A significant milestone in our research occurred recently when ITL mathematician Manny Knill demonstrated that it may be easier to build a quantum computer than previously thought. A full-scale quantum computer could produce reliable results even if its components performed no better than today's best first-generation prototypes, according to Knill’s paper in the March 3rd issue in the journal Nature. In the paper, entitled “Quantum Computing with Realistically Noisy Devices,” Knill proposes a fault-tolerant architecture based on hierarchies of qubits and quantum teleportation. Use of such an architecture could lead to reliable computing even if individual logic operations (“gates”) made errors as often as 3 percent of the time -- performance levels already achieved in NIST Physics Laboratory experiments with ion traps. The proposed architecture could tolerate error rates several hundred times higher than scientists previously thought necessary.
This important work significantly lowers the bar for experimentalists striving to demonstrate feasibility of quantum computation in various physical systems. Knill’s work also shows that there is a tradeoff between resource requirements (i.e., overhead) and gate fidelity. At a 3 percent probability of error per gate (EPG), resource requirements are substantial, though at 1 percent EPG, effective quantum computation seems feasible with resources comparable to the digital resources available in today's computers. The website is http://math.nist.gov/quantum/.
Achieving another record-breaking milestone, the NIST quantum communications team successfully implemented a complete fiber-based polarization encoded Quantum Key Distribution (QKD) system. The system operates at a clock rate of 1.25 Gbits/s. The initial trials of this system have resulted in a sifted key rate of about 2 Mbits/s at a 1.8 percent error rate when the transmission rate was 312.5 Mbits/s over 1 km of fiber. This is orders of magnitude faster than other QKD systems. In 2004, after a number of years of development, the NIST team announced its recorded breaking speed of 1 Mbits/s on their first QKD system – a free-space QKD system operating over 730 m between NIST North and the main NIST campus. Leveraging the infrastructure and knowledge gained on the initial free-space system, they were able to develop a fiber-based system in just six months. ITL scientists Xiao Tang and Alan Mink contributed to this effort. The website is http://w3.antd.nist.gov/quin.shtml.
Quantum information research is a collaborative effort within ITL, with contributions from four of our divisions, and across NIST, through a partnership of ITL, the Physics Laboratory, and the Electronics and Electrical Engineering Laboratory. Related articles http://www.nist.gov/public_affairs/releases/quantumkeys.htm
Voting System
Guidelines Project Moves Forward
On May 9, 2005, we delivered the draft Voluntary Voting System Guidelines (VVSG) to the U.S. Election Assistance Commission (EAC), within the statutory nine month deadline required under the Help America Vote Act (HAVA) of 2002. These guidelines serve as interim guidance to assist the states in preparing for the 2006 election. The document augments the 2002 Voting System Standard to address the critical areas of accessibility, usability, and computer security. In addition, the VVSG includes an improved glossary to promote common understanding, a conformance clause, and an updated appendix on error rates. The EAC now begins a ninety-day public comment period before approving final voluntary voting guidelines to the states.
The draft document submitted in May resulted from the fourth plenary session of the Technical Guidelines Development Committee (TGDC) on April 20-21, 2005. NIST scientists presented the final draft of the VVSG Version 1 for editing and approval by the committee. Along with recommendations for final edits, the TGDC approved the document as initial recommendations for voluntary voting guidelines required by HAVA. ITL is the lead organization at NIST on the HAVA voting standards effort. More information is available at http://vote.nist.gov.
FIPS 46-3, Data Encryption Standard, Withdrawn
A Federal Register notice of May 19, 2005, announced the withdrawal of FIPS 46-3, Data Encryption Standard (DES), and the associated FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard, and FIPS 81, DES Modes of Operation. FIPS 46-3 specified two cryptographic algorithms, DES and Triple DES, for use by federal agencies in protecting sensitive information. As part of a scheduled review process, NIST evaluated the standard in 2004 and determined that the strength of the DES algorithm was no longer sufficient to adequately protect federal government information. Future use of DES by federal agencies will be permitted only as a component function of the Triple Data Encryption Algorithm (TDEA). We will continue to make FIPS 46-3 specifying Triple DES available on our website at http://www.itl.nist.gov/fipspubs. However, NIST encourages agencies to implement the faster and stronger algorithm specified by FIPS 197, Advanced Encryption Standard (AES).
Our list of new publications features our work in computer security, government smart cards, biometrics, and electronic records systems. These publications are available online:
Cryptographic Algorithm s and Key Sizes for Personal Identity Verification
By William T. Polk, Donna F. Dodson, and William E. Burr
NIST Special Publication 800-78
April 2005
http://csrc.nist.gov/publications/nistpubs/index.html
The Homeland Security Presidential Directive HSPD-12 called for the creation of new standards for interoperable identity credentials for physical and logical access to Federal government locations and systems. Federal Information Processing Standard 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, was developed to establish standards for identity credentials. This document specifies the cryptographic algorithms and key sizes for PIV systems and is a companion document to FIPS 201.
Interfaces for Personal Identity Verification
By James F. Dray, Scott B. Guthery, and Teresa Schwarzhoff
NIST Special Publication 800-73
April 2005
http://csrc.nist.gov/publications/nistpubs/index.html
FIPS 201, Personal Identity Verification for Federal Employees and Contractors, specifies that the identity credentials must be stored on a smart card. NIST SP 800-73 contains technical specifications for smart card interfaces used to retrieve and use identity credentials. These specifications reflect the design goals of interoperability and PIV Card functions. The goals are addressed by specifying PIV data model, communication interface, and application programming interface (API). SP 800-73 enumerates requirements where the standards include options and branches and also constrains implementers' interpretation of the standards.
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
By Joan Hash, Pauline Bowen, Arnold Johnson, Carla Dancy Smith and Daniel I. Steinberg
NIST Special Publication 800-66
March 2005
http://csrc.nist.gov/publications/nistpubs/index.html
This publication summarizes the HIPAA security standards and explains some of the structure and organization of the Security Rule. The publication helps to educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule. The publication is also designed to direct readers to helpful information in other NIST publications on individual topics addressed by the HIPAA Security Rule.
Conformance Testing of the Government Smart Card
By Elizabeth Fong
NISTIR 7210
February 2005
http://xw2k.sdct.itl.nist.gov/smartcard
This paper presents the conformance testing methodology for the Government Smart Card Interoperability Specification. It presents some basic testing terminology and discusses a methodology on how to design conformance tests. The test strategy used for the design of this conformance test suite uses the Extensible Markup Language (XML), which is a declarative, implementation-neutral markup language. Finally, the paper explores the benefits and limitations of the conformance testing approach for the Government Smart Card Interoperability Specification.
NIST Biometric Evaluations and Developments
By Michael D. Garris and Charles L. Wilson
NISTIR 7204
February 2005
http://www.itl.nist.gov/iaui/894.03/pact/pact.html
This paper presents an R&D framework used by NIST for biometric technology testing and evaluation. The focus of the paper is on fingerprint-based verification and identification. Since 9-11, NIST has been mandated by Congress to run a program for biometric technology assessment and biometric systems certification. Four essential areas of activity are discussed: developing test datasets, conducting performance assessment, technology development, and standards participation. The document describes methods of performance testing and presents results from specific biometric technology evaluations. This framework is anticipated to have broad applicability to other technology and application domains.
Effect of Image Size and Compression on One-to-One Fingerprint Matching
By Craig I. Watson and Charles L. Wilson
NISTIR 7201
February 2005
http://www.itl.nist.gov/iaui/894.03/pact/pact.html
NIST conducted testing of one-to-one fingerprint matching systems to evaluate the effect of image size and compression on the accuracy of the one-to-one matching process. Images from three live-scan fingerprint scanners collected by the Departments of State and Homeland Security were used as test samples. Image sizes from 368 pixels by 368 pixels down to 180 pixels by 180 pixels were tested and compression ratios from no compression up to 30 to 1 were tested. Three commercial fingerprint-matching systems were used in the test. The results of the study show that image cropping quickly degrades matcher performance. Compression degrades matcher performance more slowly and may, for compression ratios of 15 to 1, increase performance. Image sizes below 320 by 320 should not be used. Image compression in the range up 20 to 1 produces minimal effects on fingerprint matching accuracy.
Specification for the Extensible Configuration Checklists Definition Format (XCCDF)
By Neal Ziring and John Wack
NISTIR 7188
January 2005
This document specifies the data model and XML representation for the Extensible Configuration Checklist Description Format. An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF specification is designed to support information interchange, document generation, organizational and situational tailoring, automated compliance testing, and compliance scoring. The specification also defines a data model and format for storing results of benchmark compliance testing. The intent of XCCDF is to provide a uniform foundation for expression of security checklists, benchmarks, and other configuration guidance, and thereby foster more widespread application of good security practices.
Toward an Architectural Framework to Improve Accountability in the Use of Electronic Records
By Gordon Lyon, Alan Mink, and Robert Van Dyck
NISTIR 7157
December 2004
http://w3.antd.nist.gov/pubs05.shtml
Sensitive electronic record systems (ERSs) raise questions about their proper use. Insider-threat involves hidden, unknown, and unanticipated activities that constitute unacceptable use of an ERS, even while operating within individual access privileges. Insider-threat detection and control is an ERS monitoring and management challenge of the first order. A flexible preliminary framework can encourage discussion and comparison among various monitoring elements for the insider-threat. The general framework may expedite development of common guidelines and methodologies to monitor insider threats. Although developed for medical services, the framework likely has applicability in other similar database areas such as security and intelligence archiving.
Biometric Consortium
Conference 2005 (BC2005)
BC2005 will address the latest trends in biometrics research, development, and application on biometric technologies. It will focus on the important role that biometrics can play in the identification and verification of individuals in this age of heightened security and privacy. It will examine the utilization of biometrics in government and commercial applications. The Biometric Consortium conferences provide a forum to discuss recent technology advances, new initiatives, standards, technology evaluation efforts, as well as biometric business models and market strategies.
Dates: September
19-21, 2005
Place: Hyatt Regency
Crystal City, Arlington, Virginia
Sponsors: NIST;
National Security Agency; National Biometric Security Project; DoD Biometrics
Management Office; National Biometric Security Project; Department of Homeland
Security; General Services Administration’s Office of Governmentwide Policy;
National Institute of Justice; and West Virginia USA.
Technical Contact: Fernando Podio, 301/975-2947, fernando.podio@nist.gov
Conference Website: http://www.biometrics.org/bc2005/
Disclaimer: Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by the National Institute of Standards and Technology nor does it imply that the products mentioned are necessarily the best available for the purpose.