30 September 1997
Source: P. J. Ponder

Date: Tue, 30 Sep 1997 19:06:47 -0400 (EDT)
From: "P.J. Ponder" <ponder@wane-leon-mail.scri.fsu.edu>
To: jya@pipeline.com
Subject: ITL Bulletin for September 1997 (fwd)

---------- Forwarded message ----------
Date: Mon, 29 Sep 1997 15:04:53 -0400 (EDT)
From: Elizabeth Lennon <lennon@email.nist.gov>
To: Multiple recipients of list <itl-bulletin@nist.gov>
Subject: ITL Bulletin for September 1997


This bulletin provides an update on cryptography standards and the
infrastructures that are being developed to support the use of
cryptography by the federal government in protecting the
confidentiality and integrity of information.

Cryptography is an important tool for protecting information in
increasingly open and interconnected information networks and
systems.  The cryptographic standards and validation programs
developed by the National Institute of Standards and Technology
(NIST) help agencies to design, integrate, and use systems with
cryptographic controls.  Currently NIST is reviewing existing
cryptographic standards, soliciting ideas for new standards, and
working with industry and government organizations to develop the
infrastructures needed to support the effective use of

Background on Standards and Government Practices for Information

Agency Security Policies.  Overall policies on the government’s
information security practices are established by the Office of
Management and Budget’s Appendix III, "Security of Federal
Information Systems," of Circular No. A-130, "Management of Federal
Automated Information Resources."  (See URL in For More Information
Section below).  OMB directs agencies to apply management controls,
including individual responsibility, awareness and training, and
accountability, and to use technical controls to support sound
management practices.  Agencies are advised to identify risks and
to apply risk management practices in selecting appropriate and
cost-effective controls.   

NIST’s Role.  Under the Information Technology Management Reform
Act of 1996 and the Computer Security Act (Public Law 104-106),
NIST is responsible for developing technical standards and
guidelines for federal information resources.  These standards and
guidelines are approved by the Secretary of Commerce for use
throughout the federal government to protect sensitive,
unclassified information and are issued by NIST as Federal
Information Processing Standards (FIPS).  

Use of Standards.  General policies for the use of standards by
federal organizations are provided in the Technology Transfer and
Advancement Act of 1995 (P.L.104-113).  A key provision of the Act
is that federal agencies are expected to use voluntary standards
whenever possible, to support the development of such standards,
and to avoid the creation of different standards for government and
the private sector. 

An Update on Cryptographic-Related Federal Information Processing

Both private and public sectors depend upon information technology
systems to carry out essential activities.  All organizations need
good techniques for protecting the confidentiality, integrity,
reliability, and availability of their information resources.
Systems that carry out electronic financial transactions and
electronic commerce must protect against unauthorized access to
confidential data, and unauthorized modification of data.  In
cooperation with the private sector and voluntary industry
consensus standards organizations, NIST has undertaken several
initiatives to ensure the development of high quality cryptographic
standards and services into the next century.   

Data Encryption Standard 

Background.  The Data Encryption Standard (DES), issued in 1977,
provides an encryption algorithm for protecting federal
unclassified information from unauthorized disclosure or undetected
modification during transmission or while in storage.  Based on
secret key cryptography, the standard was initially issued for
government use.  It was subsequently adopted as a voluntary
industry standard (American National Standard X3.92-1981/R1987) and
has been widely implemented by the private sector.  It is based on
the work of the International Business Machines Corporation. 

Under the provisions of the DES, NIST is required to conduct a
review every five years to determine whether the cryptographic
algorithm specified by the standard should be affirmed, revised, or
withdrawn.  The first review resulted in the reaffirmation of the
standard in 1983; the standard was again reaffirmed in 1988
following a second review; as a result of the third review, which
was completed in 1993, the DES was reaffirmed for use through 1998
as Federal Information Processing Standard (FIPS) 46-2.  It was
recognized at the time that a new encryption standard may be needed
by both government and industry after 1998.   

Strength of the DES.  The DES was developed to protect unclassified
computer data in federal computer systems against a number of
passive and active attacks in communications and computer systems.
The security provided by DES cryptographic systems depends on the
mathematical soundness of the algorithm, length of the keys, key
management, mode of operation, and implementation.  It was assumed
that people would try to attack the DES, but that their efforts
would be limited by their resources and would be commensurate with
the value of the protected information.  

Recently questions have been raised about the security and the
continued use of the DES since there have been news reports that
the DES has been broken.  The reports indicate that the method used
to break the DES was a brute force attack, involving teams of
people and tens of thousands of computers working for four months
to try all possible keys for a given encryption.  This effort
required considerable computing power to find one cryptographic key
and to decode one message.   

NIST believes that the DES used in conjunction with good key
management and modes of operation practices provides adequate
security for many applications that protect information with a
short security life.  FIPS 81 provides the specifications for the
DES Modes of Operation.

Users are advised to change cryptographic keys frequently and to
protect their keys to minimize risks.  However, users should be
aware that their sensitive information could be compromised if an
attacker is willing to put considerable resources into the effort. 

Triple DES.  A more secure method for using the DES algorithm in
three operations, called Triple DES, has been developed by the
private sector.  These operations have been documented and
specified as a draft American National Standard (ANSI X9.52) by
Accredited Standards Committee X9 for Financial Services, which
develops cryptography and public key infrastructure standards.
Federal organizations that need security beyond that provided by
the DES can use this standard.    

Development of the Advanced Encryption Standard

In January 1997, NIST announced that it would begin a multi-year
process to develop an Advanced Encryption Standard (AES) that could
replace the DES and that could be used by government and industry.
NIST believes that acceptance by both communities will promote
long-term market stability, interoperability among different
applications, and the use of high-quality security methods.
Minimum acceptability requirements for the AES and draft criteria
to evaluate candidate algorithms were circulated for review.  Many
comments were received from the private sector, and a preliminary
workshop was held in April 1997 to refine the requirements and
criteria.  A call for candidate algorithms was announced in the
Federal Register (September 12, 1997, Volume 62, Number 177, Pages
48051-48058).  (Online via GPO Access: [wais.access.gpo.gov])  

The September 12 Federal Register notice describes the planned
selection process and provides the minimum acceptability
requirements and evaluation criteria that were developed.  It is
intended that the AES will specify an unclassified, publicly
disclosed encryption algorithm available royalty-free worldwide
that is capable of protecting sensitive government information well
into the next century.  Following the close of the submission
period, NIST intends to make all submissions publicly available.
An open public conference is being planned for the summer of 1998,
at which time the submitter of each complete and proper nomination
package will be invited to publicly discuss and explain the
candidate algorithm.  Details on the selection process will be
posted on the NIST Web site listed below.

Expansion of the Digital Signature Standard 

FIPS 186, Digital Signature Standard (DSS), specifies the Digital
Signature Algorithm (DSA), which is used in conjunction with FIPS
180-1, Secure Hash Algorithm, for applications requiring the
authentication of data integrity and the identity of the signer.
FIPS 186 provides cryptographic techniques based on public key
cryptography for generating and verifying electronic signatures,
which can be used to verify the origin and contents of a message.
FIPS 180-1 specifies a Secure Hash Algorithm (SHA-1) which can be
used to generate a condensed representation of a message called a
message digest.  These techniques, which were developed for the
federal government, are also implemented in commercial products and
in use by the private sector.

NIST has requested public comments on additional signature
algorithms that the federal government could endorse to
authenticate electronic information and transactions and to assure
high levels of integrity.  NIST hopes to identify the best and most
cost-effective technologies and to expand the number of techniques
that the federal government could use for digital signatures.  The
announcement asked for comment on RSA and Elliptic Curve
Cryptography technology as potential new algorithms for digital

Key Agreement or Exchange

Cryptographic services depend on the secure generation and
distribution of keys (public and private).  Since there is no
existing FIPS in this area, a standard is needed for the design and
implementation of federal key agreement and exchange systems.  NIST
has solicited public comments on potential technologies that could
be considered for a future standard for public key-based
cryptographic key agreement and exchange.  We have specifically
asked for comments on RSA, Elliptic Curve, and Diffie-Hellman
technologies.  More than one algorithm could be specified,
consistent with sound security practices to give federal
organizations more flexibility in using cryptographic systems. 

Public Key Infrastructure (PKI)

Several activities are underway to support the development of a
public key infrastructure (PKI) which provides the means to bind
the public keys used in cryptographic functions to their owners and
to distribute keys in large heterogeneous networks.  The use of PKI
technology can help to increase confidence in electronic
transactions and allow parties without prior knowledge of each
other to conduct in verifiable transactions.  PKI technology was
described in the July bulletin issued in this series and is
available on Web pages listed below.  

PKI Pilots.  NIST is working with the Federal PKI Steering
Committee established by the Government Information Technology
Services (GITS) Board to coordinate approximately fifty PKI-related
pilot projects, and with industry groups including the Internet
Engineering Task Force PKIX Working Group and the Open Group’s
Security Program Group.  Established under Executive Order 13011,
GITS is conducting demonstration projects, pilots, and
proof-of-concept projects in support of the Administration’s
National Performance Review initiative.  

Interoperability Specifications.  In conjunction with 12 research
partners under a cooperative research and development agreement
(CRADA), NIST recently completed a Minimum Interoperability
Specification for Public Key Infrastructure Components (MISPC).
The specification provides a minimal set of features, transactions,
and data formats for various certificate management components that
make up a PKI.  NIST is developing a reference implementation of a
public key certificate authority to test interoperability and
security issues, and a specification to aid industry and government
organizations in acquiring PKI components and services. 

Related Activities   

Public Forum.  A public forum on certificate authorities and
digital signatures was held by the Department of Commerce in July
1997.  The views of the private and public sector organizations
were invited on various aspects of the public key infrastructure
related to certificate authorities and digital signatures.  Papers
resulting from this forum are available on the Web pages listed

Key Recovery.  NIST is also exploring the use of key recovery
technology through a broad agency agreement for several agency
pilots and with the help of a special advisory committee.  An
announcement was published in the Commerce Business Daily
soliciting proposals for products and services that will
demonstrate the viability of an infrastructure for key recovery.  A
Key Recovery Demonstration Project has been established involving
several government agencies to demonstrate the practicality of
techniques to recover keys used in data encryption and to identify,
test, and evaluate different key recovery products and services.
This effort supports an Administration white paper entitled
"Enabling Privacy, Commerce, Security, and Public Safety in the
Global Information Infrastructure."  A technical advisory committee
to develop a FIPS for the federal key management infrastructure has
been established to provide industry advice on encryption key
recovery for use by federal government agencies. 

Use of FIPS 140-1 Products  

FIPS 140-1, Security Requirements for Cryptographic Modules,
specifies the overall requirements for the modules that implement
cryptographic algorithms and methods.  Eleven areas related to the
design and implementation of cryptographic modules are specified in
FIPS 140-1, which is a framework for all other NIST cryptographic
standards.  A testing program has been established to validate
cryptographic modules and provide a measure of confidence to users
and vendors that the standards are correctly implemented.  This
effort is carried out under the auspices of the National Voluntary
Laboratory Accreditation Program (NVLAP), and in cooperation with
the Communications Security Establishment (CSE) of the Government
of Canada. 

When issued in 1994, the standard provided for a transition period
during which agencies could acquire products that conformed to an
earlier standard.  The transition period ended this year, and now
federal agencies are required to purchase equipment that has been
validated for conformance to FIPS 140-1.  

Information about the validation testing and validated products is
available on Web pages listed at the end of this bulletin.
Agencies wishing to use other than FIPS-approved cryptographic
algorithms to encrypt unclassified information or to apply digital
signatures must waive the applicable FIPS.


As the use of information technology expands rapidly, the need for
high-quality security techniques and cryptographic services
increases.  NIST is working with government and industry
organizations to make these services and the infrastructure
elements needed for their delivery readily available.  

For More Information

For access to Office of Management and Budget Circular A130:

For information about pilot tests using public key technology,

 	The Public Key Infrastructure Steering Committee
	1425 New York Avenue, NW  
	Suite C-126
	Washington, DC 20220
	Phone - (202) 622-1552
	FAX -   (202) 622-9147
For information about the activities of NIST’s Computer Security
Division:  http://www.itl.nist.gov/div893/

For information about computer security resources, bulletins,
public key management, and other issues:   http://csrc.nist.gov/

For access to public submissions on certification authorities and
digital signatures:  http://csrc.nist.gov/ecforum/

For information about products that have been validated for
conformance to Federal Information Processing Standards: