![Page 1: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/1.jpg)
iDecrypt(EyeDecrypt)
Andrea Forte (AT&T Security Research Center)Juan Garay (AT&T Labs ― Research) Yevgeniy Vahlis (AT&T Security Research Center)
![Page 2: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/2.jpg)
“Shoulder Surfing”
iDecrypt2
![Page 3: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/3.jpg)
(Traditional) Content Protection
� Encryption, authentication, selective decryption
� Receiver/display devices
iDecrypt3
![Page 4: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/4.jpg)
This Work
� Content protection in new setting: public-view rendering device (next slide)
� Content can be stored/offline or dynamically captured (streaming)
� Two main components:
iDecrypt
� Two main components:
• Visualizable encryption scheme• New visual encoding technique
4
“For your eyes only!”
![Page 5: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/5.jpg)
Model
Content repository/ (Public) Rendering
iDecrypt5
Content repository/“capturing” device
(Public) Rendering device
c = EK(m) c’ = EK(m’)
R(m,m’)Non-malleability
![Page 6: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/6.jpg)
iDecrypt in a Nutshell
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbiadipiscing felis sit adipiscing elit. Morbi adipiscing felis sit amet liberotempus sed tempus dolor sagittis. Vestibulum ac tortor diam. Cras et volutpat quam. Donec tincidunt ultrices mauris nec convallis. Mauriscongue convallis ante non feugiat. Aenean vulputate velit id sapienfermentum vel rhoncus nisi convallis. Maecenas mollis est a mi auctorcommodo. Vivamus sollicitudin eleifend. tincidunt. Phasellus vel variusvelit.
Plaintext
1001010101010001001010101010010000111010111101011010101100000111010011110101010100011110100000001100010000000000001101010111010100010101000111100010101110111101011
CiphertextVisualizable
iDecrypt
1101010001010100011110001010111011110101110101010110100101
Visual Encoding
Visualizable
Encryption
VisualEncoding
6
![Page 7: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/7.jpg)
Rest of the Talk
� Introduction/Motivation
� Visualizable Encryption
� Visual Encoding
� “Demo”
![Page 8: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/8.jpg)
Rest of the Talk
� Introduction/Motivation
� Visualizable Encryption
� Visual Encoding
� “Demo”
![Page 9: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/9.jpg)
Visualizable Encryption
H A P P Y
N E W
Y E A R
A L I C E !
Plaintext
Block
� Encryption is performed per block:
� Plaintext space is a matrix of text (for now)
iDecrypt9
C1,1 C1,2 C1,3
C1,4 C1,5 C1,6
� Decryption is straightforward: Ciphertext
![Page 10: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/10.jpg)
Visualizable Encryption (cont’d)
H A P P Y
N E W
Y E A R
A L I C E !
Plaintext
Block
� Encryption is performed per block:
� “Frames” ― allow dynamically changing content (e.v., video, screen encryption)
H O W I S
E V E
D O I N G ?
H O W I S
E V E
D O I N G ?
iDecrypt10
C1,1 C1,2 C1,3
C1,4 C1,5 C1,6
� Decryption is straightforward:Ciphertext
C1,1 C1,2 C1,3
C1,4 C1,5 C1,6
C1,1 C1,2 C1,3
C1,4 C1,5 C1,6
![Page 11: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/11.jpg)
Visualizable Encryption: Security Definition
Vis-IND-CCA security: A visualizable encryption scheme is secure if no efficient Adv can win the following game:
1. Setup: The challenger chooses a random document key Kdoc2. Query Phase 1: Adv submits encryption and decryption queries Enc(m,i,j) and Dec(c,i,j)
iDecrypt11
Enc(m,i,j) and Dec(c,i,j) • We restrict Adv from submitting Enc(m,i,j) and Enc(m’,i,j) for m≠m’
3. Challenge: The adversary submits (m0,m1,i*,j*) that were not previously queried, and the challenger returns c*= Enc(mb, i*,j*) for a random b
4. Query Phase 2: Same as phase 1, except Adv cannot query Dec(c*, i*,j*)
5. Guess: Adv outputs a guess b’ for the value of b
![Page 12: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/12.jpg)
Visualizable Encryption: Security Def. (cont’d)
Vis-IND-CCA security: A visualizable encryption scheme is secure if no efficient Adv can win the following game:
1. Setup: The challenger chooses a random document key Kdoc2. Query Phase 1: Adv submits encryption and decryption queries Enc(m,i,j,f) and Dec(c,i,j,f)
iDecrypt12
Enc(m,i,j,f) and Dec(c,i,j,f) • We restrict Adv from submitting Enc(m,i,j,f) and Enc(m’,i,j,f) for m≠m’
3. Challenge: The adversary submits (m0,m1,i*,j*,f*) that were not previously queried, and the challenger returns c*= Enc(mb, i*,j*,f*) for a random b
4. Query Phase 2: Same as phase 1, except Adv cannot query Dec(c*, i*,j*,f*)
5. Guess: Adv outputs a guess b’ for the value of b
![Page 13: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/13.jpg)
Visualizable Encryption: Proof Sketch
� Replacing PRF with random function assigns a random pad to each block coordinates
� Each block can be queried at most once to the encryption oracle → encrypted content is indistinguishable from random
iDecrypt13
→ encrypted content is indistinguishable from random
� Non-malleability follows from MAC
![Page 14: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/14.jpg)
Rest of the Talk
� Introduction/Motivation
� Visualizable Encryption
� Visual Encoding
� “Demo”
![Page 15: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/15.jpg)
Visual Encoding
� Many existing visual encoding solutions: QR, data matrix, Dataglyphs, HCCB
� Most require capturing the entire encoding
iDecrypt15
encoding
� We require:• Locality – cropped encoding decodes to sub-matrix of input
• Relative positioning – adjacent input sub-matrixes are adjacent in encoded image
![Page 16: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/16.jpg)
Visual Encoding Scheme
� New encoding designed to meet our needs
� Bits are encoded as different-size blocks
� Distinguishing is easy regardless of distance/scale
� To encode a matrix with n-bit cells,
C1,1 C1,2 C1,3
C1,4 C1,5 C1,6
Ciphertext
iDecrypt16
� To encode a matrix with n-bit cells, compute an √n x √n bit matrix for each cell in input matrix
� Two colors are used to distinguish rows
� Bits can be read regardless of orientation or skew ― “orientation robustness”
![Page 17: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/17.jpg)
Visual Encoding Scheme (cont’d)
d1, d2 – dimensions of input matrix
t1, t2 – dimensions of output image
P – pixel space (e.g., RGB triples)
Definition of visual encoding:
iDecrypt17
Relative positioning:
[r1…r2, c1…c2] → [r1· t1/d1…r2 · t1/d1, c1· t2/d2…c2 · t2/d2]
![Page 18: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/18.jpg)
Visual Encoding Scheme (cont’d)
Decoding leverages alternating rowcolors and different block sizes
� First, “clean up” the image
� While reading a row, look for the
Original image
iDecrypt18
� While reading a row, look for the closest unvisited block of the same color (e.g., using BFS)
� No need to untilt/unskew image (“orientation robustness”)
� To distinguish 0/1 compare relativeareas of blocks
Visualization of decoding step
![Page 19: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/19.jpg)
Rest of the Talk
� Introduction/Motivation
� Visualizable Encryption
� Visual Encoding
� “Demo”
![Page 20: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/20.jpg)
Get Image from camera
Convert pixels values to (r,g,b)
Use BFS to find first / next block in a line
Use Flood Fill to
compute blocks area
“Demo”
Small block:
0
Small block: 1
Large block: 0
Build binary matrix
(ciphertext)
Decrypt ciphertext
Display plain-text overlaid on camera view
iDecrypt
![Page 21: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/21.jpg)
“Demo”
iDecrypt21
![Page 22: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/22.jpg)
“Demo”
iDecrypt22
![Page 23: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/23.jpg)
“Demo”
iDecrypt23
![Page 24: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/24.jpg)
“Demo”
iDecrypt24
![Page 25: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/25.jpg)
Performance and Challenges� Capacity
• Plaintext: 5184bits• Ciphertext: 7200 bits (overhead due to coordinates and padding)• Visual encoding: 1 bit / 0.25 cm2
� Desired properties
• High(er) capacity visual encoding
iDecrypt
• High(er) capacity visual encoding• Decoding possible for different resolutions (distance, camera)
– Can include encryption of low resolution version of neighboring blocks
� Performance
• Used phone (Samsung Galaxy S2) ‘s GPU for faster rendering• Various algorithmic optimizations
� Security definition(s)
25
![Page 26: Garay Stanford Real World Crypto 0113 Public · PDF fileadjacent in encoded image. ... – Can include encryption of low resolution version of neighboring blocks ... Garay_Stanford_Real_World_Crypto_0113_Public.pptx](https://reader034.vdocuments.us/reader034/viewer/2022051722/5aa494807f8b9ac8748c2261/html5/thumbnails/26.jpg)
Thanks!Thanks!