Use this form to search content on CSRC pages.
Abstract: Mobile applications have become an integral part of our everyday personal and professional lives. As both public and private organizations rely more on mobile applications, securing these mobile applications from vulnerabilities and defects becomes more important. This paper outlines and details a m...
Abstract: This bulletin summarizes the information found in NISTIR 8214: Threshold Schemes for Cryptographic Primitives. NIST is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the a...
Conference: Hot Topics in the Science of Security Abstract: In this paper, we report on the applicability of combinatorial sequence testing methods to the problem of fingerprinting browsers based on their behavior during a TLS handshake. We created an appropriate abstract model of the TLS handshake protocol and used it to map browser behavior to a feature ve...
Journal: IEEE Transactions on Computers Abstract: We develop a new and simple way to describe Karatsuba-like algorithms for multiplication of polynomials over F2. We restrict the search of small circuits to a class of circuits we call symmetric bilinear. These are circuits in which AND gates only compute functions of the form ∑i∈Sai⋅∑i∈Sb...
Conference: Open Identity Summit 2019 Abstract: Federated identity management enables users to access multiple systems using a single login credential. However, to achieve this a complex privacy compromising authentication has to occur between the user, relying party (RP) (e.g., abusiness), and a credential service provider(CSP) that performs the...
Abstract: The selective application of technological and related procedural safeguards is an important responsibility of every federal organization in providing adequate security in its computer and telecommunication systems. This standard is applicable to all federal agencies that use cryptograph...
Abstract: The National Institute of Standards and Technology (NIST) provides cryptographic key management guidance for defining and implementing appropriate key management procedures, using algorithms that adequately protect sensitive information, and planning ahead for possible changes in the use of cryptogr...
Abstract: This Recommendation specifies key-establishment schemes using integer factorization cryptography (in particular, RSA). Both key-agreement and key transport schemes are specified for pairs of entities, and methods for key confirmation are included to provide assurance that both parties share the same...
Abstract: The Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on...
Abstract: This bulletin summarizes the information found in NIST SP 800-37, Revision 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy which provides guidelines for applying the RMF to information systems and organizations.
Abstract: This Recommendation specifies two methods, called FF1 and FF3-1, for format-preserving encryption. Both of these methods are modes of operation for an underlying, approved symmetric-key block cipher algorithm. Compared to the original version of this publication, the tweak size for FF3-1 is smaller...
Abstract: This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will also be useful for small or medium sized organi...
Conference: Workshop on Usable Security (USEC) 2019 Abstract: As organizations continue to invest in phishing awareness training programs, many Chief Information Security Officers (CISOs) are concerned when their training exercise click rates are high or variable, as they must justify training budgets to those who question the efficacy of training when click r...
Conference: Workshop on Usable Security (USEC) 2019 Abstract: Children use technology from a very young age, and often have to authenticate themselves. Yet very little attention has been paid to designing authentication specifically for this particular target group. The usual practice is to deploy the ubiquitous password, and this might well be a suboptimal ch...
Abstract: This document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources. The example solutions presented here can be used by any organization implementing an enterprise mobility management solution. This project contains two distinct...
Abstract: This document explores common components of sensor networks and the associated requirements for the secure functioning of the sensor network. For each component, the document lists exposed interfaces, applicable threats, and technologies that may be utilized to help ensure the security requirements....
Journal: INTEGERS: The electronic journal of combinatorial number theory Abstract: We study the Legendre family of elliptic curves Et : y2 = x(x − 1)(x − ∆t), parametrized by triangular numbers ∆t = t(t + 1)/2. We prove that the rank of Et over the function field ¯Q(t) is 1, while the rank is 0 over Q(t). We also produce some infinite subfamilies whose Mordell-Weil rank is positiv...
Journal: Computer (IEEE Computer) Abstract: Distributed ledger technology (DLT) offers new and unique advantages for information systems, but some of its features are not a good fit for many applications. We review the properties of DLT and show how two recently developed ideas can be used to retain its advantages while simplifying design.
Abstract: The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public competition-like process. The new public-key cryptography standards will specify one or more additional digital signature, public-key encryption, and key...
Conference: 15th IFIP WG 11.9 International Conference on Digital Forensics Abstract: Hardware/server virtualization is commonly employed in cloud computing to enable ubiquitous access to shared system resources and provide sophisticated services. The virtualization is typically performed by a hypervisor, which provides mechanisms that abstract hardware and system resources from the...
Journal: IEEE Transactions on Dependable and Secure Computing Abstract: The concept of attack surface has seen many applications in various domains, e.g., software security, cloud security, mobile device security, Moving Target Defense (MTD), etc. However, in contrast to the original attack surface metric, which is formally and quantitatively defined for a software, mos...
Journal: EAI Endorsed Transactions on Security and Safety Abstract: Today's businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastruc...
Abstract: This publication describes the Risk Management Framework (RMF) and provides guidelines for applying the RMF to information systems and organizations. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorizat...
Abstract: This bulletin summarizes the information found in NIST SP 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations which discusses the cybersecurity risks associated with medical devices, such as infusion pumps, which -- in today's world -- connect to a variety of healthcare sys...
Abstract: Cryptography is an essential component of modern computing. Unfortunately, implementing cryptography correctly is a non-trivial undertaking. Past research studies have supported this observation by revealing a multitude of errors and pitfalls in the cryptographic implementations of software products...