This study empirically demonstrates that even highly technical students struggle significantly with the long-term usability and security understanding of Mutual TLS (mTLS) client authentication, sugge…

This cross-national review analyzed government cybersecurity guidance for smart homes, finding that while general security advice is abundant, structured, step-by-step incident response guidance is ra…

The paper investigates how digital devices in U.S. prisons create privacy and security risks for incarcerated users, finding that pervasive surveillance and arbitrary policies negatively impact their…

The paper analyzes persistent TLS misconfigurations and introduces TLSGatekeeper, a high-performance, network-based tool that enforces security policies by monitoring TLS handshakes without requiring…

This pilot study investigates SME readiness for Zero Trust Architecture (ZTA) and proposes a realistic three-stage adoption path based on survey data from IT professionals.

This paper empirically characterizes the clandestine third-party iOS app stores in Iran, revealing a complex ecosystem driven by sanctions and censorship that facilitates piracy, unauthorized monetiza…

This study provides the first measurement of authentication security in real-world remote Model Context Protocol (MCP) servers, finding pervasive and critical authentication weaknesses, particularly i…

This paper analyzes the security vulnerabilities of emerging pay-for-use Wi-Fi hotspots in rural areas, demonstrating practical attacks like connection hijacking and rogue hotspots.

The paper empirically characterizes 'shadow AI'—the unsanctioned use of frontier AI in critical infrastructure—as a systemic threat that erodes established assurance and security controls.

This paper analyzes various attack vectors against FIDO2 passkeys, demonstrating that while sophisticated attacks are possible, the overall security posture significantly raises the bar compared to tr…

This paper analyzes location-data provenance risks across multiple European sectors, proposing a risk taxonomy and architectural design for a next-generation digital trust infrastructure that treats l…

This study comparatively assessed the usability of passkeys versus passwords for Wi-Fi captive portal authentication, finding that while passkeys were perceived as more usable, captive portal limitati…

Analyzing Reddit discussions, the paper finds that while security practitioners see LLMs as useful for boosting productivity, their adoption is constrained by concerns over reliability, verification,…

This paper provides the first comprehensive security analysis of the Agent Skills framework, identifying severe structural vulnerabilities that require fundamental architectural changes rather than si…

This paper introduces and evaluates a scalable, reproducible 'CTF as a Service' (CaaS) platform designed to simplify the infrastructure management required for cybersecurity training.

The paper proposes a RADIUS-based framework to maintain persistent device identity for Network Access Control (NAC) despite modern operating system MAC address randomization, ensuring regulatory compl…

The paper argues that LLM agent security is fundamentally an agent-human interaction (AHI) problem, demonstrating that industry practices rely on human-centric mechanisms while academic research focus…

This study surveyed Icelandic organizations to find that human factors, such as poor training and culture, pose significant cybersecurity risks that often bypass technical controls.

This paper demonstrates that visual phishing detectors can be completely bypassed by employing simple timing-based attacks that delay the rendering of key webpage elements.

The paper introduces LITE-SOC, a lightweight, web-based simulator designed to provide a practical, accessible alternative for teaching cybersecurity SOC workflows without requiring complex, expensive…