Search CSRC

Abstract: Many public safety organizations (PSOs) are adopting mobile devices, such as smartphones and tablets, to enable field access to sensitive information for first responders. Most recent mobile devices support one or more forms of biometrics for authenticating users. This report examines how first resp...

Abstract: The goal of the Internet Engineering Task Force’s Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as the devices’ manufacturers intended. MUD provides a standard way for manufacturers to indicate the network communications that a device requires t...

Abstract: Enterprises use encryption—a cryptographic technique—to protect data transmission and storage. While encryption in transit protects data confidentiality and integrity, it also reduces the organization’s visibility into the data flowing through their systems. The NCCoE initiated a project to address...

Abstract: Network-layer onboarding of an Internet of Things (IoT) device is the provisioning of network credentials to that device. The current lack of trusted IoT device onboarding processes leaves many networks vulnerable to having unauthorized devices connect to them. It also leaves devices vulnerable to b...

Abstract: The multivariate scheme HFEv- used to be considered a promising candidate for a post-quantum signature system. First suggested in the early 2000s, a version of the scheme made it to the third round of the ongoing NIST post-quantum standardization process. In late 2020, the system suffered from an ef...

Conference: RSA Conference 2021 Abstract: Post-quantum cryptography has known a Cambrian Explosion in the last decade. What started as a very theoretical and mathematical area has now evolved into a sprawling research field, complete with side-channel resistant embedded implementations, large scale deployment tests and standardization effor...

Abstract: NIST conducted a review of the available alternative approaches for providing confidence in the cybersecurity of Internet of Things (IoT) devices in November 2020 through January 2021, conducting interviews with government and private sector organizations who are experts on these approaches. This wh...

Abstract: Cryptographic technologies are used throughout government and industry to authenticate the source and protect the confidentiality and integrity of information that we communicate and store. The paper describes the impact of quantum computing technology on classical cryptography, particularly on publ...

Conference: The Seventh International Conference on Advances and Trends in Software Engineering (SOFTENG 2021) Abstract: Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their severity scores, such as the Common Vulnerability Scoring Syste...

Conference: 2021 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW) Abstract: This short paper defines a combinatorial coverage metric for comparing machine learning (ML) data sets and proposes the differences between data sets as a function of combinatorial coverage. The paper illustrates its utility for evaluating and predicting performance of ML models. Identifying and mea...

Abstract: Grain-128AEAD is one of the second-round candidates of the NIST lightweight cryptography standardization process. There is an existing body of third-party analysis on the earlier versions of the Grain family that provide insights on the security of Grain-128AEAD. Different from the earlier versions,...

Abstract: In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure (PKI). This set of test cards includes not only examples that are similar to cards i...

Abstract: Multivariate cryptography is dominated by schemes supporting various modifiers to patch certain algebraic weaknesses. Typically these modifiers are linear in nature--- either requiring an extra composition with an affine map, or being evaluated by a legitimate user via an affine projection. This des...

Abstract: This publication describes an example methodology for assessing an organization’s Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be used as documented or as the starting point fo...

Abstract: Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example implementation strives to increase the cybersec...

Abstract: This report provides a summary of the discussion and findings from the NIST Cybersecurity Risks in Consumer Home Internet of Things (IoT) Devices virtual workshop in October 2020. NIST Interagency Report (NISTIR) 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, and NISTIR 82...

Abstract: This document is a Cybersecurity Framework (CSF) Profile developed for voting equipment and information systems supporting elections. This Election Infrastructure Profile can be utilized by election administrators and IT professionals managing election infrastructure to reduce the risks associated w...

Journal: Journal of the National Institute of Standards and Technology Abstract: We discuss the measurement of aggregate levels of encounters in a population, a concept we call encounter metrics. Encounter metrics are designed so that they can be deployed while preserving the privacy of individuals. To this end, encounters are labeled with a random number that cannot be linked t...

Journal: USNC Current Abstract: For many industrial control systems (ICS), it is unacceptable to degrade performance even for the sake of security. As a result, many organizations such as small and medium-size manufacturers (SMMs) may have difficulty with understanding how to implement cybersecurity standards in ICS environments....

Abstract: Bring Your Own Device (BYOD) refers to the practice of performing work-related activities on personally owned devices. This practice guide provides an example solution demonstrating how to enhance security and privacy in Android and Apple smartphone BYOD deployments. Incorporating BYOD capabiliti...

Journal: Computer (IEEE Computer) Abstract: Sharing data between different organizations is a challenge primarily due to database management systems (DBMSs) being different types that impose different schemas to represent and retrieve data. In addition, maintaining security and privacy is a concern. The authors leverage two proven National In...

Journal: Computer (IEEE Computer) Abstract: While the threats may appear to be vastly different, further investigation reveals that the cybersecurity community can learn much from the COVID-19 messaging response.

Abstract: When people try to understand nuanced language they typically process multiple input sensor modalities to complete this cognitive task. It turns out the human brain has even a specialized neuron formation, called sagittal stratum, to help us understand sarcasm. We use this biological formation as th...

Journal: INTEGERS, The electronic journal of combinatorial number theory Abstract: We study various properties of the family of elliptic curves \(x + 1/x + y + 1/y + t = 0\), which is isomorphic to the Weierstrass curve \(E_{t} : Y^2 = X\left(X^2+\middle(\frac{t^2}{4}-2\right) X+1)\). This equation arises from the study of the Mahler measure of polynomials. We show that...

Journal: IEEE Network Abstract: Distributed systems have always presented complex challenges, and technology trends are in many ways making the software designer's job more difficult. In particular, today's systems must successfully handle.