Veröffentlichungen

Towards Bidirectional Ratcheted Key Exchange

2018 - Bertram Poettering, Paul Rösler

In Advances in Cryptology, IACR CRYPTO 2018 [extended version]

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

2018 - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [full version]

Return Of Bleichenbacher’s Oracle Threat (ROBOT)

2018 - Hanno Böck, Juraj Somorovsky, Craig Young

27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18) [Attack website]

PostScript Undead: Pwning the Web with a 35 Years Old Language

2018 - Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk

Proc. of 21st Symposium on Research in Attacks, Intrusions, and Defenses (RAID), to appear September 2018.

Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe

2018 - Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

12th USE­NIX Work­shop on Of­fen­si­ve Tech­no­lo­gies (WOOT '18)

Attacking Deterministic Signature Schemes using Fault Attacks

2018 - Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [full version]

Is MathML Dangerous?

2018 - Christopher Späth

In: Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D. (Hrsg.), SICHERHEIT 2018. Bonn: Gesellschaft für Informatik e.V.. [Link] [PDF]

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

2018 - Paul Rösler, Christian Mainka, Jörg Schwenk

IEEE European Symposium on Security and Privacy, EuroS&P 2018 [paper] [slides (RWC 2018)] [video (RWC 2018)]

On Several Verifiable Random Functions and the q-decisional Bilinear Diffie-Hellman Inversion Assumption

2018 - Sebastian Lauer

The 5th ACM ASIA Public-Key Cryptography Workshop (APKC 2018)

Mehr Sicherheit und Benutzerfreundlichkeit für Fernsignaturen

2018 - Tobias Wich, Sebastian Schuberth, René Lottes, Tina Hühnlein, Detlef Hühnlein

DACH Security, 2018

Out of the Dark: UI Redressing and Trustworthy Events

2017 - Marcus Niemietz, Jörg Schwenk

16th International Conference on Cryptology And Network Security (CANS 2017) [Conference] [PDF]

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]

Same-Origin Policy: Evaluation in Modern Browsers

2017 - Jörg Schwenk, Marcus Niemietz, Christian Mainka

26th USENIX Security Symposium (USENIX Security 17) [PDF]

Breaking and Fixing Gridcoin

2017 - Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk

11th USENIX Workshop on Offensive Technologies (WOOT '17) [Link] [pdf]

DOMPurify: Client-Side Protection Against XSS and Markup Injection

2017 - Mario Heiderich, Christopher Späth, Jörg Schwenk

(2017, September). DOMPurify: Client-Side Protection Against XSS and Markup Injection. In European Symposium on Research in Computer Security (ESORICS), Springer, Cham.

Simple Security Definitions for and Constructions of 0-RTT Key Exchange

2017 - Britta Hale, Tibor Jager, Sebastian Lauer, Jörg Schwenk

15th International Conference on Applied Cryptography and Network Security - ACNS 2017 [ePrint]

SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

2017 - Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017 [GitHub-Project] [Paper] [Slides]

SoK: Exploiting Network Printers

2017 - Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

38th IEEE Symposium on Security and Privacy (S&P 2017) [html] [html] [pdf]

SoK: Single Sign-On Security – An Evaluation of OpenID Connect

2017 - Christian Mainka, Vladislav Mladenov, Tobias Wich, Jörg Schwenk

IEEE Eu­ropean Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (EuroS&P 2017) [pdf]

0-RTT Key Exchange with Full Forward Secrecy

2017 - Felix Günther, Britta Hale, Tibor Jager, Sebastian Lauer

36th International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2017)

Towards secure and standard-compliant implementations of the PSD2 Directive

2017 - Detlef Hühnlein, Tobias Wich, Daniel Nemmert

Open Identity Summit, 2017 [PDF]

Breaking PPTP VPNs via RADIUS Encryption

2016 - Matthias Horst, Martin Grothe, Tibor Jager, Jörg Schwenk

15th International Conference on Cryptology and Network Security (CANS) [http] [pdf]

Evaluating Two Methods for WS-(Security) Policy Negotiation and Decision Making

2016 - Abeer El­sa­fie, Jörg Schwenk

Cloud and Trusted Computing (C&TC 2016), part of: The 15th OnTheMove to Meaningful Internet Systems: (OTM 2016) Conferences, 24-28 Oct 2016, Rhodes, Greece. [Paper]

DROWN: Breaking TLS using SSLv2

2016 - Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Chris­tof Paar, Yuval Shavitt

USENIX Security 2016 [Website and paper] [Pwnie Awards] [Facebook Prize]

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

2016 - Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic

WOOT 2016 [Blackhat stuff] [paper]

SoK: XML Parser Vulnerabilities

2016 - Christopher Späth, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

10th USENIX Workshop on Offensive Technologies (WOOT '16) [Paper PDF]

How to Break Microsoft Rights Management Services

2016 - Martin Grothe, Christian Mainka, Paul Rösler, Jörg Schwenk

10th USENIX Workshop on Offensive Technologies (WOOT '16) [Paper PDF]

Your Cloud in my Company: Modern Rights Management Services Revisited

2016 - Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, Jörg Schwenk

11th International Conference on Availability, Reliability and Security (ARES 2016) [pdf]

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

2016 - Christian Mainka, Vladislav Mladenov, Jörg Schwenk

IEEE Eu­ropean Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (EuroS&P 2016) [Paper PDF]

How Secure is TextSecure?

2016 - Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz

IEEE European Symposium on Security and Privacy (EuroS&P 2016) [PDF]

Architecture for Controlled Credential issuance Enhanced with Single Sign-On (ACCESSO)

2016 - Daniel Nemmert, Detlef Hühnlein, Tina Hühnlein, Tobias Wich

Open Identity Summit, 2016 [PDF]

Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite

2015 - Christian Mainka, Vladislav Mladenov, Tim Guenther, Jörg Schwenk

Open Identity Summit 2015 [Paper PDF]

How Private is Your Private Cloud?: Security Analysis of Cloud Control Interfaces

2015 - Dennis Felsch, Mario Heiderich, Frederic Schulz, Jörg Schwenk

ACM CCSW 2015 in conjunction with the ACM Conference on Computer and Communications Security (CCS) October 16, 2015, The Denver Marriot City Center, Denver, Colorado, USA. [paper]

AdIDoS - Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services

2015 - Christian Altmeier, Christian Mainka, Juraj Somorovsky, Jörg Schwenk

International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria, 2015 [Paper PDF]

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

2015 - Tibor Jager, Jörg Schwenk, Juraj Somorovsky

ACM CCS 2015 [pdf]

Practical Invalid Curve Attacks on TLS-ECDH

2015 - Tibor Jager, Jörg Schwenk, Juraj Somorovsky

ESORICS 2015 [pdf]

Not so Smart: On Smart TV Apps

2015 - Marcus Niemietz, Juraj Somorovsky, Christian Mainka, Jörg Schwenk

International Workshop on Secure Internet of Things (SIoT 2015, Vienna, Austria) [pdf]

Waiting for CSP — Securing Legacy Web Applications with JSAgents

2015 - Mario Heiderich, Marcus Niemietz, Jörg Schwenk

Waiting for CSP — Securing Legacy Web Applications with JSAgents, ESORICS 2015, 20th European Symposium on Research in Computer Security [ESORICS 2015] [PDF file]

How to Break XML Encryption - Automatically

2015 - Dennis Kupser, Christian Mainka, Jörg Schwenk, Juraj Somorovsky

In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT), 2015 [pdf]

Semi-Automated Fuzzy MCDM and Lattice Solutions for WS-Policy Intersection

2015 - Abeer El­sa­fie, Jörg Schwenk

IEEE 5th International Workshop on Security and Privacy Engineering SPE2015, within IEEE SERVICES 2015 June 27 and July 2, 2015, New York, NY, USA

Owning Your Home Network: Router Security Revisited

2015 - Marcus Niemietz, Jörg Schwenk

W2SP 2015: Web 2.0 Security & Privacy 2015 (San Jose, California) [Workshop] [PDF]

Tightly Secure Authenticated Key Exchange

2015 - Christoph Bader, Dennis Hofheinz, Tibor Jager, Eike Kiltz, Yong Li

TCC 2015 [paper]

On the Selective Opening Security of Practical Public-Key Encryption Schemes

2015 - Felix Heuer, Tibor Jager, Eike Kiltz, Sven Schäge

PKC 2015

Your Software at my Service

2014 - Vladislav Mladenov, Christian Mainka, Florian Feldmann, Julian Krautwald, Jörg Schwenk

ACM CCSW 2014 in conjunction with the ACM Conference on Computer and Communications Security (CCS) November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA. [paper]

Multi-Ciphersuite Security of the Secure Shell (SSH) Protocol

2014 - Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk, Douglas Stebila

ACM Conference on Computer and Communications Security - Best Student Paper Award - [Webseite]

On the Security of Holder-of-Key Single Sign-On

2014 - Andreas Mayer, Vladislav Mladenov, Jörg Schwenk

Sicherheit 2014: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 7. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 19.-21. März 2014, Wien, Österreich [pdf]

Strengthening Web Authentication through TLS - Beyond TLS Client Certificates

2014 - Vladislav Mladenov, Florian Feldmann, Christopher Meyer, Andreas Mayer, Jörg Schwenk

Open Iden­ti­ty Sum­mit 2014 Sep­tem­ber 4th - 6th 2014, Frauenhofer IZS, Stuttgart, Ger­ma­ny, http://?openidentity.?eu
Seite: