Dr.-Ing. Sebastian Gajek

  • Former Assistant - Chair Network and Data Security
Gajek, Sebastian

Vita

I left Bochum. Now I am a postdoctoral fellow in Ran Canetti's crypto group at the Tel Aviv University in Israel. This site is not updated. You find my new homepage here <http://www.cs.tau.ac.il/~gajek/>.

Publications

2010
Secure Bindings of SAML Assertions to TLS Sessions

Jörg Schwenk, Sebastian Gajek, Meiko Jensen, Florian Kohlar, - Proceedings of the Fifth International Conference on Availability, Reliability and Security (ARES), Krakow, Poland.

2009
Analysis of Signature Wrapping Attacks and Countermeasures

Jörg Schwenk, Sebastian Gajek, Lijun Liao, Meiko Jensen, - Proceedings of the 7th IEEE International Conference on Web Services (ICWS), Los Angeles, USA, 2009.

2008
A Brow­ser-Ba­sed Ker­be­ros Au­then­ti­ca­ti­on Sche­me

Sebastian Gajek, Tibor Jager, Mark Manulis, Jörg Schwenk - ESORICS 2008

Die Sicherheit von MS CardSpace und verwandten Single-Sign-On-Protokollen

Sebastian Gajek, Sven Schäge, Xuan Chen, Christoph Löhr - Datenschutz und Datensicherheit - DuD. Volume 32, Number 8, Seiten 515-519. Vieweg Verlag, August 2008.

A Forensic Framework for Tracing Phishers

Ahmad-Reza Sadeghi, Sebastian Gajek, Felix Gröbert, , Dominik Birk - International Federation for Information Processing, to appear in LNCS 6102.

Provably Secure Browser-Based User-Aware Mutual Authentication over TLS

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - Accepted for ASIACCS'08.

Stronger TLS Bindings for SAML Assertions and SAML Artifacts

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Proceedings of the ACM CCS Workshop for Secure Web Services (ACM SWS'08), Virginia (USA), 2008.

Universally Composable Security Analysis of TLS

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, Olivier Pereira - Accepted for the Second Confer­ence on Provable Security (ProvSec), 2008.

2007
Trusted User-Aware Web Authentication

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy, - Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007.

Compartmented Security for Browsers – Or How to Thwart a Phisher with Trusted Computing

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - In Proceedings of the The Second International Conference on Availability, Reliability and Security (ARES 2007), Vienna, Austria, April 10-13, 2007, pages 120-127. IEEE Computer Society, 2007.

Phishing Phishers - Observing and Tracing Organized Cybercrime

Ahmad-Reza Sadeghi, Sebastian Gajek, Felix Gröbert, , Dominik Birk - In Proceedings of the Second International Conference on Internet Monitoring and Protection (ICIMP 2007), Silicon Valley, California, July 1-5, 2007, page 3. IEEE Computer Society, 2007.

Aktuelle Gefahren im Onlinebanking-Technische und Juristische Hintergründe.

Jörg Schwenk, Georg Borges, Sebastian Gajek, Christoph Wegener, Isabelle Biallaß, Julia Meyer, Dennis Werner - In Proceedings of the 10th German IT Security Congress, Federal Office for Information Security, Bonn (Germany), 2007.

Breaking and Fixing the Inline Approach.

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Proceedings of the ACM CCS Workshop for Secure Web Services (ACM SWS'07), Alexandria (USA), 2007 .

Browser Models for Usable Authentication Protocols

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - Presented at the Workshop on Web 2.0 Security and Privacy (W2SP 2007) held in conjunction with the IEEE Symposium on Security and Privacy, Oakland, California, May 24, 2007.

Browser Models for Usable Authentication Protocols.

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - In Proceedings of the IEEE Security and Privacy Workshop on Web 2.0 Security and Privacy (W2SP'07), Oakland (USA), 2007.

Browser-based Authentication Protocols for Naive Users.

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - accepted for presentation at the Western European Workshop on Research in Cryptology (WEWoRC 2007), Bochum (Germany), 2007.

Compartmented Security for Browsers

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Technical Report HGI-TR-2007-001, Horst Görtz Institute for IT Security, Ruhr-University Bochum, 2007.

