Marcus Brinkmann

Marcus Brinkmann
Ruhr-Universität Bochum | RUB · Horst Görtz In­sti­tu­te of IT-Se­cu­ri­ty (HGI)

Dipl.-Math.

About

13
Publications
3,100
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
114
Citations

Publications

Publications (13)
Article
All almost perfect nonlinear (APN) permutations that we know to date admit a special kind of linear self-equivalence, i.e., there exists a permutation $G$ in their CCZ-equivalence class and two linear permutations $A$ and $B$ , such that $G \circ A = B \circ G$ . After providing a survey on the known APN functions with a focus on the existe...
Conference Paper
OpenPGP and S/MIME are two major standards for securing email communication introduced in the early 1990s. Three recent classes of attacks exploit weak cipher modes (EFAIL Malleability Gadgets, or EFAIL-MG), the flexibility of the MIME email structure (EFAIL Direct Exfiltration, or EFAIL-DE), and the Reply action of the email client (REPLY attacks)...
Preprint
All almost perfect nonlinear (APN) permutations that we know to date admit a special kind of linear self-equivalence, i.e., there exists a permutation $G$ in their CCZ-class and two linear permutations $A$ and $B$, such that $G \circ A = B \circ G$. After providing a survey on the known APN functions with a focus on the existence of self equivalenc...
Conference Paper
Full-text available
OpenPGP and S/MIME are the two major standards to en-crypt and digitally sign emails. Digital signatures are supposed to guarantee authenticity and integrity of messages. In this work we show practical forgery attacks against various implementations of OpenPGP and S/MIME email signature verification in five attack classes: (1) We analyze edge cases...
Chapter
We show practical attacks against OpenPGP and S/MIME encryption and digital signatures in the context of email. Instead of targeting the underlying cryptographic primitives, our attacks abuse legitimate features of the MIME standard and HTML, as supported by email clients, to deceive the user regarding the actual message content. We demonstrate how...
Preprint
Full-text available
We show practical attacks against OpenPGP and S/MIME encryption and digital signatures in the context of email. Instead of targeting the underlying cryptographic primitives, our attacks abuse legitimate features of the MIME standard and HTML, as supported by email clients, to deceive the user regarding the actual message content. We demonstrate how...
Technical Report
Full-text available
For all vectorial boolean functions up to dimension 4, we present canonical representatives for all extended affine (EA) and CCZ equivalence classes. We include the size of each class, as well as its algebraic degree and extended Walsh spectrum. We also answer the following questions: How large are these classes? Which of these classes contain bije...
Article
We classify the almost perfect nonlinear (APN) functions in dimensions 4 and 5 up to affine and CCZ equivalence using backtrack programming and give a partial model for the complexity of such a search. In particular, we demonstrate that up to dimension 5 any APN function is CCZ equivalent to a power function, while it is well known that in dimensio...
Article
Full-text available
The GNU Hurd's design was motivated by a desire to rectify a number of observed shortcomings in Unix. Foremost among these is that many policies that limit users exist simply as remnants of the design of the system's mechanisms and their implementation. To increase extensibility and integration, the Hurd adopts an object-based architecture and defi...
Article
Full-text available
Commodity operating systems fail to meet the secu-rity, resource management and integration expectations of users. We propose a unified solution based on a ca-pability framework as it supports fine grained objects, straightforward access propagation and virtualizable in-terfaces and explore how to improve resource use via ac-cess decomposition and...
Article
Full-text available
End-to-end e-mail encryption is still ignored by almost all users. The mails are left in the clear in the mailboxes of the web mail providers, where they are frequently collected by attackers and lead to an escalation of the attack due to the sensitivity of the mail content. We suggest a new and simplified infrastructure to protect mail that is com...

Network

Cited By

Projects

Projects (4)
Project
A joint project with University of Applied Sciences and Ruhr-University Bochum to analyse the security of end-to-end encryption and digital signatures in Emails.