Title: Practical Decryption exFiltration: Breaking PDF Encryption.md
Authors:
Müller, Jens Ising, Fabian Mladenov, Vladislav Mainka, Christian Schinzel, Sebastian Schwenk, Jörg
Reviewers: RB
-PDF security analysis
-The authors show two attacks to break the confidentiality of encrypted Portable Document format documents: 1) by exploiting the partially encrypted feature, and 2) exploiting the PDF encryption specification
-The authors test the attacks against commonly used PDF readers
-The authors propose mitigations for the proposed attacks
-The authors thoroughly define the PDP format and explain its encryption scheme.
-Relate several attack types on PDFs, for example, direct exfiltration
-The authors focus on a variety of attacks (cipher block chaining, partial encryption, PDF interactive features) to exploit the security weaknesses of this format
-The authors state shows that the PDP encryption can only protect the confidentiality of string and stream objects and advocate for integrity protection.
-The authors detail several ways of performing direct exfiltration and CBC gadget attacks.
-Without user interaction, the proposed attacks are much less effective.
-Signing a document could serve as an integrity check, diminishing the impact of the proposed attacks. Although challenging, the usage of PDF signatures could be enforced in an organization.
-Although the article is focused on the PDF format, the authors do not go further by exploring essential risks associated with the richness of the format (e.g., allowing to embed other formats). This leaves a significant amount of attack vectors unattended.
-Exfiltration limitations: compressed data renders A2, B3, and B3 ineffective.
-(might not be a weakness, but rather an assumption) - it is assumed that the victim "willingly confirms" dialog boxes if directly follows the decryption process. In short, the authors assume that the user follows the standard procedure, although abnormal occurrences take place (e.g., dialog box requesting access to external resources).
-The encryption mode of PDF does not have integrity checks, which allows for ciphertext manipulation.
-PDF encryption dictionaries contain the necessary information to decrypt the document.
-The authors construct cipher block chaining gadgets by reading the Perms value present in an encrypted PDF
-The authors identified a wide range of methods to gain partial encryption in otherwise encrypted documents -Direct exfiltration requires the crypt filters feature.
-stream objects and string objects are the two types of objects that embed contents to be shown to users
-The FlateDecoder filter decodes a PDF and extracts plain text. It is implemented with the zlib deflate algorithm
-Perms value is used as a base CBC gadget
-Limitation of CBC Gadget Attack: if one of the three random bytes contains special characters, the form submission URL might break;
-Limitation of Direct Exfiltration via Hyperlinks: URI's must be of type string; the attack is not silent; length of GET method is limited; it is difficult to leak compressed data
Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk. 2018. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
Poddebniak et al. propose exfiltration channels, a technique used by the authors of the analyzed article, in order to manipulate ciphertext.