Please note that LibreCat no longer supports Internet Explorer versions 8 or 9 (or earlier).

We recommend upgrading to the latest Internet Explorer, Google Chrome, or Firefox.

44 Publications


2023 | Conference Paper | LibreCat-ID: 43060 | OA
Hebrok SN, Nachtigall S, Maehren M, et al. We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets. In: 32nd USENIX Security Symposium. ; 2023.
LibreCat | Download (ext.)
 

2023 | Conference Paper | LibreCat-ID: 49654
Niere N, Hebrok SN, Somorovsky J, Merget R. Poster: Circumventing the GFW with TLS Record Fragmentation. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ACM; 2023. doi:10.1145/3576915.3624372
LibreCat | DOI
 

2023 | Conference Paper | LibreCat-ID: 46500
Pottebaum J, Rossel J, Somorovsky J, et al. Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE; 2023:379-385. doi:10.1109/eurospw59978.2023.00048
LibreCat | DOI | Download (ext.)
 

2023 | Conference Paper | LibreCat-ID: 48012
Rossel J, Mladenov V, Somorovsky J. Security Analysis of the 3MF Data Format. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. ACM; 2023. doi:10.1145/3607199.3607216
LibreCat | Files available | DOI | Download (ext.)
 

2022 | Conference Paper | LibreCat-ID: 32572
Mayer P, Poddebniak D, Fischer K, et al. “I don’ know why I check this...” - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks. In: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). USENIX Association; 2022:77–96.
LibreCat
 

2022 | Conference Paper | LibreCat-ID: 32573
Maehren M, Nieting P, Hebrok SN, Merget R, Somorovsky J, Schwenk J. TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries. In: 31st USENIX Security Symposium (USENIX Security 22). USENIX Association; 2022.
LibreCat
 

2021 | Conference Paper | LibreCat-ID: 25331
Brinkmann M, Dresen C, Merget R, et al. ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. In: 30th {USENIX} Security Symposium ({USENIX} Security 21). {USENIX} Association; 2021:4293-4310.
LibreCat
 

2021 | Conference Paper | LibreCat-ID: 25332
Merget R, Brinkmann M, Aviram N, Somorovsky J, Mittmann J, Schwenk J. Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E). In: 30th {USENIX} Security Symposium ({USENIX} Security 21). {USENIX} Association; 2021:213-230.
LibreCat
 

2021 | Journal Article | LibreCat-ID: 24143
Drees JP, Gupta P, Hüllermeier E, et al. Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs! 14th ACM Workshop on Artificial Intelligence and Security. Published online 2021.
LibreCat
 

2020 | Conference Paper | LibreCat-ID: 25334
Fiterau-Brostean P, Jonsson B, Merget R, de Ruiter J, Sagonas K, Somorovsky J. Analysis of DTLS Implementations Using Protocol State Fuzzing. In: 29th {USENIX} Security Symposium ({USENIX} Security 20). {USENIX} Association; 2020:2523-2540.
LibreCat
 

2020 | Conference Paper | LibreCat-ID: 25336
Schwenk J, Brinkmann M, Poddebniak D, Müller J, Somorovsky J, Schinzel S. Mitigation of Attacks on Email End-to-End Encryption. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. CCS ’20. Association for Computing Machinery; 2020:1647–1664. doi:10.1145/3372297.3417878
LibreCat | DOI
 

2019 | Conference Paper | LibreCat-ID: 15908 | OA
Müller J, Brinkmann M, Poddebniak D, et al. “Johnny, you are fired!” -- Spoofing OpenPGP and S/MIME Signatures in Emails. In: 28th {USENIX} Security Symposium ({USENIX} Security 19). Santa Clara, CA: {USENIX} Association; 2019:1011-1028.
LibreCat | Download (ext.)
 

2019 | Conference Paper | LibreCat-ID: 15909 | OA
Merget R, Somorovsky J, Aviram N, et al. Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities. In: 28th {USENIX} Security Symposium ({USENIX} Security 19). Santa Clara, CA: {USENIX} Association; 2019:1029-1046.
LibreCat | Download (ext.)
 

2019 | Conference Paper | LibreCat-ID: 15910
Engelbertz N, Mladenov V, Somorovsky J, Herring D, Erinola N, Schwenk J. Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS). In: Roßnagel H, Wagner S, Hühnlein D, eds. Open Identity Summit 2019. Gesellschaft für Informatik, Bonn; 2019:95-106.
LibreCat
 

2018 | Conference Paper | LibreCat-ID: 15892
Albrecht MR, Massimo J, Paterson KG, Somorovsky J. Prime and Prejudice: Primality Testing Under Adversarial Conditions. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ; 2018. doi:10.1145/3243734.3243787
LibreCat | DOI | Download (ext.)
 

