DOCSLIB.ORG

Breaking PDF Encryption

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Breaking PDF Encryption Practical Decryption exFiltration: Breaking PDF Encryption Jens Müller Fabian Ising Vladislav Mladenov [email protected] [email protected] [email protected] Ruhr University Bochum, Chair for Münster University of Applied Ruhr University Bochum, Chair for Network and Data Security Sciences Network and Data Security Christian Mainka Sebastian Schinzel Jörg Schwenk [email protected] [email protected] [email protected] Ruhr University Bochum, Chair for Münster University of Applied Ruhr University Bochum, Chair for Network and Data Security Sciences Network and Data Security ABSTRACT Home/Trusted Environment The Portable Document Format, better known as PDF, is one of the Decrypted Document 1. Victim opens 2. Exfiltrating Tax Declaration decrypted content most widely used document formats worldwide, and in order to en- an encrypted PDF file Scrooge McDuck with their password via the Internet sure information confidentiality, this file format supports document TOP SECRET Victim encryption. In this paper, we analyze PDF encryption and show Attacker two novel techniques for breaking the confidentiality of encrypted Victim’s PC documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within Figure 1: An overview of the attack scenario: The victim attacker-controlled content and therefore, exfiltrate the plaintext opens an encrypted PDF document and unintentionally once the document is opened by a legitimate user. Second, we abuse leaks the decrypted content to an attacker-controlled server. a flaw in the PDF encryption specification to arbitrarily manipulate The encrypted PDF file was manipulated by the attacker be- encrypted content. The only requirement is that a single block of forehand, without having the corresponding password. known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of en- crypted documents by using exfiltration channels which are based 1 INTRODUCTION on standard compliant PDF properties. The confidentiality of documents can either be protected during We evaluated our attacks on 27 widely used PDF viewers and transport only – here TLS is the method of choice today – or during found all of them to be vulnerable. We responsibly disclosed the transport and storage. To provide this latter functionality, many vulnerabilities and supported the vendors in fixing the issues. document formats offer built-in encryption methods. Prominent examples are Microsoft Office Documents with Rights Manage- CCS CONCEPTS ment Services (RMS) or ePub with Digitial Rights Management • Security and privacy → Cryptanalysis and other attacks; (DRM) (which relies on XML Encryption), and email encryption Management and querying of encrypted data; Block and stream with S/MIME or OpenPGP. Many of those formats are known to ciphers; Digital rights management. be vulnerable to different attacks by targeting the confidentiality and integrity of the information therein [17, 25]. In 2018, the vul- KEYWORDS nerabilities in S/MIME and OpenPGP, today known as EFAIL [38], PDF, encryption, direct exfiltration, CBC malleability, CBC gadgets took attacks on encrypted messages to the next level: by combining the ciphertext malleability property with the loading of external ACM Reference Format: resources (known as exfiltration channels), victims can leak the Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebas- plaintext to the attacker simply by opening an encrypted email. tian Schinzel, and Jörg Schwenk. 2019. Practical Decryption exFiltration: Breaking PDF Encryption. In 2019 ACM SIGSAC Conference on Computer Complexity of PDF Documents. The Portable Document Format and Communications Security (CCS ’19), November 11–15, 2019, London, (PDF) is more than a simple data format to display content. It has United Kingdom. ACM, New York, NY, USA, 15 pages. https://doi.org/10. many advanced features ranging from cryptography to calculation 1145/3319535.3354214 logic [36], 3D animations [51], JavaScript [1], and form fields53 [ ]. It is possible to update and annotate a PDF file without losing Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed older revisions [54] and to define certain PDF actions52 [ ], such for profit or commercial advantage and that copies bear this notice and the full citation as specifying the page to show when opening the file. The PDF on the first page. Copyrights for components of this work owned by others than the file format even allows the embedding of other data formats such author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission as XML [3], PostScript [32], or Flash [2], which includes all their and/or a fee. Request permissions from [email protected]. strengths, weaknesses, and concerns. All these features open a huge CCS ’19, November 11–15, 2019, London, United Kingdom potential for an attacker. In this paper, we only rely on standard- © 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM. ACM ISBN 978-1-4503-6747-9/19/11...