The dominant routing protocol on the Internet is the Border Gateway Protocol (BGP). BGP has been deployed since the commercialization of the Internet and version 4 of BGP is over a decade old. BGP works well in practice, and its simplicity and resilience enabled it to play a fundamental role within the global Internet. However, BGP inherently provides few performance...

17 September 2018 17 page(s) pdf

On January 8th 2018, the Wi-Fi alliance announced new enhancements to Wi-Fi Protected Access II (WPA2) security specification and a new WPA3 security specification. Enhancements to WPA2 will include improvements in authentication, encryption, and configuration requirements. WPA3 will build on the WPA2 enhancements and will offer enhanced protection for Wi-Fi networks that use password-based authentication, improved privacy on open networks,...

10 July 2018 8 page(s) pdf

Web browsers pose a unique risk to enterprise infrastructure because of their frequent
exposure to untrusted dynamic content. Configuring browser security settings is
challenging due to uncertainty of both attack mitigation effectiveness and impact on end
users. A key goal of this paper is to avoid impact to users while mitigating as many
attacks as possible. The following guidance uses...

18 May 2018 3 page(s) pdf

Cyber intrusions into US Critical Infrastructure systems are happening with increased
frequency. For many industrial control systems (ICS), it’s not a matter of if an intrusion
will take place, but when. The capabilities of our adversaries have been demonstrated
and cyber incidents are increasing in frequency and complexity. Simply building a
network with a hardened perimeter is no longer adequate....

06 April 2018 9 page(s) pdf

Exif is structured, tagged metadata contained within some media file formats. This data is used by digital camera manufacturers and applications that process digital images to provide additional information about media files. The metadata includes manufacturer specific information such as the make, model and lens information of the device that generated the file; image information (e.g., date/time of capture) and...

31 January 2018 37 page(s) pdf

The purpose of this document is to provide guidance for the development of sanitization and analysis software for Department of Defense (DOD) Electronic Biometric Transmission Specification (EBTS) biometric files. This document analyzes elements and objects contained within the EBTS file structure and then discusses the data hiding, data attack, and data disclosure risks. It describes how identified elements can be...

31 January 2018 81 page(s) pdf

This document deconstructs the problem of automated character recognition and defines a methodology for conducting optical character recognition (OCR) on images for boundary protection devices to determine their classification. This research can be leveraged in order to make determinations on the transfer of images between security domains.

31 January 2018 38 page(s) pdf

This paper provides guidance for creating JSON schemas. Validating JSON instance documents against properly designed JSON schemas can reduce the risk of transferring unauthorized or malicious data. Note that schema validation alone is not enough to prevent transfer of unauthorized data; users must perform other content filtering such as dirty word and anti-virus checks, in conjunction with schema validation.

31 January 2018 54 page(s) pdf

The purpose of this document is to provide guidance for the development of a sanitization or analysis software tool for Portable Network Graphics (PNG) files. This document analyzes the various elements contained within the PNG images and then discusses data attack, data disclosure, and data hiding risks. It describes how these elements can then be a cause for concern from...

31 January 2018 41 page(s) pdf