• search hit 5 of 6
Back to Result List

Practical Decryption exFiltration: Breaking PDF Encryption

  • The Portable Document Format, better known as PDF, is one of themost widely used document formats worldwide, and in order to en-sure information confidentiality, this file format supports documentencryption. In this paper, we analyze PDF encryption and showtwo novel techniques for breaking the confidentiality of encrypteddocuments. First, we abuse the PDF feature ofpartially encrypteddocuments to wrap the encrypted part of the document withinattacker-controlled content and therefore, exfiltrate the plaintextonce the document is opened by a legitimate user. Second, we abusea flaw in the PDF encryption specification to arbitrarily manipulateencrypted content. The only requirement is that a single block ofknown plaintext is needed, and we show that this is fulfilled bydesign. Our attacks allow the recovery of the entire plaintext of en-crypted documents by using exfiltration channels which are basedon standard compliant PDF properties.We evaluated our attacks on 27 widely used PDF viewers andfound all of them to be vulnerable. We responsibly disclosed thevulnerabilities and supported the vendors in fixing the issue
Bitte benutzen Sie diese Referenz, um auf diese Ressource zu verweisen:

Export metadata

Additional Services

Author:Jens Müller, Fabian Ising, Vladislav Mldadenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk
Parent Title (English):The 26th ACM Conference on Computer and Communications, Security (CCS 2019), London, United Kingdom
Document Type:Conference Proceeding
Date of Publication (online):2019/10/01
Year of first Publication:2019
Provider of the Publication Server:FH Münster - University of Applied Sciences
Release Date:2019/10/01
Faculties:Elektrotechnik und Informatik (ETI)
Publication list:Schinzel, Sebastian
Ising, Fabian
Licence (German):License LogoBibliographische Daten