Prof. Dr. Jörg Schwenk

  • Professor/in - Lehrstuhl Netz- und Datensicherheit
  • Mitglied - Institut Horst Görtz Institut für IT-Sicherheit
Schwenk, Jörg

Adresse

Ruhr-Universität Bochum
Lehrstuhl für Netz- und Datensicherheit
Universitätsstraße 150
D-44801 Bochum

Studentensprechstunden:
Dienstag 14:00-15:00 Uhr,
Donnerstag 13:00-14:00 Uhr

Raum
ID 2/469
Telefon:
(+49)(0)234 / 32 - 26692
Fax:
(+49)(0)234 / 32 - 14347
E-Mail:
joerg.schwenk@rub.de PGP Schlüssel S/MIME Schlüssel

Lebenslauf

  • seit 2003: Inhaber des Lehrstuhls für Netz- und Datensicherheit an der Ruhr-Universität Bochum
  • 2007 - 2010: Geschäftsführender Direktor des Horst Görtz Instituts für IT Sicherheit
  • seit 2007: Stellv. Geschäftsführender Direktor des Rechenzentrums der Ruhr-Universität Bochum

Bücher

Lehrveranstaltungen

Veröffentlichungen

2021
ALPACA: Application Layer Protocol Confusion-Analyzing and Mitigating Cracks in TLS Authentication

Marcus Brinkmann, Christian Dresen, Robert Merget, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Jörg Schwenk, Sebastian Schinzel - 30th USENIX Security Symposium, August 11–13, 2021, Vancouver, B.C., Canada

Breaking the Specification: PDF Certification

Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jörg Schwenk - 42nd IEEE Symposium on Security and Privacy (S&P 2021)

Vulnerability Report: Attacks on PDF Certification

Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jörg Schwenk

Processing Dangerous Paths - On Security and Privacy of the Portable Document Format

Jens Müller, Dominik Noß, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - 28th Network and Distributed System Security Symposium (NDSS 2021)

2020
Powerless Security – A Security Analysis of in-Home Power Line Communications based on HomePlug AV2

Stefan Hoffmann, Jens Müller, Jörg Schwenk, Gerd Bumiller - 18th International Conference on Applied Cryptography and Network Security (ACNS 2020)

Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)

Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky, Johannes Mittmann, Jörg Schwenk - 30th USENIX Security Symposium, August 11–13, 2021, Vancouver, B.C., Canada

Mitigation of Attacks on Email End-to-End Encryption

Jörg Schwenk, Marcus Brinkmann, Damian Poddebniak, Jens Müller, Juraj Somorovsky, Sebastian Schinzel - ACM CCS 2020 - November 9-13, 2020

Vulnerability Report Attacks bypassing the signature validation in PDF (Shadow Attacks)

Christian Mainka, Vladislav Mladenov, Simon Rohlmann, Jörg Schwenk

Office Document Security and Privacy

Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk - 14th USENIX Workshop on Offensive Technologies (WOOT 2020)

Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk - 8th IEEE Conference on Communications and Network Security (CNS 2020)

Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework

Benjamin Dowling, Paul Rösler, Jörg Schwenk - IACR International Conference on Practice and Theory in Public Key Cryptography, PKC 2020

T0RTT: Non-Interactive Immediate Forward-Secure Single-Pass Circuit Construction

Sebastian Lauer, Kai Gellert, Robert Merget, Tobias Handirk, Jörg Schwenk

2019
Practical Decryption exFiltration: Breaking PDF Encryption

Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk - 26th ACM Con­fe­rence on Com­pu­ter and Com­mu­ni­ca­ti­ons Se­cu­ri­ty

Vulnerability Report: Attacks bypassing confidentiality in encrypted PDF

Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, Jörg Schwenk

Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, Yuval Shavitt - 28th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty '19)

“Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, Jörg Schwenk - 28th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty '19)

1 Trillion Dollar Refund – How To Spoof PDF Signatures

Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk - 26th ACM Conference on Computer and Communications Security

Re: What's up Johnny? – Covert Content Attacks on Email End-to-End Encryption

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk - 17th International Conference on Applied Cryptography and Network Security (ACNS 2019)

Efail: Angriffe auf S/MIME und OpenPGP

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk - 16. Deutscher IT-Sicherheitskongress

Sicherheitsanalyse von eID/eIDAS-Diensten

Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk - 16. Deutscher IT-Sicherheitskongress

Security Analysis of XAdES Validation in the CEF Digital Signature Services (DSS)

Nils Engelbertz, Vladislav Mladenov, Juraj Somorovsky, Nurullah Erinnola, David Herring, Jörg Schwenk

Vulnerability Report: Attacks bypassing the signature validation in PDF

Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk

2018
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk - 27th USE­NIX Se­cu­ri­ty Sym­po­si­um (USE­NIX Se­cu­ri­ty 18)

The Dangers of Key Reuse: Practical Attacks on IPsec IKE

Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek - 27th USENIX Security Symposium, August 15–17, 2018, Baltimore, MD, USA

PostScript Undead: Pwning the Web with a 35 Years Old Language

Jens Müller, Vladislav Mladenov, Dennis Felsch, Jörg Schwenk - 21st International Symposium on Research in Attacks, Intrusions, and Defenses (RAID 2018)

Security Analysis of eIDAS – The Cross-Country Authentication Scheme in Europe

Nils Engelbertz, Nurullah Erinola, David Herring, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk - 12th USE­NIX Work­shop on Of­fen­si­ve Tech­no­lo­gies (WOOT '18)

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

Paul Rösler, Christian Mainka, Jörg Schwenk - IEEE European Symposium on Security and Privacy, EuroS&P 2018

2017
Out of the Dark: UI Redressing and Trustworthy Events

Marcus Niemietz, Jörg Schwenk - 16th International Conference on Cryptology And Network Security (CANS 2017)

On The (In-)Security Of JavaScript Object Signing And Encryption

Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - ROOTS, November 16–17, 2017, Vienna, Austria

Same-Origin Policy: Evaluation in Modern Browsers

Jörg Schwenk, Marcus Niemietz, Christian Mainka - 26th USENIX Security Symposium (USENIX Security 17)

Breaking and Fixing Gridcoin

Martin Grothe, Tobias Niemann, Juraj Somorovsky, Jörg Schwenk - 11th USENIX Workshop on Offensive Technologies (WOOT '17)

DOMPurify: Client-Side Protection Against XSS and Markup Injection

Mario Heiderich, Christopher Späth, Jörg Schwenk - (2017, September). DOMPurify: Client-Side Protection Against XSS and Markup Injection. In European Symposium on Research in Computer Security (ESORICS), Springer, Cham.

Simple Security Definitions for and Constructions of 0-RTT Key Exchange

Britta Hale, Tibor Jager, Sebastian Lauer, Jörg Schwenk - 15th International Conference on Applied Cryptography and Network Security - ACNS 2017

SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

Dennis Felsch, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017

SoK: Exploiting Network Printers

Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk - 38th IEEE Symposium on Security and Privacy (S&P 2017)

SoK: Single Sign-On Security – An Evaluation of OpenID Connect

Christian Mainka, Vladislav Mladenov, Tobias Wich, Jörg Schwenk - IEEE Eu­ropean Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (EuroS&P 2017)

2016
Breaking PPTP VPNs via RADIUS Encryption

Matthias Horst, Martin Grothe, Tibor Jager, Jörg Schwenk - 15th International Conference on Cryptology and Network Security (CANS)

Evaluating Two Methods for WS-(Security) Policy Negotiation and Decision Making

Jörg Schwenk - Cloud and Trusted Computing (C&TC 2016), part of: The 15th OnTheMove to Meaningful Internet Systems: (OTM 2016) Conferences, 24-28 Oct 2016, Rhodes, Greece.

SoK: XML Parser Vulnerabilities

Christopher Späth, Christian Mainka, Vladislav Mladenov, Jörg Schwenk - 10th USENIX Workshop on Offensive Technologies (WOOT '16)

How to Break Microsoft Rights Management Services

Martin Grothe, Christian Mainka, Paul Rösler, Jörg Schwenk - 10th USENIX Workshop on Offensive Technologies (WOOT '16)

Your Cloud in my Company: Modern Rights Management Services Revisited

Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, Jörg Schwenk - 11th International Conference on Availability, Reliability and Security (ARES 2016)

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Christian Mainka, Vladislav Mladenov, Jörg Schwenk - IEEE Eu­ropean Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (EuroS&P 2016)

How Secure is TextSecure?

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz - IEEE European Symposium on Security and Privacy (EuroS&P 2016)

2015
Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite

Christian Mainka, Vladislav Mladenov, Tim Guenther, Jörg Schwenk - Open Identity Summit 2015

How Private is Your Private Cloud?: Security Analysis of Cloud Control Interfaces

Dennis Felsch, Mario Heiderich, Frederic Schulz, Jörg Schwenk - ACM CCSW 2015 in conjunction with the ACM Conference on Computer and Communications Security (CCS) October 16, 2015, The Denver Marriot City Center, Denver, Colorado, USA.

Sicherheitsanalyse der Private Cloud Interfaces von openQRM

Frederic Schulz, Dennis Felsch, Jörg Schwenk - In Proceedings of the DACH Security 2015, Bonn, Germany

AdIDoS - Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services

Christian Altmeier, Christian Mainka, Juraj Somorovsky, Jörg Schwenk - International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria, 2015

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

Tibor Jager, Jörg Schwenk, Juraj Somorovsky - ACM CCS 2015

Practical Invalid Curve Attacks on TLS-ECDH

Tibor Jager, Jörg Schwenk, Juraj Somorovsky - ESORICS 2015

Not so Smart: On Smart TV Apps

Marcus Niemietz, Juraj Somorovsky, Christian Mainka, Jörg Schwenk - International Workshop on Secure Internet of Things (SIoT 2015, Vienna, Austria)

Waiting for CSP — Securing Legacy Web Applications with JSAgents

Mario Heiderich, Marcus Niemietz, Jörg Schwenk - Waiting for CSP — Securing Legacy Web Applications with JSAgents, ESORICS 2015, 20th European Symposium on Research in Computer Security

How to Break XML Encryption - Automatically

Dennis Kupser, Christian Mainka, Jörg Schwenk, Juraj Somorovsky - In Proceedings of the 9th USENIX Workshop on Offensive Technologies (WOOT), 2015

Semi-Automated Fuzzy MCDM and Lattice Solutions for WS-Policy Intersection

Jörg Schwenk - IEEE 5th International Workshop on Security and Privacy Engineering SPE2015, within IEEE SERVICES 2015 June 27 and July 2, 2015, New York, NY, USA

Owning Your Home Network: Router Security Revisited

Marcus Niemietz, Jörg Schwenk - W2SP 2015: Web 2.0 Security & Privacy 2015 (San Jose, California)

2014
Your Software at my Service

Vladislav Mladenov, Christian Mainka, Florian Feldmann, Julian Krautwald, Jörg Schwenk - ACM CCSW 2014 in conjunction with the ACM Conference on Computer and Communications Security (CCS) November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA.

Multi-Ciphersuite Security of the Secure Shell (SSH) Protocol

Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk, Douglas Stebila - ACM Conference on Computer and Communications Security - Best Student Paper Award -

How Secure is TextSecure?

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, Thorsten Holz - Cryptology ePrint Archive, Report 2014/904, 31 Oct 2014

On the Security of Holder-of-Key Single Sign-On

Andreas Mayer, Vladislav Mladenov, Jörg Schwenk - Sicherheit 2014: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 7. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 19.-21. März 2014, Wien, Österreich

Strengthening Web Authentication through TLS - Beyond TLS Client Certificates

Vladislav Mladenov, Florian Feldmann, Christopher Meyer, Andreas Mayer, Jörg Schwenk - Open Iden­ti­ty Sum­mit 2014 Sep­tem­ber 4th - 6th 2014, Frauenhofer IZS, Stuttgart, Ger­ma­ny, http://?openidentity.?eu

Guardians of the Clouds: When Identity Providers Fail

Andreas Mayer, Marcus Niemietz, Vladislav Mladenov, Jörg Schwenk - ACM CCSW 2014 in conjunction with the ACM Conference on Computer and Communications Security (CCS) November 7, 2014, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA.

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

Christopher Meyer, Juraj Somorovsky, Jörg Schwenk, Eugen Weiss, Sebastian Schinzel, Erik Tews - USENIX Security 2014

New Modular Compilers for Authenticated Key Exchange

Yong Li, Sven Schäge, Zheng Yang, Christoph Bader, Jörg Schwenk - In Proceedings the 12th International Conference, ACNS 2014

Scriptless attacks: Stealing more pie without touching the sill

Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk - Journal of Computer Security, Volume 22, Number 4 / 2014, Web Application Security – Web @ 25

On the Security of the Pre-Shared Key Ciphersuites of TLS

Yong Li, Sven Schäge, Zheng Yang, Florian Kohlar, Jörg Schwenk - In Proceedings of the 17th International Conference on Practice and Theory in Public-Key Cryptography (PKC), 2014

Secure Fallback Authentication and the Trusted Friend Attack

Ashar Javed, David Bletgen, Florian Kohlar, Markus Dürmuth, Jörg Schwenk - Proceedings International Conference on Distributed Computing Systems Workshops (ICDCS Workshops), 2014.

2013
mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations

Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang - 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013

Options for Integrating eID and SAML

Hühnlein, Detlef, Jörg Schwenk, Tobias Wich, Vladislav Mladenov, Florian Feldmann, Andreas Mayer, Schmölz, Johannes, Bruegger, Bud P., Horsch, Moritz - CCS 2013 Post-Conference Workshop, Digital Identity Management (DIM)

Sicherer Schlüssel- und Informationsaustausch mit SAML

Dennis Felsch, Thorsten Schreiber, Christopher Meyer, Florian Feldmann, Jörg Schwenk - In Proceedings of the DACH Security 2013, Nürnberg, Germany

How to authenticate mobile devices in a web environment - The SIM-ID approach

Florian Feldmann, Jörg Schwenk - Open Identity Summit 2013 September 9th - 11th 2013, Kloster Banz, Germany http://openidentity.eu

SoK: Lessons Learned From SSL/TLS Attacks

Christopher Meyer, Jörg Schwenk - In Proceedings of "The 14th International Workshop on Information Security Applications (WISA2013)"

Towards Elimination of Cross-Site Scripting on Mobile Versions of Web Applications

Ashar Javed, Jörg Schwenk - In Pro­cee­dings of The 14th International Workshop on Information Security Applications (WISA2013), August 19-21 (2013), Jeju Island, Korea

A new Approach towards DoS Penetration Testing on Web Services

Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, Jörg Schwenk - IEEE 20th International Conference on Web Services (IEEE ICWS 2013)

Secure Bindings for Browser-based Single Sign-On

Andreas Mayer, Florian Kohlar, Lijun Liao, Jörg Schwenk - In 13. Deutscher IT-Sicherheitskongress des BSI: Informationssicherheit stärken --- Vertrauen in die Zukunft schaffen, Seiten 375--390, SecuMedia Verlag

Penetration Test Tool for XML-based Web Services

Christian Mainka, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk - International Symposium on Engineering Secure Software and Systems 2013

Randomly Failed! The State of Randomness in Current Java Implementations

Kai Michaelis, Christopher Meyer, Jörg Schwenk - Cryptography track at RSA Conference 2013 (CT-RSA 2013)

A new approach for WS-Policy Intersection using Partial Ordered Sets

Christian Mainka, Jörg Schwenk - 5th Central European Workshop on Services and their Composition, ZEUS 2013 February 21-22, 2013, Rostock, Germany

On the analysis of cryptographic assumptions in the generic ring model

Tibor Jager, Jörg Schwenk - Journal of Cryptology

2012
UI Redressing Attacks on Android Devices

Marcus Niemietz, Jörg Schwenk - Black Hat Abu Dhabi 2012

Sometimes it's better to be STUCK! - SAML Transportation Unit for Cryptographic Keys

Christopher Meyer, Florian Feldmann, Jörg Schwenk - 15th Annual International Conference on Information Security and Cryptology, ICISC 2012

Scriptless Attacks – Stealing the Pie Without Touching the Sill

Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk - 19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012

On the Security of TLS-DHE in the Standard Model

Tibor Jager, Florian Kohlar, Sven Schäge, Jörg Schwenk - In Advances in Cryptology – CRYPTO 2012, Lecture Notes in Computer Science, 2012, Volume 7417/2012, 273-293, DOI: 10.1007/978-3-642-32009-5_17

On Breaking SAML: Be Whoever You Want to Be

Juraj Somorovsky, Andreas Mayer, Jörg Schwenk, Marco Kampmann, Meiko Jensen - In Proceedings of the 21st USENIX Security Symposium, 2012

Penetration Testing Tool for Web Services Security

Christian Mainka, Juraj Somorovsky, Jörg Schwenk - In Proceeding of the IEEE 2012 Services Workshop on Security and Privacy Engineering (SPE2012)

Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption

Juraj Somorovsky, Jörg Schwenk - In Proceedings of the SERVICES Workshop on Security and Privacy Engineering, 2012

Sec2: Secure Mobile Solution for Distributed Public Cloud Storages

Juraj Somorovsky, Christopher Meyer, Thang Tran, Mohamad Sbeiti, Jörg Schwenk, Christian Wietfeld - In Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012

XSpRES: Robust and Effective XML Signatures for Web Services

Christian Mainka, Meiko Jensen, Lo Iacono, Luigi, Jörg Schwenk - In Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), 2012

XSpRES: XML-Signaturen, aber sicher!

