Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Practical Decryption Exfiltration: Breaking PDF Encryption

TheIACR via YouTube

Overview

Explore the vulnerabilities in PDF encryption through this 35-minute conference talk from WAC 2020. Delve into the Portable Document Format, examining who uses PDF encryption and the attacker model. Gain insights into PDF encryption fundamentals and discover gaps in its security. Learn about various exfiltration techniques, including simple content overlay, direct exfiltration through PDF forms, hyperlinks, and JavaScript. Investigate malleability gadgets, known plaintext attacks, and their impact on PDF signatures. Understand the importance of closing backchannel vulnerabilities and consider short-term mitigation strategies. Conclude with a comprehensive overview of practical decryption exfiltration methods for breaking PDF encryption.

Syllabus

Intro
PDFex
Overview
Portable Document Format
Who uses PDF Encryption?
Attacker Model
PDF Encryption in a Nutshell
Gaps in PDF Encryption
Simple Content Overlay
Direct Exfiltration through PDF Forms
Direct Exfiltration via Hyperlinks
Direct Exfiltration with JavaScript
Malleability Gadgets
Prerequisites
Known Plaintext
Gadget Attacks
PDF Signatures
Closing Backchannels
Short Term Mitigation
Conclusion

Taught by

TheIACR

Reviews

Start your review of Practical Decryption Exfiltration: Breaking PDF Encryption

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.