The Keys to Your Cottage: an overview of PDF document security
From its inception, the primary mandate of Adobe's Portable Document Format (PDF) has been to guarantee print fidelity irrespective of which application is used to create a document. PDF's principle goal is to ensure the widest possible distribution of documents, while only requiring readers to have minimal software in order to view and print them. PDF excels at maintaining usability through these aforementioned areas. While PDF excels at the above, Adobe's PDF security has been controversial since its inception in 1994.
Security experts expend a great deal of energy pointing out that Adobe's PDF security is weak and can be easily broken. Adobe has always claimed, however, that security should be provided by the PDF viewing application (such as Adobe Acrobat Reader) and is therefore not the responsibility of the file format itself. Adobe Acrobat Standard Security Handler's security relies upon viewing applications ensure that readers honor the wishes of the publisher. Since security is the role of the viewing application and not of the file format, PDF's core mandate remains print fidelity and portability; the problem is retaining this core mandate once security features come into play.
Security and usability are always at odds, though most security experts fail to point this out. When choosing security for a room, for example, one could choose either a door with a simple lock or a door with a complex series of locks, like the ones found on a vault. Both kinds of doors provide security but they differ in their degree of security and usability. One would not use a vault door to secure their tool shed just as one would not use a door with a simple lock to secure the back room of a bank. The same challenge applies to electronic document security.
Business decision makers need to strike a balance between usability and security - a balance that must be tailored to meet specific needs.
Key Management --The Keys to Your Cottage
Most documents on security address the issue of key management. In reference to electronic security, a key refers to a number that is required in order to decode data. For the sake of simplicity here, we will use the analogy of a physical key to a valuable asset, such as a cottage in the country, to clarify how electronic document keys are managed.
Suppose you live four hours from your cottage in the country and you have a friend who lives a further four hours away. You wish to let your friend stay at your cottage for the weekend. How do you plan to get the keys for your cottage to your friend? This problem is referred to as key exchange amongst security experts. There are a handful of options for exchanging keys; each has its benefits and disadvantages.
Key Exchange -- Handing over the keys: The "Secret Rock" Option
One option for key exchange is to hide a key under a rock near your cottage. All you would have to do is call your friend and inform him or her where to find it.
This is, by far, the most convenient option for you. From a security perspective, however, the secret rock option is quite vulnerable to attack. A potential thief would only have to repetitively search rocks near your cottage or hide in the bushes and watch while your friend looks for the key in order to know where to find the key in the future.
Next: Direct and indirect attacks (page 2 of 3)