Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
2005 Adobe Systems Incorporated. All Rights Reserved.1
Document security
Colin van Oosterhout
Solution Expert/Business development manager
Adobe Systems Benelux
2005 Adobe Systems Incorporated. All Rights Reserved.2
Provide an overview of the security features in Adobe Acrobat so that you have the right knowledge to start protecting your PDFdocuments. This will ultimately lead to a secure document exchange workflow in your organization.
Goal of this seminar
2005 Adobe Systems Incorporated. All Rights Reserved.3
What it is not about today…
MD4, MD5 SHA-1, DES
SSO – Single Sign On
PKI – Private/Public key
Symmetric/Asymmetric
FIPS 140-1 level 3 validation
MSCAPI
HSM
Credential, Certificate
OCSP vs. CRL
PKCS #7, #10, #11
X.509 v3
Time stamping
2005 Adobe Systems Incorporated. All Rights Reserved.4
Agenda for this seminar
Introduction of Adobe
Adobe’s intelligent document platform
The importance of document security
Overview of the security methods in Adobe Acrobat
Throwing obstacles in the PDF document
Working with password security
Working with digital signatures
Working with DRM (Guest appearance Bart Vossen)
Wrap up
Q&A
2005 Adobe Systems Incorporated. All Rights Reserved.5
Adobe Systems Incorporated
62005 Adobe Systems Incorporated. All Rights Reserved.
Adobe Timeline and Innovations
1982
Technology Foundation Desktop Publishing Revolution The Internet Revolution Begins Cross-Media Publishing The Next Wave
1985 1986 1987 1990 1995 1999 2000 2002 2005
Company founded by
John Warnock
and Chuck Geschke
First Adobe®PostScript®
Printer & Imagesetter
Initial Public Offering
AdobeIllustrator®
2 EMPLOYEES
5,000EMPLOYEES
Flash®
AdobePhotoshop®
Aldus Acquisition
Adobe Acrobat® ,
Adobe PDF, and Adobe
Reader®
Bruce ChizenPromoted to
President & CEO
Shantanu Narayen Promoted to
President & COO
2004
MacromediaAcquisition
Adobe Intelligent Document Platform
AccelioAcquisition
Stephen ElopNamed President of
WW Field Operations
Adobe Products
82005 Adobe Systems Incorporated. All Rights Reserved.
600 millionPCs and devices
Widest Reach in the World
89%of PCs
97%of PCs
92005 Adobe Systems Incorporated. All Rights Reserved.
PartnersPartners
Adobe’s Customers
Knowledge Workers ConsumersCreatives DevelopersEnterprises
2005 Adobe Systems Incorporated. All Rights Reserved.10
Adobe’s Framework:the intelligent document
platform
The intelligent document platform
The intelligent document platform
The intelligent document platform
Introducing Adobe LiveCycleTM
LiveCycle: Flexible and scalable
Adobe Document Services
Collaboration
Review, comment & approval
Permanent electronic records
Document Generation
Office applicationsVolume/ad hoc Document creationPaper>DigitalPrint stream ReformattingGraphics manipulation
Process Management
Online form integrationOffline form processingWorkflow
Authenticity, integrity, and confidentiality
Document Control & Security
2005 Adobe Systems Incorporated. All Rights Reserved.17
Automated workflow processes
User driven workflow
Adobe documentservices and the role of Acrobat
2005 Adobe Systems Incorporated. All Rights Reserved.18
The Adobe Acrobat® Product Family
Adobe®Reader®
Adobe Acrobat Elements
Create reliable and secure PDF documents
from MS office files.
Adobe Acrobat Standard
Quickly and easily create, organize and
share secure PDF documents.
Adobe Acrobat Professional
Advanced creation, control and exchange of
high quality PDF documents.
Adobe Acrobat 3D
Publish, share and mark-up of 3D content inside intelligent and rich PDF
documents.
View, Print and search Adobe PDF documents.
Powerful interaction with documents and
electronic forms.
