Facultad de Informática UPM researchersScienceDaily (Feb. 22, 2011) compiled information about security and privacy for authors or readers of PDF documents, the most popular format for publishing of digital documents.
This work by researchers from Facultad de Informática de Madrid Universidad Politécnica set of privacy threats security surveys related to a digital document. It handles information related to your publisher that he leaked after the document is sent over the Internet, as well as information related to the reader that can be downloaded each time they open for inspection. The work focuses primarily on the PDF document format is the most popular digital document publication.
Publishing digital documents on the Internet is a serious security and privacy threats to authors and readers. Previous research by scholars in the distributed systems laboratory of the Facultad de Informática of UPM is leaking information addressed in the FAQ of a Microsoft Office document. This study focuses on PDF format, which is the de facto standard for document exchange. Many institutions around the world have adopted PDF as a standard, their estimated that billions of PDF documents that are published or downloaded each day. The results of this research were baiomn of systems and software.
Published documents can contain additional data related to the author, such as user name, the location of the document's author, even parts of deleted documents before publication.
Some of this information, such as user name or the last day of the document was referred to as metadata, applications use the reader or editor to improve the user experience; However, they may cause privacy breaches, mainly because the authors are not aware of their discovery to publish the document. Other sensitive information leaked due to poor design of the document template. For example, whenever a paragraph of a document is deleted, the paragraph did not remove the PDF but rather than mark it as "invisible". In this way, the calling application did not imagine the text that was deleted when the document is opened for reading. Therefore deleted data is saved with the document, can be read by any malicious user who knows where to find it. UPM researchers developed several tools to extract information from PDF document readers that are inaccessible.
Information leakage prevention
There are cases where many popular publication document costs a lot more information than the publishers is to communicate. For example, the Coalition Provisional Authority of Iraq post the PDF on "event" Calipari Sgrena-May 2005. Black boxes were used to hide the names of some of the people involved in the incident, but all were discovered easily by copying the text from the original document into a text editor. Several companies and institutions have distributed instructions to avoid leaking information in documents released after the reported news about documents published on the Internet that contains sensitive information that was not supposed to be made public.
From the perspective of the reader, open a downloaded PDF document could expose sensitive information such as IP address of the user's computer, user name, potentially other information stored on the computer that is used to open the document. The reason for this is the interactive features of PDF applications. You can automatically run a number of actions, such as connecting to a Web site or read data from the disk each time a PDF is opened for reading. Ideally, you should warn the user of the risks of action taken, OK. This study emphasized that in many settings, particularly when you open a PDF inside a Web browser, are caused when performing actions without notice to the user or the agreement. Their work, researchers describe how UPM it will be possible to recall and information about all of the user who downloads the PDF reader.
Finally, the researchers believe that UPM PDF format is a medium powerful document conversion. The main purpose of their work is to make users aware of the risks that they face each time they publish a document on the Internet and to provide time guidelines effective to reduce the leakage of sensitive information.
Email or share this story:
The source of the story:
The above story is published (with writers adaptations by a teamdaily science) materials provided by Facultad de Informática de la Universidad Politécnica de Madrid.
A journal:
- Aniello Castiglione, Alfredo de Santis, Claudio Soriente. Security and privacy as portable document format. Journal of systems and software, 2010; 83 (10): DOI: 10.1016/1813 j. jss. 2010.05 .062
Note: If no source is cited, instead.
Disclaimer: hdioth in this article do not necessarily reflect those of his team or ScienceDaily.
