Publications

XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers

2021 - Lukas Knittel, Christian Mainka, Dominik Noß, Jörg Schwenk

ALPACA: Application Layer Protocol Confusion-Analyzing and Mitigating Cracks in TLS Authentication

2021 - Marcus Brinkmann, Christian Dresen, Robert Merget, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Jörg Schwenk, Sebastian Schinzel

30th USENIX Security Symposium, August 11–13, 2021, Vancouver, B.C., Canada [PDF] [WWW]

Breaking the Specification: PDF Certification

2021 - Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jörg Schwenk

42nd IEEE Symposium on Security and Privacy (S&P 2021) [pdf]

Linearly Self-Equivalent APN Permutations in Small Dimension

2021 - Christof Beierle, Marcus Brinkmann, Gregor Leander

IEEE Transactions on Information Theory [DOI] [PDF]

Vulnerability Report: Attacks on PDF Certification

2021 - Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jörg Schwenk

[html] [pdf]

Processing Dangerous Paths - On Security and Privacy of the Portable Document Format

2021 - Jens Müller, Dominik Noß, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

28th Network and Distributed System Security Symposium (NDSS 2021) [pdf]

Shadow Attacks: Hiding and Replacing Content in Signed PDFs

2021 - Christian Mainka, Vladislav Mladenov, Simon Rohlmann

28th Network and Distributed System Security Symposium (NDSS 2021) [pdf]

Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions

2021 - Marcus Niemietz, Mario Korth, Christian Mainka, Juraj Somorovsky

arXiv 2021 [arXiv.org] [PDF]

Determining the Core Primitive for Optimally Secure Ratcheting

2020 - Fatih Balli, Paul Rösler, Serge Vaudenay

IACR International Conference on the Theory and Application of Cryptology and Information Security, Asiacrypt 2020 [full version]

On the Price of Concurrency in Group Ratcheting Protocols

2020 - Alexander Bienstock, Yevgeniy Dodis, Paul Rösler

IACR Theory of Cryptography Conference, TCC 2020 [full version]

Powerless Security – A Security Analysis of in-Home Power Line Communications based on HomePlug AV2

2020 - Stefan Hoffmann, Jens Müller, Jörg Schwenk, Gerd Bumiller

18th International Conference on Applied Cryptography and Network Security (ACNS 2020)

Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)

2020 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, Jörg Schwenk

30th USENIX Security Symposium, August 11–13, 2021, Vancouver, B.C., Canada [PDF]

Mitigation of Attacks on Email End-to-End Encryption

2020 - Jörg Schwenk, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Sebastian Schinzel

ACM CCS 2020 - November 9-13, 2020 [PDF]

Analysis of DTLS Implementations Using Protocol State Fuzzing

2020 - Paul Fiterau Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, Juraj Somorovsky

[LINK]

Vulnerability Report Attacks bypassing the signature validation in PDF (Shadow Attacks)

2020 - Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jörg Schwenk

[pdf]

Office Document Security and Privacy

2020 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

14th USENIX Workshop on Offensive Technologies (WOOT 2020) [full version] [artifacts]

Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption

2020 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk

8th IEEE Conference on Communications and Network Security (CNS 2020) [full version]

Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework

2020 - Benjamin Dowling, Paul Rösler, Jörg Schwenk

IACR International Conference on Practice and Theory in Public Key Cryptography, PKC 2020 [extended version]

Combiners for AEAD

2020 - Bertram Poettering, Paul Rösler

IACR Transactions on Symmetric Cryptology, ToSC Volume 2020, Issue 1 [full version]

T0RTT: Non-Interactive Immediate Forward-Secure Single-Pass Circuit Construction

2020 - Sebastian Lauer, Kai Gellert, Robert Merget, Tobias Handirk, Jörg Schwenk

[Link]

Practical Decryption exFiltration: Breaking PDF Encryption

2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

26th ACM Con­fe­rence on Com­pu­ter and Com­mu­ni­ca­ti­ons Se­cu­ri­ty [html] [pdf]

Vulnerability Report: Attacks bypassing confidentiality in encrypted PDF

2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

[html] [pdf]

Verifiable Delay Functions from Supersingular Isogenies and Pairings

2019 - Luca De Feo, Simon Masson, Christophe Petit, Antonio Sanso

Asiacrypt 2019 [eprint]

Produktivität von Wissenschaftlerinnen und Wissenschaftlern in den Fachbereichen der GMDS: Analyse der GMS-Beiträge zwischen 2004 und 2018

