ITL FOCUSES ON TRENDS IN MATHEMATICAL SOFTWARE
Our Mathematical and Computational Sciences Division recently hosted a workshop on the Changing Face of Mathematical Software at George Washington University (GWU) in Washington, D.C. The meeting provided a forum for commercial software vendors and academic and government researchers to discuss issues regarding the development, packaging, and dissemination of modern mathematical software libraries and systems. Twenty-six participants from six countries attended the workshop.
The meeting was one of a yearly series of topical workshops sponsored by the International Federation for Information Processing (IFIP) Working Group 2.5 (WG 2.5). Chartered by UNESCO in 1961, IFIP is a multinational federation of professional and technical organizations fostering international cooperation in the field of information processing. Affiliated with IFIP's Technical Committee 2 on Software Theory and Practice, WG 2.5 works to improve the quality of numerical computation by promoting the development and availability of sound numerical software. The group meets yearly to exchange technical information and to plan joint projects. This year's meeting took place on June 1-2, 2004, at GWU. Dr. Ronald Boisvert, chief of our Mathematical and Computational Sciences Division and current chair of IFIP WG 2.5, was the local organizer for the meeting and workshop. The workshop website is at http://math.nist.gov/workshops/wg25-2004/.
Our talented technical staff in the Mathematical and Computational Sciences Division has been involved in the development of a wide variety of software packages, many of which are available for download at http://math.nist.gov/mcsd/Software.html. Additional mathematics, statistical, and computational science services are available at http://math.nist.gov/.
In support of local,
state, national, and international law enforcement communities, ITL is
developing reference materials and test methods in computer forensics. Sound computer forensics practices are key to
finding and delivering court-admissible evidence when computers are used in the
commission of a crime. Our computer forensics program consists of the National
Software Reference Library (NSRL) and the Computer Forensics Tool Testing
(CFTT) projects. Both projects are coordinated by the NIST Office of Law
Enforcement Standards and supported by the National Institute of Justice. Both
projects have also received international recognition.
ITL developed the NSRL to
meet the needs of the law enforcement community for rigorously verified data
that can meet the exacting requirements of the criminal justice system. It is
designed to collect software from various sources and incorporate file profiles
computed from this software into a Reference Data Set (RDS) of information. Law
enforcement, government, and industry can use the RDS to review files on a
computer by matching file profiles in the RDS. The NSRL data set can eliminate
40-95 percent of files from examination and save hundreds of staff-hours. One suggested
potential new application of the NSRL is to improve electronic voting
security in the United States by inviting voting software vendors to submit
their certified software to the NSRL to facilitate the tracking of software
version usage. We continue to update and populate the reference library, which
as of June 2004 contains over 21 million file signatures. Quarterly updated
versions of the reference library are available by subscription. The website is
http://www.nsrl.nist.gov.
The goal of our CFTT project is to establish a methodology for testing computer forensics tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools capabilities. Our approach for testing computer forensic tools is based on well-recognized international methodologies for conformance testing and quality testing. The website is http://www.cftt.nist.gov/.
Advancing an Interoperable Multimedia
Specification
Sandy Ressler of our Information Access Division
played a key role in ensuring that the Web3D Consortium and the International
Organization for Standardization (ISO) Moving Picture Experts Group (MPEG)
worked together to produce an interoperable multimedia specification. Ressler
harmonized the varied contributions of many technical experts and ensured that
the specification was successfully brought to completion. The Web3D Consortium
recently announced that its X3D Interactive Profile was adopted by MPEG “to
bring state-of-the-art, X3D-based, interactive 3D graphics to the MPEG-4
multimedia standard. As a result of this cooperative joint development between
MPEG and the Web3D Consortium, the X3D Interactive profile is now a part of the
ISO/IEC 14496 specification that will formally become an International Standard
in January 2005.”
The approval of the MPEG-4 X3D profile means
that vendors can enhance devices with 3D support. This 3D will be using the
same profile as defined in X3D specification. MPEG-4 is an ISO multimedia
standard and handles audio, video, 2D/3D vector graphics, metadata, rights management,
etc. It is already supported by DivX, Xvid, Real, Microsoft, Apple, set-top
boxes, and next-generation DVD players.
Content developed for X3D browsers or
distributed applications using the Interactive profile will also work on MPEG-4
software and hardware players. Moreover, since MPEG-4 is also a broadcast
standard, this enables X3D content to be streamed to any device. The X3D
Interactive Profile for MPEG-4 defines a subset of X3D that enables baseline
interactive 3D functionality for devices having limited processing power such
as low-power computers, set-top boxes, mobile phones, and personal digital
assistants as well as more capable devices such a desktop devices and gaming
consoles. More details on this new profile are available at http://web3d.org.
ITL publishes guidance documents, research results, and conference proceedings. The publications listed below are available online:
By Sharon J. Laskowski, Marguerite Autry, John Cugini, Bill Killam, and James Yen
NIST SP 500-256
May 2004
In the Help America Vote Act (HAVA) of 2002, Public Law 107-252, the Election Assistance Commission, in consultation with NIST, is mandated to submit a report on human factors, usability, and accessibility to Congress. This report was written to address this mandate. The report describes how research and best practices from the human factors, human-machine and human-computer interaction, and usability engineering disciplines can be used to improve the usability and accessibility of voting products and systems. A major contribution of the report is a set of ten recommendations for developing standards, accompanying test methods, and guidelines that can measurably improve levels of usability and accessibility.
By William C. Barker
NIST Special Publication (SP) 800-67
May 2004
http://csrc.nist.gov/publications
This publication specifies the Triple Data Encryption Algorithm (TDEA), including its primary component cryptographic engine, the Data Encryption Algorithm (DEA). When implemented in an SP 800-38 series-compliant mode of operation and in a FIPS 140-2 compliant cryptographic module, TDEA may be used by federal organizations to protect sensitive unclassified data. Protection of data during transmission or while in storage may be necessary to maintain the confidentiality and integrity of the information represented by the data. This recommendation precisely defines the mathematical steps required to cryptographically protect data using TDEA and to subsequently process such protected data.
By William E. Burr, Donna F. Dodson, and W. Timothy Polk
NIST SP 800-63
June 2004
http://csrc.nist.gov/publications
This recommendation provides technical guidance to federal agencies implementing electronic authentication. The recommendation covers remote authentication of users over open networks. It defines technical requirements for each of four levels of assurance in the areas of identity proofing, registration, tokens, authentication protocols, and related assertions.
Guide for Mapping Types of Information and Information Systems to Security Categories
By William C. Barker and Annabelle Lee
NIST SP 800-60
June 2004
http://csrc.nist.gov/publications
This guideline assists federal agencies to categorize information and information systems. The guideline’s objective is to facilitate provision of appropriate levels of information security according to a range of levels of impact or consequences that might result from the unauthorized disclosure, modification, or loss of availability of the information or information system. The guideline and its appendices document the following process steps: review of the security categorization terms and definitions established by FIPS 199; recommendation of a security categorization process; description of a methodology for identifying types of federal information and information systems; provisional security impact levels for common information types; discussion of information attributes that may result in variances from the provisional impact level assignment; and description of how to establish a system security categorization based on the system’s use, connectivity, and aggregate information content.
By Charles L. Wilson, Michael D. Garris, and Craig I. Watson
NISTIR 7110
May 2004
http://www.itl.nist.gov/iaui/894.03/pact/pact.html
This report discusses the flat-to-flat matching performance of the US-VISIT fingerprint matching system. Both one-to-many matching used to detect duplicate visa enrollments and one-to-one matching used to verify the identity of the visa holder are discussed. With the proper selection of an operating point, the one-to-many accuracy for a two-finger comparison against database of 6,000,000 subjects is 95% with a false match rate of 0.08%. Using two fingers, the one-to-one matching accuracy is 99.5% with a false accept rate of 0.1%.
------------------------------------------------------------------------------------------
For a free copy of the 2003 ITL Technical Accomplishments report, e-mail elizabeth.lennon@nist.gov
------------------------------------------------------------------------------------------
Dates: September 14-15, 2004
Place: DoubleTree Rockville Hotel, Rockville, Maryland
Sponsors: NIST and the Communications Security Establishment (CSE) of Canada
This symposium will
provide information regarding the Cryptographic Module Validation Program
(CMVP). Federal agencies and departments are required to comply with Federal
Information Processing Standard (FIPS) 140-2. This involves the acquisition of
validated cryptographic modules (which may be incorporated in a
product/application) for protecting sensitive but unclassified data.
Cryptographic modules are used to provide security services such as
confidentially, integrity, and authentication. FIPS 140-2 provides users with
1) a specification of security features that are required at each security
level, 2) flexibility in choosing security requirements and environments, and
3) a guide to ensuring the modules incorporate necessary security features. The
target audience is Security IT Developers (hardware and software), Security IT
Users, Cryptographic Module Vendors, Procurement Specialists, Testing
Laboratories, and IT Managers.
Technical Contact: Randy Easter, 301/975-4641, randall.easter@nist.gov
Conference Website: http://csrc.nist.gov/cryptval/cmvp2004/
The Biometric Consortium Conference (BC2004)
Dates: September 20-22, 2004
Place: Hyatt Regency Crystal City, Arlington, Virginia
Sponsors: NIST; National Security Agency; National Biometric
Security Project; DoD Biometrics Management Office; National Institute of
Justice; West Virginia Development Office; General Services Administration
Office of Electronic Government and Technology, Office of Governmentwide
Policy; and the National Science Foundation. Supporting
organizations include American National Standards Institute; International
Biometric Industry Association; InterNational Committee for Information
Technology Standards; BioAPI Consortium; and The Biometric Foundation.
This two and a half day conference will include over 15 sessions covering topics such as a tutorial on biometrics and a special session on Homeland Security to include presentations on the US-VISIT and Registered Travel Programs. Other sessions will focus on Biometrics Technologies, Identity Theft, Biometrics Solutions for Government and commercial users, and Biometric Interoperability and Standards. Conference presentations will also address the latest trends in biometrics research, development, testing and application of biometric technologies, and the important role that biometrics can play in the identification and verification of individuals in this age of heightened security and privacy. A special Research Session will include presentations of academic research and a Poster Session.
Technical Contact:
Fernando Podio, 301/975-2947, fernando.podio@nist.gov
Conference Website: http://www.biometrics.org/bc2004/
Disclaimer: Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by the National Institute of Standards and Technology nor does it imply that the products mentioned are necessarily the best available for the purpose.