Featured Research

from universities, journals, and other organizations

Security and privacy issues in the PDF document format

Date:
February 22, 2011
Source:
Facultad de Informática de la Universidad Politécnica de Madrid
Summary:
Researchers in Spain have compiled information on security and privacy for authors or readers of PDF documents, the most popular format for publication of digital documents.

UPM Facultad de Informática researchers compile information on security and privacy for authors or readers of PDF documents, the most popular format for publication of digital documents.

This work by researchers from the Universidad Politécnica de Madrid's Facultad de Informática surveys security and privacy threats related to digital document publishing. It addresses publisher-related information that is leaked once the document is sent over the Internet, as well as reader-related information that might be disclosed every time they open a downloaded document for examination. The work mainly focuses on the PDF document format that is the most popular document format for digital document publishing.

Publication of digital documents over the Internet poses serious security and privacy threats to both authors and readers. Previous research by the UPM Facultad de Informática's Distributed Systems Laboratory researchers addressed information leakage in popular Microsoft Office document formats. This research focuses on the PDF document format, which is the de facto standard for digital document exchange. Many institutions worldwide have adopted PDF as their document standard, and it has been estimated that billions of PDF documents are published or downloaded every day. The results of this research were published in the Journal of Systems and Software.

Published documents could include additional author-related data, such as user name, document location on the author's machine and even parts of the documents that were deleted before publication.

Some of this information, such as the user name or the last day the document was edited, are referred to as meta-data and are used by reader or editor applications to improve the user experience; however, they could lead to privacy breaches mainly because authors are not aware of their disclosure upon document publication. Other sensitive information is leaked because of the poor design of the document format. For example, whenever a paragraph of a document is deleted, PDF authoring applications do not remove the paragraph but rather mark it as "invisible." This way, the reader application does not visualize the deleted text when the document is opened for reading. Hence deleted data is kept along with the document and can be read by any malicious user that knows where to look for it. UPM researchers have developed several tools to extract information from PDF documents that are not accessible with standard document readers.

Avoiding information leakage

There are many popular incidents where document publication has revealed much more information than the publishers intended to communicate. For example, the Coalition Provisional Authority in Iraq published a PDF document on the "Sgrena-Calipari Incident" in May 2005. Black boxes were used to conceal the names of some of the people involved in the incident, but they were all easily revealed by copying the text from the original document into a text editor. Several companies and institutions have distributed guidelines to avoid information leakage in published documents after the media reported news about documents published on the Web containing sensitive information that was not supposed to be made public.

From the reader's point of view, opening a downloaded PDF document could expose sensitive information like the IP address of the user's machine, the user name and potentially any other information that is stored on the machine used to open the document. This is due to the interactive features of PDF applications. Several actions, like connecting to a website or reading data from a disk, can be automatically triggered every time a PDF is opened for reading. Ideally, the user should be warned of the risks of the action being taken and asked for confirmation. This research has highlighted that in many settings, especially when opening PDF documents within an Internet browser, triggered actions are performed without user notification or agreement. In their work, the UPM researchers elaborate on how it would be possible to retrieve and abuse information about each user that downloads and reads a PDF document.

Finally, the UPM researchers believe that PDF document format is a powerful document exchange medium. The main goal of their work is to make users aware of the risks that they face every time they publish time a document on the Internet and to provide effective guidelines to minimize the leakage of sensitive information.


Story Source:

The above story is based on materials provided by Facultad de Informática de la Universidad Politécnica de Madrid. Note: Materials may be edited for content and length.


Journal Reference:

  1. Aniello Castiglione, Alfredo De Santis, Claudio Soriente. Security and privacy issues in the Portable Document Format. Journal of Systems and Software, 2010; 83 (10): 1813 DOI: 10.1016/j.jss.2010.04.062

Cite This Page:

Facultad de Informática de la Universidad Politécnica de Madrid. "Security and privacy issues in the PDF document format." ScienceDaily. ScienceDaily, 22 February 2011. <www.sciencedaily.com/releases/2011/02/110222083159.htm>.
Facultad de Informática de la Universidad Politécnica de Madrid. (2011, February 22). Security and privacy issues in the PDF document format. ScienceDaily. Retrieved April 21, 2014 from www.sciencedaily.com/releases/2011/02/110222083159.htm
Facultad de Informática de la Universidad Politécnica de Madrid. "Security and privacy issues in the PDF document format." ScienceDaily. www.sciencedaily.com/releases/2011/02/110222083159.htm (accessed April 21, 2014).

Share This



More Computers & Math News

Monday, April 21, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Nintendo Changed Gaming World, but Its Future Uncertain: Upstone

Nintendo Changed Gaming World, but Its Future Uncertain: Upstone

AFP (Apr. 19, 2014) — The Nintendo Game Boy celebrates its 25th anniversary Monday and game expert Stephen Upstone says the console can be credited with creating a trend towards handheld gaming devices. Duration: 01:21 Video provided by AFP
Powered by NewsLook.com
Why Did Nike Fire Most Of Its Nike FuelBand Team?

Why Did Nike Fire Most Of Its Nike FuelBand Team?

Newsy (Apr. 19, 2014) — Nike fired most of its Digital Sport hardware team, the group behind Nike's FuelBand device. Could Apple or an overcrowded market be behind layoffs? Video provided by Newsy
Powered by NewsLook.com
Nearly Two Weeks On, The Internet Copes With Heartbleed

Nearly Two Weeks On, The Internet Copes With Heartbleed

Newsy (Apr. 19, 2014) — The Internet is taking important steps in patching the vulnerabilities Heartbleed highlighted, but those preventive measures carry their own costs. Video provided by Newsy
Powered by NewsLook.com
Facebook To Share Nearby Friends Data With Advertisers

Facebook To Share Nearby Friends Data With Advertisers

Newsy (Apr. 19, 2014) — A Facebook spokesperson has confirmed the company will use GPS data from the new Nearby Friends feature for advertising sometime in the future. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins