Abstract
We introduce EyeDecrypt, a novel technology for privacy-preserving human-computer interaction. EyeDecrypt allows only authorized users to decipher data shown on a display, such as an electronic screen or plain printed material; in the former case, the authorized user can then interact with the system (e.g., by pressing buttons on the screen), without revealing the details of the interaction to others who may be watching or to the system itself.
The user views the decrypted data on a closely-held personal device, such as a pair of smart glasses with a camera and heads-up display, or a smartphone. The data is displayed as an image overlay on the personal device, which we assume cannot be viewed by the adversary. The overlay is a form of augmented reality that not only allows the user to view the protected data, but also to securely enter input into the system by randomizing the input interface.
EyeDecrypt consists of three main components: a visualizable encryption scheme; a dataglyph-based visual encoding scheme for the ciphertexts generated by the encryption scheme; and a randomized input and augmented reality scheme that protects user inputs without harming usability. We describe all aspects of EyeDecrypt, from security definitions, constructions and analysis, to implementation details of a prototype developed on a smartphone.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Backes, M., Chen, T., Drmuth, M., Lensch, H.P.A., Welk, M.: Tempest in a teapot: Compromising reflections revisited. In: IEEE Symposium on Security and Privacy, pp. 315–327 (2009)
Backes, M., Drmuth, M., Unruh, D.: Compromising reflections-or-how to read LCD monitors around the corner. In: IEEE Symposium on Security and Privacy, pp. 158–169 (2008)
Conde-Lagoa, D., Costa-Montenegro, E., Gonzalez-Castao, F., Gil-Castieira, F.: Secure eTickets based on QR-Codes with user-encrypted content. In: 2010 Digest of Technical Papers International Conference on Consumer Electronics (ICCE), pp. 257–258 (2010)
De Luca, A., Frauendienst, B., Boring, S., Hussmann, H.: My phone is my keypad: Privacy-enhanced PIN-entry on public terminals. In: Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group, pp. 401–404. ACM, New York (2009), http://doi.acm.org/10.1145/1738826.1738909
De Luca, A., Hertzschuch, K., Hussmann, H.: ColorPIN: Securing PIN entry through indirect input. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1103–1106. ACM, New York (2010), http://doi.acm.org/10.1145/1753326.1753490
Fang, C., Chang, E.C.: Securing interactive sessions using mobile device through visual channel and visual inspection. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, pp. 69–78. ACM, New York (2010), http://doi.acm.org/10.1145/1920261.1920272
Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) Advances in Cryptology - CRYPT0 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994), http://dl.acm.org/citation.cfm?id=646758.705697
Forget, A., Chiasson, S., Biddle, R.: Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1107–1110. ACM, New York (2010), http://doi.acm.org/10.1145/1753326.1753491
Forte, A., Garay, J., Jim, T., Vahlis, Y.: Eyedecrypt – private interactions in plain sight. Cryptology ePrint Archive, Report 2013/590 (2013), http://eprint.iacr.org/
Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984), http://www.sciencedirect.com/science/article/pii/0022000084900709
Google: Google Glass, http://www.google.com/glass
ISO: Information technology – Automatic identification and data capture techniques – Data Matrix bar code symbology specification. ISO 16022:2006. International Organization for Standardization, Geneva, Switzerland (2006)
ISO: Information technology – Automatic identification and data capture techniques – QR Code 2005 bar code symbology specification. ISO 18004:2006. International Organization for Standardization, Geneva, Switzerland (2006)
Itseez: Open Source Computer Vision (OpenCV) Library, http://opencv.org
Kumar, M., Garfinkel, T., Boneh, D., Winograd, T.: Reducing shoulder-surfing by using gaze-based password entry. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 13–19. ACM, New York (2007), http://doi.acm.org/10.1145/1280680.1280683
Liang, J., Doermann, D., Li, H.: Camera-based analysis of text and documents: A survey. International Journal of Document Analysis and Recognition (IJDAR) 7(2-3), 84–104 (2005), http://link.springer.com/article/10.1007/s10032-004-0138-z
McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-is-believing: Using camera phones for human-verifiable authentication. In: IEEE Symposium on Security and Privacy, pp. 110–124. IEEE Computer Society, Los Alamitos (2005)
Naor, M., Shamir, A.: Visual cryptography. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1–12. Springer, Heidelberg (1995)
Nishino, K., Nayar, S.K.: Corneal imaging system: Environment from eyes. International Journal of Computer Vision 70(1), 23–40 (2006)
Parikh, D., Jancke, G.: Localization and segmentation of a 2D high capacity color barcode. In: IEEE Workshop on Applications of Computer Vision, pp. 1–6. IEEE (2008)
Perli, S.D., Ahmed, N., Katabi, D.: PixNet: Interference-free wireless links using LCD-camera pairs. In: Proceedings of the Sixteenth Annual International Conference on Mobile Computing and Networking, MobiCom 2010, pp. 137–148. ACM, New York (2010), http://doi.acm.org/10.1145/1859995.1860012
Reilly, D., Chen, H., Smolyn, G.: Toward fluid, mobile and ubiquitous interaction with paper using recursive 2D barcodes. In: 3rd International Workshop on Pervasive Mobile Interaction Devices, PERMID 2007 (May 2007)
Roth, V., Richter, K., Freidinger, R.: A PIN-entry method resilient against shoulder surfing. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 236–245. ACM, New York (2004), http://doi.acm.org/10.1145/1030083.1030116
Sattar, J., Bourque, E., Giguere, P., Dudek, G.: Fourier tags: Smoothly degradable fiducial markers for use in human-robot interaction. In: Fourth Canadian Conference on Computer and Robot Vision, CRV 2007, pp. 165–174 (2007)
Saxena, N., Ekberg, J.E., Kostiainen, K., Asokan, N.: Secure device pairing based on a visual channel. In: IEEE Symposium on Security and Privacy, pp. 306–313. IEEE Computer Society (2006)
Starnberger, G., Froihofer, L., Goeschka, K.: QR-TAN: Secure mobile transaction authentication. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 578–583 (2009)
Suzuki, S., Abe, K.: Topological structural analysis of digitized binary images by border following. Computer Vision, Graphics, and Image Processing 30, 32–46 (1985)
Tateno, K., Kitahara, I., Ohta, Y.: A nested marker for augmented reality. In: IEEE Virtual Reality Conference, VR 2007, pp. 259–262 (2007)
Tow, R.F.: Methods and means for embedding machine readable digital data in halftone images (May 24, 1994), US Patent 5,315,098
Tuytelaars, T., Mikolajczyk, K.: Local invariant feature detectors: A survey. Foundations and Trends in Computer Graphics and Vision 3(3), 177–280 (2007)
Wikipedia: Moiré pattern (2013), http://en.wikipedia.org/wiki/Moir%C3%A9_pattern
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Forte, A.G., Garay, J.A., Jim, T., Vahlis, Y. (2014). EyeDecrypt — Private Interactions in Plain Sight. In: Abdalla, M., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2014. Lecture Notes in Computer Science, vol 8642. Springer, Cham. https://doi.org/10.1007/978-3-319-10879-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-10879-7_15
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10878-0
Online ISBN: 978-3-319-10879-7
eBook Packages: Computer ScienceComputer Science (R0)