{"title":"规避数字签名 PDF 的签名验证","authors":"Ramesh Cheripelli, Swathi Ch","doi":"10.30726/esij/v8.i3.2021.83017","DOIUrl":null,"url":null,"abstract":"Carefully marked Portable Document Formats (PDFs) are utilized in agreements, contracts, bills, proposals, and arrangements to ensure the genuineness and trustworthiness of their material. A normal client would accept that carefully marked PDF records are conclusive and cannot be additionally altered. Be that as it may, different changes like adding comments to a marked PDF or rounding out structure fields are permitted and do not nullify PDF marks. In this paper, we show that this adaptability permits attackers to totally change a record’s substance while keeping the first signature approval status immaculate.","PeriodicalId":151335,"journal":{"name":"Engineering and Scientific International Journal","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evading Signature Validation in Digitally Signed PDF\",\"authors\":\"Ramesh Cheripelli, Swathi Ch\",\"doi\":\"10.30726/esij/v8.i3.2021.83017\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Carefully marked Portable Document Formats (PDFs) are utilized in agreements, contracts, bills, proposals, and arrangements to ensure the genuineness and trustworthiness of their material. A normal client would accept that carefully marked PDF records are conclusive and cannot be additionally altered. Be that as it may, different changes like adding comments to a marked PDF or rounding out structure fields are permitted and do not nullify PDF marks. In this paper, we show that this adaptability permits attackers to totally change a record’s substance while keeping the first signature approval status immaculate.\",\"PeriodicalId\":151335,\"journal\":{\"name\":\"Engineering and Scientific International Journal\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Engineering and Scientific International Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.30726/esij/v8.i3.2021.83017\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Engineering and Scientific International Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30726/esij/v8.i3.2021.83017","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
在协议、合同、账单、建议书和安排中使用经过仔细标注的便携式文档格式(PDF),以确保其材料的真实性和可信度。一般客户会认为,经过仔细标注的 PDF 记录是不可更改的。尽管如此,不同的更改,如在已标记的 PDF 上添加注释或完善结构字段是允许的,并且不会使 PDF 标记失效。在本文中,我们展示了这种适应性允许攻击者完全更改记录的实质内容,同时保持首次签名批准状态不变。
Evading Signature Validation in Digitally Signed PDF
Carefully marked Portable Document Formats (PDFs) are utilized in agreements, contracts, bills, proposals, and arrangements to ensure the genuineness and trustworthiness of their material. A normal client would accept that carefully marked PDF records are conclusive and cannot be additionally altered. Be that as it may, different changes like adding comments to a marked PDF or rounding out structure fields are permitted and do not nullify PDF marks. In this paper, we show that this adaptability permits attackers to totally change a record’s substance while keeping the first signature approval status immaculate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
