Search CSRC

Abstract: The Boyen-Li signature scheme [Asiacrypt'16] is a major theoretical breakthrough. Via a clever homomorphic evaluation of a pseudorandom function over their verification key, they achieve a reduction loss in security linear in the underlying security parameter and entirely independent of the number o...

Abstract: Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. This publication introduces the information security pr...

Conference: 31st IFIP Conference on Data and Application Security and Privacy (DBSEC 2017) Abstract: Today’s cyber-attacks towards enterprise networks often undermine and even fail the mission assurance of victim networks. Mission cyber resilience (or active cyber defense) is critical to prevent or minimize negative consequences towards missions. Without effective mission impact assessment, mission...

Conference: IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC 2017) Abstract: The administrators of a mission critical network usually have to worry about non-traditional threats, e.g., how to live with known, but unpatchable vulnerabilities, and how to improve the network’s resilience against potentially unknown vulnerabilities. To this end, network hardening is a well-knowf...

Journal: Discrete Mathematics, Algorithms and Applications Abstract: For a positive integer k let S = {0, 1, . . . , k − 1} be the alphabet whose symbols are the integers from 0 to k − 1. The set off all strings of length n ∈ Z+ over S is denoted by S(n). We show a near optimal algorithm to solve the problem of counting the number of times that every string in S(n) o...

Abstract: This bulletin summarizes the information in NISTIR 8114: Report on Lightweight Cryptography which provides an overview of the lightweight cryptography project at NIST and describes plans for the standardization of lightweight cryptography algorithms.

Journal: Quantum Information & Computation Abstract: If two quantum players at a nonlocal game $G$ achieve a superclassical score, then their measurement outcomes must be at least partially random from the perspective of any third player.  This is the basis for device-independent quantum cryptography.  In this paper we ad...

Journal: Glasnik Matematicki Abstract: In this paper, we look at long geometric progressions on different models of elliptic curves, namely Weierstrass curves, Edwards and twisted Edwards curves, Huff curves and general quartics curves. By a geometric progression on an elliptic curve, we mean the existence of rational points on the curve...

Abstract: The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated assessment. This document, Volume 2 of NISTIR...

Abstract: This volume introduces concepts to support automated assessment of most of the security controls in NIST Special Publication (SP) 800-53. Referencing SP 800-53A, the controls are divided into more granular parts (determination statements) to be assessed. The parts of the control assessed by each det...

Conference: 11th Annual Conference on Digital Forensics, Security and Law (ADFSL) Abstract: In this paper, we present an approach and experimental results to suggest the past presence of an application after the application has been uninstalled and the system has remained in use. Current techniques rely on the recovery of intact artifacts and traces, e.g., whole files, Windows Registry ent...

Abstract: We introduce a framework for graphical security proofs in device-independent quantum cryptography using the methods of categorical quantum mechanics. We are optimistic that this approach will make some of the highly complex proofs in quantum cryptography more accessible, facilitate the discovery of...

Journal: Computer (IEEE Computer) Abstract: In the 1980's, the software quality community was all 'a buzz' with seemingly endless 'potential' approaches for producing higher quality software. At the forefront of that was software metrics, along with the corresponding software testing techniques and tools and process improvement schemes that r...

Abstract: This bulletin, based on NIST Special Publication (SP) 800-150, introduces cyber threat intelligence and information sharing concepts, describes the benefits and challenges of sharing, clarifies the importance of trust, and introduces specific data handling considerations. It also desc...

Abstract: This bulletin summarizes the information in NISTIR 8062: An Introduction to Privacy Engineering and Risk Management in Federal Information Systems which provides an introduction to the concepts of privacy engineering and risk management for federal information systems. NISTIR 8062 introduces two key...

Journal: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications Abstract: An important way to limit malicious insiders from distributing sensitive information is to restrict access as tightly as possible. This has always been the goal in the design of access control mechanisms, but individual approaches can be inadequate. Approaches that instantiate multiple methods simul...

Abstract: The Baldrige Cybersecurity Excellence Builder is a voluntary self-assessment tool that enables organizations to better understand the effectiveness of their cybersecurity risk management efforts. It helps your organization identify strengths and opportunities for improvement in managing cybersecurit...

Abstract: NIST-approved cryptographic standards were designed to perform well on general-purpose computers. In recent years, there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When current NIST-approved algorithms can be engineered...

Conference: 2nd ACM Workshop on Attribute Based Access Control (ABAC '17) Abstract: In this paper, we describe a system that leverages ANSI/INCITS Next Generation Access Control (NGAC) standard called Next-generation Database Access Control (NDAC) for accessing data in tables, rows, and columns in existing RDBMS products. NDAC imposes access control at the data level, eliminating t...

Conference: 2nd ACM Workshop on Attribute-Based Access Control (ABAC'17) Abstract: Access control offers mechanisms to control and limit the actions or operations that are performed by a user on a set of resources in a system. Many access control models exist that are able to support this basic requirement. One of the properties examined in the context of these models is their abi...

Abstract: This bulletin summarizes the information in NISTIR 7621, Revision 1: Small Business Information Security: The Fundamentals. The bulletin presents the fundamentals of a small business information security program.

Abstract: Industrial Control Systems (ICS) monitor and control physical processes in many different industries and sectors. Cyber attacks against ICS devices present a real threat to organizations that employ ICS to monitor and control manufacturing processes. The NIST Engineering Laboratory (EL), in conjunct...

Conference: NDSS Symposium 2017 Abstract: Online security experiences, perceptions, and behaviors are key to understanding users security practices. Users express that they are concerned about online security, but they also express frustration in navigating the often confusing and mentally taxing cybersecurity world. Thi...

Conference: 2016 IEEE Conference on Communications and Network Security (CNS) Abstract: Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi-step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero-day threats. In this paper, we propose a pro...

Journal: IEEE Systems Journal Abstract: The nature of healthcare and the computational and physical technologies and constraints present a number of challenges to systems designers and implementers. In spite of the challenges, there is a significant market for systems and products to support caregivers in their tasks as the number of peop...