Practical Decryption Exfiltration: Breaking PDF Encryption
Offered By: TheIACR via YouTube
Course Description
Overview
Explore the vulnerabilities in PDF encryption through this 35-minute conference talk from WAC 2020. Delve into the Portable Document Format, examining who uses PDF encryption and the attacker model. Gain insights into PDF encryption fundamentals and discover gaps in its security. Learn about various exfiltration techniques, including simple content overlay, direct exfiltration through PDF forms, hyperlinks, and JavaScript. Investigate malleability gadgets, known plaintext attacks, and their impact on PDF signatures. Understand the importance of closing backchannel vulnerabilities and consider short-term mitigation strategies. Conclude with a comprehensive overview of practical decryption exfiltration methods for breaking PDF encryption.
Syllabus
Intro
PDFex
Overview
Portable Document Format
Who uses PDF Encryption?
Attacker Model
PDF Encryption in a Nutshell
Gaps in PDF Encryption
Simple Content Overlay
Direct Exfiltration through PDF Forms
Direct Exfiltration via Hyperlinks
Direct Exfiltration with JavaScript
Malleability Gadgets
Prerequisites
Known Plaintext
Gadget Attacks
PDF Signatures
Closing Backchannels
Short Term Mitigation
Conclusion
Taught by
TheIACR
Related Courses
Applied CryptographyUniversity of Virginia via Udacity Cryptography II
Stanford University via Coursera Coding the Matrix: Linear Algebra through Computer Science Applications
Brown University via Coursera Cryptography I
Stanford University via Coursera Unpredictable? Randomness, Chance and Free Will
National University of Singapore via Coursera