U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 151 - 175 of 1510

Fronesis: Digital Forensics-Based Early Detection of Ongoing Cyber-Attacks

December 30, 2022
Author(s)
Athanasios Dimitriadis, Efstratios Lontzetidis, Boonserm Kulvatunyou, Nenad Ivezic, Dimitris Gritzalis, Ioannis Mavridis
Traditional attack detection approaches utilize predefined databases of known signatures about already-seen tools and malicious activities observed in past cyber-attacks to detect future attacks. More sophisticated approaches apply machine learning to

Attacks on ML Systems: From Security Risk Analysis to Attack Mitigation

December 16, 2022
Author(s)
Qingtian Zou, Lan Zhang, Anoop Singhal, Xiaoyan Sun, Peng Liu
The past several years have witnessed rapidly increasing use of machine learning (ML) systems in multiple industry sectors. Since risk analysis is one of the most essential parts of the real-world ML system protection practice, there is an urgent need to

Supply Chain Assurance: Validating the Integrity of Computing Devices

December 9, 2022
Author(s)
Nakia R. Grayson, Murugiah Souppaya, Andrew Regenscheid, Tim Polk, Christopher Brown, Karen Scarfone, Chelsea Deane
Product integrity and the ability to distinguish trustworthy products is a critical foundation of C-SCRM. Authoritative information regarding the provenance and integrity of components provides a strong basis for trust in a computing device whether it is a

Making Semantic Structures Explicit: Developing and Evaluating Tools and Techniques to Support Understanding of Large Cybersecurity Corpora

December 1, 2022
Author(s)
Ira Monarch, Jacob Collard, Sangjin Shin, Eswaran Subrahmanian, Talapady N. Bhat, Ram Sriram
This report describes the adaptation, composition and use of natural language processing, machine learning and other computational tools to help make implicit informational structures in very large technical corpora explicit. The tools applied to the

Using Business Impact Analysis to Inform Risk Prioritization and Response

November 17, 2022
Author(s)
Stephen Quinn, Nahla Ivy, Julie Chua, Matthew Barrett, Greg Witte, Larry Feldman, Daniel Topper, Robert Gardner
While business impact analysis (BIA) has historically been used to determine availability requirements for business continuity, the process can be extended to provide a broad understanding of the potential impacts of any type of loss on the enterprise

Engineering Trustworthy Secure Systems

November 16, 2022
Author(s)
Ronald S. Ross, Mark Winstead, Michael McEvilley
This publication describes a basis for establishing principles, concepts, activities, and tasks for engineering trustworthy secure systems. Such principles, concepts, activities, and tasks can be effectively applied within systems engineering efforts to

Measuring the Common Vulnerability Scoring System Base Score Equation

November 15, 2022
Author(s)
Peter Mell, Jonathan Spring, Dave Dugal, Srividya Ananthakrishna, Francesco Casotto, Troy Fridley, Christopher Ganas, Arkadeep Kundu, Phillip Nordwall, Vijayamurugan Pushpanathan, Daniel Sommerfeld, Matt Tesauro, Christopher Turner
This work evaluates the validity of the Common Vulnerability Scoring System (CVSS) Version 3 ''base score'' equation in capturing the expert opinion of its maintainers. CVSS is a widely used industry standard for rating the severity of information

When Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer

November 7, 2022
Author(s)
Michael Fahr Jr., Hunter Kippen, Andrew Kwong, Thinh Dang, Jacob Lichtinger, Dana Dachman-Soled, Daniel Genkin, Alexander Nelson, Ray Perlner, Arkady Yerukhimovich, Daniel Apon
In this work, we recover the private key material of the FrodoKEM key exchange mechanism as submitted to the NIST PQC standardization process. The new mechanism that allows for this is a Rowhammer-assisted poisoning of the FrodoKEM KeyGen process. That is

Can You Spot a Phish

October 19, 2022
Author(s)
Shanee Dawkins, Jody Jacobs
This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.

Improving Support-Minors rank attacks: applications to GeMSS and Rainbow

October 12, 2022
Author(s)
John Bayron Baena Giraldo, Pierre Briaud, Daniel Cabarcas Jaramillo, Ray Perlner, Daniel Smith-Tone, Javier Verbel
The Support-Minors (SM) method has opened new routes to attack multivariate schemes with rank properties that were previously impossible to exploit, as shown by the recent attacks of [9, 40] on the Round 3 NIST candidates GeMSS and Rainbow respectively. In

Breaking Category Five SPHINCS+ with SHA-256

September 28, 2022
Author(s)
Ray Perlner, David Cooper, John M. Kelsey
SPHINCS+ is a stateless hash-based signature scheme and a finalist in the NIST PQC standardization process. Its security proof relies on the distinct-function multi-target second-preimage resistance (DM-SPR) of the underlying keyed hash function. The

2021 Cybersecurity and Privacy Annual Report

September 26, 2022
Author(s)
Patrick D. O'Reilly, Kristina Rigopoulos, Greg Witte, Larry Feldman
During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Profile of the IoT Core Baseline for Consumer IoT Products

September 20, 2022
Author(s)
Katerina N. Megas, Michael Fagan, Jeffrey Marron, Paul Watrobski, Barbara Bell Cuthill
This publication documents the consumer profile of NIST's Internet of Things (IoT) core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting

Workshop Summary Report for "Building on the NIST Foundations: Next Steps in IoT Cybersecurity"

September 20, 2022
Author(s)
Katerina N. Megas, Michael Fagan, Barbara Bell Cuthill, Brad Hoehn, David Lemire, Rebecca Herold
This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on

Network Security: Private Communication in a Public World 3rd Edition

September 16, 2022
Author(s)
Charlie Kaufman, Radia Perlman, Michael Speciner, Ray Perlner
Widely regarded as the most comprehensive yet comprehensible guide to network security and cryptography, the previous editions of Network Security received critical acclaim for lucid and witty explanations of the inner workings of cryptography and network

Security Guidance for First Responder Mobile and Wearable Devices

July 20, 2022
Author(s)
Gema Howell, Kevin Gerard Brady, Don Harriss, Scott Ledgerwood
Public safety officials utilizing the forthcoming public safety broadband networks will have access to devices, such as mobile devices, tablets and wearables. These devices offer new ways for first responders to complete their missions but may also

Analyzing Data Privacy for Edge Systems

July 14, 2022
Author(s)
Olivera Kotevska, Jordan Johnson, A. Gilad Kusne
Internet-of-Things (IoT)-based streaming applications are all around us. Currently, we are transitioning from IoT processing being performed on the cloud to the edge. While moving to the edge provides significant networking efficiency benefits, IoT edge

Discovery of digital forensic dataset characteristics with CASE-Corpora

July 11, 2022
Author(s)
Alexander Nelson
The digital forensics community has generated training and reference data over the course of decades. However, significant challenges persist today in the usage pipeline for that data, from research problem formulation, through discovery of applicable
Was this page helpful?