In his dissertation, Dr. Fabian Ising dealt with edge cases of modern applied cryptography. A special focus was on transport encryption for email protocols (STARTTLS) and so-called oracle attacks against end-to-end encryption. The dissertation uncovered vulnerabilities in OpenPGP and S/MIME encryption that allow decryption in various scenarios using passive traffic analysis or by sending a single self-exfiltrating email. Extending these attacks to PDFs and Office documents reveals strengths and weaknesses of the developed techniques.
Fabian Ising’s research results show that attackers can often trick applications into revealing sensitive data despite encryption. He attributes this to the fact that the complexity of the systems leads to many difficult decisions and borderline cases during implementation.

Part of the dissertation was published in advance at top IT security conferences: