Dokument-ID Dokumenttyp Verfasser/Autoren Herausgeber Haupttitel Auflage Verlagsort Verlag Erscheinungsjahr Seitenzahl Schriftenreihe Titel Schriftenreihe Bandzahl Fachbereich Konferenzname Quelle:Titel Quelle:Jahrgang Quelle:Heftnummer Quelle:Erste Seite Quelle:Letzte Seite ISBN ISSN URN URL DOI Sprache Abstract OPUS4-15277 Konferenzveröffentlichung Mayer, Peter; Poddebniak, Damian; Fischer, Konstantin; Brinkmann, Marcus; Somorovsky, Juraj; Schinzel, Sebastian; Volkamer, Melanie "I don't know why I check this...'' - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks Boston, MA USENIX Association 2022 19 Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022) Elektrotechnik und Informatik (ETI) 77 96 978-1-939133-30-4 https://www.usenix.org/conference/soups2022/presentation/mayer eng OpenPGP is one of the two major standards for end-to-end email security. Several studies showed that serious usability issues exist with tools implementing this standard. However, a widespread assumption is that expert users can handle these tools and detect signature spoofing attacks. We present a user study investigating expert users' strategies to detect signature spoofing attacks in Thunderbird. We observed 25 expert users while they classified eight emails as either having a legitimate signature or not. Studying expert users explicitly gives us an upper bound of attack detection rates of all users dealing with PGP signatures. 52% of participants fell for at least one out of four signature spoofing attacks. Overall, participants did not have an established strategy for evaluating email signature legitimacy. We observed our participants apply 23 different types of checks when inspecting signed emails, but only 8 of these checks tended to be useful in identifying the spoofed or invalid signatures. In performing their checks, participants were frequently startled, confused, or annoyed with the user interface, which they found supported them little. All these results paint a clear picture: Even expert users struggle to verify email signatures, usability issues in email security are not limited to novice users, and developers may need proper guidance on implementing email signature GUIs correctly. OPUS4-6857 Beitrag in einem Buch Meyer, Christopher; Somorovsky, Juraj; Weiss, Eugen; Schwenk, Jörg; Schinzel, Sebastian; Tews, Erik Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. San Diego, CA USENIX Association 2014 -1481 23rd USENIX Security Symposium (USENIX Security 14) Elektrotechnik und Informatik (ETI) 733 -748 ISBN 978-1-931971- eng OPUS4-7956 Beitrag in einem Buch Aviram, Nimrod; Schinzel, Sebastian; Somorovsky, Juraj; Heninger, Nadia; Dankel, Maik; Steube, Jens; Valenta, Luke; Adrian, David; Halderman, J. Alex; Dukhovni, Viktor; Käsper, Emilia; Cohney, Shaanan; Engels, Susanne; Paar, Christof; Shavitt, Yuval DROWN: Breaking TLS Using SSLv2 Austin, TX. Usenix Association. 2016 17 25th Usenix Security Symposium Elektrotechnik und Informatik (ETI) 689 706 mul OPUS4-7959 Beitrag in einem Buch Jager, Tibor; Schinzel, Sebastian; Somorovsky, Juraj Bleichenbacher's Attack Strinkes Again: Breaking PKCS#1 v1.5 in XML Encryption 2012 17th European Symposium on Research in Computer Security (ESORCIS 2012) Elektrotechnik und Informatik (ETI) mul OPUS4-8857 Beitrag in einem Buch Poddebniak, Damian; Somorovsky, Juraj; Schinzel, Sebastian; Lochter, Manfred; Rösler, Paul Attacking Deterministic Signature Schemes using Fault Attacks 2018 3rd IEEE European Symposium on Security and Privacy Elektrotechnik und Informatik (ETI) mul OPUS4-9640 Beitrag in einem Buch Poddebniak, Damian; Dresen, Christian; Müller, Jens; Ising, Fabian; Schinzel, Sebastian; Friedberg, Simon; Somorovsky, Juraj; Schwenk, Jörg Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels 27th Baltimore, MD, USA 2018 USENIX Security 2018 Elektrotechnik und Informatik (ETI) 978-1-931971-46-1 eng OPUS4-13831 Beitrag in einer wiss. Zeitschrift Brinkmann, Marcus; Dresen, Christian; Merget, Robert; Poddebniak, Damian; Müller, Jens; Somorovsky, Juraj; Schwenk, Jörg; Schinzel, Sebastian ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication 2021 30th USENIX Security Symposium Elektrotechnik und Informatik (ETI) https://www.usenix.org/conference/usenixsecurity21/presentation/brinkmann eng