49 Publications
2024 | Conference Paper | LibreCat-ID: 54437
Security Analysis of BigBlueButton and eduMEET
N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security, Springer Nature Switzerland, Cham, 2024.
LibreCat
| DOI
| Download (ext.)
N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security, Springer Nature Switzerland, Cham, 2024.
2024 | Conference Paper | LibreCat-ID: 55137 |
Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling
P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.
LibreCat
| Files available
| Download (ext.)
P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.
2024 | Book Chapter | LibreCat-ID: 56079
In Search of Partitioning Oracle Attacks Against TLS Session Tickets
M.M. Radoy, S.N. Hebrok, J. Somorovsky, in: Lecture Notes in Computer Science, Springer Nature Switzerland, Cham, 2024.
LibreCat
| DOI
M.M. Radoy, S.N. Hebrok, J. Somorovsky, in: Lecture Notes in Computer Science, Springer Nature Switzerland, Cham, 2024.
2024 | Conference Paper | LibreCat-ID: 57816
TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations
F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange, M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky, in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24), 2024.
LibreCat
F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange, M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky, in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24), 2024.
2023 | Conference Paper | LibreCat-ID: 49654
Poster: Circumventing the GFW with TLS Record Fragmentation
N. Niere, S.N. Hebrok, J. Somorovsky, R. Merget, in: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023.
LibreCat
| DOI
N. Niere, S.N. Hebrok, J. Somorovsky, R. Merget, in: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023.
2023 | Conference Paper | LibreCat-ID: 46500
Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth
J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.
LibreCat
| Files available
| DOI
| Download (ext.)
J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.
2023 | Conference Paper | LibreCat-ID: 48012 |
Security Analysis of the 3MF Data Format
J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.
LibreCat
| Files available
| DOI
| Download (ext.)
J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.
2023 | Conference Paper | LibreCat-ID: 43060 |
We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets
S.N. Hebrok, S. Nachtigall, M. Maehren, N. Erinola, R. Merget, J. Somorovsky, J. Schwenk, in: 32nd USENIX Security Symposium, 2023.
LibreCat
| Download (ext.)
S.N. Hebrok, S. Nachtigall, M. Maehren, N. Erinola, R. Merget, J. Somorovsky, J. Schwenk, in: 32nd USENIX Security Symposium, 2023.
2022 | Conference Paper | LibreCat-ID: 32572
"I don' know why I check this..." - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks
P. Mayer, D. Poddebniak, K. Fischer, M. Brinkmann, J. Somorovsky, A. Sasse, S. Schinzel, M. Volkamer, in: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), USENIX Association, Boston, MA, 2022, pp. 77–96.
LibreCat
P. Mayer, D. Poddebniak, K. Fischer, M. Brinkmann, J. Somorovsky, A. Sasse, S. Schinzel, M. Volkamer, in: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), USENIX Association, Boston, MA, 2022, pp. 77–96.
2022 | Conference Paper | LibreCat-ID: 32573
TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries
M. Maehren, P. Nieting, S.N. Hebrok, R. Merget, J. Somorovsky, J. Schwenk, in: 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, Boston, MA, 2022.
LibreCat
M. Maehren, P. Nieting, S.N. Hebrok, R. Merget, J. Somorovsky, J. Schwenk, in: 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, Boston, MA, 2022.
2022 | Conference Paper | LibreCat-ID: 54435
On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers
H. Siewert, M. Kretschmer, M. Niemietz, J. Somorovsky, in: 2022 IEEE Security and Privacy Workshops (SPW), IEEE, 2022.
LibreCat
| DOI
H. Siewert, M. Kretschmer, M. Niemietz, J. Somorovsky, in: 2022 IEEE Security and Privacy Workshops (SPW), IEEE, 2022.
2021 | Conference Paper | LibreCat-ID: 25331
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication
M. Brinkmann, C. Dresen, R. Merget, D. Poddebniak, J. Müller, J. Somorovsky, J. Schwenk, S. Schinzel, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293–4310.
LibreCat
M. Brinkmann, C. Dresen, R. Merget, D. Poddebniak, J. Müller, J. Somorovsky, J. Schwenk, S. Schinzel, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293–4310.
2021 | Conference Paper | LibreCat-ID: 25332
Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)
R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, J. Schwenk, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213–230.
LibreCat
R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, J. Schwenk, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213–230.
2021 | Journal Article | LibreCat-ID: 24143
Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!
J.P. Drees, P. Gupta, E. Hüllermeier, T. Jager, A. Konze, C. Priesterjahn, A. Ramaswamy, J. Somorovsky, 14th ACM Workshop on Artificial Intelligence and Security (2021).
LibreCat
J.P. Drees, P. Gupta, E. Hüllermeier, T. Jager, A. Konze, C. Priesterjahn, A. Ramaswamy, J. Somorovsky, 14th ACM Workshop on Artificial Intelligence and Security (2021).
2020 | Conference Paper | LibreCat-ID: 25334
Analysis of DTLS Implementations Using Protocol State Fuzzing
P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–2540.
LibreCat
P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–2540.
2020 | Conference Paper | LibreCat-ID: 25336
Mitigation of Attacks on Email End-to-End Encryption
J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.
LibreCat
| DOI
J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.
2019 | Conference Paper | LibreCat-ID: 15908 |
"Johnny, you are fired!" -- Spoofing OpenPGP and S/MIME Signatures in Emails
J. Müller, M. Brinkmann, D. Poddebniak, H. Böck, S. Schinzel, J. Somorovsky, J. Schwenk, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1011–1028.
LibreCat
| Download (ext.)
J. Müller, M. Brinkmann, D. Poddebniak, H. Böck, S. Schinzel, J. Somorovsky, J. Schwenk, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1011–1028.
2019 | Conference Paper | LibreCat-ID: 15909 |
Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities
R. Merget, J. Somorovsky, N. Aviram, C. Young, J. Fliegenschmidt, J. Schwenk, Y. Shavitt, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1029–1046.
LibreCat
| Download (ext.)
R. Merget, J. Somorovsky, N. Aviram, C. Young, J. Fliegenschmidt, J. Schwenk, Y. Shavitt, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1029–1046.
2019 | Conference Paper | LibreCat-ID: 15910
Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
N. Engelbertz, V. Mladenov, J. Somorovsky, D. Herring, N. Erinola, J. Schwenk, in: H. Roßnagel, S. Wagner, D. Hühnlein (Eds.), Open Identity Summit 2019, Gesellschaft für Informatik, Bonn, 2019, pp. 95–106.
LibreCat
N. Engelbertz, V. Mladenov, J. Somorovsky, D. Herring, N. Erinola, J. Schwenk, in: H. Roßnagel, S. Wagner, D. Hühnlein (Eds.), Open Identity Summit 2019, Gesellschaft für Informatik, Bonn, 2019, pp. 95–106.
2018 | Conference Paper | LibreCat-ID: 15892
Prime and Prejudice: Primality Testing Under Adversarial Conditions
M.R. Albrecht, J. Massimo, K.G. Paterson, J. Somorovsky, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018.
LibreCat
| DOI
| Download (ext.)
M.R. Albrecht, J. Massimo, K.G. Paterson, J. Somorovsky, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018.
2018 | Conference Paper | LibreCat-ID: 15893
Attacking Deterministic Signature Schemes Using Fault Attacks
D. Poddebniak, J. Somorovsky, S. Schinzel, M. Lochter, P. Rosler, in: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), 2018.
LibreCat
| DOI
D. Poddebniak, J. Somorovsky, S. Schinzel, M. Lochter, P. Rosler, in: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), 2018.
2018 | Conference Paper | LibreCat-ID: 15894
On The (In-)Security Of JavaScript Object Signing And Encryption
D. Detering, J. Somorovsky, C. Mainka, V. Mladenov, J. Schwenk, in: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS, 2018.
LibreCat
| DOI
D. Detering, J. Somorovsky, C. Mainka, V. Mladenov, J. Schwenk, in: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS, 2018.
2018 | Conference Paper | LibreCat-ID: 15905 |
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
D. Poddebniak, C. Dresen, J. Müller, F. Ising, S. Schinzel, S. Friedberger, J. Somorovsky, J. Schwenk, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 549–566.
LibreCat
| Download (ext.)
D. Poddebniak, C. Dresen, J. Müller, F. Ising, S. Schinzel, S. Friedberger, J. Somorovsky, J. Schwenk, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 549–566.
2018 | Conference Paper | LibreCat-ID: 15906 |
Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT)
H. Böck, J. Somorovsky, C. Young, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 817–849.
LibreCat
| Download (ext.)
H. Böck, J. Somorovsky, C. Young, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 817–849.
2018 | Conference Paper | LibreCat-ID: 15914 |
Security Analysis of eIDAS -- The Cross-Country Authentication Scheme in Europe
N. Engelbertz, N. Erinola, D. Herring, J. Somorovsky, V. Mladenov, J. Schwenk, in: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18), {USENIX} Association, Baltimore, MD, 2018.
LibreCat
| Download (ext.)
N. Engelbertz, N. Erinola, D. Herring, J. Somorovsky, V. Mladenov, J. Schwenk, in: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18), {USENIX} Association, Baltimore, MD, 2018.
