U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 676 - 700 of 1521

Differential Properties of the HFE Cryptosystem

October 1, 2014
Author(s)
Taylor Daniels, Daniel Smith-Tone
Multivariate Public Key Cryptography (MPKC) has been put forth as a possible post-quantum family of cryptographic schemes. These schemes lack provable security in the reduction theoretic sense, and so their security against yet undiscovered attacks remains

Guidelines for Smart Grid Cybersecurity

September 25, 2014
Author(s)
Victoria Y. Pillitteri, Tanya L. Brewer
This three-volume report, Guidelines for Smart Grid Cybersecurity, presents an analytical framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of Smart Grid-related characteristics

Computer Security Division 2013 Annual Report

September 4, 2014
Author(s)
Patrick D. O'Reilly, Gregory A. Witte, Chris Johnson, Doug Rike
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

BIOS Protection Guidelines for Servers

August 28, 2014
Author(s)
Andrew R. Regenscheid
Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to facilitate the hardware initialization process and transition control to the hypervisor or operating system. Unauthorized modification of BIOS

Policy Machine: Towards a General Purpose Enterprise-Wide Operating Environment

August 28, 2014
Author(s)
David F. Ferraiolo, Larry Feldman, Gregory A. Witte
The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to enforce a

Single-shot security for one-time memories in the isolated qubits model

August 21, 2014
Author(s)
Yi-Kai Liu
One-time memories (OTM's) are simple, tamper-resistant cryptographic devices, which can be used to implement sophisticated functionalities such as one-time programs. OTM's cannot exist in a fully-classical world, or in a fully-quantum world, but there is

The Future of Cybersecurity Education

August 19, 2014
Author(s)
Ernest L. McDuffie, V. P. Piotrowski
By fostering public-private partnerships in cybersecurity education, the US government is motivating federal agencies, industry, and academia to work more closely together to defend cyberspace.

On the Unification of Access Control and Data Services

August 15, 2014
Author(s)
David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen
A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file

Release of NIST Interagency Report 7946, CVSS Implementation Guidance

July 10, 2014
Author(s)
Harold Booth, Joshua M. Franklin, Larry Feldman, Greg Witte
The Common Vulnerability Scoring System (CVSS) is an open standard designed to convey severity and risk of information system vulnerabilities. CVSS was commissioned by the National Infrastructure Advisory Council (NIAC) in support of the global

Approximate Matching: Definition and Terminology

July 2, 2014
Author(s)
Frank Breitinger, Barbara Guttman, Michael McCarrin, Vassil Roussev, Douglas R. White
This document provides a definition of and terminology for approximate matching. Approximate matching is a promising technology designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find

Using Network Tainting to Bound the Scope of Network Ingress Attacks

July 1, 2014
Author(s)
Peter M. Mell, Richard Harang
This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is

Preserving Privacy More Than Reading a Message

June 27, 2014
Author(s)
Susanne M. Furman, Mary F. Theofanos
Social media has become a mainstream activity where people share all kinds of personal and intimate details about their lives. These social networking sites (SNS) allow users to conveniently authenticate to the third party website by using their SNS

A Cognitive-Behavioral Framework of User Password Management Lifecycle

June 22, 2014
Author(s)
Yee-Yin Choong
Passwords are the most commonly used mechanism in controlling users’ access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password

Character Strings, Memory and Passwords: What a Recall Study Can Tell Us.

June 22, 2014
Author(s)
Brian C. Stanton, Kristen Greene
Many users must authenticate to multiple systems and applications, often using different passwords, on a daily basis. At the same time, the recommendations of security experts are driving increases in the required character length and complexity of

Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords

June 22, 2014
Author(s)
Jennifer R. Bergstrom, Stefan A. Frisch, David C. Hawkins, Joy Hackenbracht, Kristen K. Greene, Mary Theofanos, Brian Griepentrog
Increasingly, institutions are requiring or recommending that their employees use secure, system-generated passwords. It is not clear how well linguistic and phonological language properties map onto complex, randomly-generated passwords. Passwords

I Can't Type That! P@$$w0rd Entry on Mobile Devices

June 22, 2014
Author(s)
Kristen Greene, Melissa A. Gallagher, Brian C. Stanton, Paul Y. Lee
Given the numerous constraints of onscreen keyboards, such as smaller keys and lack of tactile feedback, remembering and typing long, complex passwords — an already burdensome task on desktop computing systems —becomes nearly unbearable on small mobile

NIST Cybersecurity Framework Addresses Risks to Critical Infrastructure

June 2, 2014
Author(s)
Victoria Y. Pillitteri
On February 12, 2014 President Obama issued a statement that, "[c]yber threats pose one the gravest national security dangers that the United States faces. To better defend our nation against this systemic challenge, one year ago I signed an Executive
Was this page helpful?