NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.

Slides:

Advertisements

Similar presentations

Establishing a New Accreditation Program in the U.S.

Advertisements

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

GEOSS Data Sharing Principles. GEOSS 10-Year Implementation Plan 5.4 Data Sharing The societal benefits of Earth observations cannot be achieved without.

Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.

1. PUBLIC PARTICIPATION WATER USER ASSOCIATION BACKGROUND The Constitution of the Republic of South Africa requires the institutions of the state to.

 Plan, develop, and distribute course calendars, rules, and materials  Document enrollment, participation, and communications  Inform learners of progress.

Interoperability Roadmap Comments Package Implementation, Certification, and Testing (ICT) Workgroup February 13, 2015 Liz Johnson, co-chair Cris Ross,

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.

OpenStand and IEEE 802 Konstantinos Karachalios Managing Director, IEEE-SA 17 November 2012.

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.

Architecture Decision Group Group Organization & Processes April 7, 2015 | Tuesday.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

April Amman, Jordan DoHoon KIM Senior Research Fellow Korea Institute for Industrial Economics and Trade.

Legal Agreements and Policy Work Group Co-facilitators: Linda Attarian and Jill Moore Dial: Enter room#: * * (don’t forget the asterisks.

Second Independent Evaluation Roles / Responsibilities & Relationships.

Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.

OPTIONS AND REQUIREMENTS FOR ENGAGEMENT OF CIVIL SOCIETY IN GEF PROJECTS AND PROGRAMMES presented by Faizal Parish Regional/Central Focal Point GEF NGO.

Accreditation and Proficiency Testing. APT Subcommittee MembershipMeeting Activities 21 members, 15 non- Commissioners Representation: Accreditation bodies.

Guiding principles for the Federal acquisition system

EVALUATION IN THE GEF Juha Uitto Director

REC Subject Review Phase 1: Expert Panel Report and Recommendations.

LOCAL BUFFER SUPPORT PROGRAM 1 May 2014 MAV. Liveability, growth and waste As Melbourne continues to grow, we need secure the right mix of resource recovery.

Translating Knowledge to On-the-Ground Results Henry L. Green, Hon. AIA National Institute of Building Sciences Congressional.

Evaluation in the GEF and Training Module on Terminal Evaluations

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

OpenStand Principles for the modern paradigm for standards development.

STANDARDS OVERVIEW Wednesday, April 30, 2015 KAREN RECZEK, STANDARDS COORDINATION OFFICE, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

HECSE Quality Indicators for Leadership Preparation.

Technical Assistance Grants to Communities Pipeline Safety Trust Conference New Orleans November 20, 2008 Steve Fischer PHMSA/Office of Pipeline Safety.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

National Institute of Standards and Technology Information Technology Laboratory 1 USG Cloud Computing Technology Roadmap Next Steps NIST Mission: To promote.

World summit on the information society 1 WSIS: Internet Governance President of the WSIS Phase II Preparatory Committee Ambassador Janis Karklins April.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Levels of Assurance in Authentication Tim Polk April 24, 2007.

Smart Grid Interoperability Panel & ISO / RTO Council Smart Grid Projects David Forfia SGIP Governing Board Member – Stakeholder Category 21 ISO/RTO Sponsor.

The Commission's Impact Assessment system 18 September 2014 María Dolores Montesinos Impact Assessment unit Secretariat General 1.

Overview of Issues and Interests in Standards and Interoperability Mary Saunders Chief, Standards Services Division NIST.

Security Checklists for IT Products. Agenda Overview of Checklist Program Discussion of Operational Procedures Current Status Next Steps.

Empowerment and Protection of Consumers in ICT Market PRESENTED AT THE STAKEHOLDERS FORUM ON QUALITY OF SERVICE AND CONSUMER EXPERIENCE 23 RD – 25 TH NOVEMBER,

Revised AQTF Standards for Registered Training Organisations Strengthening our commitment to quality - COAG February August 2006.

Workshop For Reviewers Operating the Developmental Engagements Prof. Dr. Hala SalahProf. Dr. Hoda ELTalawy.

An adoption phase for RDA WGs?. Background WGs end after 18 months WGs (and some IGs) produce outputs, but adoption of these outputs often only takes.

PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.

ELECTRONIC SERVICES & TOOLS Strategic Plan

Royal Society of Chemistry Food Group Vision & Mission June 2015.

National Geospatial Advisory Committee State of the Committee National Geospatial Advisory Committee May 2009.

HPTN Ethics Guidance for Research: Community Obligations Africa Regional Working Group Meeting, May 19-23, 2003 Lusaka, Zambia.

Special Meeting on Procedures for Information Exchange November 7, 2007 Geneva Session 1 Anne Meininger United States USA WTO TBT Enquiry Point.

Current Issues in Pensions Seminar 27 March 2008, Edinburgh Clearance – the Pensions Regulator’s perspective Fraser Low.

IANA Stewardship Transition & Enhancing ICANN Accountability Panel and Audience discussion | WSIS Forum | 5 May 2016.

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

DG Enterprise and Industry European Commission Standardisation Aspects of ICT and e-Business Antonio Conte Unit D4 - ICT for Competitiveness and Innovation.

EIAScreening6(Gajaseni, 2007)1 II. Scoping. EIAScreening6(Gajaseni, 2007)2 Scoping Definition: is a process of interaction between the interested public,

Joint Principles for Adaptation (JPAs) By Marlene/Rudolf

Security Checklists for IT Products

Update from the Faster Payments Task Force

GEF Familiarization Seminar

Women business owners are 10 million strong

Flag and Logo USAID/Pakistan Alumni Association Discussion on New Directions October 1, 2016.

Advancing Public Participation in the Audit Process

GEOSS Data Sharing Principles

Why the Multistakeholder Approach Works

Ethical questions on the use of big data in official statistics

Module 2 Key Principles of the Peer Review Programme

Quality Assurance of Assessment Arrangements

Taking the STANDARDS Seriously

NIST Privacy Framework

Joint ITU-WHO Workshop on e-Health Standards and Interoperability (Geneva, Switzerland, April 2012) Session 7 chair’s notes from session 7 open.

Presentation transcript:

NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013

Outline Brief Historical Perspective NIST’s Goals and Objectives in Cryptographic Standards Development Current Events Future Plans

Historical Perspective on Cryptographic Standards NIST published its first open, strong encryption standard in 1977 (DES) as FIPS 46 – The DES standardization process included three Federal register notices and two public workshops Since 1977, NIST’s catalog of cryptographic standards has grown into a significant suite of algorithms – All were developed in consultation with the ever growing cryptographic community

Authority, Stakeholders & Impact NIST’s statutory authority for cryptographic standards is limited to protecting the US Government’s non-national-security systems, but our stakeholders are far more diverse – Voluntarily adopted within the public and private sectors Widespread support for these standards has benefited all participating communities – Increased interoperability – Widespread availability of security products – Reduced cost

NIST Goals, Objectives, and Role Ensure specifications are technically sound and have full confidence of the community – Ongoing process, since Moore’s Law and mathematical advances constantly erode the security margin of current algorithms To achieve this, we strive for a public, inclusive, and transparent process NIST’s role is balancing stakeholder needs as a technically competent and impartial player

NIST Process Since 1976, NIST has used a variety of processes to develop cryptographic standards and guidelines, including: – International competitions, – Adoption of existing standards, and – Development of new cryptographic specifications in collaboration with industry, academia, and government. To achieve inclusiveness and transparency – Public workshops – Solicit public feedback on draft standards and guidelines, and – Actively engage the cryptographic community.

Recent Events Recent news reports have created concern from the cryptographic community and other stakeholders about the security of NIST cryptographic standards and guidelines – “N.S.A. Able to Foil Basic Safeguards of Privacy on Web” (NYT, 9/5/13) “N.S.A. Able to Foil Basic Safeguards of Privacy on Web” (NYT, 9/5/13) – “How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA (WIRED 9/24/13) “How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA (WIRED 9/24/13) NIST reopened the public comment on SP A and two related draft documents, and strongly recommended that users stop using Dual_EC_DRBG. – "NIST Reopens Draft Special Publication for Random Number Generation Using [DRBGs] for Review and Comment" (NIST 9/13) "NIST Reopens Draft Special Publication for Random Number Generation Using [DRBGs] for Review and Comment" (NIST 9/13) – IAB Comment on NIST Recommendation for Random Number Generation (IAB, 10/13) IAB Comment on NIST Recommendation for Random Number Generation (IAB, 10/13)

Process Review & Update Document and publish NIST process Invite public comment on NIST process Independent evaluation to review the process ands to suggest improvements NIST will update process as necessary to: – Maximize openness and transparency – Support the development of the most secure, trustworthy guidance practicable – Maintain confidence of all stakeholders

Review of Existing Work NIST will also review existing body of cryptographic work and the process through which it was developed NIST will invite new public comments and/or withdraw standards or guidance if appropriate

In Conclusion The NIST cryptographic standards process is founded on the same principles as the IETF process. The NIST process is the most inclusive cryptographic standards process, with global participation from the cryptographic community. It is essential to identify and incorporate those process changes that will allow NIST to continue effectively serving the global community. IETF participants can be an important voice in this process.

How Can IETFers Contribute? When the public comment period for the NIST process is announced, offer your perspective – Are there features that are not present (or not consistently present) in NIST process that would ensure openness or promote transparency? To be effective, what are the critical attributes for the independent evaluation panel? What should be the scope of their review?

Questions?