Publications

Determining the Core Primitive for Optimally Secure Ratcheting

2020 - Fatih Balli, Paul Rösler, Serge Vaudenay

IACR International Conference on the Theory and Application of Cryptology and Information Security, Asiacrypt 2020 [full version]

On the Price of Concurrency in Group Ratcheting Protocols

2020 - Alexander Bienstock, Yevgeniy Dodis, Paul Rösler

IACR Theory of Cryptography Conference, TCC 2020 [full version]

Powerless Security – A Security Analysis of in-Home Power Line Communications based on HomePlug AV2

2020 - Stefan Hoffmann, Jens Müller, Jörg Schwenk, Gerd Bumiller

18th International Conference on Applied Cryptography and Network Security (ACNS 2020)

Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)

2020 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, Jörg Schwenk

30th USENIX Security Symposium, August 11–13, 2021, Vancouver, B.C., Canada [PDF]

Mitigation of Attacks on Email End-to-End Encryption

2020 - Jörg Schwenk, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Sebastian Schinzel

ACM CCS 2020 - November 9-13, 2020

Analysis of DTLS Implementations Using Protocol State Fuzzing

2020 - Paul Fiterau Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, Juraj Somorovsky

[LINK]

Vulnerability Report Attacks bypassing the signature validation in PDF (Shadow Attacks)

2020 - Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jörg Schwenk

[pdf]

Office Document Security and Privacy

2020 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

14th USENIX Workshop on Offensive Technologies (WOOT 2020) [full version] [artifacts]

Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption

2020 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk

8th IEEE Conference on Communications and Network Security (CNS 2020) [full version]

Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework

2020 - Benjamin Dowling, Paul Rösler, Jörg Schwenk

IACR International Conference on Practice and Theory in Public Key Cryptography, PKC 2020 [extended version]

Combiners for AEAD

2020 - Bertram Poettering, Paul Rösler

IACR Transactions on Symmetric Cryptology, ToSC Volume 2020, Issue 1 [full version]

T0RTT: Non-Interactive Immediate Forward-Secure Single-Pass Circuit Construction

2020 - Sebastian Lauer, Kai Gellert, Robert Merget, Tobias Handirk, Jörg Schwenk

[Link]

Practical Decryption exFiltration: Breaking PDF Encryption

2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

26th ACM Con­fe­rence on Com­pu­ter and Com­mu­ni­ca­ti­ons Se­cu­ri­ty [html] [pdf]

Vulnerability Report: Attacks bypassing confidentiality in encrypted PDF

2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

[html] [pdf]

Verifiable Delay Functions from Supersingular Isogenies and Pairings

2019 - Luca De Feo, Simon Masson, Christophe Petit, Antonio Sanso

Asiacrypt 2019 [eprint]

Produktivität von Wissenschaftlerinnen und Wissenschaftlern in den Fachbereichen der GMDS: Analyse der GMS-Beiträge zwischen 2004 und 2018

2019 - Pobiruchin M, Wiesner M, Steuer S, Maximilian Westers, Zowalla R

Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e.V. (GMDS). 64. Jahrestagung der GMDS. Dortmund, 08.-11.09.2019. Düsseldorf: German Medical Science GMS Publishing House; 2019. DocAbstr. 51

Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

2019 - Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, Yuval Shavitt

28th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty '19) [Paper] [General Information] [TLS-Scanner]

“Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails

2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk

28th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty '19) [full version] [artifacts]

1 Trillion Dollar Refund – How To Spoof PDF Signatures

2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk

26th ACM Conference on Computer and Communications Security [html] [pdf]

Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption

2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk

17th International Conference on Applied Cryptography and Network Security (ACNS 2019) [draft version] [artifacts]

Efail: Angriffe auf S/MIME und OpenPGP

2019 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk

16. Deutscher IT-Sicherheitskongress [pdf]

Sicherheitsanalyse von eID/eIDAS-Diensten

2019 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk

16. Deutscher IT-Sicherheitskongress

Technology Adoption, Motivational Aspects, and Privacy Concerns of Wearables in the German Running Community

2019 - Wiesner M, Zowalla R, Suleder J, Maximilian Westers, Pobiruchin M

Field Study JMIR Mhealth Uhealth 2018;6(12): e201

Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)

2019 - Nils Engelbertz, Vladislav Mladenov, Juraj Somorovsky, Nurullah Erinnola, David Herring, Jörg Schwenk

[pdf]

Extended Affine and CCZ Equivalence up to Dimension 4

2019 - Marcus Brinkmann

A complete classification of all vectorial boolean functions in up to dimension 4, up to extended affine and CCZ equivalence. Work done as part of my diploma thesis in 2008, and since then cited as personal communication. [ePrint] [pdf]

Vulnerability Report: Attacks bypassing the signature validation in PDF

2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk

[pdf]

Prime and Prejudice: Primality Testing Under Adversarial Conditions

2018 - Martin R. Albrecht, Jake Massimo, Kenneth G. Paterson, Juraj Somorovsky

ACM CCS 2018 [eprint]

In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild

2018 - Luke Valenta, Nick Sullivan, Antonio Sanso

In IEEE European Symposium on Security and Privacy (EuroS&P), 2018 [IEEE Website]

Towards Bidirectional Ratcheted Key Exchange

2018 - Bertram Poettering, Paul Rösler

In Advances in Cryptology, IACR CRYPTO 2018 [extended version]

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

2018 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [full version]

The Dangers of Key Reuse: Practical Attacks on IPsec IKE

2018 - Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek

27th USENIX Security Symposium, August 15–17, 2018, Baltimore, MD, USA [Original Publication] [Video of the Talk] [Previous Work 1] [Previous Work 2] [Paper] [Slides]

Return Of Bleichenbacher’s Oracle Threat (ROBOT)

2018 - Hanno Böck, Juraj Somorovsky, Craig Young

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [Attack website]

PostScript Undead: Pwning the Web with a 35 Years Old Language

2018 - Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk

21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018) [Paper]

Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe

2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

12th USE­NIX Work­shop on Of­fen­si­ve Tech­no­lo­gies (WOOT '18) [pdf]

Evaluation of eID and Trust Services

2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov

[pdf]

Attacking Deterministic Signature Schemes using Fault Attacks

2018 - Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [full version]

Is MathML Dangerous?

2018 - Christopher Späth

In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. [Link] [PDF]

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

2018 - Paul Rösler, Christian Mainka, Jörg Schwenk

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [paper] [slides (RWC 2018)] [video (RWC 2018)]

On Several Verifiable Random Functions and the q-decisional Bilinear Diffie-Hellman Inversion Assumption

2018 - Sebastian Lauer

The 5th ACM ASIA Public-Key Cryptography Workshop (APKC 2018)

Mehr Sicherheit und Benutzerfreundlichkeit für Fernsignaturen

2018 - Tobias Wich, Sebastian Schuberth, René Lottes, Tina Hühnlein, Detlef Hühnlein

DACH Security, 2018

Out of the Dark: UI Redressing and Trustworthy Events

2017 - Marcus Niemietz, Jörg Schwenk

16th International Conference on Cryptology And Network Security (CANS 2017) [Conference] [PDF]

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]

Same-Origin Policy: Evaluation in Modern Browsers

2017 - Jörg Schwenk, Marcus Niemietz, Christian Mainka

26th USENIX Security Symposium (USENIX Security 17) [PDF]

Breaking and Fixing Gridcoin

2017 - Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk

11th USENIX Workshop on Offensive Technologies (WOOT '17) [Link] [pdf]

DOMPurify: Client-Side Protection Against XSS and Markup Injection

2017 - Mario Heiderich, Christopher Späth, Jörg Schwenk

(2017, September). DOMPurify: Client-Side Protection Against XSS and Markup Injection. In European Symposium on Research in Computer Security (ESORICS), Springer, Cham.

Validierung des PROSIT CHD Type 2 Diabetes Herzinfarktmodells Diabetologie und Stoffwechsel

2017 - Seitz P, Fendrich L, Hempe H, Rickmann J, Christophidis B, Lankes S, Reimchen H, Maximilian Westers, Baumann B, Laha A, Suleder J, Sailer F, Schramm W

Simple Security Definitions for and Constructions of 0-RTT Key Exchange

2017 - Britta Hale, Tibor Jager, Sebastian Lauer, Jörg Schwenk

15th International Conference on Applied Cryptography and Network Security - ACNS 2017 [ePrint]

OAuth 2 in Action

2017 - Justin Richer, Antonio Sanso

ISBN 9781617293276

Measuring small subgroup attacks against Diffie-Hellman

2017 - Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, Nadia Heninger

In NDSS Symposium 2017 [NDSS Website] [Paper] [Slides] [Youtube Video]

SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

2017 - Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 [GitHub-Project] [Paper] [Slides]
Page: