---
_id: '60970'
author:
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
orcid: 0009-0006-1172-1665
- first_name: Tim Leonhard
full_name: Storm, Tim Leonhard
id: '74914'
last_name: Storm
orcid: 0009-0001-2681-1624
- first_name: Felix Matthias
full_name: Cramer, Felix Matthias
last_name: Cramer
- first_name: Maximilian Manfred
full_name: Radoy, Maximilian Manfred
id: '68826'
last_name: Radoy
orcid: 0009-0005-3059-6823
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Hebrok SN, Storm TL, Cramer FM, Radoy MM, Somorovsky J. STEK Sharing is Not
Caring: Bypassing TLS Authentication in Web Servers using Session Tickets. In:
34th USENIX Security Symposium. ; 2025.'
apa: 'Hebrok, S. N., Storm, T. L., Cramer, F. M., Radoy, M. M., & Somorovsky,
J. (2025). STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers
using Session Tickets. 34th USENIX Security Symposium.'
bibtex: '@inproceedings{Hebrok_Storm_Cramer_Radoy_Somorovsky_2025, title={STEK Sharing
is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets},
booktitle={34th USENIX Security Symposium}, author={Hebrok, Sven Niclas and Storm,
Tim Leonhard and Cramer, Felix Matthias and Radoy, Maximilian Manfred and Somorovsky,
Juraj}, year={2025} }'
chicago: 'Hebrok, Sven Niclas, Tim Leonhard Storm, Felix Matthias Cramer, Maximilian
Manfred Radoy, and Juraj Somorovsky. “STEK Sharing Is Not Caring: Bypassing TLS
Authentication in Web Servers Using Session Tickets.” In 34th USENIX Security
Symposium, 2025.'
ieee: 'S. N. Hebrok, T. L. Storm, F. M. Cramer, M. M. Radoy, and J. Somorovsky,
“STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using
Session Tickets,” 2025.'
mla: 'Hebrok, Sven Niclas, et al. “STEK Sharing Is Not Caring: Bypassing TLS Authentication
in Web Servers Using Session Tickets.” 34th USENIX Security Symposium,
2025.'
short: 'S.N. Hebrok, T.L. Storm, F.M. Cramer, M.M. Radoy, J. Somorovsky, in: 34th
USENIX Security Symposium, 2025.'
date_created: 2025-08-21T13:43:47Z
date_updated: 2025-09-29T13:46:49Z
ddc:
- '000'
department:
- _id: '632'
file:
- access_level: open_access
content_type: application/pdf
creator: snhebrok
date_created: 2025-09-29T13:41:18Z
date_updated: 2025-09-29T13:46:49Z
file_id: '61465'
file_name: paper.pdf
file_size: 333869
relation: main_file
- access_level: open_access
content_type: application/pdf
creator: snhebrok
date_created: 2025-09-29T13:41:27Z
date_updated: 2025-09-29T13:46:49Z
file_id: '61466'
file_name: ae.pdf
file_size: 162464
relation: supplementary_material
- access_level: open_access
content_type: application/pdf
creator: snhebrok
date_created: 2025-09-29T13:41:41Z
date_updated: 2025-09-29T13:46:49Z
file_id: '61467'
file_name: poster.pdf
file_size: 535577
relation: poster
- access_level: open_access
content_type: application/pdf
creator: snhebrok
date_created: 2025-09-29T13:42:04Z
date_updated: 2025-09-29T13:46:49Z
file_id: '61468'
file_name: slides.pdf
file_size: 3057223
relation: slides
file_date_updated: 2025-09-29T13:46:49Z
has_accepted_license: '1'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://www.usenix.org/conference/usenixsecurity25/presentation/hebrok
oa: '1'
publication: 34th USENIX Security Symposium
status: public
title: 'STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using
Session Tickets'
type: conference
user_id: '55616'
year: '2025'
...