2017 | Conference Paper | LibreCat-ID: 15895
SoK: Exploiting Network Printers
J. Muller, V. Mladenov, J. Somorovsky, J. Schwenk, in: 2017 IEEE Symposium on Security and Privacy (SP), 2017.
LibreCat
| DOI
| Download (ext.)
J. Muller, V. Mladenov, J. Somorovsky, J. Schwenk, in: 2017 IEEE Symposium on Security and Privacy (SP), 2017.
2017 | Conference Paper | LibreCat-ID: 15912 |
Breaking and Fixing Gridcoin
M. Grothe, T. Niemann, J. Somorovsky, J. Schwenk, in: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17), {USENIX} Association, Vancouver, BC, 2017.
LibreCat
| Download (ext.)
M. Grothe, T. Niemann, J. Somorovsky, J. Schwenk, in: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17), {USENIX} Association, Vancouver, BC, 2017.
2016 | Conference Paper | LibreCat-ID: 15896
Systematic Fuzzing and Testing of TLS Libraries
J. Somorovsky, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16, 2016.
LibreCat
| DOI
| Download (ext.)
J. Somorovsky, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16, 2016.
2016 | Conference Paper | LibreCat-ID: 15907 |
DROWN: Breaking TLS Using SSLv2
N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J.A. Halderman, V. Dukhovni, E. Käsper, S. Cohney, S. Engels, C. Paar, Y. Shavitt, in: 25th {USENIX} Security Symposium ({USENIX} Security 16), {USENIX} Association, Austin, TX, 2016, pp. 689–706.
LibreCat
| Download (ext.)
N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J.A. Halderman, V. Dukhovni, E. Käsper, S. Cohney, S. Engels, C. Paar, Y. Shavitt, in: 25th {USENIX} Security Symposium ({USENIX} Security 16), {USENIX} Association, Austin, TX, 2016, pp. 689–706.
2016 | Conference Paper | LibreCat-ID: 15913 |
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
H. Böck, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic, in: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16), {USENIX} Association, Austin, TX, 2016.
LibreCat
| Download (ext.)
H. Böck, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic, in: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16), {USENIX} Association, Austin, TX, 2016.
2015 | Book Chapter | LibreCat-ID: 15897
AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services
C. Altmeier, C. Mainka, J. Somorovsky, J. Schwenk, in: Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015, Cham, 2015.
LibreCat
| DOI
C. Altmeier, C. Mainka, J. Somorovsky, J. Schwenk, in: Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015, Cham, 2015.
2015 | Conference Paper | LibreCat-ID: 15898
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
T. Jager, J. Schwenk, J. Somorovsky, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15, 2015.
LibreCat
| DOI
| Download (ext.)
T. Jager, J. Schwenk, J. Somorovsky, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15, 2015.
2015 | Book Chapter | LibreCat-ID: 15899
Practical Invalid Curve Attacks on TLS-ECDH
T. Jager, J. Schwenk, J. Somorovsky, in: Computer Security -- ESORICS 2015, Cham, 2015.
LibreCat
| DOI
| Download (ext.)
T. Jager, J. Schwenk, J. Somorovsky, in: Computer Security -- ESORICS 2015, Cham, 2015.
2015 | Conference Paper | LibreCat-ID: 15900
Not so Smart: On Smart TV Apps
M. Niemietz, J. Somorovsky, C. Mainka, J. Schwenk, in: International Workshop on Secure Internet of Things (SIoT), 2015.
LibreCat
| DOI
M. Niemietz, J. Somorovsky, C. Mainka, J. Schwenk, in: International Workshop on Secure Internet of Things (SIoT), 2015.
2015 | Conference Paper | LibreCat-ID: 15911 |
How to Break XML Encryption -- Automatically
D. Kupser, C. Mainka, J. Schwenk, J. Somorovsky, in: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15), {USENIX} Association, Washington, D.C., 2015.
LibreCat
| Download (ext.)
D. Kupser, C. Mainka, J. Schwenk, J. Somorovsky, in: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15), {USENIX} Association, Washington, D.C., 2015.
2014 | Conference Paper | LibreCat-ID: 15904 |
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
C. Meyer, J. Somorovsky, E. Weiss, J. Schwenk, S. Schinzel, E. Tews, in: 23rd {USENIX} Security Symposium ({USENIX} Security 14), {USENIX} Association, San Diego, CA, 2014, pp. 733–748.
LibreCat
| Download (ext.)
C. Meyer, J. Somorovsky, E. Weiss, J. Schwenk, S. Schinzel, E. Tews, in: 23rd {USENIX} Security Symposium ({USENIX} Security 14), {USENIX} Association, San Diego, CA, 2014, pp. 733–748.
2013 | Dissertation | LibreCat-ID: 15901
On the insecurity of XML Security
J. Somorovsky, On the Insecurity of XML Security, 2013.
LibreCat
| DOI
J. Somorovsky, On the Insecurity of XML Security, 2013.
2013 | Conference Paper | LibreCat-ID: 15902
A New Approach towards DoS Penetration Testing on Web Services
A. Falkenberg, C. Mainka, J. Somorovsky, J. Schwenk, in: 2013 IEEE 20th International Conference on Web Services, 2013.
LibreCat
| DOI
A. Falkenberg, C. Mainka, J. Somorovsky, J. Schwenk, in: 2013 IEEE 20th International Conference on Web Services, 2013.
2013 | Journal Article | LibreCat-ID: 15903
Penetration test tool for XML-based web services
C. Mainka, V. Mladenov, J. Somorovsky, J. Schwenk, CEUR Workshop Proceedings 965 (2013) 31–35.
LibreCat
C. Mainka, V. Mladenov, J. Somorovsky, J. Schwenk, CEUR Workshop Proceedings 965 (2013) 31–35.
2013 | Conference Paper | LibreCat-ID: 15918 |
One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography
T. Jager, K.G. Paterson, J. Somorovsky, in: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, 2013.
LibreCat
| Download (ext.)
T. Jager, K.G. Paterson, J. Somorovsky, in: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, 2013.
2012 | Conference Paper | LibreCat-ID: 15888 |
On Breaking SAML: Be Whoever You Want to Be
J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, M. Jensen, in: Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12), {USENIX}, Bellevue, WA, 2012, pp. 397–412.
LibreCat
| Download (ext.)
J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, M. Jensen, in: Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12), {USENIX}, Bellevue, WA, 2012, pp. 397–412.
2012 | Conference Paper | LibreCat-ID: 15890
Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption
J. Somorovsky, J. Schwenk, in: 2012 IEEE Eighth World Congress on Services, 2012.
LibreCat
| DOI
J. Somorovsky, J. Schwenk, in: 2012 IEEE Eighth World Congress on Services, 2012.
2012 | Book Chapter | LibreCat-ID: 15891
Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption
T. Jager, S. Schinzel, J. Somorovsky, in: Computer Security – ESORICS 2012, Berlin, Heidelberg, 2012.
LibreCat
| DOI
T. Jager, S. Schinzel, J. Somorovsky, in: Computer Security – ESORICS 2012, Berlin, Heidelberg, 2012.
2012 | Conference Paper | LibreCat-ID: 15917
Sec2: Secure Mobile Solution for Distributed Public Cloud Storages
J. Somorovsky, C. Meyer, T. Tran, M. Sbeiti, J. Schwenk, C. Wietfeld, in: 2012.
LibreCat
J. Somorovsky, C. Meyer, T. Tran, M. Sbeiti, J. Schwenk, C. Wietfeld, in: 2012.
2011 | Conference Paper | LibreCat-ID: 15885
All your clouds are belong to us: security analysis of cloud management interfaces
J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, L. Lo Iacono, in: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11, 2011.
LibreCat
| DOI
| Download (ext.)
J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, L. Lo Iacono, in: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11, 2011.
2011 | Conference Paper | LibreCat-ID: 15887
On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks
M. Jensen, C. Meyer, J. Somorovsky, J. Schwenk, in: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC), 2011.
LibreCat
| DOI
M. Jensen, C. Meyer, J. Somorovsky, J. Schwenk, in: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC), 2011.
2011 | Conference Paper | LibreCat-ID: 15915
How to break XML encryption
T. Jager, J. Somorovsky, in: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11, 2011.
LibreCat
| DOI
| Download (ext.)
T. Jager, J. Somorovsky, in: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11, 2011.
2011 | Conference Paper | LibreCat-ID: 15916
Sec2: Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage
C. Meyer, J. Somorovsky, B. Driessen, J. Schwenk, T. Tran, C. Wietfeld, in: 2011.
LibreCat
C. Meyer, J. Somorovsky, B. Driessen, J. Schwenk, T. Tran, C. Wietfeld, in: 2011.
2010 | Conference Paper | LibreCat-ID: 15889
Streaming-Based Verification of XML Signatures in SOAP Messages
J. Somorovsky, M. Jensen, J. Schwenk, in: 2010 6th World Congress on Services, 2010.
LibreCat
| DOI
J. Somorovsky, M. Jensen, J. Schwenk, in: 2010 6th World Congress on Services, 2010.
49 Publications
2024 | Conference Paper | LibreCat-ID: 54437
Security Analysis of BigBlueButton and eduMEET
N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security, Springer Nature Switzerland, Cham, 2024.
LibreCat
| DOI
| Download (ext.)
N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security, Springer Nature Switzerland, Cham, 2024.
2024 | Conference Paper | LibreCat-ID: 55137 |
Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling
P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.
LibreCat
| Files available
| Download (ext.)
P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.
2024 | Book Chapter | LibreCat-ID: 56079
In Search of Partitioning Oracle Attacks Against TLS Session Tickets
M.M. Radoy, S.N. Hebrok, J. Somorovsky, in: Lecture Notes in Computer Science, Springer Nature Switzerland, Cham, 2024.
LibreCat
| DOI
M.M. Radoy, S.N. Hebrok, J. Somorovsky, in: Lecture Notes in Computer Science, Springer Nature Switzerland, Cham, 2024.
2024 | Conference Paper | LibreCat-ID: 57816
TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations
F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange, M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky, in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24), 2024.
LibreCat
F. Bäumer, M. Brinkmann, N. Erinola, S.N. Hebrok, N. Heitmann, F. Lange, M. Maehren, R. Merget, N. Niere, M.M. Radoy, C. Schmidt, J. Schwenk, J. Somorovsky, in: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24), 2024.
2023 | Conference Paper | LibreCat-ID: 49654
Poster: Circumventing the GFW with TLS Record Fragmentation
N. Niere, S.N. Hebrok, J. Somorovsky, R. Merget, in: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023.
LibreCat
| DOI
N. Niere, S.N. Hebrok, J. Somorovsky, R. Merget, in: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023.
2023 | Conference Paper | LibreCat-ID: 46500
Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth
J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.
LibreCat
| Files available
| DOI
| Download (ext.)
J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.
2023 | Conference Paper | LibreCat-ID: 48012 |
Security Analysis of the 3MF Data Format
J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.
LibreCat
| Files available
| DOI
| Download (ext.)
J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.
2023 | Conference Paper | LibreCat-ID: 43060 |
We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets
S.N. Hebrok, S. Nachtigall, M. Maehren, N. Erinola, R. Merget, J. Somorovsky, J. Schwenk, in: 32nd USENIX Security Symposium, 2023.
LibreCat
| Download (ext.)
S.N. Hebrok, S. Nachtigall, M. Maehren, N. Erinola, R. Merget, J. Somorovsky, J. Schwenk, in: 32nd USENIX Security Symposium, 2023.
2022 | Conference Paper | LibreCat-ID: 32572
"I don' know why I check this..." - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks
P. Mayer, D. Poddebniak, K. Fischer, M. Brinkmann, J. Somorovsky, A. Sasse, S. Schinzel, M. Volkamer, in: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), USENIX Association, Boston, MA, 2022, pp. 77–96.
LibreCat
P. Mayer, D. Poddebniak, K. Fischer, M. Brinkmann, J. Somorovsky, A. Sasse, S. Schinzel, M. Volkamer, in: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), USENIX Association, Boston, MA, 2022, pp. 77–96.
2022 | Conference Paper | LibreCat-ID: 32573
TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries
M. Maehren, P. Nieting, S.N. Hebrok, R. Merget, J. Somorovsky, J. Schwenk, in: 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, Boston, MA, 2022.
LibreCat
M. Maehren, P. Nieting, S.N. Hebrok, R. Merget, J. Somorovsky, J. Schwenk, in: 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, Boston, MA, 2022.
2022 | Conference Paper | LibreCat-ID: 54435
On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers
H. Siewert, M. Kretschmer, M. Niemietz, J. Somorovsky, in: 2022 IEEE Security and Privacy Workshops (SPW), IEEE, 2022.
LibreCat
| DOI
H. Siewert, M. Kretschmer, M. Niemietz, J. Somorovsky, in: 2022 IEEE Security and Privacy Workshops (SPW), IEEE, 2022.
2021 | Conference Paper | LibreCat-ID: 25331
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication
M. Brinkmann, C. Dresen, R. Merget, D. Poddebniak, J. Müller, J. Somorovsky, J. Schwenk, S. Schinzel, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293–4310.
LibreCat
M. Brinkmann, C. Dresen, R. Merget, D. Poddebniak, J. Müller, J. Somorovsky, J. Schwenk, S. Schinzel, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293–4310.
2021 | Conference Paper | LibreCat-ID: 25332
Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)
R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, J. Schwenk, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213–230.
LibreCat
R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, J. Schwenk, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213–230.
2021 | Journal Article | LibreCat-ID: 24143
Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!
J.P. Drees, P. Gupta, E. Hüllermeier, T. Jager, A. Konze, C. Priesterjahn, A. Ramaswamy, J. Somorovsky, 14th ACM Workshop on Artificial Intelligence and Security (2021).
LibreCat
J.P. Drees, P. Gupta, E. Hüllermeier, T. Jager, A. Konze, C. Priesterjahn, A. Ramaswamy, J. Somorovsky, 14th ACM Workshop on Artificial Intelligence and Security (2021).
2020 | Conference Paper | LibreCat-ID: 25334
Analysis of DTLS Implementations Using Protocol State Fuzzing
P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–2540.
LibreCat
P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–2540.
2020 | Conference Paper | LibreCat-ID: 25336
Mitigation of Attacks on Email End-to-End Encryption
J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.
LibreCat
| DOI
J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.
2019 | Conference Paper | LibreCat-ID: 15908 |
"Johnny, you are fired!" -- Spoofing OpenPGP and S/MIME Signatures in Emails
J. Müller, M. Brinkmann, D. Poddebniak, H. Böck, S. Schinzel, J. Somorovsky, J. Schwenk, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1011–1028.
LibreCat
| Download (ext.)
J. Müller, M. Brinkmann, D. Poddebniak, H. Böck, S. Schinzel, J. Somorovsky, J. Schwenk, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1011–1028.
2019 | Conference Paper | LibreCat-ID: 15909 |
Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities
R. Merget, J. Somorovsky, N. Aviram, C. Young, J. Fliegenschmidt, J. Schwenk, Y. Shavitt, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1029–1046.
LibreCat
| Download (ext.)
R. Merget, J. Somorovsky, N. Aviram, C. Young, J. Fliegenschmidt, J. Schwenk, Y. Shavitt, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1029–1046.
2019 | Conference Paper | LibreCat-ID: 15910
Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
N. Engelbertz, V. Mladenov, J. Somorovsky, D. Herring, N. Erinola, J. Schwenk, in: H. Roßnagel, S. Wagner, D. Hühnlein (Eds.), Open Identity Summit 2019, Gesellschaft für Informatik, Bonn, 2019, pp. 95–106.
LibreCat
N. Engelbertz, V. Mladenov, J. Somorovsky, D. Herring, N. Erinola, J. Schwenk, in: H. Roßnagel, S. Wagner, D. Hühnlein (Eds.), Open Identity Summit 2019, Gesellschaft für Informatik, Bonn, 2019, pp. 95–106.
2018 | Conference Paper | LibreCat-ID: 15892
Prime and Prejudice: Primality Testing Under Adversarial Conditions
M.R. Albrecht, J. Massimo, K.G. Paterson, J. Somorovsky, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018.
LibreCat
| DOI
| Download (ext.)
M.R. Albrecht, J. Massimo, K.G. Paterson, J. Somorovsky, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018.
2018 | Conference Paper | LibreCat-ID: 15893
Attacking Deterministic Signature Schemes Using Fault Attacks
D. Poddebniak, J. Somorovsky, S. Schinzel, M. Lochter, P. Rosler, in: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), 2018.
LibreCat
| DOI
D. Poddebniak, J. Somorovsky, S. Schinzel, M. Lochter, P. Rosler, in: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), 2018.
2018 | Conference Paper | LibreCat-ID: 15894
On The (In-)Security Of JavaScript Object Signing And Encryption
D. Detering, J. Somorovsky, C. Mainka, V. Mladenov, J. Schwenk, in: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS, 2018.
LibreCat
| DOI
D. Detering, J. Somorovsky, C. Mainka, V. Mladenov, J. Schwenk, in: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS, 2018.
2018 | Conference Paper | LibreCat-ID: 15905 |
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
D. Poddebniak, C. Dresen, J. Müller, F. Ising, S. Schinzel, S. Friedberger, J. Somorovsky, J. Schwenk, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 549–566.
LibreCat
| Download (ext.)
D. Poddebniak, C. Dresen, J. Müller, F. Ising, S. Schinzel, S. Friedberger, J. Somorovsky, J. Schwenk, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 549–566.
2018 | Conference Paper | LibreCat-ID: 15906 |
Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT)
H. Böck, J. Somorovsky, C. Young, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 817–849.
LibreCat
| Download (ext.)
H. Böck, J. Somorovsky, C. Young, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 817–849.
2018 | Conference Paper | LibreCat-ID: 15914 |
Security Analysis of eIDAS -- The Cross-Country Authentication Scheme in Europe
N. Engelbertz, N. Erinola, D. Herring, J. Somorovsky, V. Mladenov, J. Schwenk, in: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18), {USENIX} Association, Baltimore, MD, 2018.
LibreCat
| Download (ext.)
N. Engelbertz, N. Erinola, D. Herring, J. Somorovsky, V. Mladenov, J. Schwenk, in: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18), {USENIX} Association, Baltimore, MD, 2018.
2017 | Conference Paper | LibreCat-ID: 15895
SoK: Exploiting Network Printers
J. Muller, V. Mladenov, J. Somorovsky, J. Schwenk, in: 2017 IEEE Symposium on Security and Privacy (SP), 2017.
LibreCat
| DOI
| Download (ext.)
J. Muller, V. Mladenov, J. Somorovsky, J. Schwenk, in: 2017 IEEE Symposium on Security and Privacy (SP), 2017.
2017 | Conference Paper | LibreCat-ID: 15912 |
Breaking and Fixing Gridcoin
M. Grothe, T. Niemann, J. Somorovsky, J. Schwenk, in: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17), {USENIX} Association, Vancouver, BC, 2017.
LibreCat
| Download (ext.)
M. Grothe, T. Niemann, J. Somorovsky, J. Schwenk, in: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17), {USENIX} Association, Vancouver, BC, 2017.
2016 | Conference Paper | LibreCat-ID: 15896
Systematic Fuzzing and Testing of TLS Libraries
J. Somorovsky, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16, 2016.
LibreCat
| DOI
| Download (ext.)
J. Somorovsky, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16, 2016.
2016 | Conference Paper | LibreCat-ID: 15907 |
DROWN: Breaking TLS Using SSLv2
N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J.A. Halderman, V. Dukhovni, E. Käsper, S. Cohney, S. Engels, C. Paar, Y. Shavitt, in: 25th {USENIX} Security Symposium ({USENIX} Security 16), {USENIX} Association, Austin, TX, 2016, pp. 689–706.
LibreCat
| Download (ext.)
N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J.A. Halderman, V. Dukhovni, E. Käsper, S. Cohney, S. Engels, C. Paar, Y. Shavitt, in: 25th {USENIX} Security Symposium ({USENIX} Security 16), {USENIX} Association, Austin, TX, 2016, pp. 689–706.
2016 | Conference Paper | LibreCat-ID: 15913 |
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
H. Böck, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic, in: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16), {USENIX} Association, Austin, TX, 2016.
LibreCat
| Download (ext.)
H. Böck, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic, in: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16), {USENIX} Association, Austin, TX, 2016.
2015 | Book Chapter | LibreCat-ID: 15897
AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services
C. Altmeier, C. Mainka, J. Somorovsky, J. Schwenk, in: Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015, Cham, 2015.
LibreCat
| DOI
C. Altmeier, C. Mainka, J. Somorovsky, J. Schwenk, in: Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015, Cham, 2015.
2015 | Conference Paper | LibreCat-ID: 15898
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
T. Jager, J. Schwenk, J. Somorovsky, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15, 2015.
LibreCat
| DOI
| Download (ext.)
T. Jager, J. Schwenk, J. Somorovsky, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15, 2015.
2015 | Book Chapter | LibreCat-ID: 15899
Practical Invalid Curve Attacks on TLS-ECDH
T. Jager, J. Schwenk, J. Somorovsky, in: Computer Security -- ESORICS 2015, Cham, 2015.
LibreCat
| DOI
| Download (ext.)
T. Jager, J. Schwenk, J. Somorovsky, in: Computer Security -- ESORICS 2015, Cham, 2015.
2015 | Conference Paper | LibreCat-ID: 15900
Not so Smart: On Smart TV Apps
M. Niemietz, J. Somorovsky, C. Mainka, J. Schwenk, in: International Workshop on Secure Internet of Things (SIoT), 2015.
LibreCat
| DOI
M. Niemietz, J. Somorovsky, C. Mainka, J. Schwenk, in: International Workshop on Secure Internet of Things (SIoT), 2015.
2015 | Conference Paper | LibreCat-ID: 15911 |
How to Break XML Encryption -- Automatically
D. Kupser, C. Mainka, J. Schwenk, J. Somorovsky, in: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15), {USENIX} Association, Washington, D.C., 2015.
LibreCat
| Download (ext.)
D. Kupser, C. Mainka, J. Schwenk, J. Somorovsky, in: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15), {USENIX} Association, Washington, D.C., 2015.
2014 | Conference Paper | LibreCat-ID: 15904 |
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
C. Meyer, J. Somorovsky, E. Weiss, J. Schwenk, S. Schinzel, E. Tews, in: 23rd {USENIX} Security Symposium ({USENIX} Security 14), {USENIX} Association, San Diego, CA, 2014, pp. 733–748.
LibreCat
| Download (ext.)
