Skip to content

Scientific Papers and Projects

Jump to bottom
mmaehren edited this page Sep 30, 2024 · 3 revisions

The basic concepts behind TLS-Attacker and several attacks are described in the following paper:

TLS-Attacker was furthermore used in the following scientific papers:

  • Tibor Jager, Jörg Schwenk, Juraj Somorovsky. On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption. ACM CCS'15
  • Tibor Jager, Jörg Schwenk, Juraj Somorovsky. Practical Invalid Curve Attacks on TLS-ECDH. ESORICS'15
  • Yuan Xiao, Mengyuan Li, Sanchuan Chen, and Yinqian Zhang. 2017. STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ’17).
  • Dimitris E. Simos, Josip Bozic, Feng Duan, Bernhard Garn, Kristoffer Kleine, Yu Lei, and Franz Wotawa. 2017. Testing TLS Using Combinatorial Methods and Execution Framework. In Testing Software and System
  • Josip Bozic, Kristoffer Kleine, Dimitris E. Simos, and Franz Wotawa. 2017. Planning-Based Security Testing of the SSL/TLS Protocol. In 2017 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)
  • Dimitris E. Simos, Josip Bozic, Bernhard Garn, Manuel Leithner, Feng Duan, Kristoffer Kleine, Yu Lei, and Franz Wotawa. 2019. Testing TLS using planning- based combinatorial methods and execution framework. Software Quality Journal 27, 2 (June 2019)
  • Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, and Jörg Schwenk. 2018. Security Analysis of eIDAS – The Cross- Country Authentication Scheme in Europe. In 12th USENIX Workshop on Offensive Technologies (WOOT 18)
  • Bernhard Garn, Dimitris E. Simos, Stefan Zauner, Rick Kuhn, and Raghu Kacker. Browser fingerprinting using combinatorial sequence testing. In Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security (HotSoS ’19)
  • Stefano Calzavara, Riccardo Focardi, Matus Nemec, Alvise Rabitti, and Marco Squarcina. 2019. Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. In 2019 IEEE Symposium on Security and Privacy (S&P)
  • Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, and Yuval Shavitt. 2019. Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities. In 28th USENIX Security Symposium, USENIX Security 2019
  • Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. 2020. Analysis of DTLS Implementations Using Protocol State Fuzzing. In 29th USENIX Security Symposium, USENIX Secu- rity 2020
  • Jan Peter Drees, Pritha Gupta, Eyke Hüllermeier, Tibor Jager, Alexander Konze, Claudia Priesterjahn, Arunselvan Ramaswamy, and Juraj Somorovsky. 2021. Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs! AISec 2021 - Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security
  • Chuanpu Fu, Qi Li, Meng Shen, and Ke Xu. 2021. Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS ’21)
  • Bernhard Garn, Stefan Zauner, Dimitris E. Simos, Manuel Leithner, Richard Kuhn, and Raghu Kacker. 2022. A Two-Step TLS-Based Browser fingerprinting approach using combinatorial sequences. Computers & Security 114 (March 2022)
  • Frederic Henn, Richard Zowalla, and Andreas Mayer. 2021. The Security State of the German Health Web: An Exploratory Study. Studies in Health Technology and Informatics 283 (Sept. 2021)
  • Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, and Jörg Schwenk. 2021. Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E). In 30th USENIX Security Symposium, USENIX Security 2021
  • Marcus Brinkmann, Christian Dresen, Robert Merget, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Jörg Schwenk, and Sebastian Schinzel. 2021. ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication. In 30th USENIX Security Symposium, USENIX Security 2021
  • Chris McMahon Stone, Sam L. Thomas, Mathy Vanhoef, James Henderson, Nicolas Bailluet, and Tom Chothia. 2022. The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (Los Angeles, CA, USA) (CCS ’22)
  • Christoph Saatjohann, Fabian Ising, Matthias Gierlings, Dominik Noss, Sascha Schimmler, Alexander Klemm, Leif Grundmann, Tilman Frosch, and Sebastian Schinzel. 2022. Sicherheit medizintechnischer Protokolle im Krankenhaus. Gesellschaft für Informatik
  • Hooman Asadian, Paul Fiterau-Brostean, Bengt Jonsson, and Konstantinos Sagonas. 2022. Applying Symbolic Execution to Test Implementations of a Network Protocol Against its Specification. In 15th IEEE Conference on Software Testing, Verification and Validation, ICST 2022
  • P. Fiterau-Brostean, B. Jonsson, K. Sagonas, and F. Taquist. 2022. DTLS-Fuzzer: A DTLS Protocol State Fuzzer. In 2022 IEEE Conference on Software Testing, Verification and Validation (ICST)
  • Marcel Maehren, Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky, and Jörg Schwenk. 2022. TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries. In 31st USENIX Security Symposium, USENIX Security 2022
  • Michael Scott. 2023. On TLS for the Internet of Things, in a Post Quantum world. https://eprint.iacr.org/2023/095
  • Yong Wang, Rui Wang, Xin Liu, Donglan Liu, Hao Zhang, Lei Ma, Fangzhe Zhang, Lili Sun, and Zhenghao Li. 2023. A Framework for TLS Implementation Vulnerability Testing in 5G. In Applied Cryptography and Network Security Workshops, ACNS 2023 Satellite Workshop
  • Diana Gratiela Berbecaru and Giuseppe Petraglia. 2023. TLS-Monitor: A Monitor for TLS Attacks. In 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC).
  • Paul Fiterau-Brostean, Bengt Jonsson, Konstantinos Sagonas, and Fredrik Tåquist. 2023. Automata-Based Automated Detection of State Machine Bugs in Protocol Implementations. In 30th Annual Network and Distributed System Security Symposium, NDSS 2023
  • Sven Hebrok, Simon Nachtigall, Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, and Jörg Schwenk. 2023. We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets. In 32nd USENIX Security Symposium, USENIX Security 2023
  • Nurullah Erinola, Marcel Maehren, Robert Merget, Juraj Somorovsky, and Jörg Schwenk. 2023. Exploring the Unknown DTLS Universe: Analysis of the DTLS Server Ecosystem on the Internet. In 32nd USENIX Security Symposium, USENIX Security 2023
  • Ka Lok Wu, Man Hong Hue, Ngai Man Poon, Kin Man Leung, Wai Yin Po, Kin Ting Wong, Sze Ho Hui, and Sze Yiu Chau. 2023. Back to School: On the (In)Security of Academic VPNs. In 32nd USENIX Security Symposium, USENIX Security 2023
  • Diana Gratiela Berbecaru and Antonio Lioy. 2024. Threat-TLS: A Tool for Threat Identification in Weak, Malicious, or Suspicious TLS Connections. In Proceedings of the 19th International Conference on Availability, Reliability and Security (Vienna, Austria) (ARES ’24)
  • Maximilian Radoy, Sven Hebrok, and Juraj Somorovsky. 2024. In Search of Partitioning Oracle Attacks Against TLS Session Tickets. In 29th European Symposium on Research in Computer Security (ESORICS)
  • Martin Dunsche, Marcel Maehren, Nurullah Erinola, Robert Merget, Nicolai Bissantz, Juraj Somorovsky, and Jörg Schwenk. 2024. With Great Power Come Great Side Channels: Statistical Timing Side-Channel Analyses with Bounded Type-1 Errors. In 33rd USENIX Security Symposium, USENIX Security 2024

TLS-Attacker was used in the following projects:

Clone this wiki locally