1 Trillion Dollar Refund : How To Spoof PDF Signatures

Cite This

Files in this item

Files Size Format View

There are no files associated with this item.

MLADENOV, Vladislav, Christian MAINKA, Karsten MEYER ZU SELHAUSEN, Martin GROTHE, Jörg SCHWENK, 2019. 1 Trillion Dollar Refund : How To Spoof PDF Signatures. The 26th ACM Conference on Computer and Communications Security. London, Nov 11, 2019 - Nov 15, 2019. In: CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:Association for Computing Machinery, pp. 1-14. ISBN 978-1-4503-6747-9. Available under: doi: 10.1145/3319535.3339812

@inproceedings{Mladenov2019Trill-49651, title={1 Trillion Dollar Refund : How To Spoof PDF Signatures}, year={2019}, doi={10.1145/3319535.3339812}, isbn={978-1-4503-6747-9}, address={New York}, publisher={Association for Computing Machinery}, booktitle={CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security}, pages={1--14}, author={Mladenov, Vladislav and Mainka, Christian and Meyer zu Selhausen, Karsten and Grothe, Martin and Schwenk, Jörg} }

<rdf:RDF xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:bibo="http://purl.org/ontology/bibo/" xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:void="http://rdfs.org/ns/void#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > <rdf:Description rdf:about="https://kops.uni-konstanz.de/rdf/resource/123456789/49651"> <dc:creator>Meyer zu Selhausen, Karsten</dc:creator> <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/> <dc:contributor>Meyer zu Selhausen, Karsten</dc:contributor> <dc:contributor>Mladenov, Vladislav</dc:contributor> <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/> <dcterms:issued>2019</dcterms:issued> <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2020-05-26T16:17:21Z</dcterms:available> <dc:creator>Mainka, Christian</dc:creator> <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2020-05-26T16:17:21Z</dc:date> <foaf:homepage rdf:resource="http://localhost:8080/jspui"/> <dc:contributor>Grothe, Martin</dc:contributor> <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/rdf/resource/123456789/36"/> <dc:creator>Mladenov, Vladislav</dc:creator> <dc:rights>terms-of-use</dc:rights> <dc:creator>Grothe, Martin</dc:creator> <dc:contributor>Schwenk, Jörg</dc:contributor> <bibo:uri rdf:resource="https://kops.uni-konstanz.de/handle/123456789/49651"/> <dc:contributor>Mainka, Christian</dc:contributor> <dc:language>eng</dc:language> <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/rdf/resource/123456789/36"/> <dc:creator>Schwenk, Jörg</dc:creator> <dcterms:abstract xml:lang="eng">The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. To guarantee the authenticity and integrity of documents, digital signatures are used. Several public and private services ranging from governments, public enterprises, banks, and payment services rely on the security of PDF signatures. In this paper, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce three novel attack classes which bypass the cryptographic protection of digitally signed PDF files allowing an attacker to spoof the content of a signed PDF. We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and widely used applications such as Adobe Reader DC and Foxit. We additionally evaluated eight online validation services and found six to be vulnerable. A possible explanation for these results could be the absence of a standard algorithm to verify PDF signatures -- each client verifies signatures differently, and attacks can be tailored to these differences. We, therefore, propose the standardization of a secure verification algorithm, which we describe in this paper.</dcterms:abstract> <dcterms:title>1 Trillion Dollar Refund : How To Spoof PDF Signatures</dcterms:title> </rdf:Description> </rdf:RDF>

This item appears in the following Collection(s)

Search KOPS


Browse

My Account