@inproceedings{MayerPoddebniakFischeretal.2022, author = {Mayer, Peter and Poddebniak, Damian and Fischer, Konstantin and Brinkmann, Marcus and Somorovsky, Juraj and Schinzel, Sebastian and Volkamer, Melanie}, title = {"I don't know why I check this...'' - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks}, series = {Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)}, booktitle = {Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)}, publisher = {USENIX Association}, address = {Boston, MA}, isbn = {978-1-939133-30-4}, pages = {77 -- 96}, year = {2022}, abstract = {OpenPGP is one of the two major standards for end-to-end email security. Several studies showed that serious usability issues exist with tools implementing this standard. However, a widespread assumption is that expert users can handle these tools and detect signature spoofing attacks. We present a user study investigating expert users' strategies to detect signature spoofing attacks in Thunderbird. We observed 25 expert users while they classified eight emails as either having a legitimate signature or not. Studying expert users explicitly gives us an upper bound of attack detection rates of all users dealing with PGP signatures. 52\% of participants fell for at least one out of four signature spoofing attacks. Overall, participants did not have an established strategy for evaluating email signature legitimacy. We observed our participants apply 23 different types of checks when inspecting signed emails, but only 8 of these checks tended to be useful in identifying the spoofed or invalid signatures. In performing their checks, participants were frequently startled, confused, or annoyed with the user interface, which they found supported them little. All these results paint a clear picture: Even expert users struggle to verify email signatures, usability issues in email security are not limited to novice users, and developers may need proper guidance on implementing email signature GUIs correctly.}, language = {en} } @incollection{MeyerSomorovskyWeissetal.2014, author = {Meyer, Christopher and Somorovsky, Juraj and Weiss, Eugen and Schwenk, J{\"o}rg and Schinzel, Sebastian and Tews, Erik}, title = {Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks.}, series = {23rd USENIX Security Symposium (USENIX Security 14)}, booktitle = {23rd USENIX Security Symposium (USENIX Security 14)}, publisher = {USENIX Association}, address = {San Diego, CA}, isbn = {ISBN 978-1-931971-}, pages = {733 -- -748}, year = {2014}, language = {en} } @incollection{AviramSchinzelSomorovskyetal.2016, author = {Aviram, Nimrod and Schinzel, Sebastian and Somorovsky, Juraj and Heninger, Nadia and Dankel, Maik and Steube, Jens and Valenta, Luke and Adrian, David and Halderman, J. Alex and Dukhovni, Viktor and K{\"a}sper, Emilia and Cohney, Shaanan and Engels, Susanne and Paar, Christof and Shavitt, Yuval}, title = {DROWN: Breaking TLS Using SSLv2}, series = {25th Usenix Security Symposium}, booktitle = {25th Usenix Security Symposium}, publisher = {Usenix Association.}, address = {Austin, TX.}, pages = {689 -- 706}, year = {2016}, language = {mul} } @incollection{JagerSchinzelSomorovsky2012, author = {Jager, Tibor and Schinzel, Sebastian and Somorovsky, Juraj}, title = {Bleichenbacher's Attack Strinkes Again: Breaking PKCS\#1 v1.5 in XML Encryption}, series = {17th European Symposium on Research in Computer Security (ESORCIS 2012)}, booktitle = {17th European Symposium on Research in Computer Security (ESORCIS 2012)}, year = {2012}, language = {mul} } @incollection{PoddebniakSomorovskySchinzeletal.2018, author = {Poddebniak, Damian and Somorovsky, Juraj and Schinzel, Sebastian and Lochter, Manfred and R{\"o}sler, Paul}, title = {Attacking Deterministic Signature Schemes using Fault Attacks}, series = {3rd IEEE European Symposium on Security and Privacy}, booktitle = {3rd IEEE European Symposium on Security and Privacy}, year = {2018}, language = {mul} } @incollection{PoddebniakDresenMuelleretal.2018, author = {Poddebniak, Damian and Dresen, Christian and M{\"u}ller, Jens and Ising, Fabian and Schinzel, Sebastian and Friedberg, Simon and Somorovsky, Juraj and Schwenk, J{\"o}rg}, title = {Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels}, series = {USENIX Security 2018}, booktitle = {USENIX Security 2018}, edition = {27th}, address = {Baltimore, MD, USA}, isbn = {978-1-931971-46-1}, year = {2018}, language = {en} } @article{BrinkmannDresenMergetetal.2021, author = {Brinkmann, Marcus and Dresen, Christian and Merget, Robert and Poddebniak, Damian and M{\"u}ller, Jens and Somorovsky, Juraj and Schwenk, J{\"o}rg and Schinzel, Sebastian}, title = {ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication}, series = {30th USENIX Security Symposium}, journal = {30th USENIX Security Symposium}, year = {2021}, language = {en} }