RedOffice Document SecurityGuan Zhi ★ Peking Univ.

About RedOffice

RedOffice is the proprietary office suit based on OpenOffice.org provided by the company RedFlag2000 in China.

The features of RedOffice include

better chinese language and localization support

chinese style documents support and etc.

OpenOffice Document Security

The current OpenOffice security mechanisms include:

Password based encryption, defined in “Open Document Format for Office Applications (OpenDocument) v1.0 Specification” section 16.3.

Digital signature based on PKI, provided in OpenOffice.org 3.0, menu:file:digital signatures ...

Our Aim is ...

To enhance RedOffice/OpenOffice documents security with cryptography.

What is Required

Compared with PDF document, OpenOffice document lacks:

Certificate based document encryption.

GUI supported key/certificate generation and management.

Graphical digital signature display.

And even more ...

Password Generator

In password based encryption, users always choose very weak passwords, which makes the encrypted documents easily broken.

Password generator is a program/extension which helps the user to generate more secure and easily remembered passwords.

Certificate Based Encryption

With certificate based encryption an Office author can encrypt a document with multiple recipient’s certificates.

For a group of users to share documents, certificate based encryption is much more easier and secure than password based encryption.

Key/Certificate Management

Current OpenOffice.org requires the user to import certificates and private keys for digital signature generation, while does not provide certificate management functionalities.

Certificate Extension: Certificate and key pair generation utilities for RedOffice/OpenOffice.org.

Crypto Framework Extension

A cryptographic framework extension for RedOffice/OpenOffice.org.

The cryptographic API is based on the PKCS #11: Cryptographic Token Interface Standard, supported on both Windows and Linux.

Third party cryptographic algorithms, modules and hardware tokens such as smart card and USB key can be integrated into RedOffice/OpenOffice.org.

Advance Cryptography

Identity based encryption, for simplicity of public key management.

Attribute based encryption, for simplicity of document sharing and access control based on document encryption.

Paper Based Security

When a document is printed on the paper, all the security attributes are disappeared.

With printed 1-D or 2-D barcode, the security attributes can be reserved on the printed paper documents.

Key Management Service

Basically, it is a PKI Certificate Authority with additional functionalities.

Generation, distribution, management of keys and certificates.

Supporting advanced cryptography and key policies.

Document Security Service

An ordinary office user only know who is the document recipient, without the detailed knowledge of how to protect the document.

Document security service is an online service to provide RedOffice/OpenOffice.org documents with automated public key encryption, digital signature and other security attributes.

The service will choose what kind of security mechanisms and policies should be applied to the document, and executes the corresponding security operations.

ENDfor more details, connect <guanzhi@infosec.pku.edu.cn>