go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

 CSRC Homepage
 CSRC Site Map

   Search CSRC:

 CSD Publications:
   - Draft Publications
   - Special Publications
   - FIPS Pubs
   - ITL Security Bulletins
   - NIST IRs

 CSD Focus Areas:
   - Cryptographic Standards
       & Application
   - Security Testing
   - Security Research /
       Emerging Technologies
   - Security Management
       & Assistance

 General Information:
   - Site Map
   - List of Acronyms
   - Archived Projects
        & Conferences
   - Virus Information
   - National Vulnerability

 News & Events  
   - Federal News
   - Security Events

 Services For the: 
   - Federal Community
   - Vendor
   - User
   - Small/Medium

 Links & Organizations
   - Academic
   - Government
   - Professional
   - Additional Links

 NIST's National
 Vulnerability Database:
Search for Vulnerabilities
Enter vendor, software, or keyword
Research and Testing header image

NIST IPsec Project

  • The NIST IPsec Project is concerned with providing authentication, integrity and confidentiality security services at the Internet (IP) Layer, for both the current IP protocol (IPv4) and the next generation IP protocol (IPv6). Current efforts are concentrated on IPv4 because of the high level of interest in fielding Internet security technology as rapidly as possible. Implementing IPsec requires modifications to the system's communications routines and a new systems process that conducts secret key negotiations.

IPsec Testing Site

  • Following a need expressed in the IETF for an Interoperability Test System for Internet Security Protocols, NIST Internetworking Technologies Group has developed a test system, based on our in-house implementation of IPsec, Cerberus, and with a WorldWideWeb interface (this one). NIST Systems and Network Security Group has developed a reference implementation of the IPsec Key Negotiation System (Internet Key Exchange, or IKE), and added Key Negotiation test cases. NIST's IKE implementation is called PlutoPlus. The implementations, and the tester, currently exploit IPV4, but the intention is to provide an IPV6 version quite soon, at which time both versions of the tester will be available in parallel.

Role Based Access Control (RBAC)

  • One of the most challenging problems in managing large networked systems is the complexity of security administration. Today, security administration is costly and prone to error because administrators usually specify access control lists for each user on the system individually. Role based access control (RBAC) is a technology that is attracting increasing attention, particularly for commercial applications, because of its potential for reducing the complexity and cost of security administration in large networked applications.

Mobile Agent Security

  • Mobile agents are autonomous software entities that can halt their execution, transport themselves to another agent-enabled host on the network, and continue their execution on the new host, deciding where to go and what to do along the way. Mobile agents are goal-oriented, adaptive, can communicate with other agents, and can continue to operate even after the machine that launched them has been removed from the network.

Security Metrics

  • The protection of information systems continues to grow in importance as connectivity and interdependence increase. Determining how well we are protecting these assets, however, is difficult, because there are no commonly accepted approaches to measuring security. Metrics are needed to help us evaluate and improve the effectiveness of information systems security and to communicate to decision and policy makers about the state of security of information technology systems. NIST/ITL is involved in several related efforts on the development of security metrics:

Random Number Generation and Testing

  • The three primary goals were: (a) to develop a battery of statistical tests to detect non-randomness in binary sequences constructed using random number generators and pseudo-random number generators utilized in cryptographic applications, (b) to produce documentation and a software implementation of these tests, and (c) to provide guidance in the use and application of these tests.


Last updated: August 12, 2013
Page created: February 23, 2001

[an error occurred while processing this directive]