---
_id: '56079'
author:
- first_name: Maximilian Manfred
full_name: Radoy, Maximilian Manfred
id: '68826'
last_name: Radoy
orcid: 0009-0005-3059-6823
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
orcid: 0009-0006-1172-1665
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Radoy MM, Hebrok SN, Somorovsky J. In Search of Partitioning Oracle Attacks
Against TLS Session Tickets. In: Lecture Notes in Computer Science. Springer
Nature Switzerland; 2024. doi:10.1007/978-3-031-70896-1_16'
apa: Radoy, M. M., Hebrok, S. N., & Somorovsky, J. (2024). In Search of Partitioning
Oracle Attacks Against TLS Session Tickets. In Lecture Notes in Computer Science.
Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-70896-1_16
bibtex: '@inbook{Radoy_Hebrok_Somorovsky_2024, place={Cham}, title={In Search of Partitioning
Oracle Attacks Against TLS Session Tickets}, DOI={10.1007/978-3-031-70896-1_16},
booktitle={Lecture Notes in Computer Science}, publisher={Springer Nature Switzerland},
author={Radoy, Maximilian Manfred and Hebrok, Sven Niclas and Somorovsky, Juraj},
year={2024} }'
chicago: 'Radoy, Maximilian Manfred, Sven Niclas Hebrok, and Juraj Somorovsky. “In
Search of Partitioning Oracle Attacks Against TLS Session Tickets.” In Lecture
Notes in Computer Science. Cham: Springer Nature Switzerland, 2024. https://doi.org/10.1007/978-3-031-70896-1_16.'
ieee: 'M. M. Radoy, S. N. Hebrok, and J. Somorovsky, “In Search of Partitioning
Oracle Attacks Against TLS Session Tickets,” in Lecture Notes in Computer Science,
Cham: Springer Nature Switzerland, 2024.'
mla: Radoy, Maximilian Manfred, et al. “In Search of Partitioning Oracle Attacks
Against TLS Session Tickets.” Lecture Notes in Computer Science, Springer
Nature Switzerland, 2024, doi:10.1007/978-3-031-70896-1_16.
short: 'M.M. Radoy, S.N. Hebrok, J. Somorovsky, in: Lecture Notes in Computer Science,
Springer Nature Switzerland, Cham, 2024.'
date_created: 2024-09-06T07:06:14Z
date_updated: 2024-10-07T13:38:28Z
department:
- _id: '632'
doi: 10.1007/978-3-031-70896-1_16
language:
- iso: eng
place: Cham
publication: Lecture Notes in Computer Science
publication_identifier:
isbn:
- '9783031708954'
- '9783031708961'
issn:
- 0302-9743
- 1611-3349
publication_status: published
publisher: Springer Nature Switzerland
status: public
title: In Search of Partitioning Oracle Attacks Against TLS Session Tickets
type: book_chapter
user_id: '68826'
year: '2024'
...
---
_id: '57816'
abstract:
- lang: eng
text: "TLS-Attacker is an open-source framework for analyzing Transport\r\nLayer
Security (TLS) implementations. The framework allows users\r\nto specify custom
protocol flows and provides modification hooks to\r\nmanipulate message contents.
Since its initial publication in 2016 by\r\nJuraj Somorovsky, TLS-Attacker has
been used in numerous studies\r\npublished at well-established conferences and
helped to identify\r\nvulnerabilities in well-known open-source TLS libraries.
To enable\r\nautomated analyses, TLS-Attacker has grown into a suite of projects,\r\neach
designed as a building block that can be applied to facilitate\r\nvarious analysis
methodologies. The framework still undergoes\r\ncontinuous improvements with feature
extensions, such as DTLS\r\n1.3 or the addition of new dialects such as QUIC,
to continue its\r\neffectiveness and relevancy as a security analysis framework."
author:
- first_name: Fabian
full_name: Bäumer, Fabian
last_name: Bäumer
- first_name: Marcus
full_name: Brinkmann, Marcus
last_name: Brinkmann
- first_name: Nurullah
full_name: Erinola, Nurullah
last_name: Erinola
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
orcid: 0009-0006-1172-1665
- first_name: Nico
full_name: Heitmann, Nico
id: '74619'
last_name: Heitmann
orcid: 0009-0003-7687-7044
- first_name: Felix
full_name: Lange, Felix
id: '67893'
last_name: Lange
- first_name: Marcel
full_name: Maehren, Marcel
last_name: Maehren
- first_name: Robert
full_name: Merget, Robert
last_name: Merget
- first_name: Niklas
full_name: Niere, Niklas
id: '63563'
last_name: Niere
- first_name: Maximilian Manfred
full_name: Radoy, Maximilian Manfred
id: '68826'
last_name: Radoy
orcid: 0009-0005-3059-6823
- first_name: Conrad
full_name: Schmidt, Conrad
last_name: Schmidt
- first_name: Jörg
full_name: Schwenk, Jörg
last_name: Schwenk
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Bäumer F, Brinkmann M, Erinola N, et al. TLS-Attacker: A Dynamic Framework
for Analyzing TLS Implementations. In: Proceedings of Cybersecurity Artifacts
Competition and Impact Award (ACSAC ’24). ; 2024.'
apa: 'Bäumer, F., Brinkmann, M., Erinola, N., Hebrok, S. N., Heitmann, N., Lange,
F., Maehren, M., Merget, R., Niere, N., Radoy, M. M., Schmidt, C., Schwenk, J.,
& Somorovsky, J. (2024). TLS-Attacker: A Dynamic Framework for Analyzing TLS
Implementations. Proceedings of Cybersecurity Artifacts Competition and Impact
Award (ACSAC ’24). Annual Computer Security Applications Conference, Hawaii.'
bibtex: '@inproceedings{Bäumer_Brinkmann_Erinola_Hebrok_Heitmann_Lange_Maehren_Merget_Niere_Radoy_et
al._2024, title={TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations},
booktitle={Proceedings of Cybersecurity Artifacts Competition and Impact Award
(ACSAC ’24)}, author={Bäumer, Fabian and Brinkmann, Marcus and Erinola, Nurullah
and Hebrok, Sven Niclas and Heitmann, Nico and Lange, Felix and Maehren, Marcel
and Merget, Robert and Niere, Niklas and Radoy, Maximilian Manfred and et al.},
year={2024} }'
chicago: 'Bäumer, Fabian, Marcus Brinkmann, Nurullah Erinola, Sven Niclas Hebrok,
Nico Heitmann, Felix Lange, Marcel Maehren, et al. “TLS-Attacker: A Dynamic Framework
for Analyzing TLS Implementations.” In Proceedings of Cybersecurity Artifacts
Competition and Impact Award (ACSAC ’24), 2024.'
ieee: 'F. Bäumer et al., “TLS-Attacker: A Dynamic Framework for Analyzing
TLS Implementations,” presented at the Annual Computer Security Applications Conference,
Hawaii, 2024.'
mla: 'Bäumer, Fabian, et al. “TLS-Attacker: A Dynamic Framework for Analyzing TLS
Implementations.” Proceedings of Cybersecurity Artifacts Competition and Impact
Award (ACSAC ’24), 2024.'
short: 'F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange,
M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky,
in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC
’24), 2024.'
conference:
end_date: 2024-12-13
location: Hawaii
name: Annual Computer Security Applications Conference
start_date: 2024-12-09
date_created: 2024-12-17T11:25:14Z
date_updated: 2025-02-27T08:02:30Z
department:
- _id: '632'
keyword:
- SSL
- TLS
- DTLS
- Protocol State Fuzzing
- Planning Based
language:
- iso: eng
publication: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC
’24)
quality_controlled: '1'
status: public
title: 'TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations'
type: conference
user_id: '67893'
year: '2024'
...
---
_id: '49654'
abstract:
- lang: eng
text: State actors around the world censor the HTTPS protocol to block access to
certain websites. While many circumvention strategies utilize the TCP layer only
little emphasis has been placed on the analysis of TLS-a complex protocol and
integral building block of HTTPS. In contrast to the TCP layer, circumvention
methods on the TLS layer do not require root privileges since TLS operates on
the application layer. With this proposal, we want to motivate a deeper analysis
of TLS in regard to censorship circumvention techniques. To prove the existence
of such techniques, we present TLS record fragmentation as a novel circumvention
technique and circumvent the Great Firewall of China (GFW) using this technique.
We hope that our research fosters collaboration between censorship and TLS researchers.
author:
- first_name: Niklas
full_name: Niere, Niklas
id: '63563'
last_name: Niere
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
orcid: 0009-0006-1172-1665
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
- first_name: Robert
full_name: Merget, Robert
last_name: Merget
citation:
ama: 'Niere N, Hebrok SN, Somorovsky J, Merget R. Poster: Circumventing the GFW
with TLS Record Fragmentation. In: Proceedings of the 2023 ACM SIGSAC Conference
on Computer and Communications Security. ACM; 2023. doi:10.1145/3576915.3624372'
apa: 'Niere, N., Hebrok, S. N., Somorovsky, J., & Merget, R. (2023). Poster:
Circumventing the GFW with TLS Record Fragmentation. Proceedings of the 2023
ACM SIGSAC Conference on Computer and Communications Security. https://doi.org/10.1145/3576915.3624372'
bibtex: '@inproceedings{Niere_Hebrok_Somorovsky_Merget_2023, title={Poster: Circumventing
the GFW with TLS Record Fragmentation}, DOI={10.1145/3576915.3624372},
booktitle={Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications
Security}, publisher={ACM}, author={Niere, Niklas and Hebrok, Sven Niclas and
Somorovsky, Juraj and Merget, Robert}, year={2023} }'
chicago: 'Niere, Niklas, Sven Niclas Hebrok, Juraj Somorovsky, and Robert Merget.
“Poster: Circumventing the GFW with TLS Record Fragmentation.” In Proceedings
of the 2023 ACM SIGSAC Conference on Computer and Communications Security.
ACM, 2023. https://doi.org/10.1145/3576915.3624372.'
ieee: 'N. Niere, S. N. Hebrok, J. Somorovsky, and R. Merget, “Poster: Circumventing
the GFW with TLS Record Fragmentation,” 2023, doi: 10.1145/3576915.3624372.'
mla: 'Niere, Niklas, et al. “Poster: Circumventing the GFW with TLS Record Fragmentation.”
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications
Security, ACM, 2023, doi:10.1145/3576915.3624372.'
short: 'N. Niere, S.N. Hebrok, J. Somorovsky, R. Merget, in: Proceedings of the
2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023.'
date_created: 2023-12-15T07:34:24Z
date_updated: 2024-04-02T12:17:18Z
department:
- _id: '632'
doi: 10.1145/3576915.3624372
language:
- iso: eng
publication: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications
Security
publication_status: published
publisher: ACM
status: public
title: 'Poster: Circumventing the GFW with TLS Record Fragmentation'
type: conference
user_id: '83504'
year: '2023'
...
---
_id: '43060'
author:
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
- first_name: Simon
full_name: Nachtigall, Simon
last_name: Nachtigall
- first_name: Marcel
full_name: Maehren, Marcel
last_name: Maehren
- first_name: Nurullah
full_name: Erinola, Nurullah
last_name: Erinola
- first_name: Robert
full_name: Merget, Robert
last_name: Merget
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
- first_name: Jörg
full_name: Schwenk, Jörg
last_name: Schwenk
citation:
ama: 'Hebrok SN, Nachtigall S, Maehren M, et al. We Really Need to Talk About Session
Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets.
In: 32nd USENIX Security Symposium. ; 2023.'
apa: 'Hebrok, S. N., Nachtigall, S., Maehren, M., Erinola, N., Merget, R., Somorovsky,
J., & Schwenk, J. (2023). We Really Need to Talk About Session Tickets: A
Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets. 32nd
USENIX Security Symposium.'
bibtex: '@inproceedings{Hebrok_Nachtigall_Maehren_Erinola_Merget_Somorovsky_Schwenk_2023,
title={We Really Need to Talk About Session Tickets: A Large-Scale Analysis of
Cryptographic Dangers with TLS Session Tickets}, booktitle={32nd USENIX Security
Symposium}, author={Hebrok, Sven Niclas and Nachtigall, Simon and Maehren, Marcel
and Erinola, Nurullah and Merget, Robert and Somorovsky, Juraj and Schwenk, Jörg},
year={2023} }'
chicago: 'Hebrok, Sven Niclas, Simon Nachtigall, Marcel Maehren, Nurullah Erinola,
Robert Merget, Juraj Somorovsky, and Jörg Schwenk. “We Really Need to Talk About
Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session
Tickets.” In 32nd USENIX Security Symposium, 2023.'
ieee: 'S. N. Hebrok et al., “We Really Need to Talk About Session Tickets:
A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets,” 2023.'
mla: 'Hebrok, Sven Niclas, et al. “We Really Need to Talk About Session Tickets:
A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets.” 32nd
USENIX Security Symposium, 2023.'
short: 'S.N. Hebrok, S. Nachtigall, M. Maehren, N. Erinola, R. Merget, J. Somorovsky,
J. Schwenk, in: 32nd USENIX Security Symposium, 2023.'
date_created: 2023-03-22T08:15:42Z
date_updated: 2023-06-21T06:49:56Z
department:
- _id: '632'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://www.usenix.org/conference/usenixsecurity23/presentation/hebrok
oa: '1'
publication: 32nd USENIX Security Symposium
status: public
title: 'We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic
Dangers with TLS Session Tickets'
type: conference
user_id: '83504'
year: '2023'
...
---
_id: '32573'
author:
- first_name: Marcel
full_name: Maehren, Marcel
last_name: Maehren
- first_name: Philipp
full_name: Nieting, Philipp
last_name: Nieting
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
orcid: 0009-0006-1172-1665
- first_name: Robert
full_name: Merget, Robert
last_name: Merget
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
- first_name: Jörg
full_name: Schwenk, Jörg
last_name: Schwenk
citation:
ama: 'Maehren M, Nieting P, Hebrok SN, Merget R, Somorovsky J, Schwenk J. TLS-Anvil:
Adapting Combinatorial Testing for TLS Libraries. In: 31st USENIX Security
Symposium (USENIX Security 22). USENIX Association; 2022.'
apa: 'Maehren, M., Nieting, P., Hebrok, S. N., Merget, R., Somorovsky, J., &
Schwenk, J. (2022). TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries.
31st USENIX Security Symposium (USENIX Security 22).'
bibtex: '@inproceedings{Maehren_Nieting_Hebrok_Merget_Somorovsky_Schwenk_2022, place={Boston,
MA}, title={TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries}, booktitle={31st
USENIX Security Symposium (USENIX Security 22)}, publisher={USENIX Association},
author={Maehren, Marcel and Nieting, Philipp and Hebrok, Sven Niclas and Merget,
Robert and Somorovsky, Juraj and Schwenk, Jörg}, year={2022} }'
chicago: 'Maehren, Marcel, Philipp Nieting, Sven Niclas Hebrok, Robert Merget, Juraj
Somorovsky, and Jörg Schwenk. “TLS-Anvil: Adapting Combinatorial Testing for TLS
Libraries.” In 31st USENIX Security Symposium (USENIX Security 22). Boston,
MA: USENIX Association, 2022.'
ieee: 'M. Maehren, P. Nieting, S. N. Hebrok, R. Merget, J. Somorovsky, and J. Schwenk,
“TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries,” 2022.'
mla: 'Maehren, Marcel, et al. “TLS-Anvil: Adapting Combinatorial Testing for TLS
Libraries.” 31st USENIX Security Symposium (USENIX Security 22), USENIX
Association, 2022.'
short: 'M. Maehren, P. Nieting, S.N. Hebrok, R. Merget, J. Somorovsky, J. Schwenk,
in: 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, Boston,
MA, 2022.'
date_created: 2022-08-03T11:03:30Z
date_updated: 2024-04-02T12:19:45Z
department:
- _id: '632'
language:
- iso: eng
place: Boston, MA
publication: 31st USENIX Security Symposium (USENIX Security 22)
publisher: USENIX Association
status: public
title: 'TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries'
type: conference
user_id: '83504'
year: '2022'
...