[{"author":[{"first_name":"Felix","last_name":"Lange","id":"67893","full_name":"Lange, Felix"},{"first_name":"Niklas","last_name":"Niere","full_name":"Niere, Niklas","id":"63563"},{"first_name":"Jonathan","full_name":"von Niessen, Jonathan","last_name":"von Niessen"},{"first_name":"Dennis","full_name":"Suermann, Dennis","last_name":"Suermann"},{"first_name":"Nico","last_name":"Heitmann","orcid":"0009-0003-7687-7044","full_name":"Heitmann, Nico","id":"74619"},{"last_name":"Somorovsky","orcid":"0000-0002-3593-7720","full_name":"Somorovsky, Juraj","id":"83504","first_name":"Juraj"}],"date_created":"2025-02-24T08:09:56Z","oa":"1","date_updated":"2025-05-06T13:48:32Z","conference":{"name":"Free and Open Communications on the Internet","start_date":"2025-02-20","end_date":"2025-02-20","location":"Virtual"},"main_file_link":[{"url":"https://www.petsymposium.org/foci/2025/foci-2025-0002.pdf","open_access":"1"}],"title":"I(ra)nconsistencies: Novel Insights into Iran’s Censorship","has_accepted_license":"1","quality_controlled":"1","citation":{"chicago":"Lange, Felix, Niklas Niere, Jonathan von Niessen, Dennis Suermann, Nico Heitmann, and Juraj Somorovsky. “I(Ra)Nconsistencies: Novel Insights into Iran’s Censorship.” In Proceedings on Privacy Enhancing Technologies, 2025.","ieee":"F. Lange, N. Niere, J. von Niessen, D. Suermann, N. Heitmann, and J. Somorovsky, “I(ra)nconsistencies: Novel Insights into Iran’s Censorship,” presented at the Free and Open Communications on the Internet, Virtual, 2025.","ama":"Lange F, Niere N, von Niessen J, Suermann D, Heitmann N, Somorovsky J. I(ra)nconsistencies: Novel Insights into Iran’s Censorship. In: Proceedings on Privacy Enhancing Technologies. ; 2025.","mla":"Lange, Felix, et al. “I(Ra)Nconsistencies: Novel Insights into Iran’s Censorship.” Proceedings on Privacy Enhancing Technologies, 2025.","bibtex":"@inproceedings{Lange_Niere_von Niessen_Suermann_Heitmann_Somorovsky_2025, title={I(ra)nconsistencies: Novel Insights into Iran’s Censorship}, booktitle={Proceedings on Privacy Enhancing Technologies}, author={Lange, Felix and Niere, Niklas and von Niessen, Jonathan and Suermann, Dennis and Heitmann, Nico and Somorovsky, Juraj}, year={2025} }","short":"F. Lange, N. Niere, J. von Niessen, D. Suermann, N. Heitmann, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, 2025.","apa":"Lange, F., Niere, N., von Niessen, J., Suermann, D., Heitmann, N., & Somorovsky, J. (2025). I(ra)nconsistencies: Novel Insights into Iran’s Censorship. Proceedings on Privacy Enhancing Technologies. Free and Open Communications on the Internet, Virtual."},"year":"2025","department":[{"_id":"632"}],"user_id":"63563","_id":"58801","language":[{"iso":"eng"}],"file_date_updated":"2025-02-24T08:07:59Z","ddc":["006"],"publication":"Proceedings on Privacy Enhancing Technologies","type":"conference","status":"public","file":[{"creator":"flange","date_created":"2025-02-24T08:07:59Z","date_updated":"2025-02-24T08:07:59Z","file_name":"foci-2025-0002.pdf","file_id":"58802","access_level":"closed","file_size":535700,"content_type":"application/pdf","relation":"main_file","success":1}],"abstract":[{"text":"Iran employs one of the most prominent Internet censors in the world. An important part of Iran’s censorship apparatus is its analysis of unencrypted protocols such as HTTP and DNS. During routine evaluations of Iran’s HTTP and DNS censorship, we noticed several properties we believe to be unknown today. For instance, we found injections of correct static IPs for some domains such as google.com on the DNS level, unclear HTTP version parsing, and correlations between DNS and HTTP censorship. In this paper, we present our findings to the community and discuss possible takeaways for affected people and the censorship circumvention community. As some of our findings left us bewildered, we hope to ignite a discussion about Iran’s censorship behavior. We aim to use the discussion of our work to execute a thorough analysis and explanation of Iran’s censorship behavior in the future.","lang":"eng"}]},{"year":"2025","date_created":"2025-05-06T13:40:50Z","title":"Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-Layer","publication":"2025 IEEE Symposium on Security and Privacy (SP)","file":[{"relation":"main_file","content_type":"application/pdf","file_id":"59826","file_name":"TLS_Obscurity.pdf","access_level":"open_access","file_size":463431,"date_created":"2025-05-06T13:49:35Z","creator":"nniklas","date_updated":"2025-05-06T13:51:45Z"}],"abstract":[{"lang":"eng","text":"HTTPS composes large parts of today’s Internet traffic and has long been subject to censorship efforts in different countries. While censors analyze the Transport Layer Security (TLS) protocol to block encrypted HTTP traffic, censorship circumvention efforts have primarily focused on other protocols such as TCP. In this paper, we hypothesize that the TLS protocol offers previously unseen opportunities for censorship circumvention techniques. We tested our hypothesis by proposing possible censorship circumvention techniques that act on the TLS protocol. To validate the effectiveness of these techniques, we evaluate their acceptance by popular TLS servers and successfully demonstrate that these techniques can circumvent censors in China and Iran. In our evaluations, we discovered 38—partially standard-compliant—distinct censorship circumvention techniques, which we could group into 11 unique categories. Additionally, we provide novel insights into how China censors TLS traffic by presenting evidence of at least three distinct censorship appliances. We suspect that other parts of China’s censorship apparatus and other censors exhibit similar structures and advocate future censorship research to anticipate them. With this work, we hope to aid people affected by censorship and stimulate further\r\nresearch into censorship circumvention using cryptographic protocols."}],"language":[{"iso":"eng"}],"ddc":["006"],"has_accepted_license":"1","citation":{"short":"N. Niere, F. Lange, R. Merget, J. Somorovsky, in: 2025 IEEE Symposium on Security and Privacy (SP), 2025.","bibtex":"@inproceedings{Niere_Lange_Merget_Somorovsky_2025, title={Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-Layer}, DOI={10.1109/SP61157.2025.00151}, booktitle={2025 IEEE Symposium on Security and Privacy (SP)}, author={Niere, Niklas and Lange, Felix and Merget, Robert and Somorovsky, Juraj}, year={2025} }","mla":"Niere, Niklas, et al. “Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-Layer.” 2025 IEEE Symposium on Security and Privacy (SP), 2025, doi:10.1109/SP61157.2025.00151.","apa":"Niere, N., Lange, F., Merget, R., & Somorovsky, J. (2025). Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-Layer. 2025 IEEE Symposium on Security and Privacy (SP). 46th IEEE Symposium on Security and Privacy, San Francisco. https://doi.org/10.1109/SP61157.2025.00151","chicago":"Niere, Niklas, Felix Lange, Robert Merget, and Juraj Somorovsky. “Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-Layer.” In 2025 IEEE Symposium on Security and Privacy (SP), 2025. https://doi.org/10.1109/SP61157.2025.00151.","ieee":"N. Niere, F. Lange, R. Merget, and J. Somorovsky, “Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-Layer,” presented at the 46th IEEE Symposium on Security and Privacy, San Francisco, 2025, doi: 10.1109/SP61157.2025.00151.","ama":"Niere N, Lange F, Merget R, Somorovsky J. Transport Layer Obscurity: Circumventing SNI Censorship on the TLS-Layer. In: 2025 IEEE Symposium on Security and Privacy (SP). ; 2025. doi:10.1109/SP61157.2025.00151"},"author":[{"first_name":"Niklas","last_name":"Niere","full_name":"Niere, Niklas","id":"63563"},{"first_name":"Felix","last_name":"Lange","full_name":"Lange, Felix","id":"67893"},{"full_name":"Merget, Robert","last_name":"Merget","first_name":"Robert"},{"full_name":"Somorovsky, Juraj","id":"83504","orcid":"0000-0002-3593-7720","last_name":"Somorovsky","first_name":"Juraj"}],"date_updated":"2025-06-02T12:03:51Z","oa":"1","doi":"10.1109/SP61157.2025.00151","conference":{"start_date":"2025-05-12","name":"46th IEEE Symposium on Security and Privacy","location":"San Francisco","end_date":"2025-05-14"},"type":"conference","status":"public","user_id":"63563","department":[{"_id":"632"}],"_id":"59824","file_date_updated":"2025-05-06T13:51:45Z"},{"language":[{"iso":"eng"}],"ddc":["000"],"file":[{"creator":"jrossel","date_created":"2025-02-17T11:10:31Z","date_updated":"2025-02-17T11:13:10Z","file_id":"58660","access_level":"open_access","file_name":"Security_Analysis_of_G_Codes.pdf","file_size":1562838,"content_type":"application/pdf","relation":"main_file"}],"abstract":[{"text":"The rapid growth of 3D printing technology has transformed a wide range of industries, enabling the on-demand production of complex objects, from aerospace components to medical devices. However, this technology also introduces significant security challenges. Previous research highlighted the security implications of G-Codes—commands used to control the printing process. These studies assumed powerful attackers and focused on manipulations of the printed models, leaving gaps in understanding the full attack potential.