Cyber Security in the Age of Large-Scale Adversaries

Research Highlights

Grants and Honours

Mitglied der Leopoldina (2019, Christof Paar)

Program Co-Chair of the IEEE S&P (2021/22, Thorsten Holz)

ERC Advanced Grant  (2015, Christof Paar)

ERC Starting Grant (2014,Thorsten Holz)

ERC Consolidator Grant (2013, Eike Kiltz)

DFG Gottfried Wilhelm Leibniz Prize (2008, Holger Boche)

DFG Heisenberg Professorship (2015, Gregor Leander)

DFG Heinz Maier-Leibnitz Prize (2011, Thorsten Holz)

DFG Emmy-Noether Program (2008, Aydin Sezgin)

NWO Vici Grant (The Netherlands) (2012, Dan Bernstein)

Alexander v. Humboldt-Foundation Sofja Kovalevskaja Award (2010, Eike Kiltz)

13 Best Paper Awards at leading cryptography & security conferences (Various)

ACM SIGSAC Doctoral Dissertation Award (2016, Lucas Davi)

DHL Innovation Award (2013, Gregor Leander, Christof Paar)

IBM Faculty Award (2013, Angela Sasse)

NRW Innovationspreis (2012, Christof Paar)

Facebook Internet Defense Prize at USENIX Security (2014, Thorsten Holz)

German IT-Security Award (first place) (2010, Gregor Leander, Christof Paar)

German IT-Security Award (second place) (2012, Eike Kiltz)

VDE Johann-Philipp-Reis Prize (2007, Holger Boche)

Member of the Leopoldina (2019, Christof Paar)

Fellow of the Royal Academy of Engineering (2015, Angela Sasse)

Fellow of the Institute of Mathematical Statistics (2013, Holger Dette)

IEEE Fellow (2010, Christof Paar)

IEEE Fellow (2011, Holger Boche)

IACR Fellow (2017, Christof Paar)

Young Fellow of NRW Academy of Sciences, Humanities & Arts (2015, Tim Güneysu)

Highlight Publications


Thorben Moos, Amir Moradi, Tobias Schneider, François-Xavier Standaert.

Glitch-Resistant Masking Revisited.

IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(2), 256-292. Best Paper Award.

In this paper, we argue that the lack of proofs for TIs, DOM, UMA and GLM makes the interpretation of their security guarantees difficult as the number of shares increases. For this purpose, we first put forward that the higher-order variants of all these schemes are affected by (local or composability) security flaws in the (robust) probing model, due to insufficient refreshing. (…)


Lea Schönherr, Katharina Kohls, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa.

Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding.

NDSS ISOC Network and Distributed System Security Symposium 2019.

In this paper, we introduce a new type of adversarial examples based on psychoacoustic hiding. Our attack exploits the characteristics of DNN-based ASR systems, where we extend the original analysis procedure by an additional backpropagation step.


Romain Gay, Dennis Hofheinz, Eike Kiltz and Hoeteck Wee.

Tightly CCA-secure encryption without pairings.

IACR EUROCRYPT Annual International Conference on the Theory and Applications of Cryptographic Techniques 2016, pages 1–27, 2016. Best Paper Award.

This paper solves the long standing open problem of constructing a chosen-ciphertext secure encryption scheme with a tight security reduction from standard intractability assumption.


Emre Güler, Cornelius Aschermann, Ali Abbasi, Thorsten Holz.

AntiFuzz: Impeding Fuzzing Audits of Binary Executables.

USENIX Security Symposium: conference proceedings ; Santa Clara, CA, USA, August 14-16, 2019; pp 1931–1948.

In this paper, we introduce several techniques to protect a binary executable against an analysis with automated bug finding approaches that are based on fuzzing, symbolic/concolic execution, and taint-assisted fuzzing (commonly known as hybrid fuzzing). More specifically, we perform a systematic analysis of the fundamental assumptions of bug finding tools and develop general countermeasures for each assumption.


Hendrik Meutzner, Viet-Hung Nguyen, Thorsten Holz and Dorothea Kolossa.

Using automatic speech recognition for attacking acoustic CAPTCHAS: the trade-off between usability and security.

ACSAC Annual Computer Security Applications Conference 2014, pages 276–285. Outstanding Paper Award.

The paper demonstrates fundamental limitations of acoustic CAPTCHAS and introduces a novel CAPTCHA approach that utilizes specific capabilities of the human auditory system.


Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, Christian Stransky.

You get where you’re looking for: The Impact of Information Sources on Code Security.

IEEE Symposium on Security and Privacy 2016, pages 289–305. NSA Best Scientific Cybersecurity Paper 2016. 

This paper investigates root causes for developers to unintentionally introduce insecure code into mobile applications, finding that the widespread practice of copying and pasting source code from the Internet causes many vulnerabilities.


Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, Matthew Smith.

Obstacles to the adoption of secure communication tools.

IEEE Symposium on Security and Privacy2017, pages 137–153.

This paper identifies a number of incorrect mental models regarding secure communication tools to counter mass surveillance. To this end, the authors interviewed 60 participants about their experience with different communication tools and their perceptions of the tools’ security properties.


Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt.

DROWN: breaking TLS using SSLV2.

USENIX Security Symposium 2016, pages 689–706.

This paper introduces the DROWN attack, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. The paper hadmajor real-world impact, including changes to OpenSSL.


Rafael F. Schaefer, Holger Boche and H. Vincent Poor.

Secure communication under channel uncertainty and adversarial attacks.

Proceedings of the IEEE Symposium on Security and Privacy, 103(10):1796–1813, 2015. Best Paper Award.

This paper solves the long standing open problem of determining the secrecy capacity of wiretap channels under active and passive attacks. It also characterizes the analytic behaviour of the secrecy capacity as a function of channel uncertainties and attacks.


Johannes Dahse, Nikolai Krein and Thorsten Holz.

Code reuse attacks in PHP: Automated POP chain generation.

ACM CCS (ACM Conference on Computer and Communications Security) 2014, pages 42–53. Best Student Paper Award.

This paper introduces a novel attack method against web applications that bypasses all known defenses and demonstrates that a wide variety of applications are vulnerable to such attacks.


Daniel Arp, Michael Spreitzenbarth, Malte Hübner, Hugo Gascon and Konrad Rieck.

DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket.

NDSS ISOC Network and Distributed System Security Symposium 2014.

This paper proposes a lightweight, learning-based analysis method for detecting malicious Android applications. In contrast to previous work, the method is both effective and efficient, and the first to provide explainable detection results to support human analysts.


Céline Blondeau, Gregor Leander and Kaisa Nyberg.

Differential-linear cryptanalysis revisited.

IACR FSE 2014, pages 411–430. Best Paper Award.

This paper carries out a formal analysis of differential-linear cryptanalysis, which is one of the most important cryptanalytic techniques.


Benedikt Driessen, Ralf Hund, Carsten Willems, Christof Paar and Thorsten Holz.

Don’t trust satellite phones: A security analysis of two satphone standards.

IEEE Symposium on Security and Privacy 2012, pages 128–142. Best Paper Award.

This paper presents an empirical security analysis of the two main satellite phone standards and reveals fundamental weaknesses in the used algorithms, demonstrating that both are vulnerable to eavesdropping attacks.


Tibor Jager, Florian Kohlar, Sven Schäge and Jörg Schwenk.

On the security of TLS-DHE in the standard model.

IACR CRYPTO International Cryptology Conference 2012, pages 273–293.

The paper provides the first formal security proof of the TLS protocol with ephemeral Diffie- Hellman key exchange based on standard assumptions. The new ACCE security model has been widely adapted in real world crypto.


Eike Kiltz, Krzysztof Pietrzak, David Cash, Abhishek Jain and Daniele Venturi.

Efficient authentication from hard learning problems.

IACR EUROCRYPT Annual International Conference on the Theory and Applications of Cryptographic Techniques 2011, pages 7–26. Best Paper Award.

In this paper we propose the first symmetric authentication protocol with provable man-in-the -middle security from the learning parity with noise assumption.


David Cash, Dennis Hofheinz, Eike Kiltz and Chris Peikert.

Bonsai trees, or how to delegate a lattice basis.

IACR EUROCRYPT Annual International Conference on the Theory and Applications of Cryptographic Techniques 2010, pages 523–552. Best Paper Award.

The paper proposes a powerful technique for lattice-based cryptography which is inspired by Bonsai pruning. The new Bonsai technique has become the basis of many follow-up works on lattice-based protocols.


Georg T. Becker, Francesco Regazzoni, Christof Paar and Wayne P. Burleson.

Stealthy dopant-level hardware trojans.

IACR Transactions on Cryptographic Hardware and Embedded Systems 2013, volume 8086 of Lecture Notes in Computer Science, pages 197–214. 26.

This paper is the first description of a hardware Trojan which is purely based on atomic changes to the underlying hardware. It attacks the Intel true random number generator and its computational bounds for non-detectability can be proven.


Dennis Hofheinz and Eike Kiltz.

Practical chosen ciphertext secure encryption from factoring.

IACR EUROCRYPT Annual International Conference on the Theory and Applications of Cryptographic Techniques 2009, pages 313–332. Best Paper Award.

We propose a practical public-key encryption scheme whose security against chosen cipher text attacks can be reduced in the standard model to the assumption that factoring is intractable.


Nikol Rummel, Hans Spada and Sabine Hauser.

Learning to collaborate while being scripted or by observing a model.

I. J. Computer-Supported Collaborative Learning, 4(1):69–92, 2009.

Ample research has demonstrated that computer-mediated collaboration needs support to unfolds its potential. This paper discusses an experimental study showing that successful 27 interdisciplinary collaboration in a computer-mediated setting can be promoted by instructional measures.


Tobias J. Oechtering, Rafael F. Wyrembelski, Holger Boche.

Multiantenna bidirectional broadcast channels: optimal transmit strategies.

IEEE Symposium on Security and PrivacyTrans. Signal Processing, 57(5): 1948-1958, 2009. Best Paper Award.

This paper solves the open problem of characterizing the optimal transmit strategy for the bidirectional MIMO broadcast channel. This channel is of central importance for relaycommunication in future wireless systems.


Alexander May and Maike Ritzenhofen.

Implicit factoring: On polynomial time factoring given only an implicit hint.

IACR PKC 2009, pages 1–14. Best Paper Award.

This paper provides an efficient factorization algorithm for RSA moduli given some certain auxiliary information.


Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin and C. Vikkelsoe.

PRESENT: An ultra-lightweight block cipher.

IACR CHES 2007, pages 450–466.

This work introduces the block cipher PRESENT, an extremely efficient cipher tailored for resource constrained devices, which has become an international ISO standard. It is the initial work which started the area of lightweight cryptography. PIs Leander and Paar were the driving forces among this interdisciplinary effort.


Daniel Bleichenbacher, Alexander May.

New Attacks on RSA with Small Secret CRTExponents.

IACR PKC 2006, pages 1–13. Best Paper Award.

This paper provides an efficient attack for certain RSA parameters that are used for fast decryption respectively signing.


Daniel J. Bernstein.

Curve25519: New Diffie-Hellman speed records.

IACR PKC 2006, pages 207–228.

This paper introduces Curve25519 which is one of the fastest elliptic curves. It is used in a wide variety of applications including iOS, OpenSSH, GnuTLS, OpenSSL, Tor, WhatsApp/Signal, and Facebook Messenger.


Anne Adams and Angela Sasse.

Users are not the enemy.

Commun. ACM, 42(12):40–46, 1999.

The paper presents the first study to show that it is not possible to comply with password policies and mechanisms in a modern networked organization, and what the impact for security, organizational productivity and employee morale is. It has become the standard reference in the field of usable security.


Third Party Funding

ERC Advanced Grant 20162021 Paar

ERC Consolidator Grant 20142019 Kiltz

ERC Starting Grant 20152020 Holz

NWO Vici Grant 20122017 Bernstein

AvH Sofja Kovalevskaja Award 20102015 Kiltz

DFG Heisenberg Professorship 20152018 Leander

DFG Research Training Group “Cryptography for Ubiquitous Computing" 2012 – 2017 May (co-spokesperson), Paar (cospokesperson),Dürmuth, Güneysu, Holz, Kiltz, Kolossa, Leander, Schwenk

NRW Doctoral Training Group “Security for Humans in Cyberspace” 20162019 Paar (spokesperson), Dürmuth, Holz, Kiltz, Kolossa, May, Rummel

NRW Doctoral Training Group “Human-Centered Systems Security“ 2017 2020 Holz (co-spokesperson), Schwenk (cospokesperson), Dürmuth

Projects in DFG SFB “Statistical modeling of nonlinear dynamic processes” 20132021 Dette (deputy spokesperson)

GCHQ/EPSRC project “UK Research Institute in Science of Cyber Security (RISCS)” 20102021 Sasse (director)

EU project “Post-quantum cryptography for longterm security” 2015 – 2018 Bernstein (co-coordinator), Lange (co-coordinator), Güneysu, Paar

EU project “FutureTrust” 20162019 Schwenk (coordinator)

EU European Training Network “ECRYPT-NET” 20152018 Bernstein, Güneysu, Kiltz, Lange, May, Paar

BMWi project “Secure eMobility” 2012 – 2014 Güneysu, Holz, Paar, Schwenk

User login

Enter your username and password here in order to log in on the website