ITL
Newsletter for August 2003
Elizabeth B.
Lennon, Editor
Information
Technology Laboratory
National Institute
of Standards and Technology
Technology
Administration
U.S. Department of
Commerce
ITL
PUBLISHES UPDATED SPECIFICATION FOR SMART CARDS
ITL is advancing the
technology of smart cards through the development of specifications and
conformance tests. On July 16, 2003, ITL published the latest version of NISTIR
6887, 2003 Edition, the Government Smart Card (GSC) Interoperability
Specification ([GSC-IS] version 2.1. The original version of the GSC-IS
(version 1.0) was developed by the GSC Interoperability Committee led by the
General Services Administration and NIST, in association with Smart Access
Common Identification Card contractors. NIST published version 2.0 of the
GSC-IS in June 2002 as NIST Interagency Report 6887. The Government Smart Card
Interagency Advisory Board unanimously adopted NISTIR 6887 as the GSC-ISv2.0 on
July 9, 2002.
The interoperability
specification is the foundation of the federal government’s effort (http://estrategy.gov/smartgov/smart_card.cfm)
to develop a ubiquitous Smart Card Interoperability Framework that enables
large-scale deployment of smart card technology across federal agencies. We
have also taken this specification to the International Organization for
Standardization (ISO). This will support private sector efforts to create and
improve standards needed for smart card adoption and wide-scale implementation.
Also in process is the
development of a comprehensive conformance test program in support of the GSC
program. Products available will be subject to a formal certification process
to validate conformance to the requirements of the GSC-IS. The goal of the
conformance tests is to determine whether or not a given Government Smart Card
product conforms to the GSC specification. Qualified laboratories will perform
operational conformance testing. We are also working on user guidance for
achieving conformance certification for the various elements of the GSC-IS
framework. The guidance will be posted on our smart card website (see below).
Offering portability and
security, smart cards are credit card-sized devices containing a microprocessor
and semiconductor memory. The cards provide a cost-effective and highly secure
mechanism for automated systems to verify the identity of human users. Smart
cards are capable of generating digital signatures, encrypting sensitive
information, and many other security-related functions. The market for smart
cards is growing. Current estimates predict 2 billion smart cards will be sold
in 2003 and grow to 3.3 billion in 2005. NISTIR 6887, 2003 Edition, and
information on our smart card program is available at http://smartcard.nist.gov.
Homeland Security Update
ITL fingerprint expert Dr. Charles Wilson,
accompanied by NIST Director Dr. Arden Bement, Acting ITL Director Dr. Susan
Zevin, and Mr. Kevin Kimball, recently briefed DHS Secretary Tom Ridge and his
senior management team on technical considerations of alternative fingerprint
matching systems and impacts on implementation of the new entry/exit (US-VISIT)
system. NIST has produced a report on the state-of-the-art accuracy of fingerprint
systems jointly with the Departments of Justice and State (see http://www.nist.gov/public_affairs/releases/n03-01.htm)
and is now working with DHS to produce an operational system. The mandate for
the work comes directly from the USA PATRIOT Act of 2001 and the Enhanced
Border Security and Visa Entry Reform Act of 2002. DHS wants to ensure that the
system that is designed, procured, and implemented is the most effective possible
within the time constraints and technology available. Secretary Ridge wanted
NIST's assurances that such a system could be built in a timely and cost
effective way. The outcome of the meeting was an agreed-upon engineering
approach.
ITL has been researching and developing
biometric technologies for many years. Our researchers led the critical
evaluations of fingerprint and face recognition technologies that resulted in
the recommendation to Congress of a dual approach to screen visa applicants and
visa holders entering the United States. The report recommends “the use of at least two fingerprints
to positively identify visa applicants and a dual system of face and
fingerprints to verify the identities of visa holders at points of entry into
the United States.” For more information on ITL’s work in biometrics, see our
Biometrics Resource Center at http://www.itl.nist.gov/div895/biometrics/.
ITL Focuses on Quantum Communications
ITL has developed a novel high-speed electronics interface
for the NIST Quantum Communications Testbed. The interface is a critical
component that will enable the testbed to demonstrate what is expected to be
the highest speed quantum cryptographic key distribution system yet developed
when the testbed is fully operational later this summer. The purpose of the
testbed is to study highly secure communications by implementing and measuring
the properties of quantum key distribution (QKD) protocols operating at gigabit
speeds over free space. QKD at these speeds result in the distribution of a
large number of secure encryption keys, enough to allow a different encryption
key for every message. A joint project of ITL and NIST’s Physics Laboratory,
the testbed is part of the larger NIST-wide Scalable Quantum Information
Network project, supported by the Defense Advanced Research Projects Agency and
conducted jointly with the Physics Laboratory, NIST’s Electronics and
Electrical Engineering Laboratory, and ITL. The website is http://math.nist.gov/quantum.
-Text
Box------------------------------------------------------------------------------------------
The 2002 ITL Technical Accomplishments report is now
available at
http://www.itl.nist.gov.
For a complimentary hardcopy of the report, e-mail
elizabeth.lennon@nist.gov.
--------------------------------------------------------------------------------------------
UPDATE
ON NEW PUBLICATIONS
ITL publishes the results of research, investigations, and conferences. The reports listed below may be available online or ordered from:
National Technical Information Service (NTIS)
5285 Port Royal Road
Springfield, VA 22161
Telephone (703) 605-6000
Rush Service (800) 553-6847
Fax (703) 321-8547 or (703) 321-9038
Home Page: http://www.ntis.gov/onow
Algorithms and Codes for the Macdonald Function: Recent Progress and Comparisons
By B.R. Fabijonas, D.W. Lozier,
and J.M. Rappoport
NISTIR 6596
PB2001-102782 Paper and CD $29.50
Order from NTIS Microfiche $12.00
The modified Bessel function K^di{nu}^{chi}, also known as the Macdonald function, finds application in the Kontorovich-Lebedev integral transform when {chi} and {nu} are real and positive. In this paper, a comparison of three codes for computing this function is made. These codes differ in algorithmic approach, timing, and regions of validity. One of them can be tested independently of the other two through Wronskian checks and therefore is used as a standard against which the others are compared.
Meta-Analysis of Face Recognition Algorithms
By P.J. Phillips and E.M. Newton
NISTIR 6719
March 2001
PB2001-102891 Paper $23.00
Order from NTIS Microfiche $12.00
This report presents a quantitative assessment of the state of automatic face recognition. Researchers performed a meta-analysis of performance results of face recognition algorithms in the literature. The analysis was conducted on 24 papers that report identification performance on frontal facial images and used either the FERET or ORL database in their experiments. Three main conclusions resulted from the analysis: the majority of experiments do not adequately model challenging problems and their results have saturated performance levels; authors do not adequately document their experiments; and performance results for novel or experimental algorithms need to be accompanied by baseline algorithm performance scores.
Automated Security Self-Evaluation Tool User Manual, 2003 Edition
By M. Swanson, J. Fabius, M. Stevens, and M. McLarnon
February 2003
NISTIR 6885, 2003 Edition
PB2003-103339 Paper $29.50
Order from NTIS Microfiche $12.00
Online at http://csrc.nist.gov/asset/
The Automated Security Self-Evaluation Tool (ASSET) automates the process of completing a system self-assessment. ASSET will assist organizations in completing the self-assessment questionnaire contained in NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems. The manual is intended to help users of ASSET understand each function of the tool and how the tool can be used to complete self-assessments. The target audience of this manual is the assessor/manager.
Face Recognition Vendor Test 2002 Performance Metrics
By P. Grother, R.J. Micheals, and P.J. Phillips
NISTIR 6982
PB2003-104208 Paper $23.00
Order from NTIS Microfiche $12.00
This report presents the methodology and recognition performance characteristics used in the Face Recognition Vendor Test 2002. Researchers refine the notion of a biometric imposter and show that the traditional measures of identification and verification performance are limiting case specializations of a novel watch list scenario. The watch list problem is a newly important and operationally realistic generalization of both detection and identification of persons of interest, together with simultaneous verification-like constraints on false alarm rates. In addition, performance scores on disjoint populations are used to establish a novel means of computing and displaying distribution-free estimates of the variation of verification vs. false alarm performance. Finally, researchers formalize gallery normalization, which is an extension of previous evaluation methodologies; a pair of gallery dependent mappings are defined that can be applied as a post recognition step to vectors of distance or similarity scores. All the methods are biometric non-specific, and applicable to large populations.
The NIST HumanID Evaluation Framework
By R.J. Micheals, P. Grother, and P.J. Phillips
NISTIR 6983
April 2003
PB2003-105465 Paper $23.00
Order from NTIS Microfiche $12.00
Computer Product $25.00
The NIST HumanID Evaluation Framework (HEF) is an effort to design, implement, and deploy standards for the robust and complete documentation of the biometric system evaluation process. The HEF is an attempt to leverage contemporary technologies, specifically XML, for the formal description of such tests. The HEF was used to facilitate the administration of the 2002 Face Recognition Vendor Test (FRVT 2002). Unlike FRVT 2000 or FERET 96, FRVT 2002 used both still and video facial imagery, warranting the development of a more sophisticated and regular means of describing data presented to the participants.
UPCOMING TECHNICAL CONFERENCES
Advanced
Information Technology (IT) Security Auditing
Dates: September 2-4, 2003
Place: NIST, Gaithersburg, Maryland
In this comprehensive three-day workshop, participants
will learn how to use powerful software tools to identify and test key control
points in an organization’s network infrastructure. Topics include a
plain-English look at encryption, network services and protocols as they relate
to real-world safeguards, key server and workstation controls, and the
deployment of network vulnerability testing tools. The target audience is IT
auditor managers and supervisors, IT auditors, analysts and system/network
administrators.
Technical contact: Marianne Swanson, 301/975-3293, marianne.swanson@nist.gov
Conference website: http://www.nist.gov/public_affairs/confpage/new030902.htm
The Biometric Consortium Conference (BC2003)
Dates: September 22-24, 2003
Place: Hyatt Regency Crystal City, Arlington,
Virginia
This major international conference will address the
latest trends in biometrics research, development, and application of biometric
technologies. It will also address the important role that biometrics can play
in the identification and verification of individuals in this age of heightened
security and privacy as well as the utilization of biometrics in other
government and commercial applications.
Sponsors: NIST, National Security Agency, National
Biometric Security Project, National Institute of Justice, West Virginia USA,
General Services Administration’s Federal Technology Service Office of Smart
Card Initiatives, DoD Biometric Management Office, and the National Science
Foundation
Technical contact: Fernando Podio, 301/975-3883,
fernando.podio@nist.gov
Conference website: http://www.nist.gov/public_affairs/confpage/new030922.htm
Securing and Auditing Virtual Office Networks
Dates: September 24-26, 2003
Place: NIST, Gaithersburg, Maryland
In this diversified network security workshop, participants will explore the TCP/IP protocol as a basis for understanding various access methods and issues associated with extending the reach of the enterprise network apart from the firewalled connection to the Internet. The target audience includes information security managers and analysts, network and systems administrators, and IT auditors.
Technical contact: Marianne Swanson, 301/975-3293, marianne.swanson@nist.gov
Conference website: http://www.nist.gov/public_affairs/confpage/new030924c.htm
Security
Checklists for Commercial IT Products
Dates: September 25-26, 2003
Place: NIST, Gaithersburg, Maryland
This workshop will identify current and planned
federal government checklist activities and related needs, existing and planned
voluntary efforts for building security checklists, and current industry
capabilities for the development of checklists and the associated templates
that describe sets of security configurations for IT products widely used in
the federal government.
Technical contact: John Wack, 301/975-3411, john.wack@nist.gov
Conference website: http://csrc.nist.gov/checklists
Disclaimer: Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by the National Institute of Standards and Technology nor does it imply that the products mentioned are necessarily the best available for the purpose.