$15.00 compliant PDF properties, without using additional features from https://doi.org/10.1145/3319535.3354214 other embedded data formats. PDF Encryption. To guarantee confidentiality, the PDF standard Contributions. The contributions of this paper are: defines PDF-specific encryption functions. This enables the secure • We provide technical insights on how confidentiality is im- transfer and storing of sensitive documents without any further plemented for PDF documents. (section 2) protection mechanisms – a feature used, for example, by the U.S. • We present the first comprehensive analysis on the security Department of Justice [35]. The key management between the of PDF encryption and show how to construct exfiltration sender and recipient may be password based (the recipient must channels by combining PDF standard features. (section 4) know the password used by the sender, or it must be transferred to • We describe two novel attack classes against PDF encryption, him through a secure channel) or public key based (i.e., the sender which abuse vulnerabilities in the current PDF standard and knows the X.509 certificate of the recipient). allow attackers to obtain the plaintext. (section 5) PDF encryption is widely used. Prominent companies like Canon • We evaluate popular PDF viewers and show that all of the and Samsung apply PDF encryption in document scanners to pro- viewers are, indeed, vulnerable to the attacks. (section 6) tect sensitive information [5, 45, 47]. Further providers like IBM • We discuss countermeasures and mitigations for PDF viewer offer PDF encryption services for PDF documents and other data implementations and the PDF specification. (section 7) (e.g., confidential images) by wrapping them into PDF[19, 29, 56, 57]. PDF encryption is also supported in different medical products to 2 BACKGROUND transfer health records [22, 42, 43]. Due to the shortcomings regard- This section deals with the foundations of the Portable Document ing the deployment and usability of S/MIME and OpenPGP email en- Format (PDF). In Figure 2, we give an overview of the PDF document cryption, some organizations use special gateways to automatically structure and summarize the PDF standard for encryption. encrypt email messages as encrypted PDF attachments [8, 28, 34]. The password to decrypt these PDFs can be transmitted over a 2.1 Portable Document Format (PDF) second channel, such as a text message (i.e., SMS). A PDF document consists of four parts: Header, Body, Xref Table, Novel Attacks on PDF Encryption. In this paper, we present the and a Trailer, as depicted in Figure 2. results of a comprehensive and systematic analysis of the PDF en- cryption features. We analyzed the PDF specification for potential Plain PDF Encrypted PDF security-related shortcomings regarding PDF encryption. This anal- %PDF-1.7 Header %PDF-1.7 Header ysis resulted in several findings that can be used to break PDF encryption in active-attacker scenarios. The attack scenario is de- 1 0 obj Catalog 1 0 obj Catalog picted in Figure 1. An attacker gains access to an encrypted PDF /Info (file info) /Info [enc. string] document. Even without knowing the corresponding password, /Pages 2 0 R /Pages 2 0 R they can manipulate parts of the PDF file. More precisely, the PDF 2 0 obj Pages 2 0 obj Pages specification allows the mixing of ciphertexts with plaintexts. In /Kids [3 0 R] /Kids [3 0 R] combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration 3 0 obj Page 3 0 obj Page Body Body attacks once a victim opens the file. The concept is similar to previ- /Contents 4 0 R /Contents 4 0 R ous work [38] on email end-to-end encryption, but in contrast, our 4 0 obj Contents exfiltration channels rely only on standard-compliant features. 4 0 obj Contents PDF encryption uses the Cipher Block Chaining (CBC) encryp- Confidential content! [encrypted stream] tion mode with no integrity checks, which implies ciphertext mal- 5 0 obj EmbeddedFile 5 0 obj EmbeddedFile leability. This allows us to create self-exfiltrating ciphertext parts content [encrypted stream] using CBC malleability gadgets, as defined in [38]. In contrast to [38], we use this technique not only to modify existing plaintext but to 6 0 obj Encrypt construct entirely new encrypted objects. Additionally, we refined enc. parameters compression-based attacks to adjust them to our attack scenarios. Xref xref Xref xref In summary, we put a considerable amount of engineering effort Table Table trailer into adapting the concepts of [38] to the PDF document format. trailer Trailer /Root 1 0 R Trailer /Root 1 0 R Large-Scale Evaluation. In order to measure the impact of the /Encrypt 6 0 R vulnerabilities in the PDF specification, we analyzed 27 widely used PDF viewers.
Load more

Recommended publications
  • PDF Studio 2019 User Guide
    Qoppa Software PDF Studio 2019 User Guide Affordable, Powerful PDF Software for Windows, Mac, Linux Copyright © 2002-Present Qoppa Software. All rights reserved Table of Contents Welcome to PDF Studio ............................................................................................................... 19 Previous Version User Guides ...................................................................................................... 21 What's New ................................................................................................................................... 21 System Requirements.................................................................................................................... 23 PDF Studio Installation Instructions ............................................................................................. 25 Registration / Unregistration / Transfer ........................................................................................ 26 Removing Demo Watermarks ....................................................................................................... 28 Getting Started with PDF Studio .................................................................................................. 29 Welcome Screen ........................................................................................................................... 30 PDF Studio Ribbon Toolbar ......................................................................................................... 32 Ribbon Toolbar
    [Show full text]
  • Vulnerability Report Attacks Bypassing Confidentiality in Encrypted PDF
    Vulnerability Report Attacks bypassing confidentiality in encrypted PDF Jens M¨uller1, Fabian Ising2, Vladislav Mladenov1, Christian Mainka1, Sebastian Schinzel2, J¨orgSchwenk1 May 16, 2019 1Chair for Network and Data Security 2FH M¨unsterUniversity of Applied Sciences Abstract In this report, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. Firstly, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Secondly, we abuse a flaw in the PDF encryption specification allowing an attacker to arbitrarily manipulate encrypted content without knowing the cor- responding key/password. The only requirement is one single block of known plaintext, which we show is fulfilled by design. By using exfiltration channels our attacks allow the recovery of the entire plaintext or parts of it within an encrypted document. The attacks rely only on standard compliant PDF features. We evaluated our attacks on 27 widely used PDF viewers and found all of them vulnerable. 1 Contents 1 Background4 1.1 Portable Document Format (PDF) . .4 1.2 PDF Encryption . .6 1.3 PDF Interactive Features . .7 2 Attacker Model8 3 PDF Encryption: Security Analysis9 3.1 Partial Encryption . .9 3.2 CBC Malleability . 10 3.3 PDF Interactive Features . 12 4 How To Break PDF Encryption 14 4.1 Direct Exfiltration (Attack A) . 14 4.1.1 Requirements . 15 4.1.2 Direct Exfiltration through PDF Forms (A1) . 15 4.1.3 Direct Exfiltration via Hyperlinks (A2) .
    [Show full text]
  • Living Without Google on Android
    Alternative for Google Apps on Android - living without Google on Android Android without any Google App? What to use instead of Hangouts, Map, Gmail? Is that even possible? And why would anyone want to live without Google? I've been using a lot of different custom ROMs on my devices, so far the two best: plain Cyanogenmod 11 snapshot on the Nexus 4[^1], and MIUI 2.3.2 on the HTC Desire G7[^2]. All the others ( MUIU 5, MIUI 6 unofficial, AOKP, Kaos, Slim, etc ) were either ugly, unusable, too strange or exceptionally problematic on battery life. For a long time, the first step for me was to install the Google Apps, gapps packages for Plays Store, Maps, and so on, but lately they require so much rights on the phone that I started to have a bad taste about them. Then I started to look for alternatives. 1 of 5 So, what to replace with what? Play Store I've been using F-Droid[^3] as my primary app store for a while now, but since it's strictly Free Software[^4] store only, sometimes there's just no app present for your needs; aptoide[^5] comes very handy in that cases. Hangouts I never liked Hangouts since the move from Gtalk although for a little while it was exceptional for video - I guess it ended when the mass started to use it in replacement of Skype and its recent suckyness. For chat only, check out: ChatSecure[^6], Conversations[^7] or Xabber[^8]. All of them is good for Gtalk-like, oldschool client and though Facebook can be configured as XMPP as well, I'd recommend Xabber for that, the other two is a bit flaky with Facebook.
    [Show full text]
  • Apple Has Built a Solution Into Every Mac
    Overview Mac OS X iPhone iPod + iTunes Resources Vision Mac OS X solutions VoiceOver from third parties. Browse the wide variety of To make it easier for the blind and those with low-vision to use a accessibility solutions supported computer, Apple has built a solution into every Mac. Called VoiceOver, by Mac OS X. Learn more it’s reliable, simple to learn, and enjoyable to use. In Depth Device Support Application Support Downloads VoiceOver Application Support VoiceOver. A unique solution for the vision-impaired. Every new Mac comes with Mac OS X and VoiceOver installed and includes a variety of accessible More than 50 reasons to use applications. You can also purchase additional Apple and third-party applications to use with VoiceOver. VoiceOver. Learn more While this page lists a few of the most popular applications, many more are available. If you use an application with VoiceOver that’s not on this list, and you would like to have it added, send email to [email protected]. Unlike traditional screen readers, VoiceOver is integrated into the operating system, so you can start using new accessible applications right away. You don’t need to buy an update to VoiceOver, install a new copy, or add the application to a “white list.” Moreover, VoiceOver commands work the same way in every application, so once you learn how to use them, you’ll be able to apply what you know to any accessible application. Apple provides developers with a Cocoa framework that contains common, reusable application components (such as menus, text fields, buttons, and sliders), so developers don’t have to re-create these elements each time they write a new application.
    [Show full text]
  • Ghostscript and Mupdf Status Openprinting Summit April 2016
    Ghostscript and MuPDF Status OpenPrinting Summit April 2016 Michael Vrhel, Ph.D. Artifex Software Inc. San Rafael CA Outline Ghostscript overview What is new with Ghostscript MuPDF overview What is new with MuPDF MuPDF vs Ghostscript MuJS, GSView The Basics Ghostscript is a document conversion and rendering engine. Written in C ANSI 1989 standard (ANS X3.159-1989) Essential component of the Linux printing pipeline. Dual AGPL/Proprietary licensed. Artifex owns the copyright. Source and documentation available at www.ghostscript.com Graphical Overview PostScript PCL5e/c with PDF 1.7 XPS Level 3 GL/2 and RTL PCLXL Ghostscript Graphics Library High level Printer drivers: Raster output API: Output drivers: Inkjet TIFF PSwrite PDFwrite Laser JPEG XPSwrite Custom etc. CUPS Devices Understanding devices is a major key to understanding Ghostscript. Devices can have high-level functionality. e.g. pdfwrite can handle text, images, patterns, shading, fills, strokes and transparency directly. Graphics library has “default” operations. e.g. text turns into bitmaps, images decomposed into rectangles. In embedded environments, calls into hardware can be made. Raster devices require the graphics library to do all the rendering. Relevant Changes to GS since last meeting…. A substantial revision of the build system and GhostPDL directory structure (9.18) GhostPCL and GhostXPS "products" are now built by the Ghostscript build system "proper" rather than having their own builds (9.18) New method of internally inserting devices into the device chain developed. Allows easier implementation of “filter” devices (9.18) Implementation of "-dFirstPage"/"-dLastPage" with all input languages (9.18) Relevant Changes to GS since last meeting….
    [Show full text]
  • Complete Issue 40:3 As One
    TUGBOAT Volume 40, Number 3 / 2019 General Delivery 211 From the president / Boris Veytsman 212 Editorial comments / Barbara Beeton TEX Users Group 2019 sponsors; Kerning between lowercase+uppercase; Differential “d”; Bibliographic archives in BibTEX form 213 Ukraine at BachoTEX 2019: Thoughts and impressions / Yevhen Strakhov Publishing 215 An experience of trying to submit a paper in LATEX in an XML-first world / David Walden 217 Studying the histories of computerizing publishing and desktop publishing, 2017–19 / David Walden Resources 229 TEX services at texlive.info / Norbert Preining 231 Providing Docker images for TEX Live and ConTEXt / Island of TEX 232 TEX on the Raspberry Pi / Hans Hagen Software & Tools 234 MuPDF tools / Taco Hoekwater 236 LATEX on the road / Piet van Oostrum Graphics 247 A Brazilian Portuguese work on MetaPost, and how mathematics is embedded in it / Estev˜aoVin´ıcius Candia LATEX 251 LATEX news, issue 30, October 2019 / LATEX Project Team Methods 255 Understanding scientific documents with synthetic analysis on mathematical expressions and natural language / Takuto Asakura Fonts 257 Modern Type 3 fonts / Hans Hagen Multilingual 263 Typesetting the Bangla script in Unicode TEX engines—experiences and insights Document Processing / Md Qutub Uddin Sajib Typography 270 Typographers’ Inn / Peter Flynn Book Reviews 272 Book review: Hermann Zapf and the World He Designed: A Biography by Jerry Kelly / Barbara Beeton 274 Book review: Carol Twombly: Her brief but brilliant career in type design by Nancy Stock-Allen / Karl
    [Show full text]
  • Durchleuchtet PDF Ist Der Standard Für Den Austausch Von Dokumenten, Denn PDF-Dateien Sehen Auf
    WORKSHOP PDF-Dateien © alphaspirit, 123RF © alphaspirit, PDF-Dateien verarbeiten und durchsuchbar machen Durchleuchtet PDF ist der Standard für den Austausch von Dokumenten, denn PDF-Dateien sehen auf Daniel Tibi, allen Rechnern gleich aus. Für Linux gibt es zahlreiche Tools, mit denen Sie alle Möglich- Christoph Langner, Hans-Georg Eßer keiten dieses Dateiformats ausreizen. okumente unterschiedlichster Art, in einem gedruckten Text, Textstellen mar- denen Sie über eine Texterkennung noch von Rechnungen über Bedie- kieren oder Anmerkungen hinzufügen. eine Textebene hinzufügen müssen. D nungsanleitungen bis hin zu Bü- Als Texterkennungsprogramm für Linux chern und wissenschaftlichen Arbeiten, Texterkennung empfiehlt sich die OCR-Engine Tesseract werden heute digital verschickt, verbrei- Um die Möglichkeiten des PDF-Formats [1]. Die meisten Distributionen führen das tet und genutzt – vorzugsweise im platt- voll auszureizen, sollten PDF-Dateien Programm in ihren Paketquellen: formunabhängigen PDF-Format. Durch- durchsuchbar sein. So durchstöbern Sie l Unter OpenSuse installieren Sie tesse­ suchbare Dokumente erleichtern das etwa gleich mehrere Dokumente nach be- ract­­ocr und eines der Sprachpakete, schnelle Auffinden einer bestimmten stimmten Wörtern und finden innerhalb z. B. tesseract­ocr­traineddata­german. Stelle in der Datei, Metadaten liefern zu- einer Datei über die Suchfunktion des (Das Paket für die englische Sprache sätzliche Informationen. PDF-Betrachters schnell die richtige Stelle. richtet OpenSuse automatisch mit ein.) Zudem gibt es zahlreiche Möglichkei- PDF-Dateien, die Sie mit LaTeX oder Libre- l Für Ubuntu und Linux Mint wählen ten, PDF-Dokumente zu bearbeiten: Ganz Office erstellen, lassen sich üblicherweise Sie tesseract­ocr und ein Sprachpaket, nach Bedarf lassen sich Seiten entfernen, bereits durchsuchen. Anders sieht es je- wie etwa tesseract­ocr­deu.
    [Show full text]
  • PDF Studio 12 User Guide
    Qoppa Software PDF Studio 12 User Guide Affordable, Powerful PDF Software for Windows, Mac, Linux Copyright © 2002-Present Qoppa Software. All rights reserved Table of Contents Welcome to PDF Studio ............................................................................................................... 17 What's New ................................................................................................................................... 19 System Requirements.................................................................................................................... 21 PDF Studio Installation Instructions ............................................................................................. 22 Registration / Unregistration / Transfer ........................................................................................ 24 Getting Started with PDF Studio .................................................................................................. 27 Welcome Screen ........................................................................................................................... 28 PDF Studio Toolbar ...................................................................................................................... 30 Mini Toolbar ................................................................................................................................. 38 Quick Properties Toolbar .............................................................................................................
    [Show full text]
  • Insight MFR By
    Manufacturers, Publishers and Suppliers by Product Category 11/6/2017 10/100 Hubs & Switches ASCEND COMMUNICATIONS CIS SECURE COMPUTING INC DIGIUM GEAR HEAD 1 TRIPPLITE ASUS Cisco Press D‐LINK SYSTEMS GEFEN 1VISION SOFTWARE ATEN TECHNOLOGY CISCO SYSTEMS DUALCOMM TECHNOLOGY, INC. GEIST 3COM ATLAS SOUND CLEAR CUBE DYCONN GEOVISION INC. 4XEM CORP. ATLONA CLEARSOUNDS DYNEX PRODUCTS GIGAFAST 8E6 TECHNOLOGIES ATTO TECHNOLOGY CNET TECHNOLOGY EATON GIGAMON SYSTEMS LLC AAXEON TECHNOLOGIES LLC. AUDIOCODES, INC. CODE GREEN NETWORKS E‐CORPORATEGIFTS.COM, INC. GLOBAL MARKETING ACCELL AUDIOVOX CODI INC EDGECORE GOLDENRAM ACCELLION AVAYA COMMAND COMMUNICATIONS EDITSHARE LLC GREAT BAY SOFTWARE INC. ACER AMERICA AVENVIEW CORP COMMUNICATION DEVICES INC. EMC GRIFFIN TECHNOLOGY ACTI CORPORATION AVOCENT COMNET ENDACE USA H3C Technology ADAPTEC AVOCENT‐EMERSON COMPELLENT ENGENIUS HALL RESEARCH ADC KENTROX AVTECH CORPORATION COMPREHENSIVE CABLE ENTERASYS NETWORKS HAVIS SHIELD ADC TELECOMMUNICATIONS AXIOM MEMORY COMPU‐CALL, INC EPIPHAN SYSTEMS HAWKING TECHNOLOGY ADDERTECHNOLOGY AXIS COMMUNICATIONS COMPUTER LAB EQUINOX SYSTEMS HERITAGE TRAVELWARE ADD‐ON COMPUTER PERIPHERALS AZIO CORPORATION COMPUTERLINKS ETHERNET DIRECT HEWLETT PACKARD ENTERPRISE ADDON STORE B & B ELECTRONICS COMTROL ETHERWAN HIKVISION DIGITAL TECHNOLOGY CO. LT ADESSO BELDEN CONNECTGEAR EVANS CONSOLES HITACHI ADTRAN BELKIN COMPONENTS CONNECTPRO EVGA.COM HITACHI DATA SYSTEMS ADVANTECH AUTOMATION CORP. BIDUL & CO CONSTANT TECHNOLOGIES INC Exablaze HOO TOO INC AEROHIVE NETWORKS BLACK BOX COOL GEAR EXACQ TECHNOLOGIES INC HP AJA VIDEO SYSTEMS BLACKMAGIC DESIGN USA CP TECHNOLOGIES EXFO INC HP INC ALCATEL BLADE NETWORK TECHNOLOGIES CPS EXTREME NETWORKS HUAWEI ALCATEL LUCENT BLONDER TONGUE LABORATORIES CREATIVE LABS EXTRON HUAWEI SYMANTEC TECHNOLOGIES ALLIED TELESIS BLUE COAT SYSTEMS CRESTRON ELECTRONICS F5 NETWORKS IBM ALLOY COMPUTER PRODUCTS LLC BOSCH SECURITY CTC UNION TECHNOLOGIES CO FELLOWES ICOMTECH INC ALTINEX, INC.
    [Show full text]
  • Literature Classification, Bulk Collection of Literature Exercise Thursday, 6
    Department of Computer Science Institute for Software and Multimedia Technology, Software Technology Group Academic Skills in Computer Science (ASiCS) Literature Classification, Bulk Collection of Literature Exercise Thursday, 6. DS, APB/E001 Thomas Kühn ([email protected]) Scientific Research Daily Business Reading Writing Organizing Images from OpenClipart.org (Creative Commons by Steve Lambert) ASiCS 2 / 22 Organizing Research Organizing Literature Common Tasks Find relevant / related publications ● Query scientific search engines ● Look up BibTex for specific publications from the web Investigate found publications ● Skim papers ● Make notes and hints ● Organize downloaded files ● Maintain a corresponding bibliography of BibTex entries ASiCS 3 / 22 Organizing Research Organizing Literature A Small Survey Q1:What tools do you use to read and annotate papers? Q2:What tools do you use to organize your bibliography? Q3:What tools do you use to organize stored papers? What tools do you use to read and annotate papers? What tools do you use to organize your bibliography? What tools do you use to organize stored papers? (18 Answers) (18 Answers) (18 Answers) Other None 14% Paper Other 5% 26% 26% Text Editor 20% None Mendeley 40% 14% FoxIt Reader FileBrowser 10% Zotero 57% 5% JabRef EndNote 15% 5% Acrobat Reader Citavi 5% 39% Zotero Mendeley None Paper Acrobat Reader 5% 15%ASiCS 4 / 22 Xournal FoxIt Reader Mupdf None Mendeley Zotero None Mendeley Zotero EndNote Other JabRef Text Editor Other Citavi FileBrowser Other Organizing
    [Show full text]
  • PDF Studio 9 User Guide
    PDF Studio 9 User Guide Table of Contents Getting Started with PDF Studio ...................................................................... 2 User Preferences ........................................................................................ 4 Keyboard Shortcuts .................................................................................. 11 Integration with Google Drive and SharePoint .............................................. 13 Creating and Rearranging PDFs .................................................................... 19 Create PDFs ............................................................................................ 19 Merge and Split Documents ....................................................................... 19 Supported File Types ................................................................................ 19 Scan to PDF ............................................................................................ 20 OCR ....................................................................................................... 22 Modify PDF Pages ..................................................................................... 23 Split PDF Documents ................................................................................ 26 Headers, Footers, and Watermarks ............................................................. 32 Undo ...................................................................................................... 36 Comments and Annotations ........................................................................
    [Show full text]
  • 2017-Networkthousand
    1 Annotated Bibliography, and Summaries I. Annotating Text II. Annotating Media III. Annotation Theory and Practice IV. Group Dynamics and Social Annotation V. Bibliographic Reference/Metadata/Tagging Note to Reader: The categories of this bibliography have been separated into ‘Tools’ and ‘Articles’ for ease of reading. Cross-posted entries have been marked with an asterisk (*) after their first appearance. Category I: Annotating Text This category provides an environmental scan of the current state of text-based annotation practices and the foundational tools in the discipline. Many of the publications focus on situating annotation in the field of digital humanities by drafting definitions for annotation practice; specifying a general annotation framework for commentary across mediums; or brainstorming platforms that would better support user interaction with objects and with each other. Authors remark that the evolution of scholarship brought about by interactive Web 2.0 practices shifted the focus from learner-content interaction to learner-learner interaction, and that this behavioural shift necessitates a redesign of tools (Agosti et al. 2005; Gao 2013). It is widely acknowledged that annotation practices are beneficial for learning, archiving, clarifying, sharing, and expanding; current Web architecture, however, struggles to facilitate these advantages (Agosti et al. 2012; Bottoni 2003; Farzan et al. 2008). Several publications introduce tools that bridge the gap between tool design and user needs, specifically AnnotatEd and CommentPress (Farzan et al. 2008; Fitzpatrick 2007). These tools, along with alternative platforms that gamify annotation, allow for interactive reading and support user engagement with resources in a customizable way. The tools treat documents as mutable objects that can be tagged, highlighted, and underlined.
    [Show full text]