Use this form to search content on CSRC pages.
Abstract: This report considers threshold signature schemes interchangeable with respect to the verification mechanism of the Edwards-Curve Digital Signature Algorithm (EdDSA). Historically, EdDSA is known as a variant of Schnorr signatures, which are well-studied and suitable for efficient thresholdization,...
Conference: Crypto 2022 Abstract: The Support-Minors (SM) method has opened new routes to attack multivariate schemes with rank properties that were previously impossible to exploit, as shown by the recent attacks of on the Round 3 NIST candidates G𝑒MSS and Rainbow respectively. In this paper, we study this SM approach more in dept...
Conference: 8th Workshop on Security Information Workers (WSIW 2022) Abstract: The goal of organizational security awareness programs is to positively influence employee security behaviors. However, organizations may struggle to determine program effectiveness, often relying on training policy compliance metrics (training completion rates) rather than measuring actual impact....
Conference: 18th Symposium on Usable Privacy and Security (SOUPS 2022) Abstract: An important factor for investigating youth’s online safety, security, and privacy is to understand how and from where they learn their online behaviors and knowledge. Although research has shown that people within youths’ environments (e.g., parents) and the environments themselves (e.g., schools)...
Conference: 18th Symposium on Usable Privacy and Security (SOUPS 2022) Abstract: This paper overviews a dyadic study of youth knowledge and understandings of online privacy and risk, and then highlights challenges that the study reveals about youth online risk taking and privacy protective measures from a family perspective. A full overview of the qualitative, dyadic study of 40...
Abstract: Public safety officials utilizing public safety broadband networks will have access to devices, such as mobile devices, tablets, and wearables. These devices offer new ways for first responders to complete their missions but may also introduce new security vulnerabilities to their work environment....
Conference: IFIP Annual Conference on Data and Applications Security and Privacy Abstract: In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to ai...
Abstract: The National Institute of Standards and Technology is in the process of selecting publickey cryptographic algorithms through a public, competition-like process. The new publickey cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms...
Abstract: The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication in...
Conference: 4th International Conference on HCI for Cybersecurity, Privacy, and Trust Abstract: Security information workers (SIW) are professionals who develop and use security-related data within their jobs. Qualitative methods – primarily interviews – are becoming increasingly popular in SIW research. However, focus groups are an under-utilized, but potentially valuable way to explore the w...
Abstract: Fault detection often depends on the specific order of inputs that establish states which eventually lead to a failure. However, beyond basic structural coverage metrics, it is often difficult to determine if code has been exercised sufficiently to ensure confidence in its functions. Measures are ne...
Abstract: The rapid development and wide application of distributed network systems have made network security – especially access control and data privacy – ever more important. Blockchain technology offers features such as decentralization, high confidence, and tamper-resistance, which are advantages to sol...
Journal: Publicationes Mathematicae Debrecen Abstract: A Heron triangle is one in which the side lengths and area are integers. An integral right triangle is an example of a Heron triangle. In this paper, we show that there are infinitely many pairs of integral right triangles and Heron triangles with a common area and common perimeter, continuing a lin...
Abstract: The approved sensitive security parameter generation and establishment methods listed in this publication replace the ones listed in International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 Annex D and ISO/IEC 24759 paragraph 6.16, within the context o...
Abstract: The approved security functions listed in this publication replace the ones listed in International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 19790 Annex C and ISO/IEC 24759 6.15, within the context of the Cryptographic Module Validation Program (CMVP). As...
Abstract: This document describes a data structure, referred to as a data block matrix, that supports the ongoing addition of hash-linked records while also allowing for the deletion of arbitrary records, thereby preserving hash-based integrity assurance that other blocks are unchanged. The block matrix data...
Conference: Lightweight Cryptography Workshop 2022 Abstract: Ascon is one of the finalists of the National Institute of Standards and Technology (NIST) lightweight cryptography standardization process. In 2019, Ascon was also selected as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition. The Ascon fam...
Abstract: NIST Special Publication 800-207 defines zero trust as a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to endpoints, services, and data flows. Input and cooperation from various stakeholders in an enterprise is needed for a zer...
Abstract: Organizations are concerned about the risks associated with products and services that may potentially contain malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the supply chain. These risks are associated with an enterprise’s decr...
Abstract: The President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021, charges multiple agencies – including NIST – with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain. The EO acknowl...
Abstract: In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computi...
Conference: The 12th ACM Conference on Data and Application Security and Privacy Abstract: We describe a formalized systems theoretic method for creating cyber-physical system (CPS) risk overlays that augment existing tree-based models used in CPS risk and threat analysis processes. This top-down approach objectively scopes the system's threat surface for some risk scenario consequence by...
Abstract: Organizations face significant challenges in transitioning from 4G to 5G usage, particularly the need to safeguard new 5G-using technologies at the same time that 5G development, deployment, and usage are evolving. Some aspects of securing 5G components and usage lack standards and guidance, making...
Abstract: In today’s cloud data centers and edge computing, attack surfaces have significantly increased, cyber attacks are industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the pla...
Abstract: A cloud workload is an abstraction of the actual instance of a functional application that is virtualized or containerized to include compute, storage, and network resources. Organizations need to be able to monitor, track, apply, and enforce their security and privacy policies on their cloud worklo...