Drumlin Security

How secure is Secure?

There are many products and services that purport to provide security for PDF documents:

First, of course, there is Adobe's flagship product set, the Acrobat (c) Reader and Acrobat Standard and Professional Editions which are used to create and apply security profiles to Adobe PDFs. The standard security facilities within these products rely on setting passwords and using relatively low-strength encryption algorithms to protect document security settings. As has been widely reported, there are dozens of free and commercial software products that remove this security, thus exposing such PDFs to copying, onward distribution and alteration. A second, again widely reported problem is the risk of virus infection from Adobe PDFs, mainly as a result of the support for Javascript provided within this product offering. Finally, even with various document protection tools, such PDFs are not limited to use by a single individual or device unless also managed via a digital rights management (DRM) service, and these are typically very expensive to set up.

Several software providers have sought ways around the above problems. A number of these use Adobe's ActiveX control and/or wrappers that encompase the Adobe Reader in order to offer additional security whilst maintaining use of the standard Adobe reader engine. Unfortunately these offerings are also very exposed to direct and indirect attack, for example through enabling of the status bar and subsequent extraction of the source document, or through access to temporary files used in some instances. Stronger solutions than these are clearly necessary.

The strongest solutions are those offered by Drumlin Security, FileOpen and LockLizard . All three provide a highly secure reader environment and full digital rights management (DRM) facilities. FileOpen is the only one of these three that is built aound the Adobe engine, and thus benefits from the widespread use and familiarity of this product set. Locklizard and Drumlin both use their own PDF readers, which have the benefit of increased security: no Javascript problems and unlike Adobe-based solutions such as FileOpen, these offerings at not required to specify their security framework to Adobe and the USA military authorities. Locklizard's PDF reader is based on the Foxit SDK. Drumlin's V4 reader uses our own PDF rendering library and is a full functionality PDF reader. Price is an important differentiator between these three suppliers. FileOpen and LockLizard's standard software can a price tag of approximately USD$2500 for a single-user publishing licence, whilst Drumlin is provided at no fee for standard usage. The three suppliers provide comparable levels of document control, with date/time, view, print, copy and other controls easily applied and managed. Obviously each has its own security implementation, and it is to be expected that the specifics of the security model applied are as important as the encryption algorithms, if not more so.

Date/time controls are often provided within document security systems, and where the end user holds the source document locally on their machine, there is always the risk that these controls may be by-passed by the user altering their system clock - e.g. setting the date forwards or backwards to fool the security. The only robust defense against this is to ensure that in addition to start/end date setting there is the option to require an online check, whereby the DRM or a network-based clock is checked to validate usage before the document can be opened.

In reality, if users are allowed to print a PDF to paper copy there is no way of preventing the output being scanned in an turned into a new, unrestricted PDF, in much the same way as a book or report might be scanned illegally. Likewise, simply by providing the text in visual form enables it to be copied by re-keyboarding the material - tedious but entirely possible. Adding copyright notices on every page and/or watermarking helps discourage this, of course, but is not a complete solution. Application-specific watermarking (identifying the person printing the document and the date/time of printing etc) is a better option. The principal aim should be to make it extremely difficult to by-pass the security you provide, and many of the basic 'solutions' fail to achieve this. The best solutions provide very high levels of security, at low incremental cost, in the simplest possible manner from the perspective of both the end user and the document publisher.