Please note that LibreCat no longer supports Internet Explorer versions 8 or 9 (or earlier).
We recommend upgrading to the latest Internet Explorer, Google Chrome, or Firefox.
44 Publications
2023 | Conference Paper | LibreCat-ID: 43060 | 
@inproceedings{Hebrok_Nachtigall_Maehren_Erinola_Merget_Somorovsky_Schwenk_2023, title={We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets}, booktitle={32nd USENIX Security Symposium}, author={Hebrok, Sven Niclas and Nachtigall, Simon and Maehren, Marcel and Erinola, Nurullah and Merget, Robert and Somorovsky, Juraj and Schwenk, Jörg}, year={2023} }
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 48012
@inproceedings{Rossel_Mladenov_Somorovsky_2023, title={Security Analysis of the 3MF Data Format}, DOI={10.1145/3607199.3607216}, booktitle={Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses}, publisher={ACM}, author={Rossel, Jost and Mladenov, Vladislav and Somorovsky, Juraj}, year={2023} }
LibreCat
| Files available
| DOI
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 46500
@inproceedings{Pottebaum_Rossel_Somorovsky_Acar_Fahr_Arias Cabarcos_Bodden_Gräßler_2023, title={Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth}, DOI={10.1109/eurospw59978.2023.00048}, booktitle={2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)}, publisher={IEEE}, author={Pottebaum, Jens and Rossel, Jost and Somorovsky, Juraj and Acar, Yasemin and Fahr, René and Arias Cabarcos, Patricia and Bodden, Eric and Gräßler, Iris}, year={2023}, pages={379–385} }
LibreCat
| DOI
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 49654
@inproceedings{Niere_Hebrok_Somorovsky_Merget_2023, title={Poster: Circumventing the GFW with TLS Record Fragmentation}, DOI={10.1145/3576915.3624372}, booktitle={Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security}, publisher={ACM}, author={Niere, Niklas and Hebrok, Sven Niclas and Somorovsky, Juraj and Merget, Robert}, year={2023} }
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 32572
@inproceedings{Mayer_Poddebniak_Fischer_Brinkmann_Somorovsky_Sasse_Schinzel_Volkamer_2022, place={Boston, MA}, title={“I don’ know why I check this...” - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks}, booktitle={Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)}, publisher={USENIX Association}, author={Mayer, Peter and Poddebniak, Damian and Fischer, Konstantin and Brinkmann, Marcus and Somorovsky, Juraj and Sasse, Angela and Schinzel, Sebastian and Volkamer, Melanie}, year={2022}, pages={77–96} }
LibreCat
2022 | Conference Paper | LibreCat-ID: 32573
@inproceedings{Maehren_Nieting_Hebrok_Merget_Somorovsky_Schwenk_2022, place={Boston, MA}, title={TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries}, booktitle={31st USENIX Security Symposium (USENIX Security 22)}, publisher={USENIX Association}, author={Maehren, Marcel and Nieting, Philipp and Hebrok, Sven Niclas and Merget, Robert and Somorovsky, Juraj and Schwenk, Jörg}, year={2022} }
LibreCat
2021 | Conference Paper | LibreCat-ID: 25331
@inproceedings{Brinkmann_Dresen_Merget_Poddebniak_Müller_Somorovsky_Schwenk_Schinzel_2021, title={ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication}, booktitle={30th {USENIX} Security Symposium ({USENIX} Security 21)}, publisher={{USENIX} Association}, author={Brinkmann, Marcus and Dresen, Christian and Merget, Robert and Poddebniak, Damian and Müller, Jens and Somorovsky, Juraj and Schwenk, Jörg and Schinzel, Sebastian}, year={2021}, pages={4293–4310} }
LibreCat
2021 | Conference Paper | LibreCat-ID: 25332
@inproceedings{Merget_Brinkmann_Aviram_Somorovsky_Mittmann_Schwenk_2021, title={Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)}, booktitle={30th {USENIX} Security Symposium ({USENIX} Security 21)}, publisher={{USENIX} Association}, author={Merget, Robert and Brinkmann, Marcus and Aviram, Nimrod and Somorovsky, Juraj and Mittmann, Johannes and Schwenk, Jörg}, year={2021}, pages={213–230} }
LibreCat
2021 | Journal Article | LibreCat-ID: 24143
@article{Drees_Gupta_Hüllermeier_Jager_Konze_Priesterjahn_Ramaswamy_Somorovsky_2021, title={Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!}, journal={14th ACM Workshop on Artificial Intelligence and Security}, author={Drees, Jan Peter and Gupta, Pritha and Hüllermeier, Eyke and Jager, Tibor and Konze, Alexander and Priesterjahn, Claudia and Ramaswamy, Arunselvan and Somorovsky, Juraj}, year={2021} }
LibreCat
2020 | Conference Paper | LibreCat-ID: 25334
@inproceedings{Fiterau-Brostean_Jonsson_Merget_de Ruiter_Sagonas_Somorovsky_2020, title={Analysis of DTLS Implementations Using Protocol State Fuzzing}, booktitle={29th {USENIX} Security Symposium ({USENIX} Security 20)}, publisher={{USENIX} Association}, author={Fiterau-Brostean, Paul and Jonsson, Bengt and Merget, Robert and de Ruiter, Joeri and Sagonas, Konstantinos and Somorovsky, Juraj}, year={2020}, pages={2523–2540} }
LibreCat
2020 | Conference Paper | LibreCat-ID: 25336
@inproceedings{Schwenk_Brinkmann_Poddebniak_Müller_Somorovsky_Schinzel_2020, place={New York, NY, USA}, series={CCS ’20}, title={Mitigation of Attacks on Email End-to-End Encryption}, DOI={10.1145/3372297.3417878}, booktitle={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security}, publisher={Association for Computing Machinery}, author={Schwenk, Jörg and Brinkmann, Marcus and Poddebniak, Damian and Müller, Jens and Somorovsky, Juraj and Schinzel, Sebastian}, year={2020}, pages={1647–1664}, collection={CCS ’20} }
LibreCat
| DOI
2019 | Conference Paper | LibreCat-ID: 15908 |
@inproceedings{Müller_Brinkmann_Poddebniak_Böck_Schinzel_Somorovsky_Schwenk_2019, place={Santa Clara, CA}, title={“Johnny, you are fired!” -- Spoofing OpenPGP and S/MIME Signatures in Emails}, booktitle={28th {USENIX} Security Symposium ({USENIX} Security 19)}, publisher={{USENIX} Association}, author={Müller, Jens and Brinkmann, Marcus and Poddebniak, Damian and Böck, Hanno and Schinzel, Sebastian and Somorovsky, Juraj and Schwenk, Jörg}, year={2019}, pages={1011–1028} }
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 15909 |
@inproceedings{Merget_Somorovsky_Aviram_Young_Fliegenschmidt_Schwenk_Shavitt_2019, place={Santa Clara, CA}, title={Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities}, booktitle={28th {USENIX} Security Symposium ({USENIX} Security 19)}, publisher={{USENIX} Association}, author={Merget, Robert and Somorovsky, Juraj and Aviram, Nimrod and Young, Craig and Fliegenschmidt, Janis and Schwenk, Jörg and Shavitt, Yuval}, year={2019}, pages={1029–1046} }
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 15910
@inproceedings{Engelbertz_Mladenov_Somorovsky_Herring_Erinola_Schwenk_2019, title={Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)}, booktitle={Open Identity Summit 2019}, publisher={Gesellschaft für Informatik, Bonn}, author={Engelbertz, Nils and Mladenov, Vladislav and Somorovsky, Juraj and Herring, David and Erinola, Nurullah and Schwenk, Jörg}, editor={Roßnagel, Heiko and Wagner, Sven and Hühnlein, DetlefEditors}, year={2019}, pages={95–106} }
LibreCat
2018 | Conference Paper | LibreCat-ID: 15892
@inproceedings{Albrecht_Massimo_Paterson_Somorovsky_2018, title={Prime and Prejudice: Primality Testing Under Adversarial Conditions}, DOI={10.1145/3243734.3243787}, booktitle={Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security}, author={Albrecht, Martin R. and Massimo, Jake and Paterson, Kenneth G. and Somorovsky, Juraj}, year={2018} }
LibreCat
| DOI
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15893
@inproceedings{Poddebniak_Somorovsky_Schinzel_Lochter_Rosler_2018, title={Attacking Deterministic Signature Schemes Using Fault Attacks}, DOI={10.1109/eurosp.2018.00031}, booktitle={2018 IEEE European Symposium on Security and Privacy (EuroS&P)}, author={Poddebniak, Damian and Somorovsky, Juraj and Schinzel, Sebastian and Lochter, Manfred and Rosler, Paul}, year={2018} }
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 15894
@inproceedings{Detering_Somorovsky_Mainka_Mladenov_Schwenk_2018, title={On The (In-)Security Of JavaScript Object Signing And Encryption}, DOI={10.1145/3150376.3150379}, booktitle={Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium on - ROOTS}, author={Detering, Dennis and Somorovsky, Juraj and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, year={2018} }
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 15905 |
@inproceedings{Poddebniak_Dresen_Müller_Ising_Schinzel_Friedberger_Somorovsky_Schwenk_2018, place={Baltimore, MD}, title={Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels}, booktitle={27th {USENIX} Security Symposium ({USENIX} Security 18)}, publisher={{USENIX} Association}, author={Poddebniak, Damian and Dresen, Christian and Müller, Jens and Ising, Fabian and Schinzel, Sebastian and Friedberger, Simon and Somorovsky, Juraj and Schwenk, Jörg}, year={2018}, pages={549–566} }
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15906 |
@inproceedings{Böck_Somorovsky_Young_2018, place={Baltimore, MD}, title={Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT)}, booktitle={27th {USENIX} Security Symposium ({USENIX} Security 18)}, publisher={{USENIX} Association}, author={Böck, Hanno and Somorovsky, Juraj and Young, Craig}, year={2018}, pages={817–849} }
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15914 |
@inproceedings{Engelbertz_Erinola_Herring_Somorovsky_Mladenov_Schwenk_2018, place={Baltimore, MD}, title={Security Analysis of eIDAS -- The Cross-Country Authentication Scheme in Europe}, booktitle={12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18)}, publisher={{USENIX} Association}, author={Engelbertz, Nils and Erinola, Nurullah and Herring, David and Somorovsky, Juraj and Mladenov, Vladislav and Schwenk, Jörg}, year={2018} }
LibreCat
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 15895
@inproceedings{Muller_Mladenov_Somorovsky_Schwenk_2017, title={SoK: Exploiting Network Printers}, DOI={10.1109/sp.2017.47}, booktitle={2017 IEEE Symposium on Security and Privacy (SP)}, author={Muller, Jens and Mladenov, Vladislav and Somorovsky, Juraj and Schwenk, Jörg}, year={2017} }
LibreCat
| DOI
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 15912 |
@inproceedings{Grothe_Niemann_Somorovsky_Schwenk_2017, place={Vancouver, BC}, title={Breaking and Fixing Gridcoin}, booktitle={11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17)}, publisher={{USENIX} Association}, author={Grothe, Martin and Niemann, Tobias and Somorovsky, Juraj and Schwenk, Jörg}, year={2017} }
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15896
@inproceedings{Somorovsky_2016, title={Systematic Fuzzing and Testing of TLS Libraries}, DOI={10.1145/2976749.2978411}, booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16}, author={Somorovsky, Juraj}, year={2016} }
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15907 |
@inproceedings{Aviram_Schinzel_Somorovsky_Heninger_Dankel_Steube_Valenta_Adrian_Halderman_Dukhovni_et al._2016, place={Austin, TX}, title={DROWN: Breaking TLS Using SSLv2}, booktitle={25th {USENIX} Security Symposium ({USENIX} Security 16)}, publisher={{USENIX} Association}, author={Aviram, Nimrod and Schinzel, Sebastian and Somorovsky, Juraj and Heninger, Nadia and Dankel, Maik and Steube, Jens and Valenta, Luke and Adrian, David and Halderman, J. Alex and Dukhovni, Viktor and et al.}, year={2016}, pages={689–706} }
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15913 |
@inproceedings{Böck_Zauner_Devlin_Somorovsky_Jovanovic_2016, place={Austin, TX}, title={Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS}, booktitle={10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16)}, publisher={{USENIX} Association}, author={Böck, Hanno and Zauner, Aaron and Devlin, Sean and Somorovsky, Juraj and Jovanovic, Philipp}, year={2016} }
LibreCat
| Download (ext.)
2015 | Book Chapter | LibreCat-ID: 15897
@inbook{Altmeier_Mainka_Somorovsky_Schwenk_2015, place={Cham}, series={Lecture Notes in Computer Science 9481}, title={AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services}, DOI={10.1007/978-3-319-29883-2_5}, booktitle={Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015}, author={Altmeier, Christian and Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, year={2015}, collection={Lecture Notes in Computer Science 9481} }
LibreCat
| DOI
2015 | Book Chapter | LibreCat-ID: 15899
@inbook{Jager_Schwenk_Somorovsky_2015, place={Cham}, title={Practical Invalid Curve Attacks on TLS-ECDH}, DOI={10.1007/978-3-319-24174-6_21}, booktitle={Computer Security -- ESORICS 2015}, author={Jager, Tibor and Schwenk, Jörg and Somorovsky, Juraj}, year={2015} }
LibreCat
| DOI
| Download (ext.)
2015 | Conference Paper | LibreCat-ID: 15898
@inproceedings{Jager_Schwenk_Somorovsky_2015, title={On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption}, DOI={10.1145/2810103.2813657}, booktitle={Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15}, author={Jager, Tibor and Schwenk, Jörg and Somorovsky, Juraj}, year={2015} }
LibreCat
| DOI
| Download (ext.)
2015 | Conference Paper | LibreCat-ID: 15900
@inproceedings{Niemietz_Somorovsky_Mainka_Schwenk_2015, title={Not so Smart: On Smart TV Apps}, DOI={10.1109/siot.2015.13}, booktitle={International Workshop on Secure Internet of Things (SIoT)}, author={Niemietz, Marcus and Somorovsky, Juraj and Mainka, Christian and Schwenk, Jorg}, year={2015} }
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 15911 |
@inproceedings{Kupser_Mainka_Schwenk_Somorovsky_2015, place={Washington, D.C.}, title={How to Break XML Encryption -- Automatically}, booktitle={9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15)}, publisher={{USENIX} Association}, author={Kupser, Dennis and Mainka, Christian and Schwenk, Jö and Somorovsky, Juraj}, year={2015} }
LibreCat
| Download (ext.)
2014 | Conference Paper | LibreCat-ID: 15904 |
@inproceedings{Meyer_Somorovsky_Weiss_Schwenk_Schinzel_Tews_2014, place={San Diego, CA}, title={Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks}, booktitle={23rd {USENIX} Security Symposium ({USENIX} Security 14)}, publisher={{USENIX} Association}, author={Meyer, Christopher and Somorovsky, Juraj and Weiss, Eugen and Schwenk, Jörg and Schinzel, Sebastian and Tews, Erik}, year={2014}, pages={733–748} }
LibreCat
| Download (ext.)
2013 | Conference Paper | LibreCat-ID: 15902
@inproceedings{Falkenberg_Mainka_Somorovsky_Schwenk_2013, title={A New Approach towards DoS Penetration Testing on Web Services}, DOI={10.1109/icws.2013.72}, booktitle={2013 IEEE 20th International Conference on Web Services}, author={Falkenberg, Andreas and Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, year={2013} }
LibreCat
| DOI
2013 | Conference Paper | LibreCat-ID: 15918 |
@inproceedings{Jager_Paterson_Somorovsky_2013, title={One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography}, booktitle={20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013}, author={Jager, Tibor and Paterson, Kenneth G. and Somorovsky, Juraj}, year={2013} }
LibreCat
| Download (ext.)
