An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Michael Fahr Jr., Hunter Kippen, Andrew Kwong, Thinh Dang, Jacob Lichtinger, Dana Dachman-Soled, Daniel Genkin, Alexander Nelson, Ray Perlner, Arkady Yerukhimovich, Daniel Apon
In this work, we recover the private key material of the FrodoKEM key exchange mechanism as submitted to the NIST PQC standardization process. The new mechanism that allows for this is a Rowhammer-assisted poisoning of the FrodoKEM KeyGen process. That is
James McCarthy, Joseph Brule, Dan Mamula, Karri Meldorf
The objective of this Cybersecurity Profile is to identify an approach to assess the cybersecurity posture of Hybrid Satellite Networks (HSN) that provide services such as satellite-based systems for communications, position, navigation, and timing (PNT)
Kids are engaged in technology and online activities at younger ages than ever before. They are the "digital natives" – an always online and connected generation. Much cyber security research has focused on adults' perceptions and practices. But, what
This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.
John Bayron Baena Giraldo, Pierre Briaud, Daniel Cabarcas Jaramillo, Ray Perlner, Daniel Smith-Tone, Javier Verbel
The Support-Minors (SM) method has opened new routes to attack multivariate schemes with rank properties that were previously impossible to exploit, as shown by the recent attacks of [9, 40] on the Round 3 NIST candidates GeMSS and Rainbow respectively. In
While the existence of many security elements can be measured (e.g., vulnerabilities, security controls, or privacy controls), it is challenging to measure their relative security impact. In the physical world we can often measure the impact of individual
SPHINCS+ is a stateless hash-based signature scheme and a finalist in the NIST PQC standardization process. Its security proof relies on the distinct-function multi-target second-preimage resistance (DM-SPR) of the underlying keyed hash function. The
Patrick D. O'Reilly, Kristina Rigopoulos, Greg Witte, Larry Feldman
During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and
Katerina N. Megas, Michael Fagan, Jeffrey Marron, Paul Watrobski, Barbara Bell Cuthill
This publication documents the consumer profile of NIST's Internet of Things (IoT) core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting
Katerina N. Megas, Michael Fagan, Barbara Bell Cuthill, Brad Hoehn, David Lemire, Rebecca Herold
This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on
Charlie Kaufman, Radia Perlman, Michael Speciner, Ray Perlner
Widely regarded as the most comprehensive yet comprehensible guide to network security and cryptography, the previous editions of Network Security received critical acclaim for lucid and witty explanations of the inner workings of cryptography and network
This paper overviews a dyadic study of youth knowledge and understandings of online privacy and risk, and then highlights challenges that the study reveals about youth online risk taking and privacy protective measures from a family perspective. A full
Gema Howell, Kevin Gerard Brady, Don Harriss, Scott Ledgerwood
Public safety officials utilizing the forthcoming public safety broadband networks will have access to devices, such as mobile devices, tablets and wearables. These devices offer new ways for first responders to complete their missions but may also
Gorjan Alagic, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, Daniel Apon
The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public
Mark Trapnell, Eric Trapnell, Murugiah Souppaya, Bob Gendler, Karen Scarfone
The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system