Jörg Schwenk

Publications:

Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers || 2023-11-26 Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures in Emails || 2019-08-14 Processing Dangerous Paths - On Security and Privacy of the Portable Document Form || 2021-02-21 Breaking the Specification: PDF Certification || 2021-05-24 Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures || 2023-08-09 We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets || 2023-08-09 Exploring the Unknown DTLS Universe: Analysis of the DTLS Server Ecosystem on the Internet || 2023-08-09 TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries || 2022-07-12 Isolated and Exhausted: Attacking Operating Systems via Site Isolation in the Browser || 2023-08-09 DISTINCT: Identity Theft using In-Browser Communications in Dual-Window Single Sign-On || 2022-11-07 Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures || 2022-08-10 XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers || 2021-11-15 1 Trillion Dollar Refund– How To Spoof PDF Signatures || 2019-11-11 Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption || 2019-06-05 Practical Decryption exFiltration: Breaking PDF Encryption || 2019-11-11 T0RTT: Non-Interactive Immediate Forward - Secret Single-Pass Circuit Construction || 2020-07-14 Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework || 2020-06-01 Privacy-Preserving Authenticated Key Exchange and the Case of IKEv2 || 2020-06-01 Powerless Security – A Security Analysis of in-Home Power Line Communications based on HomePlug AV2 || 2020-10-19 Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E) || 2020-08-12 Mitigation of Attacks on Email End-to-End Encryption || 2020-11-09 ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication || 2021-08-11