U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 551 - 575 of 1509

They Know Your Weaknesses Do You?: Reintroducing Common Weakness Enumeration

May 1, 2016
Author(s)
Yan Wu, Yaacov Yesha, Irena Bojanova, Paul E. Black
Knowing what makes your software systems vulnerable to attacks will be exceptionally critical in the emerging future of interdependent clouds, cyber-physical systems, mobile apps, and big data sets. The Common Weakness Enumeration (CWE) is a respectable

Report on Post-Quantum Cryptography

April 28, 2016
Author(s)
Lidong Chen, Stephen P. Jordan, Yi-Kai Liu, Dustin Moody, Rene C. Peralta, Ray A. Perlner, Daniel C. Smith-Tone
In recent years, there has been a substantial amount of research on quantum computers - machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum

Baseline Tailor User Guide

April 25, 2016
Author(s)
Joshua Lubell
This guide describes how to use Baseline Tailor, a software tool for navigating the United States Government's Cybersecurity Framework and for tailoring the National Institute of Standards and Technology Special Publication 800-53 Revision 4 security

Measuring the Usability and Security of Permuted Passwords on Mobile Platforms

April 25, 2016
Author(s)
Kristen K. Greene, John M. Kelsey, Joshua M. Franklin
Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics

Guidelines for the Creation of Interoperable Software Identification (SWID) Tags

April 22, 2016
Author(s)
David A. Waltermire, Brant Cheikes, Larry Feldman, Gregory A. Witte
This report provides an overview of the capabilities and usage of software identification (SWID) tags as part of a comprehensive software lifecycle. As instantiated in the International Organization for Standardization/International Electrotechnical

Best Practices for Privileged User PIV Authentication

April 21, 2016
Author(s)
Hildegard Ferraiolo, David Cooper, Andrew R. Regenscheid, Karen Scarfone, Murugiah P. Souppaya
The Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requires that federal agencies use Personal Identity Verification (PIV) credentials for authenticating privileged users

New NIST Security Standard Can Protect Credit Cards, Health Information

April 14, 2016
Author(s)
Morris J. Dworkin, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-38G, "Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption." The publication specifies two methods for format-preserving

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 compliance)

April 13, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Jason Mohler
NIST Special Publication (SP) 800-73 contains the technical specifications to interface with the smart card to retrieve and use the Personal Identity Verification (PIV) identity credentials. This document, SP 800-85A, contains the test assertions and test

NIST Cryptographic Standards and Guidelines Development Process

March 31, 2016
Author(s)
Andrew R. Regenscheid
This document describes the principles, processes and procedures that drive cryptographic standards and guidelines development efforts at the National Institute of Standards and Technology. This document reflects public comments received on two earlier

Using a Capability Oriented Methodology to Build Your Cloud Ecosystem

March 31, 2016
Author(s)
Michaela Iorga, Karen Scarfone
Organizations often struggle to capture the necessary functional capabilities for each cloud-based solution adopted for their information systems. Identifying, defining, selecting, and prioritizing these functional capabilities and the security components

Analysis of Virtual Networking Options for Securing Virtual Machines

March 20, 2016
Author(s)
Ramaswamy Chandramouli
Virtual Machines (VMs) constitute the primary category of resources to be protected in virtualized infrastructures. Out of the two types of protection for VMs -- Host-level and Network-level -- it is the approaches for the Network-level protection that are

NSTIC Pilots: Catalyzing the Identity Ecosystem [including updates as of 09-20-2015]

March 15, 2016
Author(s)
Katerina N. Megas, Philip Lam, Ellen M. Nadeau, Colin Soutar
Pilots are an integral part of the National Strategy for Trusted Identities in Cyberspace (NSTIC), issued by the White House in 2011 to encourage enhanced security, privacy, interoperability, and ease of use for online transactions. This document details

Detecting GNSS Spoofing using a Network of Hardware Oscillators

March 11, 2016
Author(s)
Dhananjay Anand, Tanvir M. Arafin, Gang Qu
In the face of growing concern about spoofing attacks on GNSS transmissions, we propose a scheme to cross validate GNSS based timing against intrinsic properties of local hardware oscillators. We demonstrate our approach as being able to detect certain

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

March 7, 2016
Author(s)
Ramaswamy Chandramouli
Virtual Machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end-nodes of a virtual network, the configuration of the virtual network forms an important element in the

Implementing Trusted Geolocation Services in the Cloud

February 17, 2016
Author(s)
Michael J. Bartock, Karen Scarfone, Larry Feldman
The bulletin summarizes the information presented in NISTIR 7904, "Trusted Geolocation in the Cloud: Proof of Concept Implementation". The publication explains security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies

On the Differential Security of the HFEv - Signature Primitive

February 4, 2016
Author(s)
Ryann Cartor, Ryan Gipson, Daniel Smith-Tone, Jeremy Vates
Multivariate Public Key Cryptography (MPKC) is one of the most attractive post-quantum options for digital signatures in a wide array of applications. The history of multivariate signature schemes is tumultuous, however, and solid security arguments are

Security Analysis and Key Modification for ZHFE

February 4, 2016
Author(s)
Ray A. Perlner, Daniel C. Smith-Tone
ZHFE, designed by Porras et al., is one of the few promising candidates for a multivariate public-key encryption algorithm. In this article we extend and expound upon the existing security analysis on this scheme. We prove security against differential

Recommendation for Key Management, Part 1: General

January 28, 2016
Author(s)
Elaine B. Barker
This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security

Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research

January 20, 2016
Author(s)
Michael J. Bartock, Jeffrey A. Cichonski, Murugiah P. Souppaya, Paul Fox, Mike Miller, Ryan Holley, Karen Scarfone
This report documents proof of concept research for Derived Personal Identity Verification (PIV) Credentials. Smart card-based PIV Cards cannot be readily used with most mobile devices, such as smartphones and tablets, but Derived PIV Credentials (DPCs)
Was this page helpful?