NIST Tech Beat - July 9, 2008

The National Institute of Standards and Technology (NIST) announced today that it is seeking proposals for high-risk research projects to develop innovative technologies for inspecting, monitoring and evaluating critical components of the nation’s roadways, bridges, and drinking and wastewater systems. The competition for cost-shared research and development (R&D) support is the first to be announced by NIST’s newly established Technology Innovation Program (TIP) in an effort to address critical societal challenges.

NIST announced that, based on FY 2008 funds, it expects to award approximately $9 million in first-year funding for R&D projects focused on new, efficient, accurate, low-cost and reliable sensors and related technologies that provide quantitative assessments of the structural integrity or degree of deterioration of bridges, roads, water mains and wastewater collection systems. The competition, program officials said, addresses a critical national need for improved sensing technologies to help local, state, and national authorities more cost-effectively monitor and maintain the Nation’s vast public infrastructure, some portions of which have been in place for many years and are rapidly and dangerously aging.

TIP was established by the 2007 America COMPETES Act to support, promote, and accelerate innovation in the United States through high-risk, high-reward research in areas of critical national need. The merit-based competitive program can fund cost-shared R&D projects by single small-sized or medium-sized businesses and joint ventures that also may include institutions of higher education, non-profit research organizations and national laboratories. TIP awards are limited to no more than $3 million total over three years for a single company project and no more than $9 million total over five years for a joint venture.

Proposals for the current TIP competition must be received by NIST by 3 p.m. EDT, Thursday, Sept. 4, 2008. Proposers may submit proposals by paper or electronically through the Grants.gov Web site. Review, selection and award processing is expected to be completed by the end of November 2008. For more details and a list of upcoming public meetings to provide general information on the competition, see “New Program To Fund Monitoring, Inspection Technologies For Public Infrastructure.”

Enlisting an army of plant viruses to their cause, materials researchers at the National Institute of Standards and Technology (NIST) have identified a small biomolecule that binds specifically to one of the key crystal structures of the body—the calcium compound that is the basic building block of teeth and bone. With refinements, the researchers say, the new molecule can be a highly discriminating probe for a wide range of diagnostic and therapeutic applications related to bones and teeth.

Although they have somewhat different mechanical properties, the major structural component of both teeth and bones is a crystalline compound of calcium phosphate called hydroxyapatite. Subtle variations in the way the crystal forms account for the differences. Identifying and monitoring the formation of this particular crystal is of paramount importance to biomedical researchers working on a variety of problems including the remineralization of teeth to repair decay damage, the integration of prosthetic joints and tissue-engineered bone materials for joint and bone replacement, and cell-based therapies to regrow bone tissue.

To date, however, there is no specific, practical method to spot the formation of hydroxyapatite in living systems or tissue samples. Materials scientists can identify the crystal structure with high reliability by the pattern it makes scattering X rays, but it’s a complex procedure, requires fairly pure samples and certainly can’t be used on living systems. There are some widely used chemical assays—the von Kossa assay, for example—but these also are destructive tests, and more importantly they really test simply for the presence of the elements calcium or phosphorus. They can’t distinguish, for example, between deposits of amorphous calcium phosphate—a precursor—and the hydroxyapatite crystal.

To find a more specific, less destructive probe, the NIST team used a relatively new technique called “phage display” that can rapidly create and screen huge numbers of biomolecules for specific interactions. Phages are a primitive and ubiquitous class of viruses that infect bacteria. Some simple phages can be genetically modified to randomly assemble short sequences of amino acids—small proteins called peptides—on their outer shells as binding sites. An engineered population of phages will synthesize billions of random peptides. If these phages are exposed to the target surface—hydroxyapatite crystal in this case—and then washed off, those left behind are the ones that tend to stick. Cloning the survivors and repeating in several cycles with increasingly stringent conditions eventually isolates a handful of candidate peptides that can be further tested to measure their affinity for the target.

As reported in a recent paper,* the NIST team used the technique to identify a new peptide that relies both on the chemical composition and the crystal structure of hydroxyapatite to bind to the mineral’s surface. The peptide’s ability to “recognize” the specific structure of hydroxapatite, say the researchers, could be exploited as a nondestructive tag to monitor the progress of bone and tooth mineralization for diagnostic and therapeutic applications.

* M.D. Roy, S.K. Stanley, E. J. Amis and M.L. Becker. Identification of a highly specific hydroxyapatite-binding peptide using phage display. Adv. Mater. 2008, 20, 1830–1836

The sun is about to undergo unremitting scrutiny. About six times each minute of every hour for at least five years, a soon-to-be launched NASA satellite will measure the sun’s quirky—and sometimes stormy—output of extreme ultraviolet (EUV) light. To ensure that this solar stake-out yields data useful for understanding the weather in space and its earthly consequences, researchers at the National Institute of Standards and Technology (NIST) are helping a NASA team prepare for annual rocket-borne check-ups of key instruments aboard the Solar Dynamics Observatory (SDO).

From one multi-year solar cycle to the next, the amount of ultraviolet radiation generated by the sun can change as much as tenfold. On shorter time scales—during, for example, a violent solar flare—ultraviolet output can jump by a factor of 1,000 in a matter of minutes. EUV light is highly energetic. It is absorbed by the Earth’s upper atmosphere, ionizing gases and creating electric currents that form the inner edge of the Earth’s magnetosphere. Changes in the sun’s magnetic field driven by the solar wind in turn affect the Earth’s atmospheric electric currents and magnetic fields, and can cause such disruptive effects as wreaking havoc with the Nation's electric power grid. In addition, the ionization of atmosphere gases by EUV and X-ray irradiation disrupts the high-frequency radio communication and decreases the accuracy of GPS systems. Related phenomena can change the density of the upper atmosphere, increase the drag on satellites in low-Earth orbit, and knock them out of orbit.

To better understand the origins and impacts of EUV phenomena, the SDO’s three onboard experiments will make nearly continuous observations of changes in the sun’s magnetic field, solar-flare and other activity on the surface and in the interior, and energy outputs. According to NASA, the experiment will produce enough data on solar EUV output to fill one compact disc every 36 seconds.

Key to the success of the experiments is ensuring that the instruments stay calibrated and record accurate data. “Good calibrations are necessary for quality data and for ensuring consistency of data across space missions,” explains NIST physicist Robert Vest.

In October, a few months before the SDO’s tentatively scheduled launch, the NASA team will perform a dry run of the rocket-science equivalent of telemedicine. A rocket will carry duplicates of instruments built for SDO’s EUV Variability Experiment, or EVE. If only for a minute or two, the duplicate devices will take measure of the Sun’s EUV emissions. Data gathered during the brief outing will enable NIST to complete its characterization of the EUV spectrophotometer, which detects EUV emissions at several specific wavelengths, including those associated with solar flares.

Once a year, measurements made by rocket-borne spectrophotometers will be used to recheck accuracy of the counterpart instruments on the SDO as it orbits 22,000 miles (about 35,400 kilometers) above the Earth. From the comparison, the NASA team can determine whether values in the data beamed to scientists on Earth should be adjusted. Once recalibrated, the onboard instruments also will be used to check the measurement performance of two other spectrographs desigend to measure the brightness of radiation in portions of the EUV spectrum.

The Space Weather Prediction Center will be a major user of SDO solar surveillance data. Jointly operated by the National Oceanic and Atmospheric Administration and the U.S. Air Force, the Boulder, Colo., center is the national and world warning center for disturbances that can affect people and equipment working in the space environment.

EVE is led by principal investigator Tom Woods of the University of Colorado Laboratory for Atmospheric and Space Physics. The EUV spectrophotometers were designed and built at the Space Science Center at the University of Southern California. Calibrations of the spectrophotometers as well as other devices in the EVE instrument package were performed on high-accuracy beamlines at the NIST SURF III Synchrotron Ultraviolet Radiation Facility, which are partially supported by NASA.

A new ultrasensitive, high bandwidth neutron detector developed by the National Institute of Standards and Technology (NIST) and the University of Maryland (UMD) will receive one of this year’s “R&D 100 Awards,” it was announced on July 1. The annual R&D 100 Awards program recognizes “the 100 most technologically significant products introduced into the market” during the previous year, as selected by an independent judging panel and the editors of R&D Magazine.

Neutron detectors are important in many applications, ranging from fundamental physics experiments to materials science, reactor operations, oil well logging, monitoring of special nuclear materials, and personal protective equipment for first responders. Conventional neutron detectors are based on proportional counters that detect the high-voltage electrical discharges created when neutrons are absorbed by atoms in a gas cell. The NIST Lyman alpha neutron detector (LAND), on the other hand, detects neutrons by a more subtle and sensitive technique, measuring “Lyman alpha” radiation in the far ultraviolet region of the spectrum when neutrons are absorbed by a helium isotope. (See “New NIST Detector Can ‘See’ Single Neutrons Over Broad Range.”)

A LAND instrument can detect individual neutrons, which was not possible with proportional counters, and LAND is less susceptible to spurious signals triggered by gamma rays. The device is mechanically robust and requires no specialized fabrication techniques or ultrahigh purity gases. NIST has filed a U.S. patent application on the LAND technology. A paper on LAND principles was published in the NIST Journal of Research in April 2008.*

The LAND development team recognized by the R&D 100 Award consists of: Alan K. Thompson and Muhammad Arif of the NIST Ionizing Radiation Division;, Robert E. Vest and Charles W. Clark of the NIST Electron and Optical Physics Division; and Michael A. Coplan of the Institute for Physical Science and Technology, University of Maryland. Critical support for this project was provided by unique NIST calibration facilities for neutron and far ultraviolet radiation, respectively the NIST Center for Neutron Research and the FUV Detector Calibration Facility. Much of the design and construction of the LAND was done at the University of Maryland, College Park.

In recent years cell phones and PDAs—“Personal Digital Assistants”—have exploded in power, performance and features. They now often boast expanded memory, cameras, Global Positioning System receivers and the ability to record and store multimedia files and transfer them over wireless networks—in addition to the cell phone system—using WiFi, infrared and Bluetooth communications. Oh, yes, and make phone calls.

On July 7, the National Institute of Standards and Technology (NIST) published for comment draft guidelines on security considerations for cell phones and PDAs. Part of a series of publications on computer security issues, the draft guidelines provide an overview of cell phones and PDA devices in use today and the growing security threats that they face and propose a framework that organizations can use to manage the security risks.

“The security issues for cell phones and PDAs range beyond those of other computer equipment,” the NIST authors observe. “Moreover, many common safeguards available for desktop and networked computers are generally not as readily available across a broad spectrum of handheld device types.” The draft document notes that some security enhancements better known in the personal computer world are becoming available for PDAs and smart phones, including stronger user authentication systems based on biometrics, and firewall, antivirus and intrusion detection software.

Comments on the draft document are due by Aug. 8, 2008, and should be submitted by e-mail to 800-124comments@nist.gov with “Comments SP 800-124” in the subject line.

Draft NIST computer security publications including Guidelines on Cell Phone and PDA Security (Special Publication 800-124 Draft) are available online from the NIST Computer Security Resource Center at http://csrc.nist.gov/publications/PubsDrafts.html.

The National Institute of Standards and Technology (NIST) has developed two demonstration software packages that show how Personal Identity Verification (PIV) cards can be used with Windows and Linux systems to perform logon, digital signing and verification, and other services. The demonstration software, written in C++, will assist software developers, system integrators and computer security professionals as they develop products and solutions in response to Homeland Security Presidential Directive 12 and the FIPS 201-1 standard.

“We wanted to provide IT professionals with a model of one way that PIV cards can be used to support authentication to federal information systems,” explains Donna Dodson, deputy director of the NIST Computer Security Division. “Our objective was not to say ‘do the steps this way,’ but to show an example of how you might proceed.”

Homeland Security Presidential Directive 12 calls for government employees and contractors to use secure identity credentials to access federal facilities and computers. NIST worked with industry to develop the standards for the PIV cards that will be used for those purposes. Each card contains a unique number, two of the employee’s biometric fingerprint templates, and cryptographic keys stored on an electronic chip embedded in the card’s plastic body.

While each federal agency will implement the use of PIV cards on its own schedule, NIST computer scientists developed the software to demonstrate that PIV cards can work with common computer activities such as system logon. The typical process of keying in user name and password will be replaced with the user inserting his/her PIV card in a reader and entering a personal identification number (PIN). This secure logon could eliminate the need for passwords for other applications and could provide access to secure databases to which the user is authorized.

The PIV Crypto Service Provider (CSP) demonstrates Windows XP Logon with PIV cards. The Public Key Cryptography Standard #11 module was developed to operate in the Fedora Core 5 environment and to implement Linux Logon, signing and encrypting email (following the S/MIME standard) and Web site authentication (following the SSL/TLS standard), configured in Linux OS, Thunderbird and Firefox applications.

A new publication released by the National Institute of Standards and Technology (NIST) on June 30 can help information system managers negotiate the often complex process of assessing security controls in their information systems. Although designed specifically to meet the needs of federal IT managers who must satisfy government requirements called for in the 2002 Federal Information Security Management Act (FISMA), the new guide can be useful to IT professionals across the industry.

The document, Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, is designed to assist managers in assessing the effectiveness of the security controls called for in NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems. SP 800-53 is one of the core documents supporting the Risk Management Framework that was developed for federal agencies by NIST as part of its FISMA responsibilities. SP 800-53 specifies a flexible and extensible process for selecting security controls for federal information systems in accordance with the mission and business functions being carried out by federal agencies.

The assessment procedures provided in SP 800-53A close the loop by defining a disciplined and structured process for determining if the security controls in federal information systems are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting organizational security policies.

“When security controls are less than fully effective,” says Ron Ross, project leader, FISMA Implementation Project, “information system vulnerabilities can be exploited by adversaries to compromise the confidentiality, integrity and availability of information processed, stored and transmitted by the system.”

For simplicity and ease of use, SP 800-53A lists the security controls from SP 800-53 together with the assessment procedures for those controls.

SP 800-53A authors developed additional tools and techniques for implementing the assessment procedures in SP 800-53A that will be available on the NIST Web site after July 25. NIST, working with security control assessors from the Departments of Energy, Justice and Transportation and the intelligence community, generated a suite of assessment cases based on SP 800-53A procedures. The cases provide additional assessor-related information that can be used for more consistent and cost-effective security control assessments.

(Return to NIST News Page)

Editor: Michael Baum

Date created: July 9, 2008
Date updated: July 15, 2008
Contact: inquiries@nist.gov