Prof. Dr.-Ing. Juraj Somorovsky

Head - Professor

Phone:

+49 5251 60-6690

E-mail:

juraj.somorovsky(at)upb(dot)de

Office:

F2.315

Web:

Homepage

Visitor:

Fürstenallee 11
33102 Paderborn

01.02.2020 - today	Professor for System Security, Paderborn University
01.09.2013 - 31.01.2020	Postdoc, Ruhr University Bochum, Chair for Network and Data Security
01.02.2010 - 31.08.2013	Ph.D., Ruhr University Bochum, Chair for Network and Data Security

Open list in Research Information System

2021

ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication

M. Brinkmann, C. Dresen, R. Merget, D. Poddebniak, J. Müller, J. Somorovsky, J. Schwenk, S. Schinzel, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293-4310

Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)

R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, J. Schwenk, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213-230

Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!

J.P. Drees, P. Gupta, E. Hüllermeier, T. Jager, A. Konze, C. Priesterjahn, A. Ramaswamy, J. Somorovsky, 14th ACM Workshop on Artificial Intelligence and Security (2021)

2020

Analysis of DTLS Implementations Using Protocol State Fuzzing

P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523-2540

2019

"Johnny, you are fired!" -- Spoofing OpenPGP and S/MIME Signatures in Emails

J. Müller, M. Brinkmann, D. Poddebniak, H. Böck, S. Schinzel, J. Somorovsky, J. Schwenk, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, 2019, pp. 1011-1028

Download

https://www.usenix.org/conference/usenixsecurity19/presentation/muller

Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

R. Merget, J. Somorovsky, N. Aviram, C. Young, J. Fliegenschmidt, J. Schwenk, Y. Shavitt, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, 2019, pp. 1029-1046

Download

https://www.usenix.org/conference/usenixsecurity19/presentation/merget

Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)

N. Engelbertz, V. Mladenov, J. Somorovsky, D. Herring, N. Erinola, J. Schwenk, in: Open Identity Summit 2019, Gesellschaft für Informatik, Bonn, 2019, pp. 95-106

2018

Prime and Prejudice: Primality Testing Under Adversarial Conditions

M.R. Albrecht, J. Massimo, K.G. Paterson, J. Somorovsky, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

DOI

Attacking Deterministic Signature Schemes Using Fault Attacks

D. Poddebniak, J. Somorovsky, S. Schinzel, M. Lochter, P. Rosler, in: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), 2018

DOI

On The (In-)Security Of JavaScript Object Signing And Encryption

D. Detering, J. Somorovsky, C. Mainka, V. Mladenov, J. Schwenk, in: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium on - ROOTS, 2018

DOI

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

D. Poddebniak, C. Dresen, J. Müller, F. Ising, S. Schinzel, S. Friedberger, J. Somorovsky, J. Schwenk, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, 2018, pp. 549-566

Download

https://www.usenix.org/node/217635

Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT)

H. Böck, J. Somorovsky, C. Young, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, 2018, pp. 817-849

Download

https://www.usenix.org/node/217495

Security Analysis of eIDAS -- The Cross-Country Authentication Scheme in Europe

N. Engelbertz, N. Erinola, D. Herring, J. Somorovsky, V. Mladenov, J. Schwenk, in: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18), {USENIX} Association, 2018

Download

https://www.usenix.org/node/220571

2017

SoK: Exploiting Network Printers

J. Muller, V. Mladenov, J. Somorovsky, J. Schwenk, in: 2017 IEEE Symposium on Security and Privacy (SP), 2017

DOI

Breaking and Fixing Gridcoin

M. Grothe, T. Niemann, J. Somorovsky, J. Schwenk, in: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17), {USENIX} Association, 2017

Download

https://www.usenix.org/conference/woot17/workshop-program/presentation/grothe

2016

Systematic Fuzzing and Testing of TLS Libraries

J. Somorovsky, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16, 2016

DOI

DROWN: Breaking TLS Using SSLv2

N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J.A. Halderman, V. Dukhovni, E. Käsper, S. Cohney, S. Engels, C. Paar, Y. Shavitt, in: 25th {USENIX} Security Symposium ({USENIX} Security 16), {USENIX} Association, 2016, pp. 689-706

Download

https://www.usenix.org/node/197246

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

H. Böck, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic, in: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16), {USENIX} Association, 2016

Download

https://www.usenix.org/conference/woot16/workshop-program/presentation/bock

2015

AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services

C. Altmeier, C. Mainka, J. Somorovsky, J. Schwenk, in: Data Privacy Management, and Security Assurance - 10th International Workshop, {DPM} 2015, and 4th International Workshop, {QASA} 2015, 2015

DOI

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

T. Jager, J. Schwenk, J. Somorovsky, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, 2015

DOI

Practical Invalid Curve Attacks on TLS-ECDH

T. Jager, J. Schwenk, J. Somorovsky, in: Computer Security -- ESORICS 2015, 2015

DOI

Not so Smart: On Smart TV Apps

M. Niemietz, J. Somorovsky, C. Mainka, J. Schwenk, in: International Workshop on Secure Internet of Things (SIoT), 2015

DOI

How to Break XML Encryption -- Automatically

D. Kupser, C. Mainka, J. Schwenk, J. Somorovsky, in: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15), {USENIX} Association, 2015

Download

https://www.usenix.org/conference/woot15/workshop-program/presentation/kupser

2014

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

C. Meyer, J. Somorovsky, E. Weiss, J. Schwenk, S. Schinzel, E. Tews, in: 23rd {USENIX} Security Symposium ({USENIX} Security 14), {USENIX} Association, 2014, pp. 733-748

Download

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/meyer

2013

On the insecurity of XML Security

J. Somorovsky, 2013

Abstract

DOI

XML Encryption and XML Signature describe how to apply encryption and signing algorithms to XML documents. These specifications are implemented in a wide range of systems and frameworks processing sensitive data, including banking, eGovernment, eCommerce, military, and eHealth infrastructures. The article presents practical and highly critical attacks which allow to forge signed XML documents or reveal contents of encrypted XML data.

A New Approach towards DoS Penetration Testing on Web Services

A. Falkenberg, C. Mainka, J. Somorovsky, J. Schwenk, in: 2013 IEEE 20th International Conference on Web Services, 2013

DOI

Penetration test tool for XML-based web services

C. Mainka, V. Mladenov, J. Somorovsky, J. Schwenk, CEUR Workshop Proceedings (2013), 965, pp. 31-35

One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography

T. Jager, K.G. Paterson, J. Somorovsky, in: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, 2013

Download

https://www.ndss-symposium.org/ndss2013/ndss-2013-programme/one-bad-apple-backwards-compatibility-attacks-state-art-cryptography/

2012

On Breaking SAML: Be Whoever You Want to Be

J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, M. Jensen, in: Presented as part of the 21st {USENIX} Security Symposium ({USENIX} Security 12), {USENIX}, 2012, pp. 397-412

Download

https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/somorovsky

Technical Analysis of Countermeasures against Attack on XML Encryption -- or -- Just Another Motivation for Authenticated Encryption

J. Somorovsky, J. Schwenk, in: 2012 IEEE Eighth World Congress on Services, 2012

DOI

Bleichenbacher’s Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption

T. Jager, S. Schinzel, J. Somorovsky, in: Computer Security – ESORICS 2012, 2012

DOI

Sec2: Secure Mobile Solution for Distributed Public Cloud Storages

J. Somorovsky, C. Meyer, T. Tran, M. Sbeiti, J. Schwenk, C. Wietfeld, 2012

2011

All your clouds are belong to us: security analysis of cloud management interfaces

J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, L. Lo Iacono, in: Proceedings of the 3rd ACM workshop on Cloud computing security workshop - CCSW '11, 2011

DOI

On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks

M. Jensen, C. Meyer, J. Somorovsky, J. Schwenk, in: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC), 2011

DOI

How to break XML encryption

T. Jager, J. Somorovsky, in: Proceedings of the 18th ACM conference on Computer and communications security - CCS '11, 2011

DOI

Sec2: Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage

C. Meyer, J. Somorovsky, B. Driessen, J. Schwenk, T. Tran, C. Wietfeld, 2011