The paper proposes a RADIUS-based framework to maintain persistent device identity for Network Access Control (NAC) despite modern operating system MAC address randomization, ensuring regulatory compl…

The paper presents the Serpent attack, a practical cross-device token replay vulnerability, demonstrating that Apple Intelligence's anonymous access tokens can be stolen and reused on different device…

The paper proposes an on-device framework to detect and prevent the forwarding of images that have been physically recaptured (photographed) from a mobile screen, addressing the Screen Recaptured Anal…

SEAL-Tag is a privacy-preserving runtime environment that mitigates PII leakage in Retrieval-Augmented Generation (RAG) systems by enforcing verifiable evidence aggregation and structured auditing.

The paper introduces Search-Bound Proximity Proofs (SBPP) to close an authorization provenance gap in encrypted geographic search by binding zero-knowledge proofs to specific search sessions for audit…

This paper introduces the Relay Tampering Attack (RTA), demonstrating that malicious third-party relays can undermine the security of LLM agents by modifying responses post-alignment, even if the LLM…

The paper analyzes the security and practical deployability of advanced Wi-Fi ranging standards (IEEE 802.11az/bk), concluding that while promising, secure implementation is highly sensitive to config…

The paper introduces 'Routing Hijacking,' a severe attack where malicious clients forge semantic profiles in Federated RAG systems to misroute target queries, and proposes a trust-aware post-routing f…

The paper introduces PAS, a structured privacy mechanism that encodes user location using relative anchors, enabling location privacy in spatial RAG systems while maintaining high retrieval performanc…

The authors reverse-engineered and fuzz-tested the undocumented Apple Remote Invocation (ARI) interface, revealing a significant, untested Remote Code Execution (RCE) attack surface on iOS.

The paper identifies a critical vulnerability, the Camouflage Detection Gap (CDG), where standard LLM injection detectors fail dramatically when malicious payloads mimic the target domain's language a…

This techreport evaluates a Tor-based protocol, Tor push, demonstrating that it can significantly enhance the location privacy of Ethereum validators by unlinking their identities from their IP addres…

The paper introduces PINSIGHT, a novel methodology that rigorously assesses Wi-Fi PIN code inference attacks by separating environmental effects from typing effects, concluding that current state-of-t…

This case study systematically measures how placing anonymization at different points (dataset vs. generated answer) within the RAG pipeline affects the privacy-utility trade-off, demonstrating that p…

MA-IDS proposes a Multi-Agent RAG framework that uses LLMs and a self-building Experience Library to achieve explainable and self-improving intrusion detection for resource-constrained IoT networks.

The paper demonstrates that even a casual attacker with basic IT skills can perform sophisticated privacy attacks on smart-home networks, extracting detailed daily routines and personal information fr…

This paper re-evaluates prompt-injection attacks in realistic RAG settings, finding that most prior attack methods fail to reach the generator, and that current attacks are easily detectable.

The paper details a novel, practical cryptanalytic attack exploiting a race-condition vulnerability in the XNU kernel's IPv6 Fragment ID PRNG, allowing attackers to predict and spoof fragment IDs.

LiteAtt introduces a verifier-less, Peer-to-Peer Self-Attestation (P2P-SA) framework for modern IoT MCUs, enabling mutual authentication and firmware attestation directly within the connection handsha…

The paper introduces PriSrv+, an advanced service discovery protocol that significantly enhances privacy, usability, and efficiency in wireless networks through a novel matchmaking encryption scheme c…