U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Scott Rose (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 27

Zero Trust Architecture

August 10, 2020
Author(s)
Scott W. Rose, Oliver Borchert, Stuart Mitchell, Sean Connelly
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and

Trustworthy Email

February 25, 2019
Author(s)
Scott W. Rose, J. S. Nightingale, Simson Garfinkel, Ramaswamy Chandramouli
This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Evolution and Challenges of DNS-Based CDNs

November 1, 2018
Author(s)
Zheng Wang, Scott W. Rose
DNS-based server redirecting has been realized as the most popular way to deploy CDNs. However, with the increasing use of remote DNS, DNS-based CDNs faces a great challenge in performance degradation. To address this challenging issue, encouraging

Energy-Aware Server Allocating

September 1, 2018
Author(s)
Zheng Wang, Scott W. Rose
Faced with the scalability and reliability challenge, the DNS is increasingly operated by geographically dispersed data centers. Energy management across those distributed diverse data centers is critical to reduce revenue loss for DNS operators. This

Improving the Trustworthiness of E-Mail, and Beyond!

April 25, 2018
Author(s)
Scott W. Rose, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information found in NIST SP 1800-6: Domain Name System-Based Electronic Mail Security, which describes a security platform for trustworthy email exchanges across organizational boundaries.

Domain Name System-Based Electronic Mail Security

January 15, 2018
Author(s)
Scott W. Rose, Karen M. Waltermire, Santos Jha, Chinedum Irrechukwu, William C. Barker
This document describes a security platform for trustworthy email exchanges across organizational boundaries. The project includes reliable authentication of mail servers, digital signature and encryption of email, and binding cryptographic key

Updating the Keys for DNS Security

September 27, 2017
Author(s)
Scott W. Rose, Larry Feldman, Gregory A. Witte
To help maintain the reliability and integrity of the Internet’s Domain Name System (DNS), NIST is working with specialists from around the world to update the keys used by the DNS Security Extensions (DNSSEC) protocol to authenticate DNS data and avoid

The Emergence of DANE Trusted Email for Supply Chain Management

January 3, 2017
Author(s)
Scott Rose, Joseph Gersch, Daniel Massey
Supply chain management is critically dependent on trusted email with authentication systems that work on a global scale. Solutions to date have not adequately addressed the issues of email forgery, confidentiality, and sender authenticity. The IETF DANE

Making Email Trustworthy

October 24, 2016
Author(s)
Scott W. Rose, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-177: Trustworthy Email. This publication gives recommendations and guidelines for enhancing trust in email. This guideline applies to federal IT systems and will also be useful for any small

Trustworthy Email

September 6, 2016
Author(s)
Ramaswamy Chandramouli, Simson L. Garfinkel, J. S. Nightingale, Scott W. Rose
This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Trust Issues with Opportunistic Encryption

February 28, 2014
Author(s)
Scott W. Rose
Recent revelations have shed light on the scale of eavesdropping on Internet traffic; violating the privacy of almost every Internet user. In response, protocol designers, engineers and service operators have begun deploying encryption (often opportunistic

Secure Domain Name System (DNS) Deployment Guide

September 18, 2013
Author(s)
Ramaswamy Chandramouli, Scott W. Rose
The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of

Information Leakage Through the Domain Name System

March 31, 2011
Author(s)
Scott W. Rose, Anastase Nakassis, Ramaswamy Chandramouli
The Domain Name System (DNS) is the global lookup service for network resources. It is often the first step in an Internet transaction as well as a network attack. An attacker can query an organization's DNS as reconnaissance before attacking hosts on a

Open Issues in Secure DNS Deployment

October 6, 2009
Author(s)
Ramaswamy Chandramouli, Scott W. Rose
This paper describes some practical administrative issues and challenges in the deployment of DNSSEC - an IETF specified suite of security measures for securing the Domain Name System (DNS). The issues covered include: (a) Choice of Cryptographic

Minimizing Information Leakage in the DNS

March 1, 2008
Author(s)
Scott W. Rose, Anastase Nakassis
The Domain Name System (DNS) is the global lookup service for network resources. To protect DNS information, the DNS Security Extensions (DNSSEC) has been developed and deployed on branches of the DNS to provide authentication and integrity protection

Integrity Checking of DNS Zone File Data Using XSLT

December 1, 2005
Author(s)
Ramaswamy Chandramouli, Scott W. Rose
We have implemented a quantum key distribution (QKD) system with polarization encoding at 850 nm over 1 km of optical fiber. The high-speed management of the bit-stream, generation of random numbers and processing of the sifting algorithm are all handled

DNSSEC Test and Measurement Tools: Secure Zone Integrity Tester v0.9.3, Zone Monitoring Tool v0.9, dns Trace : traffic statistics collection tool, querysim : DNS query workload monitoring tool

October 1, 2005
Author(s)
Scott W. Rose, Darrin J. Santay, Douglas Montgomery, Kevin L. Mills, Stephen Quirolgico, M Ramaswamy
We have implemented a quantum key distribution (QKD) system with polarization encoding at 850 nm over 1 km of optical fiber. The high-speed management of the bit-stream, generation of random numbers and processing of the sifting algorithm are all handled

Integrity Checking of DNS Zone File Data Using XSLT

July 1, 2005
Author(s)
Ramaswamy Chandramouli, Scott W. Rose
We have implemented a quantum key distribution (QKD) system with polarization encoding at 850 nm over 1 km of optical fiber. The high-speed management of the bit-stream, generation of random numbers and processing of the sifting algorithm are all handled

DNS Security Introduction and Requirements, RFC 4033

March 1, 2005
Author(s)
R Arends, R Austein, M Larson, Daniel Massey, Scott W. Rose
The Domain Name System Security Extensions (DNSSEC) add data origin authentication and data integrity to the Domain Name System. This document introduces these extensions and describes their capabilities and limitations. This document also discusses the

Protocol Modifications for the DNS Security Extensions RFC 4035

March 1, 2005
Author(s)
R Arends, R Austein, M Larson, Daniel Massey, Scott W. Rose
This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of new resource records and protocol modifications that add data origin authentication and data integrity to the