Thesis (M.S., Computer Science)--University of Idaho, June 2014 | Many secure systems, such as SSH, encrypt communications but fail to obscure inter-keystroke timing data. Attacks on confidentiality based on inter-keystroke timing data have been demonstrated in the literature. However, these past attacks have worked only with fixed data collected in a controlled setting. In order to evaluate the usefulness of this attack in real world applications, it is necessary to examine data typed in a more natural environment, "free text" data.
This thesis explores for the first time keystroke timing attacks in a free text environment. Approaches to timing attacks found in the literature are combined with a free text data set. This thesis demonstrates several difficulties and limitations particular to free text. It also demonstrates for the first time a successful predictive attack on free text timing data. This research pushes keystroke timing attacks closer to a real world setting, demonstrating their potential and limitations in live systems.