Die Fachgruppe Systemsicherheit sucht zum nächstmöglichen Zeitpunkt eine Studentische Hilfskraft (w/m/d) oder Wiss. Hilfskraft mit Bachelorabschluss (w/m/d). in der Forschung und Tool-Entwicklung im Bereich Internetzensur. Deine Aufgaben Weiterentwicklung von bestehenden Research-Tools für Analysen von InternetzensurAnwendung der Tools und Akquise von ForschungsdatenAnalyse und Auswertung der Forschungsdaten Dein Profil Fortgeschrittenes…

Felix Cramer completed his bachelor thesis, “Evaluating the Interaction of TLS Client Certificates and Session Tickets in Virtual Hosting,” within our System Security Group. In his work, he uncovered several authentication vulnerabilities in TLS applications arising from the combination of TLS client authentication with the session ticket mechanism.

Die Fachgruppe Systemsicherheit sucht zum nächstmöglichen Zeitpunkt eine Studentische Hilfskraft (w/m/d) oder Wiss. Hilfskraft mit Bachelorabschluss (w/m/d). zur Unterstützung bei der Weiterentwicklung und Anwendung eines bestehenden Research-Tools. Deine Aufgaben Weiterentwicklung von bestehenden Research-Tools für Analysen von TLS-BibliothekenImplementierung neuer Funktionen und Anpassungen nach VorgabeUnterstützung bei der Durchführung und…

The paper “On the Security of SSH Client Signatures”, which was co-authored by Maximilian Radoy and Juraj Somorovsky, won two awards at ACM CCS 2025: Distinguished Paper Award and Distinguished Artifact Award.

Last week Sven and Jost presented two of our group's papers at the USENIX Security Symposium in Seattle. They were accompanied by Juraj, Maximilian, Felix, and Tim. Felix and Tim are student assistants who coauthored Sven's paper and are supported by the excellence program for Master's students “PRISMA” of the CS department. The presented papers are “STEK Sharing is Not Caring: Bypassing TLS Authentication in Web Servers using Session Tickets“…

Today, Niklas presented our latest paper on Encrypted Client Hello (ECH) in Censorship Circumvention at FOCI 2025 in Washington, D.C.

Juraj Somorovsky gave an interview to Deutschlandfunk on techniques for circumventing TLS-based Internet censorship.

Today, Felix presented our new publication on Iranian HTTP and DNS censorship at the Virtual FOCI 2025.

Using Unencrypted HTTP/2 to Circumvent Censorship

On the 15th July 2024, Niklas presented our new publication on censorship circumvention with HTTP request smuggling in Bristol at the Free and Open Communications on the Internet conference 2024 (Summer FOCI'24).

Last week, Jost presented his work on the security of the 3MF file in Hong Kong at the 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2023). Some impressions from the journey:

Three of the students who have written their thesis with us won an award for outstanding theses in the context of IT security. We congratulate Marten Schmidt on his third place with the topic of “Analyzing the QUIC Ecosystem With the QUIC-Scanner” in the “Master’s Thesis” category, Philipp Breuch on another third place in the category “Bachelor’s Thesis” with the topic “Web Key Directory and other key exchange methods for OpenPGP”, and Niklas…

How Fragmentation Can Be Extended to the TLS Layer