{"id":7856,"date":"2020-03-04T10:17:19","date_gmt":"2020-03-04T07:17:19","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=7856"},"modified":"2020-03-04T10:17:19","modified_gmt":"2020-03-04T07:17:19","slug":"36c3-pdf-encryption","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/36c3-pdf-encryption\/7856\/","title":{"rendered":"\u015eifrelenmi\u015f bir PDF&#8217;i okuyabilir misiniz?"},"content":{"rendered":"<p>Dosya format\u0131n\u0131n teknik \u00f6zelliklerine g\u00f6re PDF, Cipher Block Chaining (CBC) \u015fifreleme moduyla AES algoritmas\u0131n\u0131 kullanarak \u015fifrelemeyi destekler. Bu sayede (en az\u0131ndan, teoride) bir PDF dosyas\u0131n\u0131 kim \u015fifrelemi\u015f olursa olsun, dosya i\u00e7eri\u011fini sadece \u015fifreye sahip birinin g\u00f6rebilece\u011finden emin olabilirsiniz. <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/36c3-pdf-digital-signature\/7543\/\" target=\"_blank\" rel=\"noopener\">PDF g\u00fcvenli\u011fi<\/a> \u00e7al\u0131\u015fmalar\u0131 y\u00fcr\u00fcten \u00e7e\u015fitli Alman \u00fcniversitelerinden bir ara\u015ft\u0131rmac\u0131 ekibi, bu formatta \u015fifreleme uygulamas\u0131n\u0131n ne kadar g\u00fcvenilir oldu\u011funu test etti. M\u00fcnster Uygulamal\u0131 Bilimler \u00dcniversitesi\u2019nden Fabian Ising sonu\u00e7lar\u0131n\u0131 sundu. Maalesef sonu\u00e7lar olduk\u00e7a hayal k\u0131r\u0131kl\u0131\u011f\u0131 yaratan cinstendi.<\/p>\n<p>Teorik olarak, \u015firketler verileri g\u00fcvenli olmayan veya g\u00fcvenilmeyen bir kanal \u00fczerinden aktar\u0131rken; \u00f6rne\u011fin, bir\u00e7ok ki\u015finin eri\u015febilece\u011fi bulut depolama alan\u0131na bir dosya y\u00fcklerken \u015fifrelenmi\u015f PDF kullan\u0131r. Ara\u015ft\u0131rmac\u0131lar, \u015fifre girildi\u011finde PDF\u2019teki bilgileri \u00fc\u00e7\u00fcnc\u00fc bir tarafa g\u00f6nderecek \u015fekilde kaynak dosyay\u0131 de\u011fi\u015ftirmenin ve bunu al\u0131c\u0131n\u0131n g\u00f6remeyece\u011fi \u015fekilde yapman\u0131n bir yolunu ar\u0131yordu.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar, \u00fc\u00e7\u00fcnc\u00fc taraflar\u0131n \u015fifrelenmi\u015f i\u00e7eri\u011fe eri\u015fmesini sa\u011flayan iki sald\u0131r\u0131 konsepti geli\u015ftirdi. Dahas\u0131, ilk sald\u0131r\u0131 (do\u011frudan s\u0131zma), yaln\u0131zca PDF format spesifikasyonlar\u0131n\u0131n anla\u015f\u0131lmas\u0131 d\u0131\u015f\u0131nda herhangi bir \u00f6zel \u015fifreleme becerisi gerektirmiyordu. Ara\u015ft\u0131rmac\u0131lar buna \u201ckriptografiye dokunmadan kriptografiyi hacklemek\u201d dediler. \u0130\u015flenebilirlik sald\u0131r\u0131s\u0131 olarak adland\u0131r\u0131lan ikinci sald\u0131r\u0131 ise daha karma\u015f\u0131kt\u0131 ve Cipher Block Chaining (CBC) modunun anla\u015f\u0131lmas\u0131n\u0131 gerektiriyordu.<\/p>\n<h2>\u015eifreli PDF\u2019leri kim, neden kullan\u0131yor?<\/h2>\n<p>\u0130\u015fletmeler \u015fifreli PDF\u2019leri bir\u00e7ok alanda kullan\u0131r.<\/p>\n<ul>\n<li>Bankalar, m\u00fc\u015fterilerle belge al\u0131\u015fveri\u015finde bulunurken bunlar\u0131 gizlilik i\u00e7in kullan\u0131r.