|
CSRC
Homepage
CSRC Site Map
Search
CSRC:
CSD
Publications:
- Draft Publications
- Special
Publications
- FIPS Pubs
- ITL Security
Bulletins
- NIST IRs
CSD
Focus Areas:
- Cryptographic Standards
& Application
- Security Testing
- Security Research
/
Emerging
Technologies
- Security Management
&
Assistance
General
Information:
- Site
Map
- List of Acronyms
- Archived Projects
&
Conferences
- Virus Information
- National Vulnerability
Database
NIST's
National
Vulnerability Database:
|
|
- The NIST IPsec Project is
concerned with providing authentication, integrity and confidentiality
security services at the Internet (IP) Layer, for both the current IP
protocol (IPv4) and the next generation IP protocol (IPv6). Current
efforts are concentrated on IPv4 because of the high level of interest
in fielding Internet security technology as rapidly as possible. Implementing
IPsec requires modifications to the system's communications routines
and a new systems process that conducts secret key negotiations.
IPsec Testing Site
- Following a need expressed
in the IETF for an Interoperability Test System for Internet Security
Protocols, NIST Internetworking Technologies Group has developed a test
system, based on our in-house implementation of IPsec, Cerberus, and
with a WorldWideWeb interface (this one). NIST Systems and Network Security
Group has developed a reference implementation of the IPsec Key Negotiation
System (Internet Key Exchange, or IKE), and added Key Negotiation test
cases. NIST's IKE implementation is called PlutoPlus. The implementations,
and the tester, currently exploit IPV4, but the intention is to provide
an IPV6 version quite soon, at which time both versions of the tester
will be available in parallel.
- One of the most challenging
problems in managing large networked systems is the complexity of security
administration. Today, security administration is costly and prone to
error because administrators usually specify access control lists for
each user on the system individually. Role based access control (RBAC)
is a technology that is attracting increasing attention, particularly
for commercial applications, because of its potential for reducing the
complexity and cost of security administration in large networked applications.
- Mobile agents are autonomous
software entities that can halt their execution, transport themselves
to another agent-enabled host on the network, and continue their execution
on the new host, deciding where to go and what to do along the way.
Mobile agents are goal-oriented, adaptive, can communicate with other
agents, and can continue to operate even after the machine that launched
them has been removed from the network.
Security Metrics
- The protection of information
systems continues to grow in importance as connectivity and interdependence
increase. Determining how well we are protecting these assets, however,
is difficult, because there are no commonly accepted approaches to measuring
security. Metrics are needed to help us evaluate and improve the effectiveness
of information systems security and to communicate to decision and policy
makers about the state of security of information technology systems.
NIST/ITL is involved in several related efforts on the development of
security metrics:
- The three primary goals
were: (a) to develop a battery of statistical tests to detect non-randomness
in binary sequences constructed using random number generators and pseudo-random
number generators utilized in cryptographic applications, (b) to produce
documentation and a software implementation of these tests, and (c)
to provide guidance in the use and application of these tests.
Last
updated:
January 4, 2005
Page created: February 23, 2001
|