You can't talk about PDF security without having a clear idea as to what security objectives you wish to meet for what is called your Security Target (a Security Target is a complete and rigorous description of a security problem - Common Criteria ITSEC).
Your Security Target is to prevent a PDF file from being:
- Altered or misrepresented (falsification);
- Used by unauthorised people;
- Redistributed without permission.
This can now be turned into a number of security objectives that, when taken together, provide the state of PDF security that is your requirement.
It is possible to prevent a PDF file from being altered or misrepresented using encryption, which may or may not make use of a digital signature to indicate tampering. Signature technology was originally specified by what is now the International Telecommunications Union back in 1988 (yes really) but has had a rather chequered implementation history. However, encryption techniques themselves are really successful at preventing falsification and are commonly used.
Stopping use by unauthorised people is just the same as controlling use of your online bank account. You need some kind of licensing scheme to administer users and grant them access according to the policy(ies) that you have put in place. And that licensing system must be robust enough to withstand attack and to detect attempts to misuse it. This would include stopping multiple attempts to use the same license, or to use features the license did not allow. Since we are going to be using encryption, the licensing system is going to have to administer whatever cryptographic information is needed to make secure PDF documents accessible.
Preventing redistribution without permission is technically more demanding, and in technology terms, more problematic. If the human eye can read a computer screen, then so can a cell phone camera. It might be theoretically possible to agree an international standard for showing a â€˜mask' over the screen image that a camera could detect and show a blank image (a scheme on photocopiers for recognising watermarks on printed documents and emphasising them has been in use for some time to try and reduce counterfeiting) but there is little industry appetite for this and possibly public disquiet about the use of such a technology.
However, the idea of watermarking viewed images, perhaps with a copyright statement, or the identity of the authorised user, whilst it will not stop them taking photos may well encourage them not to because of the work needed to remove the watermarks.
A common requirement is stopping people from making printed copies, which they may then scan back into a computer in order to redistribute (or may send to a print file, and copy that). If printing must be allowed then you cannot prevent scanning if someone is that determined (the size of the document obviously has an impact). But again, the use of watermarking on the printed output will act to dissuade people from identifying themselves with â€˜pirated' copies.
Other methods for obtaining copies include the use of automated screen grabbers. Normally, applications programs are not set up to check if a screen grabber is running, or to prevent the use of such keys as Print Screen, and these features would have to be implemented if your security target is to be achieved. You need to be aware that some manufacturers refuse to allow such features to be implemented where their operating systems are being used, and that this may be in contradiction of your own policy (and an implied license for their users that is senior to what you would allow). This may lead you into a difficult decision as to whether you wish to use a platform that forbids your security objectives, or not. Again, the use of on-screen watermarking can act as a deterrent to people taking copies of screen images as they have to re-process them to remove their own identity.
Other ways of preventing redistribution include not having the options to â€˜Save' or â€˜Save as' to create an uncontrolled PDF version as opposed to one with PDF security. To make this real there must be no code in the application (or browser) that could allow these facilities, or a hacker might be able to restore them and circumvent your policy.
So if you are looking for a PDF security system that matches your objectives look at systems that deliver the security objectives we have identified. And if they do not meet the objectives, then draw your own conclusions.
Jo Fletcher is an avid writter on matters related to document security and digital rights management. She is currently affiliated to pdfsecurity.org