Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

Max Publication Date

NIST Authors in Bold

Displaying 651 - 675 of 1430

Cryptographic Key Management Issues & Challenges in Cloud Services

September 18, 2013

Author(s)

Ramaswamy Chandramouli, Michaela Iorga, Santosh Chokhani

To interact with various services in the cloud and to store the data generated/processed by those services, several security capabilities are required. Based on a core set of features in the three common cloud services - Infrastructure as a Service (IaaS)

Related-Key Slide Attacks on Block Ciphers with Secret Components

September 18, 2013

Author(s)

Meltem Sonmez Turan

Lightweight cryptography aims to provide sufficient security with low area/power/energy requirements for constrained devices. In this paper, we focus on the lightweight encryption algorithm specified and approved in NRS 009-6-7:2002 by Electricity

Secure Domain Name System (DNS) Deployment Guide

September 18, 2013

Author(s)

Ramaswamy Chandramouli, Scott W. Rose

The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of

Personal Identity Verification (PIV) of Federal Employees and Contractors

September 4, 2013

Author(s)

Hildegard Ferraiolo, David A. Cooper, Salvatore Francomacaro, Ketan Mehta, Annie W. Sokol

[Superseded by FIPS 201-3 (January 2022) https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934136] This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. The

Differential Fault Attack Against Grain Family -- Pushing Towards Very Few Faults using SAT Solver

August 22, 2013

Author(s)

Santanu (. Sarkar

There are now a series of published works related to Differential Fault Attack (DFA) on the Grain family, but most of them require quite a large number (hundreds) of faults (around $n \ln n$, where $n = 80$ for Grain v1 and $n = 128$ for Grain-128, Grain

ITL Publishes Guidance on Preventing and Handling Malware Incidents

August 22, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800- 83 Revision 1,Guide to Malware Incident Prevention and Handling for Desktops and Laptops,which gives receommendations for organizations to improve their malware incident

A Framework for Designing Cryptographic Key Management Systems

August 15, 2013

Author(s)

Elaine B. Barker, Miles Smid, Dennis Branstad, Santosh Chokhani

This Framework for Designing Cryptographic Key Management Systems (CKMS) contains topics that should be considered by a CKMS designer when developing a CKMS design specification. For each topic, there are one or more documentation requirements that need to

Investigating the Application of Moving Target Defenses to Network Security

August 15, 2013

Author(s)

Rui Zhuang, Su Zhang, Alex Bardas, Scott DeLoach, Xinming Ou, Anoop Singhal

This paper presents a preliminary design for a moving-target defense (MTD) for computer networks to combat an attacker's asymmetric advantage. The MTD system reasons over a set of abstract models that capture the network's configuration and its operational

ITL Publishes Guidance on Enterprise Patch Management Technologies

August 8, 2013

Author(s)

Elizabeth B. Lennon

This ITL Bulletin summarizes a new ITL publication, NIST Special Publication 800-40 Revision 3, Guide to Enterprise Patch Management Technologies, which gives recommendations for organizations to improve the effectiveness and efficiency of their patch

An Efficient Approach to Assessing the Risk of Zero-Day Vulnerabilities

July 31, 2013

Author(s)

M. Albanese, Sushil Jajodia, Anoop Singhal, Lingyu Wang

Computer systems are vulnerable to both known and zero-day attacks. Although known attack patterns can be easily modeled, thus enabling the definition of suitable hardening strategies, handling zero-day vulnerabilities is inherently difficult due to their

A Chosen IV Related Key Attack on Grain-128a

July 24, 2013

Author(s)

Subhadeep Banik, Subhamoy Maitra, Santanu (. Sarkar, Meltem Sonmez Turan

Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that generate shifted keystreams efficiently. Based on this observation, Lee et al. presented a related-Key chosen IV attack on Grain v1 and

Computer Security Division 2012 Annual Report

July 22, 2013

Author(s)

Patrick D. O'Reilly

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Guide to Enterprise Patch Management Technologies

July 22, 2013

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware. There are several challenges that complicate patch

Guide to Malware Incident Prevention and Handling for Desktops and Laptops

July 22, 2013

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the

Digital Signature Standard (DSS)

July 19, 2013

Author(s)

Elaine B. Barker

This Standard specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed

Biometric Specifications for Personal Identity Verification

July 11, 2013

Author(s)

Patrick J. Grother, Wayne J. Salamon, Ramaswamy Chandramouli

Homeland Security Presidential Directive HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors [HSPD-12], called for new standards to be adopted governing interoperable use of identity credentials to allow physical and

IREX IV: Part 1, Evaluation of Iris Identification Algorithms

July 11, 2013

Author(s)

George W. Quinn, Patrick J. Grother, Mei L. Ngan, James R. Matey

IREX IV aims to provide a fair and balanced scientific evaluation of the performance of automated iris recognition algorithms. IREX IV evaluated the performance of 66 identification (i.e. one-to-many matching) algorithms submitted by 12 companies and

Summary of the Workshop on Information and Communication Technologies Supply Chain Risk Management

July 10, 2013

Author(s)

Celia Paulsen, Jon M. Boyens

There is a great demand from federal departments and agencies for supply chain risk management (SCRM) guidance. This document is a summary of a workshop held October 15-16, 2012 to broadly engage all stakeholders in an effort to set a foundation for NIST's

Economic Case Study: The Impact of NSTIC on the Internal Revenue Service

July 9, 2013

Author(s)

Gregory C. Tassey

The National Strategy for Trusted Identities in Cyberspace (NSTIC) offers a vision of more secure, efficient, and cost-effective authentication through widespread use of robust third-party credentials standardized to a national strategy. If successful

Quantifying Network Topology Robustness Under Budget Constraints

June 24, 2013

Author(s)

Assane Gueye, Aron Lazska

To design robust network topologies that resist strategic attacks, one must first be able to quantify robustness. In a recent line of research, the theory of network blocking games has been used to derive robustness metrics for topologies. A network

Four Measures of Nonlinearity

June 23, 2013

Author(s)

Joan Boyar, Magnus Find, Rene Peralta

Cryptographic applications, such as hashing, block ciphers and stream ciphers, make use of functions which are simple by some criteria (such as circuit implementations), yet hard to invert almost everywhere. A necessary condition for the latter property is

A Classification of Differential Invariants for Multivariate Post-Quantum Cryptosystems

June 21, 2013

Author(s)

Ray A. Perlner, Daniel C. Smith-Tone

Multivariate Public Key Cryptography (MPKC) has become one of a few options for security in the quantum model of computing. Though a few multivariate systems have resisted years of effort from the cryptanalytic community, many such systems have fallen to a

Enabling an Enterprise-wide, Data-centric Operating Environment

June 21, 2013

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

Although access control (AC) currently plays an important role in securing DSs, if properly envisaged and designed, access control can serve a more vital role in computing than one might expect. The Policy Machine (PM), a framework for AC developed at NIST

Exposing Software Security and Availability Risks For Commercial Mobile Devices

June 21, 2013

Author(s)

Ryan Johnson, Zhaohui Wang, Angelos Stavrou, Jeff Voas

In this manuscript, we present our efforts towards a framework for exposing the functionality of a mobile application through a combination of static and dynamic program analysis that attempts to explore all available execution paths including libraries

Guidelines for Managing the Security of Mobile Devices in the Enterprise

June 21, 2013

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Cell-free systems
-Engineering / synthetic biology
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
-Sequence screening
-Transcriptomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Human microbiome
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive