Computer Security
Division Contact: William Barker
Our research and development efforts focus on several areas:
 |
common, interoperable cryptographic security technology, such as algorithms, functionality, interfaces, and protocols; |
|
public key infrastructure for managing public key certificates needed to facilitate date integrity, authentication, access control, non-repudiation, and data confidentiality services in global applications; and |
|
application interfaces for cryptographic modules. |
Development efforts include standards, such as the Advanced Encryption Standard, guidance on the use of cryptographic technology, and conformance tests so that strong cryptographic mechanisms will be available for the protection of sensitive information.
Cryptographic standards promote interoperability and an acceptable level of security. Testing of products that were built to conform to the standards verifies that the provisions of the standards were implemented correctly. We have begun testing of more complex cryptographic modules through accredited, private-sector laboratories and plans to promote testing of entire systems in the future. The cryptographic module validation program encompasses testing for cryptographic modules (Federal Information Processing Standard, or FIPS 140-2), the Data Encryption Standard and its modes of operation (FIPS 46-3 and 81), the Secure Hash Standard (FIPS 180-1), and the Digital Signature Standard (FIPS 186-2).
Contact: Bill Burr
Our research, development, and application efforts focus on secure, interoperable systems to protect the integrity, confidentiality, reliability, and availability of information and systems. R&D efforts address technical areas such as advanced countermeasures (for example, intrusion detection, mobile agents, and smart cards); vulnerability analysis and mitigation, access control, and security testing; security criteria and metrics; assurance methods; role-based access control; and Internet protocol security.
The National Information Assurance Partnership is jointly organized and run by NIST and the National Security Agency to:
|
promote the development and use of evaluated information technology products and systems; |
|
champion the development and use of national and international standards for information technology security; |
|
foster research and development in information technology security requirements definition, test methods, tools, techniques, and assurance metrics; |
|
support a framework for international recognition and acceptance of information technology security testing and evaluation results; and |
|
facilitate the development and growth of a U.S. commercial security testing industry. |
Contact: Tim
Grance
Computer and Network Security Facility
The NIST Computer and Network Security Facilities are used to build, test, and implement the security of various security and cryptographic countermeasures. Research is aimed at applying methods to protect the secrecy and integrity of information in computer systems and data networks, evaluating techniques to control access to information resources, and developing computer and network security architectures to determine proper implementation of controls for integrity and confidentiality of information and authentication of users.
Capabilities: The facility is equipped with desktop computers, workstations, other specialized security devices, and access to a variety of systems. Several communications technologies and applications environments are available for research efforts for developing and testing security protocol and cryptographic standards.
Test and evaluation capabilities include:
|
specific functionality tests of cryptographic modules; |
|
test methodologies for network security protocols, public key infrastructures (PKI), and SecureMail; |
|
specific criteria used to evaluate the functionality and assurance of systems that handle unclassified, sensitive data; |
|
security engineering capabilities for integrating multiple heterogeneous components into a security architecture. |
Laboratories in the facility include the Security Technology Laboratory, the Public Key Infrastructure Laboratory, the S/MIME Laboratory, the Internet Protocol Security Laboratory, the Emerging Technology Laboratory, and the Role-Based Access Control Laboratory. The facility also includes a testbed and network simulator for testing intrusion detection systems.
Applications: The facility is used primarily to develop and test federal and international standards for computer and network security. Support is provided to other federal agencies and industry where the protection of unclassified data is required.
Availability: Collaborative research programs can be arranged.
Contact: William Barker
Date
created:October
22, 2001
Last modified:
July 17, 2006
Aug. 07, 2007
Contact: inquiries@nist.gov