Search Publications

NIST Authors in Bold

Displaying 76 - 100 of 1419

When Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer

November 7, 2022

Author(s)

Michael Fahr Jr., Hunter Kippen, Andrew Kwong, Thinh Dang, Jacob Lichtinger, Dana Dachman-Soled, Daniel Genkin, Alexander Nelson, Ray Perlner, Arkady Yerukhimovich, Daniel Apon

In this work, we recover the private key material of the FrodoKEM key exchange mechanism as submitted to the NIST PQC standardization process. The new mechanism that allows for this is a Rowhammer-assisted poisoning of the FrodoKEM KeyGen process. That is

Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN): Final Annotated Outline

November 3, 2022

Author(s)

James McCarthy, Joseph Brule, Dan Mamula, Karri Meldorf

The objective of this Cybersecurity Profile is to identify an approach to assess the cybersecurity posture of Hybrid Satellite Networks (HSN) that provide services such as satellite-based systems for communications, position, navigation, and timing (PNT)

Parenting the "Always Connected" Generation - Research Findings from NIST Youth Security & Privacy Research

October 25, 2022

Author(s)

Yee-Yin Choong

Kids are engaged in technology and online activities at younger ages than ever before. They are the "digital natives" – an always online and connected generation. Much cyber security research has focused on adults' perceptions and practices. But, what

Can You Spot a Phish

October 19, 2022

Author(s)

Shanee Dawkins, Jody Jacobs

This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.

Improving Support-Minors rank attacks: applications to GeMSS and Rainbow

October 12, 2022

Author(s)

John Bayron Baena Giraldo, Pierre Briaud, Daniel Cabarcas Jaramillo, Ray Perlner, Daniel Smith-Tone, Javier Verbel

The Support-Minors (SM) method has opened new routes to attack multivariate schemes with rank properties that were previously impossible to exploit, as shown by the recent attacks of [9, 40] on the Round 3 NIST candidates GeMSS and Rainbow respectively. In

The Generation of Software Security Scoring Systems Leveraging Human Expert Opinion

October 3, 2022

Author(s)

Peter Mell

While the existence of many security elements can be measured (e.g., vulnerabilities, security controls, or privacy controls), it is challenging to measure their relative security impact. In the physical world we can often measure the impact of individual

Breaking Category Five SPHINCS+ with SHA-256

September 28, 2022

Author(s)

Ray Perlner, David Cooper, John M. Kelsey

SPHINCS+ is a stateless hash-based signature scheme and a finalist in the NIST PQC standardization process. Its security proof relies on the distinct-function multi-target second-preimage resistance (DM-SPR) of the underlying keyed hash function. The

2021 Cybersecurity and Privacy Annual Report

September 26, 2022

Author(s)

Patrick D. O'Reilly, Kristina Rigopoulos, Greg Witte, Larry Feldman

During Fiscal Year 2021 (FY 2021) – from October 1, 2020, through September 30, 2021 – the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and

Profile of the IoT Core Baseline for Consumer IoT Products

September 20, 2022

Author(s)

Katerina N. Megas, Michael Fagan, Jeffrey Marron, Paul Watrobski, Barbara Bell Cuthill

This publication documents the consumer profile of NIST's Internet of Things (IoT) core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting

Workshop Summary Report for "Building on the NIST Foundations: Next Steps in IoT Cybersecurity"

September 20, 2022

Author(s)

Katerina N. Megas, Michael Fagan, Barbara Bell Cuthill, Brad Hoehn, David Lemire, Rebecca Herold

This report summarizes the feedback received on the work of the NIST Cybersecurity for the Internet of Things (IoT) program on IoT product cybersecurity criteria at a virtual workshop in June 2022. The purpose of this workshop was to obtain feedback on

Challenges to building youth's online safety knowledge from a family perspective: Results from a youth/parent dyad study

August 7, 2022

Author(s)

Olivia Williams, Yee-Yin Choong, Kerrianne Buchanan

This paper overviews a dyadic study of youth knowledge and understandings of online privacy and risk, and then highlights challenges that the study reveals about youth online risk taking and privacy protective measures from a family perspective. A full

Security Guidance for First Responder Mobile and Wearable Devices

July 20, 2022

Author(s)

Gema Howell, Kevin Gerard Brady, Don Harriss, Scott Ledgerwood

Public safety officials utilizing the forthcoming public safety broadband networks will have access to devices, such as mobile devices, tablets and wearables. These devices offer new ways for first responders to complete their missions but may also

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

July 5, 2022

Author(s)

Gorjan Alagic, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, Daniel Apon

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public

Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)

June 24, 2022

Author(s)

Mark Trapnell, Eric Trapnell, Murugiah Souppaya, Bob Gendler, Karen Scarfone

The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system

Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT)

June 22, 2022

Author(s)

Eran Salfati, Michael Pease

This document provides a new Incident Handling framework dedicated to Operational Technology. This framework expands the traditional technical steps by giving an Incident Response procedure based on the event escalation and provides techniques for OT

Initial Summary Analysis of Responses to the Request for Information Evaluating and Improving Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management

June 3, 2022

Author(s)

Cherilyn Pascoe

On February 22, 2022, NIST issued a public Request for Information (RFI), "Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management." The RFI sought information on the use of the NIST

Blockchain for Access Control Systems

May 26, 2022

Author(s)

Vincent C. Hu

The rapid development and wide application of distributed network systems have made network security – especially access control and data privacy – ever more important. Blockchain technology offers features such as decentralization, high confidence, and

CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

May 20, 2022

Author(s)

Kim B. Schaffer, Alexander Calis

The approved security functions listed in this publication replace the ones listed in ISO/IEC 19790 Annex C and ISO/IEC 24759 6.15, within the context of the Cryptographic Module Validation Program (CMVP). As a validation authority, the CMVP may supersede

SCAP Composer User Guide

May 16, 2022

Author(s)

Joshua Lubell

SCAP Composer is a software application from the National Institute of Standards and Technology (NIST) for creating Security Content Automation Protocol (SCAP – pronounced "ess-cap") source data stream collections. A source data stream collection is a

A New Conditional Cube Attack on Reduced-Round Ascon-128a in a Nonce-misuse Setting

May 9, 2022

Author(s)

Donghoon Chang, Jinkeon Kang, Meltem Sonmez Turan

Ascon is one of the finalists of the National Institute of Standards and Technology (NIST) lightweight cryptography standardization process. In 2019, Ascon was also selected as the primary choice for lightweight authenticated encryption in the final

Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators

May 6, 2022

Author(s)

Scott Rose

NIST Special Publication 800-207 defines zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to network identities, endpoints, and data flows. Input and cooperation from

Cybersecurity Supply Chain Risk Management for Systems and Organizations

May 5, 2022

Author(s)

Jon M. Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alexander Holbrook, Matthew Fallon

Organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These

Getting Started with Cybersecurity Risk Management: Ransomware (Portuguese Translation)

May 5, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, Karen Scarfone, William Barker

Getting Started with Cybersecurity Risk Management: Ransomware (Spanish Translation)

May 5, 2022

Author(s)

Bill Fisher, Murugiah Souppaya, Karen Scarfone, William Barker

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

May 4, 2022

Author(s)

Murugiah Souppaya, Michael Bartock, Karen Scarfone, Ryan Savino, Tim Knoll, Uttam Shetty, Mourad Cherfaoui, Raghu Yeluri, Don Banks, Akash Malhotra, Michael Jordan, Dimitrios Pendarakis, Peter Romness

In today's cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Engineering / synthetic biology
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Quality assurance
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Reference data
-Reference instruments
-Reference materials
-Standards education
Transportation
-Aerospace
-Automotive