Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 476 - 500 of 1521

Towards Actionable Mission Impact Assessment in the Context of Cloud Computing

June 22, 2017

Author(s)

Xiaoyan Sun, Anoop Singhal, Peng Liu

Today's cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without

Toward Standardizing Lightweight Cryptography

June 21, 2017

Author(s)

Kerry A. McKay, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information in NISTIR 8114: Report on Lightweight Cryptography which provides an overview of the lightweight cryptography project at NIST and describes plans for the standardization of lightweight cryptography algorithms.

Randomness in nonlocal games between mistrustful players

June 15, 2017

Author(s)

Carl A. Miller, Yaoyun Shi

If two quantum players at a nonlocal game G achieve a superclassical score, then their measurement outcomes must be at least partially random from the perspective of any third player. This is the basis for device-independent quantum cryptography. In this

Weak is Better: Tightly Secure Short Signatures from Weak PRFs

June 7, 2017

Author(s)

Jacob M. Alperin-Sheriff, Daniel Apon

The Boyen-Li signature scheme [Asiacrypt'16] is a major theoretical breakthrough. Via a clever homomorphic evaluation of a pseudorandom function over their verification key, they achieve a reduction loss in security linear in the underlying security

Automation Support for Security Control Assessments, Volume 1: Overview

June 6, 2017

Author(s)

Kelley L. Dempsey, Paul Eavy, George Moore

This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed

Automation Support for Security Control Assessments, Volume 2: Hardware Asset Management

June 6, 2017

Author(s)

Kelley L. Dempsey, Paul Eavy, George Moore

The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated

Improved sensor fault detection, isolation, and mitigation using multiple observers approach

June 6, 2017

Author(s)

Dhananjay Anand, Zheng Wang, Dawn Tilbury

Traditional fault detection and isolation (FDI) methods analyze a residual signal to detect and iso-late sensor faults. The residual signal is the difference between the sensor measurements and the estimated outputs of the system based on an observer. The

An Updated Security Analysis of PFLASH

June 4, 2017

Author(s)

Ryann Cartor, Daniel Smith-Tone

One application in post-quantum cryptography that appears especially difficult is security for low-power or no-power devices. One of the early champions in this arena was SFLASH, which was recommended by NESSIE for implementation in smart cards due to its

Key Recovery Attack for All Parameters of HFE-

June 4, 2017

Author(s)

Jeremy Vates, Daniel Smith-Tone

Recently, by an interesting confluence, multivariate schemes with the minus modifier have received attention as candidates for multivariate encryption. Among these candidates is the twenty year old HFE – scheme originally envisioned as a possible candidate

Key Recovery Attack for ZHFE

June 4, 2017

Author(s)

Daniel Cabarcas, Daniel Smith-Tone, Javier A. Verbel

At PQCRYPTO 2014, Porras, Baena and Ding introduced ZHFE, an interesting new technique for multivariate post-quantum encryption. The scheme is a generalization of HFE in which a single low degree polynomial in the central map is replaced by a pair of high

Imposing Fine-grain Next Generation Access Control over Database Queries

May 25, 2017

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Gopi Katwala, Joshua D. Roberts

In this paper we describe a system that leverages ANSI/INCITS Next Generation Access Control (NGAC) standard called Next-generation Database Access Control (NDAC) for accessing data in tables, rows, and columns in existing RDBMS products. NDAC imposes

Inferring previously uninstalled applications from digital traces

May 25, 2017

Author(s)

Jim Jones, Tahir Kahn, Kathryn B. Laskey, Alexander J. Nelson, Mary T. Laamanen, Douglas R. White

In this paper, we present an approach and experimental results to suggest the past presence of an application after the application has been uninstalled and the system has remained in use. Current techniques rely on the recovery of intact artifacts and

Cyber Threat Intelligence and Information Sharing

May 8, 2017

Author(s)

Christopher S. Johnson, Larry Feldman, Gregory A. Witte

This bulletin, based on NIST Special Publication (SP) 800-150, introduces cyber threat intelligence and information sharing concepts, describes the benefits and challenges of sharing, clarifies the importance of trust, and introduces specific data handling

Comparing the Usability of Cryptographic APIs

May 1, 2017

Author(s)

Yasemin Acar, Michael Backes, Sascha Fahl, Simson L. Garfinkel, Doowon Kim, Michelle L. Mazurek, Christian Stransky

Potentially dangerous cryptography errors are well-documented in many applications. Conventional wisdom suggests that many of these errors are caused by cryptographic Application Programmer Interfaces (APIs) that are too complicated, have insecure defaults

Building the Bridge between Privacy and Cybersecurity for Federal Systems

April 19, 2017

Author(s)

Naomi B. Lefkovitz, Ellen M. Nadeau, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information in NISTIR 8062: An Introduction to Privacy Engineering and Risk Management in Federal Information Systems which provides an introduction to the concepts of privacy engineering and risk management for federal

Metrics and Key Performance Indicators for Robotic Cybersecurity Performance Analysis

April 18, 2017

Author(s)

Timothy A. Zimmerman

The National Institute of Standards and Technology has constructed a testbed to measure the performance impact of cybersecurity defenses on Industrial Control Systems (ICS). The testbed allows researchers to emulate real-world industrial manufacturing

Linear Time Algorithms to Restrict Insider Access using Multi-Policy Access Control Systems

April 13, 2017

Author(s)

Peter M. Mell, James Shook, Richard Harang, Serban I. Gavrila

An important way to limit malicious insiders from distributing sensitive information is to as tightly as possible limit their access to information. This has always been the goal of access control mechanisms, but individual approaches have been shown to be

Report on Lightweight Cryptography

March 28, 2017

Author(s)

Kerry McKay, Lawrence E. Bassham, Meltem Sonmez Turan, Nicky Mouha

NIST-approved cryptographic standards were designed to perform well using general-purpose computers. In recent years, there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When

Fundamentals of Small Business Information Security

March 15, 2017

Author(s)

Celia Paulsen, Gregory A. Witte, Larry Feldman

This bulletin summarizes the information in NISTIR 7621, Revision 1: Small Business Information Security: The Fundamentals. The bulletin presents the fundamentals of a small business information security program.

Be Prepared: How US Government Experts Think About Cybersecurity

February 26, 2017

Author(s)

Mary F. Theofanos, Brian C. Stanton, Sandra S. Prettyman, Susanne M. Furman, Simson L. Garfinkel

Building Caring Healthcare Systems in the Internet of Things

February 22, 2017

Author(s)

Phillip Laplante, Mohamad Kassab, Nancy Laplante, Jeff Voas

The nature of healthcare and the computational and physical technologies and constraints present a number of challenges to systems designers and implementers. In spite of the challenges, there is a significant market for systems and products to support

Guide for Cybersecurity Incident Recovery

February 21, 2017

Author(s)

Murugiah P. Souppaya, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-184: Guide for Cybersecurity Event Recovery. The publication provides organizations with strategic guidance for planning, playbook developing, testing and improvements of recovery planning

Email Authentication Mechanisms: DMARC, SPF and DKIM

February 16, 2017

Author(s)

J. S. Nightingale

In recent years the IETF has been making a range of efforts to secure the email infrastructure and its use. Infrastructure protection includes source authentication by RFC 7208 Sender Policy Framework (SPF), message integrity authentication by RFC 6376

Impact of Code Complexity On Software Analysis

February 9, 2017

Author(s)

Charles Daniel De Oliveira, Elizabeth N. Fong, Paul E. Black

The Software Assurance Metrics and Tool Evaluation (SAMATE) team evaluated approximately 800 000 warnings from static analyzers.We learned that elements that we call code complexities make the detection of warnings more difficult. Most tools cannot not

Micro-Signatures: The Effectiveness of Known Bad N-Grams for Network Anomaly Detection

February 5, 2017

Author(s)

Richard Harang, Peter Mell

The field of intrusion detection is divided into signature detection and anomaly detection. The former involves identifying patterns associated with known attacks and the latter involves attempting to learn a 'normal' pattern of activity and then producing

Was this page helpful?