Publications
Processing Dangerous Paths - On Security and Privacy the Portable Document Format
2021 - Jens Müller, Dominik Noß, Christian Mainka, Vladislav Mladenov, Jörg Schwenk
28th Network and Distributed System Security Symposium (NDSS 2021) [pdf]Shadow Attacks: Hiding and Replacing Content in Signed PDFs
2021 - Christian Mainka, Vladislav Mladenov, Simon Rohlmann
28th Network and Distributed System Security Symposium (NDSS 2021) [pdf]Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions
2021 - Marcus Niemietz, Mario Korth, Christian Mainka, Juraj Somorovsky
arXiv 2021 [arXiv.org] [PDF]Determining the Core Primitive for Optimally Secure Ratcheting
2020 - Fatih Balli, Paul Rösler, Serge Vaudenay
IACR International Conference on the Theory and Application of Cryptology and Information Security, Asiacrypt 2020 [full version]On the Price of Concurrency in Group Ratcheting Protocols
2020 - Alexander Bienstock, Yevgeniy Dodis, Paul Rösler
IACR Theory of Cryptography Conference, TCC 2020 [full version]Powerless Security – A Security Analysis of in-Home Power Line Communications based on HomePlug AV2
2020 - Stefan Hoffmann, Jens Müller, Jörg Schwenk, Gerd Bumiller
18th International Conference on Applied Cryptography and Network Security (ACNS 2020)Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)
2020 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, Jörg Schwenk
30th USENIX Security Symposium, August 11–13, 2021, Vancouver, B.C., Canada [PDF]Mitigation of Attacks on Email End-to-End Encryption
2020 - Jörg Schwenk, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Sebastian Schinzel
ACM CCS 2020 - November 9-13, 2020 [PDF]Analysis of DTLS Implementations Using Protocol State Fuzzing
2020 - Paul Fiterau Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, Juraj Somorovsky
[LINK]Vulnerability Report Attacks bypassing the signature validation in PDF (Shadow Attacks)
2020 - Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jörg Schwenk
[pdf]Office Document Security and Privacy
2020 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk
14th USENIX Workshop on Offensive Technologies (WOOT 2020) [full version] [artifacts]Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption
2020 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk
8th IEEE Conference on Communications and Network Security (CNS 2020) [full version]Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework
2020 - Benjamin Dowling, Paul Rösler, Jörg Schwenk
IACR International Conference on Practice and Theory in Public Key Cryptography, PKC 2020 [extended version]Combiners for AEAD
2020 - Bertram Poettering, Paul Rösler
IACR Transactions on Symmetric Cryptology, ToSC Volume 2020, Issue 1 [full version]T0RTT: Non-Interactive Immediate Forward-Secure Single-Pass Circuit Construction
2020 - Sebastian Lauer, Kai Gellert, Robert Merget, Tobias Handirk, Jörg Schwenk
[Link]Practical Decryption exFiltration: Breaking PDF Encryption
2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk
26th ACM Conference on Computer and Communications Security [html] [pdf]Vulnerability Report: Attacks bypassing confidentiality in encrypted PDF
2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk
[html] [pdf]Verifiable Delay Functions from Supersingular Isogenies and Pairings
2019 - Luca De Feo, Simon Masson, Christophe Petit, Antonio Sanso
Asiacrypt 2019 [eprint]Produktivität von Wissenschaftlerinnen und Wissenschaftlern in den Fachbereichen der GMDS: Analyse der GMS-Beiträge zwischen 2004 und 2018
2019 - Pobiruchin M, Wiesner M, Steuer S, Maximilian Westers, Zowalla R
Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e.V. (GMDS). 64. Jahrestagung der GMDS. Dortmund, 08.-11.09.2019. Düsseldorf: German Medical Science GMS Publishing House; 2019. DocAbstr. 51Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities
2019 - Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, Yuval Shavitt
28th USENIX Security Symposium (USENIX Security '19) [Paper] [General Information] [TLS-Scanner]“Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails
2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk
28th USENIX Security Symposium (USENIX Security '19) [full version] [artifacts]1 Trillion Dollar Refund – How To Spoof PDF Signatures
2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk
26th ACM Conference on Computer and Communications Security [html] [pdf]Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption
2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk
17th International Conference on Applied Cryptography and Network Security (ACNS 2019) [draft version] [artifacts]Efail: Angriffe auf S/MIME und OpenPGP
2019 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk
16. Deutscher IT-Sicherheitskongress [pdf]Sicherheitsanalyse von eID/eIDAS-Diensten
2019 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk
16. Deutscher IT-SicherheitskongressTechnology Adoption, Motivational Aspects, and Privacy Concerns of Wearables in the German Running Community
2019 - Wiesner M, Zowalla R, Suleder J, Maximilian Westers, Pobiruchin M
Field Study JMIR Mhealth Uhealth 2018;6(12): e201Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
2019 - Nils Engelbertz, Vladislav Mladenov, Juraj Somorovsky, Nurullah Erinnola, David Herring, Jörg Schwenk
[pdf]Extended Affine and CCZ Equivalence up to Dimension 4
2019 - Marcus Brinkmann
A complete classification of all vectorial boolean functions in up to dimension 4, up to extended affine and CCZ equivalence. Work done as part of my diploma thesis in 2008, and since then cited as personal communication. [ePrint] [pdf]Vulnerability Report: Attacks bypassing the signature validation in PDF
2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk
[pdf]Prime and Prejudice: Primality Testing Under Adversarial Conditions
2018 - Martin R. Albrecht, Jake Massimo, Kenneth G. Paterson, Juraj Somorovsky
ACM CCS 2018 [eprint]In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild
2018 - Luke Valenta, Nick Sullivan, Antonio Sanso
In IEEE European Symposium on Security and Privacy (EuroS&P), 2018 [IEEE Website]Towards Bidirectional Ratcheted Key Exchange
2018 - Bertram Poettering, Paul Rösler
In Advances in Cryptology, IACR CRYPTO 2018 [extended version]Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
2018 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk
27th USENIX Security Symposium (USENIX Security 18) [full version]The Dangers of Key Reuse: Practical Attacks on IPsec IKE
2018 - Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek
27th USENIX Security Symposium, August 15–17, 2018, Baltimore, MD, USA [Original Publication] [Video of the Talk] [Previous Work 1] [Previous Work 2] [Paper] [Slides]Return Of Bleichenbacher’s Oracle Threat (ROBOT)
2018 - Hanno Böck, Juraj Somorovsky, Craig Young
27th USENIX Security Symposium (USENIX Security 18) [Attack website]PostScript Undead: Pwning the Web with a 35 Years Old Language
2018 - Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk
21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018) [Paper]Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe
2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk
12th USENIX Workshop on Offensive Technologies (WOOT '18) [pdf]Evaluation of eID and Trust Services
2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov
[pdf]Attacking Deterministic Signature Schemes using Fault Attacks
2018 - Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler
IEEE European Symposium on Security and Privacy, EuroS&P 2018 [full version]Is MathML Dangerous?
2018 - Christopher Späth
In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. [Link] [PDF]More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
2018 - Paul Rösler, Christian Mainka, Jörg Schwenk
IEEE European Symposium on Security and Privacy, EuroS&P 2018 [paper] [slides (RWC 2018)] [video (RWC 2018)]On Several Verifiable Random Functions and the q-decisional Bilinear Diffie-Hellman Inversion Assumption
2018 - Sebastian Lauer
The 5th ACM ASIA Public-Key Cryptography Workshop (APKC 2018)Mehr Sicherheit und Benutzerfreundlichkeit für Fernsignaturen
2018 - Tobias Wich, Sebastian Schuberth, René Lottes, Tina Hühnlein, Detlef Hühnlein
DACH Security, 2018Out of the Dark: UI Redressing and Trustworthy Events
2017 - Marcus Niemietz, Jörg Schwenk
16th International Conference on Cryptology And Network Security (CANS 2017) [Conference] [PDF]On The (In-)Security Of JavaScript Object Signing And Encryption
2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk
ROOTS, November 16–17, 2017, Vienna, Austria [PDF]Same-Origin Policy: Evaluation in Modern Browsers
2017 - Jörg Schwenk, Marcus Niemietz, Christian Mainka
26th USENIX Security Symposium (USENIX Security 17) [PDF]Breaking and Fixing Gridcoin
2017 - Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk
11th USENIX Workshop on Offensive Technologies (WOOT '17) [Link] [pdf]DOMPurify: Client-Side Protection Against XSS and Markup Injection
2017 - Mario Heiderich, Christopher Späth, Jörg Schwenk
(2017, September). DOMPurify: Client-Side Protection Against XSS and Markup Injection. In European Symposium on Research in Computer Security (ESORICS), Springer, Cham.Validierung des PROSIT CHD Type 2 Diabetes Herzinfarktmodells Diabetologie und Stoffwechsel
2017 - Seitz P, Fendrich L, Hempe H, Rickmann J, Christophidis B, Lankes S, Reimchen H, Maximilian Westers, Baumann B, Laha A, Suleder J, Sailer F, Schramm W
Simple Security Definitions for and Constructions of 0-RTT Key Exchange
2017 - Britta Hale, Tibor Jager, Sebastian Lauer, Jörg Schwenk
15th International Conference on Applied Cryptography and Network Security - ACNS 2017 [ePrint]