NIST Special Publication 800-63B Digital Identity Guidelines, Authentication and Lifecycle Management includes choices of authenticators that may be used at various Authenticator Assurance Levels (AALs) for use by the US Federal Government. Authenticators are used to authenticate a user to a resource’s access control mechanism. Examples of authenticators include credit cards with chips, US Federal Government Personal Identity Verification (PIV) cards and DoD Common Access Cards (CACs). NIST Special Publication 800-63B Digital Identity Guidelines (NIST SP 800-63B) helps standardize AALs to enable organizations to authenticate each other and share resources.
Spectre and Meltdown are attacks on computing systems that exploit characteristics inherent to most modern computer processors. Specifically, Meltdown is recognized to affect Intel and ARM processors, while Spectre is known to affect Intel, AMD and ARM processors.
The Return of Coppersmith’s Attack (ROCA) is a recently discovered vulnerability in a cryptographic library used in some Infineon Technologies AG chips. It enables an attacker to practicably determine an RSA private key given an RSA public key. Quantum computers, while still in their infancy, will one day be capable of finding private keys like those used in RSA and other asymmetric cryptographic algorithms. So why should one care? Both the ROCA vulnerability and quantum computers are a threat to systems and processes that rely on asymmetric cryptographic algorithms.
Quantum computing is a futuristic way of computing. Presently in its infancy, the technology involves the use of qubits which are atomic sized memory units. Qubits can hold multiple values simultaneously and enable efficiencies in parallel computations. With a sufficient number of qubits working together as part of a quantum computing device, some believe that such a device will obtain quantum supremacy.
Today, information is being produced by and shared with billions of people and machines and around the world. Much of this environment is filled with information that owners are willing to share with others. But much proprietary and private information is not being so freely shared – and for good reason.