Portable Document Format security

From HandWiki

Portable Document Format security is concerned with the protection of information and property from theft, corruption, and attack. Its main purpose it to make sure information is productive and accessible to its intended users.

History

From its early stages of development in the 1990s, PDF started including security features. Over the years, several threats have been clearly identified including the following:

  • In 2000, a conceptual weakness was identified with the ability of Adobe reader to run malicious scripts related to a particular link. This attack used the XSS (Cross Site Scripting)

attack technique.

  • In 2001, Outlook PDFWorm (Trend Micro, 2000) was identified and spread through PDF documents as Microsoft Outlook email attachments. It appeared as a game running a malicious code imbedded in the document.[1]
  • In 2003, the W32 Yourde virus that exploited a vulnerability in Acrobat 5.0.5 was discovered . A corrupted PDF document exploited a vulnerability in the JavaScript parsing engine to lead Acrobat into using plug-ins folders.
  • Early PDF document security relied on a weak 40 bit encryption with methods to crack it readily available online. As a result, Adobe added a 128 bit encryption in May 2006 for better protection. Later in december 2006, another critical XSS attack through PDF documents was discovered.
  • On March 30, 2010, an Adobe Reader and Foxit Reader exploit that runs a malicious executable is identified.[2]

Risks and vulnerabilities

Adobe Reader and Acrobat products are supported by a large and complex code including several proprietary extensions. This apparent flexibility translates into a broad attack surface that is difficult for Adobe and anti-malware vendors to defend. For example, most PDF related tools allow their users to copy or print without paying attention to password or protection.[3][4][5] Vulnerabilities are quite common in Adobe Reader's long history with Adobe Systems providing appropriate solutions.[6]

Most PDF security concerns arise around the use of the full version of Adobe Acrobat whereas PDF documents are only the object of security analysis that is restricted to attacks and vulnerabilities.

Like HTML files, PDF files are also vulnerable. Here, vulnerability of a PDF document means its susceptibility to flaw, attackers access to the flaw, and their capability to exploit the flaw. Later, Adobe introduced a function that allows the original author to audit file usage.[7] However, the use of restrictions that a document author places on a PDF document is not secure, and cannot be assured once the file is distributed.

Exploits

The PDF standard allowing related documents to be imbedded with JavaScript is indeed a vulnerability that can be prevented by disabling the script execution and inhibit such exploits. This action is far more helpful than any support from compatibility.[8]

Around 2013, FireEye, a cybersecurity company, discovered that attackers use a remote code execution exploit called Zero-day exploit that bypasses the sandbox anti-exploitation and works against the Adobe Reader 9, 10 and 11.[9][10]

As an example effort to reduce exploitation, Adobe Systems has implemented auto-update features, developed the Adobe Reader protected mode, a secure sandbox for displaying PDF documents and restricting external malware calls. In addition, Return-oriented programming (ROP) and stolen digital certificates have played significant roles in recent exploits.

Updating Adobe Reader or Acrobat to the latest version, enabling auto-update, disabling Javascript or simply considering alternative PDF readers.Finally, educating users about the risks of attacks from PDF documents.[11]

Solutions

Over time, Adobe Systems has provided solutions to deal with new vulnerabilities as soon as they were discovered in various versions of Adobe Reader.[12] For example, the company publishes security bulletins in their Security bulletins and advisories page.[13][14]

Robust means of information rights management like Adobe LiveCycle Rights Management and Locklizard PDF DRM[15] are some of the commercial solutions offered on the market. They restrict document access and also reliably enforce permissions better than standard security handlers.[16]

DRM

PDF documents are also subject to the application of digital rights management (DRM) technology.[17][18] The purpose of DRM is to prevent the unauthorized use and control access to corporate documents, limit copying, editing and printing. The application of Enterprise digital rights management technology to control access to corporate documents in PDF format is also quite common.[19] This technology also known as IRM (Information Rights Management), integrates with content management system software and is generally intended to prevent the unauthorized use of private and confidential documents.

Encryption

PDFs may be encrypted so that a password is needed to view or edit the contents. The PDF Reference defines both 40-bit and 128-bit encryption, both making use of a complex system of RC4 and MD5. The PDF Reference also defines ways that third parties can define their own encryption systems for PDF. The PDF Reference has technical details for an end-user overview.[20]

Watermarking and others

Adobe Systems recommends that any PDF application concerned with security, implements a combination of application sandboxing, data execution protection including non-executable memory, address space layout randomization, and stack cookies as defense mechanism.[21] Watermarking is often used for enforcing copyright on PDF files and help provide evidence in legal situations rather than as a restriction. A standard pdf watermark works well for PDF distribution because its of its consistent appearance.[22]

A number of applications (ex. Google Chrome) provides secure internal viewing that protects content against malicious exploit. This technique is called sandboxing.[23][24][25]

See also

References

  1. Adobe Forums, Announcement: PDF Attachment Virus "Peachy", 15 August 2001.
  2. "Malicious PDFs Execute Code Without a Vulnerability". PCMAG. http://blogs.pcmag.com/securitywatch/2010/03/malicious_pdfs_execute_code_wi.php. 
  3. Bryan Guignard. "How secure is PDF". http://www.cs.cmu.edu/~dst/Adobe/Gallery/PDFsecurity.pdf. 
  4. "PDF Security Overview: Strengths and Weaknesses". http://www.planetpdf.com/planetpdf/pdfs/pdf2k/01W/merz_securitykeynote.pdf. 
  5. Jeremy Kirk. "Adobe admits new PDF password protection is weaker". http://www.macworld.com/article/1137343/pdf.html. 
  6. "Security bulletins and advisories". Adobe. https://www.adobe.com/support/security/#readerwin. Retrieved 2010-02-21. 
  7. New features and issues addressed in the Acrobat 7.0.5 Update (Acrobat and Adobe Reader for Windows and Mac OS)
  8. Steve Gibson - SecurityNow Podcast
  9. Lucian Constantin (February 13, 2013). "Researchers: Zero-day PDF exploit affects Adobe Reader 11, earlier versions". PCWolrd. http://www.pcworld.com/article/2027946/researchers-zero-day-pdf-exploit-affects-adobe-reader-11-earlier-versions.html. 
  10. Lucian Constantin (February 14, 2013). "Researchers: Zero-day PDF exploit affects Adobe Reader 11, earlier versions". PCWolrd. http://www.pcworld.com/article/2027946/researchers-zero-day-pdf-exploit-affects-adobe-reader-11-earlier-versions.html. 
  11. PDFlib - PDF Security - Security Recommendations, http://www.pdflib.com/knowledge-base/pdf-security/recommendations/, retrieved 2012-09-26, "AES-256 according to PDF 1.7 Adobe Extension Level 3 (Acrobat 9) should be avoided because it contains a weakness in the password checking algorithm." 
  12. "PDF security reaches new levels with Adobe Reader XI and Adobe Acrobat XI". Adobe Systems. http://www.adobe.com/content/dam/Adobe/en/products/acrobat/axi/pdfs/reader-acrobat-xi-security.pdf. Retrieved 2010-02-21. 
  13. "Security bulletins and advisories". Adobe. https://www.adobe.com/support/security/#readerwin. Retrieved 2010-02-21. 
  14. "Security Bulletins and Advisories". adobe.com. Adobe Systems. https://www.adobe.com/support/security/. Retrieved 4 December 2015. 
  15. "LockLizard Develops Zero Footprint Solution for PDF Security". http://www.infosecurity-magazine.com/news/locklizard-develops-zero-footprint-solution-for/. 
  16. "PDF DRM Security Software for Adobe Document Protection". http://www.locklizard.com/pdf_security_drm/. 
  17. "Q&A: What is DRM?". http://news.bbc.co.uk/2/hi/technology/6337781.stm. 
  18. "PDF DRM Security – 10 things you should know". Locklizard. http://www.locklizard.com/pdf_security_drm/. 
  19. ""DRM vs. ERM: Battle to Control Data", Network World". Archived from the original on 2008-03-03. https://web.archive.org/web/20080303235632/http://www.networkworld.com/news/tech/2006/121806techupdate.html. Retrieved 2008-04-02. 
  20. "Create Adobe PDF Online - Security Settings Help". Createpdf.adobe.com. Archived from the original on 2009-12-23. https://web.archive.org/web/20091223033059/http://createpdf.adobe.com/cgi-feeder.pl/help_security?BP=&LOC=en_US. Retrieved 2010-02-21. 
  21. PDF Watermarking Securiy: Add PDF Watermark with PDF Document Watermarking Creator Software, Locklizard, http://www.locklizard.com/pdf_watermarking/, retrieved 2012-09-26 
  22. "Add PDF Watermark with PDF Document Watermarking Creator Software". Locklizard. http://www.locklizard.com/pdf_watermarking/. 
  23. "A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker)". Proceedings of the Sixth USENIX UNIX Security Symposium. 1996. http://www.usenix.org/publications/library/proceedings/sec96/full_papers/goldberg/goldberg.pdf. Retrieved 25 October 2011. 
  24. Geier, Eric (2012-01-16). "How to Keep Your PC Safe With Sandboxing". TechHive. http://www.techhive.com/article/247416/how_to_keep_your_pc_safe_with_sandboxing.html. Retrieved 2014-07-03. 
  25. "Sandboxing Applications". 2001. http://www.dmst.aueb.gr/dds/pubs/conf/2001-Freenix-Sandbox/html/sandbox32final.pdf. Retrieved 7 May 2013. 

External links

How secure is PDF? PDF security News