Computer Science – Cryptography and Security
Scientific paper
2012-01-01
Popescu, D. (2011). Hiding Malicious Content in PDF Documents. Journal Of Mobile, Embedded And Distributed Systems, 3(3), 120-
Computer Science
Cryptography and Security
8 pages
Scientific paper
This paper is a proof-of-concept demonstration for a specific digital signatures vulnerability that shows the ineffectiveness of the WYSIWYS (What You See Is What You Sign) concept. The algorithm is fairly simple: the attacker generates a polymorphic file that has two different types of content (text, as a PDF document for example, and image: TIFF - two of the most widely used file formats). When the victim signs the dual content file, he/ she only sees a PDF document and is unaware of the hidden content inside the file. After obtaining the legally signed document from the victim, the attacker simply has to change the extension to the other file format. This will not invalidate the digital signature, as no bits were altered. The destructive potential of the attack is considerable, as the Portable Document Format (PDF) is widely used in e-government and in e-business contexts.
No associations
LandOfFree
Hiding Malicious Content in PDF Documents does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Hiding Malicious Content in PDF Documents, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Hiding Malicious Content in PDF Documents will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-55152