Christian Mainka, Junker, Holger, Lo Iacono, Luigi, Jörg Schwenk - DuD - Datenschutz und Datensicherheit Ausgabe 04/2012

XML Signature Wrapping: Die Kunst SAML Assertions zu fälschen

Andreas Mayer, Jörg Schwenk - In 19. DFN~Workshop: Sicherheit in vernetzten Systemen, Seiten H1-H15, BoD - Books on Demand

2011
The Bug that made me President: A Browser- and Web-Security Case Study on Helios Voting

Mario Heiderich, Tilman Frosch, Marcus Niemietz, Jörg Schwenk - International Conference on E-voting and Identity (VoteID), 2011, Tallinn, Estonia, September 2011

On the E ffectiveness of XML Schema Validation for Countering XML Signature Wrapping Attacks

Meiko Jensen, Christopher Meyer, Juraj Somorovsky, Jörg Schwenk - In IWSSC 2011: First International Workshop on Securing Services on the Cloud, Sept. 2011

All Your Clouds are Belong to us – Security Analysis of Cloud Management Interfaces

Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono - In Proceedings of the ACM Cloud Computing Security Workshop (CCSW), 2011.

The Power of Recognition: Secure Single Sign-On using TLS Channel Bindings

Jörg Schwenk, Florian Kohlar, Marcus Amon - In Proceedings of the Seventh ACM Workshop on Digital Identity Management (DIM) (October 21, 2011, Chicago, IL, USA. Collocated with ACM CCS 2011) Copyright 2011 ACM 978-1-4503-1006-2/11/10…$10.00.

Sec2 – Ein mobiles Nutzer-kontrolliertes Sicherheitskonzept für Cloud-Storage

Christopher Meyer, Juraj Somorovsky, Jörg Schwenk, Benedikt Driessen, Thang Tran, Christian Wietfeld - In Proceedings of the DACH Security 2011, Oldenburg, Germany

MARV - Data Level Confidentiality Protection in BPEL-based Web Service Compositions

Majernik, Filip, Meiko Jensen, Jörg Schwenk - In Proceedings of the 6th International Conference on Network Architectures and Information Systems Security (SAR-SSI), La Rochelle, France.

Security Prospects through Cloud Computing by Adopting Multiple Clouds

Bohli, Jens-Matthias, Meiko Jensen, Gruschka, Nils, Lo Iacono, Luigi, Jörg Schwenk - In Proceedings of the 4th IEEE International Conference on Cloud Computing (CLOUD), Washington, D.C., USA.

Sicheres Single Sign-On mit dem SAML Holder-of-Key Web Browser SSO Profile und SimpleSAMLphp

Andreas Mayer, Jörg Schwenk - In 12. Deutscher IT-Sicherheitskongress des BSI: Sicher in die digitale Welt von morgen, Seiten 33--46, SecuMedia Verlag

2010
Generic Compilers for Authenticated Key Exchange

Tibor Jager, Florian Kohlar, Sven Schäge, Jörg Schwenk - In Proceedings of ASIACRYPT 2010, Singapore

Security Analysis of OpenID

Pavol Sovis, Florian Kohlar, Jörg Schwenk - In "Securing Electronic Business Processes - Highlights of the Information Security Solutions Europe 2010 Conference", 2010.

Group Key Agreement Performance in Wireless Mesh Networks

Andreas Noack, Jörg Schwenk - 35th Annual IEEE Conference on Local Computer Networks and Workshops, LCN 2010

A New RSA-Based Signature Scheme

Sven Schäge, Jörg Schwenk - AFRICACRYPT 2010, Third International Conference on Cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010.

Strea­ming-Ba­sed Ve­ri­fi­ca­ti­on of XML Si­gna­tu­res in SOAP Mes­sa­ges

Juraj Somorovsky, Meiko Jensen, Jörg Schwenk - In Pro­cee­dings of the IEEE In­ter­na­tio­nal Work­shop on Web Ser­vice and Busi­ness Pro­cess Se­cu­ri­ty (WSBPS), Miami, Flo­ri­da, U.S.A., 2010.

Streaming-based verification of XML Signatures in SOAP Messages

Jörg Schwenk, Meiko Jensen, - In Proceedings of the IEEE 2010 International Workshop on Web Service and Business Process Security (WSBPS 2010), Miami, FL, USA.

Towards an Anonymous Access Control and Accountability Scheme for Cloud Computing

Jörg Schwenk, Sven Schäge, Meiko Jensen, - In Proceedings of the 3rd IEEE International Conference on Cloud Computing (IEEE CLOUD 2010), Miami, FL, USA.

A CDH-Based Ring Signature Scheme with Short Signatures and Public Keys

Jörg Schwenk, Sven Schäge, - Financial Cryptography Fourteenth International Conference, FC 2010, Tenerife, Spain, January 25-28, 2010.

Secure Bindings of SAML Assertions to TLS Sessions

Jörg Schwenk, Sebastian Gajek, Meiko Jensen, Florian Kohlar, - Proceedings of the Fifth International Conference on Availability, Reliability and Security (ARES), Krakow, Poland.

2009
Analysis of Signature Wrapping Attacks and Countermeasures

Jörg Schwenk, Sebastian Gajek, Lijun Liao, Meiko Jensen, - Proceedings of the 7th IEEE International Conference on Web Services (ICWS), Los Angeles, USA, 2009.

Extending the Similarity-Based XML Multicast Approach with Digital Signatures

Jörg Schwenk, Meiko Jensen, Antonia Azzini, Stefania Marrara - Proceedings of the ACM Workshop on Secure Web Services (SWS), Chicago, Illinois, U.S.A.

Group Key Agreement for Wireless Mesh Networks

Jörg Schwenk, Andreas Noack, - The 5th LCN Workshop on Security in Communications Networks (SICK 2009) Zürich, Switzerland; 20-23 October 2009

On Technical Security Issues in Cloud Computing

Jörg Schwenk, Meiko Jensen, Nils Gruschka, Luigi Lo Iacono - Proceedings of the IEEE International Conference on Cloud Computing (CLOUD-II 2009), Bangalore, India

The Accountability Problem of Flooding Attacks in Service-Oriented Architectures

Jörg Schwenk, Meiko Jensen, - Proceedings of the IEEE International Conference on Availability, Reliability, and Security (ARES)

The Curse of Namespaces in the Domain of XML Signature

Jörg Schwenk, Lijun Liao, Meiko Jensen, - Proceedings of the ACM Workshop on Secure Web Services (SWS), Chicago, Illinois, U.S.A.

2008
A Brow­ser-Ba­sed Ker­be­ros Au­then­ti­ca­ti­on Sche­me

Sebastian Gajek, Tibor Jager, Mark Manulis, Jörg Schwenk - ESORICS 2008

On the equivalence of generic group models

Tibor Jager, Jörg Schwenk - ProvSec 2008

A novel solution for end-to-end integrity protection in signed PGP mail

Jörg Schwenk, Lijun Liao, - ICICS 2008, Birmingham, UK

Code Voting with Linkable Group Signatures

Jörg Schwenk, Sven Schäge, Jörg Helbach - 3rd International Conference, Co-organized by Council of Europe, Gesellschaft für Informatik and E-Voting.CC, August 6th-9th, 2008 in Castle Hofen, Bregenz, Austria 2008. In LNI, 2008.

Modeling and Transformation of Security Requirements: An Approach for Service-oriented Architectures

Jörg Schwenk, Meiko Jensen, Ralph Herkenhöner, Sven Feja, Hermann de Meer, Andreas Speck - Proceedings of the First Euro-NF Workshop on Future Internet Architecture: New Trends in Service & Networking Architectures, 21. November 2008, Paris, France

Nutzung von selbstsignierten Client-Zertifikaten zur Authentifikation bei SSL/TLS

Tibor Jager, Heiko Jäkel, Jörg Schwenk - Sicherheit 2008.

Provably Secure Browser-Based User-Aware Mutual Authentication over TLS

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - Accepted for ASIACCS'08.

Securing Email Communication with XML Technology

Jörg Schwenk, Lijun Liao, Mark Manulis, - "Handbook of Research on Information Security and Assurance", to be published in August 2008 by Information Science Reference.

Stronger TLS Bindings for SAML Assertions and SAML Artifacts

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Proceedings of the ACM CCS Workshop for Secure Web Services (ACM SWS'08), Virginia (USA), 2008.

TLS Federation - a Secure and Relying-Party-Friendly Approach for Federated Identity Management

Jörg Schwenk, - This paper describes a novel approach that integrates Federated IDM and SSL.

Universally Composable Security Analysis of TLS

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, Olivier Pereira - Accepted for the Second Confer­ence on Provable Security (ProvSec), 2008.

2007
Trusted User-Aware Web Authentication

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy, - Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007.

Aktuelle Gefahren im Onlinebanking-Technische und Juristische Hintergründe.

