The National Academies Press

Currently Skimming:

2 Government and Infrastructure
Pages 19-28

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 19... ... They covered the government's use of cryptography and its standards-setting process, the evolution of cryptographic technology, and current and future challenges. HOW THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY THINKS ABOUT CRYPTOGRAPHY Kerry McKay, National Institute of Standards and Technology Kerry McKay is a computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST) Read the entire page →
From page 20... ... Supporting weaker algorithms instead of retiring them can also lead to what are known as "downgrade attacks," in which hackers are able to find and exploit known weaknesses in servers that still support these algorithms. The National Institute of Standards and Technology Process McKay turned to the standards-making process at NIST, which seeks to balance agility and interoperability with security for non-classified government systems. Read the entire page →
From page 21... ... SHA-3 had 64 submissions and ran from approxi mately 2004 to 2015.1 Because of these downsides, sometimes it is more helpful to focus on algorithms that are already in use. This option works well for block cipher modes, which add features to block ciphers that have already been standardized, with faster timelines and lower imple mentation cost. Read the entire page →
From page 22... ... McKay listed the various standards that NIST recommends and uses: Secure Hash Algorithm-2 (SHA-2) , SHA-3, 3DES, AES, RSA, Elliptic Curve Digital Signature Algorithm, Digital Signature Standard, and hash message authentication code. Read the entire page →
From page 23... ... McKay noted that NIST does recommend transition periods in SP800-131A, including considering the time a vendor needs to anticipate the change to its business. When asked by Matthew Green, Johns Hopkins University, whether NIST had plans to modernize its approval process for new algorithms, McKay and Dodson answered that to do so, NIST would need more personnel. Read the entire page →
From page 24... ... Early Cryptography George began with an overview of VINSON, a voice encryption device for military radios. VINSON's initial objective was to encrypt radio communication between a forward ob server and up to six contacts. Read the entire page →
From page 25... ... Integrity, authentication, confidentiality, and non-repudiation were the traditional aims. The Problem of Legacy Cryptography Building on a theme raised earlier in the workshop, George commented on the prob lem of legacy cryptography that remains in software or hardware after it has become obsolete. Read the entire page →
From page 26... ... While diplomacy is important, she said, citizens are often unaware that there is a security choice at all and end up using an insecure setting by default. George agreed that the average user chooses the default security settings, which are probably insecure. Read the entire page →
From page 27... ... An approach known as quantum key distribution might be considered safe, for example, but George asserted that every implementation of quantum key distri bution so far has been shown fairly quickly by academic researchers to be insecure. Quantum-resistant cryptography is so little understood that it would require years of study -- time that we really do not have, George said. Read the entire page →
From page 28... ... In the context of the security problem known as buffer overflows, George suggested fixes must be made in hardware because software is too extensive and diverse. George emphasized how critical it will be to know which adversaries have access to quantum computers and what types of extremely important information must be pro tected from this threat. Read the entire page →

From page 19...

... They covered the government's use of cryptography and its standards-setting process, the evolution of cryptographic technology, and current and future challenges. HOW THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY THINKS ABOUT CRYPTOGRAPHY Kerry McKay, National Institute of Standards and Technology Kerry McKay is a computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST)

Read the entire page →

From page 20...

... Supporting weaker algorithms instead of retiring them can also lead to what are known as "downgrade attacks," in which hackers are able to find and exploit known weaknesses in servers that still support these algorithms. The National Institute of Standards and Technology Process McKay turned to the standards-making process at NIST, which seeks to balance agility and interoperability with security for non-classified government systems.

Read the entire page →

From page 21...

... SHA-3 had 64 submissions and ran from approxi mately 2004 to 2015.1 Because of these downsides, sometimes it is more helpful to focus on algorithms that are already in use. This option works well for block cipher modes, which add features to block ciphers that have already been standardized, with faster timelines and lower imple mentation cost.

Read the entire page →

From page 22...

... McKay listed the various standards that NIST recommends and uses: Secure Hash Algorithm-2 (SHA-2) , SHA-3, 3DES, AES, RSA, Elliptic Curve Digital Signature Algorithm, Digital Signature Standard, and hash message authentication code.

Read the entire page →

From page 23...

... McKay noted that NIST does recommend transition periods in SP800-131A, including considering the time a vendor needs to anticipate the change to its business. When asked by Matthew Green, Johns Hopkins University, whether NIST had plans to modernize its approval process for new algorithms, McKay and Dodson answered that to do so, NIST would need more personnel.

Read the entire page →

From page 24...

... Early Cryptography George began with an overview of VINSON, a voice encryption device for military radios. VINSON's initial objective was to encrypt radio communication between a forward ob server and up to six contacts.

Read the entire page →

From page 25...

... Integrity, authentication, confidentiality, and non-repudiation were the traditional aims. The Problem of Legacy Cryptography Building on a theme raised earlier in the workshop, George commented on the prob lem of legacy cryptography that remains in software or hardware after it has become obsolete.

Read the entire page →

From page 26...

... While diplomacy is important, she said, citizens are often unaware that there is a security choice at all and end up using an insecure setting by default. George agreed that the average user chooses the default security settings, which are probably insecure.

Read the entire page →

From page 27...

... An approach known as quantum key distribution might be considered safe, for example, but George asserted that every implementation of quantum key distri bution so far has been shown fairly quickly by academic researchers to be insecure. Quantum-resistant cryptography is so little understood that it would require years of study -- time that we really do not have, George said.

Read the entire page →

From page 28...

... In the context of the security problem known as buffer overflows, George suggested fixes must be made in hardware because software is too extensive and diverse. George emphasized how critical it will be to know which adversaries have access to quantum computers and what types of extremely important information must be pro tected from this threat.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

2 Government and Infrastructure Pages 19-28

2 Government and Infrastructure
Pages 19-28