2005 Adobe Systems Incorporated. All Rights Reserved.19
The importance of document security
2005 Adobe Systems Incorporated. All Rights Reserved.20
Documents and forms are important communication means
Court documents
Loans
Contracts
Research reports
Procedures
Confidential dossiers
Geographic images
Permits
2005 Adobe Systems Incorporated. All Rights Reserved.21
Document security is a must…
2005 Adobe Systems Incorporated. All Rights Reserved.22
Information Security Needs
Authenticity:
Where did this data come from?
Integrity:
Has it been tampered with?
Access Control:
Who can access it?
Authorization:
What can they do with it?
Auditing:
What have they done with it?
2005 Adobe Systems Incorporated. All Rights Reserved.23
Demo: how can you see if a PDF document is
secured?
2005 Adobe Systems Incorporated. All Rights Reserved.24
When a PDF document is not secured
The document can be edited
Data (text, images, 3D, multimedia) can be extracted
The document can be printed
The document can be used in other applications
There is no guarantee to prove if and where the document is changed
No security on a PDF document is a high risk!
2005 Adobe Systems Incorporated. All Rights Reserved.25
Demo: the risks of a not secured PDF document
2005 Adobe Systems Incorporated. All Rights Reserved.26
Document compare functions
Compare documents
textual changes
Visual changes
Compare versions of documents (based on digital signatures)
Create a report
Side by side report
Consolidated report
2005 Adobe Systems Incorporated. All Rights Reserved.27
Demo: compare documents
2005 Adobe Systems Incorporated. All Rights Reserved.28
Zooming in on PDF
2005 Adobe Systems Incorporated. All Rights Reserved.29
PDF: the intelligent document
Forms
Validation &
Calculation
Dynamic structure
Security
WorkflowIntegration
XML, SOAPWeb-Services:
Sharing, archiving
Text, images, video, audio 2D drawings3D Models
2005 Adobe Systems Incorporated. All Rights Reserved.30
PDF is an open file format specification with over 1800 supporting vendors
Enables XML data integration
Adobe® Reader® is ubiquitous (500M+ distributed) on virtually every operating system and is an excellent security client
Security resides persistently within the document, independent of the network or distribution mechanism
PDF: the intelligent document
312005 Adobe Systems Incorporated. All Rights Reserved.
PDF based standards
Under consideration
PDF/Accessibility
PDF/Engineering
PDF/Finance
PDF/is—IEEE—Image-StreamableInternet Fax Transmission
Fax- and internet standard
PDF/A—NWI ISO/TC171/SC2 N226 E
Long term preservation of electronic documents
PDF/X—ISO 15929, 15930-1, 15930-3 15929:
Exchange of digital advertisement materials
15930-1: Use of CMYK
15930-3: Complete exchange of color managed workflows
PDF/x-2: Under development –replacing images and XMP
2005 Adobe Systems Incorporated. All Rights Reserved.32
The security methods in Adobe Acrobat
2005 Adobe Systems Incorporated. All Rights Reserved.33
Phases of Document Control and Security
1
2
3
4
Controlled electronic access with hard-copy distribution
Electronic distribution with password protection or read-only protection
Encryption and digital signatures
Dynamic encryption and user-specific rights and revocation
2005 Adobe Systems Incorporated. All Rights Reserved.34
The security methods in Adobe Acrobat
Document control (password security)
Certificate security (working with digital signatures)
DRM (Adobe LiveCycle Policy Server)
Start at the beginning: throwing obstacles in a PDF document
Adapting the interface of Adobe Acrobat
Create alert messages
Wrap a PDF inside another PDF
Hidden messages in Optional Content Groups (OCG)
Working with watermarks
Working with hiddenfields
2005 Adobe Systems Incorporated. All Rights Reserved.35
Throwing obstacles Demo 1: adapting the interface
of Adobe Acrobat
2005 Adobe Systems Incorporated. All Rights Reserved.36
Throwing obstacles Demo 2: the use of watermarks
in a PDF file
2005 Adobe Systems Incorporated. All Rights Reserved.37
Throwing obstacles Demo 3: “alert messages”
2005 Adobe Systems Incorporated. All Rights Reserved.38
ConfidentialityRights ManagementAccess Control
Document ControlSince Adobe Acrobat 2.0 - 1994
Digital SignaturesSince Adobe Acrobat 4.0 - 1999
AuthenticityIntegrityNon-repudiation
The Evolution of Effective Electronic Document Protection
2005 Adobe Systems Incorporated. All Rights Reserved.39
Document Control
Standards–based encryptionShared password (symmetric RC4)
Individual PKI certificates (asymmetric RSA)
LDAP client for real-time lookups and local address book for offline
Permissions controlPrinting
Content modification, including form fields
Copying of content
2005 Adobe Systems Incorporated. All Rights Reserved.40
Demo: password security
2005 Adobe Systems Incorporated. All Rights Reserved.41
Useful tips for choosing a password
Do not use short words that are very common in your language
“Dog” can be guessed in 2,425 attempts with “brute force”
Remember a sentence: I like to walk with my dog
Use the first letter of each word:: I L T W W M D
Change a letter based on the application that you work with and use mixed capitals
Acrobat = ACrowbT7 (26+26+10)^6= 56,800,235,584 combinations
2005 Adobe Systems Incorporated. All Rights Reserved.42
When a PDF document is not secured
The document can be edited
Data (text, images, 3D, multimedia) can be extracted
The document can be printed
The document can be used in other applications
There is no guarantee to prove if and where the document is changed
No security on a PDF document is a high risk!
2005 Adobe Systems Incorporated. All Rights Reserved.43
Demo: how other applications “respect”
security in a PDF document
2005 Adobe Systems Incorporated. All Rights Reserved.44
Setting security policies in Adobe Acrobat
To prevent the repetitive tasks of setting security for each new document, you can work with security policies in Adobe Acrobat.
Security policies can be used per document(type), but…
Security can also be set with the batch processing options of Adobe Acrobat.
Secure large volumes PDF with one single click
2005 Adobe Systems Incorporated. All Rights Reserved.45
Demo: setting security policies with Adobe
Acrobat
2005 Adobe Systems Incorporated. All Rights Reserved.46
Setting security policies in Adobe Acrobat
To prevent the repetitive tasks of setting security for each new document, you can work with security policies in Adobe Acrobat.
Security policies can be used per document(type), but…
Security can also be set with the batch processing options of Adobe Acrobat.
Secure large volumes PDF with one single click
2005 Adobe Systems Incorporated. All Rights Reserved.47
Demo: batch secure PDF documents
2005 Adobe Systems Incorporated. All Rights Reserved.48
Other options to set security
The Acrobat Distiller
The PDFMaker
Word
Excel
Powerpoint
Etc.
2005 Adobe Systems Incorporated. All Rights Reserved.49
Demo: set security with the PDFMaker
2005 Adobe Systems Incorporated. All Rights Reserved.50
Provides intentAuthenticates the person who
signs the documentEnsures the integrity of the
signed document
Provides intentAuthenticates the person who
signs the documentEnsures the integrity of the
signed document
The role of a “wet signature”
2005 Adobe Systems Incorporated. All Rights Reserved.51
A digital signature is the electronic equivalent of a handwritten signature
Ensures that:
The document has not been changed
The person who signs is who he says he is.
Cryptographic software process based on the exchange of symmetrical/Asymmetrical keys.
Much more paper based processes can come online by using digital signatures.
What are digital signatures?
2005 Adobe Systems Incorporated. All Rights Reserved.52
Working with digital signatures in Adobe Acrobat
Acrobat Self sign Certificates
Third party digital signatures
Entrust
Verisign
Geotrust
Etc.
SmartCard SmartCard Reader withSecure PIN-Entry
Software Applications for digital signatures.
All components must be evaluated – certified– and confirmed by legislation. Prefferably based onCommon Criteria (ISO 15408)
2005 Adobe Systems Incorporated. All Rights Reserved.53
Workflows for digital signatures
Report, Statement, Press release
Round Trip
Typically a dynamic document that requires filling and/or authorization
Electronic bills customer forms HR documents, etc.
One way
Typically static documents for a broad recipient base
2005 Adobe Systems Incorporated. All Rights Reserved.54
Demo: creating a self signed certificate
2005 Adobe Systems Incorporated. All Rights Reserved.55
Self signed certifcates in Adobe Acrobat
Since version 4.0 (Reader 5.1)
Signature is placed directly in the document, ideal for document processes.
Ideal for internal workflows, based on trust.
but:
Not compliant with legislation
Not legally binding
Not certified
Not complete
2005 Adobe Systems Incorporated. All Rights Reserved.56
Digital signature validation
Identity of the author– checked by Acrobat or a so called trusted third party (TTP)
Integrity of the content
Validation of the certificate – real time check when the PDF document is opened
Validity of the author is unknown
Invalid signature
Valid Signature
2005 Adobe Systems Incorporated. All Rights Reserved.57
Wet signatures and digital signatures, how well do they match?
Provides intentAuthenticates the person who
signs the documentEnsures the integrity of the
signed document
Provides intentAuthenticates the person who
signs the documentEnsures the integrity of the
signed document
2005 Adobe Systems Incorporated. All Rights Reserved.58
Client based and server based solutions for security
Client based:
The Adobe Acrobat Product family
Adobe Reader
Acrobat Elements
Acrobat Standard
Acrobat Professional
Acrobat 3D
Server based :
Adobe Livecycle Security Server
Adobe Livecycle Reader Extensions Server
Adobe Livecycle Policy Server
2005 Adobe Systems Incorporated. All Rights Reserved.59
An enterprise server for: Managing document control policies, authentication, auditing
Integrating with 3rd-party enterprise systems for user administration and content management
Enforcing time-based access requirements
Enabling policy changes after distribution (revocation)
Uses Adobe Acrobat & Adobe Reader as clients for authoring & viewing protected documents on the desktop
Built on industry standardsHTTP/SOAP: Connection between client and server can proxy through firewalls using SSL
AES: Encryption from RSA toolkit
Adobe Policy Server : An Enterprise Level Security Server
2005 Adobe Systems Incorporated. All Rights Reserved.60
Demo: Policy Server(Guest appearance Bart
Vossen)
612005 Adobe Systems Incorporated. All Rights Reserved.
Adobe Policy Server : Key Take Aways
Adobe Reader7/Acrobat7 on the Desktop
Dynamic Watermarks
Possibility to print in High or Low Resolution (Can’t scan) mode
Encryption of the:
Complete Document
Attachments
Metadata
DYNAMIC CENTRALISED Document Control
Policy definitions are stored in a Repository
Policy changes are reflected immediately
No definitions on the client / desktop
Users
Internal Users (LDAP Synchronised)
External Users
Anonymous users
Policy definitions can be overwritten for a specific user / group
Auditing
Fine-Grained auditing at Document Level (E.g. who changed, filled-out, printed, signed, etc.)
Offline auditing is supported
Based on Industry Standards
Developed in Java
Supports JBoss, BEA WebLogic, IBM WebSphere
Runs on Windows, Linux, Sun Solaris, IBM AIX
MySQL, SQL Server, Oracle, DB2 as Repository
LDAP Support: Sun, MS, Novell
2005 Adobe Systems Incorporated. All Rights Reserved.62
For every security application there is a solution!
LiveCycle Security ServerLiveCycle Reader Extensions ServerLivecycle Policy Server
2005 Adobe Systems Incorporated. All Rights Reserved.63
Wrap up: Adobe’s unique propositions with regards to document security
Dynamic permissions, even after publication/distribution
Change users, set expirations and revoke documents.
Ensure version control
Independent from a network or distribution mechanism
Online and offline
Gives access to documents inside and outside the firewall
Password security
Digital signatures
DRM
PDF and the Adobe Reader are everywhere!
Security is built in the PDF file specification
Works cross-platform: Windows, Mac, Linux
2005 Adobe Systems Incorporated. All Rights Reserved.64
Questions?
2005 Adobe Systems Incorporated. All Rights Reserved.65