Publications

Powerless Security – A Security Analysis of in-Home Power Line Communications based on HomePlug AV2

2020 - Stefan Hoffmann, Jens Müller, Jörg Schwenk, Gerd Bumiller

18th International Conference on Applied Cryptography and Network Security (ACNS 2020)

Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption

2020 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk

8th IEEE Conference on Communications and Network Security (CNS 2020)

Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework

2020 - Benjamin Dowling, Paul Rösler, Jörg Schwenk

IACR International Conference on Practice and Theory in Public Key Cryptography, PKC 2020 [extended version]

T0RTT: Non-Interactive Immediate Forward-Secure Single-Pass Circuit Construction

2020 - Sebastian Lauer, Kai Gellert, Robert Merget, Tobias Handirk, Jörg Schwenk

[Link]

Practical Decryption exFiltration: Breaking PDF Encryption

2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

26th ACM Con­fe­rence on Com­pu­ter and Com­mu­ni­ca­ti­ons Se­cu­ri­ty [html] [pdf]

Verifiable Delay Functions from Supersingular Isogenies and Pairings

2019 - Luca De Feo, Simon Masson, Christophe Petit, Antonio Sanso

Asiacrypt 2019 [eprint]

Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

2019 - Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, Yuval Shavitt

28th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty '19) [Paper] [General Information] [TLS-Scanner]

“Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails

2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk

28th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty '19) [full version] [artifacts]

1 Trillion Dollar Refund – How To Spoof PDF Signatures

2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk

26th ACM Conference on Computer and Communications Security [html] [pdf]

Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption

2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk

17th International Conference on Applied Cryptography and Network Security (ACNS 2019) [draft version] [artifacts]

Efail: Angriffe auf S/MIME und OpenPGP

2019 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk

16. Deutscher IT-Sicherheitskongress [pdf]

Sicherheitsanalyse von eID/eIDAS-Diensten

2019 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk

16. Deutscher IT-Sicherheitskongress

Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)

2019 - Nils Engelbertz, Vladislav Mladenov, Juraj Somorovsky, Nurullah Erinnola, David Herring, Jörg Schwenk

[pdf]

Prime and Prejudice: Primality Testing Under Adversarial Conditions

2018 - Martin R. Albrecht, Jake Massimo, Kenneth G. Paterson, Juraj Somorovsky

ACM CCS 2018 [eprint]

In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild

2018 - Luke Valenta, Nick Sullivan, Antonio Sanso

In IEEE European Symposium on Security and Privacy (EuroS&P), 2018 [IEEE Website]

Towards Bidirectional Ratcheted Key Exchange

2018 - Bertram Poettering, Paul Rösler

In Advances in Cryptology, IACR CRYPTO 2018 [extended version]

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

2018 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [full version]

The Dangers of Key Reuse: Practical Attacks on IPsec IKE

2018 - Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek

27th USENIX Security Symposium, August 15–17, 2018, Baltimore, MD, USA [Original Publication] [Video of the Talk] [Previous Work 1] [Previous Work 2] [Paper] [Slides]

Return Of Bleichenbacher’s Oracle Threat (ROBOT)

2018 - Hanno Böck, Juraj Somorovsky, Craig Young

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [Attack website]

PostScript Undead: Pwning the Web with a 35 Years Old Language

2018 - Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk

21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018) [Paper]

Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe

2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

12th USE­NIX Work­shop on Of­fen­si­ve Tech­no­lo­gies (WOOT '18) [pdf]

Attacking Deterministic Signature Schemes using Fault Attacks

2018 - Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [full version]

Is MathML Dangerous?

2018 - Christopher Späth

In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. [Link] [PDF]

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

2018 - Paul Rösler, Christian Mainka, Jörg Schwenk

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [paper] [slides (RWC 2018)] [video (RWC 2018)]

On Several Verifiable Random Functions and the q-decisional Bilinear Diffie-Hellman Inversion Assumption

2018 - Sebastian Lauer

The 5th ACM ASIA Public-Key Cryptography Workshop (APKC 2018)

Mehr Sicherheit und Benutzerfreundlichkeit für Fernsignaturen

2018 - Tobias Wich, Sebastian Schuberth, René Lottes, Tina Hühnlein, Detlef Hühnlein

DACH Security, 2018

Out of the Dark: UI Redressing and Trustworthy Events

2017 - Marcus Niemietz, Jörg Schwenk

16th International Conference on Cryptology And Network Security (CANS 2017) [Conference] [PDF]

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]

Same-Origin Policy: Evaluation in Modern Browsers

2017 - Jörg Schwenk, Marcus Niemietz, Christian Mainka

26th USENIX Security Symposium (USENIX Security 17) [PDF]

Breaking and Fixing Gridcoin

2017 - Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk

11th USENIX Workshop on Offensive Technologies (WOOT '17) [Link] [pdf]

DOMPurify: Client-Side Protection Against XSS and Markup Injection

2017 - Mario Heiderich, Christopher Späth, Jörg Schwenk

(2017, September). DOMPurify: Client-Side Protection Against XSS and Markup Injection. In European Symposium on Research in Computer Security (ESORICS), Springer, Cham.

Simple Security Definitions for and Constructions of 0-RTT Key Exchange

2017 - Britta Hale, Tibor Jager, Sebastian Lauer, Jörg Schwenk

15th International Conference on Applied Cryptography and Network Security - ACNS 2017 [ePrint]

Measuring small subgroup attacks against Diffie-Hellman

2017 - Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, Nadia Heninger

In NDSS Symposium 2017 [NDSS Website] [Paper] [Slides] [Youtube Video]

SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

2017 - Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 [GitHub-Project] [Paper] [Slides]

SoK: Exploiting Network Printers

2017 - Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

38th IEEE Symposium on Security and Privacy (S&P 2017) [html] [html] [pdf]

SoK: Single Sign-On Security – An Evaluation of OpenID Connect

2017 - Christian Mainka, Vladislav Mladenov, Tobias Wich, Jörg Schwenk

IEEE Eu­ropean Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (EuroS&P 2017) [pdf]

0-RTT Key Exchange with Full Forward Secrecy

2017 - Felix Günther, Britta Hale, Tibor Jager, Sebastian Lauer

36th International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2017)

Towards secure and standard-compliant implementations of the PSD2 Directive

2017 - Detlef Hühnlein, Tobias Wich, Daniel Nemmert

Open Identity Summit, 2017 [PDF]

Breaking PPTP VPNs via RADIUS Encryption

2016 - Matthias Horst, Martin Grothe, Tibor Jager, Jörg Schwenk

15th International Conference on Cryptology and Network Security (CANS) [http] [pdf]

Evaluating Two Methods for WS-(Security) Policy Negotiation and Decision Making

2016 - Abeer El­sa­fie, Jörg Schwenk

Cloud and Trusted Computing (C&TC 2016), part of: The 15th OnTheMove to Meaningful Internet Systems: (OTM 2016) Conferences, 24-28 Oct 2016, Rhodes, Greece. [Paper]

DROWN: Breaking TLS using SSLv2

2016 - Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Chris­tof Paar, Yuval Shavitt

USENIX Security 2016 [Website and paper] [Pwnie Awards] [Facebook Prize]

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

2016 - Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic

WOOT 2016 [Blackhat stuff] [paper]

SoK: XML Parser Vulnerabilities

2016 - Christopher Späth, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

10th USENIX Workshop on Offensive Technologies (WOOT '16) [Paper PDF]

How to Break Microsoft Rights Management Services

2016 - Martin Grothe, Christian Mainka, Paul Rösler, Jörg Schwenk

10th USENIX Workshop on Offensive Technologies (WOOT '16) [Paper PDF]

Your Cloud in my Company: Modern Rights Management Services Revisited

2016 - Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, Jörg Schwenk

11th International Conference on Availability, Reliability and Security (ARES 2016) [pdf]

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

2016 - Christian Mainka, Vladislav Mladenov, Jörg Schwenk

IEEE Eu­ropean Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (EuroS&P 2016) [Paper PDF]

How Secure is TextSecure?

2016 - Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz

IEEE European Symposium on Security and Privacy (EuroS&P 2016) [PDF]

Architecture for Controlled Credential issuance Enhanced with Single Sign-On (ACCESSO)

2016 - Daniel Nemmert, Detlef Hühnlein, Tina Hühnlein, Tobias Wich

Open Identity Summit, 2016 [PDF]

Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite

2015 - Christian Mainka, Vladislav Mladenov, Tim Guenther, Jörg Schwenk

Open Identity Summit 2015 [Paper PDF]
Page: