Publications
Practical Decryption exFiltration: Breaking PDF Encryption
2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk
26th ACM Conference on Computer and Communications Security [html] [pdf]Vulnerability Report: Attacks bypassing confidentiality in encrypted PDF
2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk
[html] [pdf]Verifiable Delay Functions from Supersingular Isogenies and Pairings
2019 - Luca De Feo, Simon Masson, Christophe Petit, Antonio Sanso
Asiacrypt 2019 [eprint]Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities
2019 - Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, Yuval Shavitt
28th USENIX Security Symposium (USENIX Security '19) [Paper] [General Information] [TLS-Scanner]“Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails
2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk
28th USENIX Security Symposium (USENIX Security '19) [full version] [artifacts]1 Trillion Dollar Refund – How To Spoof PDF Signatures
2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk
26th ACM Conference on Computer and Communications Security [html] [pdf]Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption
2019 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk
17th International Conference on Applied Cryptography and Network Security (ACNS 2019) [draft version] [artifacts]Efail: Angriffe auf S/MIME und OpenPGP
2019 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk
16. Deutscher IT-Sicherheitskongress [pdf]Sicherheitsanalyse von eID/eIDAS-Diensten
2019 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk
16. Deutscher IT-SicherheitskongressSecurity Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
2019 - Nils Engelbertz, Vladislav Mladenov, Juraj Somorovsky, Nurullah Erinnola, David Herring, Jörg Schwenk
[pdf]Extended Affine and CCZ Equivalence up to Dimension 4
2019 - Marcus Brinkmann
A complete classification of all vectorial boolean functions in up to dimension 4, up to extended affine and CCZ equivalence. Work done as part of my diploma thesis in 2008, and since then cited as personal communication. [ePrint] [pdf]Vulnerability Report: Attacks bypassing the signature validation in PDF
2019 - Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk
[pdf]Prime and Prejudice: Primality Testing Under Adversarial Conditions
2018 - Martin R. Albrecht, Jake Massimo, Kenneth G. Paterson, Juraj Somorovsky
ACM CCS 2018 [eprint]In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild
2018 - Luke Valenta, Nick Sullivan, Antonio Sanso
In IEEE European Symposium on Security and Privacy (EuroS&P), 2018 [IEEE Website]Towards Bidirectional Ratcheted Key Exchange
2018 - Bertram Poettering, Paul Rösler
In Advances in Cryptology, IACR CRYPTO 2018 [extended version]Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
2018 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk
27th USENIX Security Symposium (USENIX Security 18) [full version]The Dangers of Key Reuse: Practical Attacks on IPsec IKE
2018 - Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek
27th USENIX Security Symposium, August 15–17, 2018, Baltimore, MD, USA [Original Publication] [Video of the Talk] [Paper] [Slides]Return Of Bleichenbacher’s Oracle Threat (ROBOT)
2018 - Hanno Böck, Juraj Somorovsky, Craig Young
27th USENIX Security Symposium (USENIX Security 18) [Attack website]PostScript Undead: Pwning the Web with a 35 Years Old Language
2018 - Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk
21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018) [Paper]Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe
2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk
12th USENIX Workshop on Offensive Technologies (WOOT '18) [pdf]Evaluation of eID and Trust Services
2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov
[pdf]Attacking Deterministic Signature Schemes using Fault Attacks
2018 - Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler
IEEE European Symposium on Security and Privacy, EuroS&P 2018 [full version]Is MathML Dangerous?
