|
|
|
CULTIVATING TRUST IN IT AND METROLOGY
|
|
|
|
|
|
|
From agriculture, to manufacturing, to our homes, to healthcare, and beyond, technology is advancing towards ‘smart’ and ‘smarter’ systems. Generally speaking, ‘smart’ technology refers to numerous sensory devices working together through larger infrastructures. Rapid advances in computer science, software engineering, systems engineering, networking, sensing, communication, and artificial intelligence are not only evolving – they are also converging.
Historically, there has been little in the way of formal, analytic, or even descriptive information about the building blocks that govern the operation, trustworthiness, and life cycle of Internet of Things (IoT). A composability model and vocabulary that defines principles common to most, if not all networks of things, is needed to address the question: "What is the science, if any, underlying IoT?" NIST Special Publication (SP) 800-183, Networks of ‘Things,’ offers an underlying and foundational science to IoT that is based on a belief that IoT involves sensing, computing, communication, and actuation.
|
|
|
|
 Aerial drones might someday deliver online purchases to your home. But in some prisons, drone delivery is already a thing. Drones have been spotted flying drugs, cell phones and other contraband over prison walls, and in several cases, drug traffickers have used drones to ferry narcotics across the border. (Picture credit: Shutterstock)
If those drones are captured, investigators will try to extract data from them that might point to a suspect. But there are many types of drones, each with its own quirks, and that can make data extraction tricky. It would help if investigators could instantly conjure another drone of the same type to practice on first, and while that may not be possible, they can now do the next best thing: download a “forensic image” of that type of drone.
|
 Organizations worldwide stand to lose an estimated $9 billion in 2018 to employees clicking on phishing emails. We hear about new phishing attacks regularly from the news and from our friends. So why DO so many people still click? NIST research has uncovered one reason, and the findings could help CIOs mount a better defense. (Picture credit: Shutterstock)
|
 |
|
This summer ITL hosted 28 undergraduate students from 21 colleges and universities in the annual SURF program. Students conducted research in cybersecurity, biometrics, mathematics, statistics, software, and information access. Students concluded the program by giving a scientific talk on their research. |
|
|
|
|
 APPLIED CYBERSECURITY DIVISION
Kevin Stine, Chief
The Applied Cybersecurity Division (ACD)—one of seven technical divisions in NIST’s Information Technology Laboratory—implements practical cybersecurity and privacy through outreach and effective application of standards and best practices necessary for the U.S. to adopt cybersecurity capabilities. (Picture credit: NIST)
ACD is known for: establishing cybersecurity standards and guidelines in an open, transparent, and collaborative way; cybersecurity testing and measurement (from developing test suits and methods to validating cryptographic modules); and applied cybersecurity—which applies NIST’s research, standards, and testing and measurement work.
|
|
|
|
|
Congratulations to
the following ITL Award winners:
The Outstanding
Contribution, for contributions to design, analysis, standards,
prototyping, and measurement of new technologies to improve the Robustness of
Internet Inter-Domain Routing: Oliver Borchert, Lilia Hannachi, Okhee Kim, Kyehwan Lee, Doug
Montgomery, and Kotikalapudi Sriram.
The Outstanding
Administrator, for improving the visibility of ITL’s cybersecurity program
to diverse stakeholders with new and innovative communications approaches: Kristina Rigopoulos
The Outstanding
Technology Transfer, for enabling widespread use of micromagnetic modeling
to enhance U.S. innovation in research and product development: Michael Donahue and Donald Porter
The Outstanding
Standards Document, for design and specification of the BGPsec protocol and
leading the publication of the International Standard “BGPsec Protocol
Specification,” IETF RFC 8205: Kotikalapudi Sriram and Doug Montgomery
The Outstanding
Journal Publication, for outstanding scholarship in the journal paper
“Estimating yield-strain via deformation-recovery simulations.”: Paul N. Patrone, Samuel Tucker, and Andrew
Dienstfrey
The Outstanding
Associate, for his dedication and outstanding contribution to the Cloud
Program, Internet of Things (IoT) Program, the ITL Platform for Network
Innovation (PNI) and many more: Charif Mahmoudi
The Outstanding
Conference Proceedings, for their outstanding work that resulted in a high-quality
conference proceedings paper accepted for presentation and publication at a
highly selective conference: NDN-Trace: A Path Tracing Utility for Named Data
Networking, Proceedings of the 4th ACM Conference on Information-Centric
Networking, Berlin, Germany, September 26-28, 2017: Siham Khoussi, Davide Pesavento, Lotfi Benmohamed, and
Abdella Battou
The ITL Diversity
Award, for serving as a tireless advocate of diversity and inclusion of
under-represented groups in science, technology, engineering and mathematics: Fern Hunt
|
|
|
|
Bootstrap method versus analytical approach
for estimating uncertainty of measure in ROC analysis on large datasets
(NISTIR 8218)
The nonparametric two-sample bootstrap is employed to
estimate uncertainties of statistics of interest in receiver operating
characteristic (ROC) analysis on large datasets with/without data dependency
due to multiple use of the same subjects in many disciplines, based on our
studies of bootstrap variability. On the other hand, it would seem that the
analytical method might be used for the same purpose. However, comparing these
two methods, the differences are noteworthy. (1) The bootstrap method takes
account of how genuine scores and impostor scores are distributed, which is
associated with how the matching system works; but the analytical method does
not. (2) If datasets involve data dependency, the bootstrap method can take it
into account; but the analytical method cannot. (3) The covariance term that
occurred in the speaker recognition evaluations while estimating the standard
error of the measure can be taken into account intrinsically by the bootstrap
method; but it is very hard to estimate analytically. (4) The analytical method
generally underestimates the uncertainties of statistics of interest; but the
bootstrap method estimates them more conservatively. To demonstrate these
observations, the data used in this article were generated from a variety of
sources: speaker recognition evaluations, biometrics evaluations, simulated
data with normal distributions, and simulated data with nonparametric
distributions.
Guidance for Evaluating Contactless
Fingerprint Acquisition Devices (NIST Special Publication 500-305)
This document details efforts undertaken by the National
Institute of Standards and Technology (NIST) to develop measurements and a
protocol for the evaluation of contactless (touchless) fingerprint acquisition
devices. Contactless fingerprint capture differs fundamentally from legacy
contact fingerprinting methods and poses novel problems for image quality
evaluation and challenges relative to interoperability with contact
fingerprints that populate large repositories maintained by law enforcement and
Federal Government organizations. For contact acquisition, the fingerprint
impression is a first-order transfer of the 3D friction ridge structure to the
recording surface. The third dimension of the curved finger surface is
effectively removed by pressure against the planar recording surface. The 3D
topography of the ridges and furrows are transferred with low ambiguity to the
recording surface as dark ridges (points of contact) and lighter furrows
(lesser or no contact). Contactless images by comparison, in most cases, are
third-order renderings of an original photographic representation, itself a 2D
optical projection of the 3D structure of the finger. The appearance of this
projection is subject to variability as low- or moderately-controlled lighting
interacts with the 3D geometry of the finger, the friction ridge structure
superimposed on the finger, and the geometry of the presentation of the finger
to the contactless device. The photograph must then be subjected to various
image processing methods to infer the ridge structure for rendering as a
fingerprint similar in appearance to legacy contact captures. The rendering
process is the source of numerous errors relative to contact captures. Despite
problems with image quality, this early study finds contactless fingerprints of
the devices examined to be usable in some applications, with qualifications,
including one- to-many matching against small databases.
Guidelines for the Use of PIV Credentials
in Facility Access (NIST Special Publication 800-116rev1)
This document provides best practice guidelines for
integrating the PIV Card with the physical access control systems (PACS) that
authenticate the cardholders in federal facilities. Specifically, this document
recommends a risk-based approach for selecting appropriate PIV authentication
mechanisms to manage physical access to federal government facilities and
assets.
Identity and Access Management for Electric Utilities
(NIST
Special Publication 1800-2)
To
protect power generation, transmission, and distribution, energy companies need
to control physical and logical access to their resources, including buildings,
equipment, information technology (IT), and operational technology (OT). They
must authenticate authorized individuals to the devices and facilities to which
they are giving access rights with a high degree of certainty. In addition,
they need to enforce access control policies (e.g., allow, deny, inquire
further) consistently, uniformly, and quickly across all their resources. This
project resulted from direct dialog among NCCoE staff and members of the
electricity subsector, mainly from electric power companies and those who
provide equipment and/or services to them. The goal of this project is to
demonstrate a converged, standards-based technical approach that unifies
identity and access management (IdAM) functions across OT networks, physical access
control systems (PACS), and IT systems. These networks often operate
independently, which can result in identity and access information disparity,
increased costs, inefficiencies, and loss of capacity and service delivery
capability. This guide describes our collaborative efforts with technology
providers and electric utility stakeholders to address the security challenges
energy providers face in the core function of IdAM. It offers a technical
approach to meeting the challenge and incorporates a business value mind-set by
identifying the strategic considerations involved in implementing new
technologies. This NIST Cybersecurity Practice Guide provides a modular, open,
end-to-end example solution that can be tailored and implemented by energy
providers of varying sizes and sophistication. It shows energy providers how we
met the challenge using open source and commercially available tools and
technologies that are consistent with cybersecurity standards.
NIST
Big Data Interoperability Framework: Vol. 1, Definitions, Revision 1 (NIST Special Publication 1500-1r1)
Data is a term used to describe the large amount of data
in the networked, digitized, sensor-laden, information-driven world. The growth
of data is outpacing scientific and technological advances in data analytics. Opportunities
exist with Big Data to address the volume, velocity and variety of data through
new scalable architectures. To advance progress in Big Data, the NIST Big Data
Public Working Group (NBD-PWG) is working to develop consensus on important,
fundamental concepts related to Big Data. The results are reported in the NIST
Big Data Interoperability Framework (NBDIF) series of volumes. This volume,
Volume 1, contains a definition of Big Data and related terms necessary to lay
the groundwork for discussions surrounding Big Data.
NIST
Special Database 301: Nail to Nail Fingerprint Challenge Dry Run (NIST
Technical Note 2002)
In April 2017, the Intelligence Advanced Research
Projects Activity (IARPA) held a dry run for the data collection portion of its
Nail to Nail (N2N) Fingerprint Challenge. This data collection event was
designed to ensure that the real data collection event held in September 2017
would be successful. To this end, real biometric data from unhabituated
individuals needed to be collected. The National Institute of Standards and
Technology (NIST), on behalf of IARPA, has released a dataset of the biometric
images obtained during the N2N Fingerprint Challenge dry run data collection.
The image distribution, entitled Special Database 301 (SD 301), can be freely
downloaded from the NIST website.
Securing
Wireless Infusion Pumps in Healthcare Delivery Organizations (NIST
Special Publication 1800-8)
Medical devices, such as infusion pumps, were once
standalone instruments that interacted only with the patient or medical
provider. However, today’s medical devices connect to a
variety of healthcare systems, networks, and other tools within a healthcare
delivery organization (HDO). Connecting devices to point-of-care medication
systems and electronic health records can improve healthcare delivery
processes; however, increasing connectivity capabilities also creates cybersecurity
risks. Potential threats include unauthorized access to patient health
information, changes to prescribed drug doses, and interference with a pump’s function.
Shape
Analysis, Lebesgue Integration and Absolute Continuity Connections
(NISTIR 8217)
As shape analysis of the form presented in Srivastava and
Klassen’s textbook “Functional
and Shape Data Analysis” is intricately related to
Lebesgue integration and absolute continuity, it is advantageous to have a good
grasp of the latter two notions. Accordingly, in these notes we review basic
concepts and results about Lebesgue integration and absolute continuity. In particular,
we review fundamental results connecting them to each other and to the kind of
shape analysis, or more generally, functional data analysis presented in the
aforemetioned textbook, in the process shedding light on important aspects of
all three notions. Many well-known results, especially most results about
Lebesgue integration and some results about absolute continuity, are presented
without proofs. However, a good number of results about absolute continuity and
most results about functional data and shape analysis are presented with
proofs. Actually, most missing proofs can be found in Royden’s “Real Analysis” and Rudin’s
“Principles of Mathematical Analysis” as it is on these textbooks and Srivastava and Klassen’s textbook that a good portion of these notes are based.
However, if the proof of a result does not appear in the aforementioned
textbooks, nor in some other known publication, or if all by itself it could be
of value to the reader, an effort has been made to present it accordingly.
Voices of First Responders – Identifying
Public Safety Communication Problems (NISTIR 8216)
The public safety community is in the process of
transitioning from the use of land mobile radios to a technology ecosystem
including a variety of broadband data sharing platforms. Successful deployment
and adoption of new communication technology relies on efficient and effective
user interfaces based on a clear understanding of first responder needs,
requirements and contexts of use. The project employs a two-phased data
collection approach for an in-depth look at the population of first responders,
along with their work environment, their tasks, and their communication needs.
This report documents the data collection of Phase 1 and the first iteration of
data analysis. Phase 1, the qualitative component, focuses on interviews with
approximately 240 first responders (law enforcement, fire fighters, emergency
medical services, communications/dispatch) across the country. Results include:
approximately 90 user needs and requirements expressed by first responders;
five categories of technology opportunities; six principles for technology
development; and the role of trust in usage of communication technology.
|
|
|
|
SEPTEMBER - OCTOBER
|
September
19
Named Data Networking Community Meeting 2018
|
|
|
|
October
18
Controlled Unclassified Information Security Requirements Workshop
|
|
|
October
18
Safeguarding Health Information: Building Assurance through HIPAA Security - 2018
|
|
|
|
|
|
|
|
