[{"status":"public","file":[{"date_updated":"2025-09-29T13:46:49Z","creator":"snhebrok","date_created":"2025-09-29T13:41:18Z","file_size":333869,"file_name":"paper.pdf","access_level":"open_access","file_id":"61465","content_type":"application/pdf","relation":"main_file"},{"relation":"supplementary_material","content_type":"application/pdf","file_size":162464,"file_name":"ae.pdf","file_id":"61466","access_level":"open_access","date_updated":"2025-09-29T13:46:49Z","date_created":"2025-09-29T13:41:27Z","creator":"snhebrok"},{"relation":"poster","content_type":"application/pdf","file_id":"61467","file_name":"poster.pdf","access_level":"open_access","file_size":535577,"date_created":"2025-09-29T13:41:41Z","creator":"snhebrok","date_updated":"2025-09-29T13:46:49Z"},{"relation":"slides","content_type":"application/pdf","file_size":3057223,"access_level":"open_access","file_name":"slides.pdf","file_id":"61468","date_updated":"2025-09-29T13:46:49Z","date_created":"2025-09-29T13:42:04Z","creator":"snhebrok"}],"publication":"34th USENIX Security Symposium","type":"conference","ddc":["000"],"file_date_updated":"2025-09-29T13:46:49Z","language":[{"iso":"eng"}],"_id":"60970","department":[{"_id":"632"}],"user_id":"55616","year":"2025","citation":{"short":"S.N. Hebrok, T.L. Storm, F.M. Cramer, M.M. Radoy, J. Somorovsky, in: 34th USENIX Security Symposium, 2025.","bibtex":"@inproceedings{Hebrok_Storm_Cramer_Radoy_Somorovsky_2025, title={STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets}, booktitle={34th USENIX Security Symposium}, author={Hebrok, Sven Niclas and Storm, Tim Leonhard and Cramer, Felix Matthias and Radoy, Maximilian Manfred and Somorovsky, Juraj}, year={2025} }","mla":"Hebrok, Sven Niclas, et al. “STEK Sharing Is Not Caring: Bypassing TLS Authentication in Web Servers Using Session Tickets.” <i>34th USENIX Security Symposium</i>, 2025.","apa":"Hebrok, S. N., Storm, T. L., Cramer, F. M., Radoy, M. M., &#38; Somorovsky, J. (2025). STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets. <i>34th USENIX Security Symposium</i>.","chicago":"Hebrok, Sven Niclas, Tim Leonhard Storm, Felix Matthias Cramer, Maximilian Manfred Radoy, and Juraj Somorovsky. “STEK Sharing Is Not Caring: Bypassing TLS Authentication in Web Servers Using Session Tickets.” In <i>34th USENIX Security Symposium</i>, 2025.","ieee":"S. N. Hebrok, T. L. Storm, F. M. Cramer, M. M. Radoy, and J. Somorovsky, “STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets,” 2025.","ama":"Hebrok SN, Storm TL, Cramer FM, Radoy MM, Somorovsky J. STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets. In: <i>34th USENIX Security Symposium</i>. ; 2025."},"has_accepted_license":"1","title":"STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets","main_file_link":[{"url":"https://www.usenix.org/conference/usenixsecurity25/presentation/hebrok","open_access":"1"}],"oa":"1","date_updated":"2025-09-29T13:46:49Z","author":[{"orcid":"0009-0006-1172-1665","last_name":"Hebrok","id":"55616","full_name":"Hebrok, Sven Niclas","first_name":"Sven Niclas"},{"id":"74914","full_name":"Storm, Tim Leonhard","last_name":"Storm","orcid":"0009-0001-2681-1624","first_name":"Tim Leonhard"},{"last_name":"Cramer","full_name":"Cramer, Felix Matthias","first_name":"Felix Matthias"},{"first_name":"Maximilian Manfred","full_name":"Radoy, Maximilian Manfred","id":"68826","orcid":"0009-0005-3059-6823","last_name":"Radoy"},{"first_name":"Juraj","last_name":"Somorovsky","orcid":"0000-0002-3593-7720","id":"83504","full_name":"Somorovsky, Juraj"}],"date_created":"2025-08-21T13:43:47Z"},{"_id":"56079","department":[{"_id":"632"}],"user_id":"68826","language":[{"iso":"eng"}],"publication":"Lecture Notes in Computer Science","type":"book_chapter","status":"public","date_updated":"2024-10-07T13:38:28Z","publisher":"Springer Nature Switzerland","author":[{"first_name":"Maximilian Manfred","orcid":"0009-0005-3059-6823","last_name":"Radoy","id":"68826","full_name":"Radoy, Maximilian Manfred"},{"first_name":"Sven Niclas","id":"55616","full_name":"Hebrok, Sven Niclas","orcid":"0009-0006-1172-1665","last_name":"Hebrok"},{"full_name":"Somorovsky, Juraj","id":"83504","last_name":"Somorovsky","orcid":"0000-0002-3593-7720","first_name":"Juraj"}],"date_created":"2024-09-06T07:06:14Z","title":"In Search of Partitioning Oracle Attacks Against TLS Session Tickets","doi":"10.1007/978-3-031-70896-1_16","publication_identifier":{"issn":["0302-9743","1611-3349"],"isbn":["9783031708954","9783031708961"]},"publication_status":"published","year":"2024","place":"Cham","citation":{"apa":"Radoy, M. M., Hebrok, S. N., &#38; Somorovsky, J. (2024). In Search of Partitioning Oracle Attacks Against TLS Session Tickets. In <i>Lecture Notes in Computer Science</i>. Springer Nature Switzerland. <a href=\"https://doi.org/10.1007/978-3-031-70896-1_16\">https://doi.org/10.1007/978-3-031-70896-1_16</a>","mla":"Radoy, Maximilian Manfred, et al. “In Search of Partitioning Oracle Attacks Against TLS Session Tickets.” <i>Lecture Notes in Computer Science</i>, Springer Nature Switzerland, 2024, doi:<a href=\"https://doi.org/10.1007/978-3-031-70896-1_16\">10.1007/978-3-031-70896-1_16</a>.","bibtex":"@inbook{Radoy_Hebrok_Somorovsky_2024, place={Cham}, title={In Search of Partitioning Oracle Attacks Against TLS Session Tickets}, DOI={<a href=\"https://doi.org/10.1007/978-3-031-70896-1_16\">10.1007/978-3-031-70896-1_16</a>}, booktitle={Lecture Notes in Computer Science}, publisher={Springer Nature Switzerland}, author={Radoy, Maximilian Manfred and Hebrok, Sven Niclas and Somorovsky, Juraj}, year={2024} }","short":"M.M. Radoy, S.N. Hebrok, J. Somorovsky, in: Lecture Notes in Computer Science, Springer Nature Switzerland, Cham, 2024.","chicago":"Radoy, Maximilian Manfred, Sven Niclas Hebrok, and Juraj Somorovsky. “In Search of Partitioning Oracle Attacks Against TLS Session Tickets.” In <i>Lecture Notes in Computer Science</i>. Cham: Springer Nature Switzerland, 2024. <a href=\"https://doi.org/10.1007/978-3-031-70896-1_16\">https://doi.org/10.1007/978-3-031-70896-1_16</a>.","ieee":"M. M. Radoy, S. N. Hebrok, and J. Somorovsky, “In Search of Partitioning Oracle Attacks Against TLS Session Tickets,” in <i>Lecture Notes in Computer Science</i>, Cham: Springer Nature Switzerland, 2024.","ama":"Radoy MM, Hebrok SN, Somorovsky J. In Search of Partitioning Oracle Attacks Against TLS Session Tickets. In: <i>Lecture Notes in Computer Science</i>. Springer Nature Switzerland; 2024. doi:<a href=\"https://doi.org/10.1007/978-3-031-70896-1_16\">10.1007/978-3-031-70896-1_16</a>"}},{"quality_controlled":"1","year":"2024","citation":{"ama":"Bäumer F, Brinkmann M, Erinola N, et al. TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations. In: <i>Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24)</i>. ; 2024.","ieee":"F. Bäumer <i>et al.</i>, “TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations,” presented at the Annual Computer Security Applications Conference, Hawaii, 2024.","chicago":"Bäumer, Fabian, Marcus Brinkmann, Nurullah Erinola, Sven Niclas Hebrok, Nico Heitmann, Felix Lange, Marcel Maehren, et al. “TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations.” In <i>Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24)</i>, 2024.","apa":"Bäumer, F., Brinkmann, M., Erinola, N., Hebrok, S. N., Heitmann, N., Lange, F., Maehren, M., Merget, R., Niere, N., Radoy, M. M., Schmidt, C., Schwenk, J., &#38; Somorovsky, J. (2024). TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations. <i>Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24)</i>. Annual Computer Security Applications Conference, Hawaii.","short":"F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange, M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky, in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24), 2024.","mla":"Bäumer, Fabian, et al. “TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations.” <i>Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24)</i>, 2024.","bibtex":"@inproceedings{Bäumer_Brinkmann_Erinola_Hebrok_Heitmann_Lange_Maehren_Merget_Niere_Radoy_et al._2024, title={TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations}, booktitle={Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24)}, author={Bäumer, Fabian and Brinkmann, Marcus and Erinola, Nurullah and Hebrok, Sven Niclas and Heitmann, Nico and Lange, Felix and Maehren, Marcel and Merget, Robert and Niere, Niklas and Radoy, Maximilian Manfred and et al.}, year={2024} }"},"date_updated":"2025-02-27T08:02:30Z","date_created":"2024-12-17T11:25:14Z","author":[{"full_name":"Bäumer, Fabian","last_name":"Bäumer","first_name":"Fabian"},{"full_name":"Brinkmann, Marcus","last_name":"Brinkmann","first_name":"Marcus"},{"full_name":"Erinola, Nurullah","last_name":"Erinola","first_name":"Nurullah"},{"first_name":"Sven Niclas","orcid":"0009-0006-1172-1665","last_name":"Hebrok","full_name":"Hebrok, Sven Niclas","id":"55616"},{"orcid":"0009-0003-7687-7044","last_name":"Heitmann","full_name":"Heitmann, Nico","id":"74619","first_name":"Nico"},{"last_name":"Lange","full_name":"Lange, Felix","id":"67893","first_name":"Felix"},{"full_name":"Maehren, Marcel","last_name":"Maehren","first_name":"Marcel"},{"full_name":"Merget, Robert","last_name":"Merget","first_name":"Robert"},{"first_name":"Niklas","last_name":"Niere","id":"63563","full_name":"Niere, Niklas"},{"first_name":"Maximilian Manfred","last_name":"Radoy","orcid":"0009-0005-3059-6823","id":"68826","full_name":"Radoy, Maximilian Manfred"},{"first_name":"Conrad","full_name":"Schmidt, Conrad","last_name":"Schmidt"},{"first_name":"Jörg","last_name":"Schwenk","full_name":"Schwenk, Jörg"},{"first_name":"Juraj","orcid":"0000-0002-3593-7720","last_name":"Somorovsky","full_name":"Somorovsky, Juraj","id":"83504"}],"title":"TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations","conference":{"name":"Annual Computer Security Applications Conference","start_date":"2024-12-09","end_date":"2024-12-13","location":"Hawaii"},"publication":"Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24)","type":"conference","abstract":[{"text":"TLS-Attacker is an open-source framework for analyzing Transport\r\nLayer Security (TLS) implementations. The framework allows users\r\nto specify custom protocol flows and provides modification hooks to\r\nmanipulate message contents. Since its initial publication in 2016 by\r\nJuraj Somorovsky, TLS-Attacker has been used in numerous studies\r\npublished at well-established conferences and helped to identify\r\nvulnerabilities in well-known open-source TLS libraries. To enable\r\nautomated analyses, TLS-Attacker has grown into a suite of projects,\r\neach designed as a building block that can be applied to facilitate\r\nvarious analysis methodologies. The framework still undergoes\r\ncontinuous improvements with feature extensions, such as DTLS\r\n1.3 or the addition of new dialects such as QUIC, to continue its\r\neffectiveness and relevancy as a security analysis framework.","lang":"eng"}],"status":"public","_id":"57816","department":[{"_id":"632"}],"user_id":"67893","keyword":["SSL","TLS","DTLS","Protocol State Fuzzing","Planning Based"],"language":[{"iso":"eng"}]}]