[STDS-P1619] Fwd: NIST Release 3 Security Publications (including one for PRFs and KDFs)

[Matt Ball <matt.ball@xxxxxxxx>]

I think that the SP 800-108 draft is of general interest to these lists (see below).  This specifies Pseudo-Random Functions (PRF) and Key Derivation Functions (KDF).

I suspect many of the companies on this list have some kind of key derivation scheme somewhere.  Make sure to send your feedback to NIST if this draft is unnecessarily specific, or excludes otherwise secure derivation schemes.

Just a few highlights:

• The approved PRFs are HMAC-SHA-x and CMAC (SP 800-38B)
• There are three KDFs: KDF in counter mode, KDF in Feedback mode, and KDF in double-pipelined iteration mode
• There is approval of 'Key Hierarchy' structures, in which keys are derived from keys that are derived from keys, etc.
  

I didn't check, but we'll need to make sure that the KDFs used in IKEv2 and TLS are supported within the context of SP 800-108.

Cheers,
-Matt

---------- Forwarded message ----------
From: Patrick O'Reilly <poreilly@email.nist.gov>
Date: Fri, May 2, 2008 at 2:06 PM
Subject: NIST Release 3 Security Publications
To: Multiple recipients of list <compsecpubs@nist.gov>



#1:
NIST announces the release of Draft Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions. This Recommendation specifies techniques for key derivation from a secret key using pseudorandom functions (PRF). . The comment period closes on June 28, 2008. To learn more about this draft, please visit the CSRC Drafts page.

URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-108

#2:
NIST announces the release of the public draft of Special Publication 800-66 Revision 1, An Introductory Resource Guide to Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (Draft). This Special Publication (SP), which discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security Rule.  To learn more about this draft please visit CSRC Drafts page.

URL: http://csrc.nist.gov/publications/PubsDrafts.html#800-66-Rev1

#3:
The NIST Computer Security Division is proud to announce the release of NIST Interagency Report (IR) 7442: Computer Security Division - 2007 Annual Report. This publication highlights the diverse research agenda that enabled the Computer Security Division to successfully respond to numerous challenges and opportunities in fulfilling its mission to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services.  If interested in reviewing this annual report, link provided below.

URL: http://csrc.nist.gov/publications/PubsNISTIRs.html#NISTIR_7442


---------------------
To unsubscribe from this list send e-mail to listproc@nist.gov and type in the body of the e-mail message:
       unsubscribe compsecpubs

Reminder:  You need to make sure that you are unsubscribing from the original e-mail address that you subscribed to this list from.  If not, you will receive an error message.  If that is the case, send patrick.oreilly@nist.gov an e-mail and I will have to manually delete your email address from the listproc system.  To save time - please provide me with your old email address that you subscribed to the list.  Thanks.

Pat O'Reilly
List Administrator
Computer Security Division
NIST

-- 
Thanks!
Matt Ball, IEEE P1619.x SISWG Chair
M.V. Ball Technical Consulting, Inc.
Phone: 303-469-2469, Cell: 303-717-2717
http://www.mvballtech.com
http://www.linkedin.com/in/matthewvball