<\/li>\n<li>MFP\u2019ler, g\u00f6nderen \u201c\u015fifreli formda\u201d se\u00e7ene\u011fini se\u00e7erse, taranm\u0131\u015f belgeleri e-posta ile kabul ederken PDF\u2019leri parola ile koruyabilir.<\/li>\n<li>T\u0131bbi te\u015fhis cihazlar\u0131 hastalara veya sa\u011fl\u0131k g\u00f6revlilerine test sonu\u00e7lar\u0131 g\u00f6ndermek i\u00e7in g\u00fcvenli PDF\u2019ler kullan\u0131r.<\/li>\n<li>ABD Adalet Bakanl\u0131\u011f\u0131 gibi devlet kurumlar\u0131, gelen belgeleri \u015fifreli PDF olarak kabul eder.<\/li>\n<\/ul>\n<p>Bir\u00e7ok e-posta uygulamas\u0131 eklentisi, bir belgeyi \u015fifrelenmi\u015f PDF olarak g\u00f6nderme olana\u011f\u0131 sa\u011flar; yani bu se\u00e7enek i\u00e7in talep oldu\u011fu a\u00e7\u0131k\u00e7a ortadad\u0131r.<\/p>\n<h2>Do\u011frudan s\u0131zma sald\u0131r\u0131s\u0131<\/h2>\n<p>PDF dosyas\u0131n\u0131 \u015fifrelemek yaln\u0131zca i\u00e7eri\u011fi (yani, dosyadaki dize veya ak\u0131\u015f olarak karakterize edilen nesneleri) \u015fifreler . Belgenin yap\u0131s\u0131n\u0131 belirleyen di\u011fer nesneler \u015fifrelenmeden kal\u0131r. Ba\u015fka bir deyi\u015fle; sayfalar\u0131n, nesnelerin ve ba\u011flant\u0131lar\u0131n say\u0131s\u0131n\u0131 ve boyutunu yine de bulabilirsiniz. Bu bilgi, potansiyel sald\u0131rganlar taraf\u0131ndan \u015fifrelemeyi atlatman\u0131n bir yolunu olu\u015fturmak i\u00e7in kullanabilir; dolay\u0131s\u0131yla a\u00e7\u0131kta b\u0131rak\u0131lmamal\u0131d\u0131r.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar ilk \u00f6nce dosyaya kendi bilgilerini ekleyip ekleyemeyeceklerini merak etti. Bu, teoride bir s\u0131zma kanal\u0131 icat etmelerine olanak sa\u011flayabilirdi. Bi\u00e7im belgelerinden PDF\u2019lerin \u015fifreleme \u00fczerinde ayr\u0131nt\u0131l\u0131 denetime izin verdi\u011fini \u00f6\u011frendiler. \u00d6rne\u011fin yaln\u0131zca \u201cstring\u201d t\u00fcr\u00fcndeki nesneleri veya yaln\u0131zca \u201cstream\u201d t\u00fcr\u00fcndeki nesneleri \u015fifreleyebilir ve di\u011fer i\u00e7erikleri \u015fifrelenmeden b\u0131rakabilirdiniz.<\/p>\n<p>Ayr\u0131ca, b\u00fct\u00fcnl\u00fck denetimi uygulanmad\u0131\u011f\u0131ndan, \u015fifrelenmi\u015f bir belgeye bir \u015fey eklerseniz, kullan\u0131c\u0131lar uyar\u0131lm\u0131yordu. Eklenen \u201cbir \u015fey\u201d, bir form g\u00f6nderme eylemi i\u015flevi i\u00e7erebilir; bu da, bir PDF dosyas\u0131na, belgenin t\u00fcm i\u00e7eri\u011fi de dahil olmak \u00fczere \u00e7e\u015fitli verileri \u00fc\u00e7\u00fcnc\u00fc taraflara g\u00f6nderen bir form yerle\u015ftirebilece\u011finiz anlam\u0131na geliyordu. Bu fonksiyon, belgeyi a\u00e7mak gibi bir eyleme de ba\u011flanabiliyordu.<\/p>\n<p>Yukar\u0131daki basit bir s\u0131zma \u00f6rne\u011fi; ancak bir\u00e7ok ba\u015fka se\u00e7enek de mevcut. Sald\u0131rganlar, URL\u2019e dosyan\u0131n t\u00fcm i\u00e7eri\u011fini ekleyen basit bir ba\u011flant\u0131 yerle\u015ftirebilir. Veya \u015fifresi \u00e7\u00f6z\u00fclen i\u00e7eri\u011fi herhangi bir yere g\u00f6ndermek i\u00e7in JavaScript kullanabilirler. Elbette baz\u0131 PDF okuyucular\u0131 bir web sitesiyle ileti\u015fim kurmadan \u00f6nce kullan\u0131c\u0131ya sorar; ancak bunu her seferinde yapmaz ve her kullan\u0131c\u0131 izin vermeden \u00f6nce d\u00fc\u015f\u00fcnmez.<\/p>\n<h2>\u0130\u015flenebilirlik sald\u0131r\u0131s\u0131<\/h2>\n<p>PDF \u015fifrelemesine yap\u0131lan ikinci sald\u0131r\u0131, b\u00fct\u00fcnl\u00fck kontrol\u00fcnden yoksun olan Cipher Block Chaining (CBC) modunun bilinen bir dezavantaj\u0131n\u0131 kullan\u0131yordu. Bu iyi bilinen sald\u0131r\u0131n\u0131n \u00f6z\u00fc, \u015fifrelenmi\u015f d\u00fcz metin bilgilerinin bir k\u0131sm\u0131n\u0131 bilen bir sald\u0131rgan\u0131n bir blo\u011fun i\u00e7eri\u011fini de\u011fi\u015ftirebilmesiydi.<\/p>\n<p>Bununla birlikte PDF, format \u00f6zelliklerine g\u00f6re, bir PDF dosyas\u0131ndaki i\u00e7erik her \u015fifrelendi\u011finde, ayn\u0131 zamanda farkl\u0131 izinleri de (\u00f6rne\u011fin, yazara belgeyi d\u00fczenlemesini ve okuyucunun belgeyi g\u00f6rmesini) \u015fifreler. Bu, teoride sald\u0131rganlar\u0131n belgenin geri kalan\u0131yla ayn\u0131 AES anahtar\u0131yla \u015fifrelenen izinleri kurcalamas\u0131n\u0131 \u00f6nlemek i\u00e7in yap\u0131l\u0131r.<\/p>\n<p>Ayn\u0131 zamanda, bu izinler de \u015fifrelenmemi\u015f bi\u00e7imde dosyada saklan\u0131r. Bu da, sald\u0131rganlar\u0131n dosyan\u0131n 12 bayt\u0131n\u0131n ne oldu\u011funu bildikleri zaman \u015fifrelenmi\u015f verileri hedeflemek ve i\u015flemek \u00fczere (\u00f6rne\u011fin, i\u00e7eri\u011fi g\u00f6ndermek i\u00e7in \u015fifrelenmi\u015f dosyaya veri geni\u015fletme mekanizmas\u0131n\u0131 ekleyerek dosyay\u0131 \u00fc\u00e7\u00fcnc\u00fc taraf bir siteye d\u00f6n\u00fc\u015ft\u00fcrmek \u00fczere) Cipher Block Chaining ile oynayabilecekleri anlam\u0131na gelir.<\/p>\n<h2>Sonu\u00e7lar<\/h2>\n<p>Ara\u015ft\u0131rmac\u0131lar, y\u00f6ntemlerini 23 PDF okuyucu ve 4 taray\u0131c\u0131da test etti. Her birini, bu sald\u0131r\u0131lar\u0131n en az birine kar\u015f\u0131, k\u0131smen savunmas\u0131z buldular.<\/p>\n<div id=\"attachment_7858\" style=\"width: 1377px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-7858\" class=\"wp-image-7858 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2020\/03\/03145835\/36C3-PDF-encryption-table.jpg\" alt=\"\" width=\"1367\" height=\"782\"><p id=\"caption-attachment-7858\" class=\"wp-caption-text\">PDF g\u00f6r\u00fcnt\u00fcleyicilerin g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n \u00f6zet tablosu. <a href=\"https:\/\/media.ccc.de\/v\/36c3-10832-how_to_break_pdfs\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kaynak <\/a>.<\/p><\/div>\n<p>Ne yaz\u0131k ki, hi\u00e7bir istemci taraf\u0131 \u00e7\u00f6z\u00fcm\u00fc format\u0131n zay\u0131fl\u0131\u011f\u0131n\u0131 tam olarak azaltamaz. Format\u0131 bozmadan t\u00fcm s\u0131zma kanallar\u0131n\u0131 engellemek m\u00fcmk\u00fcn de\u011fil. Yaz\u0131l\u0131m geli\u015ftiricilerle ileti\u015fim kuran ara\u015ft\u0131rmac\u0131lar, sorunlar\u0131 bildirdi. Bunun \u00fczerine, Apple dahil olmak \u00fczere baz\u0131 \u015firketler, dosyan\u0131n \u00fc\u00e7\u00fcnc\u00fc taraf bir siteye eri\u015fti\u011fine dair bildirimleri vurgulayarak yard\u0131mc\u0131 olmaya \u00e7al\u0131\u015ft\u0131. Di\u011ferleri ise denediklerini, ancak \u201cd\u00fczeltilemez olan\u0131 d\u00fczeltemeyeceklerini\u201d s\u00f6yledi.<\/p>\n<p>Gizli verileri iletmeniz gerekiyorsa \u00f6nerimiz, bu bilgileri korumak i\u00e7in alternatif bir y\u00f6ntem kullanmak. \u00d6rne\u011fin, \u015fifrelenmi\u015f i\u00e7erikler olu\u015fturmak i\u00e7in <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?redef=1&amp;reseller=tr_kdaily_acq_ona_smm__onl_b2b_kasperskydaily_lnk____ksos___\" target=\"_blank\" rel=\"noopener\">bizim \u00e7\u00f6z\u00fcmlerimizi<\/a> kullanabilirsiniz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos\">\n","protected":false},"excerpt":{"rendered":"<p>Chaos \u0130leti\u015fim Kongresi&#8217;nde konu\u015fan ara\u015ft\u0131rmac\u0131 Fabian Ising, PDF \u015fifrelemesinin g\u00fcc\u00fcn\u00fcn s\u0131n\u0131rlar\u0131n\u0131 g\u00f6sterdi.<\/p>\n","protected":false},"author":700,"featured_media":7857,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[2085,2098,1507,2087,702,2091,794],"class_list":{"0":"post-7856","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-36c3","10":"tag-2098","11":"tag-ccc","12":"tag-chaos-iletisim-kongresi","13":"tag-kriptografi","14":"tag-pdf","15":"tag-sifreleme"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/36c3-pdf-encryption\/7856\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/36c3-pdf-encryption\/19448\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/36c3-pdf-encryption\/16068\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/36c3-pdf-encryption\/21082\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/36c3-pdf-encryption\/19357\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/36c3-pdf-encryption\/17840\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/36c3-pdf-encryption\/22010\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/36c3-pdf-encryption\/20769\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/36c3-pdf-encryption\/26391\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/36c3-pdf-encryption\/33827\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/36c3-pdf-encryption\/14420\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/36c3-pdf-encryption\/14513\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/36c3-pdf-encryption\/13128\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/36c3-pdf-encryption\/23177\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/36c3-pdf-encryption\/11179\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/36c3-pdf-encryption\/25075\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/36c3-pdf-encryption\/21019\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/36c3-pdf-encryption\/26979\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/36c3-pdf-encryption\/26818\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/36%d1%813\/","name":"36\u04213"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=7856"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7856\/revisions"}],"predecessor-version":[{"id":7859,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7856\/revisions\/7859"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/7857"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=7856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=7856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=7856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}