2018 | Conference Paper | LibreCat-ID: 15893
Poddebniak D, Somorovsky J, Schinzel S, Lochter M, Rosler P. Attacking Deterministic Signature Schemes Using Fault Attacks. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P). ; 2018. doi:10.1109/eurosp.2018.00031
LibreCat | DOI
 

2018 | Conference Paper | LibreCat-ID: 15894
Detering D, Somorovsky J, Mainka C, Mladenov V, Schwenk J. On The (In-)Security Of JavaScript Object Signing And Encryption. In: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS. ; 2018. doi:10.1145/3150376.3150379
LibreCat | DOI
 

2018 | Conference Paper | LibreCat-ID: 15905 | OA
Poddebniak D, Dresen C, Müller J, et al. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. In: 27th {USENIX} Security Symposium ({USENIX} Security 18). Baltimore, MD: {USENIX} Association; 2018:549-566.
LibreCat | Download (ext.)
 

2018 | Conference Paper | LibreCat-ID: 15906 | OA
Böck H, Somorovsky J, Young C. Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT). In: 27th {USENIX} Security Symposium ({USENIX} Security 18). Baltimore, MD: {USENIX} Association; 2018:817-849.
LibreCat | Download (ext.)
 

2018 | Conference Paper | LibreCat-ID: 15914 | OA
Engelbertz N, Erinola N, Herring D, Somorovsky J, Mladenov V, Schwenk J. Security Analysis of eIDAS -- The Cross-Country Authentication Scheme in Europe. In: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18). Baltimore, MD: {USENIX} Association; 2018.
LibreCat | Download (ext.)
 

2017 | Conference Paper | LibreCat-ID: 15895
Muller J, Mladenov V, Somorovsky J, Schwenk J. SoK: Exploiting Network Printers. In: 2017 IEEE Symposium on Security and Privacy (SP). ; 2017. doi:10.1109/sp.2017.47
LibreCat | DOI | Download (ext.)
 

2017 | Conference Paper | LibreCat-ID: 15912 | OA
Grothe M, Niemann T, Somorovsky J, Schwenk J. Breaking and Fixing Gridcoin. In: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17). Vancouver, BC: {USENIX} Association; 2017.
LibreCat | Download (ext.)
 

2016 | Conference Paper | LibreCat-ID: 15896
Somorovsky J. Systematic Fuzzing and Testing of TLS Libraries. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16. ; 2016. doi:10.1145/2976749.2978411
LibreCat | DOI | Download (ext.)
 

2016 | Conference Paper | LibreCat-ID: 15907 | OA
Aviram N, Schinzel S, Somorovsky J, et al. DROWN: Breaking TLS Using SSLv2. In: 25th {USENIX} Security Symposium ({USENIX} Security 16). Austin, TX: {USENIX} Association; 2016:689-706.
LibreCat | Download (ext.)
 

2016 | Conference Paper | LibreCat-ID: 15913 | OA
Böck H, Zauner A, Devlin S, Somorovsky J, Jovanovic P. Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. In: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16). Austin, TX: {USENIX} Association; 2016.
LibreCat | Download (ext.)
 

2015 | Book Chapter | LibreCat-ID: 15897
Altmeier C, Mainka C, Somorovsky J, Schwenk J. AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services. In: Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015. Lecture Notes in Computer Science 9481. Cham; 2015. doi:10.1007/978-3-319-29883-2_5
LibreCat | DOI
 

2015 | Book Chapter | LibreCat-ID: 15899
Jager T, Schwenk J, Somorovsky J. Practical Invalid Curve Attacks on TLS-ECDH. In: Computer Security -- ESORICS 2015. Cham; 2015. doi:10.1007/978-3-319-24174-6_21
LibreCat | DOI | Download (ext.)
 

2015 | Conference Paper | LibreCat-ID: 15898
Jager T, Schwenk J, Somorovsky J. On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. ; 2015. doi:10.1145/2810103.2813657
LibreCat | DOI | Download (ext.)
 

2015 | Conference Paper | LibreCat-ID: 15900
Niemietz M, Somorovsky J, Mainka C, Schwenk J. Not so Smart: On Smart TV Apps. In: International Workshop on Secure Internet of Things (SIoT). ; 2015. doi:10.1109/siot.2015.13
LibreCat | DOI
 

2015 | Conference Paper | LibreCat-ID: 15911 | OA
Kupser D, Mainka C, Schwenk J, Somorovsky J. How to Break XML Encryption -- Automatically. In: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15). Washington, D.C.: {USENIX} Association; 2015.
LibreCat | Download (ext.)
 

2014 | Conference Paper | LibreCat-ID: 15904 | OA
Meyer C, Somorovsky J, Weiss E, Schwenk J, Schinzel S, Tews E. Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. In: 23rd {USENIX} Security Symposium ({USENIX} Security 14). San Diego, CA: {USENIX} Association; 2014:733-748.
LibreCat | Download (ext.)
 

2013 | Conference Paper | LibreCat-ID: 15902
Falkenberg A, Mainka C, Somorovsky J, Schwenk J. A New Approach towards DoS Penetration Testing on Web Services. In: 2013 IEEE 20th International Conference on Web Services. ; 2013. doi:10.1109/icws.2013.72
LibreCat | DOI
 

2013 | Conference Paper | LibreCat-ID: 15918 | OA
Jager T, Paterson KG, Somorovsky J. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. In: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013. ; 2013.
LibreCat | Download (ext.)
 

2013 | Dissertation | LibreCat-ID: 15901
Somorovsky J. On the Insecurity of XML Security.; 2013. doi:10.1515/itit-2014-1045
LibreCat | DOI
 

2013 | Journal Article | LibreCat-ID: 15903
Mainka C, Mladenov V, Somorovsky J, Schwenk J. Penetration test tool for XML-based web services. CEUR Workshop Proceedings. 2013;965:31-35.
LibreCat
 

2012 | Book Chapter | LibreCat-ID: 15891
Jager T, Schinzel S, Somorovsky J. Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption. In: Computer Security – ESORICS 2012. Berlin, Heidelberg; 2012. doi:10.1007/978-3-642-33167-1_43
LibreCat | DOI
 

2012 | Conference Paper | LibreCat-ID: 15888 | OA
Somorovsky J, Mayer A, Schwenk J, Kampmann M, Jensen M. On Breaking SAML: Be Whoever You Want to Be. In: Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12). Bellevue, WA: {USENIX}; 2012:397-412.
LibreCat | Download (ext.)
 

2012 | Conference Paper | LibreCat-ID: 15890
Somorovsky J, Schwenk J. Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption. In: 2012 IEEE Eighth World Congress on Services. ; 2012. doi:10.1109/services.2012.6
LibreCat | DOI
 

2012 | Conference Paper | LibreCat-ID: 15917
Somorovsky J, Meyer C, Tran T, Sbeiti M, Schwenk J, Wietfeld C. Sec2: Secure Mobile Solution for Distributed Public Cloud Storages. In: ; 2012.
LibreCat
 

2011 | Conference Paper | LibreCat-ID: 15885
Somorovsky J, Heiderich M, Jensen M, Schwenk J, Gruschka N, Lo Iacono L. All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11. ; 2011. doi:10.1145/2046660.2046664
LibreCat | DOI | Download (ext.)
 

2011 | Conference Paper | LibreCat-ID: 15887
Jensen M, Meyer C, Somorovsky J, Schwenk J. On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks. In: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC). ; 2011. doi:10.1109/iwsscloud.2011.6049019
LibreCat | DOI
 

2011 | Conference Paper | LibreCat-ID: 15915
Jager T, Somorovsky J. How to break XML encryption. In: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11. ; 2011. doi:10.1145/2046707.2046756
LibreCat | DOI | Download (ext.)
 

2011 | Conference Paper | LibreCat-ID: 15916
Meyer C, Somorovsky J, Driessen B, Schwenk J, Tran T, Wietfeld C. Sec2: Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage. In: ; 2011.
LibreCat
 

2010 | Conference Paper | LibreCat-ID: 15889
Somorovsky J, Jensen M, Schwenk J. Streaming-Based Verification of XML Signatures in SOAP Messages. In: 2010 6th World Congress on Services. ; 2010. doi:10.1109/services.2010.57
LibreCat | DOI
 

Filters and Search Terms

(person=83504) OR (department=632)

status=public

Search

Filter Publications

Display / Sort

Sorted by: Publishing Year , Publication Type
Citation Style: AMA

Export / Embed