CHARACTERIZING INFORMATION LEAKAGE FROM USER DEFINED INPUT EVENTS
Loading...
Authors
Burns, John P.
Subjects
keyboard
clock skew
security
privacy
clock skew
security
privacy
Advisors
Monaco, John
Date of Issue
2020-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Computer operators cannot comprehend the amount of identifying information that a single machine regularly broadcasts over the internet. These seemingly benign bits of information have the ability to create unintended and irreparable security and privacy consequences, such as the ability to remotely profile and fingerprint devices. In this work, we explore the privacy implications of keyboard event timestamps recorded in a web browser. We use time controlled keyboard inputs to characterize information leakage from a host computer connect to the internet. The study takes the user out of the picture and focuses on the hardware. This area of focus is significant because keyboard timestamps are not guarded by permissions and remain ubiquitous across devices connected to the internet. Timestamp analysis betrays a non-trivial amount of information about the host machine. This study characterizes this passive leakage in the examination and testing of nine typical personal computers. The results yielded 100% accuracy in operating system profiling and finds that seemingly identical computers can be fingerprinted with almost 90% accuracy.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.