Schneier on Security
A blog covering security and security technology.
« Snooping on Text by Listening to the Keyboard |
| Crime-Facilitating Speech »
September 13, 2005
Privacy Enhanced Computer Display
From the Mitsuibshi Research Laboratories:
The privacy-enhanced computer display uses a ferroelectric shutter glasses and a special device driver to produce a computer display which can be read only by the desired recipient, and not by an onlooker. The display alternately displays the desired information in one field, then the inverse image of the desired information in the next field, at up to 120 Hz refresh. The ferroelectric shutter glasses allow only the desired information to be viewed, while the inverse image causes unauthorized viewers to perceive only a flickering gray image, caused by the persistence of vision in the human visual system. It is also possible to use the system to "underlay" a private message on a public display system.
Posted on September 13, 2005 at 1:22 PM
• 39 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Forgive my stupidity if I just didn't see it in the article, but what, exactly, prevents someone else from buying another unit and just using the glasses on every protected device built? Is this not a global secret?
And what prevents someone from taking one or more pictures of the screen at high speed?
So now I can look at porn at work?
This sounds like an idea that is too clever for its own good. As with the previous story about recording keyboard clicks, what if the display were simply recorded electronically at the display frame rate. Then, all one would need to do is to synchronize with the information frames to retrieve the data displayed.
Its probably just as effective (and cheaper) to arrange your office so that no one can look over your shoulder as you type.
> Forgive my stupidity if I just didn't see it in the
> article, but what, exactly, prevents someone else
> from buying another unit and just using the glasses
> on every protected device built? Is this not a global
> And what prevents someone from taking one or
> more pictures of the screen at high speed?
It does seem to be a global secret, so you just have to look for anyone else wearing weird glasses.
And no, nothing stops someone from taking a high-speed picture (and then inverting the image if necessary). I would think that it would have to be rather expensive camera technology to get a clean capture at 120 Hz, but I'm not certain about that and I think you could get enough of a difference to extract information with a little photoshop.
It seems to be more for stopping inadvertant evesdropping than actual malicious snooping.
... so yeah, porn at work.
Given the possible applications they describe on the web page, this seems like pretty reasonable technology. Talk about high speed recording devices and second sets of (hard-wired) glasses seems off base. Are there dumb ways to use this technology? Sure. Are there smart ways to use it? Medical office and bank teller situations might be perfectly reasonable.
>>I would think that it would have to be rather expensive camera technology to get a clean capture at 120 Hz,
actually you need only an integer subfrequency (5hz?), not necessary to capture every frame
You don't even need that. Any camera with a proper shutter speed will retrieve the information, readable in every frame. The information is only obscured by the human eye averaging the frames together.
The frame order can be pseudo-random, so it isn't a global secret.
However, high speed recording could still defeat it. As such, one of teh 3M privacy guards are probably mostly-as-good an a heck of a lot cheater.
> actually you need only an integer subfrequency
> (5hz?), not necessary to capture every frame
Good point - so long as the exposure doesn't see the same amount of each type in a given shot, you should be able to get the information by bumping the contrast.
It seems like a great way to keep people from seeing things inadvertantly or easily, which *would* be good for medical records etc, though possibly not worth the price. It does not provide "perfect security."
Incidentally, mightn't one be able to fashion a pair of glasses that would allow the user to tune the rate? It would then not need to be hardwired in order to snoop. It seems like it should be reasonably easy to find a frequency that allows something of an image... think of a fan in front of a regular monitor.
I think kd5bjo hit the real answer. Your screen doesn't change at 60hz. It just refreshes that fast so that if something changes you don't perceive a flicker. Probably says "Start" lower left or [Apple] upper left 24/7. The image in this system is constant for 7-8ms at a time. Take a plain camera with a 1/1000 shutter speed and you're probably not going to photograph the transition 3/4 of the time.
Technically it's a lot more interesting that they have an LCD that can switch this fast over a long period of time. That would solve things like smearing video playback, but not solve a security problem.
The adversary is not a sophisticated attacker lugging along a high-speed camera. The attacker is just the random person walking behind your cubicle, while you're viewing sensitive information.
Why don't you just use video glasses, i.e. glasses with a video system built into them? They are probably cheaper than the special glasses, are already readily available on the market, and you can throw away the monitor. I think the researchers just found something "cool" but without any practical use.
minor comment: notice the date, "August 2, 2001."
The 3M screen are polarizing filter to force you to be directly in front of the screen. My guess is they are making this an omnidirectional privacy solution.
In the camera solution, given enough ambient light or a very sensitive sensor/optics package, a video camera should be able to pull 30fps at 1/1000s each.
