Pre-Conference Workshops

Wednesday, November 19

9:00 Explaining the ISO 19790 Standard Randall Easter, NIST, Security Testing, Validation, and Management Group (W01)
10:45 Explaining the ISO 19790 Standard Continued Randall Easter, NIST, Security Testing, Validation, and Management Group (W02)
13:15 Comparing ISO/IEC 19790 and FIPS PUB 140-2 William Tung, Cryptographic and Security Testing Laboratory’s (CSTL) Laboratory Manager, Leidos; Zhiqiang (Richard) Wang, Cryptographic & Security Test Lab (CSTL) Sr. Security Engineer, Leidos (W03)
15:00 Questions to CMVP (NIST/CSEC) on ISO 19790 Standard, 140-4 or Any Other Randall Easter, NIST, Security Testing, Validation, and Management Group; Allen Roginsky, Mathematician, NIST, Carolyn French, Manager, CMVP, CSEC and Sharon Keller, Director, Cryptographic Algorithm Validation Program (CAVP), NIST (W04, A)
15:45 Status of the Transition to New Algorithms and Stronger Keys Allen Roginsky, Mathematician, NIST (W04, B)

Conference Sessions

Thursday, November 20

Plenary Keynote Presentations

9:00 Welcome and Introduction
9:15 Random Thoughts Helmut Kurth, Chief Scientist, atsec information security
9:45 Is Anybody Listening? Business Issues in Cryptographic Implementations Mary Ann Davidson, Chief Security Officer, Oracle Corp.

Track Sessions

Certification Programs Track

11:00 Roadmap to Testing of New Algorithms Sharon Keller, Director, Cryptographic Algorithm Validation Program (CAVP), NIST (C12, A)
11:45 FIPS 140-Next Is Coming: What Does It Mean and What Are You Going To Do? Tony Busciglio, Laboratory Manager, Acumen Security  (C12, B)
13:45 Making Diamonds Out of Coal: CST Labs Are Under Pressure Yi Mao, Principal Consultant, atsec (C13, A)
14:30 Navigating the Minefield as an Operating System Vendor and FIPS-140 Newbie Darren Moffat, Senior Principal Engineer, Solaris; Valerie Fenwick, Software Engineering Manager, Oracle (C13, B)
15:45 Results of a Research Effort in Response to New Entropy Standards Ray Potter, CEO & Co-Founder, SafeLogic (C14, A)
16:30 Help! I’m Bricked and Can’t Zero My CSPs! Tammy Green, Senior Security Architect & Vulnerability Response Director, Blue Coat Systems (C14, B)

General Technology Track

(some audio not available)
11:00 ID Suite B Cryptography and Commercial Solutions for Classified: A Primer Jon Green, CTO Aruba Networks Government Solutions
11:45 FIPS 140-2 Implementation Guidance 9.10: What is a Software Library and How to Engineer It for Compliance? Apostol Vassilev, Cybersecurity Expert, Computer Security Division, NIST, Staff Member, CMVP
13:45 PKCS#11: Breathing New Life Into a Beloved Cryptographic Standard Valerie Fenwick, Software Engineering Manager, Oracle
14:30 A Study on the Interoperability of Certification for Commercial Cryptographic Module Validation Neng Gao, Associate Professor, Institute of Information Engineering, Chinese Academy of Sciences
15:45 FIPS 140-2 Compliance of Industry Protocols in 2015 and 2016, Edward Morris, Co-Founder, Gossamer Security Solutions
16:30 Panel Discussion: ISO/IEC 19790 Editors
Moderator: Fiona Pattinson, Director, Strategy & Business Development, atsec, Panelists: Randall Easter, NIST, Security Testing, Validation, and Management Group; Junichi Kondo, Director, JCMVP, IPA; Jean-Pierre Quémard, Head of Sales Aeronautics & Space, Cassidean; Dr. Gen’ya Sakurai, JCMVP, IPAConference Presentations

Advanced Technology Track

11:00 Tamper Event Detection on Distributed Devices in Critical Infrastructure Jason Reeves, Graduate Student, Dartmouth College
11:45 MRS: Tamper-Respondent Meshes Moisés Riesgo Suárez, Evaluator, Epoche & Espri
13:45 Cryptographic Side-Channel Analysis on the Primary Side of Switching-Mode Power Supplies Sami Saab, Principal Field Applications Engineer, Cryptography Research
14:30 SLEAK: A Side-Channel Leakage Evaluator and Analysis Kit Dan Walters, Digital/Micro HW Engineer, MITRE – Paper
15:45 Validating Sub-Chip Modules and Partial Cryptographic Accelerators, Carolyn French, Manager, CMVP, CSEC and Randall Easter, NIST, Security Testing, Validation, and Management Group
16:30 SE, TEE, HCE: Making Sense of the Security of Cryptography in Your Phone, Jasper van Woudenberg, CTO North America, Riscure and Marc Witteman, CTO, Riscure

Track Sessions

Friday, November 21

Certification Programs Track

9:00 Guidelines for Concurrent FIPS 140-2 and ISO/IEC 19790 Validations Luis Alfonso Garcia, IT Security Engineer, Epoche & Espri
9:45 Shoehorning Software Modules into FIPS 140-2 Luis Alfonso Garcia, IT Security Engineer, Epoche & Espri
11:00 CMVP Programmatic Status Michael Cooper, NIST and Carolyn French, Manager, CMVP, CSEC
11:45 NIST SP 800-90 Series Allen Roginsky, Mathematician, NIST
13:30 NIST SP 800-131A Transition Chris Brych, Senior Principal Security Analyst, Oracle Security Evaluations
14:15 NIAP—Recent Updates Janine Pederson, Director, NIAP, NSA/CSS Commercial Solutions Center

General Technology Track

9:00 Heartbleed, Best Practices and Why Are There Still Buffer Overflow Attacks? Steve Weingart, Public Sector Certifications, Aruba Networks
9:45 Validation of Cryptographic Protocol Implementations Juan Gonzalez Nieto, Technical Manager, BAE Systems Applied Intelligence
11:00 Entropy–A FIPS and Common Criteria Perspective Including SP 800-90B Gary Grainger, AT&E Technical Director, Leidos
11:45 Entropy Sources–Recommendations for a Scalable, Repeatable and Comprehensive Evaluation Process Sonu Shankar, Software Engineer, Cisco Systems, Alicia Squires, Global Certifications Team – Manager, FIPS/Common Criteria, Cisco Systems, Ashit Vora, Lab Director and Co-Founder, Acumen Security
13:30 Implementing SM2 Cryptographic Module on Graphics Processing Units Jiwu Jing, Professor, Institute of Information Engineering, Chinese Academy of Sciences
14:15 Understanding FIPS Requirements for UC APL Listing Eligibility Kathleen Moyer, Project Management Engineer, Corsec Security

15:30 Summary & Wrap-Up