024
Published: 04 July 2025
© The author(s) 2025.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).