Technology finds new and innovative ways to outdo itself and toast our eyes in the process ...
If you had a really high refresh rate display, you could cycle through hundreds of separate image/anti-image (average=gray) pairs every second, and even if someone could tune a device to allow them to see your screen, they wouldn't know if they were seeing what you were seeing or if they were seeing one of the hundreds of "decoy" images.
Tech like this would go a long way in my day job, a state financial institution regulator. Most banks I go into fail their GLBA responsibilities just because of the design of their teller lines WRT the rest of the space. In far too many cases I can walk in a public area and clearly see a teller's LCD screen at her station. That's an automatic GLBA issue in the exam report.
Is this tech foolproof? Hardly. However, it's a good first-order defense against the shoulder surfers. It seems to me to be a good way to get 95% of what we want with little associated cost.
120Hz does sound like a high frame rate, however it is just a video signal (all be it interlaced in a very odd way).
The photograph on the page, shows it to be a CRT monitor. Now some people over at the Cambridge Labs UK (Markus Kuhn et al) showed how to use a photomultiplier tube and a telescope to recover a reflection of a video monitor of a wall.
I see no reason why having recovered the serial video signal into say a video capture card you could not just work your way through it a frame at a time...
As Bruce observed in the "Listining to Keyboard" post, it's a technology war, if my technology is better then you are dead in the water...
As I keep saying it's an Energy / Bandwidth issue, if you have enough of either then information will leak, especially if it's in a serial form.
Not too bad, I can see how it'd have useful applications in banks or military or something.
This isn't going to stop anything being intercepted before it gets to the monitor, though. VNC installed without your knowledge, screenshots etc would still grab the info just fine. So there would probably be a fairly limited number of places that would need it.
"if my technology is better then you are dead in the water"
Yes, except for cases where "superior technology" is defeated by simple and sometimes non-technical attacks on a weak/forgotten link, or a leak as you mentioned. Improvements in technology rarely follow a linear regression, especially with regard to security.
I suppose "ctrl-alt-del when you leave your seat" becomes less of a concern if noone but you can see your screen.
What if you work in an environment with multiple shared monitors? For example, if a bank teller has this system, what will their manager need to see the screen, or the next teller? Do you distribute glasses with different access privileges, or a shared secret approach where the glasses are the key? I can just imagine needing to manage a glasses infrastructure...
You guys are thinking of much too complicated hacks to get arround this scheem. I'd bet that you could read the screen just by waving your hands quickly back and fourth in front of your eyes while looking at the screen. It would look awfull, but I bet you could read it.
Aren't (in the US) fluorescent lights flickering at 120hz? The flickering light may make a beat with the screen contrast, perhaps enough to see it by simply looking at it. Sync'ing the monitor to the line frequency would probably be a good idea, as most CRT monitors use a crystal derived refresh that may be accurate, but not exact. If the privacy screen happens to even slightly polarize the light, looking through polarized glasses and tilting your head slightly would probably help. If something like this is cheap enough I would use it in conjunction with other ideas (move the monitor out of general public view, train the CRT jockey to logoff when leaving the system, adding a venetian blind type of screen protector or sun shield that only allows head on views). If you really want to get "geeky" with it, you can still buy those 3d shutter glasses. They look pretty normal (except for the extra wire, hide it as a headphone or hands free cell accessory). Toss in a variable frequency oscillator and start "war staring".
>exactly, prevents someone else from buying another unit and just using the glasses on every protected device built?
The fact that it's clearly deliberate, illegal and probably detectable. You've now moved from an easily deniable attack ("I just saw it by accident"; "I was looking at his strange shoes/ her attractive t-shirt" etc.) into "I use these special glasses at work and forgot to take them off whilst remembering to bring along the special magic driver box and making up a special syncronisation device" etc. etc.
You will still be able to read the screens with a tempest device (in the UK they are called "TV License Fee Detector Vans"; see URL on my post), note these really have to read your screen at about a hundred meters so you can't do plausible deniability with a security monitor. However _nobody_ cares about tempest attacks.
This might be great for lan partys! then that newb sitting to my right cant peak over at my screen to find out where im camping ;)
Saddly the days of the UK Television Detector Vans is long long gone.
These days they employ a bunch of thugs to frighten people and pretend they have rights they do not have (see last Sats Gaurdian Newspaper Job&Money Supplement).
If you read the FAQ by Markus Kuhn from my earlier post he makes similar comments and also explains why Whim Van Ekk (circu 1988) Monitoring realy does not work to well. However that being said the Intel/SigInt/ElInt Weenies for NATO etc kind of freeked out when the CambLabs released a set of "TEMPEST Fonts" for the PC.
iPod is one of the top most selling portable musical devices available today. iPod is one of the most technologically advanced digital music devices around today. What makes an iPod different from other MP3 players is its simple design and technology which is ahead of its time.