2019 - Pobiruchin M, Wiesner M, Steuer S, Maximilian Westers, Zowalla R

Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e.V. (GMDS). 64. Jahrestagung der GMDS. Dortmund, 08.-11.09.2019. Düsseldorf: German Medical Science GMS Publishing House; 2019. DocAbstr. 51

Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

2019 - Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, Yuval Shavitt

28th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty '19) [Paper] [General Information] [TLS-Scanner]

“Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails

2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk

28th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty '19) [full version] [artifacts]

1 Trillion Dollar Refund – How To Spoof PDF Signatures

2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk

26th ACM Conference on Computer and Communications Security [html] [pdf]

Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption

2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk

17th International Conference on Applied Cryptography and Network Security (ACNS 2019) [draft version] [artifacts]

Efail: Angriffe auf S/MIME und OpenPGP

2019 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk

16. Deutscher IT-Sicherheitskongress [pdf]

Sicherheitsanalyse von eID/eIDAS-Diensten

2019 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk

16. Deutscher IT-Sicherheitskongress

Technology Adoption, Motivational Aspects, and Privacy Concerns of Wearables in the German Running Community

2019 - Wiesner M, Zowalla R, Suleder J, Maximilian Westers, Pobiruchin M

Field Study JMIR Mhealth Uhealth 2018;6(12): e201

Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)

2019 - Nils Engelbertz, Vladislav Mladenov, Juraj Somorovsky, Nurullah Erinnola, David Herring, Jörg Schwenk

[pdf]

Extended Affine and CCZ Equivalence up to Dimension 4

2019 - Marcus Brinkmann

A complete classification of all vectorial boolean functions in up to dimension 4, up to extended affine and CCZ equivalence. Work done as part of my diploma thesis in 2008, and since then cited as personal communication. [ePrint] [pdf]

Vulnerability Report: Attacks bypassing the signature validation in PDF

2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk

[pdf]

Prime and Prejudice: Primality Testing Under Adversarial Conditions

2018 - Martin R. Albrecht, Jake Massimo, Kenneth G. Paterson, Juraj Somorovsky

ACM CCS 2018 [eprint]

In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild

2018 - Luke Valenta, Nick Sullivan, Antonio Sanso

In IEEE European Symposium on Security and Privacy (EuroS&P), 2018 [IEEE Website]

Towards Bidirectional Ratcheted Key Exchange

2018 - Bertram Poettering, Paul Rösler

In Advances in Cryptology, IACR CRYPTO 2018 [extended version]

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

2018 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [full version]

The Dangers of Key Reuse: Practical Attacks on IPsec IKE

2018 - Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek

27th USENIX Security Symposium, August 15–17, 2018, Baltimore, MD, USA [Original Publication] [Video of the Talk] [Previous Work 1] [Previous Work 2] [Paper] [Slides]

Return Of Bleichenbacher’s Oracle Threat (ROBOT)

2018 - Hanno Böck, Juraj Somorovsky, Craig Young

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [Attack website]

PostScript Undead: Pwning the Web with a 35 Years Old Language

2018 - Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk

21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018) [Paper]

Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe

2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

12th USE­NIX Work­shop on Of­fen­si­ve Tech­no­lo­gies (WOOT '18) [pdf]

Evaluation of eID and Trust Services

2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov

[pdf]

Attacking Deterministic Signature Schemes using Fault Attacks

2018 - Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [full version]

Is MathML Dangerous?

2018 - Christopher Späth

In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. [Link] [PDF]

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

2018 - Paul Rösler, Christian Mainka, Jörg Schwenk

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [paper] [slides (RWC 2018)] [video (RWC 2018)]

On Several Verifiable Random Functions and the q-decisional Bilinear Diffie-Hellman Inversion Assumption

2018 - Sebastian Lauer

The 5th ACM ASIA Public-Key Cryptography Workshop (APKC 2018)

Mehr Sicherheit und Benutzerfreundlichkeit für Fernsignaturen

2018 - Tobias Wich, Sebastian Schuberth, René Lottes, Tina Hühnlein, Detlef Hühnlein

DACH Security, 2018

Out of the Dark: UI Redressing and Trustworthy Events

2017 - Marcus Niemietz, Jörg Schwenk

16th International Conference on Cryptology And Network Security (CANS 2017) [Conference] [PDF]

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]
Page: