U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 576 - 600 of 1521

NSTIC Pilots: Catalyzing the Identity Ecosystem [including updates as of 09-20-2015]

March 15, 2016
Author(s)
Katerina N. Megas, Philip Lam, Ellen M. Nadeau, Colin Soutar
Pilots are an integral part of the National Strategy for Trusted Identities in Cyberspace (NSTIC), issued by the White House in 2011 to encourage enhanced security, privacy, interoperability, and ease of use for online transactions. This document details

Detecting GNSS Spoofing using a Network of Hardware Oscillators

March 11, 2016
Author(s)
Dhananjay Anand, Tanvir M. Arafin, Gang Qu
In the face of growing concern about spoofing attacks on GNSS transmissions, we propose a scheme to cross validate GNSS based timing against intrinsic properties of local hardware oscillators. We demonstrate our approach as being able to detect certain

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

March 7, 2016
Author(s)
Ramaswamy Chandramouli
Virtual Machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end-nodes of a virtual network, the configuration of the virtual network forms an important element in the

Implementing Trusted Geolocation Services in the Cloud

February 17, 2016
Author(s)
Michael J. Bartock, Karen Scarfone, Larry Feldman
The bulletin summarizes the information presented in NISTIR 7904, "Trusted Geolocation in the Cloud: Proof of Concept Implementation". The publication explains security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies

On the Differential Security of the HFEv - Signature Primitive

February 4, 2016
Author(s)
Ryann Cartor, Ryan Gipson, Daniel Smith-Tone, Jeremy Vates
Multivariate Public Key Cryptography (MPKC) is one of the most attractive post-quantum options for digital signatures in a wide array of applications. The history of multivariate signature schemes is tumultuous, however, and solid security arguments are

Security Analysis and Key Modification for ZHFE

February 4, 2016
Author(s)
Ray A. Perlner, Daniel C. Smith-Tone
ZHFE, designed by Porras et al., is one of the few promising candidates for a multivariate public-key encryption algorithm. In this article we extend and expound upon the existing security analysis on this scheme. We prove security against differential

Recommendation for Key Management, Part 1: General

January 28, 2016
Author(s)
Elaine B. Barker
This Recommendation provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security

Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research

January 20, 2016
Author(s)
Michael J. Bartock, Jeffrey A. Cichonski, Murugiah P. Souppaya, Paul Fox, Mike Miller, Ryan Holley, Karen Scarfone
This report documents proof of concept research for Derived Personal Identity Verification (PIV) Credentials. Smart card-based PIV Cards cannot be readily used with most mobile devices, such as smartphones and tablets, but Derived PIV Credentials (DPCs)

Managing Risk in a Cloud Ecosystem

December 18, 2015
Author(s)
Michaela Iorga, Anil Karmel
The article focuses on the tier 3 security risks related to the operation and use of cloud-based information systems. To prevent and mitigate any threats, adverse actions, service disruptions, attacks, or compromises, organizations need to quantify their

Third-Party Software's Trust Quagmire

December 18, 2015
Author(s)
Jeffrey M. Voas, George Hurlburt
Integrating software developed by third-party organizations into a larger system raises concerns about the software's quality, origin, functionality, security, and interoperability. Addressing these concerns requires rethinking the roles of software's

Towards a Systematic Threat Modeling Approach for Cyber-physical Systems

December 15, 2015
Author(s)
Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith A. Stouffer, CheeYee Tang, Rick Candell
Cyber-Physical Systems (CPS) are systems with seamless integration of physical, computational and networking components. These systems can potentially have an impact on the physical components, hence it is critical to safeguard them against a wide range of

An Industrial Control System Cybersecurity Performance Testbed

December 10, 2015
Author(s)
Richard Candell, Timothy A. Zimmerman, Keith A. Stouffer
The National Institute of Standards and Technology (NIST) is developing a cybersecurity performance testbed for industrial control systems. The goal of the testbed is to measure the performance of industrial control systems (ICS) when instrumented with

Trusted Geolocation in the Cloud: Proof of Concept Implementation

December 10, 2015
Author(s)
Michael Bartock, Murugiah Souppaya, Raghuram Yeluri, Uttam Shetty, James Greene, Steve Orrin, Hemma Prafullchandra, John McLeese, Jason Mills, Daniel Carayiannis, Tarik Williams, Karen Scarfone
This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The

Tailoring Security Controls for Industrial Control Systems

November 16, 2015
Author(s)
Victoria Y. Pillitteri, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-82, Rev 2: Guide to Industrial Control Systems (ICS) Security written by Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams and Adam Hahn. The publication provides

Minimizing Attack Graph Data Structures

November 14, 2015
Author(s)
Peter Mell, Richard Harang
An attack graph is a data structure representing how an attacker can chain together multiple attacks to expand their influence within a network (often in an attempt to reach some set of goal states). Restricting attack graph size is vital for the execution

Guide to Application Whitelisting

October 28, 2015
Author(s)
Adam Sedgewick, Murugiah Souppaya, Karen Scarfone
An application whitelist is a list of applications and application components that are authorized for use in an organization. Application whitelisting technologies use whitelists to control which applications are permitted to execute on a host. This helps

Protection of Controlled Unclassified Information

October 19, 2015
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The publication the protection of Controlled Unclassified Information (CUI) while

Poster:A Logic Based Network Forensics Model for Evidence Analysis

October 15, 2015
Author(s)
Anoop Singhal, Changwei Liu, Duminda Wijesekera
Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack
Was this page helpful?