Saved in:
Bibliographic Details
Main Authors: Bland, Maxwell, Iyer, Anushya, Levchenko, Kirill
Format: Preprint
Published: 2022
Subjects:
Online Access:https://arxiv.org/abs/2206.02285
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909816971067392
author Bland, Maxwell
Iyer, Anushya
Levchenko, Kirill
author_facet Bland, Maxwell
Iyer, Anushya
Levchenko, Kirill
contents In this work we find that many current redactions of PDF text are insecure due to non-redacted character positioning information. In particular, subpixel-sized horizontal shifts in redacted and non-redacted characters can be recovered and used to effectively deredact first and last names. Unfortunately these findings affect redactions where the text underneath the black box is removed from the PDF. We demonstrate these findings by performing a comprehensive vulnerability assessment of common PDF redaction types. We examine 11 popular PDF redaction tools, including Adobe Acrobat, and find that they leak information about redacted text. We also effectively deredact hundreds of real-world PDF redactions, including those found in OIG investigation reports and FOIA responses. To correct the problem, we have released open source algorithms to fix trivial redactions and reduce the amount of information leaked by nonexcising redactions (where the text underneath the redaction is copy-pastable). We have also notified the developers of the studied redaction tools. We have notified the Office of Inspector General, the Free Law Project, PACER, Adobe, Microsoft, and the US Department of Justice. We are working with several of these groups to prevent our discoveries from being used for malicious purposes.
format Preprint
id arxiv_https___arxiv_org_abs_2206_02285
institution arXiv
publishDate 2022
record_format arxiv
spellingShingle Story Beyond the Eye: Glyph Positions Break PDF Text Redaction
Bland, Maxwell
Iyer, Anushya
Levchenko, Kirill
Cryptography and Security
In this work we find that many current redactions of PDF text are insecure due to non-redacted character positioning information. In particular, subpixel-sized horizontal shifts in redacted and non-redacted characters can be recovered and used to effectively deredact first and last names. Unfortunately these findings affect redactions where the text underneath the black box is removed from the PDF. We demonstrate these findings by performing a comprehensive vulnerability assessment of common PDF redaction types. We examine 11 popular PDF redaction tools, including Adobe Acrobat, and find that they leak information about redacted text. We also effectively deredact hundreds of real-world PDF redactions, including those found in OIG investigation reports and FOIA responses. To correct the problem, we have released open source algorithms to fix trivial redactions and reduce the amount of information leaked by nonexcising redactions (where the text underneath the redaction is copy-pastable). We have also notified the developers of the studied redaction tools. We have notified the Office of Inspector General, the Free Law Project, PACER, Adobe, Microsoft, and the US Department of Justice. We are working with several of these groups to prevent our discoveries from being used for malicious purposes.
title Story Beyond the Eye: Glyph Positions Break PDF Text Redaction
topic Cryptography and Security
url https://arxiv.org/abs/2206.02285