Skip to search formSkip to main contentSkip to account menu

On Technical Security Issues in Cloud Computing

This paper focuses on technical security issues arising from the usage of Cloud services and especially by the underlying technologies used to build these cross-domain Internet-connected collaborations.
View on IEEE (opens in a new tab)

On the Security of TLS-DHE in the Standard Model

The notion of authenticated and confidential channel establishment ACCE is defined as a new security model which captures precisely the security properties expected from TLS in practice, and the combination of the TLS Handshake with data encryption in the TLS Record Layer can be proven secure in this model.
View via Publisher (opens in a new tab)

On Breaking SAML: Be Whoever You Want to Be

An in-depth analysis of 14 major SAML frameworks is described and it is shown that 11 of them, including Salesforce, Shibboleth, and IBM XS40, have critical XML Signature wrapping (XSW) vulnerabilities.
View Paper (opens in a new tab)

How Secure is TextSecure?

It is formally prove that - if key registration is assumed to be secure - TextSecure's push messaging can indeed achieve most of the claimed security goals.
View on IEEE (opens in a new tab)

All your clouds are belong to us: security analysis of cloud management interfaces

This research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques and the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS.
View on ACM (opens in a new tab)

SoK: Single Sign-On Security — An Evaluation of OpenID Connect

This paper systematically analyze well-known attacks on SSO protocols and adapt these on OpenID Connect, and addresses the existing problems in a Practical Offensive Evaluation of Single Sign-On Services (PrOfESSOS), the authors' open source implementation for a fully automated evaluation-as-a-Service for SSO.
View on IEEE (opens in a new tab)

Provably secure browser-based user-aware mutual authentication over TLS

This work proposes a protocol that allows the user to identify the server based on human perceptible authenticators (e.g., picture, voice) and proves the security of this protocol by refining the game-based security model of Bellare and Rogaway and presenting a proof of concept implementation.
View on ACM (opens in a new tab)

Penetration Testing Tool for Web Services Security

An overview of the design decisions and evaluation of four Web Services frameworks and their resistance against WS-Addressing spoofing and SOAPAction spoofing attacks is given.
View on IEEE (opens in a new tab)

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

A comprehensive and realistic security model is provided that reveals that strong security properties, such as Future Secrecy, which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
View on IEEE (opens in a new tab)

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

Two attacks which transfer the potential weakness of prior TLS versions to two recently proposed protocols that do not even support PKCS#1 v1.5 are described, namely Google's QUIC protocol and TLS~1.3.
View on ACM (opens in a new tab)
...
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)