The ICMC 2015 Audio Archive contains complete audio files and slides from over 45 conference sessions.
Thanks for joining our email list! Click any hyperlinked presentation title to view slides. Adobe acrobat required.
Wednesday, November 4
Pre-Conference Workshops
How Not To Do a FIPS 140 Project (W01a) Steve Weingart, Manager of Public Sector Certifications, Aruba Networks; Chris Keenan, Evaluator, Gossamer Security Solutions
| Part I | |
| Part II | |
| Part III |
Breaking into Embedded Devices: Side Channel Analysis (W01b) Jasper Van Woudenberg, CTO North America, Riscure
| Part I | |
| Part II | |
| Part III | |
| Part IV |
GlobalPlatform—Addressing Unique Security Challenges through Standardization (W01c) Presentation 1, Presentation 2, Presentation 3, Presentation 4 Kevin Gillick, Executive Director, GlobalPlatform; Hank Chavers, Technical Program Manager, GlobalPlatform; Philip Hoyer, Director of Strategic Innovation, HID Global, and Identity Task Force Chair, GlobalPlatform; Alexander Summerer, Technology Consultant, Giesecke & Devrient, and Secure Element Access Control Working Group Chair, GlobalPlatform
| Part I | |
| Part II | |
| Part III |
Validating a Virtual Module Without Guidance From CMVP (W02a) Steve Ratcliffe, TME, Cisco Systems
| Part I | |
| Part II |
Breaking into Embedded Devices: Fault Injection (W02b) Jasper Van Woudenberg, CTO North America, Riscure
| Part I | |
| Part II |
Thursday, November 5
Plenary Keynote Sessions
Welcome and Introductions, Yi Mao, Principal Consultant, atsec information security
Keynote Presentation on Current Issues in Cryptography (P11a) Phil Zimmermann, Creator of PGP, Co-founder, Silent Circle
Keynote Presentation: Cryptography, Moore’s Law, and Hardware Foundations for Security (P11b) Paul Kocher, President, Chief Scientist, Cryptography Research
Keynote Presentation: Department of Defense Cybersecurity (P11c) Marianne Bailey, Principal Director, Deputy CIO for Cybersecurity, Department of Defense
Certification Programs Track
Accreditation, Validation & Recognition based on ISO Standards (C12) Randall Easter, NIST
The Next Steps Toward A Scalable International Cryptographic Evaluation Process (C13) Clint Winebrenner, Technical Lead, Product Certifications Security & Trust Organization, Cisco
Legacy Random Number Generators (RNGs) (C14) Zhiqiang (Richard) Wang, CSTL Lab Technical Director, Leidos; William Tung, Senior Security Evaluation Analyst, Gemalto
Proposed Changes for a Long-Overdue Revision of FIPS 140-2 (C15) Francisco Corella, Founder & CTO, Pomcor; Karen Lewison, CEO, Pomcor
Adding to the Approved List of Algorithms (C16) Kelvin Desplanque, TME—Government Certification CoGS—Canada, Cisco Systems
CMVP Programmatic Status (CMVP) (C17) Carolyn French, ITS Engineer, CSE; Michael Cooper, IT Specialist, NIST; Apostol Vassilev, Cybersecurity Expert, Computer Security Division, NIST
General Technology Track
Effective Cryptography—Or: What’s Wrong With All These Crypto APIs? (G12) Thorsten Groetker, CTO, Utimaco
The Entropy Bogeyman (G13) Edward Morris, Co-Founder, Gossamer Security Solutions; Khai Van, Security Tester, Gossamer Security Solutions
The What, Why, and How of Tokenization (G14) Peter Helderman, Principal Consultant, UL
SP 800-131A Transitions and Related Implementation Guidance (G15) Allen Roginsky, Mathematician, NIST; Apostol Vassilev, Cybersecurity Expert, Computer Security Division, NIST
SP800-90B: Analysis of Linux /dev/random (G16) Stephan Mueller, Principal Consultant and Evaluator, atsec information security
Enough Entropy? Justify It! (G17) Yi Mao, Principal Consultant, atsec information security
Advanced Technology Track
Quantum Computing and Its Impact (A12) David Cornwell, Lead Engineer, Booz Allen Hamilton
Extending Derived Credential Use to Support S/MIME Even with Medium-Hardware Protected Credentials (A13) Issam Andoni, Chief Technology Architect/Owner, Zeva Inc.
A Look into Hard Drive Firmware Hacking (A14) Khai Van, Security Tester, Gossamer Security Solutions
Improved Approaches to Online Health Testing in SP800-90 RNGs (A15) David Johnston, Hardware Security Architect, Intel
Test Vector Leakage Assessment (TVLA) for Side Channel Analysis in Conformance Testing Scenario (A16a) Gilbert Goodwill, Senior Principal Engineer, DPA Software and Training Lead, Cryptography Research
Test Vector Leakage Assessment (TVLA) for Side Channel Analysis in Conformance Testing Scenario (A16b) Steve Weymann, Security Engineer, InfoGard Laboratories
Low-Cost Side Channel Attacks on Smartphones and Embedded Devices using Software Defined Radios (A17) Gabriel Goller, Giesecke & Devrient
CMUF Face-to-Face Meeting
Cryptographic Module User Forum Update, Matt Keller, VP, Corsec Security
Friday, November 6
Certification Programs Track
CSfC Program and its FIPS 140-2 Requirements (C21) Matt Keller, VP, Corsec Security
What is Suite-B Cryptography and How Does it Relate to Government Certifications? (C22) Anthony Busciglio, Co-Founder, Laboratory Manager, Acumen Security
Introduction on the Commercial Cryptography Scheme in China (C23) Di Li, atsec information security
FIPS 140 Quo Vadis? (C24) Apostol Vassilev, Cybersecurity Expert, Computer Security Division, NIST
Cryptographic Validation Requirements and the Common Criteria (ISO/IEC 15408) (C25) Kirill Sinitski, Common Criteria Evaluator & Quality Coordinator, CygnaCom
NIST & NIAP Working Together (C26) Janine Pedersen, Director, National Information Assurance Partnership (NIAP); Michael Cooper, IT Specialist, NIST
General Technology Track
Repetition Count Test (G21) Jason Tseng, Project Control Analyst, Leidos; Michael Powers, Security Assurance Engineer, Leidos
Roadmap to Testing of New Algorithms (CAVP) (G22) Sharon Keller, Computer Scientist, NIST; Apostol Vassilev, Cybersecurity Expert, Computer Security Division, NIST
Entropy Estimation by Example (G23) David Cornwell, Lead Engineer, Booz Allen Hamilton
Importance of Open Source to the Cryptographic Module Community (G24) Chris Brych, Senior Principal Security Analyst, Oracle
Challenges in Generating Keys for Asymmetric-Key Algorithms (G25) Allen Roginsky, Mathematician, NIST
What is My Operational Environment? (G26) Swapneela Unkule, atsec information security
End User Experience Track
Commonly Accepted Keys and CSPs Initiative (U21) Ryan Thomas, FIPS 140-2 Program Manager, CGI Global Labs
FIPS is FIPS, Real World is Real World and Never the Twain Shall Meet? (U22) Ashit Vora, Co-Founder and Laboratory Director, Acumen Security
Collateral Damage—Vendor and Customer Impact of Frequent Policy Changes (U23) Joshua Brickman, Director, Security Evaluations, Oracle; Glenn Brunette, Senior Director and Chief Technologist, Cybersecurity, Oracle
Learning From Each Other and Our Mistakes (U24) Terrie Diaz, Product Certification Engineer, Cisco Systems; Edward Morris, Co-Founder, Gossamer Security Solutions
FIPS140-Testing: You Want My What? (U25) Valerie Fenwick, Software Engineering Manager, Oracle; Hai-May Chao,, Principal Software Engineer, Solaris Security Technologies Group, Oracle
Validating Encryption: The Bottleneck in Security Innovation (U26) Ray Potter, CEO, SafeLogic; Walter Paley, Director of Marketing, SafeLogic
Summary Panel Discussion
Impact of Draft CMVP Policy Changes on Industry (P27) Moderator: Marcus Streets, Product Director High Security Products, Good Technology Panelists: Douglas Gebert, Enterprise Architect, HP Enterprise; Michael Cooper, IT Specialist, NIST; Tammy Green, Senior Principal Security Architect, Blue Coat Systems; Laurie Mack, Director Security & Certifications, Gemalto
For access to this content, please join our email list. We take your privacy seriously. We never sell lists or email addresses.
Our Simple Mailing List Policies: We hate spam. Unless you authorize it or we're compelled by law, we won't share your mail address with anyone else, ever. We value your information. We'll keep it as secure as we can. We will send mail at reasonable intervals, which is at most a few times a month and definitely not once a day. We'll do our best to meet all applicable privacy, spam, and other relevant rules and regulations. If you think we've failed to do that, please contact us so we can investigate and correct as required.
