adobe pdf and livecycle es security

2007 Adobe Systems Incorporated. All Rights Reserved.1

MAX 2007CONNECT. DISCOVER. INSPIRE.

LiveCycle Digital Security and Certification

Duane Nickull,

Sr. Technology Evangelist - Adobe Systems


Abstract (Remove)

This session will focus on the persistent rights management and document security technologies in the LiveCycle Enterprise Suite. The components explored will include LiveCycle Digital Signatures ES and LiveCycle Rights Management (formerly Policy Server). The thrust of the talk will focus on LiveCycle ES as a service oriented platform for delivering key interactions with remote clients but will also showcase core capabilities and delve quickly into SDK's and API's for developers.


Today’s Agenda – one hour

Architecture Dive – Adobe LiveCycle ES Security Architecture

Digital Signatures

LiveCycle Digital Signatures – Intro, Deployment, API’s

Adobe LiveCycle Rights Management – Intro, Architecture for deployment, Demo

Acrobat Digital Signature API Reference – Review

Resources: Adobe Developer Network

Google Groups (LiveCycle)


Old model for enterprise architecture (simple)

Server

Client


Enterprise 2.0

Definition: An adoption of Web 2.0 design patterns by Enterprises

Abstract Model for connecting and integrating capabilities and users

Patterns of interaction

“Don't treat software as an artifact, but as a process of engagement with your users. “

- Tim O’Reilly

Users

Services

Capabilities

Client Applications/Runtimes

Connectivity/Reachability

SOA


LiveCycle ES Architecture


The Genesis of LiveCycle ES

I want to connect these world!

Distributors& Agencies

Internal Processes ERP / ECM / CRM / BPM / Accounting

Customers& Citizens

Suppliers &Contractors


Closing the Engagement Gap with LiveCycle

Distributors& Agencies

Internal Processes ERP / ECM / CRM / BPM / Accounting

Customers& Citizens

Suppliers &Contractors

Document Output Electronic Forms Rich InternetApplications

Enterprise RightsManagement Digital Signatures “Human-centric” BPM

LiveCycleScalable engagement services


The Adobe technology platform architecture

ServiceTier

Resource Tier EISEIS DatabasesDatabases DirectoriesDirectories ECM Repository

ECM Repository

MessageQueues

MessageQueues

LegacySystemsLegacy

Systems

Design &DevelopmentTools

FlexBuilder

Eclipse

Notepad

LiveCycle Designer

ClientApplicationTier

HTTP/S, Sockets, AMF, RTMP,SOAP, WS*, REST, …

Printing & Scanning

Reader AcrobatConnect

BrowsersFlashPlayer

FlexAIR (Apollo)

Acrobat

WorkBench

Service Invocation Layer

Service ContainerRegistry

Service Provider Interface

LC Core Services

3rd PartyServices

Other?

?…

LC DataServices


Adobe LiveCycle ES Service Components

ServiceTier

Service Invocation Layer

Service ContainerRegistry

Service Provider Interface

LC Core Services

3rd PartyServices

FormsForms Process ManagementProcess Management

Production PrintProduction PrintBarcoded FormsBarcoded Forms

PDF GeneratorPDF GeneratorReader ExtensionsReader Extensions

Common Administration, Orchestration, Security, EncryptionCommon Administration, Orchestration, Security, Encryption

OutputOutput

Rights ManagementRights Management

Digital SignaturesDigital Signatures

Data ServicesData Services


LC ES Digital Signature Ecosystem

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.


LiveCycle Invocation


Digital Signatures

Adobe LiveCycle Document Security Server


Digital Signatures

DSig enables recipients to verify the integrity of an electronic document.

Integrity subject to many types of attacks. Mechanisms to combat include:

Parity Bits or Cyclical Redundancy Checking (CRC) functions - works well for intentional modifications but clever hackers can circumvent.

One way hash (fixed length value) - unique fingerprint can detect if document has been altered by re-computing the hash (commonly MD5, SHA-1, SHA-256)

Message Authentication Codes (MAC) - prevent hacker from intercepting, modifying and attaching new hash. Symmetric key is connected to the MAC then hashed (HMAC). Without the key, attacker cannot forge new message.


How it works - Signing PDF Documents


ByteRange and Signature value


The PDF Save/Hash/Update Process

Hash computed over entire PDF file

byte 0 to last, excluding signature

Signature placed in PDF:

PDF -> disk worst case space left for sig value.

Once sig value is known (offsets in file), ByteRange array overwritten with absolutes. NOTE: byte offsets MUST NOT change, extra bytes overwritten with spaces.

Hash of entire file computed using SHA-1.

Hash encrypted with signer’s private key

PKCS#7 signature object generated.

Signature object placed in file on disk, overwrites placeholder value. Space not used for the signature object is overwritten with spaces.

PDF re-loaded in Acrobat. Ensures in-memory and disk versions match.


Multiple Signatures


Dsig Check list

Public Key Infrastructure (PKI)

Certificate Revocation List (CRL)

Online Certificate Status Protocol (OCSP)


PKI mechanisms

Public Key Cryptography Standards (PKCS) - set of standard protocols used by PKI vendors including RSA encryption, cryptographic syntax for S/MIME, extended certificate syntax and more.

Registration Authority (RA) - background checks of people, PDP authentication.

Certificate Repositories;, Key update, backup, recover, history; Cross-certification and Time stamping.


Demo

Adobe Acrobat

Custom Communications Form Sample Simple signing and break signature value.


Adobe LiveCycle Digital Signatures


LiveCycle Digital Signatures

Server used for: Publishing "certified" documents that can prove the authenticity

and integrity of the document.

Control the changes that are permitted in documents as they flow through a business process with a certification signature.

Digitally sign documents before they are archived to improve compliance metrics.

Automate the signature validation process for PDF documents.

Leverage existing investments in public key infrastructure (PKI) protocols.


For developers

http://livedocs.adobe.com/


Samples - retrieve Dsig field names

import java.util.*;

import java.io.FileInputStream;

import com.adobe.livecycle.signatures.client.*;

import com.adobe.livecycle.signatures.client.types.*;

import com.adobe.idp.Document;

import com.adobe.idp.dsc.clientsdk.ServiceClientFactory;

public class GetSignatureFields {

public static void main(String[] args) {

try {

//Set connection properties required to invoke LiveCycle ES Properties connectionProps = new Properties();

connectionProps.setProperty("DSC_DEFAULT_EJB_ENDPOINT", "jnp://localhost:1099");

connectionProps.setProperty("DSC_TRANSPORT_PROTOCOL","EJB");

connectionProps.setProperty("DSC_SERVER_TYPE", "JBoss");

connectionProps.setProperty("DSC_CREDENTIAL_USERNAME", "administrator");

connectionProps.setProperty("DSC_CREDENTIAL_PASSWORD", "password");


Samples - retrieve Dsig field names (2)

//Create a ServiceClientFactory instance

ServiceClientFactory myFactory

ServiceClientFactory.createInstance(connectionProps);

//Create a SignatureServiceClient object

SignatureServiceClient signClient = new SignatureServiceClient(myFactory);

//Specify a PDF document that contains signature fields

FileInputStream fileInputStream = new FileInputStream("C:\\Adobe\\Loan.pdf");

Document inDoc = new Document (fileInputStream);

//Retrieve the name of the document’s signature fields

List fieldNames = signClient.getSignatureFieldList(inDoc);


Samples - retrieve Dsig field names (3)

//Obtain the name of each signature field by iterating List

Iterator iter = fieldNames.iterator();

int i = 0 ;

String fieldName="";

while (iter.hasNext()) {

PDFSignatureField signatureField = (PDFSignatureField)iter.next();

fieldName = signatureField.getName();

System.out.println("The name of the signature field is " +fieldName);

i++;

}

}catch (Exception ee) {

ee.printStackTrace();

}


Adobe LiveCycle Rights Management


Securing information is important ”not optional”

Mandatory compliance with: Sarbanes-Oxley (Section 404) (USA)

NASD 2711 (USA)

BS1779 – (UK)

ITAR Export Control

Directive 95/46/EC of the European Parliament

California's Information Practices Act (SB 1386)

SEC Rule 17a-4

HIPAA

Personal Information Protection and Electronic Documents Act (Canada)

Protect corporate image / brand trust Employee turnover increases risk; mobile workstations, theft of laptops etc.

Prevent Phishing (customer relations ruined)

Mitigate the risk of espionage Removes the temptation and mitigates accidental disclosure.


Author

Secure Pipe Approach

Access Control Approach

File System

Unauthorized Users

Recipient

Lack persistent access controls to prevent information re-distribution

Cannot dynamically change rights/access after distribution

Shortcomings of Current Information Assurance Approaches


Adobe® LiveCycle™ Rights Management

Controls

Who can open a document

What they can do with it

Expiration/revocation

Version control

Auditing

Works with Adobe Acrobat, Microsoft Office and CATIA


Adobe provides persistent protection for information


Adobe’s Contribution to Information Assurance

Data is secured at the document level, throughout its lifecycle

Document authenticity/integrity can be verified at any time

Only the intended recipients can view protected documents

A chain of custody is maintained for all documents via an audit trail

Protected documents are easily shared across organizations


Security technologies


Secure Messaging (WS-Security)


Deployment Architecture – within enterprise


Deployment Architecture – external use


Demo !

LiveCycle Rights Management


Orchestrating Security

And demo…


Digital Signature Plug in Architecture

Adobe Acrobat implements digital signatures using plug-ins for generic functions common to all digital signatures.

Support for specific kinds of signatures (signing methods): Public-private key (PPK)

Handwriting

Biometrics (retinal scans, fingerprints)

…

Development Kit (SDK):

http://partners.adobe.com/asn/developer/acrosdk/main.html


Digital Signature Plug in Architecture


Q & A

Contacts: [email protected] (Blog: http://technoracle.blogspot.com)

References: LiveCycle Developer Centre: http://www.adobe.com/devnet/livecycle/

Google Groups - LiveCycle Developers Group


Architecture Summary – LiveCycle ES

LC ES is a true platform.

Core services for PDF security, rights management, generation and various core libraries.

Service invocation layer calls underlying capabilities and APIs.

Operations exposed by Invocation later for the PDF Encryption Service may be called locally or remotely.

Remote callers can use: Watch Folder

Web Services

EJB’s

Other…

PDF Encryption Service exposed via a Developer SDK used for integration with Third Party Applications.


Advanced Encryption Standard (AES)

How it actually works


AES

AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits.

The key is expanded using Rijndael's key schedule.

Most of AES calculations are done in a special finite field.

Operates on a 4×4 array of bytes (the State)

For encryption, each round of AES (except the last round) consists of four stages:

SubBytes, ShiftRows, MixColumns and AddRoundKey

The final round omits the MixColumns stage.


Building an AES Cypher – Stages 1 & 2

Subbyte: Non-linear substitution step where each byte is replaced with another according to a lookup table.

ShiftRows — a transposition step where each row of the state is shifted cyclically a certain number of steps.


Building an AES Cypher – Stage 3

MixColumns - four bytes of each column (state) are combined using invertible linear transformation. Each column is treated as a polynomial over GF(28) and is then multiplied modulo x4 + 1 with a fixed polynomial c(x) = 3x3 + x2 + x + 2.


Building an AES Cypher – Stage 4

AddRoundKey - the subkey is combined with the state. For each round, a subkey is derived from the main key using the key schedule; each subkey is the same size as the state. The subkey is added by combining each byte of the state with the corresponding byte of the subkey using bitwise XOR.


Technical Notes

Supplemental


Confidentiality and Encryption of Information

Encryption is the process of transforming information (plaintext) into an incomprehensible form (ciphertext). Encryption is an effective technique for managing document access.

Decryption is the reverse process that transforms ciphertext back to the original plaintext.

Cryptography refers to the two processes of encryption and decryption and its implementation is referred to as a cryptosystem.

Keys are used for encryption and decryption.

Symmetric Keys – Adobe uses 128 bit AES keys for documents.

Asymmetric Keys – Adobe uses RSA (512-, 1024-, and 2048-bit) elsewhere

Adobe also offers a hybrid approach for encryption.


Other security features…

Authentication/integrity of electronic data. Parity bits or Cyclical Redundancy Checking (CRC) functions—CRC

functions work well for unintentional modifications, such as wire interference, but they can be circumvented by a clever attacker.

One-way hash—creates hash value or message digest for a message of any length. Adobe has adopted the SHA-1 and SHA-256 algorithms because of their wide acceptance as a security standard.

Message Authentication Codes (MAC)—prevents an attacker from obtaining the original message, modifying it, and attaching a new hash. In this case, a symmetric key is connected to the MAC and then hashed (HMAC). Without the key, an attacker cannot forge a new message. Adobe uses HMACs where appropriate.


Security Regulations

supplementry


Compliance

ITAR/Export Control The U.S. government’s International Traffic in Arms Regulations (ITAR)

govern the dissemination of a broad array of information. Among other requirements, they prohibit disclosing or transferring regulated technical data to a foreign person, whether in the United States or abroad. Companies that export products—particularly in the high-tech, aviation, and military sectors—must put in place mechanisms that prevent violations of U.S. export laws. These regulations hold companies accountable for the acts of anyone that accesses technical data. Penalties for export violations can be severe—$1M and 10 years in prison per violation, prohibitions against future exports by the company, and the loss of government contracts.

The Department of State’s Directorate of Defense Trade Controls has guidelines that suggest:

Export controlled documents should be “tagged” to identify their status Establishing a procedure to combat illegal transfers Regular audits to ensure integrity of program Procedures to investigate any potential diversions https://www.pmdtc.org/docs/itar/itar_part_125.pdf


Photo assets

602007 Adobe Systems Incorporated. All Rights Reserved.

Three (long) or four (short) bullets go here to describe the image, diagram or screenshot in the pod above

*A 10 point footnote can go here, if necessary

50-50 Split Pod Layout


This layout is generally used for diagrams or large photos that look awkward in a pod


No Pod Layout


Useful for comparing four concepts side-by-side


Pod 1 Title Pod 2 Title Pod 3 Title Pod 4 Title

4 Column Split Pod Layout


Information goes here, and one or two images can sit in the gray area on the right


Pod-On-Right Layout


Useful for comparing four concepts


Four Quadrant Split Pod Layout


Useful for comparing two concepts side-by-side with data content below

Optional Split Pod Layout