Selected Publications

Below you find selected publications from the ZISC researchers. For more of our research papers, see the publication listings of the individual ZISC groups: Information Security, System Security, Network Security, Applied Cryptography, and Information Security and Cryptography.

2022

Hannah Davis, Denis Diemert, Felix Günther, Tibor Jager
On the Concrete Security of TLS 1.3 PSK Mode
To appear in Advances in Cryptology – EUROCRYPT 2022

Paul Grubbs, Varun Maram, Kenneth G. Paterson
Anonymous, Robust Post-​Quantum Public Key Encryption
To appear in Advances in Cryptology – EUROCRYPT 2022
[PDF]

Karel Kubicek, Jakob Merane, Carlos Cotrini, Alexander Stremitzer, Stefan Bechtold, David Basin
Checking Websites’ GDPR Consent Compliance for Marketing Emails
To appear in Privacy Enhancing Technologies Symposium (PETS), 2022
[PDF]

Martin R. Albrecht, Lenka Mareková, Kenneth G. Paterson, and Igors Stepanovs
Four Attacks and a Proof for Telegram
To appear in IEEE Symposium on Security & Privacy (S&P), 2022
[PDF]

Daniele Lain, Kari Kostiainen, Srdjan Capkun
Phishing in Organizations: Findings from a Large-​Scale and Long-​Term Study
To appear in IEEE Symposium on Security & Privacy (S&P), 2022
[PDF]

Martin Kotuliak, Simon Erni, Patrick Leu, Marc Röschlin, Srdjan Čapkun
LTrack: Stealthy Tracking of Mobile Phones in LTE
To appear in USENIX Security Symposium (USENIX Security), 2022
[PDF]

Mridula Singh, Marc Roeschlin, Aanjhan Ranganathan, Srdjan Čapkun
V-​Range: Enabling Secure Ranging in 5G Wireless Networks
To appear in Network and Distributed System Security Symposium (NDSS), 2022
[PDF]

Dino Bollinger, Karel Kubicek, Carlos Cotrini and David Basin
Automating Cookie Consent and GDPR Violation Detection
To appear in USENIX Security Symposium (USENIX Security), 2022.
[PDF]

Jason Zhijingcheng Yu, Shweta Shinde, Trevor E. Carlson, Prateek Saxena
Elasticlave: An Efficient Memory Model for Enclaves
To appear in USENIX Security Symposium (USENIX Security),  2022.
[PDF]

2021

Ivan Puddu, Moritz Schneider, Miro Haller, Srdjan Čapkun
Frontal Attack: Leaking Control-​Flow in SGX via the CPU Frontend
USENIX Security Symposium (USENIX Security), 2021
[PDF]

Enis Ulqinaku and Hala Assal and AbdelRahman Abdou and Sonia Chiasson and Srdjan Čapkun
Is Real-​time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols
USENIX Security Syposium (USENIX Security), 2021
[PDF]

Jean Paul Degabriele, Jérôme Govinden, Felix Günther, and Kenneth G. Paterson
The Security of ChaCha20-Poly1305 in the Multi-User Setting
ACM Conference on Computer and Communications Security (CCS), 2021.
[PDF]

Jinhua Cui, Jason Zhijingcheng Yu, Shweta Shinde, Prateek Saxena, Zhiping Cai
SmashEx: Smashing SGX Enclaves Using Exceptions
ACM Conference on Computer and Communications Security (CCS), 2021.
[PDF]

Sikhar Patranabis and Debdeep Mukhopadhyay
Forward and Backward Private Conjunctive Searchable Symmetric Encryption
Network and Distributed Systems Security Symposium (NDSS), 2021
[PDF]

Karl Wüst, Loris Diana, Kari Kostiainen, Ghassan Karame, Sinisa Matetic, Srdjan Capkun
Bitcontracts: Supporting Smart Contracts in Legacy Blockchains
Network and Distributed Systems Security Symposium (NDSS), 2021
[PDF]

