Use this form to search content on CSRC pages.
Conference: IFIP Annual Conference on Data and Applications Security and Privacy Abstract: Code reusing is a common practice in software development due to its various benefits. Such a practice, however, may also cause large scale security issues since one vulnerability may appear in many different software due to cloned code fragments. The well known concept of relying on software divers...
Abstract: The Smart Grid Profile applies risk management strategies from the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to the smart grid and will serve as a foundation for refinements to support new grid architectures. The Profile provides cybersecurity risk manag...
Abstract: This publication describes an online glossary of terms used in National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) publications. This glossary utilizes a database of terms extracted from NIST Federal Information Processing Standards (FIPS), t...
Journal: Notes on Number Theory and Discrete Mathematics Abstract: An addition chain is a sequence of integers such that every element in the sequence is the sum of two previous elements. They have been much studied, and generalized to additions-subtraction chains, Lucas chains, and Lucas addition-subtraction chains. These various chains have been useful in finding...
Abstract: The Border Gateway Protocol (BGP) is the default routing protocol to route traffic among internet domains. While BGP performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in security allows the protocol to be exploited...
Abstract: The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy r...
Conference: International Symposium on Experimental Algorithms Abstract: Efficient circuits for multiplication of binary polynomials use what are known as Karatsuba recurrences. These methods divide the polynomials of size (i.e. number of terms) k⋅n into k pieces of size n. Multiplication is performed by treating the factors as degree- (k−1) polynomials, with multiplicat...
Conference: 55th ACM Conference on Computers and People Research (SIGMIS-CPR '19) Abstract: Given modern society's dependence on technological infrastructure vulnerable to cyber-attacks, the need to expedite cybersecurity adoption is paramount. Cybersecurity advocates are a subset of security professionals who promote, educate about, and motivate adoption of security best practices and tec...
Abstract: This document provides federal agencies with a guide for implementing attributes in access control systems. Attributes enable a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested...
Abstract: Many organizations monitor business information technology (IT) infrastructure by manual inspection or computer-aided audits, which can result in after-the-fact detection of malicious-user access events. This project explores continuous monitoring capabilities that can effectively, efficiently, a...
Abstract: Hardware/Server Virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which provides mechanisms to abstract hardware and syste...
Journal: ACM Transactions on Design Automation of Electronic Systems Abstract: Electronic systems are ubiquitous today, playing an irreplaceable role in our personal lives, as well as in critical infrastructures such as power grids, satellite communications, and public transportation. In the past few decades, the security of software running on these systems has received signi...
Journal: Quantum: The Open Journal for Quantum Science Abstract: We introduce a framework for graphical security proofs in device-independent quantum cryptography using the methods of categorical quantum mechanics. We are optimistic that this approach will make some of the highly complex proofs in quantum cryptography more accessible, facilitate the discovery of...
Abstract: NIST Special Publication (SP) 800-57 provides cryptographic key management guidance. It consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material. Part 2 provides guidance on policy and security planning requirements. Finally, Pa...
Abstract: This short paper introduces an approach to producing explanations or justifications of decisions made in some artificial intelligence and machine learning (AI/ML) systems, using methods derived from those for fault location in combinatorial testing. We show that validation and explainability issues...
Abstract: The National Institute of Standards and Technology has constructed a testbed to measure the performance impact of cybersecurity technologies on Industrial Control Systems (ICS). The testbed was chosen to support the implementation of the Cybersecurity Framework Manufacturing Profile: a voluntary, ri...
Abstract: The National Institute of Standards and Technology has constructed a testbed to measure the performance impact of cybersecurity defenses on Industrial Control Systems (ICS). The testbed allows researchers to emulate real-world industrial manufacturing processes and their control systems without repl...
Abstract: This bulletin summarizes the information found in FIPS 140-3: Security Requirements for Cryptographic Modules which is applicable to all federal agencies that use cryptographic-based security systems to provide adequate information security for all agency operations and assets as defined in 15 U.S.C...
Abstract: This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing s...
Conference: 12th ACM Conference on Security and Privacy in Wireless and Mobile Network Abstract: The Fifth Generation (5G) mobile broadband standards make a fundamental shift in cryptography. Prior generations based their security and privacy principally on symmetric key cryptography. The Subscriber Identity Module (SIM) and its successors contain a shared key used to authenticate the User Equi...
Abstract: HDOs are leveraging a combination of telehealth capabilities, such as remote patient monitoring (RPM) and videoconferencing, to treat patients in their homes. These modalities are used to treat numerous conditions, such as patients battling chronic illness or requiring postoperative monitoring. As u...
Conference: 10th International Conference on Post-Quantum Cryptography (PQCrypto 2019) Abstract: Group key-exchange protocols allow a set of N parties to agree on a shared, secret key by communicating over a public network. A number of solutions to this problem have been proposed over the years, mostly based on variants of Diffie-Hellman (two-party) key exchange; to the best of our knowledge, h...
Abstract: A randomness beacon produces timed outputs of fresh public randomness. Each output, called a pulse, also includes metadata and cryptographic elements to support several security and usability features. This document specifies a reference “version 2” of a format for pulses and of a protocol for beaco...
Conference: IEEE VLSI Test Symposium 2019 Abstract: Power side-channel attacks (SCAs) have become a major concern to the security community due to their noninvasive feature, low-cost, and effectiveness in extracting secret information from hardware implementation of crypto algorithms. Therefore, it is imperative to evaluate if the hardware is vulnera...
Abstract: How to model and encode the semantics of human-written text and select the type of neural network to process it are not settled issues in sentiment analysis. Accuracy and transferability are critical issues in machine learning in general. These properties are closely related to the loss estimates fo...