Author Archive: John Landwehr

What is a Certified Document and when should you use it?

A Certified Document provides PDF document and forms recipients with added assurances of its authenticity and integrity.  Here are two frequent uses cases for Certified Documents that illustrate these capabilities:

  1. You publish files and want the recipients to know that the files really did originate from you and they have not been accidentally or maliciously modified since you published them.
  2. You distribute electronic forms with pre-populated information, and want to make sure recipients are not accidentally or maliciously modifying your form data when returning them to you.

To certify a document,you can use Acrobat on the desktop or LiveCycle Digital Signatures as part of an automated process on a server.  To verify the certification on a document, desktop users simply open PDFs with the free Adobe Reader or Adobe Acrobat.  If you would like an automated process to verify certified documents on a server, LiveCycle Digital Signatures can also verify certified document status.

When a document has valid certification, a blue ribbon in a blue bar will show above the document in the viewer, like this:

In this case, the document originated from the United States Government Printing Office.  It was published as part of an automated Adobe LiveCycle process, and the source document is publicly available here (http://www.gpo.gov/fdsys/pkg/BILLS-106s761enr/pdf/BILLS-106s761enr.pdf) as part of their Federal Digital System which has very specific requirements on authentication when publishing official US Government documents to the public.  In 2008, the Executive Office of the President, Office of Management and Budget (OMB) stated the White House was no longer ordering hard copy paper versions of the US Federal budget, and instead has posted certified PDF documents online.

Certified documents are also implemented at Antwerp Port Authority for electronic invoices and at a number of higher education institutions for delivering student transcripts electronically, including Penn State, Northwestern, Stanford, and more.

In addition to static documents, certifying a document increases the level of security in electronic forms workflows.  Here is an example:
a) Organization generates a form for recipient to complete and return
b) Form contains some specific transactional information, like an interest rate (3%) and term (15yrs).
c) Recipient decides they will change the rate and term to be more favorable, and then digitally signs it and returns it.

Typically, the form publisher would have to manually review every completed form to look for such errors, and they can often be overlooked.  The better solution is to certify the form as it is published to the recipient.  The added assurances here are that the recipient knows it’s an official form that hasn’t been tampered with, and when the publishing organization receives a completed and signed form back – they know that what was sent out has not been changed along the way.  The certification also allows the form author/publisher to specify which fields and form elements are locked, and which can be filled in by the recipient.

Here is an example of a certified form:

The source PDF file is available here as a Sample.

In either of these cases, if an unauthorized change is made to a certified document, the blue ribbon will turn to a red X – indicator.

More information on automating digital signatures for documents and forms is available in this previous post (LiveCycle Digital Signatures: Three Common Use Cases)

Certified documents utilize PKI and digital signatures to provide the assurances of authenticity and integrity.  These are capabilities built into the ISO 32000 standard PDF specification as well as Adobe Acrobat, Reader, and LiveCycle.  Adobe products utilize FIPS certified encryption implementations of RSA and SHA hashing algorithms (up to RSA4096 and SHA512).  The publisher/signer utilizes their private key certificate to sign documents on the desktop (Acrobat) or server (LiveCycle) and recipients simply use Acrobat or Reader to view them.

Recommendations and best practices:

A. Make sure your signing certificate is trusted by your recipient community.  This can be accomplished in several ways:

1) Utilize the Adobe CDS/AATL program, where certificates are automatically trusted and the recipients have zero configuration to validate digital signatures.  You can either obtain a certificate from a registered Adobe provider, or if you meet the strict program requirements – have your certificate authority automatically trusted.  NOTE: If you are publishing documents to the general public, CDS/AATL is the only recommended option.

2) Utilize enterprise install and management capabilities to push out trust anchors in pre-configured installations as well as maintained on an internal server

3) Utilize an enterprise desktop configuration setting to trust the existing certificate store in the operating system (e.g. Windows CAPI)

B) When certifying a document, make sure that all certificates from the trust chain are available on the signing system (desktop or server).  This includes not only the end-entity signing certificate, but also any intermediate certificates up to the trust anchor.  That way, the recipient only needs to have the trust anchor, as described in the previous section.

C) When publishing a certified document with a digital signature, make sure you are online and able to reach the revocation information published by the certificate authorities.  That way, long term validation (LTV) information is stored in the document.  If this information is not included, the certified document will no longer validate after a signing certificate expires.

D) By default certified documents utilize the system clock as a date/time indicator.  If you have higher assurance needs for time, utilize an RFC3161 based timestamp authority as part of the digital signature process

NSA Publishes Redaction Procedures for Acrobat X

The National Security Agency has published a new document from the Information Assurance Directorate on redaction and sanitization.  It describes the recommended procedures to redact PDF files using the new Sanitize Document button in Adobe Acrobat X Professional.  The document is available here:

http://www.nsa.gov/ia/_files/vtechrep/I73_025R_2011.pdf
Redaction of PDF Files Using Adobe Acrobat Professional X
Enterprise Applications Division of the Systems and Network Analysis Center (SNAC)
Information Assurance Directorate, National Security Agency

 

Bentley Systems integrating Adobe’s Rights Management

Today Bentley Systems announced their alliance with Adobe to integrate rights management with ProjectWise and AssetWise for architecture, engineering, construction (AEC) and operations workflows.  Rights management already supports native PDF and Office formats, and this integration will provide support for additional formats in these markets.  This includes the ability to control who can open a document, specify what they can do with it, as well as track what has been done with it.  This content-centric security also supports expiration, revocation, and version control at the file level.

