Currently Iam creating a digital and electronic signature using apache pdfbox. Recently i came to know the vulnerabilities in digital and electronic signature like Universal Signature Forgery (USF), Incremental Saving Attack (ISA) and Signature Wrapping (SWA). Does PDFBox takes this care automatically or do we need to enforce additionally in code to take care of this
How can i prevent Universal Signature Forgery (USF) , Incremental Saving Attack (ISA), Signature Wrapping (SWA) in Apache PDFBox
633 Views Asked by Vimal Gunasekaran At
1
There are 1 best solutions below
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in DIGITAL-SIGNATURE
- Locking PDF after filling out text field
- Why do some cryptographic signature npm packages (like superdilithium) convert text to an array of integers before signing?
- Itext pdf deferred signing with invalid signature
- RSASSA-PSS signature verification fails dues to padding with mbedtls but succeeds in Python
- Android - sign XML file
- How cosign finds a record in Rekor when verifying?
- Cosign giving error signing ECR images. Keyless signing with github repo certificate using git_ref
- Why does digitally signing with Adobe Reader cause Windows Cryptographic errors
- EC Keypair Issue: Can't verify a signature with the correct public key
- Flutter Android application is not installing after release signing
- Digitially sign a PDF using java
- Can't install after recompiled android code
- xml signing with google-cloud-kms in java/kotlin
- How do I sign an Excel C# COM Addin?
- Unable to create Pkcs11SignatureToken with JDK21
Related Questions in PDFBOX
- How to differentiate between background color and text color?
- When adding an image to a pdf file using pdfbox the image is added without color, a part of the image should be red but it is black
- PDField set default appearances multiple fonts - pdfbox 2.0
- Draw transparent png image to pdf using pdfbox and seeing gray halo around the edges
- Why does transforming PDF pages drop embedded fonts?
- How to fit a text to a position by PDFBox
- Deployed jar get java.lang.ClassNotFoundException: org.apache.pdfbox.pdmodel.PDDocument
- How to remove nested structure of containers inside content panel
- Digitially sign a PDF using java
- Blue box appearing instead of digital signature and signature panel contains unsigned signatures
- PDFBox - Extract rotated text
- Issue in PDFBox
- Potentially incorrect calculation of the character width when filling in the AcroForm field with the isComb attribute using PDFBox
- Itext and Pdfbox Rotation settings compatibility issues
- Apache PdfBox - MultiLine Content being overwritten while writing into pdf
Related Questions in ELECTRONIC-SIGNATURE
- Unable to create Pkcs11SignatureToken with JDK21
- How do I submit data to a hidden form field rather than submitting it on DOM?
- Issue with Electron Application Build on Windows using electron-builder
- How to show accept terms and conditions in MAC build after click on application dmg file
- How do you insert a embedded gif into an Outlook Email Signature? I want to insert a gif into my email signature that links to a website
- Java Apache PDFBox - issue with generating the hash for external signing or with merging it back - adding Public key certificate chain to PDF
- Creating an electronic signature in PHP in openssl
- PDFBox signed Document prevents modification
- Is there a way to change stroke color in html canvas using css
- Merging PDF signatures of the same PDF
- How can I get Ak8963 Address from MPU9250
- Electron app is not available for testing with TestFlight
- java.lang.NoSuchMethodError: 'void org.glassfish.jersey.model.internal.CommonConfig.<init>(javax.ws.rs.RuntimeType, java.util.function.Predicate)'
- What happens to Huffman in this case (compressing image)
- Sign git commits in Linux with X.509 certificates
Related Questions in PROTECT-FROM-FORGERY
- Why aren't more of my controllers failing due to skip_forgery_protection not being used?
- How can i prevent Universal Signature Forgery (USF) , Incremental Saving Attack (ISA), Signature Wrapping (SWA) in Apache PDFBox
- Can't verify CSRF token authenticity Rails/React
- CSRF issue on embedded form
- use protect_from_forgery with: :exception but redirect user to login page if session expired
- CSRF detected error message on refreshing webpage
- Rails 403 response on session expired when using protect_from_forgery
- Rails 4 upgrade throwing InvalidAuthenticityToken
- Ruby-on-rails test raising InvalidCrossOriginRequest when rendering a JS view
- How to detect person is typing SSN data in non masked field on client side?
- Does `protect_from_forgery with: :exception` crash process?
- InvalidAuthenticityToken errors in mobile
- Stubbing protect_from_forgery in rspec for API specs
- ActionController::InvalidAuthenticityToken in Rails Engine
- Rails protect_from_forgery problems and warning with C#/unity3D
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
On the attacks themselves
To start with, the attacks mentioned have been developed in a master thesis ("Security of PDF Signatures" by Karsten Meyer zu Selhausen at the Ruhr-Universität Bochum) publicly made available in February 2019. A pre-release of the derived "Vulnerability Report" has been shared and discussed with a number of information security related organizations in November 2018, so a number of the PDF signature validators tested in the paper meanwhile have been fixed to properly show a signature validity violation or restriction. You can find an overview on the PDF insecurity site.
Reading the thesis and inspecting the examples I got the impression that the author and his advisers have not yet dealt with PDFs for very long, at least not in depth. Two examples of what caused this impression:
The thesis explicitly is based upon the PDF Reference 1.7, published 2006, it is aware of PDF having become an ISO standard in 2008 (ISO 32000-1) which meanwhile, in 2017, has been updated (ISO 32000-2).
The effect is that certain aspects in it simply are outdated. E.g.
The manipulations (foremost in the context of the USF attacks) were done without adequate respect for the validity of the resulting PDFs.
A visible effect is e.g. that after opening the test PDFs in Adobe Reader, closing it again causes the viewer to ask whether it should save the changes, i.e. the repairs to the file the viewer had to apply to make it valid enough for the viewer to display it properly. On one hand this behavior can make a user wary of manipulations, and on the other hand these repairs by themselves can already invalidate a signature making a probably good attack fail.
For some attack scenarios invalid PDFs are ok, maybe even productive, but in many scenarios they are unnecessary and should be avoided.
Nonetheless the attacks are interesting, in particular they make me wonder what attacks might be devised by attackers who do have a more in-depth knowledge of PDFs...
Preventing upcoming attacks as a PDFBox based signer
The OP is "creating a digital and electronic signature using apache pdfbox" and in respect to the attacks above wonders what he as a signature creator can do to prevent attacks.
There actually is little the signature creator can do to prevent the attacks, it mostly is the job of the signature validator to recognize manipulations.
In one way, though, he can help: Some variants of the signature wrapping attack use the area of the trailing string of 00 bytes in the signature content; so he can help prevent some attacks by keeping that string as short as possible. Unfortunately there are numerous signing setups in which one can hardly predict the size of the signature container to embed here, so a certain number of trailing 00 bytes can hardly be avoided.
Additionally you can make your signatures certification signatures with "no changes allowed" - validators which respect the certification level this way more easily can recognize and report any changes as disallowed. This might be a bit of a hindrance, though, if used in the context of Long Term Validation extensions.
Correctly recognizing attacks as a PDFBox based validator
First of all, PDFBox does not provide a ready-to-use utility that checks the kind of changes made in an incremental update. Unless you implement that yourself, therefore, your validator can say only for signatures covering the whole document that they sign what the file shows. For previous signatures it can merely say that the respective signature signed some earlier revision of the document but not whether or not that revision corresponds to the current revision anyhow.
A PDFBox based validator (without a large own contribution for revision comparison) in its report for a signature not covering the whole document must indicate this fact and ask the user to determine the changes between revisions manually.
Running the PDFBox signature validation example
ShowSignatureagainst the sample attack files from the PDF security site (here), one gets the following results:NoSuchAlgorithmException.NullPointerException.ClassCastException.CMSException.(Result of the SecurityThesisValidation test)
Thus, as long as a PDFBox based validator correctly outputs the "Signature does not cover whole document" warning where applicable and outputs a "Failure" or "Unknown" in case of arbitrary exceptions, it does not fall prey to the present attack files.
As @Tilman also said in a comment to the question, deactivating lenient mode when loading PDFs for validation might be a good idea. That would catch most ISA and some USF attacks already before any validation routines could be fooled...
Beware, though: As mentioned above the thesis and the example files show some deficiencies. Thus, there is a chance that PDFBox is susceptible to improved versions of the attacks. In particular the signature wrapping approach looks promising as PDFBox uses the Contents string only and does not compare it to the contents of the byte ranges gap.