EyeDecrypt is a novel technology for privacy-preserving human-computer interaction. EyeDecrypt allows only authorized users to decipher data shown on a display, such as an electronic screen or plain-printed material; in the former case, the authorized user can then interact with the system (e.g., by typing a password), without revealing the details of the interaction to others who may be watching (e.g., shoulder-surfing) or to the system itself (e.g., key-loggers).

EyeDecrypt protects confidential information and user interactions (e.g., typing a password) from shoulder surfing. Furthermore, it protects against malware running on the device the user is interacting with (e.g., laptop, ATM).  It does not require an Internet connection to work and it also works for printed documents.

In EyeDecrypt the user views the decrypted data on a closely-held personal device, such as a pair of smart glasses with a camera and heads-up display, or a smartphone. The data is displayed as an image overlay on the personal device which we assume cannot be viewed by the adversary. The overlay is a form of augmented reality that not only allows the user to view the protected data, but also to securely enter input into the system by randomizing the input interface.

EyeDecrypt consists of three main components: a visualizable encryption scheme; a dataglyph-based visual encoding scheme for the ciphertexts generated by the encryption scheme; and a randomized input and augmented reality scheme that protects user inputs without harming usability. We have defined all aspects of EyeDecrypt, from security definitions, constructions and analysis, to implementation of a prototype on a smartphone.

For more information please refer to our paper published at SCN2014.

For more information on this project contact us at security-research@att.com