ITL researchers are working with industry to promote the development of cost-effective, interoperable, and secure protocols for networking of pervasive computing devices. Our researchers made significant contributions to the work of the Institute of Electrical and Electronics Engineers (IEEE), which approved the IEEE 802.15.1 standard for wireless personal area networks (WPANs) on March 22, 2002. This was the long-awaited formal acceptance of the Bluetooth* Special Interest Group’s (SIG) Core Specification by a recognized standards body. Although the Bluetooth Core Specification defines all the layers from physical layer to the application layer, only the lower layers, which are considered within the scope of the IEEE 802 Medium Access Control and Physical layers, are included. This wireless technology operates in the 2.4 GHz frequency band and provides voice communications at 64 bit/s and data transfers up to 732 kbit/s at distances up to 10 meters. The technology is meant to be inexpensive, thus positioning itself for system integration as one of the pervasive computing technologies.
ITL has been involved in this effort since the Bluetooth SIG first released the specifications, and the IEEE 802.15 Working Group was formed. The work consisted of reviewing, verifying, and validating the protocols being defined. In order to ensure the completeness and correctness of the protocols, we created a formal description of the text prose using the ITU-T standardized formal description language called Specification and Description Language (SDL) that was included as an informative annex in the standard. SDL uses a finite state machine and describes the behavior in the form similar to a flow chart. This process generated thousands of comments and suggested changes that were incorporated in the Bluetooth specifications v1.1. In addition, ITL held the editorship of several sub-clauses in the draft standard and participated in the creation of the Protocol Implementation Conformance Statement (PICS) proforma.
IEEE 802.15.1 is the first in a series of new WPAN technologies being developed in IEEE 802.15. Under development are standards for higher (20 Mbit/s) and lower (250 kbit/s) rate WPANs. For more information about our participation in this effort, see http://w3.antd.nist.gov/antd_wpan_news.shtml or contact Nada Golmie, (301) 975-4190 or David Cypher, (301) 975-4855.
*Bluetooth SIG, Inc., U.S.A., owns the Bluetooth trademarks.
Computer Forensics Specification Reviews
Would you be willing to help review technical documents that relate to computer forensics? ITL’s Computer Forensics Tool Testing (CFTT) Project is establishing an e-mail list for the distribution of announcements concerning draft documents that are available for review by the information technology and computer forensics industries. Information on the project and the types of documents is available at http://www.cftt.nist.gov. If you would like to participate in the review process, please respond in the affirmative to cftt@nist.gov.
Even after opting into the list, you are not required to review any of the documents announced. If you are interested, you will be notified that the documents are available. If you would like to comment on them, please do so.
The process will work as follows:
· The document will be posted to our website in HTML or PDF format, and the announcement of its availability will be e-mailed to the recipients on the list who have indicated that they would like to be notified.
· Recipients will have 30 days from the date of the announcement to review and comment on the document.
· A summary of the comments and responses will be posted on the website.
If you have questions about the list, please let us know by sending e-mail to cftt@nist.gov or calling the Computer Forensics Tool Testing Project at (301) 975-3283.
The World Wide Web Consortium (W3C), in partnership with ITL, released the first version of the Document Object Model (DOM) Conformance Test Suite, Level 1 Core. The DOM Test Suite aims to help implementers test their implementations’ conformance with the W3C DOM Level 1 specification. This work, launched by W3C and ITL, is a publicly developed and open framework to test the DOM Level 1 Core implementations. The DOM is a platform- and language-neutral interface that allows programs and scripts to dynamically access and update the content, structure, and style of documents.
The DOM test suite consists of over 600 tests for the DOM Java and ECMA Script bindings. An additional set of 900+ tests for the HTML module and HTML-compatible core will be released soon. The test suite was developed using XML technology and automated test generation techniques. The tests are represented in an XML grammar (i.e., in XML schema and in DTD form) that was automatically generated from the DOM specification using an XSLT transform. These tests, which are language-neutral, are used together with XSLT stylesheets to generate the Java and ECMA Script bindings of the tests. This method of generating tests ensures traceability to the specification as well as a consistent set of executable tests across language bindings. The website is http://xw2k.sdct.itl.nist.gov/xml/index.html.
An independent study confirms industry’s early adoption and implementation of ITL’s Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard (AES). Since 1993, NAI Labs (formerly Trusted Information Systems) has been periodically surveying worldwide use of cryptographic products, most recently in December 2001. David Balenson, NAI Director of Technology Research, reported on the results of the latest survey at the February 2002 RSA Conference in San Jose, California. We are interested in this survey because it helps to gauge the effectiveness of our cryptographic standards program.
Balenson noted a trend of particular interest to ITL. The number of products worldwide that implemented the NIST Data Encryption Standard (DES), including triple DES, grew rapidly from 1999 through June 2001, but leveled off by December 2001. The slowdown in the announcement of new DES products apparently was due to the impending adoption of FIPS 197, AES, which was approved by the Secretary of Commerce on December 6, 2001. The NAI Labs survey found a total of 74 products had already implemented the AES, indicating very rapid acceptance and adoption of the AES algorithm, with companies already offering products in anticipation of final approval of the standard.
The early adoption of AES is perhaps more remarkable because, prior to the approval of FIPS 197, AES algorithm testing was not available through ITL’s Cryptographic Module Validation Program (CMVP), a program for assurance testing of cryptographic modules jointly operated by NIST and the Canadian Government Communications Security Establishment (CSE). ITL has now released an updated algorithm test tool to the CMVP laboratories that includes AES algorithm testing and expects to see many more AES implementations now that validation testing is available. The websites are http://aes.nist.gov and http://csrc.nist.gov/cmvp.
New FIPS Provides Mechanism for Message Authentication
On March 6, 2002, the Secretary of Commerce approved FIPS 198, The Keyed-Hash Message Authentication Code (HMAC), as a federal standard. A Federal Register Notice on April 3, 2002, announced the approved standard. FIPS 198 describes a keyed-hash message authentication code, a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative FIPS-approved cryptographic hash function, in combination with a shared secret key. The FIPS is available at http://www.itl.nist.gov/fipspubs/by-num.htm.
UPDATE ON NEW PUBLICATIONS
ITL publishes the results of studies, investigations, research, and conferences. The reports listed below may be available online or ordered from:
National Technical Information Service (NTIS)
5285 Port Royal Road
Springfield, VA 22161
Telephone (703) 605-6000
Rush Service (800) 553-6847
Fax (703) 321-8547 or (703) 321-9038
Home Page: http://www.ntis.gov/onow
The Tenth Text Retrieval Conference (TREC 2001)
Ellen Voorhees and Donna Harman, Editors
NIST Special Publication 500-250
April 2002
Online at http://trec.nist.gov/pubs.html
This report constitutes the proceedings of the Tenth Text REtrieval Conference (TREC-2001) held in Gaithersburg, Maryland, November 13-16, 2001. The conference was co-sponsored by NIST, the Defense Advanced Research Projects Agency (DARPA), and the Advanced Research and Development Activity (ARDA).
On the Gibbs Adsorption Equation for Diffuse Interface Models
By G. B. McFadden and A.A. Wheeler
NISTIR 6732
March 2001
PB2001-103929 $25.50 paper
Order from NTIS $12.00 microfiche
This paper discusses some applications of the classical Gibbs adsorption equations to specific diffuse interface models that are based on conserved and non-conserved order parameters. Such models are natural examples of the general methodology developed by J.W. Gibbs in his treatment of the thermodynamics of surfaces. We employ the methodology of J.W. Cahn, which avoids the use of conventional dividing surfaces to define surface excess quantities. We show that the Gibbs adsorption equation holds for systems with gradient energy coefficients, provided the appropriate definitions of surface excess quantities are used.
Admission Discharge and Transfer System Protection Profile (ADT-PP) (An ISO/IEC 15408 Security Protection Profile for a Healthcare IT Application System)
By R. Chandramouli and G. Marshall
NISTIR 6782
March 2002
PB2001-107827 $25.50 paper
Order from NTIS $12.00 microfiche
This document presents a set of security functional and assurance requirements for an Admissions Discharge and Transfer System (ADT). The ADT is a key information technology (IT) application system used in all major healthcare settings and is the first point of electronic capture of all individually identifiable healthcare information. The set of security functional and assurance requirements is expressed in a format that conforms to the Protection Profile (PP) framework that is the part of the ISO/IEC 15408 security criteria. The underlying motivation in developing the Admissions, Discharge and Transfer System PP (ADT-PP) is to demonstrate the use of a protection profile as a vehicle for capturing the dictates of public policy regulatory requirements in the form of IT application system security specifications (consisting of both security functional and assurance requirements) for healthcare IT application systems.
Agent Technology: Feasibility for Business and Manufacturing Application
By E. Fong, N. Ivezic, R. Korchark, Y. Peng, and T. Rhodes
NISTIR 6858
March 2002
PB2002-102237 $23.00 paper
Order from NTIS $12.00 microfiche
Electronic commerce (e-commerce) may be defined as the entire set of processes that support transaction activities on a network and involve information analysis. These activities spawn product information and display events, services, providers, consumers, advertisers, support for transactions, brokering systems for a variety of services and actions (e.g., finding certain products, finding cheaply priced products, etc.) The potential of agent-based systems has not been realized yet, in part because of the lack of understanding how the agent technology support business-to-business e-commerce processes. This report investigates the current state of agent technology and the feasibility of applying agent-based computing to business-to-business (b2b) e-commerce.
UPCOMING TECHNICAL CONFERENCES
This conference will discuss the current state of the art in DVD technology, standards, and applications for enterprise, archival, consumer, and homeland security applications.
Dates: June 3-4, 2002
Place: NIST, Gaithersburg, Maryland
Sponsors: DVD Association and NIST
Conference website: http://www.itl.nist.gov/div895/DVD2002/
ITL technical contact: Victor McCrary, victor.mccrary@nist.gov
Information Security Small Business Regional Workshops
NIST, in co-sponsorship with the Small Business Administration and the National
Infrastructure Protection Center's InfraGard Program, is holding a series of regional workshops about information security threats and solutions, especially designed for small and medium-sized businesses and not-for-profit organizations. Attendees will have the opportunity to explore practical tools and techniques that can be help them to assess, enhance, and maintain the security of their systems.
Date: July 11, 2002, in Washington, D.C.
Date: July 30, 2002, in Seattle, Washington
Date: August 1, 2002, in Los Angeles, California
Date: September 12, 2002, in New York, New York
Date: September 26, 2002, in Chicago, Illinois
Website: http://csrc.nist.gov/Bus_Regional_Mtgs/index.html
ITL technical contact: Alicia Clay, alicia.clay@nist.gov
Biometric Consortium Conference (BC2002)
This conference will appeal to a wide variety of individuals - policy developers and decision makers, industry and government executives, IT users and developers, IT CEOs and product managers, law enforcement officers, system integrators, personal authentication and information security specialists, educators and students, government, industry, and academia researchers. Topics to be covered include utilizing biometric-based solutions for a wide range of applications related with homeland security, the prevention of ID theft, and the integration of these solutions for any identification and verification application.
Dates: September 23-25, 2002
Place: Crystal City, Arlington, Virginia
Sponsors: Biometric Consortium, NIST, and NSA
Conference website: http://www.itl.nist.gov/div895/isis/bc/bc2002/home.htm
NIST technical contact: Fernando Podio, fernando.podio@nist.gov
--------------------------------
Disclaimer: Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by the National Institute of Standards and Technology nor does it imply that the products mentioned are necessarily the best available for the purpose.