The paper proposes the User Data Sharing System (UDSS), a hardware-anchored middleware that securely manages PII exchange across diverse consumer electronics devices, significantly reducing onboarding…

LiteAtt introduces a verifier-less, Peer-to-Peer Self-Attestation (P2P-SA) framework for modern IoT MCUs, enabling mutual authentication and firmware attestation directly within the connection handsha…

FIDEM introduces a standard-compliant framework that uses Zero-Knowledge Proofs to securely bind IoT devices to their Manufacturer Usage Description (MUD) profiles, mitigating risks associated with in…

The Device Context Protocol (DCP) introduces a compact, safety-first communication standard designed to allow LLMs to reliably control resource-constrained physical microcontrollers, significantly imp…

This study provides the first measurement of authentication security in real-world remote Model Context Protocol (MCP) servers, finding pervasive and critical authentication weaknesses, particularly i…

This study comparatively assessed the usability of passkeys versus passwords for Wi-Fi captive portal authentication, finding that while passkeys were perceived as more usable, captive portal limitati…

The paper analyzes the security and practical deployability of advanced Wi-Fi ranging standards (IEEE 802.11az/bk), concluding that while promising, secure implementation is highly sensitive to config…

This survey reviews hardware-rooted trust mechanisms, such as PUFs and TPMs, demonstrating that hardware-based solutions are superior to software-only methods for ensuring secure authentication and AI…

This paper analyzes the security vulnerabilities of emerging pay-for-use Wi-Fi hotspots in rural areas, demonstrating practical attacks like connection hijacking and rogue hotspots.

The paper introduces a secure, manifest-based framework that allows unprivileged processes to safely update and promote narrowly scoped privileged software components without requiring full administra…

The paper proposes PriSrv, a novel private service discovery protocol that enhances wireless communication security and privacy by enabling fine-grained, multi-layered matching and mutual authenticati…

MeshGuard is a framework that extends MUD-based network access control to complex, large-scale Thread IoT networks by adapting the MLE protocol and using SDN for scalable policy enforcement.

The paper proposes a standardized, zonal architecture and an open-source prototype for a dedicated Cyber Range (CR) specifically designed for comprehensive and repeatable Wi-Fi security training and e…

zk-X509 is a privacy-preserving identity system that uses zero-knowledge proofs to prove ownership of standard X.509 certificates on a public blockchain without revealing private keys or personal data…

SecureMCP proposes a novel, policy-enforced framework that integrates Role-Based Access Control (RBAC) with an MCP server to provide multi-layer, fine-grained defense against malicious LLM-generated S…

The paper introduces AIP, a novel protocol using Invocation-Bound Capability Tokens (IBCTs) to provide verifiable identity and secure delegation across Model Context Protocol (MCP) and Agent-to-Agent…

The paper introduces an open-source security framework that significantly improves cloud infrastructure security assessment by unifying identity and resource data, reducing false positives, and automa…

The paper reverse-engineers Apple's Private Cloud Compute (PCC) implementation to independently benchmark its model and evaluate its privacy claims, addressing the lack of transparency in Apple's syst…

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

ProcRoute is a system that restricts internal network route access to specific, authorized applications, preventing unprivileged processes from exploiting split-tunnel VPN routes.