Featured Research

from universities, journals, and other organizations

Security and privacy issues in the PDF document format

Date:
February 22, 2011
Source:
Facultad de Informática de la Universidad Politécnica de Madrid
Summary:
Researchers in Spain have compiled information on security and privacy for authors or readers of PDF documents, the most popular format for publication of digital documents.

UPM Facultad de Informática researchers compile information on security and privacy for authors or readers of PDF documents, the most popular format for publication of digital documents.

This work by researchers from the Universidad Politécnica de Madrid's Facultad de Informática surveys security and privacy threats related to digital document publishing. It addresses publisher-related information that is leaked once the document is sent over the Internet, as well as reader-related information that might be disclosed every time they open a downloaded document for examination. The work mainly focuses on the PDF document format that is the most popular document format for digital document publishing.

Publication of digital documents over the Internet poses serious security and privacy threats to both authors and readers. Previous research by the UPM Facultad de Informática's Distributed Systems Laboratory researchers addressed information leakage in popular Microsoft Office document formats. This research focuses on the PDF document format, which is the de facto standard for digital document exchange. Many institutions worldwide have adopted PDF as their document standard, and it has been estimated that billions of PDF documents are published or downloaded every day. The results of this research were published in the Journal of Systems and Software.

Published documents could include additional author-related data, such as user name, document location on the author's machine and even parts of the documents that were deleted before publication.

Some of this information, such as the user name or the last day the document was edited, are referred to as meta-data and are used by reader or editor applications to improve the user experience; however, they could lead to privacy breaches mainly because authors are not aware of their disclosure upon document publication. Other sensitive information is leaked because of the poor design of the document format. For example, whenever a paragraph of a document is deleted, PDF authoring applications do not remove the paragraph but rather mark it as "invisible." This way, the reader application does not visualize the deleted text when the document is opened for reading. Hence deleted data is kept along with the document and can be read by any malicious user that knows where to look for it. UPM researchers have developed several tools to extract information from PDF documents that are not accessible with standard document readers.

Avoiding information leakage

There are many popular incidents where document publication has revealed much more information than the publishers intended to communicate. For example, the Coalition Provisional Authority in Iraq published a PDF document on the "Sgrena-Calipari Incident" in May 2005. Black boxes were used to conceal the names of some of the people involved in the incident, but they were all easily revealed by copying the text from the original document into a text editor. Several companies and institutions have distributed guidelines to avoid information leakage in published documents after the media reported news about documents published on the Web containing sensitive information that was not supposed to be made public.

From the reader's point of view, opening a downloaded PDF document could expose sensitive information like the IP address of the user's machine, the user name and potentially any other information that is stored on the machine used to open the document. This is due to the interactive features of PDF applications. Several actions, like connecting to a website or reading data from a disk, can be automatically triggered every time a PDF is opened for reading. Ideally, the user should be warned of the risks of the action being taken and asked for confirmation. This research has highlighted that in many settings, especially when opening PDF documents within an Internet browser, triggered actions are performed without user notification or agreement. In their work, the UPM researchers elaborate on how it would be possible to retrieve and abuse information about each user that downloads and reads a PDF document.

Finally, the UPM researchers believe that PDF document format is a powerful document exchange medium. The main goal of their work is to make users aware of the risks that they face every time they publish time a document on the Internet and to provide effective guidelines to minimize the leakage of sensitive information.


Story Source:

The above story is based on materials provided by Facultad de Informática de la Universidad Politécnica de Madrid. Note: Materials may be edited for content and length.


Journal Reference:

  1. Aniello Castiglione, Alfredo De Santis, Claudio Soriente. Security and privacy issues in the Portable Document Format. Journal of Systems and Software, 2010; 83 (10): 1813 DOI: 10.1016/j.jss.2010.04.062

Cite This Page:

Facultad de Informática de la Universidad Politécnica de Madrid. "Security and privacy issues in the PDF document format." ScienceDaily. ScienceDaily, 22 February 2011. <www.sciencedaily.com/releases/2011/02/110222083159.htm>.
Facultad de Informática de la Universidad Politécnica de Madrid. (2011, February 22). Security and privacy issues in the PDF document format. ScienceDaily. Retrieved July 24, 2014 from www.sciencedaily.com/releases/2011/02/110222083159.htm
Facultad de Informática de la Universidad Politécnica de Madrid. "Security and privacy issues in the PDF document format." ScienceDaily. www.sciencedaily.com/releases/2011/02/110222083159.htm (accessed July 24, 2014).

Share This




More Computers & Math News

Thursday, July 24, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Bill Gates: Health, Agriculture Key to Africa's Development

Bill Gates: Health, Agriculture Key to Africa's Development

AFP (July 24, 2014) — Health and agriculture development are key if African countries are to overcome poverty and grow, US software billionaire Bill Gates said Thursday, as he received an honourary degree in Ethiopia. Duration: 00:36 Video provided by AFP
Powered by NewsLook.com
Creative Makeovers for Ugly Cellphone Towers

Creative Makeovers for Ugly Cellphone Towers

AP (July 24, 2014) — Mobile phone companies and communities across the country are going to new lengths to disguise those unsightly cellphone towers. From a church bell tower to a flagpole, even a pencil, some towers are trying to make a point. (July 24) Video provided by AP
Powered by NewsLook.com
Robot Parking Valet Creates Stress-Free Travel

Robot Parking Valet Creates Stress-Free Travel

AP (July 23, 2014) — 'Ray' the robotic parking valet at Dusseldorf Airport in Germany lets travelers to avoid the hassle of finding a parking spot before heading to the check-in desk. (July 23) Video provided by AP
Powered by NewsLook.com
Facebook Earnings Put Smile on Investors Faces

Facebook Earnings Put Smile on Investors Faces

Reuters - Business Video Online (July 23, 2014) — Facebook earnings beat forecasts- with revenue climbing 61 percent. Bobbi Rebell reports. Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

    Health News

      Environment News

        Technology News



          Save/Print:
          Share:  

          Free Subscriptions


          Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

          Get Social & Mobile


          Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

          Have Feedback?


          Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
          Mobile iPhone Android Web
          Follow Facebook Twitter Google+
          Subscribe RSS Feeds Email Newsletters
          Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins