Safer

Creating production-quality security defenses that address network interference and ensure safe, reliable global connectivity.

Filter by:

blog

2025

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

securityvulnerabilities

blog

2025

Defending QUIC from acknowledgement-based DDoS attacks

securityDDoSquic

blog

2025

Improving the trustworthiness of Javascript on the Web

securityjavascript

blog

2025

Automatically Secure: how we upgraded 6,000,000 domains by default to get ready for the Quantum Future

securityautomation

blog

2025

Forget IPs: using cryptography to verify bot and agent traffic

securitybots

blog

2025

A next-generation Certificate Transparency log built on Cloudflare Workers

securitycertificates

blog

2025

Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH

securitySSH

blog

2025

HTTPS-only for Cloudflare APIs: shutting the door on cleartext traffic

securityencryption

publication

2025

RFC 9814: Use of the SLH-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS)

Russ Housley, Scott Fluhrer, Panos Kampanakis, Bas Westerbaan

cryptographyprotocols

publication

2025

RFC 9881: Algorithm Identifiers for Module-Lattice-Based Digital Signature Algorithm (ML-DSA)

Jake Massimo, Panos Kampanakis, Sean Turner, Bas Westerbaan

cryptographyprotocols

publication

2025

Efficient intrusion detection via heterogeneous graph attention networks and parallel provenance analysis

Lin Wu, Yu-Lai Xie, Shi-Xun Zhao, Pan Zhou, Dan Feng, Avani Wildani, Ya-Yeng Wu

securityAIstorage

blog

2024

How we prevent conflicts in authoritative DNS configuration using formal verification

securityDNS

blog

2024

Introducing Automatic SSL/TLS: securing and simplifying origin connectivity

securitySSL

publication

2024

X-Wing: The Hybrid KEM You've Been Looking For

Manuel Barbosa, Deirdre Connolly, Aaron Kaiser, Peter Schwabe, Karolin Varner, Bas Westerbaan

cryptographyprotocols

blog

2023

Inside Geo Key Manager v2: re-imagining access control for distributed systems

securitykey-management

publication

2023

Security Analysis of Signature Schemes with Key Blinding

Edward Eaton, Christopher Wood

cryptographyprotocols

publication

2023

RFC 9380: Hashing to Elliptic Curves

Armando Faz Hernandez, Sam Scott, Nick Sullivan, Christopher Wood

cryptographyprotocols

publication

2023

Password-Authenticated TLS via OPAQUE and Post-Handshake Authentication

Julia Hesse, Stanislaw Jarecki, Hugo Krawczyk, Christopher Wood

authenticationsecurityprivacy

publication

2023

Portunus: Re-imagining access control in distributed systems

Watson Ladd, Marloes Venema, Tanya Verma, Armando Faz Hernandez, Brendan McMillion, Avani Wildani, Nick Sullivan

distributed systemscryptography

publication

2023

Portunus: Re-imagining access control in distributed systems using attribute-based encryption

Watson Ladd, Marloes Venema, Tanya Verma

distributed-systemscryptography

publication

2023

Global, Passive Detection of Connection Tampering

ram-sundararaman, Louis-Henri Merino, Kevin Bock, Marwan Fayed, Dave Levin, Nick Sullivan, Luke Valenta

measurement

publication

2023

Hot Topics in Security and Privacy Standardization at the IETF and Beyond

Christopher Wood

privacysecurityprotocols

blog

2022

Automatic (secure) transmission: taking the pain out of origin connection security

securitySSL

blog

2022

Hertzbleed explained

securityvulnerabilities

blog

2022

Future-proofing SaltStack

securityinfrastructure

publication

2022

RFC 9180: Hybrid Public Key Encryption

Richard Barnes, Karthik Bhargavan, Benjamin Lipp, Christopher Wood

cryptographyprotocols

publication

2022

Gossamer: Securely Measuring Password-based Logins

marina-sanusi, Mazharul Islam, Suleman Ahmad, Michael Swift, thomas-ristenpart, Rahul Chatterjee

authenticationsecurityprivacy

publication

2022

A tale of two models: Formal verification of KEMTLS via Tamarin

Jonathan Hoyland, Douglas Stebila, thom-wiggers

cryptography

publication

2022

RFC 9257: Guidance for External Pre-Shared Key (PSK) Usage in TLS

Russ Housley, Jonathan Hoyland, Mohit Sethi, Christopher Wood

securityprivacyprotocols

publication

2022

Might I Get Pwned: A Second Generation Compromised Credential Checking Service

Bijeeta Pal, Mazharul Islam, marina-sanusi, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher Wood, thomas-ristenpart, Rahul Chattejee

authenticationsecurityprivacy

publication

2022

RFC 9261: Exported Authenticators in TLS

securityprotocols

publication

2022

Let The Right One In: Attestation as a Usable CAPTCHA Alternative

Tara Whalen, Thibault Meunier, Mrudula Kodali, Alex Davidson, Marwan Fayed, Armando Faz Hernandez, Watson Ladd, deepak-maram, Nick Sullivan, Benedikt Christoph Wolters, Maxime Guerreiro, Andrew Galloni

privacy

blog

2021

Research Directions in Password Security

securitypasswords

blog

2021

Exported Authenticators: The long road to RFC

securitystandards

blog

2021

Introducing SSL/TLS Recommender

securitySSL

blog

2021

Dynamic Process Isolation: Research by Cloudflare and TU Graz

securityresearch

publication

2020

RFC 8937: Randomness Improvements for Security Protocols

Cas Cremers, Luke Garratt, Stanislav Smyshlyaev, Nick Sullivan, Christopher Wood

cryptographysecurityprotocols

publication

2020

Adaptively secure constrained pseudorandom functions in the standard model

Alex Davidson, Shuichi Katsumata, Ryo Nishimaki, Shota Yamada, Takashi Yamakawa

cryptography

publication

2020

RFC 8922: A Survey of the Interaction between Security Protocols and Transport Services

Theresa Enghardt, Tommy Pauly, Colin Perkins, Kyle Rose, Christopher Wood

securityprotocols

publication

2019

Strong post-compromise secure proxy re-encryption

Alex Davidson, Amit Deo, Ela Lee, Keith Martin

cryptography

publication

2019

Protocols for checking compromised credentials

Lucy Li, Bijeeta Pal, Junade Ali, Nick Sullivan, Rahul Chatterjee, thomas-ristenpart

privacycryptography

publication

2018

nQUIC: Noise-based QUIC packet protection

Mathias Hall-Andersen, David Wong, Nick Sullivan, alishah-chator

securitycryptography

publication

2018

Geo Key Manager

Nick Sullivan, Brendan McMillion

cryptographyprotocols

publication

2017

Understanding the mirai botnet

Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou

malwaremeasurement

publication

2017

The Security Impact of HTTPS Interception

Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, Vern Paxson

securitymeasurement

publication

2016

Attacking White-Box AES Constructions

Brendan McMillion, Nick Sullivan

cryptography

publication

2015

An analysis of TLS handshake proxying

Douglas Stebila, Nick Sullivan

cryptographyauthentication