{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,28]],"date-time":"2026-01-28T21:55:28Z","timestamp":1769637328935,"version":"3.49.0"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319663982","type":"print"},{"value":"9783319663999","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-66399-9_11","type":"book-chapter","created":{"date-parts":[[2017,8,11]],"date-time":"2017-08-11T14:03:24Z","timestamp":1502460204000},"page":"191-209","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":30,"title":["Practical Keystroke Timing Attacks in Sandboxed JavaScript"],"prefix":"10.1007","author":[{"given":"Moritz","family":"Lipp","sequence":"first","affiliation":[]},{"given":"Daniel","family":"Gruss","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Schwarz","sequence":"additional","affiliation":[]},{"given":"David","family":"Bidner","sequence":"additional","affiliation":[]},{"given":"Cl\u00e9mentine","family":"Maurice","sequence":"additional","affiliation":[]},{"given":"Stefan","family":"Mangard","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,8,12]]},"reference":[{"key":"11_CR1","unstructured":"Christensen, A.: Reduce resolution of performance.now (2015). https:\/\/bugs.webkit.org\/show_bug.cgi?id=146531"},{"key":"11_CR2","unstructured":"Alexa Internet Inc.: The top. 500 sites on the web, December 2016. http:\/\/www.alexa.com\/topsites"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Ali, K., Liu, A.X., Wang, W., Shahzad, M.: Keystroke recognition using wifi signals. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, MobiCom 2015 (2015)","DOI":"10.1145\/2789168.2790109"},{"issue":"3","key":"11_CR4","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1080\/00031305.1992.10475879","volume":"46","author":"NS Altman","year":"1992","unstructured":"Altman, N.S.: An introduction to kernel and nearest-neighbor nonparametric regression. Am. Stat. 46(3), 175\u2013185 (1992)","journal-title":"Am. Stat."},{"key":"11_CR5","unstructured":"Berndt, D.J., Clifford, J.: Using dynamic time warping to find patterns in time series. In: Proceedings of the 3rd International Conference on Knowledge Discovery and Data Mining (1994)"},{"key":"11_CR6","unstructured":"Booth, J.M.: Not so incognito: exploiting resource-based side channels in JavaScript engines. Bachelor thesis, Harvard School of Engineering and Applied Sciences (2015)"},{"key":"11_CR7","unstructured":"Zbarsky, B.: Reduce resolution of performance.now. (2015). https:\/\/hg.mozilla.org\/integration\/mozilla-inbound\/rev\/48ae8b5e62ab"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Bortz, A., Boneh, D.: Exposing private information by timing web applications. In: WWW 2007 (2007)","DOI":"10.1145\/1242572.1242656"},{"key":"11_CR9","unstructured":"Chen, W., Chang, W.: Applying hidden Markov models to keystroke pattern analysis for password verification. In: Proceedings of the 2004 IEEE International Conference on Information Reuse and Integration (2004)"},{"key":"11_CR10","unstructured":"Chromium: window.performance.now does not support sub-millisecond precision on Windows (2015). https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=158234#c110"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Diao, W., Liu, X., Li, Z., Zhang, K.: No pardon for the interruption: new inference attacks on android through interrupt timing analysis. In: S&P 2016 (2016)","DOI":"10.1109\/SP.2016.32"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: CCS 2000 (2000)","DOI":"10.1145\/352600.352606"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Gras, B., Razavi, K., Bosman, E., Bos, H., Giuffrida, C.: ASLR on the line: practical cache attacks on the MMU. In: NDSS 2017 (2017)","DOI":"10.14722\/ndss.2017.23271"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-319-24174-6_6","volume-title":"Computer Security \u2013 ESORICS 2015","author":"D Gruss","year":"2015","unstructured":"Gruss, D., Bidner, D., Mangard, S.: Practical memory deduplication attacks in sandboxed JavaScript. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 108\u2013122. Springer, Cham (2015). doi:10.1007\/978-3-319-24174-6_6"},{"key":"11_CR15","unstructured":"Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: USENIX Security Symposium (2015)"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Heiderich, M., Niemietz, M., Schuster, F., Holz, T., Schwenk, J.: Scriptless attacks: stealing the pie without touching the sill. In: CCS 2012 (2012)","DOI":"10.1145\/2382196.2382276"},{"key":"11_CR17","unstructured":"Hogye, M.A., Hughes, C.T., Sarfaty, J.M., Wolf, J.D.: Analysis of the feasibility of keystroke timing attacks over SSH connections. School of Engineering and Applied Science University of Virginia, Technical report (2001)"},{"issue":"3\u20134","key":"11_CR18","doi-asserted-by":"publisher","first-page":"233","DOI":"10.3233\/JCS-1992-13-404","volume":"1","author":"W-M Hu","year":"1992","unstructured":"Hu, W.-M.: Reducing timing channels with fuzzy time. J. Comput. Secur. 1(3\u20134), 233\u2013254 (1992). http:\/\/dl.acm.org\/citation.cfm?id=2699806.2699810","journal-title":"J. Comput. Secur."},{"key":"11_CR19","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.cose.2014.05.008","volume":"45","author":"S Idrus","year":"2014","unstructured":"Idrus, S., Cherrier, E., Rosenberger, C., Bours, P.: Soft biometrics for keystroke dynamics: profiling individuals while typing passwords. Comput. Secur. 45, 147\u2013155 (2014)","journal-title":"Comput. Secur."},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Jana, S., Shmatikov, V.: Memento: learning secrets from process footprints. In: S&P 2012 (2012)","DOI":"10.1109\/SP.2012.19"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Jang, D., Jhala, R., Lerner, S., Shacham, H.: An empirical study of privacy-violating information flows in JavaScript web applications. In: CCS 2010 (2010)","DOI":"10.1145\/1866307.1866339"},{"issue":"1","key":"11_CR22","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/MIC.2014.103","volume":"19","author":"Y Jia","year":"2015","unstructured":"Jia, Y., Dong, X., Liang, Z., Saxena, P.: I know where you\u2019ve been: geo-inference attacks via the browser cache. IEEE Internet Comput. 19(1), 44\u201353 (2015)","journal-title":"IEEE Internet Comput."},{"key":"11_CR23","unstructured":"Kobojek, P., Saeed, K.: Application of recurrent neural networks for user verification based on keystroke dynamics. J. Telecommun. Inf. Technol. 3, 80 (2016). http:\/\/www.itl.waw.pl\/publikacje\/44-jtit\/953-journal-of-telecommunications-and-information-technology-jtit-12012"},{"key":"11_CR24","unstructured":"Kohlbrenner, D., Shacham, H.: Trusted browsers for uncertain times. In: USENIX Security Symposium (2016)"},{"key":"11_CR25","unstructured":"Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: cache attacks on mobile devices. In: USENIX Security Symposium (2016)"},{"key":"11_CR26","doi-asserted-by":"crossref","unstructured":"Maurice, C., Weber, M., Schwarz, M., Giner, L., Gruss, D., Boano, C.A., Mangard, S., R\u00f6mer, K.: Hello from the other side: SSH over robust cache covert channels in the cloud. In: NDSS 2017 (2017)","DOI":"10.14722\/ndss.2017.23294"},{"key":"11_CR27","first-page":"23","volume":"26","author":"M Mehrnezhad","year":"2016","unstructured":"Mehrnezhad, M., Toreini, E., Shahandashti, S.F., Hao, F.: Touchsignatures: identification of user touch actions and pins based on mobile sensor data via JavaScript. J. Inf. Secur. Appl. 26, 23\u201338 (2016)","journal-title":"J. Inf. Secur. Appl."},{"key":"11_CR28","unstructured":"Perry, M.: Bug 1517: reduce precision of time for JavaScript (2015). https:\/\/gitweb.torproject.org\/user\/mikeperry\/tor-browser.git\/commit\/?h=bug1517"},{"key":"11_CR29","unstructured":"Myers, M.: Anti-keylogging with random noise. In: PoC$$|$$GTFO, vol. 0x14 (2017)"},{"key":"11_CR30","doi-asserted-by":"crossref","unstructured":"Oren, Y., Kemerlis, V.P., Sethumadhavan, S., Keromytis, A.D.: The spy in the sandbox: practical cache attacks in JavaScript and their implications. In: CCS 2015 (2015)","DOI":"10.1145\/2810103.2813708"},{"key":"11_CR31","unstructured":"Ortolani, S.: Noisykey: tolerating keyloggers via keystrokes hiding. In: USENIX Workshop on Hot Topics in Security - HotSec (2012)"},{"key":"11_CR32","unstructured":"Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting dram addressing for cross-CPU attacks. In: USENIX Security Symposium (2016)"},{"issue":"6","key":"11_CR33","doi-asserted-by":"publisher","first-page":"1898","DOI":"10.3758\/s13423-016-1044-3","volume":"23","author":"S Pinet","year":"2016","unstructured":"Pinet, S., Ziegler, J.C., Alario, F.X.: Typing is writing: linguistic properties modulate typing execution. Psychon. Bull. Rev. 23(6), 1898\u20131906 (2016)","journal-title":"Psychon. Bull. Rev."},{"key":"11_CR34","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009 (2009)","DOI":"10.1145\/1653662.1653687"},{"key":"11_CR35","doi-asserted-by":"crossref","unstructured":"Rumelhart, D.E., McClelland, J.L., PDP Research Group, C. (eds.): Parallel Distributed Processing: Explorations in the Microstructure of Cognition, vol. 1: Foundations. MIT Press, Cambridge (1986)","DOI":"10.7551\/mitpress\/5236.001.0001"},{"key":"11_CR36","doi-asserted-by":"crossref","unstructured":"Schwarz, M., Lipp, M., Gruss, D., Weiser, S., Maurice, C., Spreitzer, R., Mangard, S.: KeyDrown: eliminating keystroke timing side-channel attacks (2017). arXiv preprint arXiv:1706.06381","DOI":"10.14722\/ndss.2018.23027"},{"key":"11_CR37","doi-asserted-by":"crossref","unstructured":"Schwarz, M., Maurice, C., Gruss, D., Mangard, S.: Fantastic timers and where to find them: high-resolution microarchitectural attacks in JavaScript. In: FC 2017 (2017)","DOI":"10.1007\/978-3-319-70972-7_13"},{"key":"11_CR38","doi-asserted-by":"crossref","unstructured":"Simon, L., Xu, W., Anderson, R.: Don\u2019t interrupt me while I type: inferring text entered through gesture typing on android keyboards. In: Proceedings on Privacy Enhancing Technologies (2016)","DOI":"10.1515\/popets-2016-0020"},{"key":"11_CR39","unstructured":"Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: USENIX Security Symposium (2001)"},{"key":"11_CR40","unstructured":"Stone, P.: Pixel perfect timing attacks with HTML5. Context Information Security (White Paper) (2013)"},{"key":"11_CR41","doi-asserted-by":"crossref","unstructured":"Van Goethem, T., Joosen, W., Nikiforakis, N.: The clock is still ticking: timing attacks in the modern web. In: CCS 2015 (2015)","DOI":"10.1145\/2810103.2813632"},{"key":"11_CR42","doi-asserted-by":"crossref","unstructured":"Vattikonda, B.C., Das, S., Shacham, H.: Eliminating fine grained timers in Xen. In: CCSW 2011 (2011)","DOI":"10.1145\/2046660.2046671"},{"key":"11_CR43","unstructured":"Vila, P., K\u00f6pf, B.: Loophole: timing attacks on shared event loops in chrome. In: USENIX Security Symposium (2017)"},{"key":"11_CR44","unstructured":"W3C: Web Workers - W3C Working Draft, 24 September 2015. https:\/\/www.w3.org\/TR\/workers\/"},{"key":"11_CR45","unstructured":"W3C: High Resolution Time Level 2 (2016). https:\/\/www.w3.org\/TR\/hr-time\/"},{"key":"11_CR46","doi-asserted-by":"crossref","unstructured":"Weinberg, Z., Chen, E.Y., Jayaraman, P.R., Jackson, C.: I still know what you visited last summer: leaking browsing history via user interaction and side channel attacks. In: S&P 2011 (2011)","DOI":"10.1109\/SP.2011.23"},{"issue":"3\u20134","key":"11_CR47","doi-asserted-by":"publisher","first-page":"219","DOI":"10.3233\/JCS-1992-13-403","volume":"1","author":"JC Wray","year":"1992","unstructured":"Wray, J.C.: An analysis of covert timing channels. J. Comput. Secur. 1(3\u20134), 219\u2013232 (1992)","journal-title":"J. Comput. Secur."},{"key":"11_CR48","doi-asserted-by":"crossref","unstructured":"Xi, X., Keogh, E., Shelton, C., Wei, L., Ann Ratanamahatana, C.: Fast time series classification using numerosity reduction. In: Proceedings of the 23rd International Conference on Machine Learning (2006)","DOI":"10.1145\/1143844.1143974"},{"key":"11_CR49","unstructured":"Zhang, K., Wang, X.: Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems. In: USENIX Security Symposium (2009)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-66399-9_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,26]],"date-time":"2024-06-26T05:13:51Z","timestamp":1719378831000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-66399-9_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319663982","9783319663999"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-66399-9_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"12 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oslo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 September 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 September 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/deic.uab.cat\/conferences\/dpm\/dpm2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}