Featured Research

from universities, journals, and other organizations

Security and privacy issues in the PDF document format

Date:
February 22, 2011
Source:
Facultad de Informática de la Universidad Politécnica de Madrid
Summary:
Researchers in Spain have compiled information on security and privacy for authors or readers of PDF documents, the most popular format for publication of digital documents.

UPM Facultad de Informática researchers compile information on security and privacy for authors or readers of PDF documents, the most popular format for publication of digital documents.

This work by researchers from the Universidad Politécnica de Madrid's Facultad de Informática surveys security and privacy threats related to digital document publishing. It addresses publisher-related information that is leaked once the document is sent over the Internet, as well as reader-related information that might be disclosed every time they open a downloaded document for examination. The work mainly focuses on the PDF document format that is the most popular document format for digital document publishing.

Publication of digital documents over the Internet poses serious security and privacy threats to both authors and readers. Previous research by the UPM Facultad de Informática's Distributed Systems Laboratory researchers addressed information leakage in popular Microsoft Office document formats. This research focuses on the PDF document format, which is the de facto standard for digital document exchange. Many institutions worldwide have adopted PDF as their document standard, and it has been estimated that billions of PDF documents are published or downloaded every day. The results of this research were published in the Journal of Systems and Software.

Published documents could include additional author-related data, such as user name, document location on the author's machine and even parts of the documents that were deleted before publication.

Some of this information, such as the user name or the last day the document was edited, are referred to as meta-data and are used by reader or editor applications to improve the user experience; however, they could lead to privacy breaches mainly because authors are not aware of their disclosure upon document publication. Other sensitive information is leaked because of the poor design of the document format. For example, whenever a paragraph of a document is deleted, PDF authoring applications do not remove the paragraph but rather mark it as "invisible." This way, the reader application does not visualize the deleted text when the document is opened for reading. Hence deleted data is kept along with the document and can be read by any malicious user that knows where to look for it. UPM researchers have developed several tools to extract information from PDF documents that are not accessible with standard document readers.

Avoiding information leakage

There are many popular incidents where document publication has revealed much more information than the publishers intended to communicate. For example, the Coalition Provisional Authority in Iraq published a PDF document on the "Sgrena-Calipari Incident" in May 2005. Black boxes were used to conceal the names of some of the people involved in the incident, but they were all easily revealed by copying the text from the original document into a text editor. Several companies and institutions have distributed guidelines to avoid information leakage in published documents after the media reported news about documents published on the Web containing sensitive information that was not supposed to be made public.

From the reader's point of view, opening a downloaded PDF document could expose sensitive information like the IP address of the user's machine, the user name and potentially any other information that is stored on the machine used to open the document. This is due to the interactive features of PDF applications. Several actions, like connecting to a website or reading data from a disk, can be automatically triggered every time a PDF is opened for reading. Ideally, the user should be warned of the risks of the action being taken and asked for confirmation. This research has highlighted that in many settings, especially when opening PDF documents within an Internet browser, triggered actions are performed without user notification or agreement. In their work, the UPM researchers elaborate on how it would be possible to retrieve and abuse information about each user that downloads and reads a PDF document.

Finally, the UPM researchers believe that PDF document format is a powerful document exchange medium. The main goal of their work is to make users aware of the risks that they face every time they publish time a document on the Internet and to provide effective guidelines to minimize the leakage of sensitive information.


Story Source:

The above story is based on materials provided by Facultad de Informática de la Universidad Politécnica de Madrid. Note: Materials may be edited for content and length.


Journal Reference:

  1. Aniello Castiglione, Alfredo De Santis, Claudio Soriente. Security and privacy issues in the Portable Document Format. Journal of Systems and Software, 2010; 83 (10): 1813 DOI: 10.1016/j.jss.2010.04.062

Cite This Page:

Facultad de Informática de la Universidad Politécnica de Madrid. "Security and privacy issues in the PDF document format." ScienceDaily. ScienceDaily, 22 February 2011. <www.sciencedaily.com/releases/2011/02/110222083159.htm>.
Facultad de Informática de la Universidad Politécnica de Madrid. (2011, February 22). Security and privacy issues in the PDF document format. ScienceDaily. Retrieved October 21, 2014 from www.sciencedaily.com/releases/2011/02/110222083159.htm
Facultad de Informática de la Universidad Politécnica de Madrid. "Security and privacy issues in the PDF document format." ScienceDaily. www.sciencedaily.com/releases/2011/02/110222083159.htm (accessed October 21, 2014).

Share This



More Computers & Math News

Tuesday, October 21, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Japanese Scientists Unveil Floating 3D Projection

Japanese Scientists Unveil Floating 3D Projection

Reuters - Innovations Video Online (Oct. 20, 2014) — Scientists in Tokyo have demonstrated what they say is the world's first 3D projection that floats in mid air. A laser that fires a pulse up to a thousand times a second superheats molecules in the air, creating a spark which can be guided to certain points in the air to shape what the human eye perceives as an image. Matthew Stock reports. Video provided by Reuters
Powered by NewsLook.com
Apple Enters Mobile Payment Business

Apple Enters Mobile Payment Business

AP (Oct. 20, 2014) — Apple is making a strategic bet with the launch of Apple Pay, the mobile pay service aimed at turning your iPhone into your wallet. (Oct. 20) Video provided by AP
Powered by NewsLook.com
Google To Protect Against Piracy ... At A Cost

Google To Protect Against Piracy ... At A Cost

Newsy (Oct. 20, 2014) — Google is changing its search-engine results to protect content producers from piracy — for a price. Video provided by Newsy
Powered by NewsLook.com
What We Know About Microsoft's Rumored Smartwatch

What We Know About Microsoft's Rumored Smartwatch

Newsy (Oct. 20, 2014) — Microsoft will reportedly release a smartwatch that works across different mobile platforms, has a two-day battery life and tracks heart rate. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:

Strange & Offbeat Stories

 

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins