On Se­cu­ri­ty in the Di­gi­tal Of­fice

Jens Mül­ler


Ab­stract

The di­gi­tal of­fice or elec­tro­nic of­fice is a term es­ta­blis­hed in the 1980s to de­scri­be the ra­di­cal trans­for­ma­ti­on of our work­pla­ces from the ana­log to the di­gi­tal age. Alt­hough the di­gi­tal of­fice is rea­li­ty in most busi­nes­ses, or­ga­niza­t­i­ons, and pu­blic aut­ho­ri­ties no­wa­days, it is based on le­ga­cy pro­to­cols and data for­mats still in ac­tive use today. In this work we per­form an in-depth ana­ly­sis of the buil­ding blocks of the di­gi­tal of­fice, with a focus on email se­cu­ri­ty, do­cu­ment se­cu­ri­ty, and prin­ter se­cu­ri­ty. We show si­gni­fi­cant de­sign flaws in the ap­p­lied tech­no­lo­gies, which date back to the early 1980s (Post­Script), the 1990s (PJL, PDF, PGP, S/MIME), and the 2000s (ODF, OOXML). These le­ga­cy tech­no­lo­gies are by no means ob­so­le­te, in­s­tead they be­ca­me well es­ta­blis­hed, in­dis­pensa­ble, and ubi­qui­tous: Post­Script and PJL in­ter­pre­ters are avail­able on al­most every laser prin­ter that exists, as well as on most Linux sys­tems, in­clu­ding ser­vers. PDF is ar­gu­ab­ly the world’s most wi­de­ly used do­cu­ment for­mat. PGP and S/MIME are the major tech­no­lo­gies for end-to-end email en­cryp­ti­on and di­gi­tal si­gna­tu­res. OOXML and ODF are the stan­dard for­mats for word pro­ces­sing, spre­ads­heets, and pre­sen­ta­ti­ons, as used by Micro­soft Of­fice and Li­bre­Of­fice. This the­sis aims to be an im­portant cont­ri­bu­ti­on in order to pro­tect the di­gi­tal of­fice, which is a pre­con­di­ti­on to se­cu­re the pro­mi­se of di­gi­tiza­t­i­on. We ana­ly­ze fun­da­men­tals, at­tacks, and coun­ter­me­a­su­res re­la­ted to ty­pi­cal work­flows in of­fices: sen­ding con­fi­den­ti­al emails, wor­king with do­cu­ments, and prin­ting them to paper. Email Se­cu­ri­ty. We de­mons­tra­te prac­tical at­tacks on email end-to-end en­cryp­ti­on such as Efail di­rect ex­fil­tra­ti­on, con­vert con­tent at­tacks, and flaws based on le­gi­ti­ma­te fea­tures of email. These vul­nerabi­li­ties allow us to re­co­ver the full plain­text of PGP and S/MIME en­cryp­ted mes­sa­ges. Fur­ther­mo­re, we show si­gna­tu­re for­ge­ry at­tacks which allow to spoof PGP and S/MIME si­gna­tu­res in all major email cli­ents. Do­cu­ment Se­cu­ri­ty. We sys­te­ma­ti­cal­ly ana­ly­ze the ca­pa­bi­li­ties of do­cu­ments based on wi­de­ly used stan­dard data for­mats such as PDF, ODF, OOXML, and Post­Script, the­re­by re­vea­ling va­rious se­cu­ri­ty flaws in their spe­ci­fi­ca­ti­ons. Our at­tacks range from De­ni­al-of-Ser­vice cau­sed by ma­li­cious do­cu­ments to ac­ces­sing local files on disk and exe­cu­ting ar­bi­tra­ry code. Be­si­des, we show how to break PDF en­cryp­ti­on by ex­fil­tra­ting the plain­text of en­cryp­ted do­cu­ments, known as the PDFex at­tacks. Prin­ter Se­cu­ri­ty. Prin­ters are still one of the most es­sen­ti­al de­vices in many of­fices. They have evol­ved to com­plex sys­tems, car­ry­ing con­fi­den­ti­al data in their print jobs. This makes them to an attrac­tive tar­get. We pre­sent a large scale ana­ly­sis of prin­ter at­tacks, based on ex­ploit­ing stan­dard prin­ter lan­gua­ges such as PJL and Post­Script.

[PDF]

Tags: