Veröffentlichungen

Multi-Ciphersuite Security of the Secure Shell (SSH) Protocol

2014 - Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk, Douglas Stebila

ACM Conference on Computer and Communications Security - Best Student Paper Award - [Webseite]

On the Security of Holder-of-Key Single Sign-On

2014 - Andreas Mayer, Vladislav Mladenov, Jörg Schwenk

Sicherheit 2014: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 7. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 19.-21. März 2014, Wien, Österreich [pdf]

Strengthening Web Authentication through TLS - Beyond TLS Client Certificates

2014 - Vladislav Mladenov, Florian Feldmann, Christopher Meyer, Andreas Mayer, Jörg Schwenk

Open Iden­ti­ty Sum­mit 2014 Sep­tem­ber 4th - 6th 2014, Frauenhofer IZS, Stuttgart, Ger­ma­ny, http://?openidentity.?eu

Guardians of the Clouds: When Identity Providers Fail

2014 - Andreas Mayer, Marcus Niemietz, Vladislav Mladenov, Jörg Schwenk

ACM CCSW 2014 in conjunction with the ACM Conference on Computer and Communications Security (CCS) November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA. [paper]

Efficient Signatures with Tight Real World Security in the Random-Oracle Model

2014 - Christoph Bader

In Proceedings of the 13th International Conference, CANS 2014 [paper]

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

2014 - Christopher Meyer, Juraj Somorovsky, Jörg Schwenk, Eugen Weiss, Sebastian Schinzel, Erik Tews

USENIX Security 2014 [Slides] [pdf]

New Modular Compilers for Authenticated Key Exchange

2014 - Yong Li, Sven Schäge, Zheng Yang, Christoph Bader, Jörg Schwenk

In Proceedings the 12th International Conference, ACNS 2014 [Paper]

On the Security of the Pre-Shared Key Ciphersuites of TLS

2014 - Yong Li, Sven Schäge, Zheng Yang, Florian Kohlar, Jörg Schwenk

In Proceedings of the 17th International Conference on Practice and Theory in Public-Key Cryptography (PKC), 2014 [Paper]

SAML Privacy-Enhancing Profile

2014 - Moritz Horsch, Max Tuengerthal, Tobias Wich

Open Identity Summit 2014 [PDF]

Secure Fallback Authentication and the Trusted Friend Attack

2014 - Ashar Javed, David Bletgen, Florian Kohlar, Markus Dürmuth, Jörg Schwenk

Proceedings International Conference on Distributed Computing Systems Workshops (ICDCS Workshops), 2014.

One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography

2013 - Tibor Jager, Kenneth G. Paterson, Juraj Somorovsky

In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2013 [CryptoChallenge] [paper]

Strongly Secure One-round Group Authenticated Key Exchange in the Standard Model

2013 - Yong Li, Zheng Yang

In Proceedings of the 12th International Conference, CANS 2013 [Paper]

mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations

2013 - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang

20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013 [PDF]

On the security of TLS renegotiation

2013 - Florian Bergsma, Florian Kohlar, Douglas Stebila

ACM Conference on Computer and Communications Security

Options for Integrating eID and SAML

2013 - Hühnlein, Detlef, Jörg Schwenk, Tobias Wich, Vladislav Mladenov, Florian Feldmann, Andreas Mayer, Schmölz, Johannes, Bruegger, Bud P., Horsch, Moritz

CCS 2013 Post-Conference Workshop, Digital Identity Management (DIM)

How to authenticate mobile devices in a web environment - The SIM-ID approach

2013 - Florian Feldmann, Jörg Schwenk

Open Identity Summit 2013 September 9th - 11th 2013, Kloster Banz, Germany http://openidentity.eu [Paper] [Presentation]

A Footprint of Third-Party Tracking on Mobile Web

2013 - Ashar Javed

[POSTER] In 20th ACM Conference on Computer and Communications Security (ACM CCS), November 4-8, 2013 Berlin, Germany [poster]

SoK: Lessons Learned From SSL/TLS Attacks

2013 - Christopher Meyer, Jörg Schwenk

In Proceedings of "The 14th International Workshop on Information Security Applications (WISA2013)" [Paper] [Slides]

Towards Elimination of Cross-Site Scripting on Mobile Versions of Web Applications

2013 - Ashar Javed, Jörg Schwenk

In Pro­cee­dings of The 14th International Workshop on Information Security Applications (WISA2013), August 19-21 (2013), Jeju Island, Korea [paper]

A new Approach towards DoS Penetration Testing on Web Services

2013 - Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, Jörg Schwenk

IEEE 20th International Conference on Web Services (IEEE ICWS 2013) [PDF]

Secure Bindings for Browser-based Single Sign-On

2013 - Andreas Mayer, Florian Kohlar, Lijun Liao, Jörg Schwenk

In 13. Deutscher IT-Sicherheitskongress des BSI: Informationssicherheit stärken --- Vertrauen in die Zukunft schaffen, Seiten 375--390, SecuMedia Verlag

Practical Signatures From Standard Assumptions

2013 - Florian Böhl, Dennis Hofheinz, Tibor Jager, Jessica Koch, Jae Hong Seo, Christoph Striecks

Eurocrypt 2013 [pdf] [link]

Penetration Test Tool for XML-based Web Services

2013 - Christian Mainka, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk

International Symposium on Engineering Secure Software and Systems 2013 [PDF]

Randomly Failed! The State of Randomness in Current Java Implementations

2013 - Kai Michaelis, Christopher Meyer, Jörg Schwenk

Cryptography track at RSA Conference 2013 (CT-RSA 2013) [Paper] [Slides]

A new approach for WS-Policy Intersection using Partial Ordered Sets

2013 - Abeer El­sa­fie, Christian Mainka, Jörg Schwenk

5th Central European Workshop on Services and their Composition, ZEUS 2013 February 21-22, 2013, Rostock, Germany [PDF]

Tightly secure signatures and public-key encryption

2012 - Dennis Hofheinz, Tibor Jager

CRYPTO 2012 [Full Version]

Waters signatures with optimal security reduction

2012 - Dennis Hofheinz, Tibor Jager, Edward Knapp

PKC 2012 [Full Version]

Down to the Bare Metal: Using Processor Features for Binary Analysis

2012 - Carsten Willems, Ralf Hund, Amit Vasudevan, Andreas Fobian, Dennis Felsch, Thorsten Holz

Annual Computer Security Applications Conference (ACSAC), Orlando, FL, December 2012 [pdf]

UI Redressing Attacks on Android Devices

2012 - Marcus Niemietz, Jörg Schwenk

Black Hat Abu Dhabi 2012

Sometimes it's better to be STUCK! - SAML Transportation Unit for Cryptographic Keys

2012 - Christopher Meyer, Florian Feldmann, Jörg Schwenk

15th Annual International Conference on Information Security and Cryptology, ICISC 2012 [Slides] [Paper]

Scriptless Attacks – Stealing the Pie Without Touching the Sill

2012 - Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk

19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012 [PDF]

On the Security of TLS-DHE in the Standard Model

2012 - Tibor Jager, Florian Kohlar, Sven Schäge, Jörg Schwenk

In Advances in Cryptology – CRYPTO 2012, Lecture Notes in Computer Science, 2012, Volume 7417/2012, 273-293, DOI: 10.1007/978-3-642-32009-5_17 [Full_Version]

On the Fragility and Limitations of Current Browser-provided Clickjacking Protection Schemes

2012 - Sebastian Lekies, Mario Heiderich, Dennis Appelt, Thorsten Holz, Martin Johns

6th USENIX Workshop on Offensive Technologies (WOOT), Bellevue, WA, August 2012 [PDF]

Multimedia Content Identification Through Smart Meter Power Usage Profiles

2012 - Ulrich Greveler, Dennis Löhr, Benjamin Justus

[Paper]

On Breaking SAML: Be Whoever You Want to Be

2012 - Juraj Somorovsky, Andreas Mayer, Jörg Schwenk, Marco Kampmann, Meiko Jensen

In Proceedings of the 21st USENIX Security Symposium, 2012 [pdf]

Penetration Testing Tool for Web Services Security

2012 - Christian Mainka, Juraj Somorovsky, Jörg Schwenk

In Proceeding of the IEEE 2012 Services Workshop on Security and Privacy Engineering (SPE2012) [pdf]

Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption

2012 - Juraj Somorovsky, Jörg Schwenk

In Proceedings of the SERVICES Workshop on Security and Privacy Engineering, 2012 [pdf]

Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption

2012 - Tibor Jager, Sebastian Schinzel, Juraj Somorovsky

In Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS), 2012, Full Version [pdf]

Forensic Content Detection through Power Consumption

2012 - Ulrich Greveler, Dennis Löhr, Benjamin Justus

[Paper]

Sec2: Secure Mobile Solution for Distributed Public Cloud Storages

2012 - Juraj Somorovsky, Christopher Meyer, Thang Tran, Mohamad Sbeiti, Jörg Schwenk, Christian Wietfeld

In Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012 [Paper] [Slides]

XSpRES: Robust and Effective XML Signatures for Web Services

2012 - Christian Mainka, Meiko Jensen, Lo Iacono, Luigi, Jörg Schwenk

In Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012 [pdf]

XML Signature Wrapping: Die Kunst SAML Assertions zu fälschen

2012 - Andreas Mayer, Jörg Schwenk

In 19. DFN~Workshop: Sicherheit in vernetzten Systemen, Seiten H1-H15, BoD - Books on Demand

Identifikation von Videoinhalten über granulare Stromverbrauchsdaten

2012 - Ulrich Greveler, Dennis Löhr, Benjamin Justus

[Paper]

Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics

2011 - Mario Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz

18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011 [PDF]

The Bug that made me President: A Browser- and Web-Security Case Study on Helios Voting

2011 - Mario Heiderich, Tilman Frosch, Marcus Niemietz, Jörg Schwenk

International Conference on E-voting and Identity (VoteID), 2011, Tallinn, Estonia, September 2011 [Website]

Direct Anonymous Attestation: Enhancing Cloud Service User Privacy

2011 - Ulrich Greveler, Dennis Löhr, Benjamin Justus

[Paper]

IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM

2011 - Mario Heiderich, Tilman Frosch, Thorsten Holz

14th International Symposium on Recent Advances in Intrusion Detection (RAID), Menlo Park, CA, September 2011 [PDF]

On the E ffectiveness of XML Schema Validation for Countering XML Signature Wrapping Attacks

2011 - Meiko Jensen, Christopher Meyer, Juraj Somorovsky, Jörg Schwenk

In IWSSC 2011: First International Workshop on Securing Services on the Cloud, Sept. 2011 [Paper] [Slides]

Short Signatures from Weaker Assumptions

2011 - Dennis Hofheinz, Tibor Jager, Eike Kiltz

Asiacrypt 2011 [Full Version]

All Your Clouds are Belong to us – Security Analysis of Cloud Management Interfaces

2011 - Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono

In Proceedings of the ACM Cloud Computing Security Workshop (CCSW), 2011. [pdf]
Seite: