System Security ProfessorI am an IT-Security professor at the Paderborn University. My main research interests include system security, network security, and applied cryptography. I received my PhD from the Ruhr University Bochum under the supervision of Prof. Jörg Schwenk.I am also a co-founder of Hackmanit GmbH. Our company provides practical trainings and penetration tests in the areas of Web security, Single Sign-On, and applied cryptography.Contact: juraj.somorovsky[at]upb.deTwitter: @jurajsomorovsky
Organization of conferences
RuhrSec. I am a co-founder and co-chair of the annual RuhrSec conference. Since its first edition in 2016, the conference developed to the largest IT security conference in the Ruhr area.
Workshop on Attacks in Cryptography. In 2019, I organized the Organizer of the Workshop on Attacks in Cryptography in Santa Barbara. This workshop brought together researchers who work on cryptographic attacks. The videos are The talks are online.
Workshop on Systematic Analysis of Security Protocol Implementations. In 2018, I organized this workshop toghether with Joeri de Ruiter and Frits Vaandrager in the Lorentz Center. The aim of our workshop was to connect experts from different areas: cryptography, security, and machine learning.
Prizes and awards
Best Cryptographic Attack (Pwnie) Award for the joint work with Böck and Young: ROBOT: Return Of Bleichenbacher’s Oracle Threat. 2018.
Best Cryptographic Attack (Pwnie) Award for the joint work with Aviram et al.: DROWN: Breaking TLS Using SSLv2. 2016.
Best Contribution to the IETF Award in recognition of outstanding research contributions benefiting the IETF TLS working group efforts to develop TLS 1.3. For the joint work with Tibor Jager and Jörg Schwenk: On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption. 2016
ERCIM Best Ph.D. Thesis Award for my doctoral thesis On the Insecurity of XML Security rewarded by the Security and Trust Management Working Group. 2014.
CAST Best IT Security Ph.D. Thesis Award (CAST Promotionspreis) for my doctoral thesis On the Insecurity of XML Security. 2013.
Selected publications
The following list is restricted to major publications, all presented at A* conferences. The complete list can be found on Google Scholar.
Robert Merget, Juraj Somorovsky, Nimrod Aviram, Craig Young, Janis Fliegenschmidt, Jörg Schwenk, Yuval Shavitt. Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities. 28th USENIX Security Symposium. Santa Clara, USA, 2019.
Hanno Böck, Juraj Somorovsky, Craig Young. Return Of Bleichenbacher’s Oracle Threat (ROBOT). 27th USENIX Security Symposium, Baltimore, USA, 2018.
Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels. 27th USENIX Security Symposium, Baltimore, USA, 2018.
Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, Yuval Shavitt. DROWN: Breaking TLS Using SSLv2. 25th USENIX Security Symposium, Austin, USA, 2016.
Juraj Somorovsky. Systematic Fuzzing and Testing of TLS Libraries. 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, 2016.
Tibor Jager, Kenneth G. Paterson, Juraj Somorovsky. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. Network and Distributed System Security Symposium (NDSS), San Diego, USA, 2013.
Tibor Jager, Juraj Somorovsky. How To Break XML Encryption. 18th ACM Conference on Computer and Communications Security (CCS), Chicago, USA, 2011.
Conference on Selected Areas in Cryptography (SAC) 2019
Kangacrypt 2018
Workshop on Security Protocol Implementations: Development and Analysis 2018
Reversing and Offensive-oriented Trends Symposium (ROOTS) 2017, 2018
OWASP Germany 2017, 2018
CAST/GI Promotionspreis 2016-2020
Selected talks
I regularly speak at academic and industry conferences about security-related topics. Some conferences record presentations and make them public after the conferences. Below is a selection of the recorded talks.
Systematic Fuzzing and Testing of TLS Libraries. Czech Technical University in Prague. 2017.
How to Break XML Encryption - Automatically. DeepSec 2015.
On Breaking SAML: Be Whoever You Want to Be. USENIX Security 2012.