PDF Encryption Options

If you have sensitive information you want to protect and distribute, PDF is a good option to consider.  Adobe Reader could very well be the most widely distributed crypto-enabled application from any vendor, because Adobe has been including encryption since version 2.0 in 1994 – across numerous desktop and mobile platforms.   So there’s a pretty good chance that your intended recipients will be able to open an encrypted PDF.  Today in 2011, PDF supports the FIPS certified AES 256 algorithm and provides a number of advanced capabilities.

Another advantage of using the built in encryption of PDF is that it can be persistently integrated in the file – and not enveloped.  This means that anywhere the file goes, independent of storage and transport, it stays protected.  Common alternatives like PGP, ZIP, and S/MIME use enveloping encryption around content that gets discarded when the envelope is open – leaving the content unprotected, subject to accidental or malicious redistribution.

There are three main ways to encrypt a PDF file:

  1. Password encryption
  2. Public Key Infrastructure (PKI) encryption
  3. Rights Management

Password encryption relies on a shared password between the publisher and all the recipients.  The publisher selects a phrase like “No1Kn0w$” to encrypt the document, and the recipient uses the same to decrypt it.  To mitigate brute force attacks as well as simple guessing of common passwords – be sure to use long complex passwords with multiple upper, lower, number, and symbol combinations.  Remember to be creative, like song lyrics, poetry, and other long phrases as source material.

PKI encryption can provide greater protection by using additional cryptography and digital certificates.  Each recipient has a keypair (up to RSA4096), and publishes their public key certificate.  While encrypting, the publisher’s computer randomly generates a symmetric key(up to AES256), and encrypts that key to each recipient’s asymmetric public key to include in the document with the symmetric key encrypted content.  In return, the recipient computer uses their own private key to decrypt the symmetric key, and then decrypt the document.  When the private key is stored on a token, e.g. USB, CAC, PIV, eID – it can provide two factor security – requiring the token, and any PIN codes to unlock the token.

Rights Management was developed to provide integration into enterprise authentication (AuthN) and authorization (AuthZ) infrastructure without requiring PKI.  A Rights Management server ties into LDAP, Active Directory (AD), or other user databases to identify the ecosystem of users sharing a document.  Rights Management can also use those same directories to read in groups of users.  An administrator can create a rights management “policy” which is an easily reusable way to protect documents in a certain way.  The policy can define which users or groups can open the document, what they can do with the document, and track what they have done with the document.  These can be internal or external users – whether employees, partners, or consumers.  The publisher then selects the policy to protect a document.  The recipient opens the document and the Acrobat/Reader client will call back to the server to authenticate them, then determine whether they are authorized to open the document.  In addition to username/password types of authentication, the server can also support Kerberos single sign on (SSO),PKI authentication (which is different than PKI encryption above), OTP, and other custom methods.  With Rights Management you can also expire, revoke, version control, watermark, and audit document usage, too.  Rights Management is great for communities of users that have existing authentication and authorization systems in place – whether it’s secure information sharing, or electronic statements to consumers.  In addition to PDF, Rights Management can also apply to native Office and CAD documents, too.  Stay tuned for news on rights management capabilities being available on smartphone and tablet devices in Fall’11, too!

For all three encryption methods, it is also possible to restrict printing, clipboard, and modification after a protected document is opened.

Applying these encryption capabilities can be done ad-hoc on the desktop with Acrobat, as well as part of automated structured workflows on a server, too.

Are you redacting PDF documents properly?

There was recently another news story about a PDF document not being redacted properly. As a result, sensitive information leaked out. We’ve covered this topic before, but we’ll cover it from a different angle this time…

Continue reading…

Acrobat and Reader 9.3.2 update

On April 13, 2010 – Adobe released critical updates to Acrobat and Reader. All users are recommended to update their systems to the these releases as soon as possible.

Continue reading…

Update on reported attacks

Here are some links to the latest statements by Adobe, McAfee, and iDefense concerning reports of cyberattacks this past week. Additional information will be available on these links should new information become available.

Adobe Secure Software Engineering (ASSET)

McAfee Security Insights Blog

Statement by iDefense

Critical Acrobat and Reader Updates Available

Adobe’s Winter quarterly release of Acrobat and Reader is now available for version 8 and 9 customers…

Continue reading…

How to properly redact PDF files

Redaction was in the news again today with two large organizations publishing documents that weren’t properly redacted. So we’d like to remind everyone that removing sensitive information from an electronic document is easy…

Continue reading…

Acrobat and Reader 9.2 update

On October 13, 2009 – Adobe released critical updates to Acrobat and Reader. All users are recommended to update their systems to the these releases as soon as possible.

Continue reading…