Research Highlights

Thorben Moos, Amir Moradi, Tobias Schneider, François-Xavier Standaert.

Glitch-Resistant Masking Revisited.

IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(2), 256-292. Best Paper Award.

In this paper, we argue that the lack of proofs for TIs, DOM, UMA and GLM makes the interpretation of their security guarantees difficult as the number of shares increases. For this purpose, we first put forward that the higher-order variants of all these schemes are affected by (local or composability) security flaws in the (robust) probing model, due to insufficient refreshing. (…)

Lea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa.

Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding.

NDSS ISOC Network and Distributed System Security Symposium 2019.

In this paper, we introduce a new type of adversarial examples based on psychoacoustic hiding. Our attack exploits the characteristics of DNN-based ASR systems, where we extend the original analysis procedure by an additional backpropagation step.

Romain Gay, Dennis Hofheinz, Eike Kiltz and Hoeteck Wee.

Tightly CCA-secure encryption without pairings.

IACR EUROCRYPT Annual International Conference on the Theory and Applications of Cryptographic Techniques 2016, pages 1–27, 2016. Best Paper Award.

This paper solves the long standing open problem of constructing a chosen-ciphertext secure encryption scheme with a tight security reduction from standard intractability assumption.

Emre Güler, Cornelius Aschermann, Ali Abbasi, Thorsten Holz.

AntiFuzz: Impeding Fuzzing Audits of Binary Executables.

USENIX Security Symposium: conference proceedings ; Santa Clara, CA, USA, August 14-16, 2019; pp 1931–1948.

In this paper, we introduce several techniques to protect a binary executable against an analysis with automated bug finding approaches that are based on fuzzing, symbolic/concolic execution, and taint-assisted fuzzing (commonly known as hybrid fuzzing). More specifically, we perform a systematic analysis of the fundamental assumptions of bug finding tools and develop general countermeasures for each assumption.

Hendrik Meutzner, Viet-Hung Nguyen, Thorsten Holz and Dorothea Kolossa.

Using automatic speech recognition for attacking acoustic CAPTCHAS: the trade-off between usability and security.

ACSAC Annual Computer Security Applications Conference 2014, pages 276–285. Outstanding Paper Award.

The paper demonstrates fundamental limitations of acoustic CAPTCHAS and introduces a novel CAPTCHA approach that utilizes specific capabilities of the human auditory system.

Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky.

You get where you’re looking for: The Impact of Information Sources on Code Security.

IEEE Symposium on Security and Privacy 2016, pages 289–305. NSA Best Scientific Cybersecurity Paper 2016. 

This paper investigates root causes for developers to unintentionally introduce insecure code into mobile applications, finding that the widespread practice of copying and pasting source code from the Internet causes many vulnerabilities.

Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, Matthew Smith.

Obstacles to the adoption of secure communication tools.

IEEE Symposium on Security and Privacy2017, pages 137–153.

This paper identifies a number of incorrect mental models regarding secure communication tools to counter mass surveillance. To this end, the authors interviewed 60 participants about their experience with different communication tools and their perceptions of the tools’ security properties.

Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt.

DROWN: breaking TLS using SSLV2.

USENIX Security Symposium 2016, pages 689–706.

This paper introduces the DROWN attack, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. The paper hadmajor real-world impact, including changes to OpenSSL.

Rafael F. Schaefer, Holger Boche and H. Vincent Poor.

Secure communication under channel uncertainty and adversarial attacks.

Proceedings of the IEEE Symposium on Security and Privacy, 103(10):1796–1813, 2015. Best Paper Award.

This paper solves the long standing open problem of determining the secrecy capacity of wiretap channels under active and passive attacks. It also characterizes the analytic behaviour of the secrecy capacity as a function of channel uncertainties and attacks.

Johannes Dahse, Nikolai Krein and Thorsten Holz.

Code reuse attacks in PHP: Automated POP chain generation.

ACM CCS (ACM Conference on Computer and Communications Security) 2014, pages 42–53. Best Student Paper Award.

This paper introduces a novel attack method against web applications that bypasses all known defenses and demonstrates that a wide variety of applications are vulnerable to such attacks.

Daniel Arp, Michael Spreitzenbarth, Malte Hübner, Hugo Gascon and Konrad Rieck.

DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket.

NDSS ISOC Network and Distributed System Security Symposium 2014.

This paper proposes a lightweight, learning-based analysis method for detecting malicious Android applications. In contrast to previous work, the method is both effective and efficient, and the first to provide explainable detection results to support human analysts.

Céline Blondeau, Gregor Leander and Kaisa Nyberg.

Differential-linear cryptanalysis revisited.

IACR FSE 2014, pages 411–430. Best Paper Award.

This paper carries out a formal analysis of differential-linear cryptanalysis, which is one of the most important cryptanalytic techniques.

Benedikt Driessen, Ralf Hund, Carsten Willems, Christof Paar and Thorsten Holz.

Don’t trust satellite phones: A security analysis of two satphone standards.

IEEE Symposium on Security and Privacy 2012, pages 128–142. Best Paper Award.

This paper presents an empirical security analysis of the two main satellite phone standards and reveals fundamental weaknesses in the used algorithms, demonstrating that both are vulnerable to eavesdropping attacks.

Tibor Jager, Florian Kohlar, Sven Schäge and Jörg Schwenk.

On the security of TLS-DHE in the standard model.

IACR CRYPTO International Cryptology Conference 2012, pages 273–293.

The paper provides the first formal security proof of the TLS protocol with ephemeral Diffie- Hellman key exchange based on standard assumptions. The new ACCE security model has been widely adapted in real world crypto.

Eike Kiltz, Krzysztof Pietrzak, David Cash, Abhishek Jain and Daniele Venturi.

Efficient authentication from hard learning problems.

IACR EUROCRYPT Annual International Conference on the Theory and Applications of Cryptographic Techniques 2011, pages 7–26. Best Paper Award.

In this paper we propose the first symmetric authentication protocol with provable man-in-the -middle security from the learning parity with noise assumption.

David Cash, Dennis Hofheinz, Eike Kiltz and Chris Peikert.

Bonsai trees, or how to delegate a lattice basis.

IACR EUROCRYPT Annual International Conference on the Theory and Applications of Cryptographic Techniques 2010, pages 523–552. Best Paper Award.

The paper proposes a powerful technique for lattice-based cryptography which is inspired by Bonsai pruning. The new Bonsai technique has become the basis of many follow-up works on lattice-based protocols.

Georg T. Becker, Francesco Regazzoni, Christof Paar and Wayne P. Burleson.

Stealthy dopant-level hardware trojans.

IACR Transactions on Cryptographic Hardware and Embedded Systems 2013, volume 8086 of Lecture Notes in Computer Science, pages 197–214. 26.

This paper is the first description of a hardware Trojan which is purely based on atomic changes to the underlying hardware. It attacks the Intel true random number generator and its computational bounds for non-detectability can be proven.

Dennis Hofheinz and Eike Kiltz.

Practical chosen ciphertext secure encryption from factoring.

IACR EUROCRYPT Annual International Conference on the Theory and Applications of Cryptographic Techniques 2009, pages 313–332. Best Paper Award.

We propose a practical public-key encryption scheme whose security against chosen cipher text attacks can be reduced in the standard model to the assumption that factoring is intractable.

Nikol Rummel, Hans Spada and Sabine Hauser.

Learning to collaborate while being scripted or by observing a model.

I. J. Computer-Supported Collaborative Learning, 4(1):69–92, 2009.

Ample research has demonstrated that computer-mediated collaboration needs support to unfolds its potential. This paper discusses an experimental study showing that successful 27 interdisciplinary collaboration in a computer-mediated setting can be promoted by instructional measures.

Tobias J. Oechtering, Rafael F. Wyrembelski, Holger Boche.

Multiantenna bidirectional broadcast channels: optimal transmit strategies.

IEEE Symposium on Security and PrivacyTrans. Signal Processing, 57(5): 1948-1958, 2009. Best Paper Award.

This paper solves the open problem of characterizing the optimal transmit strategy for the bidirectional MIMO broadcast channel. This channel is of central importance for relaycommunication in future wireless systems.

Alexander May and Maike Ritzenhofen.

Implicit factoring: On polynomial time factoring given only an implicit hint.

IACR PKC 2009, pages 1–14. Best Paper Award.

This paper provides an efficient factorization algorithm for RSA moduli given some certain auxiliary information.

Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin and C. Vikkelsoe.

PRESENT: An ultra-lightweight block cipher.

IACR CHES 2007, pages 450–466.

This work introduces the block cipher PRESENT, an extremely efficient cipher tailored for resource constrained devices, which has become an international ISO standard. It is the initial work which started the area of lightweight cryptography. PIs Leander and Paar were the driving forces among this interdisciplinary effort.

Daniel Bleichenbacher, Alexander May.

New Attacks on RSA with Small Secret CRTExponents.

IACR PKC 2006, pages 1–13. Best Paper Award.

This paper provides an efficient attack for certain RSA parameters that are used for fast decryption respectively signing.

Daniel J. Bernstein.

Curve25519: New Diffie-Hellman speed records.

IACR PKC 2006, pages 207–228.

This paper introduces Curve25519 which is one of the fastest elliptic curves. It is used in a wide variety of applications including iOS, OpenSSH, GnuTLS, OpenSSL, Tor, WhatsApp/Signal, and Facebook Messenger.

Anne Adams and Angela Sasse.

Users are not the enemy.

Commun. ACM, 42(12):40–46, 1999.

The paper presents the first study to show that it is not possible to comply with password policies and mechanisms in a modern networked organization, and what the impact for security, organizational productivity and employee morale is. It has become the standard reference in the field of usable security.