Search CSRC

Abstract: HDOs are leveraging a combination of telehealth capabilities, such as remote patient monitoring (RPM) and videoconferencing, to treat patients in their homes. These modalities are used to treat numerous conditions, such as patients battling chronic illness or requiring postoperative monitoring. As u...

Conference: 10th International Conference on Post-Quantum Cryptography (PQCrypto 2019) Abstract: Group key-exchange protocols allow a set of N parties to agree on a shared, secret key by communicating over a public network. A number of solutions to this problem have been proposed over the years, mostly based on variants of Diffie-Hellman (two-party) key exchange; to the best of our knowledge, h...

Abstract: A randomness beacon produces timed outputs of fresh public randomness. Each output, called a pulse, also includes metadata and cryptographic elements to support several security and usability features. This document specifies a reference “version 2” of a format for pulses and of a protocol for beaco...

Conference: IEEE VLSI Test Symposium 2019 Abstract: Power side-channel attacks (SCAs) have become a major concern to the security community due to their noninvasive feature, low-cost, and effectiveness in extracting secret information from hardware implementation of crypto algorithms. Therefore, it is imperative to evaluate if the hardware is vulnera...

Abstract: How to model and encode the semantics of human-written text and select the type of neural network to process it are not settled issues in sentiment analysis. Accuracy and transferability are critical issues in machine learning in general. These properties are closely related to the loss estimates fo...

Abstract: Mobile applications have become an integral part of our everyday personal and professional lives. As both public and private organizations rely more on mobile applications, securing these mobile applications from vulnerabilities and defects becomes more important. This paper outlines and details a m...

Abstract: This bulletin summarizes the information found in NISTIR 8214: Threshold Schemes for Cryptographic Primitives. NIST is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the a...

Conference: Hot Topics in the Science of Security Abstract: In this paper, we report on the applicability of combinatorial sequence testing methods to the problem of fingerprinting browsers based on their behavior during a TLS handshake. We created an appropriate abstract model of the TLS handshake protocol and used it to map browser behavior to a feature ve...

Journal: IEEE Transactions on Computers Abstract: We develop a new and simple way to describe Karatsuba-like algorithms for multiplication of polynomials over F2. We restrict the search of small circuits to a class of circuits we call symmetric bilinear. These are circuits in which AND gates only compute functions of the form ∑i∈Sai⋅∑i∈Sb...

Conference: Open Identity Summit 2019 Abstract: Federated identity management enables users to access multiple systems using a single login credential. However, to achieve this a complex privacy compromising authentication has to occur between the user, relying party (RP) (e.g., abusiness), and a credential service provider(CSP) that performs the...

Abstract: The selective application of technological and related procedural safeguards is an important responsibility of every federal organization in providing adequate security in its computer and telecommunication systems.   This standard is applicable to all federal agencies that use cryptograph...

Abstract: The National Institute of Standards and Technology (NIST) provides cryptographic key management guidance for defining and implementing appropriate key management procedures, using algorithms that adequately protect sensitive information, and planning ahead for possible changes in the use of cryptogr...

Abstract: This Recommendation specifies key-establishment schemes using integer factorization cryptography (in particular, RSA). Both key-agreement and key transport schemes are specified for pairs of entities, and methods for key confirmation are included to provide assurance that both parties share the same...

Abstract: The Computer Security Division at the National Institute of Standards and Technology is interested in promoting the security of implementations of cryptographic primitives. This security depends not only on the theoretical properties of the primitives but also on the ability to withstand attacks on...

Abstract: This bulletin summarizes the information found in NIST SP 800-37, Revision 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy which provides guidelines for applying the RMF to information systems and organizations.

Abstract: This Recommendation specifies two methods, called FF1 and FF3-1, for format-preserving encryption. Both of these methods are modes of operation for an underlying, approved symmetric-key block cipher algorithm. Compared to the original version of this publication, the tweak size for FF3-1 is smaller...

Abstract: This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will also be useful for small or medium sized organi...

Conference: Workshop on Usable Security (USEC) 2019 Abstract: As organizations continue to invest in phishing awareness training programs, many Chief Information Security Officers (CISOs) are concerned when their training exercise click rates are high or variable, as they must justify training budgets to those who question the efficacy of training when click r...

Conference: Workshop on Usable Security (USEC) 2019 Abstract: Children use technology from a very young age, and often have to authenticate themselves. Yet very little attention has been paid to designing authentication specifically for this particular target group. The usual practice is to deploy the ubiquitous password, and this might well be a suboptimal ch...

Abstract: This document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources. The example solutions presented here can be used by any organization implementing an enterprise mobility management solution. This project contains two distinct...

Abstract: This document explores common components of sensor networks and the associated requirements for the secure functioning of the sensor network. For each component, the document lists exposed interfaces, applicable threats, and technologies that may be utilized to help ensure the security requirements....

Journal: INTEGERS: The electronic journal of combinatorial number theory Abstract: We study the Legendre family of elliptic curves Et : y2 = x(x − 1)(x − ∆t), parametrized by triangular numbers ∆t = t(t + 1)/2. We prove that the rank of Et over the function field ¯Q(t) is 1, while the rank is 0 over Q(t). We also produce some infinite subfamilies whose Mordell-Weil rank is positiv...

Journal: Computer (IEEE Computer) Abstract: Distributed ledger technology (DLT) offers new and unique advantages for information systems, but some of its features are not a good fit for many applications. We review the properties of DLT and show how two recently developed ideas can be used to retain its advantages while simplifying design.

Abstract: The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public competition-like process. The new public-key cryptography standards will specify one or more additional digital signature, public-key encryption, and key...

Conference: 15th IFIP WG 11.9 International Conference on Digital Forensics Abstract: Hardware/server virtualization is commonly employed in cloud computing to enable ubiquitous access to shared system resources and provide sophisticated services. The virtualization is typically performed by a hypervisor, which provides mechanisms that abstract hardware and system resources from the...