David Basin, Ralf Sasse, and Jorge Toro-​Pozo
Card Brand Mixup Attack: Bypassing the PIN in non-​Visa cards by Using Them for Visa Transactions
USENIX Security Symposium (USENIX Security), 2021.
[PDF]

Alexander Viand, Patrick Jattke and Anwar Hithnawi
SoK: Fully Homomorphic Encryption Compilers
IEEE Symposium on Security and Privacy (S&P), 2021.
[PDF]

David Basin, Ralf Sasse, and Jorge Toro-​Pozo
The EMV Standard: Break, Fix, Verify
IEEE Symposium on Security and Privacy (S&P), 2021.
[PDF]

Jacqueline Brendel, Cas Cremers, Dennis Jackson, Mang Zhao.
The Provable Security of Ed25519: Theory and Practice.
IEEE Symposium on Security and Privacy (S&P), 2021.
[PDF]

Tobias Klenze, Christoph Sprenger, David Basin.
Formal Verification of Secure Forwarding Protocols
To appear in: CSF 2021.
[PDF]

Benjamin Rothenberger, Konstantin Taranov, Adrian Perrig, and Torsten Hoefler.
ReDMArk: Bypassing RDMA Security Mechanisms.
USENIX Security Symposium (USENIX Security), 2021.
[PDF]

Jonghoon Kwon, Claude Hähni, Patrick Bamert, and Adrian Perrig.
MONDRIAN: Comprehensive Inter-domain Network Zoning Architecture.
Symposium on Network and Distributed System Security (NDSS), 2021.
[PDF]

Martin Hirt, Chen-Da Liu Zhang, and Ueli Maurer.
Adaptive Security of Multi-Party Protocols, Revisited.
Theory of Cryptography — TCC 2021, LNCS 13042, Springer, Nov 2021.
[PDF]

David Lanzenberger and Ueli Maurer.
Direct Product Hardness Amplification.
Theory of Cryptography — TCC 2021, LNCS 13043, Springer, Nov 2021.
[PDF]

Christian Badertscher, Ueli Maurer, Christopher Portmann, and Guilherme Rito.
Revisiting (R)CCA Security and Replay Protection.
Public-Key Cryptography – PKC 2021, LNCS 12711, Springer, May 2021.
[PDF]

2020

Erica Blum, Chen-Da Liu Zhang, Julian Loss.
Always Have a Backup Plan: Fully Secure Synchronous MPC with Asynchronous Fallback.
Advances in Cryptology – CRYPTO 2020.
[PDF]

Hossein Shafagh, Lukas Burkhalter, Sylvia Ratnasamy, Anwar Hithnawi.
Droplet: Decentralized Authorization and Access Control for Encrypted Data Streams.
USENIX Security Symposium (USENIX Security), 2020.
[PDF]

Florian Tramèr, Dan Boneh, Kenneth G. Paterson.
Remote Side-​Channel Attacks on Anonymous Transactions.
USENIX Security Symposium (USENIX Security), 2020.
[PDF]

Mihir Bellare and Igors Stepanovs.
Security under Message-​Derived Keys: Signcryption in iMessage.
Advances in Cryptology – EUROCRYPT 2020.
[PDF]

Mihir Bellare, Hannah Davis, Felix Günther.
Separate Your Domains: NIST PQC KEMs, Oracle Cloning and Read-​Only Indifferentiability.
Advances in Cryptology – EUROCRYPT 2020.
[PDF]

Patrick Leu, Mridula Singh, Marc Roeschlin, Kenneth G. Paterson, Srdjan Capkun.
Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement.
IEEE Symposium on Security and Privacy (S&P), 2020.
[PDF]

Markus Legner, Tobias Klenze, Marc Wyss, Christoph Sprenger, and Adrian Perrig.
EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet.
USENIX Security Symposium (USENIX Security), 2020.
[PDF]

Guillaume Girol, Lucca Hirschi, Ralf Sasse, Dennis Jackson, Cas Cremers, David Basin.
A Spectral Analysis of Noise: A Comprehensive, Automated, Formal Analysis of Diffie-​Hellman Protocols.
USENIX Security Symposium (USENIX Security), 2020.
[PDF]

Karl Wüst, Sinisa Matetic, Silvan Egli, Kari Kostiainen, Srdjan Capkun.
ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts.
ACM Conference on Computer and Communication Security (CCS), 2020.
[PDF]

David Lanzenberger, Ueli Maurer.
Coupling of Random Systems.
Theory of Cryptography — TCC 2020.
[PDF]

Chen-Da Liu Zhang, Ueli Maurer.
Synchronous Constructive Cryptography
Theory of Cryptography — TCC 2020.
[PDF]

David Basin, Sasa Radomirovic, Lara Schmid.
Dispute Resolution in Voting.
IEEE Computer Security Foundations (CSF), 2020.
[PDF]

Laurent Chuat, AbdelRahman Abdou, Ralf Sasse, Christoph Sprenger, David Basin, and Adrian Perrig.
SoK: Delegation and Revocation, the Missing Links in the Web’s Chain of Trust.
IEEE European Symposium on Security and Privacy (EuroS&P), 2020.
[PDF]

Konstantin Taranov, Benjamin Rothenberger, Adrian Perrig, and Torsten Hoefler.
sRDMA: Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access.
USENIX Annual Technical Conference (USENIX ATC), 2020.
[PDF]

Christoph Sprenger, Tobias Klenze, Marco Eilers, Felix A. Wolf, Peter Müller, Martin Clochard, and David Basin
Igloo: Soundly Linking Compositional Refinement and Separation Logic for Distributed System Verification.
Object-oriented Programming, Systems, Languages, and Applications (OOPSLA), 2020.
[PDF]

Jonghoon Kwon, Taeho Lee, Claude Hähni, and Adrian Perrig.
SVLAN: Secure & Scalable Network Virtualization.
Symposium on Network and Distributed System Security (NDSS), 2020.
[PDF]

Vasilios Mavroudis, Karl Wüst, Aritra Dhar, Kari Kostiainen, Srdjan Capkun.
Snappy: Fast On-​chain Payments with Practical Collaterals.
Symposium on Network and Distributed System Security (NDSS), 2020.
[PDF]

Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkin
ProtectIOn: Root-​of-Trust for IO in Compromised Platforms
Symposium on Network and Distributed System Security (NDSS), 2020.
[PDF]

Benjamin Rothenberger, Dominik Roos, Markus Legner, and Adrian Perrig.
PISKES: Pragmatic Internet-Scale Key-Establishment System.
ACM Asia Conference on Computer and Communications Security (ASIACCS), 2020.
[PDF]

2019

Sinisa Matetic, Karl Wuest, Moritz Schneider, Kari Kostiainen, Ghassan Karame, Srdjan Capkun.
BITE: Bitcoin Lightweight Client Privacy using Trusted Execution.
USENIX Security Symposium (USENIX Security), 2019.
[PDF]

Mridula Singh, Patrick Leu, AbdelRahman Abdou, Srdjan Capkun.
UWB-​ED: Distance Enlargement Attack Detection in Ultra-​Wideband.
USENIX Security Symposium (USENIX Security), 2019.
[PDF]

Sven Hammann, Sasa Radomirovic, Ralf Sasse, and David Basin.
User Account Access Graphs.
ACM Conference on Computer and Communications Security (CCS), 2019.
[PDF]

Dennis Jackson, Cas Cremers, Katriel Cohn-​Gordon, Ralf Sasse.
Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures.
ACM Conference on Computer and Communications Security (CCS), 2019.
[PDF]

Damien Desfontaines, Andreas Lochbihler, and David Basin.
Cardinality Estimators do not Preserve Privacy.
Proceedings on Privacy Enhancing Technologies (PoPets), 2019.
[PDF]

