Screen-blocking systems stop prying eyes

Oculis Labs thinks it has stared down a long-known gaping hole in data protection

You've probably been in this situation before: A colleague strolls up behind your computer during work hours and your personal e-mail is in view.

To protect computer users in such instances -- and some that are much more problematic -- a U.S.-based company, Oculis Labs, has come up with two systems that obscure sensitive content on a computer screen, offering an alternative to plastic overlays that block content unless viewed at a direct angle.

Oculis Labs' first product, Chameleon, is designed for military use. For first-time users, Chameleon does a calibration test to observe how a person's eyes move over the text. For most people, this pattern is different. A user tracks a blue dot around nine positions on the screen.

When Chamelon is in use, a person's eye movements are tracked by a so-called "gaze tracker," which is an infrared camera, said Bill Anderson, president of Oculis Labs and former vice president of encryption at SafeNet.

When a document is displayed, only that authorized user can see the text as the camera tracks the person's eyes. For people who don't have the same viewing pattern, the text changes. Anyone else -- such as a translator employed by the military working with the soldier -- will see content that's been convincingly crafted to look like the real content, but isn't.

For example, a line of text that reads "the cat ran across the road" may appear to a snooper to say "the turtle had a nice lunch," Anderson said.

Those text changes occur in a 23 to 65 millisecond period when the eyes make rapid movements -- known as saccades -- but the user doesn't notice anything in a split-second of relative blindness.

"We are replacing content with equally probably false content," said Anderson.

Chameleon intercepts application content, such as that in a Microsoft Word document, before it hits the graphics card and alters it. The authorized user can slightly detect that the text is changing outside their peripheral vision but in a way that doesn't interfere with their comprehension of the document, Anderson said.

Chameleon alters the text by using a statistical dictionary to come up with convincing yet false content. It means that a soldier doesn't have to worry that the translator may be also gathering intelligence. About 5 percent of the time, however, people can share the same viewing pattern.

Chameleon also resists what is known as a tempest attack, a decades-old technique where electronic signals emitted by hardware such as a graphics card can be detected and then used to figure out content, Anderson said. It also defeats attempts with zoom lenses to take screenshots of content.

Applications sending data to the graphics card are unaware of Chameleon. So far the system just works with Microsoft Windows-based PCs, but could be used with other operating systems, Anderson said.

Chameleon will cost around US$10,000 per seat for a perpetual license. Anderson said Oculis plans to approach the U.S. military and potentially other NATO allies.

Oculis has also developed a spin-off product for consumer and enterprise use called Private Eye, which just went on sale about two weeks ago. Private Eye works with a regular webcam. It detects who is primarily using the computer and if that user turns away, the text is blurred on the screen within 100 milliseconds, Anderson said.

Users often grapple with a decision of whether to close a window when a colleague comes by, which could be perceived as rude or a sign that one employee doesn't trust another, Anderson said.

But when PrivateEye is known to be used, even those scenarios tend to stop: "Nobody wants to be perceived as the one who is always snooping," Anderson said.

With the forthcoming version, PrivateEye Professional, if the webcam sees someone else behind the authorized user, it will display a thumbnail-sized video window with the interloper's image.

"An adversary sees his own face, so he knows he's been caught," Anderson said.

The standard version of PrivateEye retails for $19.95 for a consumer license and $59.95 for a commercial one. The licenses are perpetual. PrivateEye Professional will sell for $59.95 for noncommercial use an $119.95 for commercial use.

Oculis Labs, which started two years ago on about $1 million in financing from family and friends, is hoping its technology could be woven into data leakage security products offered by large vendors, Anderson said. Another option is securing a deal with an original equipment manufacturer to ship PrivateEye with new PCs, he said.

Oculis Labs is working to raise another $1 million to $1.5 million over the next few months during a funding round, Anderson said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about BillMicrosoftNATOSafeNet

Show Comments
[]