Felix Cramer completed his bachelor thesis, “Evaluating the Interaction of TLS Client Certificates and Session Tickets in Virtual Hosting,” within our System Security Group. In his work, he uncovered several authentication vulnerabilities in TLS applications arising from the combination of TLS client authentication with the session ticket mechanism. These findings also contributed to our USENIX Security paper, STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets.
His outstanding research has now been recognized with the second place in the internationally renowned CAST IT Security Award 2025. The thesis was supported by PRISMA (Paderborner Informatik-Spitzenförderung für Masterstudierende).