U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 451 - 475 of 1509

Updating the Keys for DNS Security

September 27, 2017
Author(s)
Scott W. Rose, Larry Feldman, Gregory A. Witte
To help maintain the reliability and integrity of the Internet’s Domain Name System (DNS), NIST is working with specialists from around the world to update the keys used by the DNS Security Extensions (DNSSEC) protocol to authenticate DNS data and avoid

Application Container Security Guide

September 25, 2017
Author(s)
Murugiah P. Souppaya, John Morello, Karen Scarfone
Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This

Cybersecurity Framework Manufacturing Profile

September 8, 2017
Author(s)
Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy
[Superseded by NISTIR 8183 (September 2017, Includes updates as of May 20, 2019)]This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity

Cryptography Standards in Quantum Time - New wine in old wineskin?

August 17, 2017
Author(s)
Lidong Chen
The National Institute of Standards and Technology (NIST) of the U.S. Government announced a call for proposals for quantum-resistant public-key cryptographic algorithms on December 15, 2016. The scope of the call covers all public-key cryptographic

Using DITA to Create Security Configuration Checklists

July 31, 2017
Author(s)
Joshua Lubell
Many software tools use security configuration checklists expressed in the Extensible Configuration Checklist Description Format (XCCDF) to monitor computers and other information technology products for compliance with security policies. But XCCDF syntax

Towards Actionable Mission Impact Assessment in the Context of Cloud Computing

June 22, 2017
Author(s)
Xiaoyan Sun, Anoop Singhal, Peng Liu
Today's cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without

Toward Standardizing Lightweight Cryptography

June 21, 2017
Author(s)
Kerry A. McKay, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information in NISTIR 8114: Report on Lightweight Cryptography which provides an overview of the lightweight cryptography project at NIST and describes plans for the standardization of lightweight cryptography algorithms.

Randomness in nonlocal games between mistrustful players

June 15, 2017
Author(s)
Carl A. Miller, Yaoyun Shi
If two quantum players at a nonlocal game G achieve a superclassical score, then their measurement outcomes must be at least partially random from the perspective of any third player. This is the basis for device-independent quantum cryptography. In this

Weak is Better: Tightly Secure Short Signatures from Weak PRFs

June 7, 2017
Author(s)
Jacob M. Alperin-Sheriff, Daniel Apon
The Boyen-Li signature scheme [Asiacrypt'16] is a major theoretical breakthrough. Via a clever homomorphic evaluation of a pseudorandom function over their verification key, they achieve a reduction loss in security linear in the underlying security

Automation Support for Security Control Assessments, Volume 1: Overview

June 6, 2017
Author(s)
Kelley L. Dempsey, Paul Eavy, George Moore
This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed

An Updated Security Analysis of PFLASH

June 4, 2017
Author(s)
Ryann Cartor, Daniel Smith-Tone
One application in post-quantum cryptography that appears especially difficult is security for low-power or no-power devices. One of the early champions in this arena was SFLASH, which was recommended by NESSIE for implementation in smart cards due to its

Key Recovery Attack for All Parameters of HFE-

June 4, 2017
Author(s)
Jeremy Vates, Daniel Smith-Tone
Recently, by an interesting confluence, multivariate schemes with the minus modifier have received attention as candidates for multivariate encryption. Among these candidates is the twenty year old HFE – scheme originally envisioned as a possible candidate

Key Recovery Attack for ZHFE

June 4, 2017
Author(s)
Daniel Cabarcas, Daniel Smith-Tone, Javier A. Verbel
At PQCRYPTO 2014, Porras, Baena and Ding introduced ZHFE, an interesting new technique for multivariate post-quantum encryption. The scheme is a generalization of HFE in which a single low degree polynomial in the central map is replaced by a pair of high

Imposing Fine-grain Next Generation Access Control over Database Queries

May 25, 2017
Author(s)
David F. Ferraiolo, Serban I. Gavrila, Gopi Katwala, Joshua D. Roberts
In this paper we describe a system that leverages ANSI/INCITS Next Generation Access Control (NGAC) standard called Next-generation Database Access Control (NDAC) for accessing data in tables, rows, and columns in existing RDBMS products. NDAC imposes

Inferring previously uninstalled applications from digital traces

May 25, 2017
Author(s)
Jim Jones, Tahir Kahn, Kathryn B. Laskey, Alexander J. Nelson, Mary T. Laamanen, Douglas R. White
In this paper, we present an approach and experimental results to suggest the past presence of an application after the application has been uninstalled and the system has remained in use. Current techniques rely on the recovery of intact artifacts and
Was this page helpful?