Search CSRC

Abstract: This document describes the principles, processes and procedures that drive cryptographic standards and guidelines development efforts at the National Institute of Standards and Technology (NIST). This document reflects public comments received on two earlier versions, and will serve as the basis to...

Abstract: This Recommendation specifies two methods, called FF1 and FF3, for format-preserving encryption. Both of these methods are modes of operation for an underlying, approved symmetric-key block cipher algorithm.

Conference: Seventh International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2016) Abstract: Virtual Machines (VMs) constitute the primary category of resources to be protected in virtualized infrastructures. Out of the two types of protection for VMs – Host-level and Network-level – it is the approaches for the Network-level protection that are different in virtualized infrastructures as c...

Abstract: Pilots are an integral part of the National Strategy for Trusted Identities in Cyberspace (NSTIC), issued by the White House in 2011 to encourage enhanced security, privacy, interoperability, and ease of use for online transactions. This document details summaries and outcomes of NSTIC pilots; in ad...

Abstract: This bulletin summarizes the information presented in NISTIR 7511, Rev. 4, "Security Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements". This is the fourth revision of the NISTIR which defines the requirements and associated test procedures necessary for products or...

Abstract: Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a particular logical entity, such as a piece of data, an application, a host, a system, or an environment. This publication examines data-centric system threat modeling, which is threat modeling that...

Conference: 2016 ACM International Workshop on Attribute Based Access Control (ABAC '16) Abstract: Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing and enforcing vastly diverse access control...

Journal: International Journal of Computer Science: Theory and Application Abstract: The problem of optimally removing a set of vertices from a graph to minimize the size of the largest resultant component is known to be NP-complete. Prior work has provided near optimal heuristics with a high time complexity that function on up to hundreds of nodes and less optimal but faster techni...

Abstract: Virtual machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end nodes of a virtual network, the configuration of the virtual network is an important element in the security of the VMs and their hosted applications....

Abstract: The Domain Name System-Based Security for Electronic Mail project will produce a proof of concept security platform that will demonstrate trustworthy email exchanges across organizational boundaries. The product of the project will include authentication of mail servers, signing and encryption of em...

Conference: 7th International Workshop on Post-Quantum Cryptography (PQCrypto 2016) Abstract: Recently, Gligoroski et al. proposed code-based encryption and signature schemes using list decoding, blockwise triangular private keys, and a nonuniform error pattern based on “generalized error sets.” The general approach was referred to as "McEliece in the World of Escher." This paper demonstrate...

Conference: 7th International Workshop on Post-Quantum Cryptography (PQCrypto 2016) Abstract: Multivariate Public Key Cryptography (MPKC) is one of the most attractive post-quantum options for digital signatures in a wide array of applications. The history of multivariate signature schemes is tumultuous, however, and solid security arguments are required to inspire faith in the schemes and t...

Conference: 7th International Workshop on Post-Quantum Cryptography (PQCrypto 2016) Abstract: ZHFE, designed by Porras et al., is one of the few promising candidates for a multivariate public-key encryption algorithm. In this article we extend and expound upon the existing security analysis on this scheme. We prove security against differential adversaries, complementing a more accurate and...

Abstract: Many variations and definitions of application containers exist in industry, causing considerable confusion amongst those who attempt to explain what a container is. This document serves to provide a NIST-standard definition to application containers, microservices which reside in application contai...

Abstract: The bulletin summarizes the information presented in NISTIR 7904, "Trusted Geolocation in the Cloud: Proof of Concept Implementation". The publication explains security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation.

Abstract: FIPS 201 defines the requirements and characteristics of a government-wide interoperable identity credential. FIPS 201 also specifies that this identity credential must be stored on a smart card. This document, SP 800-73, contains the technical specifications to interface with the smart card to retr...

Journal: IEEE Security & Privacy Abstract: What can you glean from using inexpensive, off-the-shelf parts to create Internet of Things (IoT) use cases? As it turns out, a lot. The fast productization of IoT technologies is leaving users vulnerable to security and privacy risks.

Abstract: This report defines the requirements and associated test procedures necessary for products or modules to achieve one or more Security Content Automation Protocol (SCAP) validations. Validation is awarded based on a defined set of SCAP capabilities by independent laboratories that have been accredite...

Abstract: This report documents proof of concept research for Derived Personal Identity Verification (PIV) Credentials. Smart card-based PIV Cards cannot be readily used with most mobile devices, such as smartphones and tablets, but Derived PIV Credentials (DPCs) can be used instead to PIV-enable these device...

Journal: IEEE Transactions on Information Forensics and Security Abstract: Diversity has long been regarded as a security mechanism for improving the resilience of software and networks against various attacks. More recently, diversity has found new applications in cloud computing security, moving target defense, and improving the robustness of network routing. However, mo...

Abstract: This bulletin summarizes the information presented in NISTIR 7966, "Security of Interactive and Automated Access Management Using Secure Shell (SSH)." The publication assists organizations in understanding the basics of SSH interactive and automated access management in an enterprise, focusing on th...

Abstract: This interagency report sets out proposed United States Government (USG) strategic objectives for pursuing the development and use of international standards for cybersecurity and makes recommendations to achieve those objectives. The recommendations cover interagency coordination, collaboration wit...

Abstract: This report provides background information and analysis in support of NISTIR 8074 Volume 1, "Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity." It provides a current summary of ongoing activities in critical int...

Journal: Computer (IEEE Computer) Abstract: Integrating software developed by third-party organizations into a larger system raises concerns about the software's quality, origin, functionality, security, and interoperability. Addressing these concerns requires rethinking the roles of software's principal supply-chain actors--vendor, assessor,...

Journal: IEEE Cloud Computing Abstract: Economies of scale, cutting-edge technology advancements, and higher concentration of expertise enable cloud providers to offer state-of-the-art cloud ecosystems that are resilient, self-regenerating, and secure--far more secure than the environments of consumers who manage their own systems. This h...