Pub­lic­a­tions

Security Analysis of BigBlueButton and eduMEET

N. Heitmann, H. Siewert, S. Moog, J. Somorovsky, in: Applied Cryptography and Network Security, Springer Nature Switzerland, Cham, 2024.


Turning Attacks into Advantages: Evading HTTP Censorship with HTTP Request Smuggling

P. Müller, N. Niere, F. Lange, J. Somorovsky, in: Proceedings on Privacy Enhancing Technologies, Bristol, 2024.


In Search of Partitioning Oracle Attacks Against TLS Session Tickets

M.M. Radoy, S.N. Hebrok, J. Somorovsky, in: Lecture Notes in Computer Science, Springer Nature Switzerland, Cham, 2024.


Poster: Circumventing the GFW with TLS Record Fragmentation

N. Niere, S.N. Hebrok, J. Somorovsky, R. Merget, in: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023.


Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth

J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.


Security Analysis of the 3MF Data Format

J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.


We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets

S.N. Hebrok, S. Nachtigall, M. Maehren, N. Erinola, R. Merget, J. Somorovsky, J. Schwenk, in: 32nd USENIX Security Symposium, 2023.


"I don' know why I check this..." - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks

P. Mayer, D. Poddebniak, K. Fischer, M. Brinkmann, J. Somorovsky, A. Sasse, S. Schinzel, M. Volkamer, in: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), USENIX Association, Boston, MA, 2022, pp. 77–96.


TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries

M. Maehren, P. Nieting, S.N. Hebrok, R. Merget, J. Somorovsky, J. Schwenk, in: 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, Boston, MA, 2022.


On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers

H. Siewert, M. Kretschmer, M. Niemietz, J. Somorovsky, in: 2022 IEEE Security and Privacy Workshops (SPW), IEEE, 2022.


ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication

M. Brinkmann, C. Dresen, R. Merget, D. Poddebniak, J. Müller, J. Somorovsky, J. Schwenk, S. Schinzel, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293–4310.


Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)

R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, J. Schwenk, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213–230.


Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!

J.P. Drees, P. Gupta, E. Hüllermeier, T. Jager, A. Konze, C. Priesterjahn, A. Ramaswamy, J. Somorovsky, 14th ACM Workshop on Artificial Intelligence and Security (2021).


Analysis of DTLS Implementations Using Protocol State Fuzzing

P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–2540.


Mitigation of Attacks on Email End-to-End Encryption

J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.


Show all publications