ITL has been researching, developing, testing, and evaluating biometric technologies for more than 30 years. We provide fingerprint interoperability standards and evaluation technology for the Department of Justice, the Federal Bureau of Investigation, the Department of Homeland Security, and the National Institute of Justice, as well as developers, vendors, and law enforcement organizations at the federal, state, and local levels. Much of our work is mandated by legislation such as the USA PATRIOT Act of 2001 and the Enhanced Border Security and Visa Entry Reform Act of 2002.
For the U.S. Department of Justice, we conducted the Fingerprint Vendor Technology Evaluation (FpVTE) 2003, an independently administered technology evaluation of the accuracy of fingerprint matching, identification, and verification systems. The FpVTE is one of the tests that ITL conducted in order to fulfill part of its USA PATRIOT Act mandate. Additional evaluations include the testing of the FBI IAFIS system, the US-VISIT IDENT System and SDKs (Software Development Kits) from several vendors. Eighteen different companies competed in FpVTE, and 34 systems were evaluated. Different subtests measured accuracy for various numbers and types of fingerprints, using operational fingerprint data from a variety of U.S. Government sources.
The most accurate systems were found to have consistently very low error rates across a variety of data sets. The variables that had the clearest effect on system accuracy were the number of fingers used and fingerprint quality. An increased number of fingers resulted in higher accuracy. The accuracy of searches using four or more fingers was better than the accuracy of two-finger searches, which was still better than the accuracy of single-finger searches. The test also shows that the most accurate fingerprint systems are more accurate than the most accurate facial recognition systems, even when comparing the performance of operational quality single fingerprint to good quality face images. We published the results of this evaluation as NISTIR 7123, Fingerprint Vendor Technology Evaluation 2003: Summary of Results and Analysis Report, available at http://fpvte.nist.gov/report/ir_7123_summary.pdf.
In a related evaluation, we conducted testing of one-to-one SDK (Software Development Kit)-based COTS fingerprint matching systems to evaluate the accuracy of one-to-one matching used in the US-VISIT program, the new entry/exit system designed to better protect U.S. borders. Fingerprint matching systems from eight vendors not used in US-VISIT were also evaluated as a way to assure that the accuracy of the matcher tested was comparable to the most accurate available COTS products. The SDK-based matching application was tested on 12 different single finger data sets of varying difficulty. The average true accept rate (TAR) at a false accept rate (FAR) of 0.01 percent was better than 98 percent for the two most accurate systems while the worst TAR at a FAR of 0.01 percent was greater than 94 percent. The data sets used and the ranking of the systems are discussed in detail in NISTIR 7119, Studies of One-to-One Fingerprint Matching with Vendor SDK Matchers, available at http://fingerprint.nist.gov/SDK/ir_7119.pdf.
A third evaluation focused on the quality of fingerprint image. ITL researchers proposed a new definition of quality of fingerprint impressions and presented detailed algorithms to measure image quality for fingerprints. We defined fingerprint image quality as a predictor of matcher performance before a matcher algorithm is applied. In other words, presenting the matcher with good quality fingerprint images will result in high matcher performance, and vice versa, the matcher will perform poorly for poor quality fingerprints. We also carried out an objective evaluation of the quality assessment of fingerprint images. Our quality measure is implemented in the C programming language and has been tested on 20 different live scan and paper fingerprints datasets collected in different operational settings. Our implementation is publicly available as part of NIST’s fingerprint software. NISTIR 7151, Fingerprint Image Quality, is available at http://www.itl.nist.gov/iaui/894.03/pact/pact.html.
ITL Launches Website for Verification of Voting
Software
We recently activated a website that allows verification
that voting software, provided by cooperating vendors, has not been modified.
The website enables any person, for the first time, to compare specific
versions of voting system software to software provided by participating
vendors to ITL. This process, known technically as digital signature or hash
comparison, is used widely in computer security applications to assure that
software has not been altered. At the request of the U.S. Election Assistance
Commission (EAC), ITL received software directly from six voting software
vendors. The EAC hosted a press teleconference to announce the availability of
the website. The website, http://www.nsrl.nist.gov/votedata.html, is part of
our National Software Reference Library (NSRL).
The program, known as NSRL for Voting, is a
first step in being able to trace software from the vendor through the
accreditation process to the states and other purchasers of voting systems.
Since ITL now has copies of vendor software with digital signatures publicly
available, election authorities have a reference database to use for the
comparison of digital signatures of software provided to them by vendors.
However, only digital signatures of the same versions of software voluntarily
provided by voting software vendors are available on the website. Election
authorities having other versions of the software, or versions that have been
altered for authorized reasons, will be unable to use the website for a digital
signature comparison. The program may be used only with software that has
not yet been installed on a voting machine. With limited exception, once
software is installed on a voting machine, it is incapable of generating a
digital signature. The website is http://www.nsrl.nist.gov/.
Document on Care and Handling of CDs and DVDs
Most Requested ITL Publication
With 496,420 hits, NIST Special Publication
500-252, Care and Handling of CDs and DVDs – A Guide for Librarians and
Archivists, by Fred R. Byers, was the most requested URL in ITL over the
time period October 2002 to August 2004, according to the NIST web page
collecting usage statistics. This number does not include requests for the
document on the Council on Library and Information Resources (CLIR) website,
which posts it in both PDF and HTML formats. A co-publisher of the document,
CLIR is an independent, nonprofit organization, which through projects,
programs, and publications, works to maintain and improve access to information
for generations to come.
The popularity of ITL’s guide is a testament of
the enormous interest in this area.
The high demand for the publication is a great
return on ITL/NIST/CLIR investment, contributing to increased recognition of
ITL as a useful information source for the public as well as the industry.
The
document is available at http://www.itl.nist.gov/div895/carefordisc.
ITL announces the second public draft of NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems. The draft guideline provides a recommended set of security controls for low-, moderate-, and high-impact information systems based upon the security categorization of the system as defined in FIPS 199, Standards for Security Categorization of Federal Information and Information Systems.
Draft NIST SP 800-53 is available at http://csrc.nist.gov/publications/drafts.html#sp800-53. Comments
are invited and may be sent to sec-cert@nist.gov
until November 30, 2004.
ITL publishes guidance documents, research results, and conference proceedings. The publications listed below are available online:
Ellen M. Voorhees and Lori P. Buckland, Editors
NIST Special Publication 500-255
May 2004
By Rick Ayers and Wayne Jansen
NISTIR 7100
August 2004
http://csrc.nist.gov/publications/nistir/index.html
Digital handheld devices, such as Personal Digital Assistants (PDAs), are becoming more affordable and commonplace in the workplace. When handheld devices are involved in a crime or other incident, forensic specialists require tools that allow the proper retrieval and speedy examination of information present on the device. This report gives an overview of current forensics software, designed for acquisition, analysis, reporting of data discovered on PDAs, and an understanding of their capabilities and limitations.
Securing Voice Over Internet Protocol (IP) Networks
By Thomas J. Walsh and D. Richard Kuhn
ITL Bulletin
October 2004
http://www.itl.nist.gov/lab/bulletns/cslbull1.htm
Voice over IP – the transmission of voice over traditional packet-switched IP networks – is one of the hottest trends in telecommunications. As with any new technology, VOIP introduces both opportunities and problems. Lower cost and greater flexibility are among the promises of VOIP for the enterprise, but security administrators will face significant challenges.
Federal Information Systems Security Educators’ Association (FISSEA) Annual Conference
Dates: March 22-23, 2005
Place: Bethesda North Marriott Hotel & Conference Center, North Bethesda, Maryland
Sponsors: NIST and FISSEA
With a theme of “Target Training in 2005,” the conference will include presentations, papers, tutorials, and panels. Typical topics include management of information security programs and personnel, conducting security training, information security and assurance curriculums, supporting technologies (network, wireless, encryption, vulnerability tools, educational tools), security labs, intrusion response programs, organizational behavior, certification, regulations, and emerging technologies.
NIST contact: Peggy Himes, peggy.himes@nist.gov
Conference website: http://www.nist.gov/public_affairs/confpage/050322htm.htm
4th Annual PKI
R&D Workshop: Multiple Paths to Trust
Dates: April 19-21,
2005
Place: NIST,
Gaithersburg, Maryland
Sponsors: NIST,
National Institutes of Health, and Internet 2, in cooperation with USENIX and OASIS
This workshop
considers the full range of public key technology (PKI) used for security
decisions and supporting functionalities, including authentication,
authorization, identity (syndication, federation, and aggregation), and trust.
This year, the workshop will focus on how PKI and emerging trust mechanisms
will interact with each other at technical, policy, and user levels to support trust
models that lack a central authority. The target audience is security
researchers from academia and industry.
NIST contact: Nelson
Hastings, nelson.hastings@nist.gov
Conference website: http://www.nist.gov/public_affairs/confpage/new050419.htm
Disclaimer: Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by the National Institute of Standards and Technology nor does it imply that the products mentioned are necessarily the best available for the purpose.