---
_id: '60970'
author:
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
orcid: 0009-0006-1172-1665
- first_name: Tim Leonhard
full_name: Storm, Tim Leonhard
id: '74914'
last_name: Storm
orcid: 0009-0001-2681-1624
- first_name: Felix Matthias
full_name: Cramer, Felix Matthias
last_name: Cramer
- first_name: Maximilian Manfred
full_name: Radoy, Maximilian Manfred
id: '68826'
last_name: Radoy
orcid: 0009-0005-3059-6823
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
citation:
ama: 'Hebrok SN, Storm TL, Cramer FM, Radoy MM, Somorovsky J. STEK Sharing is Not
Caring: Bypassing TLS Authentication in Web Servers using Session Tickets. In:
34th USENIX Security Symposium. ; 2025.'
apa: 'Hebrok, S. N., Storm, T. L., Cramer, F. M., Radoy, M. M., & Somorovsky,
J. (2025). STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers
using Session Tickets. 34th USENIX Security Symposium.'
bibtex: '@inproceedings{Hebrok_Storm_Cramer_Radoy_Somorovsky_2025, title={STEK Sharing
is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets},
booktitle={34th USENIX Security Symposium}, author={Hebrok, Sven Niclas and Storm,
Tim Leonhard and Cramer, Felix Matthias and Radoy, Maximilian Manfred and Somorovsky,
Juraj}, year={2025} }'
chicago: 'Hebrok, Sven Niclas, Tim Leonhard Storm, Felix Matthias Cramer, Maximilian
Manfred Radoy, and Juraj Somorovsky. “STEK Sharing Is Not Caring: Bypassing TLS
Authentication in Web Servers Using Session Tickets.” In 34th USENIX Security
Symposium, 2025.'
ieee: 'S. N. Hebrok, T. L. Storm, F. M. Cramer, M. M. Radoy, and J. Somorovsky,
“STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using
Session Tickets,” 2025.'
mla: 'Hebrok, Sven Niclas, et al. “STEK Sharing Is Not Caring: Bypassing TLS Authentication
in Web Servers Using Session Tickets.” 34th USENIX Security Symposium,
2025.'
short: 'S.N. Hebrok, T.L. Storm, F.M. Cramer, M.M. Radoy, J. Somorovsky, in: 34th
USENIX Security Symposium, 2025.'
date_created: 2025-08-21T13:43:47Z
date_updated: 2025-09-29T13:46:49Z
ddc:
- '000'
department:
- _id: '632'
file:
- access_level: open_access
content_type: application/pdf
creator: snhebrok
date_created: 2025-09-29T13:41:18Z
date_updated: 2025-09-29T13:46:49Z
file_id: '61465'
file_name: paper.pdf
file_size: 333869
relation: main_file
- access_level: open_access
content_type: application/pdf
creator: snhebrok
date_created: 2025-09-29T13:41:27Z
date_updated: 2025-09-29T13:46:49Z
file_id: '61466'
file_name: ae.pdf
file_size: 162464
relation: supplementary_material
- access_level: open_access
content_type: application/pdf
creator: snhebrok
date_created: 2025-09-29T13:41:41Z
date_updated: 2025-09-29T13:46:49Z
file_id: '61467'
file_name: poster.pdf
file_size: 535577
relation: poster
- access_level: open_access
content_type: application/pdf
creator: snhebrok
date_created: 2025-09-29T13:42:04Z
date_updated: 2025-09-29T13:46:49Z
file_id: '61468'
file_name: slides.pdf
file_size: 3057223
relation: slides
file_date_updated: 2025-09-29T13:46:49Z
has_accepted_license: '1'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://www.usenix.org/conference/usenixsecurity25/presentation/hebrok
oa: '1'
publication: 34th USENIX Security Symposium
status: public
title: 'STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using
Session Tickets'
type: conference
user_id: '55616'
year: '2025'
...
---
_id: '52251'
abstract:
- lang: eng
text: Session tickets are a resumption mechanism, which can speed up repeated TLS
connections. To do so, information is stored client-side, encrypted with an additional
symmetric key, which is separate from existing private keys. A server only has
to store this key, making session tickets stateless for the server. If the key
is shared between servers, a client can be misled into resuming a session with
a different, less secure server. In this thesis, we design and implement a scan
for detecting prerequisites to such an attack, by requesting and redeeming tickets
for pair-wise servers. We find that 17,901 out of 22,127 scanned (virtual) hosts
are potentially vulnerable to this attack because they share their keys and accept
tickets issued for other domains. We discuss the difficulties of detecting such
an attack and show that unfortunately, our approach does not scale to larger sample
sizes.
author:
- first_name: Tim Leonhard
full_name: Storm, Tim Leonhard
id: '74914'
last_name: Storm
citation:
ama: Storm TL. Large Scale Scanning of TLS Session Ticket Confusion.; 2023.
doi:10.17619/UNIPB/1-1770
apa: Storm, T. L. (2023). Large Scale Scanning of TLS Session Ticket Confusion.
https://doi.org/10.17619/UNIPB/1-1770
bibtex: '@book{Storm_2023, title={Large Scale Scanning of TLS Session Ticket Confusion},
DOI={10.17619/UNIPB/1-1770 },
author={Storm, Tim Leonhard}, year={2023} }'
chicago: Storm, Tim Leonhard. Large Scale Scanning of TLS Session Ticket Confusion,
2023. https://doi.org/10.17619/UNIPB/1-1770
.
ieee: T. L. Storm, Large Scale Scanning of TLS Session Ticket Confusion.
2023.
mla: Storm, Tim Leonhard. Large Scale Scanning of TLS Session Ticket Confusion.
2023, doi:10.17619/UNIPB/1-1770
.
short: T.L. Storm, Large Scale Scanning of TLS Session Ticket Confusion, 2023.
date_created: 2024-03-04T13:37:31Z
date_updated: 2024-03-04T13:42:33Z
ddc:
- '006'
doi: '10.17619/UNIPB/1-1770 '
file:
- access_level: open_access
content_type: application/pdf
creator: tistorm
date_created: 2024-03-04T13:36:14Z
date_updated: 2024-03-04T13:38:38Z
file_id: '52253'
file_name: BT_Tim_Storm_14_05_23_signed.pdf
file_size: 1577963
relation: main_file
file_date_updated: 2024-03-04T13:38:38Z
has_accepted_license: '1'
language:
- iso: eng
oa: '1'
page: '54'
status: public
supervisor:
- first_name: Juraj
full_name: Somorovsky, Juraj
id: '83504'
last_name: Somorovsky
orcid: 0000-0002-3593-7720
- first_name: Sven Niclas
full_name: Hebrok, Sven Niclas
id: '55616'
last_name: Hebrok
orcid: 0009-0006-1172-1665
title: Large Scale Scanning of TLS Session Ticket Confusion
type: bachelorsthesis
user_id: '74914'
year: '2023'
...