\r\n\r\nIn this study, we systematically analyze security threats associated with 3D printing, focusing specifically on vulnerabilities caused by G-Code commands. We introduce attacks and attacker models that assume a less powerful adversary than traditionally considered, broadening the scope of potential security threats. Our findings show that even minimal access to the 3D printer can result in significant security breaches, such as unauthorized access to subsequent print jobs or persistent misconfiguration of the printer. We identify 278 potentially malicious G-Codes across the attack categories Information Disclosure, Denial of Service, and Model Manipulation. Our evaluation demonstrates the applicability of these attacks across various 3D printers and their firmware. Our findings underscore the need for a better standardization process of G-Codes and corresponding security best practices.\r\n","lang":"eng"}],"publication":"Proceedings of the 34th USENIX Security Symposium","title":"Security Implications of Malicious G-Codes in 3D Printing","date_created":"2025-02-17T11:12:17Z","year":"2025","quality_controlled":"1","file_date_updated":"2025-02-17T11:13:10Z","department":[{"_id":"632"}],"user_id":"58331","_id":"58657","status":"public","type":"conference","conference":{"start_date":"2025-08-13","name":"34th USENIX Security Symposium","location":"Seattle, WA, USA","end_date":"2025-08-15"},"main_file_link":[{"url":"https://www.usenix.org/conference/usenixsecurity25/presentation/rossel","open_access":"1"}],"author":[{"orcid":"0000-0002-3182-4059","last_name":"Rossel","full_name":"Rossel, Jost","id":"58331","first_name":"Jost"},{"first_name":"Vladislav","full_name":"Mladenov, Vladislav","last_name":"Mladenov"},{"last_name":"Wördenweber","full_name":"Wördenweber, Nico","first_name":"Nico"},{"id":"83504","full_name":"Somorovsky, Juraj","orcid":"0000-0002-3593-7720","last_name":"Somorovsky","first_name":"Juraj"}],"date_updated":"2025-08-22T10:34:24Z","oa":"1","page":"1867 - 1885","citation":{"ieee":"J. Rossel, V. Mladenov, N. Wördenweber, and J. Somorovsky, “Security Implications of Malicious G-Codes in 3D Printing,” in Proceedings of the 34th USENIX Security Symposium, Seattle, WA, USA, 2025, pp. 1867–1885.","chicago":"Rossel, Jost, Vladislav Mladenov, Nico Wördenweber, and Juraj Somorovsky. “Security Implications of Malicious G-Codes in 3D Printing.” In Proceedings of the 34th USENIX Security Symposium, 1867–85, 2025.","ama":"Rossel J, Mladenov V, Wördenweber N, Somorovsky J. Security Implications of Malicious G-Codes in 3D Printing. In: Proceedings of the 34th USENIX Security Symposium. ; 2025:1867-1885.","apa":"Rossel, J., Mladenov, V., Wördenweber, N., & Somorovsky, J. (2025). Security Implications of Malicious G-Codes in 3D Printing. Proceedings of the 34th USENIX Security Symposium, 1867–1885.","short":"J. Rossel, V. Mladenov, N. Wördenweber, J. Somorovsky, in: Proceedings of the 34th USENIX Security Symposium, 2025, pp. 1867–1885.","bibtex":"@inproceedings{Rossel_Mladenov_Wördenweber_Somorovsky_2025, title={Security Implications of Malicious G-Codes in 3D Printing}, booktitle={Proceedings of the 34th USENIX Security Symposium}, author={Rossel, Jost and Mladenov, Vladislav and Wördenweber, Nico and Somorovsky, Juraj}, year={2025}, pages={1867–1885} }","mla":"Rossel, Jost, et al. “Security Implications of Malicious G-Codes in 3D Printing.” Proceedings of the 34th USENIX Security Symposium, 2025, pp. 1867–85."},"has_accepted_license":"1","publication_status":"published"},{"_id":"60970","user_id":"55616","department":[{"_id":"632"}],"ddc":["000"],"language":[{"iso":"eng"}],"file_date_updated":"2025-09-29T13:46:49Z","type":"conference","publication":"34th USENIX Security Symposium","file":[{"content_type":"application/pdf","relation":"main_file","date_updated":"2025-09-29T13:46:49Z","creator":"snhebrok","date_created":"2025-09-29T13:41:18Z","file_size":333869,"access_level":"open_access","file_name":"paper.pdf","file_id":"61465"},{"content_type":"application/pdf","relation":"supplementary_material","date_updated":"2025-09-29T13:46:49Z","creator":"snhebrok","date_created":"2025-09-29T13:41:27Z","file_size":162464,"file_id":"61466","access_level":"open_access","file_name":"ae.pdf"},{"relation":"poster","content_type":"application/pdf","file_id":"61467","access_level":"open_access","file_name":"poster.pdf","file_size":535577,"date_created":"2025-09-29T13:41:41Z","creator":"snhebrok","date_updated":"2025-09-29T13:46:49Z"},{"content_type":"application/pdf","relation":"slides","date_updated":"2025-09-29T13:46:49Z","creator":"snhebrok","date_created":"2025-09-29T13:42:04Z","file_size":3057223,"file_name":"slides.pdf","access_level":"open_access","file_id":"61468"}],"status":"public","oa":"1","date_updated":"2025-09-29T13:46:49Z","author":[{"first_name":"Sven Niclas","full_name":"Hebrok, Sven Niclas","id":"55616","orcid":"0009-0006-1172-1665","last_name":"Hebrok"},{"first_name":"Tim Leonhard","full_name":"Storm, Tim Leonhard","id":"74914","last_name":"Storm","orcid":"0009-0001-2681-1624"},{"last_name":"Cramer","full_name":"Cramer, Felix Matthias","first_name":"Felix Matthias"},{"orcid":"0009-0005-3059-6823","last_name":"Radoy","full_name":"Radoy, Maximilian Manfred","id":"68826","first_name":"Maximilian Manfred"},{"first_name":"Juraj","last_name":"Somorovsky","orcid":"0000-0002-3593-7720","id":"83504","full_name":"Somorovsky, Juraj"}],"date_created":"2025-08-21T13:43:47Z","title":"STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets","main_file_link":[{"url":"https://www.usenix.org/conference/usenixsecurity25/presentation/hebrok","open_access":"1"}],"has_accepted_license":"1","year":"2025","citation":{"ieee":"S. N. Hebrok, T. L. Storm, F. M. Cramer, M. M. Radoy, and J. Somorovsky, “STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets,” 2025.","chicago":"Hebrok, Sven Niclas, Tim Leonhard Storm, Felix Matthias Cramer, Maximilian Manfred Radoy, and Juraj Somorovsky. “STEK Sharing Is Not Caring: Bypassing TLS Authentication in Web Servers Using Session Tickets.” In 34th USENIX Security Symposium, 2025.","ama":"Hebrok SN, Storm TL, Cramer FM, Radoy MM, Somorovsky J. STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets. In: 34th USENIX Security Symposium. ; 2025.","short":"S.N. Hebrok, T.L. Storm, F.M. Cramer, M.M. Radoy, J. Somorovsky, in: 34th USENIX Security Symposium, 2025.","bibtex":"@inproceedings{Hebrok_Storm_Cramer_Radoy_Somorovsky_2025, title={STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets}, booktitle={34th USENIX Security Symposium}, author={Hebrok, Sven Niclas and Storm, Tim Leonhard and Cramer, Felix Matthias and Radoy, Maximilian Manfred and Somorovsky, Juraj}, year={2025} }","mla":"Hebrok, Sven Niclas, et al. “STEK Sharing Is Not Caring: Bypassing TLS Authentication in Web Servers Using Session Tickets.” 34th USENIX Security Symposium, 2025.","apa":"Hebrok, S. N., Storm, T. L., Cramer, F. M., Radoy, M. M., & Somorovsky, J. (2025). STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets. 34th USENIX Security Symposium."}},{"title":"STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets","date_updated":"2025-11-03T10:04:46Z","date_created":"2025-08-31T12:33:33Z","author":[{"last_name":"Hebrok","full_name":"Hebrok, Sven","first_name":"Sven"},{"full_name":"Storm, Tim Leonhard","last_name":"Storm","first_name":"Tim Leonhard"},{"full_name":"Cramer, Felix Matthias","last_name":"Cramer","first_name":"Felix Matthias"},{"first_name":"Maximilian","last_name":"Radoy","full_name":"Radoy, Maximilian"},{"first_name":"Juraj","full_name":"Somorovsky, Juraj","last_name":"Somorovsky"}],"year":"2025","page":"8017–8034","citation":{"chicago":"Hebrok, Sven, Tim Leonhard Storm, Felix Matthias Cramer, Maximilian Radoy, and Juraj Somorovsky. “STEK Sharing Is Not Caring: Bypassing TLS Authentication in Web Servers Using Session Tickets.” In 34th USENIX Security Symposium (USENIX Security 25), 8017–8034, 2025.","ieee":"S. Hebrok, T. L. Storm, F. M. Cramer, M. Radoy, and J. Somorovsky, “STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets,” in 34th USENIX Security Symposium (USENIX Security 25), 2025, pp. 8017–8034.","ama":"Hebrok S, Storm TL, Cramer FM, Radoy M, Somorovsky J. STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets. In: 34th USENIX Security Symposium (USENIX Security 25). ; 2025:8017–8034.","short":"S. Hebrok, T.L. Storm, F.M. Cramer, M. Radoy, J. Somorovsky, in: 34th USENIX Security Symposium (USENIX Security 25), 2025, pp. 8017–8034.","bibtex":"@inproceedings{Hebrok_Storm_Cramer_Radoy_Somorovsky_2025, title={STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets}, booktitle={34th USENIX Security Symposium (USENIX Security 25)}, author={Hebrok, Sven and Storm, Tim Leonhard and Cramer, Felix Matthias and Radoy, Maximilian and Somorovsky, Juraj}, year={2025}, pages={8017–8034} }","mla":"Hebrok, Sven, et al. “STEK Sharing Is Not Caring: Bypassing TLS Authentication in Web Servers Using Session Tickets.” 34th USENIX Security Symposium (USENIX Security 25), 2025, pp. 8017–8034.","apa":"Hebrok, S., Storm, T. L., Cramer, F. M., Radoy, M., & Somorovsky, J. (2025). STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets. 34th USENIX Security Symposium (USENIX Security 25), 8017–8034."},"_id":"61102","department":[{"_id":"632"},{"_id":"632"}],"user_id":"68826","status":"public","publication":"34th USENIX Security Symposium (USENIX Security 25)","type":"conference"},{"publication_status":"published","place":"Cham","year":"2024","citation":{"ama":"Heitmann N, Siewert H, Moog S, Somorovsky J. Security Analysis of BigBlueButton and eduMEET. In: Applied Cryptography and Network Security. Springer Nature Switzerland; 2024. doi:10.1007/978-3-031-54776-8_8","chicago":"Heitmann, Nico, Hendrik Siewert, Sven Moog, and Juraj Somorovsky. “Security Analysis of BigBlueButton and EduMEET.” In Applied Cryptography and Network Security. Cham: Springer Nature Switzerland, 2024. https://doi.org/10.1007/978-3-031-54776-8_8.","ieee":"N. Heitmann, H. Siewert, S. Moog, and J. Somorovsky, “Security Analysis of BigBlueButton and eduMEET,” Abu Dhabi, 2024, doi: 10.1007/978-3-031-54776-8_8.","apa":"Heitmann, N., Siewert, H., Moog, S., & Somorovsky, J. (2024). Security Analysis of BigBlueButton and eduMEET. Applied Cryptography and Network Security. https://doi.org/10.1007/978-3-031-54776-8_8","short":"N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security, Springer Nature Switzerland, Cham, 2024.","mla":"Heitmann, Nico, et al. “Security Analysis of BigBlueButton and EduMEET.” Applied Cryptography and Network Security, Springer Nature Switzerland, 2024, doi:10.1007/978-3-031-54776-8_8.","bibtex":"@inproceedings{Heitmann_Siewert_Moog_Somorovsky_2024, place={Cham}, title={Security Analysis of BigBlueButton and eduMEET}, DOI={10.1007/978-3-031-54776-8_8}, booktitle={Applied Cryptography and Network Security}, publisher={Springer Nature Switzerland}, author={Heitmann, Nico and Siewert, Hendrik and Moog, Sven and Somorovsky, Juraj}, year={2024} }"},"date_updated":"2024-05-23T11:20:29Z","publisher":"Springer Nature Switzerland","date_created":"2024-05-23T11:15:39Z","author":[{"last_name":"Heitmann","full_name":"Heitmann, Nico","id":"74619","first_name":"Nico"},{"first_name":"Hendrik","last_name":"Siewert","full_name":"Siewert, Hendrik"},{"first_name":"Sven","last_name":"Moog","full_name":"Moog, Sven"},{"id":"83504","full_name":"Somorovsky, Juraj","last_name":"Somorovsky","orcid":"0000-0002-3593-7720","first_name":"Juraj"}],"title":"Security Analysis of BigBlueButton and eduMEET","main_file_link":[{"url":"https://link.springer.com/content/pdf/10.1007/978-3-031-54776-8_8.pdf"}],"conference":{"location":"Abu Dhabi","end_date":"2024-03-08","start_date":"2024-03-05"},"doi":"10.1007/978-3-031-54776-8_8","type":"conference","publication":"Applied Cryptography and Network Security","abstract":[{"text":"Video conferencing systems have become an indispensable part of our world. Using video conferencing systems implies the expectation that online meetings run as smoothly as in-person meetings. Thus, online meetings need to be just as secure and private as in-person meetings, which are secured against disruptive factors and unauthorized persons by physical access control mechanisms.\r\n\r\nTo show the security dangers of conferencing systems and raise general awareness when using these technologies, we analyze the security of two widely used research and education open-source video conferencing systems: BigBlueButton and eduMEET. Because both systems are very different, we analyzed their architectures, considering the respective components with their main tasks, features, and user roles. In the following systematic security analyses, we found 50 vulnerabilities. These include broken access control, NoSQL injection, and denial of service (DoS). The vulnerabilities have root causes of different natures. While BigBlueButton has a lot of complexity due to many components, eduMEET, which is relatively young, focuses more on features than security. The sheer amount of results and the lack of prior work indicate a research gap that needs to be closed since video conferencing systems continue to play a significant role in research, education, and everyday life.","lang":"eng"}],"status":"public","_id":"54437","user_id":"74619","department":[{"_id":"632"}],"language":[{"iso":"eng"}]},{"publication":"Proceedings on Privacy Enhancing Technologies","abstract":[{"text":"Many countries limit their residents' access to various websites. As a substantial number of these websites do not support TLS encryption, censorship of unencrypted HTTP requests remains prevalent. Accordingly, circumvention techniques can and have been found for the HTTP protocol. In this paper, we infer novel circumvention techniques on the HTTP layer from a web security vulnerability by utilizing HTTP request smuggling (HRS). To demonstrate the viability of our techniques, we collected various test vectors from previous work about HRS and evaluated them on popular web servers and censors in China, Russia, and Iran. Our findings show that HRS can be successfully employed as a censorship circumvention technique against multiple censors and web servers. We also discover a standard-compliant circumvention technique in Russia, unusually inconsistent censorship in China, and an implementation bug in Iran. The results of this work imply that censorship circumvention techniques can successfully be constructed from existing vulnerabilities. We conjecture that this implication provides insights to the censorship circumvention community beyond the viability of specific techniques presented in this work.","lang":"eng"}],"file":[{"content_type":"application/pdf","relation":"main_file","date_created":"2024-07-09T07:42:54Z","creator":"flange","date_updated":"2024-07-09T07:42:54Z","file_name":"Turning Attacks into Advantages_ Evading HTTP Censorship with HTTP Request Smuggling - foci-2024-0012.pdf","file_id":"55139","access_level":"open_access","file_size":189676}],"ddc":["006"],"keyword":["censorship","censorship circumvention","http","http request smuggling"],"language":[{"iso":"eng"}],"quality_controlled":"1","year":"2024","date_created":"2024-07-09T07:49:37Z","title":"Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling","type":"conference","status":"public","_id":"55137","user_id":"67893","department":[{"_id":"632"}],"file_date_updated":"2024-07-09T07:42:54Z","publication_status":"published","has_accepted_license":"1","place":"Bristol","citation":{"chicago":"Müller, Philipp, Niklas Niere, Felix Lange, and Juraj Somorovsky. “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.” In Proceedings on Privacy Enhancing Technologies. Bristol, 2024.","ieee":"P. Müller, N. Niere, F. Lange, and J. Somorovsky, “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling,” presented at the Free and Open Communications on the Internet 2024 , Bristol, 2024.","ama":"Müller P, Niere N, Lange F, Somorovsky J. Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. In: Proceedings on Privacy Enhancing Technologies. ; 2024.","apa":"Müller, P., Niere, N., Lange, F., & Somorovsky, J. (2024). Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. Proceedings on Privacy Enhancing Technologies. Free and Open Communications on the Internet 2024 , Bristol.","mla":"Müller, Philipp, et al. “Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling.” Proceedings on Privacy Enhancing Technologies, 2024.","short":"P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.","bibtex":"@inproceedings{Müller_Niere_Lange_Somorovsky_2024, place={Bristol}, title={Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling}, booktitle={Proceedings on Privacy Enhancing Technologies}, author={Müller, Philipp and Niere, Niklas and Lange, Felix and Somorovsky, Juraj}, year={2024} }"},"oa":"1","date_updated":"2024-07-09T07:49:59Z","author":[{"first_name":"Philipp","last_name":"Müller","full_name":"Müller, Philipp"},{"first_name":"Niklas","last_name":"Niere","id":"63563","full_name":"Niere, Niklas"},{"first_name":"Felix","last_name":"Lange","full_name":"Lange, Felix","id":"67893"},{"orcid":"0000-0002-3593-7720","last_name":"Somorovsky","full_name":"Somorovsky, Juraj","id":"83504","first_name":"Juraj"}],"main_file_link":[{"open_access":"1","url":"https://www.petsymposium.org/foci/2024/foci-2024-0012.pdf"}],"conference":{"start_date":"2024-07-15","name":"Free and Open Communications on the Internet 2024 ","location":"Bristol","end_date":"2024-07-15"}},{"language":[{"iso":"eng"}],"user_id":"68826","department":[{"_id":"632"}],"_id":"56079","status":"public","type":"book_chapter","publication":"Lecture Notes in Computer Science","doi":"10.1007/978-3-031-70896-1_16","title":"In Search of Partitioning Oracle Attacks Against TLS Session Tickets","author":[{"first_name":"Maximilian Manfred","orcid":"0009-0005-3059-6823","last_name":"Radoy","id":"68826","full_name":"Radoy, Maximilian Manfred"},{"first_name":"Sven Niclas","last_name":"Hebrok","orcid":"0009-0006-1172-1665","full_name":"Hebrok, Sven Niclas","id":"55616"},{"id":"83504","full_name":"Somorovsky, Juraj","orcid":"0000-0002-3593-7720","last_name":"Somorovsky","first_name":"Juraj"}],"date_created":"2024-09-06T07:06:14Z","date_updated":"2024-10-07T13:38:28Z","publisher":"Springer Nature Switzerland","citation":{"apa":"Radoy, M. M., Hebrok, S. N., & Somorovsky, J. (2024). In Search of Partitioning Oracle Attacks Against TLS Session Tickets. In Lecture Notes in Computer Science. Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-70896-1_16","mla":"Radoy, Maximilian Manfred, et al. “In Search of Partitioning Oracle Attacks Against TLS Session Tickets.” Lecture Notes in Computer Science, Springer Nature Switzerland, 2024, doi:10.1007/978-3-031-70896-1_16.","bibtex":"@inbook{Radoy_Hebrok_Somorovsky_2024, place={Cham}, title={In Search of Partitioning Oracle Attacks Against TLS Session Tickets}, DOI={10.1007/978-3-031-70896-1_16}, booktitle={Lecture Notes in Computer Science}, publisher={Springer Nature Switzerland}, author={Radoy, Maximilian Manfred and Hebrok, Sven Niclas and Somorovsky, Juraj}, year={2024} }","short":"M.M. Radoy, S.N. Hebrok, J. Somorovsky, in: Lecture Notes in Computer Science, Springer Nature Switzerland, Cham, 2024.","ama":"Radoy MM, Hebrok SN, Somorovsky J. In Search of Partitioning Oracle Attacks Against TLS Session Tickets. In: Lecture Notes in Computer Science. Springer Nature Switzerland; 2024. doi:10.1007/978-3-031-70896-1_16","ieee":"M. M. Radoy, S. N. Hebrok, and J. Somorovsky, “In Search of Partitioning Oracle Attacks Against TLS Session Tickets,” in Lecture Notes in Computer Science, Cham: Springer Nature Switzerland, 2024.","chicago":"Radoy, Maximilian Manfred, Sven Niclas Hebrok, and Juraj Somorovsky. “In Search of Partitioning Oracle Attacks Against TLS Session Tickets.” In Lecture Notes in Computer Science. Cham: Springer Nature Switzerland, 2024. https://doi.org/10.1007/978-3-031-70896-1_16."},"place":"Cham","year":"2024","publication_status":"published","publication_identifier":{"issn":["0302-9743","1611-3349"],"isbn":["9783031708954","9783031708961"]}},{"keyword":["SSL","TLS","DTLS","Protocol State Fuzzing","Planning Based"],"language":[{"iso":"eng"}],"_id":"57816","user_id":"67893","department":[{"_id":"632"}],"abstract":[{"lang":"eng","text":"TLS-Attacker is an open-source framework for analyzing Transport\r\nLayer Security (TLS) implementations. The framework allows users\r\nto specify custom protocol flows and provides modification hooks to\r\nmanipulate message contents. Since its initial publication in 2016 by\r\nJuraj Somorovsky, TLS-Attacker has been used in numerous studies\r\npublished at well-established conferences and helped to identify\r\nvulnerabilities in well-known open-source TLS libraries. To enable\r\nautomated analyses, TLS-Attacker has grown into a suite of projects,\r\neach designed as a building block that can be applied to facilitate\r\nvarious analysis methodologies. The framework still undergoes\r\ncontinuous improvements with feature extensions, such as DTLS\r\n1.3 or the addition of new dialects such as QUIC, to continue its\r\neffectiveness and relevancy as a security analysis framework."}],"status":"public","type":"conference","publication":"Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24)","title":"TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations","conference":{"location":"Hawaii","end_date":"2024-12-13","start_date":"2024-12-09","name":"Annual Computer Security Applications Conference"},"date_updated":"2025-02-27T08:02:30Z","date_created":"2024-12-17T11:25:14Z","author":[{"full_name":"Bäumer, Fabian","last_name":"Bäumer","first_name":"Fabian"},{"first_name":"Marcus","last_name":"Brinkmann","full_name":"Brinkmann, Marcus"},{"last_name":"Erinola","full_name":"Erinola, Nurullah","first_name":"Nurullah"},{"orcid":"0009-0006-1172-1665","last_name":"Hebrok","full_name":"Hebrok, Sven Niclas","id":"55616","first_name":"Sven Niclas"},{"first_name":"Nico","full_name":"Heitmann, Nico","id":"74619","orcid":"0009-0003-7687-7044","last_name":"Heitmann"},{"id":"67893","full_name":"Lange, Felix","last_name":"Lange","first_name":"Felix"},{"first_name":"Marcel","last_name":"Maehren","full_name":"Maehren, Marcel"},{"first_name":"Robert","last_name":"Merget","full_name":"Merget, Robert"},{"first_name":"Niklas","full_name":"Niere, Niklas","id":"63563","last_name":"Niere"},{"last_name":"Radoy","orcid":"0009-0005-3059-6823","id":"68826","full_name":"Radoy, Maximilian Manfred","first_name":"Maximilian Manfred"},{"full_name":"Schmidt, Conrad","last_name":"Schmidt","first_name":"Conrad"},{"full_name":"Schwenk, Jörg","last_name":"Schwenk","first_name":"Jörg"},{"first_name":"Juraj","last_name":"Somorovsky","orcid":"0000-0002-3593-7720","full_name":"Somorovsky, Juraj","id":"83504"}],"year":"2024","citation":{"ama":"Bäumer F, Brinkmann M, Erinola N, et al. TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations. In: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24). ; 2024.","ieee":"F. Bäumer et al., “TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations,” presented at the Annual Computer Security Applications Conference, Hawaii, 2024.","chicago":"Bäumer, Fabian, Marcus Brinkmann, Nurullah Erinola, Sven Niclas Hebrok, Nico Heitmann, Felix Lange, Marcel Maehren, et al. “TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations.” In Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24), 2024.","short":"F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange, M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky, in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24), 2024.","bibtex":"@inproceedings{Bäumer_Brinkmann_Erinola_Hebrok_Heitmann_Lange_Maehren_Merget_Niere_Radoy_et al._2024, title={TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations}, booktitle={Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24)}, author={Bäumer, Fabian and Brinkmann, Marcus and Erinola, Nurullah and Hebrok, Sven Niclas and Heitmann, Nico and Lange, Felix and Maehren, Marcel and Merget, Robert and Niere, Niklas and Radoy, Maximilian Manfred and et al.}, year={2024} }","mla":"Bäumer, Fabian, et al. “TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations.” Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24), 2024.","apa":"Bäumer, F., Brinkmann, M., Erinola, N., Hebrok, S. N., Heitmann, N., Lange, F., Maehren, M., Merget, R., Niere, N., Radoy, M. M., Schmidt, C., Schwenk, J., & Somorovsky, J. (2024). TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations. Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24). Annual Computer Security Applications Conference, Hawaii."},"quality_controlled":"1"},{"status":"public","abstract":[{"text":"State actors around the world censor the HTTPS protocol to block access to certain websites. While many circumvention strategies utilize the TCP layer only little emphasis has been placed on the analysis of TLS-a complex protocol and integral building block of HTTPS. In contrast to the TCP layer, circumvention methods on the TLS layer do not require root privileges since TLS operates on the application layer. With this proposal, we want to motivate a deeper analysis of TLS in regard to censorship circumvention techniques. To prove the existence of such techniques, we present TLS record fragmentation as a novel circumvention technique and circumvent the Great Firewall of China (GFW) using this technique. We hope that our research fosters collaboration between censorship and TLS researchers.","lang":"eng"}],"publication":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","type":"conference","language":[{"iso":"eng"}],"department":[{"_id":"632"}],"user_id":"83504","_id":"49654","citation":{"chicago":"Niere, Niklas, Sven Niclas Hebrok, Juraj Somorovsky, and Robert Merget. “Poster: Circumventing the GFW with TLS Record Fragmentation.” In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2023. https://doi.org/10.1145/3576915.3624372.","ieee":"N. Niere, S. N. Hebrok, J. Somorovsky, and R. Merget, “Poster: Circumventing the GFW with TLS Record Fragmentation,” 2023, doi: 10.1145/3576915.3624372.","ama":"Niere N, Hebrok SN, Somorovsky J, Merget R. Poster: Circumventing the GFW with TLS Record Fragmentation. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2023. doi:10.1145/3576915.3624372","apa":"Niere, N., Hebrok, S. N., Somorovsky, J., & Merget, R. (2023). Poster: Circumventing the GFW with TLS Record Fragmentation. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. https://doi.org/10.1145/3576915.3624372","short":"N. Niere, S.N. Hebrok, J. Somorovsky, R. Merget, in: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023.","bibtex":"@inproceedings{Niere_Hebrok_Somorovsky_Merget_2023, title={Poster: Circumventing the GFW with TLS Record Fragmentation}, DOI={10.1145/3576915.3624372}, booktitle={Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security}, publisher={ACM}, author={Niere, Niklas and Hebrok, Sven Niclas and Somorovsky, Juraj and Merget, Robert}, year={2023} }","mla":"Niere, Niklas, et al. “Poster: Circumventing the GFW with TLS Record Fragmentation.” Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023, doi:10.1145/3576915.3624372."},"year":"2023","publication_status":"published","doi":"10.1145/3576915.3624372","title":"Poster: Circumventing the GFW with TLS Record Fragmentation","author":[{"first_name":"Niklas","full_name":"Niere, Niklas","id":"63563","last_name":"Niere"},{"id":"55616","full_name":"Hebrok, Sven Niclas","last_name":"Hebrok","orcid":"0009-0006-1172-1665","first_name":"Sven Niclas"},{"first_name":"Juraj","full_name":"Somorovsky, Juraj","id":"83504","orcid":"0000-0002-3593-7720","last_name":"Somorovsky"},{"full_name":"Merget, Robert","last_name":"Merget","first_name":"Robert"}],"date_created":"2023-12-15T07:34:24Z","date_updated":"2024-04-02T12:17:18Z","publisher":"ACM"},{"status":"public","publication":"32nd USENIX Security Symposium","type":"conference","language":[{"iso":"eng"}],"department":[{"_id":"632"}],"user_id":"83504","_id":"43060","citation":{"apa":"Hebrok, S. N., Nachtigall, S., Maehren, M., Erinola, N., Merget, R., Somorovsky, J., & Schwenk, J. (2023). We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets. 32nd USENIX Security Symposium.","short":"S.N. Hebrok, S. Nachtigall, M. Maehren, N. Erinola, R. Merget, J. Somorovsky, J. Schwenk, in: 32nd USENIX Security Symposium, 2023.","mla":"Hebrok, Sven Niclas, et al. “We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets.” 32nd USENIX Security Symposium, 2023.","bibtex":"@inproceedings{Hebrok_Nachtigall_Maehren_Erinola_Merget_Somorovsky_Schwenk_2023, title={We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets}, booktitle={32nd USENIX Security Symposium}, author={Hebrok, Sven Niclas and Nachtigall, Simon and Maehren, Marcel and Erinola, Nurullah and Merget, Robert and Somorovsky, Juraj and Schwenk, Jörg}, year={2023} }","ieee":"S. N. Hebrok et al., “We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets,” 2023.","chicago":"Hebrok, Sven Niclas, Simon Nachtigall, Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, and Jörg Schwenk. “We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets.” In 32nd USENIX Security Symposium, 2023.","ama":"Hebrok SN, Nachtigall S, Maehren M, et al. We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets. In: 32nd USENIX Security Symposium. ; 2023."},"year":"2023","main_file_link":[{"open_access":"1","url":"https://www.usenix.org/conference/usenixsecurity23/presentation/hebrok"}],"title":"We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets","author":[{"last_name":"Hebrok","full_name":"Hebrok, Sven Niclas","id":"55616","first_name":"Sven Niclas"},{"last_name":"Nachtigall","full_name":"Nachtigall, Simon","first_name":"Simon"},{"last_name":"Maehren","full_name":"Maehren, Marcel","first_name":"Marcel"},{"full_name":"Erinola, Nurullah","last_name":"Erinola","first_name":"Nurullah"},{"last_name":"Merget","full_name":"Merget, Robert","first_name":"Robert"},{"full_name":"Somorovsky, Juraj","id":"83504","last_name":"Somorovsky","orcid":"0000-0002-3593-7720","first_name":"Juraj"},{"last_name":"Schwenk","full_name":"Schwenk, Jörg","first_name":"Jörg"}],"date_created":"2023-03-22T08:15:42Z","date_updated":"2023-06-21T06:49:56Z","oa":"1"},{"language":[{"iso":"eng"}],"ddc":["000"],"keyword":["Defense-in-Depth","Human Factors","Production Engineering","Product Design","Systems Engineering"],"file":[{"content_type":"application/pdf","relation":"main_file","date_updated":"2024-09-05T13:00:09Z","creator":"jrossel","date_created":"2024-09-05T13:00:09Z","file_size":197727,"access_level":"closed","file_name":"Re_envisioning_Industrial_Control_Systems_security.pdf","file_id":"56077"}],"abstract":[{"text":"The security of Industrial Control Systems is relevant both for reliable production system operations and for high-quality throughput in terms of manufactured products. Security measures are designed, operated and maintained by different roles along product and production system lifecycles. Defense-in-Depth as a paradigm builds upon the assumption that breaches are unavoidable. The paper at hand provides an analysis of roles, corresponding Human Factors and their relevance for data theft and sabotage attacks. The resulting taxonomy is reflected by an example related to Additive Manufacturing. The results assist in both designing and redesigning Industrial Control System as part of an entire production system so that Defense-in-Depth with regard to Human Factors is built in by design.","lang":"eng"}],"publication":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","title":"Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth","date_created":"2023-08-15T12:21:05Z","publisher":"IEEE","year":"2023","quality_controlled":"1","file_date_updated":"2024-09-05T13:00:09Z","user_id":"58331","department":[{"_id":"34"},{"_id":"152"},{"_id":"76"},{"_id":"632"},{"_id":"858"}],"_id":"46500","status":"public","type":"conference","main_file_link":[{"url":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10190647"}],"conference":{"location":"Delft, Netherlands","end_date":"2023-07-07","start_date":"2023-07-03","name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)"},"doi":"10.1109/eurospw59978.2023.00048","author":[{"orcid":"http://orcid.org/0000-0001-8778-2989","last_name":"Pottebaum","full_name":"Pottebaum, Jens","id":"405","first_name":"Jens"},{"first_name":"Jost","last_name":"Rossel","orcid":"0000-0002-3182-4059","id":"58331","full_name":"Rossel, Jost"},{"first_name":"Juraj","full_name":"Somorovsky, Juraj","id":"83504","orcid":"0000-0002-3593-7720","last_name":"Somorovsky"},{"last_name":"Acar","id":"94636","full_name":"Acar, Yasemin","first_name":"Yasemin"},{"first_name":"René","id":"111","full_name":"Fahr, René","last_name":"Fahr"},{"first_name":"Patricia","id":"92804","full_name":"Arias Cabarcos, Patricia","last_name":"Arias Cabarcos"},{"id":"59256","full_name":"Bodden, Eric","orcid":"0000-0003-3470-3647","last_name":"Bodden","first_name":"Eric"},{"first_name":"Iris","last_name":"Gräßler","orcid":"0000-0001-5765-971X","id":"47565","full_name":"Gräßler, Iris"}],"date_updated":"2025-07-16T11:06:47Z","citation":{"apa":"Pottebaum, J., Rossel, J., Somorovsky, J., Acar, Y., Fahr, R., Arias Cabarcos, P., Bodden, E., & Gräßler, I. (2023). Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 379–385. https://doi.org/10.1109/eurospw59978.2023.00048","mla":"Pottebaum, Jens, et al. “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.” 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–85, doi:10.1109/eurospw59978.2023.00048.","bibtex":"@inproceedings{Pottebaum_Rossel_Somorovsky_Acar_Fahr_Arias Cabarcos_Bodden_Gräßler_2023, title={Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth}, DOI={10.1109/eurospw59978.2023.00048}, booktitle={2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)}, publisher={IEEE}, author={Pottebaum, Jens and Rossel, Jost and Somorovsky, Juraj and Acar, Yasemin and Fahr, René and Arias Cabarcos, Patricia and Bodden, Eric and Gräßler, Iris}, year={2023}, pages={379–385} }","short":"J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.","ama":"Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048","ieee":"J. Pottebaum et al., “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth,” in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 379–385, doi: 10.1109/eurospw59978.2023.00048.","chicago":"Pottebaum, Jens, Jost Rossel, Juraj Somorovsky, Yasemin Acar, René Fahr, Patricia Arias Cabarcos, Eric Bodden, and Iris Gräßler. “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.” In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 379–85. IEEE, 2023. https://doi.org/10.1109/eurospw59978.2023.00048."},"page":"379-385","publication_status":"published","has_accepted_license":"1"},{"status":"public","type":"conference","file_date_updated":"2024-09-05T11:14:40Z","user_id":"58331","department":[{"_id":"632"}],"_id":"48012","citation":{"ama":"Rossel J, Mladenov V, Somorovsky J. Security Analysis of the 3MF Data Format. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. ACM; 2023. doi:10.1145/3607199.3607216","chicago":"Rossel, Jost, Vladislav Mladenov, and Juraj Somorovsky. “Security Analysis of the 3MF Data Format.” In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. ACM, 2023. https://doi.org/10.1145/3607199.3607216.","ieee":"J. Rossel, V. Mladenov, and J. Somorovsky, “Security Analysis of the 3MF Data Format,” presented at the 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hongkong, 2023, doi: 10.1145/3607199.3607216.","apa":"Rossel, J., Mladenov, V., & Somorovsky, J. (2023). Security Analysis of the 3MF Data Format. Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hongkong. https://doi.org/10.1145/3607199.3607216","short":"J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.","bibtex":"@inproceedings{Rossel_Mladenov_Somorovsky_2023, title={Security Analysis of the 3MF Data Format}, DOI={10.1145/3607199.3607216}, booktitle={Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses}, publisher={ACM}, author={Rossel, Jost and Mladenov, Vladislav and Somorovsky, Juraj}, year={2023} }","mla":"Rossel, Jost, et al. “Security Analysis of the 3MF Data Format.” Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023, doi:10.1145/3607199.3607216."},"publication_status":"published","has_accepted_license":"1","main_file_link":[{"url":"https://dl.acm.org/doi/abs/10.1145/3607199.3607216"}],"conference":{"name":"26th International Symposium on Research in Attacks, Intrusions and Defenses","start_date":"2023-10-16","end_date":"2023-10-18","location":"Hongkong"},"doi":"10.1145/3607199.3607216","author":[{"full_name":"Rossel, Jost","id":"58331","last_name":"Rossel","orcid":"0000-0002-3182-4059","first_name":"Jost"},{"first_name":"Vladislav","last_name":"Mladenov","full_name":"Mladenov, Vladislav"},{"id":"83504","full_name":"Somorovsky, Juraj","last_name":"Somorovsky","orcid":"0000-0002-3593-7720","first_name":"Juraj"}],"oa":"1","date_updated":"2025-07-16T11:06:49Z","file":[{"file_name":"Security_Analysis_of_the_3mf_Data_Format.pdf","file_id":"48065","access_level":"open_access","file_size":1054999,"creator":"jrossel","date_created":"2023-10-16T03:48:08Z","date_updated":"2024-09-05T11:14:40Z","relation":"main_file","content_type":"application/pdf"}],"abstract":[{"text":"3D printing is a well-established technology with rapidly increasing usage scenarios both in the industry and consumer context. The growing popularity of 3D printing has also attracted security researchers, who have analyzed possibilities for weakening 3D models or stealing intellectual property from 3D models. We extend these important aspects and provide the first comprehensive security analysis of 3D printing data formats. We performed our systematic study on the example of the 3D Manufacturing Format (3MF), which offers a large variety of features that could lead to critical attacks. Based on 3MF’s features, we systematized three attack goals: Data Exfiltration (dex), Denial of Service, and UI Spoofing (uis). We achieve these goals by exploiting the complexity of 3MF, which is based on the Open Packaging Conventions (OPC) format and uses XML to define 3D models. In total, our analysis led to 352 tests. To create and run these tests automatically, we implemented an open-source tool named 3MF Analyzer (tool), which helped us evaluate 20 applications.","lang":"eng"}],"publication":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","language":[{"iso":"eng"}],"ddc":["000"],"keyword":["Data Format Security","3D Manufacturing Format","3D Printing","Additive Manufacturing"],"year":"2023","quality_controlled":"1","title":"Security Analysis of the 3MF Data Format","date_created":"2023-10-11T13:42:09Z","publisher":"ACM"},{"language":[{"iso":"eng"}],"_id":"32572","user_id":"83504","department":[{"_id":"632"}],"status":"public","type":"conference","publication":"Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)","title":"\"I don' know why I check this...\" - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks","publisher":"USENIX Association","date_updated":"2024-04-02T12:19:28Z","author":[{"last_name":"Mayer","full_name":"Mayer, Peter","first_name":"Peter"},{"first_name":"Damian","last_name":"Poddebniak","full_name":"Poddebniak, Damian"},{"first_name":"Konstantin","last_name":"Fischer","full_name":"Fischer, Konstantin"},{"full_name":"Brinkmann, Marcus","last_name":"Brinkmann","first_name":"Marcus"},{"id":"83504","full_name":"Somorovsky, Juraj","orcid":"0000-0002-3593-7720","last_name":"Somorovsky","first_name":"Juraj"},{"last_name":"Sasse","full_name":"Sasse, Angela","first_name":"Angela"},{"first_name":"Sebastian","last_name":"Schinzel","full_name":"Schinzel, Sebastian"},{"full_name":"Volkamer, Melanie","last_name":"Volkamer","first_name":"Melanie"}],"date_created":"2022-08-03T11:02:10Z","year":"2022","place":"Boston, MA","citation":{"chicago":"Mayer, Peter, Damian Poddebniak, Konstantin Fischer, Marcus Brinkmann, Juraj Somorovsky, Angela Sasse, Sebastian Schinzel, and Melanie Volkamer. “‘I Don’ Know Why I Check This...’ - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks.” In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), 77–96. Boston, MA: USENIX Association, 2022.","ieee":"P. Mayer et al., “‘I don’ know why I check this...’ - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks,” in Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), 2022, pp. 77–96.","ama":"Mayer P, Poddebniak D, Fischer K, et al. “I don’ know why I check this...” - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks. In: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). USENIX Association; 2022:77–96.","mla":"Mayer, Peter, et al. “‘I Don’ Know Why I Check This...’ - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks.” Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), USENIX Association, 2022, pp. 77–96.","short":"P. Mayer, D. Poddebniak, K. Fischer, M. Brinkmann, J. Somorovsky, A. Sasse, S. Schinzel, M. Volkamer, in: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), USENIX Association, Boston, MA, 2022, pp. 77–96.","bibtex":"@inproceedings{Mayer_Poddebniak_Fischer_Brinkmann_Somorovsky_Sasse_Schinzel_Volkamer_2022, place={Boston, MA}, title={“I don’ know why I check this...” - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks}, booktitle={Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)}, publisher={USENIX Association}, author={Mayer, Peter and Poddebniak, Damian and Fischer, Konstantin and Brinkmann, Marcus and Somorovsky, Juraj and Sasse, Angela and Schinzel, Sebastian and Volkamer, Melanie}, year={2022}, pages={77–96} }","apa":"Mayer, P., Poddebniak, D., Fischer, K., Brinkmann, M., Somorovsky, J., Sasse, A., Schinzel, S., & Volkamer, M. (2022). “I don’ know why I check this...” - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks. Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), 77–96."},"page":"77–96","publication_identifier":{"isbn":["978-1-939133-30-4"]}},{"citation":{"apa":"Maehren, M., Nieting, P., Hebrok, S. N., Merget, R., Somorovsky, J., & Schwenk, J. (2022). TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries. 31st USENIX Security Symposium (USENIX Security 22).","mla":"Maehren, Marcel, et al. “TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries.” 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, 2022.","bibtex":"@inproceedings{Maehren_Nieting_Hebrok_Merget_Somorovsky_Schwenk_2022, place={Boston, MA}, title={TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries}, booktitle={31st USENIX Security Symposium (USENIX Security 22)}, publisher={USENIX Association}, author={Maehren, Marcel and Nieting, Philipp and Hebrok, Sven Niclas and Merget, Robert and Somorovsky, Juraj and Schwenk, Jörg}, year={2022} }","short":"M. Maehren, P. Nieting, S.N. Hebrok, R. Merget, J. Somorovsky, J. Schwenk, in: 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, Boston, MA, 2022.","ama":"Maehren M, Nieting P, Hebrok SN, Merget R, Somorovsky J, Schwenk J. TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries. In: 31st USENIX Security Symposium (USENIX Security 22). USENIX Association; 2022.","chicago":"Maehren, Marcel, Philipp Nieting, Sven Niclas Hebrok, Robert Merget, Juraj Somorovsky, and Jörg Schwenk. “TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries.” In 31st USENIX Security Symposium (USENIX Security 22). Boston, MA: USENIX Association, 2022.","ieee":"M. Maehren, P. Nieting, S. N. Hebrok, R. Merget, J. Somorovsky, and J. Schwenk, “TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries,” 2022."},"place":"Boston, MA","year":"2022","title":"TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries","date_created":"2022-08-03T11:03:30Z","author":[{"last_name":"Maehren","full_name":"Maehren, Marcel","first_name":"Marcel"},{"full_name":"Nieting, Philipp","last_name":"Nieting","first_name":"Philipp"},{"first_name":"Sven Niclas","full_name":"Hebrok, Sven Niclas","id":"55616","last_name":"Hebrok","orcid":"0009-0006-1172-1665"},{"last_name":"Merget","full_name":"Merget, Robert","first_name":"Robert"},{"first_name":"Juraj","full_name":"Somorovsky, Juraj","id":"83504","orcid":"0000-0002-3593-7720","last_name":"Somorovsky"},{"first_name":"Jörg","last_name":"Schwenk","full_name":"Schwenk, Jörg"}],"date_updated":"2024-04-02T12:19:45Z","publisher":"USENIX Association","status":"public","type":"conference","publication":"31st USENIX Security Symposium (USENIX Security 22)","language":[{"iso":"eng"}],"user_id":"83504","department":[{"_id":"632"}],"_id":"32573"},{"date_updated":"2024-05-23T11:01:43Z","publisher":"IEEE","author":[{"first_name":"Hendrik","last_name":"Siewert","full_name":"Siewert, Hendrik"},{"last_name":"Kretschmer","full_name":"Kretschmer, Martin","first_name":"Martin"},{"first_name":"Marcus","last_name":"Niemietz","full_name":"Niemietz, Marcus"},{"last_name":"Somorovsky","orcid":"0000-0002-3593-7720","id":"83504","full_name":"Somorovsky, Juraj","first_name":"Juraj"}],"date_created":"2024-05-23T10:49:19Z","title":"On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers","doi":"10.1109/spw54247.2022.9833880","publication_status":"published","year":"2022","citation":{"apa":"Siewert, H., Kretschmer, M., Niemietz, M., & Somorovsky, J. (2022). On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers. 2022 IEEE Security and Privacy Workshops (SPW). https://doi.org/10.1109/spw54247.2022.9833880","short":"H. Siewert, M. Kretschmer, M. Niemietz, J. Somorovsky, in: 2022 IEEE Security and Privacy Workshops (SPW), IEEE, 2022.","mla":"Siewert, Hendrik, et al. “On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers.” 2022 IEEE Security and Privacy Workshops (SPW), IEEE, 2022, doi:10.1109/spw54247.2022.9833880.","bibtex":"@inproceedings{Siewert_Kretschmer_Niemietz_Somorovsky_2022, title={On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers}, DOI={10.1109/spw54247.2022.9833880}, booktitle={2022 IEEE Security and Privacy Workshops (SPW)}, publisher={IEEE}, author={Siewert, Hendrik and Kretschmer, Martin and Niemietz, Marcus and Somorovsky, Juraj}, year={2022} }","ieee":"H. Siewert, M. Kretschmer, M. Niemietz, and J. Somorovsky, “On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers,” 2022, doi: 10.1109/spw54247.2022.9833880.","chicago":"Siewert, Hendrik, Martin Kretschmer, Marcus Niemietz, and Juraj Somorovsky. “On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers.” In 2022 IEEE Security and Privacy Workshops (SPW). IEEE, 2022. https://doi.org/10.1109/spw54247.2022.9833880.","ama":"Siewert H, Kretschmer M, Niemietz M, Somorovsky J. On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers. In: 2022 IEEE Security and Privacy Workshops (SPW). IEEE; 2022. doi:10.1109/spw54247.2022.9833880"},"_id":"54435","user_id":"74619","department":[{"_id":"632"}],"language":[{"iso":"eng"}],"type":"conference","publication":"2022 IEEE Security and Privacy Workshops (SPW)","abstract":[{"lang":"eng","text":"Web browsers are among the most important but also complex software solutions to access the web. It is therefore not surprising that web browsers are an attractive target for attackers. Especially in the last decade, security researchers and browser vendors have developed sandboxing mechanisms like security-relevant HTTP headers to tackle the problem of getting a more secure browser. Although the security community is aware of the importance of security-relevant HTTP headers, legacy applications and individual requests from different parties have led to possible insecure configurations of these headers. Even if specific security headers are configured correctly, conflicts in their functionalities may lead to unforeseen browser behaviors and vulnerabilities. Recently, the first work which analyzed duplicated headers and conflicts in headers was published by Calzavara et al. at USENIX Security [1]. The authors focused on inconsistent protections by using both, the HTTP header X-Frame-Options and the framing protection of the Content-Security-Policy. We extend their work by analyzing browser behaviors when parsing duplicated headers, conflicting directives, and values that do not conform to the defined ABNF metalanguage specification. We created an open-source testbed running over 19,800 test cases, at which nearly 300 test cases are executed in the set of 66 different browsers. Our work shows that browsers conform to the specification and behave securely. However, all tested browsers behave differently when it comes, for example, to parsing the Strict-Transport-Security header. Moreover, Chrome, Safari, and Firefox behave differently if the header contains a character, which is not allowed by the defined ABNF. This results in the protection mechanism being fully enforced, partially enforced, or not enforced and thus completely bypassable."}],"status":"public"},{"publication":"30th {USENIX} Security Symposium ({USENIX} Security 21)","type":"conference","status":"public","department":[{"_id":"632"}],"user_id":"83504","_id":"25331","language":[{"iso":"eng"}],"publication_identifier":{"isbn":["978-1-939133-24-3"]},"page":"4293-4310","citation":{"bibtex":"@inproceedings{Brinkmann_Dresen_Merget_Poddebniak_Müller_Somorovsky_Schwenk_Schinzel_2021, title={ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication}, booktitle={30th {USENIX} Security Symposium ({USENIX} Security 21)}, publisher={{USENIX} Association}, author={Brinkmann, Marcus and Dresen, Christian and Merget, Robert and Poddebniak, Damian and Müller, Jens and Somorovsky, Juraj and Schwenk, Jörg and Schinzel, Sebastian}, year={2021}, pages={4293–4310} }","short":"M. Brinkmann, C. Dresen, R. Merget, D. Poddebniak, J. Müller, J. Somorovsky, J. Schwenk, S. Schinzel, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293–4310.","mla":"Brinkmann, Marcus, et al. “ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication.” 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293–310.","apa":"Brinkmann, M., Dresen, C., Merget, R., Poddebniak, D., Müller, J., Somorovsky, J., Schwenk, J., & Schinzel, S. (2021). ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. 30th {USENIX} Security Symposium ({USENIX} Security 21), 4293–4310.","chicago":"Brinkmann, Marcus, Christian Dresen, Robert Merget, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Jörg Schwenk, and Sebastian Schinzel. “ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication.” In 30th {USENIX} Security Symposium ({USENIX} Security 21), 4293–4310. {USENIX} Association, 2021.","ieee":"M. Brinkmann et al., “ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication,” in 30th {USENIX} Security Symposium ({USENIX} Security 21), 2021, pp. 4293–4310.","ama":"Brinkmann M, Dresen C, Merget R, et al. ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. In: 30th {USENIX} Security Symposium ({USENIX} Security 21). {USENIX} Association; 2021:4293-4310."},"year":"2021","date_created":"2021-10-04T18:53:47Z","author":[{"full_name":"Brinkmann, Marcus","last_name":"Brinkmann","first_name":"Marcus"},{"first_name":"Christian","last_name":"Dresen","full_name":"Dresen, Christian"},{"first_name":"Robert","last_name":"Merget","full_name":"Merget, Robert"},{"first_name":"Damian","full_name":"Poddebniak, Damian","last_name":"Poddebniak"},{"full_name":"Müller, Jens","last_name":"Müller","first_name":"Jens"},{"orcid":"0000-0002-3593-7720","last_name":"Somorovsky","id":"83504","full_name":"Somorovsky, Juraj","first_name":"Juraj"},{"first_name":"Jörg","last_name":"Schwenk","full_name":"Schwenk, Jörg"},{"first_name":"Sebastian","last_name":"Schinzel","full_name":"Schinzel, Sebastian"}],"date_updated":"2022-01-06T06:57:01Z","publisher":"{USENIX} Association","title":"ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication"},{"language":[{"iso":"eng"}],"_id":"25332","department":[{"_id":"632"}],"user_id":"83504","status":"public","publication":"30th {USENIX} Security Symposium ({USENIX} Security 21)","type":"conference","title":"Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)","publisher":"{USENIX} Association","date_updated":"2022-01-06T06:57:01Z","author":[{"first_name":"Robert","full_name":"Merget, Robert","last_name":"Merget"},{"last_name":"Brinkmann","full_name":"Brinkmann, Marcus","first_name":"Marcus"},{"first_name":"Nimrod","full_name":"Aviram, Nimrod","last_name":"Aviram"},{"last_name":"Somorovsky","orcid":"0000-0002-3593-7720","id":"83504","full_name":"Somorovsky, Juraj","first_name":"Juraj"},{"full_name":"Mittmann, Johannes","last_name":"Mittmann","first_name":"Johannes"},{"first_name":"Jörg","last_name":"Schwenk","full_name":"Schwenk, Jörg"}],"date_created":"2021-10-04T18:55:36Z","year":"2021","page":"213-230","citation":{"apa":"Merget, R., Brinkmann, M., Aviram, N., Somorovsky, J., Mittmann, J., & Schwenk, J. (2021). Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E). 30th {USENIX} Security Symposium ({USENIX} Security 21), 213–230.","bibtex":"@inproceedings{Merget_Brinkmann_Aviram_Somorovsky_Mittmann_Schwenk_2021, title={Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)}, booktitle={30th {USENIX} Security Symposium ({USENIX} Security 21)}, publisher={{USENIX} Association}, author={Merget, Robert and Brinkmann, Marcus and Aviram, Nimrod and Somorovsky, Juraj and Mittmann, Johannes and Schwenk, Jörg}, year={2021}, pages={213–230} }","mla":"Merget, Robert, et al. “Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E).” 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213–30.","short":"R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, J. Schwenk, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213–230.","ama":"Merget R, Brinkmann M, Aviram N, Somorovsky J, Mittmann J, Schwenk J. Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E). In: 30th {USENIX} Security Symposium ({USENIX} Security 21). {USENIX} Association; 2021:213-230.","chicago":"Merget, Robert, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, and Jörg Schwenk. “Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E).” In 30th {USENIX} Security Symposium ({USENIX} Security 21), 213–30. {USENIX} Association, 2021.","ieee":"R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, and J. Schwenk, “Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E),” in 30th {USENIX} Security Symposium ({USENIX} Security 21), 2021, pp. 213–230."},"publication_identifier":{"isbn":["978-1-939133-24-3"]}},{"language":[{"iso":"eng"}],"department":[{"_id":"632"}],"user_id":"83504","_id":"24143","status":"public","publication":"14th ACM Workshop on Artificial Intelligence and Security","type":"journal_article","title":"Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!","date_created":"2021-09-10T09:56:27Z","author":[{"first_name":"Jan Peter","last_name":"Drees","full_name":"Drees, Jan Peter"},{"first_name":"Pritha","id":"54803","full_name":"Gupta, Pritha","last_name":"Gupta"},{"first_name":"Eyke","full_name":"Hüllermeier, Eyke","id":"48129","last_name":"Hüllermeier"},{"first_name":"Tibor","last_name":"Jager","full_name":"Jager, Tibor"},{"first_name":"Alexander","full_name":"Konze, Alexander","last_name":"Konze"},{"first_name":"Claudia","last_name":"Priesterjahn","full_name":"Priesterjahn, Claudia"},{"full_name":"Ramaswamy, Arunselvan","id":"66937","orcid":"https://orcid.org/ 0000-0001-7547-8111","last_name":"Ramaswamy","first_name":"Arunselvan"},{"orcid":"0000-0002-3593-7720","last_name":"Somorovsky","id":"83504","full_name":"Somorovsky, Juraj","first_name":"Juraj"}],"date_updated":"2022-01-06T06:56:08Z","citation":{"mla":"Drees, Jan Peter, et al. “Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!” 14th ACM Workshop on Artificial Intelligence and Security, 2021.","short":"J.P. Drees, P. Gupta, E. Hüllermeier, T. Jager, A. Konze, C. Priesterjahn, A. Ramaswamy, J. Somorovsky, 14th ACM Workshop on Artificial Intelligence and Security (2021).","bibtex":"@article{Drees_Gupta_Hüllermeier_Jager_Konze_Priesterjahn_Ramaswamy_Somorovsky_2021, title={Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!}, journal={14th ACM Workshop on Artificial Intelligence and Security}, author={Drees, Jan Peter and Gupta, Pritha and Hüllermeier, Eyke and Jager, Tibor and Konze, Alexander and Priesterjahn, Claudia and Ramaswamy, Arunselvan and Somorovsky, Juraj}, year={2021} }","apa":"Drees, J. P., Gupta, P., Hüllermeier, E., Jager, T., Konze, A., Priesterjahn, C., Ramaswamy, A., & Somorovsky, J. (2021). Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs! 14th ACM Workshop on Artificial Intelligence and Security.","ama":"Drees JP, Gupta P, Hüllermeier E, et al. Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs! 14th ACM Workshop on Artificial Intelligence and Security. Published online 2021.","ieee":"J. P. Drees et al., “Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!,” 14th ACM Workshop on Artificial Intelligence and Security, 2021.","chicago":"Drees, Jan Peter, Pritha Gupta, Eyke Hüllermeier, Tibor Jager, Alexander Konze, Claudia Priesterjahn, Arunselvan Ramaswamy, and Juraj Somorovsky. “Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!” 14th ACM Workshop on Artificial Intelligence and Security, 2021."},"year":"2021"},{"publication":"29th {USENIX} Security Symposium ({USENIX} Security 20)","type":"conference","status":"public","department":[{"_id":"632"}],"user_id":"83504","_id":"25334","language":[{"iso":"eng"}],"publication_identifier":{"isbn":["978-1-939133-17-5"]},"page":"2523-2540","citation":{"mla":"Fiterau-Brostean, Paul, et al. “Analysis of DTLS Implementations Using Protocol State Fuzzing.” 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–40.","bibtex":"@inproceedings{Fiterau-Brostean_Jonsson_Merget_de Ruiter_Sagonas_Somorovsky_2020, title={Analysis of DTLS Implementations Using Protocol State Fuzzing}, booktitle={29th {USENIX} Security Symposium ({USENIX} Security 20)}, publisher={{USENIX} Association}, author={Fiterau-Brostean, Paul and Jonsson, Bengt and Merget, Robert and de Ruiter, Joeri and Sagonas, Konstantinos and Somorovsky, Juraj}, year={2020}, pages={2523–2540} }","short":"P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–2540.","apa":"Fiterau-Brostean, P., Jonsson, B., Merget, R., de Ruiter, J., Sagonas, K., & Somorovsky, J. (2020). Analysis of DTLS Implementations Using Protocol State Fuzzing. 29th {USENIX} Security Symposium ({USENIX} Security 20), 2523–2540.","ieee":"P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, and J. Somorovsky, “Analysis of DTLS Implementations Using Protocol State Fuzzing,” in 29th {USENIX} Security Symposium ({USENIX} Security 20), 2020, pp. 2523–2540.","chicago":"Fiterau-Brostean, Paul, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. “Analysis of DTLS Implementations Using Protocol State Fuzzing.” In 29th {USENIX} Security Symposium ({USENIX} Security 20), 2523–40. {USENIX} Association, 2020.","ama":"Fiterau-Brostean P, Jonsson B, Merget R, de Ruiter J, Sagonas K, Somorovsky J. Analysis of DTLS Implementations Using Protocol State Fuzzing. In: 29th {USENIX} Security Symposium ({USENIX} Security 20). {USENIX} Association; 2020:2523-2540."},"year":"2020","author":[{"full_name":"Fiterau-Brostean, Paul","last_name":"Fiterau-Brostean","first_name":"Paul"},{"last_name":"Jonsson","full_name":"Jonsson, Bengt","first_name":"Bengt"},{"first_name":"Robert","last_name":"Merget","full_name":"Merget, Robert"},{"first_name":"Joeri","last_name":"de Ruiter","full_name":"de Ruiter, Joeri"},{"first_name":"Konstantinos","last_name":"Sagonas","full_name":"Sagonas, Konstantinos"},{"id":"83504","full_name":"Somorovsky, Juraj","orcid":"0000-0002-3593-7720","last_name":"Somorovsky","first_name":"Juraj"}],"date_created":"2021-10-04T18:56:41Z","date_updated":"2022-01-06T06:57:01Z","publisher":"{USENIX} Association","title":"Analysis of DTLS Implementations Using Protocol State Fuzzing"}]