2018 - Christopher Späth
In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. [Link] [PDF]More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
2018 - Paul Rösler, Christian Mainka, Jörg Schwenk
IEEE European Symposium on Security and Privacy, EuroS&P 2018 [paper] [slides (RWC 2018)] [video (RWC 2018)]On Several Verifiable Random Functions and the q-decisional Bilinear Diffie-Hellman Inversion Assumption
2018 - Sebastian Lauer
The 5th ACM ASIA Public-Key Cryptography Workshop (APKC 2018)Mehr Sicherheit und Benutzerfreundlichkeit für Fernsignaturen
2018 - Tobias Wich, Sebastian Schuberth, René Lottes, Tina Hühnlein, Detlef Hühnlein
DACH Security, 2018Out of the Dark: UI Redressing and Trustworthy Events
2017 - Marcus Niemietz, Jörg Schwenk
16th International Conference on Cryptology And Network Security (CANS 2017) [Conference] [PDF]On The (In-)Security Of JavaScript Object Signing And Encryption
2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk
ROOTS, November 16–17, 2017, Vienna, Austria [PDF]Same-Origin Policy: Evaluation in Modern Browsers
2017 - Jörg Schwenk, Marcus Niemietz, Christian Mainka
26th USENIX Security Symposium (USENIX Security 17) [PDF]Breaking and Fixing Gridcoin
2017 - Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk
11th USENIX Workshop on Offensive Technologies (WOOT '17) [Link] [pdf]DOMPurify: Client-Side Protection Against XSS and Markup Injection
2017 - Mario Heiderich, Christopher Späth, Jörg Schwenk
(2017, September). DOMPurify: Client-Side Protection Against XSS and Markup Injection. In European Symposium on Research in Computer Security (ESORICS), Springer, Cham.Simple Security Definitions for and Constructions of 0-RTT Key Exchange
2017 - Britta Hale, Tibor Jager, Sebastian Lauer, Jörg Schwenk
15th International Conference on Applied Cryptography and Network Security - ACNS 2017 [ePrint]OAuth 2 in Action
2017 - Justin Richer, Antonio Sanso
ISBN 9781617293276Measuring small subgroup attacks against Diffie-Hellman
2017 - Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, Nadia Heninger
In NDSS Symposium 2017 [NDSS Website] [Paper] [Slides] [Youtube Video]SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor
2017 - Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk
ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 [GitHub-Project] [Paper] [Slides]SoK: Exploiting Network Printers
2017 - Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk
38th IEEE Symposium on Security and Privacy (S&P 2017) [html] [html] [pdf]SoK: Single Sign-On Security – An Evaluation of OpenID Connect
2017 - Christian Mainka, Vladislav Mladenov, Tobias Wich, Jörg Schwenk
IEEE European Symposium on Security and Privacy (EuroS&P 2017) [pdf]0-RTT Key Exchange with Full Forward Secrecy
2017 - Felix Günther, Britta Hale, Tibor Jager, Sebastian Lauer
36th International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2017)Towards secure and standard-compliant implementations of the PSD2 Directive
2017 - Detlef Hühnlein, Tobias Wich, Daniel Nemmert
Open Identity Summit, 2017 [PDF]Breaking PPTP VPNs via RADIUS Encryption
2016 - Matthias Horst, Martin Grothe, Tibor Jager, Jörg Schwenk
15th International Conference on Cryptology and Network Security (CANS) [http] [pdf]Evaluating Two Methods for WS-(Security) Policy Negotiation and Decision Making
2016 - Abeer Elsafie, Jörg Schwenk
Cloud and Trusted Computing (C&TC 2016), part of: The 15th OnTheMove to Meaningful Internet Systems: (OTM 2016) Conferences, 24-28 Oct 2016, Rhodes, Greece. [Paper]DROWN: Breaking TLS using SSLv2
2016 - Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, Yuval Shavitt
USENIX Security 2016 [Website and paper] [Pwnie Awards] [Facebook Prize]Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
2016 - Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic
WOOT 2016 [Blackhat stuff] [paper]Systematic Fuzzing and Testing of TLS Libraries
2016 - Juraj Somorovsky
ACM CCS 2016 [TLS-Attacker] [paper]SoK: XML Parser Vulnerabilities
2016 - Christopher Späth, Christian Mainka, Vladislav Mladenov, Jörg Schwenk
10th USENIX Workshop on Offensive Technologies (WOOT '16) [Paper PDF]How to Break Microsoft Rights Management Services
2016 - Martin Grothe, Christian Mainka, Paul Rösler, Jörg Schwenk
10th USENIX Workshop on Offensive Technologies (WOOT '16) [Paper PDF]Your Cloud in my Company: Modern Rights Management Services Revisited
2016 - Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, Jörg Schwenk
11th International Conference on Availability, Reliability and Security (ARES 2016) [pdf]Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On
2016 - Christian Mainka, Vladislav Mladenov, Jörg Schwenk
IEEE European Symposium on Security and Privacy (EuroS&P 2016) [Paper PDF]How Secure is TextSecure?
2016 - Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz
IEEE European Symposium on Security and Privacy (EuroS&P 2016) [PDF]