CheckPDF: Check What is Inside Before Signing a PDF Document

Bansal, Bhavya; Patel, Ronak; Das, Manik Lal

doi:10.1007/978-81-322-3589-7_8

CheckPDF: Check What is Inside Before Signing a PDF Document

Bhavya Bansal⁵,
Ronak Patel⁵ &
Manik Lal Das⁵

Conference paper
First Online: 15 October 2016

748 Accesses

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 396))

Abstract

Over the years, digital document signing, particularly PDF (Portable Document Format) document, has gained increasing demand in many applications. The PDF file has a flexible logical structure; therefore, an attacker can take advantage of it to create a polymorphic PDF file which contains the actual document and another hidden object. The polymorphic PDF can be interpreted correctly by both PDF parser and image parser. As a result, when a signer signs the polymorphic PDF content by seeing the original content of the PDF file, the attacker gets the intended content signed by the signer without the signer’s knowledge. In this paper, we present a detailed illustration on how a fraudulent document be signed by a legitimate signer with different versions of PDF Reader without his/her knowledge. We provide a countermeasure by which any one can detect the presence of any objects in the PDF file while opening the file with a PDF Reader.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

R. Rivest, A. Shamir, L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. In: Communications of the ACM, 21(2):120–126, 1978.
Google Scholar
A. Alsaid and C. J. Mitchell. Dynamic Content Attacks on Digital Signatures. In: Information Management and Computer Security, 13(4):328–336, 2005.
Google Scholar
F. Buccafurri. Digital Signature Trust Vulnerability: A New Attack on Digital Signatures. In: Information Systems Security Association Journal, 2008.
Google Scholar
P. Laskov and N. Srndic. Static Detection of Malicious JavaScript-bearing PDF Documents. In Proceedings of the Annual Computer Security Applications Conference, pp. 373–382, 2011.
Google Scholar
PDF Reference. Adobe Portable Document Format Version 1.7. Adobe, November 2006.
Google Scholar
Adobe Supplement to ISO 32000. Adobe, June 2008.
Google Scholar
D. S. Popescu. Hiding Malicious Content in PDF Documents. In: Journal of Mobile, Embedded and Distributed Systems, 3(3):102–127, 2011.
Google Scholar
D. Stevens. Malicious PDF Documents Explained. In: IEEE Security and Privacy, 9(1):80–82, 2011.
Google Scholar
C. Smutz and A. Stavrou. Malicious PDF Detection using Metadata and Structural Features. In Proceedings of the Computer Security Applications Conference, pp. 239–248, 2012.
Google Scholar
X. Lu, J. Zhuge, R. Wang, Y. Cao, Y. Chen. De-obfuscation and Detection of Malicious PDF Files with High Accuracy. In Proceedings of Hawaii International Conference on System Sciences, pp. 4890–4899, 2013.
Google Scholar
N. Srndic and P. Laskov. Detection of Malicious PDF files based on Hierarchical Document Structure. In Proceedings of the Annual Network and Distributed System Security Symposium, 2013.
Google Scholar
F. Buccafurri, G. Caminiti, G. Lax. The Dali Attack on Digital Signature. In: Journal of Information Assurance and Security, 3(3):185–194, 2008.
Google Scholar
Foxit Reader Stack Overflow Exploit. http://www.exploit-db.com/foxit-reader-stack-overflow-exploit-egghunter/, [Accessed January 2015].
TIFF Revision 6.0, Adobe Systems, 1992. http://partners.adobe.com/public/developer/en/tiff/TIFF6.pdf [Accessed January 2015].
R. M. Karp and M. O. Rabin. Efficient Randomized Pattern-Matching Algorithms. In: IBM Journal of Research and Development, 31(2):249–260, 1987.
Google Scholar
J. Magazinius, B. K. Rios, A. Sabelfeld. Polyglots: Crossing Origins by Crossing Formats. In Proceedings of the ACM Conference on Computer and Communications Security, pp. 753–764, 2013.
Google Scholar

Download references

Author information

Authors and Affiliations

DA-IICT, Gandhinagar, India
Bhavya Bansal, Ronak Patel & Manik Lal Das

Authors

Bhavya Bansal
View author publications
You can also search for this author in PubMed Google Scholar
Ronak Patel
View author publications
You can also search for this author in PubMed Google Scholar
Manik Lal Das
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manik Lal Das .

Editor information

Editors and Affiliations

School of Computer & Systems Sciences, Jawaharlal Nehru University, New Delhi, Delhi, India
Daya K. Lobiyal
Dept. of Computer Science & Engineering, National Institute of Technology , Rourkela, Odisha, India
Durga Prasad Mohapatra
Department of Computer Science, Liverpool Hope University Faculty of Science, Liverpool, United Kingdom
Atulya Nagar
National Institute of Technology, Department of Computer Science & EngineeringNational Institute of Technology, Rourkela, Odisha, India
Manmath N. Sahoo

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Bansal, B., Patel, R., Das, M.L. (2016). CheckPDF: Check What is Inside Before Signing a PDF Document. In: Lobiyal, D., Mohapatra, D., Nagar, A., Sahoo, M. (eds) Proceedings of the International Conference on Signal, Networks, Computing, and Systems. Lecture Notes in Electrical Engineering, vol 396. Springer, New Delhi. https://doi.org/10.1007/978-81-322-3589-7_8

Download citation

DOI: https://doi.org/10.1007/978-81-322-3589-7_8
Published: 15 October 2016
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-3587-3
Online ISBN: 978-81-322-3589-7
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics