Meldungen des Lehrstuhls NDS

Workshop on Attacks in Cryptography

07.10.2019 - Juraj Somorovsky

In August 2019, we organized the second edition of the Workshop on Attacks in Cryptography (WAC2). This workshop was part of the famous CRYPTO conference in Santa Barbara and its aim was to bring together researchers working on cryptographic attacks. They provided a showcase of their work for the Crypto community. Among others, invited list of speakers contained Matthew Green, Mathy Vanhoef, and Nadia Heninger.

The workshop website with the slides is available here: https://crypto.iacr.org/2019/affevents/wac/page.html

Thanks to our sponsors (CASA and Hackmanit), we were also able to record videos: https://www.youtube.com/playlist?list=PLeeS-3Ml-rpo5tZgu7J2MhnrCJf0lSsqn

PDF Insecurity at ACM CCS 2019

30.09.2019 - Christian Mainka

We have published two papers on the 26th ACM Conference on Computer and Communications Security in London.

Our first paper is 1 Trillion Dollar Refund -- How To Spoof PDF Signatures and deals with the insecurity of PDF Signatures.

Our second paper is Practical Decryption exFiltration: Breaking PDF Encryption and shows how to extract plaintext out of encrypted PDFs.

More information can be found on PDF-insecurity.org and in our Blogposts "How to Spoof PDF Signature" and "PDFex - Major Security Flaws in PDF Encryption".

Anmeldung für das HackerPraktikum bis zum 05.10.2019 um 23:59 Uhr

16.09.2019 - Marcus Niemietz

Der Auf­nah­me­test für das Ha­cker­Prak­ti­kum im kommenden WS 2019/2020 findet am Montag, den 07.10.2019 um 14:15 Uhr im Raum ID 03/445, statt. Für den Auf­nah­me­test ist eine Anmel­dung verpflichtend. Interessierte Studierende können sich per E-Mail via nds+badbank@rub.de anmelden (benötigte Daten: Name, Matr.-Nr., Studiengang). Gültiger Zeitraum für die Anmeldung: bis zum 05.10.2019, 23:59 Uhr.

Complete article

Security flaws in email signatures and end-to-end encryption

16.08.2019 - Jens Müller

In cooperation Münster University of Applied Sciences, we published two more “Johnny” papers on email security. “Johnny, you are fired!” (USENIX Security 2019, https://usenix.org/system/files/sec19-muller.pdf) shows practicals forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five different attack classes. “Re: What's up Johnny” (ACNS 2019, https://arxiv.org/pdf/1904.07550) depicts covert content attacks on OpenPGP and S/MIME encryption and signatures in the context of email. In both papers we do not target the underlying cryptographic primitives, but instead abuse legitimate features of email-related RFCs.

Improvements to the SAML-Attacker tool

03.07.2019 - Marcus Brinkmann

We added two new features to our SAML-Attacker of our Burp Suite extension EsPReSSO <https://github.com/RUB-NDS/BurpSSOExtension> to probe for XML encryption weaknesses and signature wrapping vulnerabilities.

Complete article
to news archive