KeyTAR is a keystroke timing extraction and inference framework that demonstrates the feasibility of reconstructing user input using only inter-keystroke timing information. While side-channel researchers have long speculated about the potential for such reconstruction, KeyTAR shows the vulnerability is real through accurate keystroke inferences with Large Language Models (LLM).
The attack consists of two main components:
-
Keystroke Extraction: Collects inter-keystroke timings through microarchitectural side-channel techniques.
-
Keystroke Inference: Uses the extracted timings to infer the original typed input.
This repository contains the keystroke extraction portion of the attack.
This directory contains a visualization tool for analyzing Flush+Reload side-channel traces against ground truth kernel function usage. Refer to the README inside the folder for detailed instructions and usage.
These directories include tools for simulating Prime+Probe attacks in native and web environments, respectively. They support replaying keystrokes using our public dataset. Please see the README in each folder for setup and execution details.