Ein Framework zur Identifikation von Identitätsbetrügern, Geldwäschern und Phishing-Simulanten.

Sebastian Gajek, Felix Gröbert, Macimillian Dornseif, Dominik Birk - In Proceedings of the 10th German IT Security Congress, Federal Office for Information Security, Bonn (Germany), 2007.

Phishing Phishers -- Observing and Tracing Organized Cybercrime.

Ahmad-Reza Sadeghi, Sebastian Gajek, Felix Gröbert, , Dominik Birk - In Proceedings of the 2nd IEEE International Conference on Internet Monitoring and Protection (ICIMP'07), Silicon Valley (USA), 2007.

Security of Mircrosoft's Identity Metasystem and CardSpace .

Sebastian Gajek, Ralf Hauser, Rolf Oppliger - In Proceedings of Kommunikation in Verteilten Systemen (KiVS '07), Industry Track, Bern (Switzerland), 2007 .

Signieren mit Chipkartensystemen in unsicheren Umgebungen - Homebanking mit Secure HBCI/FinTS

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Datenschutz und Datensicherheit, Ausgabe 2007/11

SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services .

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Proceedings of the IEEE ECOWS Workshop on Emerging Web Services Technology (WEWST'07), Halle (Germany), 2007 .

Towards a Formal Semantic of XML Signature.

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - W3C Workshop Next Steps for XML Signature and XML Encryption, Mountain View (USA), 2007.

Trustworthy Signing with Smart Card System in Untrustworthy Environments.

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - e-Smart conference and demos 2007, 19-21 September 2007, Sophia Antipolis, French Riviera.

Using Two-Steps Hash Function to Support Trustworthy Signing.

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - Western European Workshop on Research in Cryptology (WEWoRC 2007), Bochum (Germany), 2007.

2006
Towards Multicolored Computing - Compartmented Security to Prevent Phishing Attacks.

Sebastian Gajek, Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy - Workshop on Information and System Security (WISSEC'06), Antwerpen (Belgium), 2006 .

A Case Study on Online-Banking Security.

Jörg Schwenk, Sebastian Gajek, Henrik te Heesen - International Conference on Emerging Trends in Information and Communication Security (ETRICS'06) Workshop on Security and Privacy in Future Business Services, Freiburg (Germany), 2006 .

Client Authentication in Federations Using a Security Mode

Ahmad-Reza Sadeghi, Sebastian Gajek, - Accepted to be presented at Toward a More Secure Web - W3C Workshop on Usability and Transparency of Web Authentication.

Reversed Responsibilities: Browser Authentication instead of Server Authentication.

Jörg Schwenk, Sebastian Gajek, - Workshop on Transparency and Usability of Web Authentication, New York (USA), 2006.

SSL-VA-Authentifizierung als Schutz vor Phishing und Pharming.

Jörg Schwenk, Sebastian Gajek, Christoph Wegener, - accepted for Sicherheit - Schutz und Zuverlässigkeit, February 20, 2006, Magdeburg, Germany.

2005
Effective Protection Against Phishing and Web Spoofing

Sebastian Gajek, Rolf Oppliger - 9th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS2005), LNCS 3677. pp 32-42. Copyrights Springer-Verlag, Heidelberg Berlin.

Identitätsmissbrauch im Onlinebanking

Jörg Schwenk, Sebastian Gajek, Christoph Wegener, - Datenschutz und Datensicherheit, Ausgabe 11, 2005.

Phishing - Die Täuschung des Benutzers zur Preisgabe geheimer Benutzerdaten

Jörg Schwenk, Sebastian Gajek, Andre Adelsbach, - 9. Deutscher IT-Sicherheitskongress des BSI, 2005.

Trustworthy Visualisation and Verification of Multiple XML-Signatures

Jörg Schwenk, Sebastian Gajek, Wolfgang Kubbilun - In CMS 2005: Proceedings of the 9th IFIP International Conference on Communications and Multimedia Security, Lecture Notes in Computer Science, volume 3677, pages 311-320, Springer, 2005.

Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures

Jörg Schwenk, Sebastian Gajek, Andre Adelsbach, - First Information Security Practice and Experience Conference (ISPEC 2005), LNCS 3439. pp 204-217. Copyrights Springer-Verlag, Heidelberg Berlin.