Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)

2020 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, Jörg Schwenk

30th USENIX Security Symposium, August 11–13, 2021, Vancouver, B.C., Canada [PDF]

Mitigation of Attacks on Email End-to-End Encryption

2020 - Jörg Schwenk, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Sebastian Schinzel

ACM CCS 2020 - November 9-13, 2020 [PDF]

Analysis of DTLS Implementations Using Protocol State Fuzzing

2020 - Paul Fiterau Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, Juraj Somorovsky


Vulnerability Report Attacks bypassing the signature validation in PDF (Shadow Attacks)

2020 - Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jörg Schwenk


Office Document Security and Privacy

2020 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

14th USENIX Workshop on Offensive Technologies (WOOT 2020) [full version] [artifacts]

Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption

2020 - Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk

8th IEEE Conference on Communications and Network Security (CNS 2020) [full version]

Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework

2020 - Benjamin Dowling, Paul Rösler, Jörg Schwenk

IACR International Conference on Practice and Theory in Public Key Cryptography, PKC 2020 [extended version]

Combiners for AEAD

2020 - Bertram Poettering, Paul Rösler

IACR Transactions on Symmetric Cryptology, ToSC Volume 2020, Issue 1 [full version]

T0RTT: Non-Interactive Immediate Forward-Secure Single-Pass Circuit Construction

2020 - Sebastian Lauer, Kai Gellert, Robert Merget, Tobias Handirk, Jörg Schwenk


Practical Decryption exFiltration: Breaking PDF Encryption

2019 - Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

26th ACM Con­fe­rence on Com­pu­ter and Com­mu­ni­ca­ti­ons Se­cu­ri­ty [html] [pdf]