Veröffentlichungen

Scriptless Timing Attacks on Web Browser Privacy

2014 - Bin Liang, Wei You, Liangkun Liu, Wenchang Shi, Mario Heiderich

2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks [PDF]

New Modular Compilers for Authenticated Key Exchange

2014 - Yong Li, Sven Schäge, Zheng Yang, Christoph Bader, Jörg Schwenk

In Proceedings the 12th International Conference, ACNS 2014 [Paper]

Scriptless attacks: Stealing more pie without touching the sill

2014 - Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk

Journal of Computer Security, Volume 22, Number 4 / 2014, Web Application Security – Web @ 25 [URL]

On the Security of the Pre-Shared Key Ciphersuites of TLS

2014 - Yong Li, Sven Schäge, Zheng Yang, Florian Kohlar, Jörg Schwenk

In Proceedings of the 17th International Conference on Practice and Theory in Public-Key Cryptography (PKC), 2014 [Paper]

Secure Fallback Authentication and the Trusted Friend Attack

2014 - Ashar Javed, David Bletgen, Florian Kohlar, Markus Dürmuth, Jörg Schwenk

Proceedings International Conference on Distributed Computing Systems Workshops (ICDCS Workshops), 2014.

One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography

2013 - Tibor Jager, Kenneth G. Paterson, Juraj Somorovsky

In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2013 [CryptoChallenge] [paper]

Strongly Secure One-round Group Authenticated Key Exchange in the Standard Model

2013 - Yong Li, Zheng Yang

In Proceedings of the 12th International Conference, CANS 2013 [Paper]

mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations

2013 - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang

20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013 [PDF]

On the security of TLS renegotiation

2013 - Florian Bergsma, Florian Kohlar, Douglas Stebila

ACM Conference on Computer and Communications Security

Options for Integrating eID and SAML

2013 - Hühnlein, Detlef, Jörg Schwenk, Wich, Tobias, Vladislav Mladenov, Florian Feldmann, Andreas Mayer, Schmölz, Johannes, Bruegger, Bud P., Horsch, Moritz

CCS 2013 Post-Conference Workshop, Digital Identity Management (DIM)

Sicherer Schlüssel- und Informationsaustausch mit SAML

2013 - Dennis Felsch, Thorsten Schreiber, Christopher Meyer, Florian Feldmann, Jörg Schwenk

In Proceedings of the DACH Security 2013, Nürnberg, Germany [Paper]

How to authenticate mobile devices in a web environment - The SIM-ID approach

2013 - Florian Feldmann, Jörg Schwenk

Open Identity Summit 2013 September 9th - 11th 2013, Kloster Banz, Germany http://openidentity.eu [Paper] [Presentation]

On the Insecurity of XML Security

2013 - Juraj Somorovsky

PhD Thesis Supervisors: Jörg Schwenk, Kenneth G. Paterson [pdf]

A Footprint of Third-Party Tracking on Mobile Web

2013 - Ashar Javed

[POSTER] In 20th ACM Conference on Computer and Communications Security (ACM CCS), November 4-8, 2013 Berlin, Germany [poster]

SoK: Lessons Learned From SSL/TLS Attacks

2013 - Christopher Meyer, Jörg Schwenk

In Proceedings of "The 14th International Workshop on Information Security Applications (WISA2013)" [Paper] [Slides]

Towards Elimination of Cross-Site Scripting on Mobile Versions of Web Applications

2013 - Ashar Javed, Jörg Schwenk

In Pro­cee­dings of The 14th International Workshop on Information Security Applications (WISA2013), August 19-21 (2013), Jeju Island, Korea [paper]

A new Approach towards DoS Penetration Testing on Web Services

2013 - Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, Jörg Schwenk

IEEE 20th International Conference on Web Services (IEEE ICWS 2013) [PDF]

Secure Bindings for Browser-based Single Sign-On

2013 - Andreas Mayer, Florian Kohlar, Lijun Liao, Jörg Schwenk

In 13. Deutscher IT-Sicherheitskongress des BSI: Informationssicherheit stärken --- Vertrauen in die Zukunft schaffen, Seiten 375--390, SecuMedia Verlag

Practical Signatures From Standard Assumptions

2013 - Florian Böhl, Dennis Hofheinz, Tibor Jager, Jessica Koch, Jae Hong Seo, Christoph Striecks

Eurocrypt 2013 [pdf] [link]

Penetration Test Tool for XML-based Web Services

2013 - Christian Mainka, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

International Symposium on Engineering Secure Software and Systems 2013 [PDF]

Randomly Failed! The State of Randomness in Current Java Implementations

2013 - Kai Michaelis, Christopher Meyer, Jörg Schwenk

Cryptography track at RSA Conference 2013 (CT-RSA 2013) [Paper] [Slides]

A new approach for WS-Policy Intersection using Partial Ordered Sets

2013 - Abeer El­sa­fie, Christian Mainka, Jörg Schwenk

5th Central European Workshop on Services and their Composition, ZEUS 2013 February 21-22, 2013, Rostock, Germany [PDF]

Tightly secure signatures and public-key encryption

2012 - Dennis Hofheinz, Tibor Jager

CRYPTO 2012 [Full Version]

Waters signatures with optimal security reduction

2012 - Dennis Hofheinz, Tibor Jager, Edward Knapp

PKC 2012 [Full Version]

Down to the Bare Metal: Using Processor Features for Binary Analysis

2012 - Carsten Willems, Ralf Hund, Amit Vasudevan, Andreas Fobian, Dennis Felsch, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012 [pdf]

UI Redressing Attacks on Android Devices

2012 - Marcus Niemietz, Jörg Schwenk

Black Hat Abu Dhabi 2012

Sometimes it's better to be STUCK! - SAML Transportation Unit for Cryptographic Keys

2012 - Christopher Meyer, Florian Feldmann, Jörg Schwenk

15th Annual International Conference on Information Security and Cryptology, ICISC 2012 [Slides] [Paper]

SS-FP: Browser Fingerprinting using HTML Parser Quirks

2012 - Erwan Abgrall, Yves Le Traon, Martin Monperrus, Sylvain Gombault, Mario Heiderich, Alain Ribault

[Cornell University]

Scriptless Attacks – Stealing the Pie Without Touching the Sill

2012 - Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk

19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012 [PDF]

On the Security of TLS-DHE in the Standard Model

2012 - Tibor Jager, Florian Kohlar, Sven Schäge, Jörg Schwenk

In Advances in Cryptology – CRYPTO 2012, Lecture Notes in Computer Science, 2012, Volume 7417/2012, 273-293, DOI: 10.1007/978-3-642-32009-5_17 [Full_Version]

On the Fragility and Limitations of Current Browser-provided Clickjacking Protection Schemes

2012 - Sebastian Lekies, Mario Heiderich, Dennis Appelt, Thorsten Holz, Martin Johns

6th USENIX Workshop on Offensive Technologies (WOOT), Bellevue, WA, August 2012 [PDF]

Multimedia Content Identification Through Smart Meter Power Usage Profiles

2012 - Ulrich Greveler, Dennis Löhr, Benjamin Justus

[Paper]

On Breaking SAML: Be Whoever You Want to Be

2012 - Juraj Somorovsky, Andreas Mayer, Jörg Schwenk, Marco Kampmann, Meiko Jensen

In Proceedings of the 21st USENIX Security Symposium, 2012 [pdf]

Penetration Testing Tool for Web Services Security

2012 - Christian Mainka, Juraj Somorovsky, Jörg Schwenk

In Proceeding of the IEEE 2012 Services Workshop on Security and Privacy Engineering (SPE2012) [pdf]

Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption

2012 - Juraj Somorovsky, Jörg Schwenk

In Proceedings of the SERVICES Workshop on Security and Privacy Engineering, 2012 [pdf]

Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption

2012 - Tibor Jager, Sebastian Schinzel, Juraj Somorovsky

In Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS), 2012, Full Version [pdf]

Forensic Content Detection through Power Consumption

2012 - Ulrich Greveler, Dennis Löhr, Benjamin Justus

[Paper]

Sec2: Secure Mobile Solution for Distributed Public Cloud Storages

2012 - Juraj Somorovsky, Christopher Meyer, Thang Tran, Mohamad Sbeiti, Jörg Schwenk, Christian Wietfeld

In Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012 [Paper] [Slides]

XSpRES: Robust and Effective XML Signatures for Web Services

2012 - Christian Mainka, Meiko Jensen, Lo Iacono, Luigi, Jörg Schwenk

In Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012 [pdf]

Clickjacking und UI-Redressing – Vom Klick-Betrug zum Datenklau

2012 - Marcus Niemietz

Ein Leitfaden für Sicherheitsexperten und Webentwickler [dpunkt.verlag]

XSpRES: XML-Signaturen, aber sicher!

2012 - Christian Mainka, Junker, Holger, Lo Iacono, Luigi, Jörg Schwenk

DuD - Datenschutz und Datensicherheit Ausgabe 04/2012

XML Signature Wrapping: Die Kunst SAML Assertions zu fälschen

2012 - Andreas Mayer, Jörg Schwenk

In 19. DFN~Workshop: Sicherheit in vernetzten Systemen, Seiten H1-H15, BoD - Books on Demand

Identifikation von Videoinhalten über granulare Stromverbrauchsdaten

2012 - Ulrich Greveler, Dennis Löhr, Benjamin Justus

[Paper]

Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics

2011 - Mario Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz

18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011 [PDF]

The Bug that made me President: A Browser- and Web-Security Case Study on Helios Voting

2011 - Mario Heiderich, Tilman Frosch, Marcus Niemietz, Jörg Schwenk

International Conference on E-voting and Identity (VoteID), 2011, Tallinn, Estonia, September 2011 [Website]

Direct Anonymous Attestation: Enhancing Cloud Service User Privacy

2011 - Ulrich Greveler, Dennis Löhr, Benjamin Justus

[Paper]

IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM

2011 - Mario Heiderich, Tilman Frosch, Thorsten Holz

14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011 [PDF]

On the E ffectiveness of XML Schema Validation for Countering XML Signature Wrapping Attacks

2011 - Meiko Jensen, Christopher Meyer, Juraj Somorovsky, Jörg Schwenk

In IWSSC 2011: First International Workshop on Securing Services on the Cloud, Sept. 2011 [Paper] [Slides]

Short Signatures from Weaker Assumptions

2011 - Dennis Hofheinz, Tibor Jager, Eike Kiltz

Asiacrypt 2011 [Full Version]
Seite: