Juraj Somorovsky

Proceedings of the Computer Security - ESORICS 2024, 2024

Security Analysis of BigBlueButton and eduMEET.

[BibT_eX]

[DOI]

Proceedings of the Applied Cryptography and Network Security, 2024

2023

We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets.

[BibT_eX]

[DOI]

Proceedings of the 32nd USENIX Security Symposium, 2023

Exploring the Unknown DTLS Universe: Analysis of the DTLS Server Ecosystem on the Internet.

[BibT_eX]

[DOI]

Proceedings of the 32nd USENIX Security Symposium, 2023

Security Analysis of the 3MF Data Format.

[BibT_eX]

[DOI]

Jost Rossel

Vladislav Mladenov

Proceedings of the 26th International Symposium on Research in Attacks, 2023

Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth.

[BibT_eX]

[DOI]

Patricia Arias Cabarcos

Eric Bodden

Iris Gräßler

Proceedings of the IEEE European Symposium on Security and Privacy, 2023

Poster: Circumventing the GFW with TLS Record Fragmentation.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022

TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries.

[BibT_eX]

[DOI]

Proceedings of the 31st USENIX Security Symposium, 2022

On the Security of Parsing Security-Relevant HTTP Headers in Modern Browsers.

[BibT_eX]

[DOI]

Proceedings of the 43rd IEEE Security and Privacy, 2022

"I don't know why I check this..." - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks.

[BibT_eX]

[DOI]

Proceedings of the Eighteenth Symposium on Usable Privacy and Security, 2022

2021

Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!

[BibT_eX]

[DOI]

IACR Cryptol. ePrint Arch., 2021

Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions.

[BibT_eX]

[DOI]

CoRR, 2021

ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication.

[BibT_eX]

[DOI]

Proceedings of the 30th USENIX Security Symposium, 2021

2020

Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E).

[BibT_eX]

[DOI]

IACR Cryptol. ePrint Arch., 2020

Analysis of DTLS Implementations Using Protocol State Fuzzing.

[BibT_eX]

[DOI]

Paul Fiterau-Brostean

Proceedings of the 29th USENIX Security Symposium, 2020

Mitigation of Attacks on Email End-to-End Encryption.

[BibT_eX]

[DOI]

Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

2019

Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities.

[BibT_eX]

[DOI]

Proceedings of the 28th USENIX Security Symposium, 2019

"Johnny, you are fired!" - Spoofing OpenPGP and S/MIME Signatures in Emails.

[BibT_eX]

[DOI]

Proceedings of the 28th USENIX Security Symposium, 2019

Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS).

[BibT_eX]

[DOI]

Proceedings of the Open Identity Summit 2019, 2019

2018

Prime and Prejudice: Primality Testing Under Adversarial Conditions.

[BibT_eX]

[DOI]

IACR Cryptol. ePrint Arch., 2018

Security Analysis of eIDAS - The Cross-Country Authentication Scheme in Europe.

[BibT_eX]

[DOI]

Proceedings of the 12th USENIX Workshop on Offensive Technologies, 2018

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels.

[BibT_eX]

[DOI]

Proceedings of the 27th USENIX Security Symposium, 2018

2017

Attacking Deterministic Signature Schemes using Fault Attacks.

[BibT_eX]

[DOI]

IACR Cryptol. ePrint Arch., 2017

Return Of Bleichenbacher's Oracle Threat (ROBOT).

[BibT_eX]

[DOI]

Hanno Böck

Craig Young

IACR Cryptol. ePrint Arch., 2017

Breaking and Fixing Gridcoin.

[BibT_eX]

[DOI]

Proceedings of the 11th USENIX Workshop on Offensive Technologies, 2017

SoK: Exploiting Network Printers.

[BibT_eX]

[DOI]

Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

2016

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS.

[BibT_eX]

[DOI]

IACR Cryptol. ePrint Arch., 2016

DROWN: Breaking TLS Using SSLv2.

[BibT_eX]

[DOI]

Proceedings of the 25th USENIX Security Symposium, 2016

FutureTrust - Future Trust Services for Trustworthy Global Transactions.

[BibT_eX]

[DOI]

Proceedings of the Open Identity Summit 2016, 13-14 October 2016, Rome, Italy, 2016

Systematic Fuzzing and Testing of TLS Libraries.

[BibT_eX]

[DOI]

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015

How to Break XML Encryption - Automatically.

[BibT_eX]

[DOI]

Proceedings of the 9th USENIX Workshop on Offensive Technologies, 2015

Not so Smart: On Smart TV Apps.

[BibT_eX]

[DOI]

Proceedings of the 2015 International Workshop on Secure Internet of Things, 2015

Practical Invalid Curve Attacks on TLS-ECDH.

[BibT_eX]

[DOI]

Proceedings of the Computer Security - ESORICS 2015, 2015

AdIDoS - Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services.

[BibT_eX]

[DOI]

Proceedings of the Data Privacy Management, and Security Assurance, 2015

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption.

[BibT_eX]

[DOI]

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015

2014

On the insecurity of XML Security.

[BibT_eX]

[DOI]

it Inf. Technol., 2014

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks.

[BibT_eX]

[DOI]

Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

2013

On the insecurity of XML security

[BibT_eX]

[DOI]

PhD thesis, 2013

One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography.

[BibT_eX]

[DOI]

Kenneth G. Paterson

Proceedings of the 20th Annual Network and Distributed System Security Symposium, 2013

A New Approach towards DoS Penetration Testing on Web Services.

[BibT_eX]

[DOI]

Proceedings of the 2013 IEEE 20th International Conference on Web Services, Santa Clara, CA, USA, June 28, 2013

2012

On Breaking SAML: Be Whoever You Want to Be.

[BibT_eX]

[DOI]

Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012

Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption.

[BibT_eX]

[DOI]

Proceedings of the Eighth IEEE World Congress on Services, 2012

Penetration Testing Tool for Web Services Security.

[BibT_eX]

[DOI]

Christian Mainka

Proceedings of the Eighth IEEE World Congress on Services, 2012

Bleichenbacher's Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption.

[BibT_eX]

[DOI]

Sebastian Schinzel

Proceedings of the Computer Security - ESORICS 2012, 2012

SeC2: Secure Mobile Solution for Distributed Public Cloud Storages.

[BibT_eX]

Proceedings of the CLOSER 2012 - Proceedings of the 2nd International Conference on Cloud Computing and Services Science, Porto, Portugal, 18, 2012

2011

All your clouds are belong to us: security analysis of cloud management interfaces.

[BibT_eX]

[DOI]

Proceedings of the 3rd ACM Cloud Computing Security Workshop, 2011

How to break XML encryption.

[BibT_eX]

[DOI]

Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2010

Streaming-Based Verification of XML Signatures in SOAP Messages.

[BibT_eX]

[DOI]

Meiko Jensen