|
 |
 |
Trustworthy Networking |
 |
Internet Infrastructure Protection:
Work with DHS, DoD and IETF to expedite the development and foster the
deployment of new security technologies to protect the Internet infrastructure.
Our current focus is on:
Internet naming security (DNSSec),
BGP Security and Routing Robustness, and
Deployment of IPv6 Protocols
Keywords: IPsec/IKE, use of AES in internet protocols, DNS security, BGP security, NIIST simulation
framework, Cerberus/PlutoPlus, IPv6, Government
IPv6 Profiles, Security Guidelines.
|
|
|
Public
Safety Communications
Develop network simulation and channel propagation models to evaluate network technologies considered for public safety communications; develop measurement methods and tools to characterize and improve the quality of public safety voice and video applications; develop and evaluate indoor localization techniques.
Keywords: Project 25, 700 MHz band,video quality, mine mesh networks, RFID measurement, indoor localization. |
|
|
Networking for Pervasive IT
Assist Industry in developing standards for seamless and secure mobility, and for the use of wireless communications in healthcare applications and environments; develop measurement methods and algorithms to facilitate the standardization and adoption of wireless ad hoc networks.
Some of the work mentioned above is developed in the context of the Information Technology Laboratory, Pervasive IT Program.
Keywords: mobile ad-hoc networks, handover, QoS, telemedicine, IEEE 802, IETF. |
|
Complex Systems |
|
Measurement Science for Complex Information Systems:
Develop modeling and analysis methods to understand relationships among
parameters and responses in large distributed systems, such as
communications networks, computing grids and service-oriented
architectures. Develop and refine methods to model large systems in
computationally feasible form, where the number of system variables and
responses become manageable. Construct abstract Markov models simulating
large systems, and subject those models to perturbation-analysis to
predict potential failure modes. Develop an analytical framework to
understand relationships among pricing, admission control and scheduling
for resource allocation in computing clusters. Develop interactive
software for visualizing voluminous, multidimensional data sets
generated from simulating large distributed systems. Characterize the
limitations of existing fluid-approximation models of communications
networks and construct improved analytical models of such networks.
Keywords: cluster analysis, correlation analysis, fluid-flow modeling,
interactive multidiminesional data analysis, Markov modeling, mean-field
approximation, mesoscopic modeling, orthogonal fractional factorial
design, perturbation analysis, principal components analysis,
sensitivity analysis, state-space reduction |
|
Emerging Technologies |
|
Quantum Information Networks:
Investigate engineering and measurement issues for quantum information networks, implement and test quantum cryptographic
algorithms/quantum key distribution systems.
Keywords: quantum communication, cryptography & key distribution (QKD), BB84, free space optics, photon source/dectors,
entangled photons, quantum repeaters. |
|
| |
 |
| Check out our Past Research Areas |
|
|
|
 |
|
Revision for Secure Domain Name System (DNS) Deployment Guide
March 2009 - NIST has drafted an update to the “Secure Domain Name System (DNS) Deployment Guide” (NIST Special Publication 800-81 Rev 1),the key Secure DNS guidance document for civilian agencies. This revision proposes stronger cryptographic algorithms and keys to provide more resilience against attack. The revised publication incorporates comments from the Internet Engineering Task Force that are to update best practices and checklists in the document. The latest version of the deployment guide includes cook-book configuration instructions for a second commonly deployed DNS server implementation, NDS, in addition to those for BIND. The document is available on the Web at http://csrc.nist.gov/publications/drafts/800-81-rev1/NIST_SP-800-81-Rev1_draft.pdf. Federal agencies, private organizations and individuals are invited to review the draft guidelines, submitting comments to SecureDNS@nist.gov before March 31, 2009.
Contact: Scott Rose (scott.rose@nist.gov)
ANTD assists in the completion of the IEEE 802.21 Media Independent Handovers (MIH) standard specifications.
January 2009 - The IEEE 802.21 standard was published on January 21, 2009. This is the final realization of a multi-year project to standardize a media independent handover protocol. The scope of this new standard is to define mechanisms that enable handover optimizations between heterogeneous networks such as IEEE 802 and cellular networks. NIST staff played an important role in the standard development process by providing key technical contributions and quantitative evaluations for several proposals considered by the working group. Furthermore, David Cypher from NIST assumed the role of technical editor of the specifications.
NIST continues its efforts towards the development of secure and scalable network mobility services by participating in the IEEE 802.21 security task group and in the Internet Engineering Task Force. The publication of the IEEE 802.21 standard specifications coincides with the final approval of an Internet Engineering Task Force draft co-authored by Nada Golmie from NIST on transporting the IEEE 802.21 information within an IP network.
For more information, please visit the Seamless and Secure Mobility project page at http://www.antd.nist.gov/seamlessandsecure.shtml or contact, Nada Golmie, x4190 or David Cypher, X4885.
Profile Lays Out Roadmap for Government Acquisition of IPv6 Technologies
October 2008 - The National Institute of Standards and Technology (NIST) has published version
1 of a standards profile to support government agencies as they implement Internet Protocol Version 6 (IPv6). IPv6 is the next-generation communication standard that defines how all data (text, voice and video) will move across the future Internet. Still under development, IPv6 will solve a looming problem-the exhaustion of the pool of available "addresses" for Internet-connected devices under the current protocol, IPv4.
NIST developed the profile to help ensure that IPv6-enabled federal information systems are interoperable, secure and able to coexist with the current IPv4 systems. Called A Profile for IPv6 in the U.S. Government - Version 1.0, the profile recommends technical standards for common network devices, such as hosts, routers, firewalls and intrusion detection systems. It also outlines the compliance and testing programs that NIST will be establishing to ensure that IPv6-enabled federal information systems work securely with existing IPv4 systems.
NIST also posted a document entitled "USGv6 Version 1 Frequently Asked Questions" to answer commonly asked questions about the scope and purpose of the profile and how it relates to other profile and test efforts, including those of the Department of Defense and IPv6 Forum.
The publications are available at: http://www.antd.nist.gov/usgv6/profile.html
Spring DNSSEC Policy-to-Practice Workshop Held at NIST:
May 2008 -- The DNSSEC Deployment Initiative held a hands-on, policy-to-practice
workshop for U.S. government DNS operators May 15-16 at the NIST campus
in Gaithersburg, Maryland. There were 15 participants from 11 different
organizations present, and the workshop was conducted by members of ITL
and Sparta Inc contractors. Attendees learned how to deploy DNSSEC to
meet the Federal Information Security Management Act (FISMA) security
controls. At least one participant is continuing their deployment
through an active delegation in the Secure Naming Infrastructure (SNIP)
pilot domain. The SNIP and hands-on workshops are part of the DNSSEC
Deployment Initiative sponsored by the Department of Homeland Security
Science and Technology Directorate (DHS S&T). Another workshop is
tentatively scheduled for fall of 2008. More information can be found
at http://www.dnsops.gov/training.html
Contact:Scott Rose (scott.rose@nist.gov)
Announcing DRAFT NIST SP500-267 A Profile for IPv6 in the U.S. Government -
Version 1.0 (Draft 2)
A DRAFT of NIST Special Publication 500-267, A Profile for IPv6 in the U.S.
Government - Version 1.0 (Draft 2), is now available for public comment.
This publication provides a standards profile to assist federal agencies in
developing plans to acquire and deploy products that implement Internet
Protocol version 6 (IPv6). The profile recommends IPv6 capabilities for common
network devices, including hosts, routers, intrusion detection systems, and
firewalls, and includes a selection of IPv6 standards and specifications
needed to meet the minimum operational requirements of most federal agencies.
Additional details on downloading the draft special publication and the
process for submitting comments can be found here:
http://www.antd.nist.gov/usgv6
Domain Name System Security (DNSSEC) Policy to Practice Workshop for USG DNS
Operators
NIST, in collaboration with Sparta, DHS and the dnssec-deployment.org
initiative, with host a hands-on, policy-to-practice, workshop for USG DNS
operators October 24 and 25, 2007 at NIST. The workshop is aimed to help
USG network operators understand, pilot and deploy DNSSEC technologies in
accordance with recent NIST technical guidance and FISMA policies.
Participants will be lead through hands-on tutorials on the technologies,
tools, policies and practices necessary for successful DNSSEC deployment in
.gov domains. As part of the workshop, participants will establish pilot
domains in the Secure Naming Infrastructure Pilot (SNIP) testbed
(http://www.dnsops.gov).
It is envisioned that USG DNS operators will
continue to participate in the on-going SNIP testbed activities following the
workshop.
USG DNS Operators, and DNSSEC technology vendors wishing to participate in the
workshop, and the SNIP testbed activities to follow, should contact
snip-workshop@antd.nist.gov for
further details and to register to participate.
In December 2006, the U.S. National Institute of Standards and Technology
(NIST) released
Special Publication 800-53, Revision 1, Recommended Security
Controls for Federal Information Systems. This guidance includes a plan for
staged deployment of DNSSEC technology within federal IT systems, and
specifies the mandatory minimum DNS security controls necessary to comply with
Federal Information Processing Standards (FIPS) required by the FISMA
legislation.
A draft revision of Special Publication 800-53A Guide for
Assessing the Security Controls in Federal Information Systems that addresses
corresponding DNSSEC assessment guides is currently under development.
Contact:snip-workshop@antd.nist.gov
|
| News Archive
|
|
