In Search of CurveSwap: Measuring Elliptic Curve Implementations in the Wild

2018 - Luke Valenta, Nick Sullivan, Antonio Sanso

In IEEE European Symposium on Security and Privacy (EuroS&P), 2018 [IEEE Website]

Towards Bidirectional Ratcheted Key Exchange

2018 - Bertram Poettering, Paul Rösler

In Advances in Cryptology, IACR CRYPTO 2018 [extended version]

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

2018 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [full version]

The Dangers of Key Reuse: Practical Attacks on IPsec IKE

2018 - Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek

27th USENIX Security Symposium, August 15–17, 2018, Baltimore, MD, USA [Original Publication] [Paper] [Slides]

Return Of Bleichenbacher’s Oracle Threat (ROBOT)

2018 - Hanno Böck, Juraj Somorovsky, Craig Young

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [Attack website]

PostScript Undead: Pwning the Web with a 35 Years Old Language

2018 - Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk

Proc. of 21st Symposium on Research in Attacks, Intrusions, and Defenses (RAID), to appear September 2018.

Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe

2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

12th USE­NIX Work­shop on Of­fen­si­ve Tech­no­lo­gies (WOOT '18)

Attacking Deterministic Signature Schemes using Fault Attacks

2018 - Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [full version]

Is MathML Dangerous?

2018 - Christopher Späth

In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. [Link] [PDF]

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

2018 - Paul Rösler, Christian Mainka, Jörg Schwenk

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [paper] [slides (RWC 2018)] [video (RWC 2018)]

On Several Verifiable Random Functions and the q-decisional Bilinear Diffie-Hellman Inversion Assumption

2018 - Sebastian Lauer

The 5th ACM ASIA Public-Key Cryptography Workshop (APKC 2018)

Mehr Sicherheit und Benutzerfreundlichkeit für Fernsignaturen

2018 - Tobias Wich, Sebastian Schuberth, René Lottes, Tina Hühnlein, Detlef Hühnlein

DACH Security, 2018

Out of the Dark: UI Redressing and Trustworthy Events

2017 - Marcus Niemietz, Jörg Schwenk

16th International Conference on Cryptology And Network Security (CANS 2017) [Conference] [PDF]

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]

Same-Origin Policy: Evaluation in Modern Browsers

2017 - Jörg Schwenk, Marcus Niemietz, Christian Mainka

26th USENIX Security Symposium (USENIX Security 17) [PDF]

Breaking and Fixing Gridcoin

2017 - Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk

11th USENIX Workshop on Offensive Technologies (WOOT '17) [Link] [pdf]

DOMPurify: Client-Side Protection Against XSS and Markup Injection

2017 - Mario Heiderich, Christopher Späth, Jörg Schwenk

(2017, September). DOMPurify: Client-Side Protection Against XSS and Markup Injection. In European Symposium on Research in Computer Security (ESORICS), Springer, Cham.

Simple Security Definitions for and Constructions of 0-RTT Key Exchange

2017 - Britta Hale, Tibor Jager, Sebastian Lauer, Jörg Schwenk

15th International Conference on Applied Cryptography and Network Security - ACNS 2017 [ePrint]

Measuring small subgroup attacks against Diffie-Hellman

2017 - Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J. Alex Halderman, Nadia Heninger

In NDSS Symposium 2017 [NDSS Website] [Paper] [Slides] [Youtube Video]

SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

2017 - Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 [GitHub-Project] [Paper] [Slides]