Security and Transparency Subcommittee (STS) Conference Call
November 21, 2006


1) Administrative Updates
2) SW independent/dependent and innovation class presentation details
3) Final TGDC December meeting agenda for STS
4) Other Items
6) Next call Tuesday, November 28, 2006 at 10:30AM.

Participants: Alicia Clay, Allan Eustis, Angela Orbaugh, Barbara Guttman, Bill Burr, David Wagner, Helen Purcell, John Kelsey, Nelson Hastings, Quynh Dang, Rene Peralta, Ron Rivest, Wendy HAvens

Administrative Updates - Allan Eustis:

  • Draft papers for the December have been posted on the TGDC website. (Some may be modified over the next few days.)
  • There will be hard wire internet capabilities during the December meeting if anybody wants - just send Allan an email request.
  • STS will be first on the agenda for the December 4th meeting, followed by CRT the HFP. Allan has allotted more time to STS and CRT since HFP needed less time. A two hour timeframe has been added on to second day for introduction of resolutions & discussion.

SW Independent/Dependent and Innovation Class Presentation Details - Bill Burr

Plan to advocate developing a process where we can address an innovation class of voting machines that would include end-to-end, and possibly IV, solutions. The reason for a process instead of requirements is that (we) don't feel we're ready to write the kind of requirements that would be used for a test lab process except for very particular designs that would cut off innovation in an area that has hardly begun to develop.

The discussion will be about what that process will look like and when we'll have an outline for it, and who will be responsible for organizing it. This (evaluation panel) depends on experts doing it. There will be a lot of issues how this is put together, panel members - paid, FACA? Who will be motivated to put together a credible proposal and what is our role?

This will be a recommendation put forth. It is an EAC decision to implement and run the panel/group.

The evaluation process demands a high level of expertise. It is important to get a good panel, and this should be discussed. The process from the vendor's point of view: is it a one shot demand to build a credible system with the new innovation or is there an introductory period to get buy-in to a general idea of a new development. Maybe this should be done as a grant process to develop the new technology.

[NOTE: EAC is going to Congress to get authority for certain things like collecting money and assigning it out. Also to assign vendors to certain labs.]

Innovation class evaluation models were discussed: First one looks like an AES competition followed by the FIPS module evaluation. Second model looks like FDA (clinical trial) approval. A couple of states have talked about doing pilots with new systems.

There are costs for the vendors in developing new hardware; and cost for the experts evaluating them. Patents were discussed - if a vendor comes up with new technology, they may want to patent it so other vendors are not able to start with their work. Opinions were expressed that this shouldn't be a competition, but maybe it should be a qualification process.

Question came up about whether there should be a competition for the cryptographic algorithm protocol that the academic could do, and then once appropriate algorithms or protocols from that competition, you let the business community pick up from there.

An interesting discussion on examples, possibilities, and processes for how this would work took place, taking into account some entirely new technology and also changing existing profiles.

The innovation class model may want to be done also at a minor level taking into account machines that were pre-certified but have enough new variations to warrant a review.

We want to keep in mind that we created this innovation class for a specific reason. For the December meeting, we should get agreement from the TGDC that this is a good direction to proceed in and then when the standard comes up for review in four years, we can look into how to expand on the innovation class or how to expand on existing profiles. It still has to be determined if we can lay out a process for the innovation class by July. Consensus seemed to be that it could be done. We need criteria for when the project begins. We have to have barriers for people to enter the grant competition so we only get credible proposals.

Systems would still have to go through ITA/VSTL for testing, but they would have to go through a special security panel to make sure they meet security requirements. There needs to be a review of the design and implementation at some time.

For things where we can write testable requirements, the test labs will be able to evaluate systems. When we get into innovation class, we won't be able to write requirements that are testable, i.e., the crypto protocol or an IV system. [Testing labs hire contractors, and they should be able to hire the experts that could do the evaluations. A lot of pressure is on the manufacturers to do the testing, part of the process is getting independent reviews and tests of new systems.]

For the December meeting we're looking for their approval to proceed in this direction, and we will provide them with a process in VVSG 07. Is the process specified in the standard or separate (in July as well)? There must be a path within the standard that tells you where the process is - we may have to leave some details vague. There should be no mention of possible grants.

We need to start having some substantive discussions with EAC about what should be in the standards and what should be outside the standards. We're looking for buy-in from the TGDC in December and if it goes in the final for VVSG 07 it could be determined that the EAC will work with NIST to come up with the process. STS should draft a resolution for the December meeting saying that TGDC supports the innovation class and asks NIST to develop the process.

STS Agenda Items for December TGDC Meeting

Presenters are still being decided for each section of the agenda.

#1 - Restructuring the security components of VVSG 2007 (very high level discussion) (30 min)

  • New architecture with audit base (paper forthcoming, main piece is about threats)
  • Related, high level testing expectations (will include discussion of OEVT [white paper before meeting] and security documentation)

#2 - Position on SW dependent systems and the innovation class alternative (white paper posted) (90 min)
(Ron and John Wack to decide who's doing what part of the presentations.)

#3 - Significant changes in requirements (60 min)

  • Wireless (may be members that understand and think they need to do wireless, white paper to be posted)
  • Changes to HW (what the policy is about backwards compatibility, currently states use new standards when purchasing new equipment)
  • Set-up validation - as time permits
  • New VVPR requirements - as time permits (white paper)
  • New electronic records requirements - as time permits (white paper)
  • Others?

There should be good abstracts/summaries at the beginnings of all our white papers. Papers are due to Allan by Wednesday, November 22, cob. Slides to Allan by Wednesday a.m., November 29.

John Wack to send email about developing standards for software IV, some NIST staff feel we could/should be doing more work, and some disagree. This issue should be discussed before meeting. Some EAC members feel we should be forthcoming with more requirements for this class. John Kelsey needs to be ready to discuss.
John Wack will send out note to TGDC with more details about what each committee will be presenting.

Charter for TGDC runs through June 2007.

Next meeting, Tuesday, November 28, 2006.

Teleconferences from 2004, 2005, 2006 and upcoming in 2006.


Link to NIST HAVA Page

Last updated: July 25, 2007
Point of Contact

Privacy policy / security notice / accessibility statement
Disclaimer / FOIA
NIST is an agency of the U.S. Commerce Department