Search CSRC

Abstract: The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally published in 2015 with the goals of covering...

Abstract: The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally published in 2015 with the goals of covering...

Abstract: The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally published in 2015 with the goals of covering...

Abstract: The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally published in 2015 with the goals of covering...

Abstract: This document is part of Case Studies in Cyber Supply Chain Risk Management-new research that builds on the CSD C-SCRM program's 2015 publications aimed at identifying how C-SCRM practices have evolved. For this case study series, NIST conducted interviews with 16 subject matter experts across a div...

Abstract: The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally published in 2015 with the goals of covering...

Abstract: The Case Studies in Cyber Supply Chain Risk Management series engaged with several companies that are leaders in managing cyber supply chain risk. These case studies build on the Best Practices in Cyber Supply Chain Risk Management case studies originally published in 2015 with the goals of covering...

Journal: Finite Fields and Their Applications Abstract: The k-subset sum problem over finite fields is a classical NP-complete problem. Motivated by coding theory applications, a more complex problem is the higher m-th moment k-subset sum problem over finite fields. We show that there is a deterministic polynomial time algorithm for the&nb...

Journal: Advances in Mathematics of Communications Abstract: This article introduces the NIST post-quantum cryptography standardization process. We highlight the challenges, discuss the mathematical problems in the proposed post-quantum cryptographic algorithms and the opportunities for mathematics researchers to contribute.

Abstract: The selfish mining attack allows cryptocurrency miners to mine more than their "fair share" of blocks, stealing revenue from other miners while reducing the overall security of payments. This malicious strategy has been extensively studied in Bitcoin, but far less attention has been paid to how the...

Abstract: This publication describes the voluntary NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Version 1.0). The Privacy Framework is a tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innova...

Journal: Computer Abstract: Testing is the most commonly used approach for software assurance, yet it remains as much judgment and art as science. We suggest that structural coverage measures must be supplemented with measures of input space coverage, providing a means of verifying that an adequate input model has been defined...

Abstract: Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing within organizations and on the web. Traditional identity systems typically suffer from single points of failure, lack of interoperability, and privacy issu...

Conference: Sixteenth IFIP 11.9 International Conference on Digital Forensics Abstract: Cloud forensic investigations involve large volumes of diverse devices and data. Investigations involving advanced persistent threat attacks involve filtering noisy data and using expert knowledge to identify the missing steps in the attacks that typically have long time spans. Under such circumstan...

Abstract: In recent years, numerous routing control plane anomalies, such as Border Gateway Protocol (BGP) prefix hijacking and route leaks, have resulted in denial-of-service (DoS), unwanted data traffic detours, and performance degradation. Large-scale distributed denial-of-service (DDoS) attacks on servers...

Abstract: An organization must protect its information from unauthorized access and disclosure. Data breaches large and small can have far-reaching operational, financial, and reputational impacts. The goal of this project is to provide a practical solution to identify and protect the confidentiality of an en...

Abstract: An organization must protect its information from unauthorized access and disclosure. Data breaches large and small can have far-reaching operational, financial, and reputational impacts. The goal of this project is to provide a practical solution to detect, respond to, and recover from incidents th...

Journal: Digital Investigation Abstract: Digital forensics can no longer tolerate software that cannot be relied upon to perform specific functions such as file recovery. Indistinct and non-standardized results increase the risk of misinterpretation by digital forensic practitioners, and hinder automated correlation of file recovery result...

Conference: Fourteenth International Conference on Software Engineering Advances (ICSEA 2019) Abstract: Previous work presented a theoretical model based on the implicit Bitcoin specification for how an entity might issue a protocol native cryptocurrency that mimics features of fiat currencies. Protocol native means that it is built into the blockchain platform itself and is not simply a token running...

Conference: Fourteenth International Conference on Software Engineering Advances (ICSEA 2019) Abstract: In this work, we investigate how the governance features of a managed currency (e.g., a fiat currency) can be built into a cryptocurrency in order to leverage potential benefits found in the use of blockchain technology and smart contracts. The resulting managed cryptocurrency can increase transpare...

Abstract: We introduce a new technique for building multivariate encryption schemes based on random linear codes. The construction is versatile, naturally admitting multiple modifications. Among these modifications is an interesting embedding modifier -- any efficiently invertible multivariate system can be e...

Journal: IT Professional Abstract: In today's environment, there is little doubt that companies, organizations, and governments must make significant investments in developing, implementing, and supporting authentication for their digital systems. Perhaps because of this, an organization’s IT support center often takes a hard line wh...

Abstract: This standard specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidenc...

Abstract: This recommendation specifies the set of elliptic curves recommended for U.S. Government use. In addition to the previously recommended Weierstrass curves defined over prime fields and binary fields, this recommendation includes two newly specified Montgomery curves, which claim increased performanc...

Abstract: This NIST Interagency/Internal Report (NISTIR) is intended as a step toward securing applications of Artificial Intelligence (AI), especially against adversarial manipulations of Machine Learning (ML), by developing a taxonomy and terminology of Adversarial Machine Learning (AML). Although AI a...