@inproceedings{PoddebniakIsingBoecketal.2021,
  author    = {Poddebniak, Damian and Ising, Fabian and B{\"o}ck, Hanno and Schinzel, Sebastian},
  title     = {Why TLS is better without STARTTLS: A Security Analysis of STARTTLS in the Email Context},
  series = {Proceedings of the 30th USENIX Security Symposium, August 11-13, 2021},
  volume    = {2021},
  booktitle = {Proceedings of the 30th USENIX Security Symposium, August 11-13, 2021},
  isbn      = {978-1-939133-24-3},
  year      = {2021},
  abstract  = {TLS is one of today's most widely used and best-analyzed encryption technologies. However, for historical reasons, TLS for email protocols is often not used directly but negotiated via STARTTLS. This additional negotiation adds complexity and was prone to security vulnerabilities such as naive STARTTLS stripping or command injection attacks in the past. We perform the first structured analysis of STARTTLS in SMTP, POP3, and IMAP and introduce EAST, a semi-automatic testing toolkit with more than 100 test cases covering a wide range of variants of STARTTLS stripping, command and response injections, tampering attacks, and UI spoofing attacks for email protocols. Our analysis focuses on the confidentiality and integrity of email submission (email client to SMTP server) and email retrieval (email client to POP3 or IMAP server). While some of our findings are also relevant for email transport (from one SMTP server to another), the security implications in email submission and retrieval are more critical because these connections involve not only individual email messages but also user credentials that allow access to a user's email archive. We used EAST to analyze 28 email clients and 23 servers. In total, we reported over 40 STARTTLS issues, some of which allow mailbox spoofing, credential stealing, and even the hosting of HTTPS with a cross-protocol attack on IMAP. We conducted an Internet-wide scan for the particularly dangerous command injection attack and found that 320.000 email servers (2\% of all email servers) are affected. Surprisingly, several clients were vulnerable to STARTTLS stripping attacks. In total, only 3 out of 28 clients did not show any STARTTLS-specific security issues. Even though the command injection attack received multiple CVEs in the past, EAST detected eight new instances of this problem. In total, only 7 out of 23 tested servers were never affected by this issue. We conclude that STARTTLS is error-prone to implement, under-specified in the standards, and should be avoided.},
  language  = {en}
}
@incollection{SchmittSchinzel2012,
  author    = {Schmitt, Isabell and Schinzel, Sebastian},
  title     = {WAFFle: Fingerprinting Filter Rules of Web Application Firewalls},
  series = {6th USENIX Workshop on Offensive Technologies (WOOT 2012)},
  booktitle = {6th USENIX Workshop on Offensive Technologies (WOOT 2012)},
  address   = {Seattle.},
  pages     = {34 -- 40},
  year      = {2012},
  language  = {en}
}
@book{Schinzel2012,
  author    = {Schinzel, Sebastian},
  title     = {Unintentional and Hidden Information Leaks in Networked Software Applications},
  edition   = {Dissertation},
  address   = {University of Erlangen-Nuernberg},
  pages     = {1 -- 103},
  year      = {2012},
  language  = {en}
}
@article{Schinzel2012,
  author    = {Schinzel, Sebastian},
  title     = {Side Channel Attacks: Error messages and verbose log entries can tip off intruders},
  series = {LINUX Magazine},
  journal   = {LINUX Magazine},
  number    = {\#143},
  year      = {2012},
  language  = {en}
}
@incollection{SchinzelSchmuckerEbinger2009,
  author    = {Schinzel, Sebastian and Schmucker, Martin and Ebinger, Peter},
  title     = {Security mechanisms of a legal peer-to-peer file sharing system (http://www.iadis.net/dl/Search_list_open.asp?code=6365)},
  series = {IADIS International Journal on Computer Science and Information Systems},
  booktitle = {IADIS International Journal on Computer Science and Information Systems},
  year      = {2009},
  language  = {en}
}
@incollection{EbingerSchinzelSchmuckler2008,
  author    = {Ebinger, Peter and Schinzel, Sebastian and Schmuckler, Martin},
  title     = {Security mechanisms of a legal peer-to-peer file sharing system},
  series = {IADIS International Conference Applied Computing},
  booktitle = {IADIS International Conference Applied Computing},
  year      = {2008},
  language  = {en}
}
@incollection{MeyerSomorovskyWeissetal.2014,
  author    = {Meyer, Christopher and Somorovsky, Juraj and Weiss, Eugen and Schwenk, J{\"o}rg and Schinzel, Sebastian and Tews, Erik},
  title     = {Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks.},
  series = {23rd USENIX Security Symposium (USENIX Security 14)},
  booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
  publisher = {USENIX Association},
  address   = {San Diego, CA},
  isbn      = {ISBN 978-1-931971-},
  pages     = {733 -- -748},
  year      = {2014},
  language  = {en}
}
@article{GierlingSaatjohannDresenetal.2020,
  author    = {Gierling, Markus and Saatjohann, Christoph and Dresen, Christian and K{\"o}be, Julia and Rath, Benjamin and Eckardt, Lars and Schinzel, Sebastian},
  title     = {Reviewing Cyber Security Research of Implantable Medical Rhythm Devices regarding Patients' Risk},
  series = {86. Jahrestagung und Herztage 2020 der DGK},
  volume    = {Band 109, Supplement 1, April 2020},
  journal   = {86. Jahrestagung und Herztage 2020 der DGK},
  doi       = {10.1007/s00392-020-01621-0},
  pages     = {1 -- 2},
  year      = {2020},
  abstract  = {Introduction: The recent publication of several critical cyber security issues in cardiac implantable devices and the resulting press coverage upsets affected users and their trust in medical device producers. Reviewing the published security vulnerabilities regarding networked medical devices, it raises the question, if the reporting media, the responsible security researchers, and the producers handle security vulnerabilities appropriately. Are the media reports of security vulnerabilities in medical devices meaningful in a way that patients can assess their respective risk for an attack via the security vulnerability? The collaboration between IT-security experts and clinicians aims at reviewing published security vulnerabilities of rhythm devices, and evaluate overall patients risks. Methodology: We performed a literature review on security vulnerabilities in implantable medical devices with a focus on cardiac devices. We analyzed (Fig. 1) the (1) requirements for an attacker and the (2) technical feasibility and clustered them in three different scenarios: The first scenario requires that the attacker physically approaches a victim with a programming device. The second scenario requires proximity to the victim, e.g., within a few meters. The third and strongest attacker scenario is a remote attack that doesn't require any physical proximity to the victim. We then compare the attacker scenarios and (3) the overall patients' risks with the press coverage (overhyped, adequate, underhyped). (4) The resulting overall patients' risk was rated by clinicians (security vulnerability of patients' data, dangerous programming possible). Results: Out of the three analyzed incidents, we found one to be underhyped, one to be overhyped, and one was appropriate compared to the medial coverage (Fig. 2). The most occurring technical issues were based on the absence of basic security primitives. The patient damage for all of the analyzed incidents was fatal in the worst-case scenario. Further, the patient damage and the overall patient risks are disjunct due to the missing capability of performing large scale attacks. Conclusion: The resulting overall patients' risks may not adequately reflect the patient damage in the considered cases. Often, the overall patient risk is not as severe as the necessary attacker capabilities are high and it would require strongly motivated attackers to perform the attack. Therefore, most of the reviewed cases are considered with a smaller overall patient risk than implied by press reports. Reviewing the ongoing IT-Security trends regarding implantable medical devices shows an increasing focus on researching in the field of medical device security. Therefore, further findings in the near future are to be expected. To deal with this fact in a responsible way, proper proactive knowledge management is mandatory. We recommend medical staff to critically reflect reports in mass media due to possible sensationalism. Therefore, we propose a joint approach in combining the technical expertise of cyber security experts with clinical aspects of medical experts, to ensure a solid understanding of a newly published vulnerability. The combination of both communities promises to result in better predictions for patients' risks from security vulnerabilities in implanted cardiac devices.},
  language  = {en}
}
@incollection{AtkinsonGerbigBarthetal.2012,
  author    = {Atkinson, Colin and Gerbig, Ralph and Barth, Florian and Freiling, Felix and Schinzel, Sebastian and Hadasch, Frank and Maedche, Alexander and M{\"u}ller, Benjamin},
  title     = {Reducing the Incidence of Unintended, Human-Caused Information Flows in Enterprise Systems},
  series = {Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2012 IEEE 16th International},
  booktitle = {Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2012 IEEE 16th International},
  edition   = {3M4SE 2012},
  doi       = {10.1109/EDOCW.2012.12},
  pages     = {11 -- 18},
  year      = {2012},
  language  = {en}
}
@inproceedings{MuellerIsingMldadenovetal.2019,
  author    = {M{\"u}ller, Jens and Ising, Fabian and Mldadenov, Vladislav and Mainka, Christian and Schinzel, Sebastian and Schwenk, J{\"o}rg},
  title     = {Practical Decryption exFiltration: Breaking PDF Encryption},
  series = {The 26th ACM Conference on Computer and Communications, Security (CCS 2019), London, United Kingdom},
  booktitle = {The 26th ACM Conference on Computer and Communications, Security (CCS 2019), London, United Kingdom},
  doi       = {10.1145/3319535.3354214},
  year      = {2019},
  abstract  = {The Portable Document Format, better known as PDF, is one of themost widely used document formats worldwide, and in order to en-sure information confidentiality, this file format supports documentencryption. In this paper, we analyze PDF encryption and showtwo novel techniques for breaking the confidentiality of encrypteddocuments. First, we abuse the PDF feature ofpartially encrypteddocuments to wrap the encrypted part of the document withinattacker-controlled content and therefore, exfiltrate the plaintextonce the document is opened by a legitimate user. Second, we abusea flaw in the PDF encryption specification to arbitrarily manipulateencrypted content. The only requirement is that a single block ofknown plaintext is needed, and we show that this is fulfilled bydesign. Our attacks allow the recovery of the entire plaintext of en-crypted documents by using exfiltration channels which are basedon standard compliant PDF properties.We evaluated our attacks on 27 widely used PDF viewers andfound all of them to be vulnerable. We responsibly disclosed thevulnerabilities and supported the vendors in fixing the issue},
  language  = {en}
}