Search CSRC

Conference: 8th Symposium on Identity and trust on the Internet (IDtrust '09) Abstract: Public key cryptography is widely used to secure transactions over the Internet. However, advances in quantum computers threaten to undermine the security assumptions upon which currently used public key cryptographic algorithms are based. In this paper, we provide a survey of some of the public key...

Conference: 2009 WRI World Congress on Computer Science and Information Engineering Abstract: While mobile handheld devices, such as cell phones and PDAs, provide productivity benefits, they also pose new risks. A vital safeguard against unauthorized access to a device s contents is authentication. This paper describes a location-based authentication mechanism that employs trusted servers ca...

Conference: IEEE Sarnoff Symposium, 2009 (SARNOFF '09) Abstract: In current networks that use EAP and AAA for authenticated admission control, such as WiFi, WiMAX, and various 3G internetworking protocols, a malicious base station can advertise false information to prospective users in an effort to manipulate network access in some way. This can result a number o...

Abstract: This bulletin summarizes information disseminated in Federal Information Processing Standard (FIPS) 180-3, Secure Hash Standard; NIST Special Publication (SP) 800-107, Recommendation for Applications Using Approved Hash Algorithms, by Quynh Dang; SP 800-106, Randomized Hashing for Digital Signatures...

Journal: IT Professional Abstract: The amount of time to protect enterprise systems against potential vulnerability continues to shrink. Enterprises need an effective patch management mechanism to survive the insecure IT environment. Effective patch management is a systematic and repeatable patch distribution process which includes e...

Abstract: This annual report covers the work conducted within the National Institute of Standards and Technology's Computer Security Division during Fiscal Year 2008. It discusses all projects and programs within the Division, staff highlights, and publications.

Abstract: This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS), written by William MacGregor of NIST, Ketan Mehta of Mehta, Inc., and David Cooper and Karen Scarfone of NIST. The pu...

Abstract: NIST-approved digital signature algorithms require the use of an approved cryptographic hash function in the generation and verification of signatures. Approved cryptographic hash functions and digital signature algorithms can be found in FIPS 180-3, Secure Hash Standard (SHS), and FIPS 186-3, Digit...

In: Encyclopedia of Biometrics (2009) Abstract: Common Biometric Exchange Formats Framework (CBEFF) provides a standardized set of definitions and procedures that support the interchange of biometric data in standard data structures called CBEFF biometric information records (BIRs). CBEFF permits considerable flexibility regarding BIR structures...

Journal: IT Professional Abstract: This article introduces "insecure IT", a new department for IT Professional that will cover security weaknesses in IT systems, ranging from desktops to global e-commerce networks. This regular feature will offer ideas to improve IT security, both by looking at ways it can go wrong as well as by cove...

Abstract: This paper describes architectures for securely injecting secret keys onto smart cards. Specifically, this paper details key injection architectures based on the identity credentials available on the Personal Identify Verification (PIV) Card. The primary goal is to create additional opportunities fo...

Conference: 2008 IEEE/IFIP International Symposium on Trust, Security and Privacy for Pervasive Applications (TSP-08) Abstract: To formally and precisely capture the security properties that access control should adhere to, access control models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a new general approach for property verification for acces...

In: Identity & Policy: a Common Platform for a Pervasive Policy Paradigm (2008) Abstract: In this chapter, we describe an authorization policy validation framework. Authorization (or access control) policies, just like device policies and privacy policies, are an important class of policies for safeguarding enterprise resources. Specifically, authorization policies provide confidentialit...

Abstract: This report contains the results of NIST s research into technologies to improve the voting process for United States citizens living overseas. It splits the overseas voting process into three stages: voter registration and ballot request, blank ballot delivery, and voted ballot return. For each sta...

In: Identity & Policy: a Common Platform for a Pervasive Policy Paradigm (2008) Abstract: The primary motivation behind formulation of any privacy policy (policy in the context of this chapter refers to technical policies defined, specified and enforced within the relevant information systems) is to restrict the disclosure of identity of an individual (in certain locations, events or tra...

Abstract: This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Murugiah Souppaya of NIST, and by...

Conference: 9th International Conference on Cryptology in India (INDOCRYPT 2008) Abstract: Online ciphers are those ciphers whose ciphertexts can be computed in an online manner. HCBC1 and HCBC2 are two known examples of Hash Cipher Block Chaining online ciphers. HCBC1 is secure against chosen plaintext adversary (or called CPA-secure) whereas HCBC2 is secure against chosen ciphertext adv...

Conference: 4th International ICST Conference on Wireless Interet (WICON 2008) Abstract: In this paper, we discuss key management challenges for seamless handovers across heterogeneous wireless networks. We focus on fast access authentication protocols that allow expedited network entry by utilizing existing keying material from previous access authentications. For a seamless handover,...

Conference: 2008 International Computer Symposium (ICS 2008) Abstract: The availability of global, pervasive information relies on seamless access to federated resources through sharing and trust between the participating members. However, most of the current architectures for federation networks are designed based on a centralized authorization management schema that...

Conference: 4th ACM Workshop on Quality of Protection (QoP'08) Abstract: The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted for use with a different type of vulnerability...

Abstract: Special Publication 800-66 Rev. 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security...

Abstract: This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-123, Guide to General Server Security: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Wayne Jansen of NIST and by Miles Tracy of Federal Reserve Info...

In: Encyclopaedia Britannica Online (2009) Abstract: Definition of electronic voting. General discussion of issues related to the deployment of this technology in different countries.

Abstract: The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing, implementing, and maintaining technical info...

Abstract: This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-55, Revision 1, Performance Measurement Guide for Information Security, by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson. The guide provides specific advice on devel...