C. Meyer, J. Somorovsky, E. Weiss, J. Schwenk, S. Schinzel, E. Tews, in: 23rd {USENIX} Security Symposium ({USENIX} Security 14), {USENIX} Association, San Diego, CA, 2014, pp. 733–748.
2013 | Dissertation | LibreCat-ID: 15901
On the insecurity of XML Security
J. Somorovsky, On the Insecurity of XML Security, 2013.
LibreCat
| DOI
J. Somorovsky, On the Insecurity of XML Security, 2013.
2013 | Conference Paper | LibreCat-ID: 15902
A New Approach towards DoS Penetration Testing on Web Services
A. Falkenberg, C. Mainka, J. Somorovsky, J. Schwenk, in: 2013 IEEE 20th International Conference on Web Services, 2013.
LibreCat
| DOI
A. Falkenberg, C. Mainka, J. Somorovsky, J. Schwenk, in: 2013 IEEE 20th International Conference on Web Services, 2013.
2013 | Journal Article | LibreCat-ID: 15903
Penetration test tool for XML-based web services
C. Mainka, V. Mladenov, J. Somorovsky, J. Schwenk, CEUR Workshop Proceedings 965 (2013) 31–35.
LibreCat
C. Mainka, V. Mladenov, J. Somorovsky, J. Schwenk, CEUR Workshop Proceedings 965 (2013) 31–35.
2013 | Conference Paper | LibreCat-ID: 15918 |
One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography
T. Jager, K.G. Paterson, J. Somorovsky, in: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, 2013.
LibreCat
| Download (ext.)
T. Jager, K.G. Paterson, J. Somorovsky, in: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, 2013.
2012 | Conference Paper | LibreCat-ID: 15888 |
On Breaking SAML: Be Whoever You Want to Be
J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, M. Jensen, in: Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12), {USENIX}, Bellevue, WA, 2012, pp. 397–412.
LibreCat
| Download (ext.)
J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, M. Jensen, in: Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12), {USENIX}, Bellevue, WA, 2012, pp. 397–412.
2012 | Conference Paper | LibreCat-ID: 15890
Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption
J. Somorovsky, J. Schwenk, in: 2012 IEEE Eighth World Congress on Services, 2012.
LibreCat
| DOI
J. Somorovsky, J. Schwenk, in: 2012 IEEE Eighth World Congress on Services, 2012.
2012 | Book Chapter | LibreCat-ID: 15891
Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption
T. Jager, S. Schinzel, J. Somorovsky, in: Computer Security – ESORICS 2012, Berlin, Heidelberg, 2012.
LibreCat
| DOI
T. Jager, S. Schinzel, J. Somorovsky, in: Computer Security – ESORICS 2012, Berlin, Heidelberg, 2012.
2012 | Conference Paper | LibreCat-ID: 15917
Sec2: Secure Mobile Solution for Distributed Public Cloud Storages
J. Somorovsky, C. Meyer, T. Tran, M. Sbeiti, J. Schwenk, C. Wietfeld, in: 2012.
LibreCat
J. Somorovsky, C. Meyer, T. Tran, M. Sbeiti, J. Schwenk, C. Wietfeld, in: 2012.
2011 | Conference Paper | LibreCat-ID: 15885
All your clouds are belong to us: security analysis of cloud management interfaces
J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, L. Lo Iacono, in: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11, 2011.
LibreCat
| DOI
| Download (ext.)
J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, L. Lo Iacono, in: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11, 2011.
2011 | Conference Paper | LibreCat-ID: 15887
On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks
M. Jensen, C. Meyer, J. Somorovsky, J. Schwenk, in: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC), 2011.
LibreCat
| DOI
M. Jensen, C. Meyer, J. Somorovsky, J. Schwenk, in: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC), 2011.
2011 | Conference Paper | LibreCat-ID: 15915
How to break XML encryption
T. Jager, J. Somorovsky, in: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11, 2011.
LibreCat
| DOI
| Download (ext.)
T. Jager, J. Somorovsky, in: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11, 2011.
2011 | Conference Paper | LibreCat-ID: 15916
Sec2: Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage
C. Meyer, J. Somorovsky, B. Driessen, J. Schwenk, T. Tran, C. Wietfeld, in: 2011.
LibreCat
C. Meyer, J. Somorovsky, B. Driessen, J. Schwenk, T. Tran, C. Wietfeld, in: 2011.
2010 | Conference Paper | LibreCat-ID: 15889
Streaming-Based Verification of XML Signatures in SOAP Messages
J. Somorovsky, M. Jensen, J. Schwenk, in: 2010 6th World Congress on Services, 2010.
LibreCat
| DOI
J. Somorovsky, M. Jensen, J. Schwenk, in: 2010 6th World Congress on Services, 2010.