Please note that LibreCat no longer supports Internet Explorer versions 8 or 9 (or earlier).
We recommend upgrading to the latest Internet Explorer, Google Chrome, or Firefox.
44 Publications
2023 | Conference Paper | LibreCat-ID: 43060 | 
Hebrok, Sven Niclas, Simon Nachtigall, Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, and Jörg Schwenk. “We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets.” In 32nd USENIX Security Symposium, 2023.
LibreCat
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 48012
Rossel, Jost, Vladislav Mladenov, and Juraj Somorovsky. “Security Analysis of the 3MF Data Format.” In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses. ACM, 2023. https://doi.org/10.1145/3607199.3607216.
LibreCat
| Files available
| DOI
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 46500
Pottebaum, Jens, Jost Rossel, Juraj Somorovsky, Yasemin Acar, René Fahr, Patricia Arias Cabarcos, Eric Bodden, and Iris Gräßler. “Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.” In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 379–85. IEEE, 2023. https://doi.org/10.1109/eurospw59978.2023.00048.
LibreCat
| DOI
| Download (ext.)
2023 | Conference Paper | LibreCat-ID: 49654
Niere, Niklas, Sven Niclas Hebrok, Juraj Somorovsky, and Robert Merget. “Poster: Circumventing the GFW with TLS Record Fragmentation.” In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2023. https://doi.org/10.1145/3576915.3624372.
LibreCat
| DOI
2022 | Conference Paper | LibreCat-ID: 32572
Mayer, Peter, Damian Poddebniak, Konstantin Fischer, Marcus Brinkmann, Juraj Somorovsky, Angela Sasse, Sebastian Schinzel, and Melanie Volkamer. “‘I Don’ Know Why I Check This...’ - Investigating Expert Users’ Strategies to Detect Email Signature Spoofing Attacks.” In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), 77–96. Boston, MA: USENIX Association, 2022.
LibreCat
2022 | Conference Paper | LibreCat-ID: 32573
Maehren, Marcel, Philipp Nieting, Sven Niclas Hebrok, Robert Merget, Juraj Somorovsky, and Jörg Schwenk. “TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries.” In 31st USENIX Security Symposium (USENIX Security 22). Boston, MA: USENIX Association, 2022.
LibreCat
2021 | Conference Paper | LibreCat-ID: 25331
Brinkmann, Marcus, Christian Dresen, Robert Merget, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Jörg Schwenk, and Sebastian Schinzel. “ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication.” In 30th {USENIX} Security Symposium ({USENIX} Security 21), 4293–4310. {USENIX} Association, 2021.
LibreCat
2021 | Conference Paper | LibreCat-ID: 25332
Merget, Robert, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, and Jörg Schwenk. “Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E).” In 30th {USENIX} Security Symposium ({USENIX} Security 21), 213–30. {USENIX} Association, 2021.
LibreCat
2021 | Journal Article | LibreCat-ID: 24143
Drees, Jan Peter, Pritha Gupta, Eyke Hüllermeier, Tibor Jager, Alexander Konze, Claudia Priesterjahn, Arunselvan Ramaswamy, and Juraj Somorovsky. “Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!” 14th ACM Workshop on Artificial Intelligence and Security, 2021.
LibreCat
2020 | Conference Paper | LibreCat-ID: 25334
Fiterau-Brostean, Paul, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. “Analysis of DTLS Implementations Using Protocol State Fuzzing.” In 29th {USENIX} Security Symposium ({USENIX} Security 20), 2523–40. {USENIX} Association, 2020.
LibreCat
2020 | Conference Paper | LibreCat-ID: 25336
Schwenk, Jörg, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, and Sebastian Schinzel. “Mitigation of Attacks on Email End-to-End Encryption.” In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 1647–1664. CCS ’20. New York, NY, USA: Association for Computing Machinery, 2020. https://doi.org/10.1145/3372297.3417878.
LibreCat
| DOI
2019 | Conference Paper | LibreCat-ID: 15908 |
Müller, Jens, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, and Jörg Schwenk. “‘Johnny, You Are Fired!’ -- Spoofing OpenPGP and S/MIME Signatures in Emails.” In 28th {USENIX} Security Symposium ({USENIX} Security 19), 1011–28. Santa Clara, CA: {USENIX} Association, 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 15909 |
Merget, Robert, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, and Yuval Shavitt. “Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities.” In 28th {USENIX} Security Symposium ({USENIX} Security 19), 1029–46. Santa Clara, CA: {USENIX} Association, 2019.
LibreCat
| Download (ext.)
2019 | Conference Paper | LibreCat-ID: 15910
Engelbertz, Nils, Vladislav Mladenov, Juraj Somorovsky, David Herring, Nurullah Erinola, and Jörg Schwenk. “Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS).” In Open Identity Summit 2019, edited by Heiko Roßnagel, Sven Wagner, and Detlef Hühnlein, 95–106. Gesellschaft für Informatik, Bonn, 2019.
LibreCat
2018 | Conference Paper | LibreCat-ID: 15892
Albrecht, Martin R., Jake Massimo, Kenneth G. Paterson, and Juraj Somorovsky. “Prime and Prejudice: Primality Testing Under Adversarial Conditions.” In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018. https://doi.org/10.1145/3243734.3243787.
LibreCat
| DOI
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15893
Poddebniak, Damian, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, and Paul Rosler. “Attacking Deterministic Signature Schemes Using Fault Attacks.” In 2018 IEEE European Symposium on Security and Privacy (EuroS&P), 2018. https://doi.org/10.1109/eurosp.2018.00031.
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 15894
Detering, Dennis, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk. “On The (In-)Security Of JavaScript Object Signing And Encryption.” In Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS, 2018. https://doi.org/10.1145/3150376.3150379.
LibreCat
| DOI
2018 | Conference Paper | LibreCat-ID: 15905 |
Poddebniak, Damian, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk. “Efail: Breaking S/MIME and OpenPGP Email Encryption Using Exfiltration Channels.” In 27th {USENIX} Security Symposium ({USENIX} Security 18), 549–66. Baltimore, MD: {USENIX} Association, 2018.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15906 |
Böck, Hanno, Juraj Somorovsky, and Craig Young. “Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT).” In 27th {USENIX} Security Symposium ({USENIX} Security 18), 817–49. Baltimore, MD: {USENIX} Association, 2018.
LibreCat
| Download (ext.)
2018 | Conference Paper | LibreCat-ID: 15914 |
Engelbertz, Nils, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Jörg Schwenk. “Security Analysis of EIDAS -- The Cross-Country Authentication Scheme in Europe.” In 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18). Baltimore, MD: {USENIX} Association, 2018.
LibreCat
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 15895
Muller, Jens, Vladislav Mladenov, Juraj Somorovsky, and Jörg Schwenk. “SoK: Exploiting Network Printers.” In 2017 IEEE Symposium on Security and Privacy (SP), 2017. https://doi.org/10.1109/sp.2017.47.
LibreCat
| DOI
| Download (ext.)
2017 | Conference Paper | LibreCat-ID: 15912 |
Grothe, Martin, Tobias Niemann, Juraj Somorovsky, and Jörg Schwenk. “Breaking and Fixing Gridcoin.” In 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17). Vancouver, BC: {USENIX} Association, 2017.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15896
Somorovsky, Juraj. “Systematic Fuzzing and Testing of TLS Libraries.” In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16, 2016. https://doi.org/10.1145/2976749.2978411.
LibreCat
| DOI
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15907 |
Aviram, Nimrod, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, et al. “DROWN: Breaking TLS Using SSLv2.” In 25th {USENIX} Security Symposium ({USENIX} Security 16), 689–706. Austin, TX: {USENIX} Association, 2016.
LibreCat
| Download (ext.)
2016 | Conference Paper | LibreCat-ID: 15913 |
Böck, Hanno, Aaron Zauner, Sean Devlin, Juraj Somorovsky, and Philipp Jovanovic. “Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS.” In 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16). Austin, TX: {USENIX} Association, 2016.
LibreCat
| Download (ext.)
2015 | Book Chapter | LibreCat-ID: 15897
Altmeier, Christian, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk. “AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services.” In Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015. Lecture Notes in Computer Science 9481. Cham, 2015. https://doi.org/10.1007/978-3-319-29883-2_5.
LibreCat
| DOI
2015 | Book Chapter | LibreCat-ID: 15899
Jager, Tibor, Jörg Schwenk, and Juraj Somorovsky. “Practical Invalid Curve Attacks on TLS-ECDH.” In Computer Security -- ESORICS 2015. Cham, 2015. https://doi.org/10.1007/978-3-319-24174-6_21.
LibreCat
| DOI
| Download (ext.)
2015 | Conference Paper | LibreCat-ID: 15898
Jager, Tibor, Jörg Schwenk, and Juraj Somorovsky. “On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption.” In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15, 2015. https://doi.org/10.1145/2810103.2813657.
LibreCat
| DOI
| Download (ext.)
2015 | Conference Paper | LibreCat-ID: 15900
Niemietz, Marcus, Juraj Somorovsky, Christian Mainka, and Jorg Schwenk. “Not so Smart: On Smart TV Apps.” In International Workshop on Secure Internet of Things (SIoT), 2015. https://doi.org/10.1109/siot.2015.13.
LibreCat
| DOI
2015 | Conference Paper | LibreCat-ID: 15911 |
Kupser, Dennis, Christian Mainka, Jö Schwenk, and Juraj Somorovsky. “How to Break XML Encryption -- Automatically.” In 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15). Washington, D.C.: {USENIX} Association, 2015.
LibreCat
| Download (ext.)
2014 | Conference Paper | LibreCat-ID: 15904 |
Meyer, Christopher, Juraj Somorovsky, Eugen Weiss, Jörg Schwenk, Sebastian Schinzel, and Erik Tews. “Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks.” In 23rd {USENIX} Security Symposium ({USENIX} Security 14), 733–48. San Diego, CA: {USENIX} Association, 2014.
LibreCat
| Download (ext.)
2013 | Conference Paper | LibreCat-ID: 15902
Falkenberg, Andreas, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk. “A New Approach towards DoS Penetration Testing on Web Services.” In 2013 IEEE 20th International Conference on Web Services, 2013. https://doi.org/10.1109/icws.2013.72.
LibreCat
| DOI
2013 | Conference Paper | LibreCat-ID: 15918 |
Jager, Tibor, Kenneth G. Paterson, and Juraj Somorovsky. “One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography.” In 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, 2013.
LibreCat
| Download (ext.)
2013 | Dissertation | LibreCat-ID: 15901
Somorovsky, Juraj. On the Insecurity of XML Security, 2013. https://doi.org/10.1515/itit-2014-1045.
LibreCat
| DOI
2013 | Journal Article | LibreCat-ID: 15903
Mainka, Christian, Vladislav Mladenov, Juraj Somorovsky, and Jörg Schwenk. “Penetration Test Tool for XML-Based Web Services.” CEUR Workshop Proceedings 965 (2013): 31–35.
LibreCat
2012 | Book Chapter | LibreCat-ID: 15891
Jager, Tibor, Sebastian Schinzel, and Juraj Somorovsky. “Bleichenbacher’s Attack Strikes Again: Breaking PKCS#1 v1.5 in XML Encryption.” In Computer Security – ESORICS 2012. Berlin, Heidelberg, 2012. https://doi.org/10.1007/978-3-642-33167-1_43.
LibreCat
| DOI
2012 | Conference Paper | LibreCat-ID: 15888 |
Somorovsky, Juraj, Andreas Mayer, Jörg Schwenk, Marco Kampmann, and Meiko Jensen. “On Breaking SAML: Be Whoever You Want to Be.” In Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12), 397–412. Bellevue, WA: {USENIX}, 2012.
LibreCat
| Download (ext.)
2012 | Conference Paper | LibreCat-ID: 15890
Somorovsky, Juraj, and Jörg Schwenk. “Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption.” In 2012 IEEE Eighth World Congress on Services, 2012. https://doi.org/10.1109/services.2012.6.
LibreCat
| DOI
2012 | Conference Paper | LibreCat-ID: 15917
Somorovsky, Juraj, Christopher Meyer, Thang Tran, Mohamad Sbeiti, Jörg Schwenk, and Christian Wietfeld. “Sec2: Secure Mobile Solution for Distributed Public Cloud Storages,” 2012.
LibreCat
2011 | Conference Paper | LibreCat-ID: 15885
Somorovsky, Juraj, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, and Luigi Lo Iacono. “All Your Clouds Are Belong to Us: Security Analysis of Cloud Management Interfaces.” In Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11, 2011. https://doi.org/10.1145/2046660.2046664.
LibreCat
| DOI
| Download (ext.)
2011 | Conference Paper | LibreCat-ID: 15887
Jensen, Meiko, Christopher Meyer, Juraj Somorovsky, and Jörg Schwenk. “On the Effectiveness of XML Schema Validation for Countering XML Signature Wrapping Attacks.” In 2011 1st International Workshop on Securing Services on the Cloud (IWSSC), 2011. https://doi.org/10.1109/iwsscloud.2011.6049019.
LibreCat
| DOI
2011 | Conference Paper | LibreCat-ID: 15915
Jager, Tibor, and Juraj Somorovsky. “How to Break XML Encryption.” In Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11, 2011. https://doi.org/10.1145/2046707.2046756.
LibreCat
| DOI
| Download (ext.)
2011 | Conference Paper | LibreCat-ID: 15916
Meyer, Christopher, Juraj Somorovsky, Benedikt Driessen, Jörg Schwenk, Thang Tran, and Christian Wietfeld. “Sec2: Ein Mobiles Nutzer-Kontrolliertes Sicherheitskonzept Für Cloud-Storage,” 2011.
LibreCat
2010 | Conference Paper | LibreCat-ID: 15889
Somorovsky, Juraj, Meiko Jensen, and Jörg Schwenk. “Streaming-Based Verification of XML Signatures in SOAP Messages.” In 2010 6th World Congress on Services, 2010. https://doi.org/10.1109/services.2010.57.
LibreCat
| DOI