Conference Papers

We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets
S.N. Hebrok, S. Nachtigall, M. Maehren, N. Erinola, R. Merget, J. Somorovsky, J. Schwenk, in: 32nd USENIX Security Symposium, 2023.
Poster: Circumventing the GFW with TLS Record Fragmentation
N. Niere, S.N. Hebrok, J. Somorovsky, R. Merget, in: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2023.
Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth
J. Pottebaum, J. Rossel, J. Somorovsky, Y. Acar, R. Fahr, P. Arias Cabarcos, E. Bodden, I. Gräßler, in: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE, 2023, pp. 379–385.
Security Analysis of the 3MF Data Format
J. Rossel, V. Mladenov, J. Somorovsky, in: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, ACM, 2023.
"I don' know why I check this..." - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks
P. Mayer, D. Poddebniak, K. Fischer, M. Brinkmann, J. Somorovsky, A. Sasse, S. Schinzel, M. Volkamer, in: Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022), USENIX Association, Boston, MA, 2022, pp. 77–96.
TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries
M. Maehren, P. Nieting, S.N. Hebrok, R. Merget, J. Somorovsky, J. Schwenk, in: 31st USENIX Security Symposium (USENIX Security 22), USENIX Association, Boston, MA, 2022.
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication
M. Brinkmann, C. Dresen, R. Merget, D. Poddebniak, J. Müller, J. Somorovsky, J. Schwenk, S. Schinzel, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 4293–4310.
Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)
R. Merget, M. Brinkmann, N. Aviram, J. Somorovsky, J. Mittmann, J. Schwenk, in: 30th {USENIX} Security Symposium ({USENIX} Security 21), {USENIX} Association, 2021, pp. 213–230.
Analysis of DTLS Implementations Using Protocol State Fuzzing
P. Fiterau-Brostean, B. Jonsson, R. Merget, J. de Ruiter, K. Sagonas, J. Somorovsky, in: 29th {USENIX} Security Symposium ({USENIX} Security 20), {USENIX} Association, 2020, pp. 2523–2540.
Mitigation of Attacks on Email End-to-End Encryption
J. Schwenk, M. Brinkmann, D. Poddebniak, J. Müller, J. Somorovsky, S. Schinzel, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, New York, NY, USA, 2020, pp. 1647–1664.
"Johnny, you are fired!" -- Spoofing OpenPGP and S/MIME Signatures in Emails
J. Müller, M. Brinkmann, D. Poddebniak, H. Böck, S. Schinzel, J. Somorovsky, J. Schwenk, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1011–1028.
Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities
R. Merget, J. Somorovsky, N. Aviram, C. Young, J. Fliegenschmidt, J. Schwenk, Y. Shavitt, in: 28th {USENIX} Security Symposium ({USENIX} Security 19), {USENIX} Association, Santa Clara, CA, 2019, pp. 1029–1046.
Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)
N. Engelbertz, V. Mladenov, J. Somorovsky, D. Herring, N. Erinola, J. Schwenk, in: H. Roßnagel, S. Wagner, D. Hühnlein (Eds.), Open Identity Summit 2019, Gesellschaft für Informatik, Bonn, 2019, pp. 95–106.
Prime and Prejudice: Primality Testing Under Adversarial Conditions
M.R. Albrecht, J. Massimo, K.G. Paterson, J. Somorovsky, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018.
Attacking Deterministic Signature Schemes Using Fault Attacks
D. Poddebniak, J. Somorovsky, S. Schinzel, M. Lochter, P. Rosler, in: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), 2018.
On The (In-)Security Of JavaScript Object Signing And Encryption
D. Detering, J. Somorovsky, C. Mainka, V. Mladenov, J. Schwenk, in: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium on - ROOTS, 2018.
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
D. Poddebniak, C. Dresen, J. Müller, F. Ising, S. Schinzel, S. Friedberger, J. Somorovsky, J. Schwenk, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 549–566.
Return Of Bleichenbacher\textquoterights Oracle Threat (ROBOT)
H. Böck, J. Somorovsky, C. Young, in: 27th {USENIX} Security Symposium ({USENIX} Security 18), {USENIX} Association, Baltimore, MD, 2018, pp. 817–849.
Security Analysis of eIDAS -- The Cross-Country Authentication Scheme in Europe
N. Engelbertz, N. Erinola, D. Herring, J. Somorovsky, V. Mladenov, J. Schwenk, in: 12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18), {USENIX} Association, Baltimore, MD, 2018.
SoK: Exploiting Network Printers
J. Muller, V. Mladenov, J. Somorovsky, J. Schwenk, in: 2017 IEEE Symposium on Security and Privacy (SP), 2017.
Breaking and Fixing Gridcoin
M. Grothe, T. Niemann, J. Somorovsky, J. Schwenk, in: 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17), {USENIX} Association, Vancouver, BC, 2017.
Systematic Fuzzing and Testing of TLS Libraries
J. Somorovsky, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS’16, 2016.
DROWN: Breaking TLS Using SSLv2
N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J.A. Halderman, V. Dukhovni, E. Käsper, S. Cohney, S. Engels, C. Paar, Y. Shavitt, in: 25th {USENIX} Security Symposium ({USENIX} Security 16), {USENIX} Association, Austin, TX, 2016, pp. 689–706.
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
H. Böck, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic, in: 10th {USENIX} Workshop on Offensive Technologies ({WOOT} 16), {USENIX} Association, Austin, TX, 2016.
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
T. Jager, J. Schwenk, J. Somorovsky, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15, 2015.
Not so Smart: On Smart TV Apps
M. Niemietz, J. Somorovsky, C. Mainka, J. Schwenk, in: International Workshop on Secure Internet of Things (SIoT), 2015.
How to Break XML Encryption -- Automatically
D. Kupser, C. Mainka, J. Schwenk, J. Somorovsky, in: 9th {USENIX} Workshop on Offensive Technologies ({WOOT} 15), {USENIX} Association, Washington, D.C., 2015.
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
C. Meyer, J. Somorovsky, E. Weiss, J. Schwenk, S. Schinzel, E. Tews, in: 23rd {USENIX} Security Symposium ({USENIX} Security 14), {USENIX} Association, San Diego, CA, 2014, pp. 733–748.
A New Approach towards DoS Penetration Testing on Web Services
A. Falkenberg, C. Mainka, J. Somorovsky, J. Schwenk, in: 2013 IEEE 20th International Conference on Web Services, 2013.
One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography
T. Jager, K.G. Paterson, J. Somorovsky, in: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013, 2013.
On Breaking SAML: Be Whoever You Want to Be
J. Somorovsky, A. Mayer, J. Schwenk, M. Kampmann, M. Jensen, in: Presented as Part of the 21st {USENIX} Security Symposium ({USENIX} Security 12), {USENIX}, Bellevue, WA, 2012, pp. 397–412.
Sec2: Secure Mobile Solution for Distributed Public Cloud Storages
J. Somorovsky, C. Meyer, T. Tran, M. Sbeiti, J. Schwenk, C. Wietfeld, in: 2012.
All your clouds are belong to us: security analysis of cloud management interfaces
J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, L. Lo Iacono, in: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop - CCSW ’11, 2011.
On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks
M. Jensen, C. Meyer, J. Somorovsky, J. Schwenk, in: 2011 1st International Workshop on Securing Services on the Cloud (IWSSC), 2011.
How to break XML encryption
T. Jager, J. Somorovsky, in: Proceedings of the 18th ACM Conference on Computer and Communications Security - CCS ’11, 2011.
Sec2: Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage
C. Meyer, J. Somorovsky, B. Driessen, J. Schwenk, T. Tran, C. Wietfeld, in: 2011.
Streaming-Based Verification of XML Signatures in SOAP Messages
J. Somorovsky, M. Jensen, J. Schwenk, in: 2010 6th World Congress on Services, 2010.
Show all publications