ITL NEWSLETTER FOR AUGUST 2006
ITL Focuses on Assessing Bone Health
In collaboration with the
International Society for Clinical Densitometry (ISCD), ITL and three other
NIST laboratories organized a U.S. Measurement System Workshop on Standards and
Measurements for Assessing Bone Health. The workshop focused on accuracy and
standards in the non-invasive measurement of bone mineral density (BMD) using
dual-energy X-ray (DXA) technologies. Low BMD is the defining characteristic of
osteoporosis, a bone disease which affects over 10 million elderly Americans
every year. The 2004 Surgeon General’s report, Bone Health and Osteoporosis, estimates that one in two women over
age 50 will suffer from an osteoporotic fracture over their lifetime. Annual
treatment costs exceed $14B, and many of the secondary problems arising
subsequent to osteoporotic fracture can lead to death. The report predicts that
the incidence of osteoporotic fracture will double to triple in the next 15
years as a result of an aging American population.
DXA is the primary
bio-imaging technology used by physicians to screen for low BMD, as well as to
monitor patient treatment. During a DXA scan, a patient is illuminated by a
beam source designed to emit X-rays at two energies. The differential attenuation
of the two beams is measured by detectors and inverted for bone mineral content
which is reported in grams. The radiographic image is then analyzed by computer
to determine the bone area which is reported in centimeters squared. The ratio
of those two measurements defines the areal bone mineral density, the primary
quantity used for diagnosis and clinical monitoring of osteoporosis and related
bone diseases. There are several problems with DXA measurement of BMD as it
exists today: its accuracy is inadequate for some of if its intended purposes,
the BMD as measured by DXA is vendor-specific, and the output of DXA devices is
not traceable to fundamental SI units. We expect that ITL's expertise in area
such as image processing and statistical analysis will contribute to future
NIST efforts to satisfying the identified needs of the heathcare community for
improved technology and standards for the measurement of bone mineral density.
The present state of affairs
within DXA is similar to that of mammography prior to congressional passage of
the "Mammography Quality and Standards Act" in 1992, which tasked the
FDA with standardizing multiple components of mammogram screening as well as
creating quality control and assurance guidelines for clinics. In turn, the FDA
requested a NIST role in the creation and dissemination of the necessary
physical standards. These standards are currently maintained by NIST’s Ionizing
Radiation Division and have resulted in significant improvements in mammography
accuracy as well as reduction in procedure cost.
Testing for CMAC Algorithm Initiated
In April 2006, ITL’s
Cryptographic Algorithm Validation Program (CAVP) announced the addition of
validation testing for the CMAC authenticated mode of operation algorithm. The
cipher-based MAC (CMAC) algorithm is specified in NIST Special Publication
800-38B, Recommendation for Block Cipher
Modes of Operation: The CMAC Mode for Authentication,
dated May 2005. It is based on an approved symmetric key block cipher such as
the Advanced Encryption Standard (AES) algorithm or the Triple Data Encryption
Algorithm (TDEA). CMAC provides stronger assurance of data integrity than a
checksum or an error detecting code. It is designed to detect intentional,
unauthorized modifications of the data, as well as accidental
modifications.
The
CAVP validates cryptographic algorithms, providing assurance that the algorithm
implementation has been implemented correctly based on the specifications given
in the associated cryptographic standard. In addition to the CMAC algorithm,
other cryptographic algorithms currently validated by the CAVP include the
Advanced Encryption Algorithm (AES), the Triple Data Encryption Algorithm
(TDES), the Digital Signature Algorithm (DSA), the Secure Hash Algorithms
(SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512), the Random Number Generator
algorithm (RNG), the Reversible Digital Signature Algorithm (RSA), the Elliptic
Curve Digital Signature Algorithm (ECDSA), the Keyed Hash Message
Authentication Code (HMAC) algorithm, and the authenticated encryption mode of
operation algorithm (CCM).
Both
the CAVP and the Cryptographic Module Validation Program (CMVP) have provided
quality improvement in cryptographic algorithm and module implementations.
Statistics show that 25 percent of the algorithm implementations and 48 percent
of the modules submitted for testing and perceived to be ready for the
marketplace, were found to be incorrect. The CAVP and the CMVP allow these
errors to be quickly isolated and corrected before the products are used by
industry and federal agencies. The website is http://csrc.nist.gov/cryptval.
ITL recently hosted a group
of 18 undergraduate students who visited NIST to learn how mathematics and
statistics are used in science and engineering research. The students participate
in the Math SPIRAL (Summer Program In Research And
Learning) program of the
Our list of selected new
publications, available online, features work in random number generation,
personal identity verification, secure domain name system deployment, face
recognition, a program for computing power crusts of an aggregate, fingerprint
image quality, and a glossary of information security terms.
Recommendation for Random Number
Generation Using Deterministic Random Bit Generators
By Elaine Barker and John
Kelsey
NIST Special Publication
800-90
http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90_DRBG_June2006.pdf
This recommendation specifies
mechanisms for the generation of random bits using deterministic methods. The
methods provided are based on cryptographic hash functions, block cipher
algorithms, or number theoretic problems.
PIV Card Application and Middleware
Interface Test Guidelines (SP800-73 compliance)
By Ramaswamy Chandramouli,
Levent, Eyuboglu, and Ketan Mehta
NIST Special Publication
800-85A
April 2006
http://csrc.nist.gov/publications/nistpubs/800-85A/SP800-85A.pdf
In
support of NIST’s Personal Identify Verification (PIV) program, this document
provides derived test requirements and test assertions for generating
conformance tests for various classes of specifications in SP 800-73, Interfaces for Personal Identity
Verification.
Secure Domain Name System (DNS)
Deployment Guide
By Ramaswamy Chandramouli and
Scott Rose
NIST Special Publication 800-81
May 2006
http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf
This document provides
deployment guidelines for securing the Domain Name System (DNS), which translates
domain names to IP addresses and back. The primary security goals for DNS are
data integrity and source authentication; the publication gives extensive
guidance on these topics. Also presented are guidelines for configuring DNS
deployments to prevent denial of service attacks that exploit vulnerabilities
in various DNS components.
Preliminary Face Recognition Grand
Challenge Results
By P.J. Phillips, P.J. Flynn,
W.T. Scruggs, K.W. Bowyer, and
NISTIR 7307
April 2006
http://face.nist.gov/frgc/presentations.htm
The goal of the Face
Recognition Grand Challenge (FRGC) is to improve the performance of face
recognition algorithms by an order of magnitude over the best results in Face Recognition
Vendor Test (FRVT) 2002. The FRGC is designed to achieve this performance goal
by presenting to researches a six-experiment challenge problem along with a
data corpus of 50,000 images. The paper presents preliminary results of the
FRGC for all six experiments. Preliminary results indicate that significant
progress has been made towards achieving the stated goals.
AGGRES: A Program for Computing Power
Crusts of Aggregates
By Javier Bernal
NISTIR 7306
April 2006
http://math.nist.gov/~JBernal/JBernal_Pub.html
This paper discusses AGGRES,
a Fortran 77 program for computing a power crust of an aggregate. AGGRES takes
a finite set of points from the surface of an aggregate, i.e., a three-dimensional
object with no holes that contains its center of mass in its interior, and
computes a piecewise-linear approximation of the surface of the object called a
power crust. AGGRES is based on an algorithm by Amenta, Choi, and Kolluri for
computing power crusts using power diagrams. Besides a power crust of the
object, the program also produces the area of the power crust and the volume of
the solid it encloses.
NIST Fingerprint Image Quality (NFIQ)
Compliance Test
By Elham Tabassi
NISTIR 7300
April 2006
http://fingerprint.nist.gov/NFIS/NFIQcompliance.pdf
In August 2004, NIST
published a novel measure of fingerprint image quality, which can be used to
estimate fingerprint match performance. The definition and methodology of NIST
Fingerprint Image Quality (NFIQ) is documented and its implementation is
publicly available, but subject to
Glossary of Key Information Security
Terms
Richard Kissel, Editor
NISTIR 7298
May 2006
http://csrc.nist.gov/publications/nistir/NISTIR-7298_Glossary_Key_Infor_Security_Terms.pdf
This
glossary of basic security terms was extracted from NIST Federal Information
Processing Standards (FIPS) and the Special Publication (SP) 800 series. The
glossary provides a central resource of definitions most commonly used in NIST
security publications.
MINEX, Performance and Interoperability
of the INCITS 378 Fingerprint Template
By Patrick Grother, Mike
McCabe, Craig Watson, Mike Indovina, Wayne Salamon, Pat Flanagan, Elham
Tabassi, Elaine Newton, and Charles Wilson
NISTIR 7296
March 2006
http://fingerprint.nist.gov/minex04/
The Minutiae Interoperability
Exchange Test 2004 (MINEX) was performed with 14 participating vendors to
determine the feasibility of using standard templates as the interchange medium
between different systems. This test was designed to determine whether various subsets
of vendors and combinations of encoding schemes, authentication templates,
enrollment templates, and fingerprint matchers will produce successful matches.
MINEX found that the ability to make interoperable templates does not imply the
ability to make an accurate matcher, and template extractors and matchers need
to be certified separately.
MARK YOUR CALENDAR
Second
Cryptographic Hash Workshop
As a follow-on to the first
Cryptographic Hash Workshop held Oct. 31-Nov. 1, 2005, ITL plans to host a series
of public workshops to focus on hash function research in preparation for
developing additional hash function(s) through a public competition. The next
workshop will be held as follows:
Dates: August 24-25, 2006 (in conjunction with Crypto 2006)
Place:
Technical contact: Shu-jen Chang, (301) 975-2940, shu-jen.chang@nist.gov
Conference website: http://www.nist.gov/hash-function
Biometric
Consortium Conference 2006 (BC2006)
BC2006 will address the important
role that biometrics can play in the identification and verification of
individuals in this age of heightened security and privacy by examining
biometric-based solutions for homeland security (airport security, travel
documents, visas, border control, prevention of ID theft) as well as the
utilization of biometrics in other applications such as point of sale and
large-scale enterprise network environments. BC2006 will provide a forum to
address biometric research, recent technology advancements, government
initiatives, adoption of biometric standards, and biometrics and security.
Dates: September 19-21, 2006
Place:
Sponsors: NIST; National Security Agency; DoD Biometrics; Department of
Homeland Security and National Institute of Justice
Technical Contact: Fernando Podio, 301/975-2947, fernando.podio@nist.gov
Conference website: http://www.nist.gov/bc2006/
A National
To explore the best way to
enable the vision of connected home-based health delivery through public-private
partnerships, the Center for Aging Services Technologies (CAST) the Department
of Commerce Technology Administration, and the National Institute of Standards
and Technology will host a National Summit to identify issues around the needs
and challenges to make interoperability a reality. Recommendations from the
Dates: October 18-19, 2006
Place: NIST,
Sponsors: NIST, DoC
Technology Administration, and CAST
Technical contact: Jayne
Orthwein, 301/975-3176, jayne.orthwein@nist.gov
Conference website: http://www.itl.nist.gov/Healthcare%20Summit/announce.htm
Disclaimer: Any mention of commercial products or reference to
commercial organizations is for information only; it does not imply
recommendation or endorsement by the National Institute of Standards and
Technology nor does it imply that the products mentioned are necessarily the
best available for the purpose.