The explosion of information has resulted in incremental search becoming an essential tool for many websites. This technology provides real-time suggestions by sending the current query to the server. Despite encryption, search requests can be leveraged by passive attackers to infer the query typed by the user. In this paper, we show that at least nine of Alexa’s top 50 websites have serious side-channel leaks. More importantly, we use information theory to quantify the leakage and report the upper bound of recognition accuracy that an attacker can achieve. We further develop a generic attack attempting to infer users’ queries by monitoring web search traffic. Experimentally, the attack performance is close to the theoretical bounds. The most vulnerable website allows up to 53% of English queries and 76% of Chinese queries to be identified from 825k and 140k queries, respectively. Overall, our work highlights the prevalence of such side-channel leaks on the Internet and provides insights for developers to help mitigate the threat.

信息的爆炸式增长导致增量搜索成为许多网站的重要工具。该技术通过将当前查询发送到服务器来提供实时建议。尽管进行了加密，但被动攻击者可以利用搜索请求来推断用户键入的查询。在本文中，我们表明 Alexa 排名前 50 的网站中至少有 9 个存在严重的侧信道泄漏。更重要的是，我们使用信息论来量化泄漏并报告攻击者可以达到的识别准确率的上限。我们进一步开发了一种通用攻击，试图通过监控网络搜索流量来推断用户的查询。实验上，攻击性能接近理论界限。最易受攻击的网站分别允许从 825k 和 140k 查询中识别出多达 53% 的英文查询和 76% 的中文查询。总体而言，我们的工作突出了 Internet 上此类侧信道泄漏的普遍性，并为开发人员提供了帮助减轻威胁的见解。