The paper proposes HSTS-Enforced, a new web security model that flips the default connection from HTTP to HTTPS, eliminating TLS stripping attacks while allowing sites to opt out if they genuinely req…

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

This paper systematically analyzes the threat posed by malicious third-party API routers in the LLM supply chain, finding that a significant number of routers actively perform payload injection, crede…

The paper introduces a multi-surface evidence framework to provide comprehensive observability for post-quantum TLS migration, enabling robust measurement of session behavior and endpoint capabilities…

This study empirically demonstrates that even highly technical students struggle significantly with the long-term usability and security understanding of Mutual TLS (mTLS) client authentication, sugge…

This paper analyzes RPKI specifications, demonstrating that vague or conflicting requirements in dozens of RFCs cause systemic vulnerabilities in real-world implementations, leading to 61 undocumented…

This paper experimentally compares ML-DSA and SLH-DSA in TLS 1.3, finding that placing SLH-DSA at the server leaf significantly increases computational cost and latency, suggesting upper-layer placeme…

This paper addresses the operational challenge of adopting Post-Quantum Cryptography (PQC) in complex financial TLS environments by presenting a methodology to automatically profile and normalize cryp…

FIDEM introduces a standard-compliant framework that uses Zero-Knowledge Proofs to securely bind IoT devices to their Manufacturer Usage Description (MUD) profiles, mitigating risks associated with in…

ProcRoute is a system that restricts internal network route access to specific, authorized applications, preventing unprivileged processes from exploiting split-tunnel VPN routes.

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

This paper quantifies the latency impact of increasing certificate chain sizes required by Post-Quantum Cryptography (PQC) on TLS Time to First Byte (TTFB), finding that Merkle Tree Certificates (MTC)…

The paper introduces GateScope, a black-box framework that audits commercial LLM API gateways, revealing frequent discrepancies in model behavior, billing, and performance across real-world services.

The paper introduces 'Routing Hijacking,' a severe attack where malicious clients forge semantic profiles in Federated RAG systems to misroute target queries, and proposes a trust-aware post-routing f…

The paper introduces Aquaman, a transparent-proxy architecture that enables quantum-resilient session-key establishment at the network edge, protecting clients that cannot natively support post-quantu…

This study provides the first measurement of authentication security in real-world remote Model Context Protocol (MCP) servers, finding pervasive and critical authentication weaknesses, particularly i…

This paper provides a comprehensive, system-level taxonomy for designing quantum-resistant network architectures, moving beyond simple protocol substitutions to address key distribution and management…

Grimlock is an Agent Guard that enhances security for high-agency systems by enforcing identity, authorization, and scope-bound communication through eBPF and attested TLS channels, without modifying…

The paper introduces mcp-attested, a security extension to the Model Context Protocol (MCP) that allows hosts to safely admit and restrict the tools used by external, third-party tool servers.