NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase
Cryptography Sign Hash Accuracy O r i g i n Key Encrypt Challenges Processing delays Concealment I nformation overhead Key Key Management overhead Compatibility Erosion of security Moore’s Law Processing efficiency (Quantum) Cryptanalysis Pg 2
Standards Process Process Steps I nformation Gathering Process for standards Drafting similar to rule making NI ST Legal Review process followed by OMB Review regulatory agencies. Federal Register Notice Public Review Information gathering Adjudication/ I ncorporation includes prior art, of Public Comments workshop results, and Documentation of Public Comments NI ST Legal Review conducting competitions. Publication Decision Conformant to Federal OMB Review DOC Legal and Policy Reviews policies. OMB Review Technical input from other Signature by Secretary of Commerce Federal Register Notice state and local Publication by NI ST governments, Federal Steps in Gold Print for All Publications agencies (e.g., NSA), Federal I nformation Processing Standards Only domestic and foreign Note: Steps can be recursive. industry, and academia.
Implementation Concerns Many ways to implement sound Alter Cryptographic Hardware cryptographic Alter Cryptographic Firmware algorithms I nsecure Key Establishment Protocol incorrectly or in an Key Capture insecure manner. Many cases of insecure implementations. Test and validation Transponder in Reader Circuitry programs are Transponder in Connector needed to establish I ncorrect Algorithm I mplementation and maintain product assurance.
Product Validation Programs Standards-based test and evaluation by private sector (FI PS, I SO, etc.) Automated test tools National Voluntary Laboratory Accreditation Program (NVLAP) I nternational Laboratory Accreditation Cooperation (I LAC) - Reciprocity Government validation of laboratory reports (high-impact applications) > Cryptographic Algorithm Validation Program > NI ST Personal I dentity Verification Validation > Cryptographic Module Validation Program - Managed by U.S. (NI ST) and Canada (CSE) - U.S. and foreign laboratories accredited U.S. U.K. Canada Japan Germany Taiwan - World-wide vendor set Government requirements for validated products (e.g., U.S., Japan)
White House Legislative Branch Laws and Policy Policy Priorities Priorities Funding Standards Coordination State & Local Governments Federal Departments Operational Requirements Standards Coordination Operational Constraints Operational requirements Technical I nterchange NIST Operational constraints Technical interchange Foreign Organizations Partnerships I nternational Standards Product Assurance Technical I nterchange National Security Organizations Standards Coordination Technical I nterchange/ Expertise Academia Threat/ Vulnerability I nformation Research Research and Development Technical I nterchange I ndustry Technical Expertise Standards Coordination Technical I nterchange I mplementation Opportunities I mplementation Constraints Operational Considerations Research and Development
Wm Curt Barker Computer Security Division Information Technology Laboratory wbarker@nist.gov 301-975-8443
Recommend
More recommend