Jörg Schwenk, Georg Borges, Sebastian Gajek, Christoph Wegener, Isabelle Biallaß, Julia Meyer, Dennis Werner - In Proceedings of the 10th German IT Security Congress, Federal Office for Information Security, Bonn (Germany), 2007.

Breaking and Fixing the Inline Approach.

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Proceedings of the ACM CCS Workshop for Secure Web Services (ACM SWS'07), Alexandria (USA), 2007 .

Browser Models for Usable Authentication Protocols

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - Presented at the Workshop on Web 2.0 Security and Privacy (W2SP 2007) held in conjunction with the IEEE Symposium on Security and Privacy, Oakland, California, May 24, 2007.

Browser Models for Usable Authentication Protocols.

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - In Proceedings of the IEEE Security and Privacy Workshop on Web 2.0 Security and Privacy (W2SP'07), Oakland (USA), 2007.

Browser-based Authentication Protocols for Naive Users.

Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis, - accepted for presentation at the Western European Workshop on Research in Cryptology (WEWoRC 2007), Bochum (Germany), 2007.

End-to-End Header Protection in S/MIME and PGP Mail.

Jörg Schwenk, Lijun Liao, - Postersession in the 10th German IT Security Congress, Federal Office for Information Security, Bonn (Germany), 2007.

End-to-End Header Protection in Signed S/MIME.

Jörg Schwenk, Lijun Liao, - In Proceedings of the 2nd International Symposium on Information Security (IS'07), Nov 26-27, 2007 in Vilamoura, Algarve, Portugal.

On Security Models and Compilers for Group Key Exchange Protocols.

Jörg Schwenk, Mark Manulis, Emmanuel Bresson - In Proceedings of the 2nd International Workshop on Security (IWSEC 2007), Nara (Japan), 2007.

Provably Secure Framework for Information Aggregation in Sensor Networks.

Jörg Schwenk, Mark Manulis, - In Proceedings of the International Conference on Computational Science and Its Applications (ICCSA 2007), Kuala Lumpur (Malaysia), 2007 .

Secure Emails in XML Format Using Web Services.

Jörg Schwenk, Lijun Liao, - In Proceedings of the 5th IEEE European Conference on Web Services (ECOWS 07), November 26-28, 2007 in Halle (Saale), Germany.

Secure Internet Voting With Code Sheets.

Jörg Schwenk, Jörg Helbach - In Proceedings of the FIDIS First Conference on E-Voting and Identity. Bochum (Germany), 4-5 October 2007.

Securing Email Communication with XML Technology.

Jörg Schwenk, Lijun Liao, - The 2007 International Conference on Internet Computing (ICOMP 2007), 25-28 June 2007, Las Vegas, USA.

Signieren mit Chipkartensystemen in unsicheren Umgebungen - Homebanking mit Secure HBCI/FinTS

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Datenschutz und Datensicherheit, Ausgabe 2007/11

SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services .

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - In Proceedings of the IEEE ECOWS Workshop on Emerging Web Services Technology (WEWST'07), Halle (Germany), 2007 .

Towards a Formal Semantic of XML Signature.

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - W3C Workshop Next Steps for XML Signature and XML Encryption, Mountain View (USA), 2007.

Trustworthy Signing with Smart Card System in Untrustworthy Environments.

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - e-Smart conference and demos 2007, 19-21 September 2007, Sophia Antipolis, French Riviera.

Using Two-Steps Hash Function to Support Trustworthy Signing.

Jörg Schwenk, Sebastian Gajek, Lijun Liao, - Western European Workshop on Research in Cryptology (WEWoRC 2007), Bochum (Germany), 2007.

2006
A Case Study on Online-Banking Security.

Jörg Schwenk, Sebastian Gajek, Henrik te Heesen - International Conference on Emerging Trends in Information and Communication Security (ETRICS'06) Workshop on Security and Privacy in Future Business Services, Freiburg (Germany), 2006 .

Linkable Democratic Group Signatures

Jörg Schwenk, Ahmad-Reza Sadeghi, Mark Manulis, - Accepted for 2nd Information Security Practice and Experience Conference (ISPEC 2006), 11.-14. April, Hangzhou, China.

Reversed Responsibilities: Browser Authentication instead of Server Authentication.

Jörg Schwenk, Sebastian Gajek, - Workshop on Transparency and Usability of Web Authentication, New York (USA), 2006.

SSL-VA-Authentifizierung als Schutz vor Phishing und Pharming.

Jörg Schwenk, Sebastian Gajek, Christoph Wegener, - accepted for Sicherheit - Schutz und Zuverlässigkeit, February 20, 2006, Magdeburg, Germany.

2005
Fair DRM - Ermöglichen von Privatkopien und Schutz digitaler Waren

Jörg Schwenk, Ulrich Greveler, Andre Adelsbach, - accepted for 9. Deutscher IT-Sicherheitskongress des BSI, Mai 2005.

Identitätsmissbrauch im Onlinebanking

Jörg Schwenk, Sebastian Gajek, Christoph Wegener, - Datenschutz und Datensicherheit, Ausgabe 11, 2005.

Phishing - Die Täuschung des Benutzers zur Preisgabe geheimer Benutzerdaten

Jörg Schwenk, Sebastian Gajek, Andre Adelsbach, - 9. Deutscher IT-Sicherheitskongress des BSI, 2005.

Secure XMaiL or How to Get Rid of Legacy Code in Secure E-Mail Applications

Jörg Schwenk, Lijun Liao, Lars Ewers, Wolfgang Kubbilun - In CMS 2005: Proceedings of the 9th IFIP International Conference on Communications and Multimedia Security, Lecture Notes in Computer Science, volume 3677, pages 291-300, Springer, 2005.

Trustworthy Visualisation and Verification of Multiple XML-Signatures

Jörg Schwenk, Sebastian Gajek, Wolfgang Kubbilun - In CMS 2005: Proceedings of the 9th IFIP International Conference on Communications and Multimedia Security, Lecture Notes in Computer Science, volume 3677, pages 311-320, Springer, 2005.

Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures

Jörg Schwenk, Sebastian Gajek, Andre Adelsbach, - First Information Security Practice and Experience Conference (ISPEC 2005), LNCS 3439. pp 204-217. Copyrights Springer-Verlag, Heidelberg Berlin.

2004
Key-Assignment Strategies for CPPM.

Jörg Schwenk, Andre Adelsbach, - ACM Multimedia and Security Workshop 2004, Magdeburg, Germany, pp. 107 - 115, © ACM, 2004.

Key-As­si­gnment Stra­te­gies for CPPM

Andre Adelsbach, Jörg Schwenk - ACM Mul­ti­me­dia and Se­cu­ri­ty Work­shop

Moderne Verfahren der Kryptographie

Jörg Schwenk, Klaus-Dieter Wolfenstetter, Albrecht, Beutelsbacher

Pseudonym Generation Scheme for Ad-Hoc Group Communication Based on IDH.

Jörg Schwenk, Mark Manulis, - In Proceedings of the 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS 2004), Lecture Notes in Computer Science, volume 3313, pages 107-124, Springer-Verlag, 2005.

2002 2001
Customer Identification for MPEG Video based on Digital Fingerprinting.

Jörg Schwenk, Enrico Hauer, Jana Dittman, Eva Saar, Claus Vielhauer - Proc. IEEE Pacific-Rim Conference on Multimedia (PCM-2001).

Tree based Key Agreement for Multicast.

Jörg Schwenk, T. Martin, R. Schaffelhofer - Proc. Communications and Multimedia Security 2001, Mai 2001, Darmstadt.

2000
Conditional Access for Business TV.

Jörg Schwenk, - Fernseh- und Kino-Technik 6/2000.

1999
Combining digital watermarks and collusion secure fingerprints for digital images.

Jörg Schwenk, A. Behr, Jana Dittman, J. Ueberberg, P Schmitt, M. Stabenau - Proc. Electronic Imaging'99, San Jose, USA.

How to securely broadcast a secret.

Jörg Schwenk, - In: B. Preneel (Ed.): Proceedings Communications an Multimedia Security '99, Kluwer Academic Publishers, 1999.

1998
Public Key Encryption and Digital Signatures based on Permutation Polynomials.

Jörg Schwenk, Klaus Huber, - Electronics Letters, Vol 34 No. 8, 1998, 759-760.

1996
Establishing a Key Hierarchy for Conditional Access without Encryption.

Jörg Schwenk, - Proc. IFIP Communications and Multimedia Security 1996, Chapman & Hall, London.

Public Key Encryption and Signature Schemes Based on Polynomials over Zn.

Jörg Schwenk, J. Eisfeld - Proc. EUROCRYPT 96, Ed. Ueli Maurer, Springer LNCS 1070 (1996), 60-71.

1995
A Classification of Abelian Quasigroups

Jörg Schwenk, - Rendiconti di Matematica, Serie VII, Volume 15, Roma (1995), 161-172