51 Publications
2025 | Conference Paper | LibreCat-ID: 58657 | 
Rossel J, Mladenov V, Wördenweber N, Somorovsky J. Security Implications of Malicious G-Codes in 3D Printing. In: Proceedings of the 34th USENIX Security Symposium (USENIX ’25). ; 2025.
LibreCat
| Files available
2025 | Conference Paper | LibreCat-ID: 58801 |
Lange F, Niere N, von Niessen J, Suermann D, Heitmann N, Somorovsky J. I(ra)nconsistencies: Novel Insights into Iran’s Censorship. In: Proceedings on Privacy Enhancing Technologies. ; 2025.
LibreCat
| Files available
| Download (ext.)
2024 | Conference Paper | LibreCat-ID: 54437
Heitmann N, Siewert H, Moog S, Somorovsky J. Security Analysis of BigBlueButton and eduMEET. In: Applied Cryptography and Network Security. Springer Nature Switzerland; 2024. doi:10.1007/978-3-031-54776-8_8
LibreCat
| DOI
| Download (ext.)
2024 | Conference Paper | LibreCat-ID: 55137 |
Müller P, Niere N, Lange F, Somorovsky J. Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. In: Proceedings on Privacy Enhancing Technologies. ; 2024.
LibreCat
| Files available
| Download (ext.)
2024 | Book Chapter | LibreCat-ID: 56079
Radoy MM, Hebrok SN, Somorovsky J. In Search of Partitioning Oracle Attacks Against TLS Session Tickets. In: Lecture Notes in Computer Science. Springer Nature Switzerland; 2024. doi:10.1007/978-3-031-70896-1_16
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 57816
Bäumer F, Brinkmann M, Erinola N, et al. TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations. In: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24). ; 2024.
LibreCat
2023 | Conference Paper | LibreCat-ID: 49654
Niere N, Hebrok SN, Somorovsky J, Merget R. Poster: Circumventing the GFW with TLS Record Fragmentation. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2023. doi:10.1145/3576915.3624372
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 46500
Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048
LibreCat
| Files available
| DOI
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 48012 |
Rossel J, Mladenov V, Somorovsky J. Security Analysis of the 3MF Data Format. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. ACM; 2023. doi:10.1145/3607199.3607216
LibreCat
| Files available
| DOI
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 43060 |
Hebrok SN, Nachtigall S, Maehren M, et al. We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets. In: 32nd USENIX Security Symposium. ; 2023.
LibreCat
| Download (ext.)
2022 | Conference Paper | LibreCat-ID: 32572
Mayer P, Poddebniak D, Fischer K, et al. “I don’ know why I check this...” - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks. In: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). USENIX Association; 2022:77–96.
LibreCat
2022 | Conference Paper | LibreCat-ID: 32573
Maehren M, Nieting P, Hebrok SN, Merget R, Somorovsky J, Schwenk J. TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries. In: 31st USENIX Security Symposium (USENIX Security 22). USENIX Association; 2022.
LibreCat
2022 | Conference Paper | LibreCat-ID: 54435
Siewert H, Kretschmer M, Niemietz M, Somorovsky J. On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers. In: 2022 IEEE Security and Privacy Workshops (SPW). IEEE; 2022. doi:10.1109/spw54247.2022.9833880
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 25331
Brinkmann M, Dresen C, Merget R, et al. ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. In: 30th {USENIX} Security Symposium ({USENIX} Security 21). {USENIX} Association; 2021:4293-4310.
LibreCat
2021 | Conference Paper | LibreCat-ID: 25332
Merget R, Brinkmann M, Aviram N, Somorovsky J, Mittmann J, Schwenk J. Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E). In: 30th {USENIX} Security Symposium ({USENIX} Security 21). {USENIX} Association; 2021:213-230.
LibreCat
2021 | Journal Article | LibreCat-ID: 24143
Drees JP, Gupta P, Hüllermeier E, et al. Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs! 14th ACM Workshop on Artificial Intelligence and Security. Published online 2021.
LibreCat
2020 | Conference Paper | LibreCat-ID: 25334
Fiterau-Brostean P, Jonsson B, Merget R, de Ruiter J, Sagonas K, Somorovsky J. Analysis of DTLS Implementations Using Protocol State Fuzzing. In: 29th {USENIX} Security Symposium ({USENIX} Security 20). {USENIX} Association; 2020:2523-2540.
LibreCat
2020 | Conference Paper | LibreCat-ID: 25336
Schwenk J, Brinkmann M, Poddebniak D, Müller J, Somorovsky J, Schinzel S. Mitigation of Attacks on Email End-to-End Encryption. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. CCS ’20. Association for Computing Machinery; 2020:1647–1664. doi:10.1145/3372297.3417878
LibreCat
| DOI
2019 | Conference Paper | LibreCat-ID: 15908 |
Müller J, Brinkmann M, Poddebniak D, et al. “Johnny, you are fired!” -- Spoofing OpenPGP and S/MIME Signatures in Emails. In: 28th {USENIX} Security Symposium ({USENIX} Security 19). Santa Clara, CA: {USENIX} Association; 2019:1011-1028.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 15909 |
Merget R, Somorovsky J, Aviram N, et al. Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities. In: 28th {USENIX} Security Symposium ({USENIX} Security 19). Santa Clara, CA: {USENIX} Association; 2019:1029-1046.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 15910
Engelbertz N, Mladenov V, Somorovsky J, Herring D, Erinola N, Schwenk J. Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS). In: Roßnagel H, Wagner S, Hühnlein D, eds. Open Identity Summit 2019. Gesellschaft für Informatik, Bonn; 2019:95-106.
LibreCat
2018 | Conference Paper | LibreCat-ID: 15892
Albrecht MR, Massimo J, Paterson KG, Somorovsky J. Prime and Prejudice: Primality Testing Under Adversarial Conditions. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ; 2018. doi:10.1145/3243734.3243787
LibreCat
| DOI
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15893
Poddebniak D, Somorovsky J, Schinzel S, Lochter M, Rosler P. Attacking Deterministic Signature Schemes Using Fault Attacks. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P). ; 2018. doi:10.1109/eurosp.2018.00031
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 15894
Detering D, Somorovsky J, Mainka C, Mladenov V, Schwenk J. On The (In-)Security Of JavaScript Object Signing And Encryption. In: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS. ; 2018. doi:10.1145/3150376.3150379
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 15905 |
Poddebniak D, Dresen C, Müller J, et al. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. In: 27th {USENIX} Security Symposium ({USENIX} Security 18). Baltimore, MD: {USENIX} Association; 2018:549-566.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15906 |
Böck H, Somorovsky J, Young C. Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT). In: 27th {USENIX} Security Symposium ({USENIX} Security 18). Baltimore, MD: {USENIX} Association; 2018:817-849.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15914 |
Engelbertz N, Erinola N, Herring D, Somorovsky J, Mladenov V, Schwenk J. Security Analysis of eIDAS -- The Cross-Country Authentication Scheme in Europe. In: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18). Baltimore, MD: {USENIX} Association; 2018.
LibreCat
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 15895
Muller J, Mladenov V, Somorovsky J, Schwenk J. SoK: Exploiting Network Printers. In: 2017 IEEE Symposium on Security and Privacy (SP). ; 2017. doi:10.1109/sp.2017.47
LibreCat
| DOI
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 15912 |
Grothe M, Niemann T, Somorovsky J, Schwenk J. Breaking and Fixing Gridcoin. In: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17). Vancouver, BC: {USENIX} Association; 2017.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15896
Somorovsky J. Systematic Fuzzing and Testing of TLS Libraries. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16. ; 2016. doi:10.1145/2976749.2978411
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15907 |
Aviram N, Schinzel S, Somorovsky J, et al. DROWN: Breaking TLS Using SSLv2. In: 25th {USENIX} Security Symposium ({USENIX} Security 16). Austin, TX: {USENIX} Association; 2016:689-706.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15913 |
Böck H, Zauner A, Devlin S, Somorovsky J, Jovanovic P. Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. In: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16). Austin, TX: {USENIX} Association; 2016.
LibreCat
| Download (ext.)
2015 | Book Chapter | LibreCat-ID: 15897
Altmeier C, Mainka C, Somorovsky J, Schwenk J. AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services. In: Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015. Lecture Notes in Computer Science 9481. Cham; 2015. doi:10.1007/978-3-319-29883-2_5
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 15898
Jager T, Schwenk J, Somorovsky J. On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. ; 2015. doi:10.1145/2810103.2813657
LibreCat
| DOI
| Download (ext.)
2015 | Book Chapter | LibreCat-ID: 15899
Jager T, Schwenk J, Somorovsky J. Practical Invalid Curve Attacks on TLS-ECDH. In: Computer Security -- ESORICS 2015. Cham; 2015. doi:10.1007/978-3-319-24174-6_21
LibreCat
| DOI
| Download (ext.)
2015 | Conference Paper | LibreCat-ID: 15900
Niemietz M, Somorovsky J, Mainka C, Schwenk J. Not so Smart: On Smart TV Apps. In: International Workshop on Secure Internet of Things (SIoT). ; 2015. doi:10.1109/siot.2015.13
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 15911 |
Kupser D, Mainka C, Schwenk J, Somorovsky J. How to Break XML Encryption -- Automatically. In: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15). Washington, D.C.: {USENIX} Association; 2015.
LibreCat
| Download (ext.)
2014 | Conference Paper | LibreCat-ID: 15904 |
Meyer C, Somorovsky J, Weiss E, Schwenk J, Schinzel S, Tews E. Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. In: 23rd {USENIX} Security Symposium ({USENIX} Security 14). San Diego, CA: {USENIX} Association; 2014:733-748.
LibreCat
| Download (ext.)
2013 | Dissertation | LibreCat-ID: 15901
Somorovsky J. On the Insecurity of XML Security.; 2013. doi:10.1515/itit-2014-1045
LibreCat
| DOI
2013 | Conference Paper | LibreCat-ID: 15902
Falkenberg A, Mainka C, Somorovsky J, Schwenk J. A New Approach towards DoS Penetration Testing on Web Services. In: 2013 IEEE 20th International Conference on Web Services. ; 2013. doi:10.1109/icws.2013.72
LibreCat
| DOI
2013 | Journal Article | LibreCat-ID: 15903
Mainka C, Mladenov V, Somorovsky J, Schwenk J. Penetration test tool for XML-based web services. CEUR Workshop Proceedings. 2013;965:31-35.
LibreCat
2013 | Conference Paper | LibreCat-ID: 15918 |
Jager T, Paterson KG, Somorovsky J. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. In: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013. ; 2013.
LibreCat
| Download (ext.)
2012 | Conference Paper | LibreCat-ID: 15888 |
Somorovsky J, Mayer A, Schwenk J, Kampmann M, Jensen M. On Breaking SAML: Be Whoever You Want to Be. In: Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12). Bellevue, WA: {USENIX}; 2012:397-412.
LibreCat
| Download (ext.)
2012 | Conference Paper | LibreCat-ID: 15890
Somorovsky J, Schwenk J. Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption. In: 2012 IEEE Eighth World Congress on Services. ; 2012. doi:10.1109/services.2012.6
LibreCat
| DOI
2012 | Book Chapter | LibreCat-ID: 15891
Jager T, Schinzel S, Somorovsky J. Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption. In: Computer Security – ESORICS 2012. Berlin, Heidelberg; 2012. doi:10.1007/978-3-642-33167-1_43
LibreCat
| DOI
2012 | Conference Paper | LibreCat-ID: 15917
Somorovsky J, Meyer C, Tran T, Sbeiti M, Schwenk J, Wietfeld C. Sec2: Secure Mobile Solution for Distributed Public Cloud Storages. In: ; 2012.
LibreCat
2011 | Conference Paper | LibreCat-ID: 15885
Somorovsky J, Heiderich M, Jensen M, Schwenk J, Gruschka N, Lo Iacono L. All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11. ; 2011. doi:10.1145/2046660.2046664
LibreCat
| DOI
| Download (ext.)
2011 | Conference Paper | LibreCat-ID: 15887
Jensen M, Meyer C, Somorovsky J, Schwenk J. On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks. In: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC). ; 2011. doi:10.1109/iwsscloud.2011.6049019
LibreCat
| DOI
2011 | Conference Paper | LibreCat-ID: 15915
Jager T, Somorovsky J. How to break XML encryption. In: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11. ; 2011. doi:10.1145/2046707.2046756
LibreCat
| DOI
| Download (ext.)
2011 | Conference Paper | LibreCat-ID: 15916
Meyer C, Somorovsky J, Driessen B, Schwenk J, Tran T, Wietfeld C. Sec2: Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage. In: ; 2011.
LibreCat
2010 | Conference Paper | LibreCat-ID: 15889
Somorovsky J, Jensen M, Schwenk J. Streaming-Based Verification of XML Signatures in SOAP Messages. In: 2010 6th World Congress on Services. ; 2010. doi:10.1109/services.2010.57
LibreCat
| DOI
51 Publications
2025 | Conference Paper | LibreCat-ID: 58657 |
Rossel J, Mladenov V, Wördenweber N, Somorovsky J. Security Implications of Malicious G-Codes in 3D Printing. In: Proceedings of the 34th USENIX Security Symposium (USENIX ’25). ; 2025.
LibreCat
| Files available
2025 | Conference Paper | LibreCat-ID: 58801 |
Lange F, Niere N, von Niessen J, Suermann D, Heitmann N, Somorovsky J. I(ra)nconsistencies: Novel Insights into Iran’s Censorship. In: Proceedings on Privacy Enhancing Technologies. ; 2025.
LibreCat
| Files available
| Download (ext.)
2024 | Conference Paper | LibreCat-ID: 54437
Heitmann N, Siewert H, Moog S, Somorovsky J. Security Analysis of BigBlueButton and eduMEET. In: Applied Cryptography and Network Security. Springer Nature Switzerland; 2024. doi:10.1007/978-3-031-54776-8_8
LibreCat
| DOI
| Download (ext.)
2024 | Conference Paper | LibreCat-ID: 55137 |
Müller P, Niere N, Lange F, Somorovsky J. Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling. In: Proceedings on Privacy Enhancing Technologies. ; 2024.
LibreCat
| Files available
| Download (ext.)
2024 | Book Chapter | LibreCat-ID: 56079
Radoy MM, Hebrok SN, Somorovsky J. In Search of Partitioning Oracle Attacks Against TLS Session Tickets. In: Lecture Notes in Computer Science. Springer Nature Switzerland; 2024. doi:10.1007/978-3-031-70896-1_16
LibreCat
| DOI
2024 | Conference Paper | LibreCat-ID: 57816
Bäumer F, Brinkmann M, Erinola N, et al. TLS-Attacker: A Dynamic Framework for Analyzing TLS Implementations. In: Proceedings of Cybersecurity Artifacts Competition and Impact Award (ACSAC ’24). ; 2024.
LibreCat
2023 | Conference Paper | LibreCat-ID: 49654
Niere N, Hebrok SN, Somorovsky J, Merget R. Poster: Circumventing the GFW with TLS Record Fragmentation. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2023. doi:10.1145/3576915.3624372
LibreCat
| DOI
2023 | Conference Paper | LibreCat-ID: 46500
Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048
LibreCat
| Files available
| DOI
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 48012 |
Rossel J, Mladenov V, Somorovsky J. Security Analysis of the 3MF Data Format. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. ACM; 2023. doi:10.1145/3607199.3607216
LibreCat
| Files available
| DOI
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 43060 |
Hebrok SN, Nachtigall S, Maehren M, et al. We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets. In: 32nd USENIX Security Symposium. ; 2023.
LibreCat
| Download (ext.)
2022 | Conference Paper | LibreCat-ID: 32572
Mayer P, Poddebniak D, Fischer K, et al. “I don’ know why I check this...” - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks. In: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). USENIX Association; 2022:77–96.
LibreCat
2022 | Conference Paper | LibreCat-ID: 32573
Maehren M, Nieting P, Hebrok SN, Merget R, Somorovsky J, Schwenk J. TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries. In: 31st USENIX Security Symposium (USENIX Security 22). USENIX Association; 2022.
LibreCat
2022 | Conference Paper | LibreCat-ID: 54435
Siewert H, Kretschmer M, Niemietz M, Somorovsky J. On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers. In: 2022 IEEE Security and Privacy Workshops (SPW). IEEE; 2022. doi:10.1109/spw54247.2022.9833880
LibreCat
| DOI
2021 | Conference Paper | LibreCat-ID: 25331
Brinkmann M, Dresen C, Merget R, et al. ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. In: 30th {USENIX} Security Symposium ({USENIX} Security 21). {USENIX} Association; 2021:4293-4310.
LibreCat
2021 | Conference Paper | LibreCat-ID: 25332
Merget R, Brinkmann M, Aviram N, Somorovsky J, Mittmann J, Schwenk J. Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E). In: 30th {USENIX} Security Symposium ({USENIX} Security 21). {USENIX} Association; 2021:213-230.
LibreCat
2021 | Journal Article | LibreCat-ID: 24143
Drees JP, Gupta P, Hüllermeier E, et al. Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs! 14th ACM Workshop on Artificial Intelligence and Security. Published online 2021.
LibreCat
2020 | Conference Paper | LibreCat-ID: 25334
Fiterau-Brostean P, Jonsson B, Merget R, de Ruiter J, Sagonas K, Somorovsky J. Analysis of DTLS Implementations Using Protocol State Fuzzing. In: 29th {USENIX} Security Symposium ({USENIX} Security 20). {USENIX} Association; 2020:2523-2540.
LibreCat
2020 | Conference Paper | LibreCat-ID: 25336
Schwenk J, Brinkmann M, Poddebniak D, Müller J, Somorovsky J, Schinzel S. Mitigation of Attacks on Email End-to-End Encryption. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. CCS ’20. Association for Computing Machinery; 2020:1647–1664. doi:10.1145/3372297.3417878
LibreCat
| DOI
2019 | Conference Paper | LibreCat-ID: 15908 |
Müller J, Brinkmann M, Poddebniak D, et al. “Johnny, you are fired!” -- Spoofing OpenPGP and S/MIME Signatures in Emails. In: 28th {USENIX} Security Symposium ({USENIX} Security 19). Santa Clara, CA: {USENIX} Association; 2019:1011-1028.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 15909 |
Merget R, Somorovsky J, Aviram N, et al. Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities. In: 28th {USENIX} Security Symposium ({USENIX} Security 19). Santa Clara, CA: {USENIX} Association; 2019:1029-1046.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 15910
Engelbertz N, Mladenov V, Somorovsky J, Herring D, Erinola N, Schwenk J. Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS). In: Roßnagel H, Wagner S, Hühnlein D, eds. Open Identity Summit 2019. Gesellschaft für Informatik, Bonn; 2019:95-106.
LibreCat
2018 | Conference Paper | LibreCat-ID: 15892
Albrecht MR, Massimo J, Paterson KG, Somorovsky J. Prime and Prejudice: Primality Testing Under Adversarial Conditions. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ; 2018. doi:10.1145/3243734.3243787
LibreCat
| DOI
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15893
Poddebniak D, Somorovsky J, Schinzel S, Lochter M, Rosler P. Attacking Deterministic Signature Schemes Using Fault Attacks. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P). ; 2018. doi:10.1109/eurosp.2018.00031
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 15894
Detering D, Somorovsky J, Mainka C, Mladenov V, Schwenk J. On The (In-)Security Of JavaScript Object Signing And Encryption. In: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS. ; 2018. doi:10.1145/3150376.3150379
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 15905 |
Poddebniak D, Dresen C, Müller J, et al. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. In: 27th {USENIX} Security Symposium ({USENIX} Security 18). Baltimore, MD: {USENIX} Association; 2018:549-566.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15906 |
Böck H, Somorovsky J, Young C. Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT). In: 27th {USENIX} Security Symposium ({USENIX} Security 18). Baltimore, MD: {USENIX} Association; 2018:817-849.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15914 |
Engelbertz N, Erinola N, Herring D, Somorovsky J, Mladenov V, Schwenk J. Security Analysis of eIDAS -- The Cross-Country Authentication Scheme in Europe. In: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18). Baltimore, MD: {USENIX} Association; 2018.
LibreCat
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 15895
Muller J, Mladenov V, Somorovsky J, Schwenk J. SoK: Exploiting Network Printers. In: 2017 IEEE Symposium on Security and Privacy (SP). ; 2017. doi:10.1109/sp.2017.47
LibreCat
| DOI
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 15912 |
Grothe M, Niemann T, Somorovsky J, Schwenk J. Breaking and Fixing Gridcoin. In: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17). Vancouver, BC: {USENIX} Association; 2017.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15896
Somorovsky J. Systematic Fuzzing and Testing of TLS Libraries. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16. ; 2016. doi:10.1145/2976749.2978411
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15907 |
Aviram N, Schinzel S, Somorovsky J, et al. DROWN: Breaking TLS Using SSLv2. In: 25th {USENIX} Security Symposium ({USENIX} Security 16). Austin, TX: {USENIX} Association; 2016:689-706.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15913 |
Böck H, Zauner A, Devlin S, Somorovsky J, Jovanovic P. Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. In: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16). Austin, TX: {USENIX} Association; 2016.
LibreCat
| Download (ext.)
2015 | Book Chapter | LibreCat-ID: 15897
Altmeier C, Mainka C, Somorovsky J, Schwenk J. AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services. In: Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015. Lecture Notes in Computer Science 9481. Cham; 2015. doi:10.1007/978-3-319-29883-2_5
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 15898
Jager T, Schwenk J, Somorovsky J. On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. ; 2015. doi:10.1145/2810103.2813657
LibreCat
| DOI
| Download (ext.)
2015 | Book Chapter | LibreCat-ID: 15899
Jager T, Schwenk J, Somorovsky J. Practical Invalid Curve Attacks on TLS-ECDH. In: Computer Security -- ESORICS 2015. Cham; 2015. doi:10.1007/978-3-319-24174-6_21
LibreCat
| DOI
| Download (ext.)
2015 | Conference Paper | LibreCat-ID: 15900
Niemietz M, Somorovsky J, Mainka C, Schwenk J. Not so Smart: On Smart TV Apps. In: International Workshop on Secure Internet of Things (SIoT). ; 2015. doi:10.1109/siot.2015.13
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 15911 |
Kupser D, Mainka C, Schwenk J, Somorovsky J. How to Break XML Encryption -- Automatically. In: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15). Washington, D.C.: {USENIX} Association; 2015.
LibreCat
| Download (ext.)
2014 | Conference Paper | LibreCat-ID: 15904 |
Meyer C, Somorovsky J, Weiss E, Schwenk J, Schinzel S, Tews E. Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. In: 23rd {USENIX} Security Symposium ({USENIX} Security 14). San Diego, CA: {USENIX} Association; 2014:733-748.
LibreCat
| Download (ext.)
2013 | Dissertation | LibreCat-ID: 15901
Somorovsky J. On the Insecurity of XML Security.; 2013. doi:10.1515/itit-2014-1045
LibreCat
| DOI
2013 | Conference Paper | LibreCat-ID: 15902
Falkenberg A, Mainka C, Somorovsky J, Schwenk J. A New Approach towards DoS Penetration Testing on Web Services. In: 2013 IEEE 20th International Conference on Web Services. ; 2013. doi:10.1109/icws.2013.72
LibreCat
| DOI
2013 | Journal Article | LibreCat-ID: 15903
Mainka C, Mladenov V, Somorovsky J, Schwenk J. Penetration test tool for XML-based web services. CEUR Workshop Proceedings. 2013;965:31-35.
LibreCat
2013 | Conference Paper | LibreCat-ID: 15918 |
Jager T, Paterson KG, Somorovsky J. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. In: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013. ; 2013.
LibreCat
| Download (ext.)
2012 | Conference Paper | LibreCat-ID: 15888 |
Somorovsky J, Mayer A, Schwenk J, Kampmann M, Jensen M. On Breaking SAML: Be Whoever You Want to Be. In: Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12). Bellevue, WA: {USENIX}; 2012:397-412.
LibreCat
| Download (ext.)
2012 | Conference Paper | LibreCat-ID: 15890
Somorovsky J, Schwenk J. Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption. In: 2012 IEEE Eighth World Congress on Services. ; 2012. doi:10.1109/services.2012.6
LibreCat
| DOI
2012 | Book Chapter | LibreCat-ID: 15891
Jager T, Schinzel S, Somorovsky J. Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption. In: Computer Security – ESORICS 2012. Berlin, Heidelberg; 2012. doi:10.1007/978-3-642-33167-1_43
LibreCat
| DOI
2012 | Conference Paper | LibreCat-ID: 15917
Somorovsky J, Meyer C, Tran T, Sbeiti M, Schwenk J, Wietfeld C. Sec2: Secure Mobile Solution for Distributed Public Cloud Storages. In: ; 2012.
LibreCat
2011 | Conference Paper | LibreCat-ID: 15885
Somorovsky J, Heiderich M, Jensen M, Schwenk J, Gruschka N, Lo Iacono L. All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11. ; 2011. doi:10.1145/2046660.2046664
LibreCat
| DOI
| Download (ext.)
2011 | Conference Paper | LibreCat-ID: 15887
Jensen M, Meyer C, Somorovsky J, Schwenk J. On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks. In: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC). ; 2011. doi:10.1109/iwsscloud.2011.6049019
LibreCat
| DOI
2011 | Conference Paper | LibreCat-ID: 15915
Jager T, Somorovsky J. How to break XML encryption. In: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11. ; 2011. doi:10.1145/2046707.2046756
LibreCat
| DOI
| Download (ext.)
2011 | Conference Paper | LibreCat-ID: 15916
Meyer C, Somorovsky J, Driessen B, Schwenk J, Tran T, Wietfeld C. Sec2: Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage. In: ; 2011.
LibreCat
2010 | Conference Paper | LibreCat-ID: 15889
Somorovsky J, Jensen M, Schwenk J. Streaming-Based Verification of XML Signatures in SOAP Messages. In: 2010 6th World Congress on Services. ; 2010. doi:10.1109/services.2010.57
LibreCat
| DOI