The Portable Document Format, commonly known as PDF, is considered the standard for document exchange worldwide. Private individuals, companies and government organizations use it everywhere. The format is correspondingly attractive as a target for cyberattacks and information theft. In their project “Security and Privacy on PDF Documents”, Dr.-Ing. Christian Mainka and Dr.-Ing. Vladislav Mladenov from the Chair of Network and Data Security are analyzing the security of PDF documents, particularly with regard to the use & detection of PDF malware, manipulation of digitally signed PDFs and privacy leaks. The goal is to identify vulnerabilities and develop concrete countermeasures. The project is funded by the German Research Foundation (DFG) for three years with a volume of approximately 666,000 euros.
“It is assumed that PDF documents are unmodifiable, harmless and privacy-friendly. In recent years, we have shown several times through the discovery of countless security vulnerabilities that the assumption is not correct. In our project we want to get to the bottom of the existing problems by conducting comprehensive investigations of the three areas – PDF signatures, PDF malware and PDF privacy,” explains Mladenov the motivation and urgency of the project.
False assumptions about PDF document security
Existing malware detectors, from open-source implementations to commercial antivirus programs, are evaluated in terms of their detection rate. New attacks are then developed to circumvent the detectors.
Tampering digitally signed PDFs
Digitally signed PDFs provide integrity and authenticity and are used to detect unauthorized changes to documents such as contracts, agreements, and receipts. From the attacks of recent years, it has not yet been possible to derive comprehensive coverage of all existing attack vectors. This is to be changed with the development of a fully automated tool that can create attack vectors and evaluate the security of PDF signature verification.
Detecting Privacy leaks
PDF documents can contain unintended sensitive data. By analyzing publicly available documents, a systematic evaluation of data leaks will be created and an analysis of redacting tools designed to remove information leaks from PDFs will be performed.
The overall aim is to propose concrete countermeasures that harden the PDF document format and existing implementations, as well as to develop concrete improvements at the specification and implementation level.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.