Pavlos Nikolopoulos, Christos Pappas, Katerina Argyraki, and Adrian Perrig.
Retroactive Packet Sampling for Traffic Receipts.
In Proceedings of the ACM Conference on Measurement and Analysis of Computing Systems (SIGMETRICS), 2019.
[PDF]

Daniel Jost, Ueli Maurer, and Marta Mularczyk.
A Unified and Composable Take on Ratcheting.
Theory of Cryptography — TCC 2019, LNCS, Springer International Publishing, vol. 11891, pp. 180–210, Dec 2019.
[PDF]

Fabio Banfi, Ueli Maurer, Christopher Portmann, and Jiamin Zhu.
Composable and Finite Computational Security of Quantum Message Transmission.
Theory of Cryptography – TCC 2019, LNCS, Springer, vol. 11891, pp. 282–311, Dec 2019.
[PDF]

Piet De Vaere, and Adrian Perrig.
Liam: An Architectural Framework for Decentralized IoT Networks.
In Proceedings of the International Conference on Mobile Ad Hoc and Sensor Systems (MASS), 2019.
[PDF]

Jorden Whitefield, Liqun Chen, Ralf Sasse, Steve Schneider, Helen Treharne, Stephan Wesemeyer.
A Symbolic Analysis of ECC-​based Direct Anonymous Attestation.
IEEE European Symposium on Security and Privacy (EuroS&P), 2019.
[PDF]

David Sommer, Aritra Dhar, Esfandiar Mohammadi, Daniel Ronzani, and Srdjan Capkun.
Deniable Upload and Download via Passive Participation.
USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2019.
[PDF]

Christos Pappas, Taeho Lee, Raphael M. Reischuk, Pawel Szalachowski, and Adrian Perrig.
Network Transparency for Better Internet Security.
IEEE/ACM Transactions on Networking, 27 (5) 2019.
[PDF]

2018

Rio Lavigne and Chen-Da Liu-Zhang and Ueli Maurer and Tal Moran and Marta Mularczyk and Daniel Tschudi
Topology-Hiding Computation Beyond Semi-Honest Adversaries
Theory of Cryptography Conference, TCC 2018, pp. 3-35, Springer, 2018.
[PDF]

Hubert Ritzdorf, Karl Wüst, Arthur Gervais, Guillaume Felley, Srdjan Capkun.
TLS-N: Non-repudiation over TLS Enablign Ubiquitous Content Signing.
Symposium on Network and Distributed System Security (NDSS), 2018.
[PDF]

Hao Wu, Hsu-Chun Hsiao, Daniele E. Asoni, Simon Scherrer, Adrian Perrig, Yih-Chun Hu.
CLEF: Limiting the Damage Caused by Large Flows in the Internet Core.
International Conference on Cryptology and Network Security (CANS), 2018.
[PDF]

David Basin, Jannik Dreier, Lucca Hirschi, Sasa Radomirovic, Ralf Sasse, Vincent Stettler.
A Formal Analysis of 5G Authentication.
ACM Conference on Computer and Communications Security (CCS), 2018.
[PDF]

Sebastian Meiser, Esfandiar Mohammadi.
Tight on Budget? Tight Bounds for r-Fold Approximate Differential Privacy.
ACM Conference on Computer and Communications Security (CCS), 2018.
[PDF]

Christian Badertscher, Peter Gaži, Aggelos Kiayias, Alexander Russel, and Vassilis Zikas.
Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability.
ACM Conference on Computer and Communications Security (CCS), 2018.
[PDF]

Taeho Lee, Christos Pappas, Pawel Szalachowski and Adrian Perrig.
Towards Sustainable Evolution for the TLS Public-Key Infrastructure.
ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2018.
[PDF]

Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun.
DelegaTEE: Brokered Delegation Using Trusted Execution Environments.
USENIX Security Symposium 2018 (USENIX Security), pages 1387 – 1403, 2018.
[PDF]

Chen Chen, Daniele E. Asoni, Adrian Perrig, David Barrera, George Danezis, Carmela Troncoso.
TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer.
IEEE European Symposium on Security and Privacy (EuroS&P), 2018.
[PDF]

Debajyoti Das, Sebastian Meiser, Esfandiar Mohammadi, Aniket Kate.
Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency—Choose Two.
IEEE Symposium on Security and Privacy (S&P), pages 170 – 188, IEEE, 2018.
[PDF]

C. Badertscher, J. Garay, U. Maurer, D. Tschudi, V. Zikas.
But Why Does it Work? A Rational Protocol Design Treatment of Bitcoin.
Advances in Cryptology – EUROCRYPT 2018 – Proceedings, Part II, pp. 34-65, 2018.
[PDF]

Vadim Lyubashevsky and Gregor Seiler.
Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs.
Advances in Cryptology — EUROCRYPT 2018 (EUROCRYPT), 2018.
[PDF]

2017

Stephanos Matsumoto, Raphael M. Reischuk.
IKP: Turning a PKI Around with Decentralized Automated Incentives
IEEE Symposium on Security and Privacy (S&P) 2017.
[PDF]

Chen Chen, Adrian Perrig.
PHI: Path-Hidden Lightweight Anonymity Protocol at Network Layer
Privacy Enhancing Technologies (PoPETs), 2017.
[PDF]

Christopher Portmann.
Quantum Authentication with Key Recycling.
Advances in Cryptology – EUROCRYPT 2017 – Proceedings, Part III, pp. 339-368, 2017.
[PDF]

C. Badertscher, U. Maurer, D. Tschudi, V. Zikas.
Bitcoin as a Transaction Ledger: A Composable Treatment.
Advances in Cryptology – CRYPTO 2017 – Proceedings, Part I, pp. 324-356, 2017.
[PDF]

2016

T. Lee, C. Pappas, D. Barrera, P. Szalachowski, A. Perrig.
Source Accountability with Domain-brokered Privacy
ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT), 2016
[PDF, DOI]

S. Matsumoto, S. Steffen, A. Perrig.
CASTLE: CA Signing in a TouchLess Environment
Annual Computer Security Applications Conference (ACSAC), 2016.
[PDF]

David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski.
Design, Analysis, and Implementation of ARPKI: an Attack-Resilient Public Key Infrastructure.
IEEE Transactions on Dependable and Secure Computing (TDSC), 2016.
[PDF, DOI]

A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, S. Capkun.
On the Security and Performance of Proof of Work Blockchains.
ACM Conference on Computer and Communication Security (CCS) 2016.
[PDF, DOI, presentation, press]

B. Bichsel, V. Raychev, P. Tsankov, M. Vechev.
Statistical Deobfuscation of Android Applications.
ACM Conference on Computer and Communication Security (CCS) 2016.
[PDF, DOI, presentation, website]

M. Backes, R. Kuennemann, E. Mohammadi.
Computational Soundness for Dalvik Bytecode.
ACM Conference on Computer and Communication Security (CCS) 2016.
[PDF, DOI, presentation]

David Basin, Sasa Radomirovic, and Lara Schmid.
Modeling Human Errors in Security Protocols.
IEEE Computer Security Foundations Symposium (CSF), 2016.
[PDF, DOI]

Petar Tsankov, Mohammad Torabi Dashti, David Basin.
Access Control Synthesis for Physical Spaces.
IEEE Computer Security Foundations Symposium (CSF), 2016.
[PDF, DOI]

D.-Y. Yu, A. Ranganathan, R. J. Masti, C. Soriente, S. Capkun.
SALVE: Server Authentication with Location VErification.
ACM Conference on Mobile Computing and Networking (MobiCom) 2016.
[PDF, DOI, presentation]

