Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013.

Published byTristen Nelms Modified over 9 years ago

Similar presentations

Presentation on theme: "NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013."— Presentation transcript:

1 NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013

2 Outline Brief Historical Perspective NIST’s Goals and Objectives in Cryptographic Standards Development Current Events Future Plans

3 Historical Perspective on Cryptographic Standards NIST published its first open, strong encryption standard in 1977 (DES) as FIPS 46 – The DES standardization process included three Federal register notices and two public workshops Since 1977, NIST’s catalog of cryptographic standards has grown into a significant suite of algorithms – All were developed in consultation with the ever growing cryptographic community

4 Authority, Stakeholders & Impact NIST’s statutory authority for cryptographic standards is limited to protecting the US Government’s non-national-security systems, but our stakeholders are far more diverse – Voluntarily adopted within the public and private sectors Widespread support for these standards has benefited all participating communities – Increased interoperability – Widespread availability of security products – Reduced cost

5 NIST Goals, Objectives, and Role Ensure specifications are technically sound and have full confidence of the community – Ongoing process, since Moore’s Law and mathematical advances constantly erode the security margin of current algorithms To achieve this, we strive for a public, inclusive, and transparent process NIST’s role is balancing stakeholder needs as a technically competent and impartial player

6 NIST Process Since 1976, NIST has used a variety of processes to develop cryptographic standards and guidelines, including: – International competitions, – Adoption of existing standards, and – Development of new cryptographic specifications in collaboration with industry, academia, and government. To achieve inclusiveness and transparency – Public workshops – Solicit public feedback on draft standards and guidelines, and – Actively engage the cryptographic community.

7 Recent Events Recent news reports have created concern from the cryptographic community and other stakeholders about the security of NIST cryptographic standards and guidelines – “N.S.A. Able to Foil Basic Safeguards of Privacy on Web” (NYT, 9/5/13) “N.S.A. Able to Foil Basic Safeguards of Privacy on Web” (NYT, 9/5/13) – “How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA (WIRED 9/24/13) “How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA (WIRED 9/24/13) NIST reopened the public comment on SP 800-90A and two related draft documents, and strongly recommended that users stop using Dual_EC_DRBG. – "NIST Reopens Draft Special Publication for Random Number Generation Using [DRBGs] for Review and Comment" (NIST 9/13) "NIST Reopens Draft Special Publication for Random Number Generation Using [DRBGs] for Review and Comment" (NIST 9/13) – IAB Comment on NIST Recommendation for Random Number Generation (IAB, 10/13) IAB Comment on NIST Recommendation for Random Number Generation (IAB, 10/13)

8 Process Review & Update Document and publish NIST process Invite public comment on NIST process Independent evaluation to review the process ands to suggest improvements NIST will update process as necessary to: – Maximize openness and transparency – Support the development of the most secure, trustworthy guidance practicable – Maintain confidence of all stakeholders

9 Review of Existing Work NIST will also review existing body of cryptographic work and the process through which it was developed NIST will invite new public comments and/or withdraw standards or guidance if appropriate

10 In Conclusion The NIST cryptographic standards process is founded on the same principles as the IETF process. The NIST process is the most inclusive cryptographic standards process, with global participation from the cryptographic community. It is essential to identify and incorporate those process changes that will allow NIST to continue effectively serving the global community. IETF participants can be an important voice in this process.

11 How Can IETFers Contribute? When the public comment period for the NIST process is announced, offer your perspective – Are there features that are not present (or not consistently present) in NIST process that would ensure openness or promote transparency? To be effective, what are the critical attributes for the independent evaluation panel? What should be the scope of their review?

12 Questions?

Download ppt "NIST Cryptographic Standards Process Review Tim Polk NIST November 7, 2013."

Similar presentations

Establishing a New Accreditation Program in the U.S.

Establishing a New Accreditation Program in the U.S.
ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
GEOSS Data Sharing Principles. GEOSS 10-Year Implementation Plan 5.4 Data Sharing The societal benefits of Earth observations cannot be achieved without.

GEOSS Data Sharing Principles. GEOSS 10-Year Implementation Plan 5.4 Data Sharing The societal benefits of Earth observations cannot be achieved without.
Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.

Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.
1. PUBLIC PARTICIPATION WATER USER ASSOCIATION BACKGROUND The Constitution of the Republic of South Africa requires the institutions of the state to.

1. PUBLIC PARTICIPATION WATER USER ASSOCIATION BACKGROUND The Constitution of the Republic of South Africa requires the institutions of the state to.
 Plan, develop, and distribute course calendars, rules, and materials  Document enrollment, participation, and communications  Inform learners of progress.

 Plan, develop, and distribute course calendars, rules, and materials  Document enrollment, participation, and communications  Inform learners of progress.
Interoperability Roadmap Comments Package Implementation, Certification, and Testing (ICT) Workgroup February 13, 2015 Liz Johnson, co-chair Cris Ross,

Interoperability Roadmap Comments Package Implementation, Certification, and Testing (ICT) Workgroup February 13, 2015 Liz Johnson, co-chair Cris Ross,
ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.
INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.

INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.
OpenStand and IEEE 802 Konstantinos Karachalios Managing Director, IEEE-SA 17 November 2012.

OpenStand and IEEE 802 Konstantinos Karachalios Managing Director, IEEE-SA 17 November 2012.
International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.
Architecture Decision Group Group Organization & Processes April 7, 2015 | Tuesday.

Architecture Decision Group Group Organization & Processes April 7, 2015 | Tuesday.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
April 29 2008 Amman, Jordan DoHoon KIM Senior Research Fellow Korea Institute for Industrial Economics and Trade.

April Amman, Jordan DoHoon KIM Senior Research Fellow Korea Institute for Industrial Economics and Trade.
Legal Agreements and Policy Work Group Co-facilitators: Linda Attarian and Jill Moore Dial: 1-866-427-0083 Enter room#: *8041709* (don’t forget the asterisks.

Legal Agreements and Policy Work Group Co-facilitators: Linda Attarian and Jill Moore Dial: Enter room#: * * (don’t forget the asterisks.
Second Independent Evaluation Roles / Responsibilities & Relationships.

Second Independent Evaluation Roles / Responsibilities & Relationships.
Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.

Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.
OPTIONS AND REQUIREMENTS FOR ENGAGEMENT OF CIVIL SOCIETY IN GEF PROJECTS AND PROGRAMMES presented by Faizal Parish Regional/Central Focal Point GEF NGO.

OPTIONS AND REQUIREMENTS FOR ENGAGEMENT OF CIVIL SOCIETY IN GEF PROJECTS AND PROGRAMMES presented by Faizal Parish Regional/Central Focal Point GEF NGO.
Accreditation and Proficiency Testing. APT Subcommittee MembershipMeeting Activities 21 members, 15 non- Commissioners Representation: Accreditation bodies.

Accreditation and Proficiency Testing. APT Subcommittee MembershipMeeting Activities 21 members, 15 non- Commissioners Representation: Accreditation bodies.
Guiding principles for the Federal acquisition system

Guiding principles for the Federal acquisition system

Similar presentations

Ads by Google