2013 | Dissertation | LibreCat-ID: 15901
@book{Somorovsky_2013, title={On the insecurity of XML Security}, DOI={10.1515/itit-2014-1045}, author={Somorovsky, Juraj}, year={2013} }
LibreCat
| DOI
2013 | Journal Article | LibreCat-ID: 15903
@article{Mainka_Mladenov_Somorovsky_Schwenk_2013, title={Penetration test tool for XML-based web services}, volume={965}, journal={CEUR Workshop Proceedings}, author={Mainka, Christian and Mladenov, Vladislav and Somorovsky, Juraj and Schwenk, Jörg}, year={2013}, pages={31–35} }
LibreCat
2012 | Book Chapter | LibreCat-ID: 15891
@inbook{Jager_Schinzel_Somorovsky_2012, place={Berlin, Heidelberg}, title={Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption}, DOI={10.1007/978-3-642-33167-1_43}, booktitle={Computer Security – ESORICS 2012}, author={Jager, Tibor and Schinzel, Sebastian and Somorovsky, Juraj}, year={2012} }
LibreCat
| DOI
2012 | Conference Paper | LibreCat-ID: 15888 |
@inproceedings{Somorovsky_Mayer_Schwenk_Kampmann_Jensen_2012, place={Bellevue, WA}, title={On Breaking SAML: Be Whoever You Want to Be}, booktitle={Presented as part of the 21st {USENIX} Security Symposium ({USENIX} Security 12)}, publisher={{USENIX}}, author={Somorovsky, Juraj and Mayer, Andreas and Schwenk, Jörg and Kampmann, Marco and Jensen, Meiko}, year={2012}, pages={397–412} }
LibreCat
| Download (ext.)
2012 | Conference Paper | LibreCat-ID: 15890
@inproceedings{Somorovsky_Schwenk_2012, title={Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption}, DOI={10.1109/services.2012.6}, booktitle={2012 IEEE Eighth World Congress on Services}, author={Somorovsky, Juraj and Schwenk, Jörg}, year={2012} }
LibreCat
| DOI
2012 | Conference Paper | LibreCat-ID: 15917
@inproceedings{Somorovsky_Meyer_Tran_Sbeiti_Schwenk_Wietfeld_2012, title={Sec2: Secure Mobile Solution for Distributed Public Cloud Storages}, author={Somorovsky, Juraj and Meyer, Christopher and Tran, Thang and Sbeiti, Mohamad and Schwenk, Jörg and Wietfeld, Christian}, year={2012} }
LibreCat
2011 | Conference Paper | LibreCat-ID: 15885
@inproceedings{Somorovsky_Heiderich_Jensen_Schwenk_Gruschka_Lo Iacono_2011, title={All your clouds are belong to us: security analysis of cloud management interfaces}, DOI={10.1145/2046660.2046664}, booktitle={Proceedings of the 3rd ACM workshop on Cloud computing security workshop - CCSW ’11}, author={Somorovsky, Juraj and Heiderich, Mario and Jensen, Meiko and Schwenk, Jörg and Gruschka, Nils and Lo Iacono, Luigi}, year={2011} }
LibreCat
| DOI
| Download (ext.)
2011 | Conference Paper | LibreCat-ID: 15887
@inproceedings{Jensen_Meyer_Somorovsky_Schwenk_2011, title={On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks}, DOI={10.1109/iwsscloud.2011.6049019}, booktitle={2011 1st International Workshop on Securing Services on the Cloud (IWSSC)}, author={Jensen, Meiko and Meyer, Christopher and Somorovsky, Juraj and Schwenk, Jörg}, year={2011} }
LibreCat
| DOI
2011 | Conference Paper | LibreCat-ID: 15915
@inproceedings{Jager_Somorovsky_2011, title={How to break XML encryption}, DOI={10.1145/2046707.2046756}, booktitle={Proceedings of the 18th ACM conference on Computer and communications security - CCS ’11}, author={Jager, Tibor and Somorovsky, Juraj}, year={2011} }
LibreCat
| DOI
| Download (ext.)
2011 | Conference Paper | LibreCat-ID: 15916
@inproceedings{Meyer_Somorovsky_Driessen_Schwenk_Tran_Wietfeld_2011, title={Sec2: Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage}, author={Meyer, Christopher and Somorovsky, Juraj and Driessen, Benedikt and Schwenk, Jörg and Tran, Thang and Wietfeld, Christian}, year={2011} }
LibreCat
2010 | Conference Paper | LibreCat-ID: 15889
@inproceedings{Somorovsky_Jensen_Schwenk_2010, title={Streaming-Based Verification of XML Signatures in SOAP Messages}, DOI={10.1109/services.2010.57}, booktitle={2010 6th World Congress on Services}, author={Somorovsky, Juraj and Jensen, Meiko and Schwenk, Jörg}, year={2010} }
LibreCat
| DOI