Characterizing Information Leakage From User Defines Input Events

Abstract

Computer operators cannot comprehend the amount of identifying information that a single machine regularly broadcasts over the internet. These seemingly benign bits of information have the ability to create unintended and irreparable security and privacy consequences, such as the ability to remotely profile and fingerprint devices. In this work, we explore the privacy implications of keyboard event timestamps recorded in a web browser. We use time controlled keyboard inputs to characterize information leakage from a host computer connected to the internet. The study takes the user out of the picture and focuses on the hardware. This area of focus is significant because keyboard timestamps are not guarded by permissions and remain ubiquitous across devices connected to the internet. Timestamp analysis betrays a non-trivial amount of information about the host machine. This study characterizes this passive leakage in the examination and testing of nine typical personal computers. The results yielded 100% accuracy in operating system profiling and finds that seemingly identical computers can be fingerprinted with almost 90% accuracy.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2020
Accession Number
AD1114644

Entities

People

  • John P. Burns

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Accuracy
  • Central Processing Units
  • Computer Communications
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Fingerprints
  • Internet
  • Keyboards
  • Machine Learning
  • Networks
  • Operating Systems
  • Personal Computers
  • Security
  • Wearable Technology
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Educational Psychology