The iPod has changed the way people listen to music. It has removed the limitations of carrying your entire collection of music, now you can take all of your music with you anywhere and everywhere you want. Crisp quality and flawless performance make the iPod one of the most loved electronic devices of our times. The design of the iPod is also one of its features which make it a popular choice amongst buyers.
Technologies like Firewire which lets you transfer songs from your pc to your iPod within no time. With innovations like hard disk drives and the lossless encoder which enables you to keep the CD sound quality after transferring songs from your music CD’s to your iPod. iPod accessories available on iPodstreet.com are made to perfectly compliment the innovations which are intrinsic to the iPod. Use the latest iPod accessories on iPodstreet.com to make your favorite iPod look trendy and also boost its overall performance.
iPod accessories on iPodstreet.com are made with using the best quality materials and the latest technology. iPod accessories sold on iPodstreet.com are tested to the limit to provide you with the highest level of quality and flawless performance. The wide range of iPod accessories offered on iPodstreet.com give you the freedom to choose how you may want to customize your favorite iPod device. iPod accessories stocked on iPodstreet.com come to you at a special price which are meant go easy on your wallet.
I see Joe User sitting there all proud and smug that the guy standing nearby can't read his screen. And not thinking that the guy was actually watching Joe's fingers typing in a password.
Are these similar to the old Stereographics glasses used for stereo display?
So this is cheaper than the windows+M key to just minimize the screen or just punching the monitor's power button to off when someone walks in? Of course, there is nothing that a well placed minature camera couldn't pickup and send to a receiver that gets the whole screen image all the time. Or am I watching too many ALIAS and 24 shows?
Um - why go on about breaking this with clever glasses etc when you can probably get a small hand held fan, and maybe adjust the speed by using your finger as a break; then look through the fins? You even get plausible deniability.... keep it simple
Seems like it is especially vulnerable to Van Eck as well. You'd have especially big snaps between states.
If the glasses are hard-wired to the computer, then the computer can generate random synch patterns to which the glasses are sychronized, but which an attackers glasses are not.
Combine this with 'dummy' screenshots (that are actually time-delayed screenshots of your previous few hours work) that are interleaved in random order, and things start getting really confusing for anyone with glasses or videocameras. :p
Only the user who's connected to the machine is able to view a non-scrambled/delayed screen.
For places where a manager or co-worker would need to be able to view at the same time, that's just another socket to plug into.
Can't use any wireless technology because that's just inviting remote sniffing/synch attacks. Might even want to use F/O instead of wires, to prevent any detection of RF emmisions from the computer to the glasses via the connecting cable.
So you need special glasses to see the 'real' message... straight out of the movie "They Live"!
Interesting but not mind boggling.
It requires an aid to look at the screen. Maybe interesting for CIA agents but for the average john dough it seems too trivial.
Looking at your screen in those electric ray-bans, someone else will tap into the your network, sniffing packets without glasses.
Raise the paranoia level once more.
oh i forgot to notice:
Then wait for the chinese to flush the market with frequency adjusted electric ray-bans, capable of adjusting the frequency in the glasses to match the screen :)
That would funny. I can't wait.
Silly as it sounds, I'd bet one could sneak a glimpse at the "hidden" image just by blinking a lot. You might not catch every frame, but you'd see something. Of course, now this means we (at least USians) can all be sued into oblivion - moistening ones eyes can violate the DMCA.
Well, it states that it can be adjusted to a 120hz refresh rate. Fast blinking my friend :)
As i looked into it more closely,There is more to it and not as easy as i thought. The molecules in the ferroelectric material will align with unpolarized light in the shutters. The alignment of these molecules are bases on the trasmission of the image bases on a chosen frequency to polarize the ferroelectric material in teh glasses.
I can imagine: By not knowing a possible algorithm used to trasmit it, - or using multiple freuquecies together - only an tuned ferroelectric shutter is able to read it.
But one things worries me:
"Usable for Places such as banks (bank balances) hospitals (patient health information), pharmacies (drug information), airline ticketing and airport gate agent stations (passenger and security information) are all candidates for a privacy-enhanced computer display."
Well, like all electronics, eventually it will fail based on the idea that it has no field organisation, and will collapse under its own logic, somtimes by the simplest method.
Does anyone have a photo of what these glasses look like or where the can be obtained.
I have a special application in mind and would like to experiment with a pair.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.