A. Ranganathan, H. Olafsdottir, S. Capkun.
SPREE: A Spoofing Resistant GPS Receiver.
ACM Conference on Mobile Computing and Networking (MobiCom) 2016.
[PDF, DOI, teaser video]

D. Moser, P. Leu, V. Lenders, A. Ranganathan, F. Ricciato, S. Capkun.
Investigation of Multi-device Location Spoofing Attacks on Air Traffic Control and Possible Countermeasures.
ACM Conference on Mobile Computing and Networking (MobiCom) 2016.
[PDF, DOI, teaser video]

Martin Hirt, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas.
Network-Hiding Communication and Applications to Multi-Party Protocols.
Advances in Cryptology (CRYPTO), 2016.
[PDF, DOI, presentation]

N. Karapanos, A. Filios, R. A. Popa, S. Capkun.
Verena: End-to-End Integrity Protection for Web Applications.
IEEE Symposium on Security and Privacy (S&P) 2016.
[PDF, DOI]

C. Basescu, Y.-H. Lin, H. Zhang, A. Perrig.
High-Speed Inter-domain Fault Localization.
IEEE Symposium on Security and Privacy (S&P) 2016.
[PDF, DOI]

O. Bachem, M. Lucic, H. Hassani, A. Krause.
Approximate K-Means++ in Sublinear Time.
Conference on Artificial Intelligence (AAAI), 2016.
[PDF]

Claudio Marforio, Ramya Jayaram Masti, Claudio Soriente, Kari Kostiainen, Srdjan Capkun.
Evaluation of Personalized Security Indicators as an Anti-Phishing Mechanism for Smartphone Applications.
SIGCHI Conference on Human Factors in Computing Systems (CHI), 2016.
[PDF, DOI, teaser video]

Cristina Basescu, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig, Yao Zhang, Hsu-Chun Hsiao, Ayumu Kubota, Jumpei Urakawa.
SIBRA: Scalable Internet Bandwidth Reservation Architecture.
Symposium on Network and Distributed System Security (NDSS), 2016.
[PDF]

2015

M. Lucic, M. I. Ohannessian, A. Karbasi, A. Krause
Tradeoffs for Space, Time, Data and Risk in Unsupervised Learning
International Conference on Artificial Intelligence and Statistics (AISTATS), 2015
[PDF]

M. Lucic, O. Bachem, A. Krause
Strong Coresets for Hard and Soft Bregman Clustering with Applications to Exponential Family Mixtures
Technical report arXiv, 2015
[PDF]

O. Bachem, M. Lucic, A. Krause
Coresets for Nonparametric Estimation – the Case of DP-Means
International Conference on Machine Learning (ICML), 2015
[PDF]

Arthur Gervais, Hubert Ritzdorf, Ghassan O. Karame, Srdjan Capkun
Tampering with the Delivery of Blocks and Transactions in Bitcoin
ACM Conference on Computer and Communication Security (CCS), 2015
[PDF]

G. Demay, P. Gaži, U. Maurer, and B. Tackmann
Query-Complexity Amplification for Random Oracles
International Conference on Information Theoretic Security, 2015
[PDF]

Claudio Soriente, Ghassan O. Karame, Hubert Ritzdorf, Srdjan Marinovic, Srdjan Capkun
Commune: Shared Ownership in an Agnostic Cloud
Symposium on Access control Models and Technologies (SACMAT) 2015,
[PDF]

Carlos Cotrini, Thilo Weghorn, David Basin, and Manuel Clavel
Analyzing First-order Role Based Access Control
IEEE Computer Security Foundations Symposium (CSF), 2015
[PDF]

Stephanos Matsumoto, Raphael M. Reischuk
Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS
NDSS Workshop on Security of Emerging Networking Technologies (SENT), 2015
[PDF]

Michael Backes, Manuel Barbosa, Dario Fiore, Raphael M. Reischuk
ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data
IEEE Symposium on Security and Privacy (S&P), 2015
[PDF]