Security Analysis of DRBG Using HMAC in NIST SP 800-90

Various Security Analysis of a pfCM-MD Hash Domain Extension and Applications based on the Extension

We propose a new hash domain extension a prefix-free-Counter-MaskingMD (pfCM-MD). And, among security notions for the hash function, we focus on the indifferentiable security notion by which we can check whether the structure of a given hash function has any weakness or not. Next, we consider the security of HMAC, two new prf constructions, NIST SP 800-56A key derivation function, and the rando...

Driving Secure Software Initiatives Using FISMA: Issues and Opportunities

Federal agencies install many security controls for Federal Information Security Management Act (FISMA) implementation. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 4 (rev4) standardizes these security and privacy controls. This article presents a study of NIST SP 800-53 security controls. The purpose is to classify the security controls from di...

The NIST SP 800-90 Deterministic Random Bit Generator Validation System (DRBGVS)

Towards Combined Safety and Security Constraints Analysis

A growing threat to the cyber-security of embedded safety-critical systems calls for a new look at the development methods for such systems. One alternative to address security and safety concerns jointly is to use the perspective of modeling using system theory. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on an accident causality model. NIST SP 800-30 is ...

A Cyber Security Risk Assessment for the Design of I&c Systems in Nuclear Power Plants

The instrumentation and control (I&C) systems in nuclear power plants (NPPs) collect signals from sensors measuring plant parameters, integrate and evaluate sensor information, monitor plant performance, and generate signals to control plant devices for a safe operation of NPPs. Although the application of digital technology in industrial control systems (ICS) started a few decades ago, I&C sys...