On Security in the Digital Office

Jens Müller

Abstract

The digital office or electronic office is a term established in the 1980s to describe the radical transformation of our workplaces from the analog to the digital age. Although the digital office is reality in most businesses, organizations, and public authorities nowadays, it is based on legacy protocols and data formats still in active use today. In this work we perform an in-depth analysis of the building blocks of the digital office, with a focus on email security, document security, and printer security. We show significant design flaws in the applied technologies, which date back to the early 1980s (PostScript), the 1990s (PJL, PDF, PGP, S/MIME), and the 2000s (ODF, OOXML). These legacy technologies are by no means obsolete, instead they became well established, indispensable, and ubiquitous: PostScript and PJL interpreters are available on almost every laser printer that exists, as well as on most Linux systems, including servers. PDF is arguably the world’s most widely used document format. PGP and S/MIME are the major technologies for end-to-end email encryption and digital signatures. OOXML and ODF are the standard formats for word processing, spreadsheets, and presentations, as used by Microsoft Office and LibreOffice. This thesis aims to be an important contribution in order to protect the digital office, which is a precondition to secure the promise of digitization. We analyze fundamentals, attacks, and countermeasures related to typical workflows in offices: sending confidential emails, working with documents, and printing them to paper. Email Security. We demonstrate practical attacks on email end-to-end encryption such as Efail direct exfiltration, convert content attacks, and flaws based on legitimate features of email. These vulnerabilities allow us to recover the full plaintext of PGP and S/MIME encrypted messages. Furthermore, we show signature forgery attacks which allow to spoof PGP and S/MIME signatures in all major email clients. Document Security. We systematically analyze the capabilities of documents based on widely used standard data formats such as PDF, ODF, OOXML, and PostScript, thereby revealing various security flaws in their specifications. Our attacks range from Denial-of-Service caused by malicious documents to accessing local files on disk and executing arbitrary code. Besides, we show how to break PDF encryption by exfiltrating the plaintext of encrypted documents, known as the PDFex attacks. Printer Security. Printers are still one of the most essential devices in many offices. They have evolved to complex systems, carrying confidential data in their print jobs. This makes them to an attractive target. We present a large scale analysis of printer attacks, based on exploiting standard printer languages such as PJL and PostScript.

Tags: