Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 826 - 850 of 1509

A Matter of Policy

March 26, 2012

Author(s)

David F. Ferraiolo, Jeffrey M. Voas, George Hurlburt

This paper discusses system security policies. System policies are the set of rules that when implemented afford a strategy for the protection of information. The policy objectives are diverse and span the social-economic spectrum. System policies govern

A Keyed Sponge Construction with Pseudorandomness in the Standard Model

March 22, 2012

Author(s)

Donghoon Chang, Morris Dworkin, Seokhie Hong, John M. Kelsey, Mridul Nandi

The sponge construction, designed by Bertoni, Daemen, Peeters, and Asscheis, is the framework for hash functions such as Keccak, PHOTON, Quark, and spongent. The designers give a keyed sponge construction by prepending the message with key and prove a

Improved Indifferentiability Security Bound for the JH Mode

March 22, 2012

Author(s)

Dustin Moody, Souradyuti Paul, Daniel C. Smith-Tone

The JH hash function is one of the five fi nalists of the ongoing NIST SHA3 hash function competition. Despite several earlier attempts, and years of analysis, the indi fferentiability security bound of the JH mode has so far remained remarkably low, only

Specification for WS-Biometric Devices (WS-BD)

March 14, 2012

Author(s)

Ross J. Micheals, Kevin C. Mangold, Matthew L. Aronoff, Kayee Hanaoka, Karen Marshall

National Voluntary Laboratory Accreditation Program (NVLAP) Cryptographic and Security Testing

March 13, 2012

Author(s)

Dana S. Leaman

The revision of NIST Handbook 150-17 presents an addition of the technical requirements and guidance for the accreditation of laboratories performing testing in support of the Department of Homeland Security Transportation Worker Identification Credential

Secure Hash Standard (SHS)

March 6, 2012

Author(s)

National Institute of Standards and Technology (NIST), Quynh Dang

[Superseded by FIPS 180-4 (August 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919060] This standard specifies hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 27, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs): Recommendations of the National Institute of Standards and Technology. The publication was written by

Guidelines for Securing Wireless Local Area Networks (WLANs)

February 21, 2012

Author(s)

Murugiah P. Souppaya, Karen Scarfone

A wireless local area network (WLAN) is a group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each

Building Security into Off-the-Shelf Smartphones

February 1, 2012

Author(s)

Angelos Stavrou, Jeff Voas, Tom T. Karygiannis, Stephen Quirolgico

Recent advancements in hardware have increased the computing power, memory, storage, and wireless connectivity of handheld mobile devices. Smart-phone devices are used for everyday activities that range from Maps and Geo-location tagging to banking. Indeed

Determining Authentication Strength for Smart Card-based Authentication Use Cases

January 30, 2012

Author(s)

Ramaswamy Chandramouli

Smart cards are now being extensively deployed for identity verification(smart identity tokens) for controlling access to Information Technology (IT) as well as physical resources. Depending upon the sensitivity of the resources and the risk of wrong

Advancing Security Automation and Standardization: Revised Technical Specifications Issued for the Security Content Automation Protocol (SCAP)

January 24, 2012

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and

Recommendation for Random Number Generation Using Deterministic Random Bit Generators

January 23, 2012

Author(s)

Elaine B. Barker

[Superseded by SP 800-90A Revision 1 (June 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918489] This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher

January 23, 2012

Author(s)

William C. Barker, Elaine B. Barker

This publication specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). When implemented in an SP 800-38-series-compliant mode of operation and in a FIPS 140-2

Vulnerability Hierarchies in Access Control Configurations

December 27, 2011

Author(s)

David R. Kuhn

This paper applies methods for analyzing fault hierarchies to the analysis of relationships among vulnerabilities in misconfigured access control rule structures. Hierarchies have been discovered previously for faults in arbitrary logic formulae, such that

Recommendation for Existing Application-Specific Key Derivation Functions

December 23, 2011

Author(s)

Quynh H. Dang

Cryptographic keys are vital to the security of internet security applications and protocols. Many widely-used internet security protocols have their own application-specific Key Derivation Functions (KDFs) that are used to generate the cryptographic keys

Revised Guideline for Electronic Authentication of Users Helps Organizations Protect the Security of their Information Systems

December 22, 2011

Author(s)

Shirley M. Radack

This bulletin summarizes the information presented in NIST Special Publication (SP) 800-63-1, Electronic Authentication Guideline. This revised guideline, which supersedes an earlier guideline, NIST SP 800-63, updates information about, and recommendations

Electronic Authentication Guideline

December 12, 2011

Author(s)

William E. Burr, Donna F. Dodson, Elaine M. Newton, Ray Perlner, William Polk, Sarbari Gupta, Emad A. Nabbus

[Superseded by SP 800-63-2 (August 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=914476] This recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrain

Guidelines on Security and Privacy in Public Cloud Computing

December 9, 2011

Author(s)

Timothy Grance, Wayne Jansen

Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from

Role Engineering: Methods and Standards

December 8, 2011

Author(s)

Edward Coyne, Timothy Weil, D. Richard Kuhn

This article explains problems and approaches to designing permission structures for role based access control. RBAC and the RBAC standard are summarized, common approaches to role engineering described, and the current status and plans for the INCITS role

On the Differential Security of Multivariate Public Key Cryptosystems

November 29, 2011

Author(s)

Daniel C. Smith-Tone

Since the discovery of an algorithm for factoring and computing discrete logarithms in polynomial time on a quantum computer, the cryptographic community has been searching for an alternative for security in the approaching post-quantum world. One

Recommendation for Key Derivation through Extraction-then-Expansion

November 28, 2011

Author(s)

Lidong Chen

This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key establishment scheme defined in NIST Special Publications 800-56A or 800-56B through an extraction-then-expansion procedure.

Service Model Driven Variations in Security Measures for Cloud Environments

November 6, 2011

Author(s)

Ramaswamy Chandramouli

With the increasing adoption of cloud computing service models - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), proper implementation of adequate and appropriate security protection measures has become a

Mean Value Formulas for Twisted Edwards Curves

November 3, 2011

Author(s)

Dustin Moody

R. Feng and H.Wu recently established a certain mean-value formula for the coordinates of the n-division points on an elliptic curve given inWeierstrass form (A mean value formula for elliptic curves, 2010, available at http://eprint.iacr.org/2009/586.pdf)

Mobile-App Addiction: Threat to Security?

November 1, 2011

Author(s)

George Hurlburt, Jeff Voas, Keith Miller

Giving individuals this kind of information processing power, along with unprecedented connectivity, might be the single most impressive technical achievement of the 21st century. Nobody knows what the full impact of this transformation will be, but it's

The National Strategy for Trusted Identities in Cyberspace (Enhancing Online Choice, Efficiency, Security, and Privacy through Standards)

November 1, 2011

Author(s)

Jeremy A. Grant

Dear Password, Its time for you to retire. Youve served us well, but the reality is that youre woefully outdated and fundamentally insecure. Moreover, our reliance on you is making it difficult to move some very interesting and valuable types of

Was this page helpful?