August 25-28, 2020 | Hyatt Regency Bethesda, Maryland, USA

Presentations by Topic

Certification Programs

Day 1
15 May 2019

Latest Cryptographic Module Test Technology Development Trends of KCMVP (C11a)

This presentation will introduce the major test technology development trends of KCMVP. Korea has been operating its own cryptographic module validation system since 2005 and has been conducting tests based...
Read More

Update on the Canadian Centre for Cyber Security (C11b)

This presentation will introduce the new Canadian Centre for Cyber Security (CCCS or Cyber Centre), a branch of the Communication Security Establishment (CSE). We’ll focus on who we are in...
Read More

CMVP Programmatic Update (C11d)

This presentation will provide the latest from the CMVP: from new and updated Implementation Guidance to lab accreditation changes, and all initiatives in between.
Beverly Trapnell
Carolyn French

CCUF Update (C12c)

The CCUF would like to present an update on their activities.
Fiona Pattinson

ACVP Update (C13a)

Christopher Celi

With ACVP done what’s next on the road to automating the NIST crypto validation programs? (C13b)

NIST is working in close collaboration with the industry to address the shortcomings of the NIST Cryptographic Validation Programs and improve the efficiency and effectiveness of cryptographic module testing in...
Read More
Tim Anderson
Robert Relyea
Shawn Geddis
Apostol Vassilev
Day 2
16 May 2019

PSA Certification Programme (C21b)

This presentation will give a very brief introduction to Arm Platform Security Architecture (though that is a separate submission) and then explains why Arm have decided to introduce a new...
Read More
Rob Coombs
Marcus Streets

FIDO Authenticator Certification – FIPS 140-2 Companion Program (C21c)

The FIDO Alliance, a 250+ member association developing specifications and certification programs for simpler, stronger authentication, announced back in March 2018 the expansion of its certification program to include multi-level...
Read More
Roland Atoui

Secure Components – Certification That Benefits Edge, Fog & Cloud (C21d)

We are becoming increasingly ‘digitally dependent’, with connectivity spanning from our Edge devices, through the Fog and into the Cloud, helping us to manage every aspect of our personal, business...
Read More
Olivier Van Nieuwenhuyze

Securing a Connected World – How to create a certification Landscape (C22a)

This presentation will discuss the following problems: * Not all certification levels fit * How do you include HW/SW/Edge/Cloud? * Patching security issues * How do you re-use from 1...
Read More
Sylvain Bonfardin

Smart CC and CC-like Private Schemes (C22b)

Description TBA
Wouter Slegers

Composite Evaluation Approach Derived from Decades of Experience in Smart Card Evaluations for HSM and SAM (C22c)

Mandated in 2018, eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation defining standards for electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof of authentication...
Read More
Maria Fravventura

A new european regulation landscape for secure signature devices (C23a)

No one doubts that the handwritten signature will eventually be replaced by the digital signature. The European union is evolving towards new regulations for these systems based on certification. New...
Read More

eIDAS: Will Common Criteria Replace FIPS 140-2? (C23b)

Over the past few years, assessment of compliance of products and services with the eIDAS regulation has been at the center of extensive debate. Product developers, service providers, certification authorities,...
Read More
Arnold Abromeit
Graham Costa
Dieter Bong
Jonathan Allin
Maria Fravventura
Day 3
17 May 2019

Dealing with Overlapping Certification Requirements and Maximizing Your FIPS Investment (C31a)

This presentation will provide an overview of testing deemed necessary in FIPS and a summary of the challenges and opportunities for re-use in other Certifications based on lessons learned from...
Read More
Smita Mahapatra

ISO/IEC 19790 Updates (C31b)

ISO/IEC 19790 provides the security requirements for a cryptographic module. Originally based on the U.S. FIPS 140-2, the ISO version has been further developed and improved in subsequent editions. The...
Read More
Michael Cooper
Fiona Pattinson

NIST and NIAP Working Together (C32a)

Description TBA
Mary Baish
Michael Cooper

FIPS and CC : Symbiotic Certifications (C32b)

Description TBA
Brian Wood
Lachlan Turner
Erin Connor
Shawn Geddis
Nithya Rachamadugu
Day 4
29 Apr 2020

FIPS 140-3 Overview: Introduction (C11a)

FIPS 140-3 is structured very differently than the previous standard. This talk focuses on the ISO and NIST requirement documents and how they influence the CMVP program.
Kim Schaffer

FIPS 140-3 Overview: SP 800-140 Overview (C11b)

This presentation walks through the standards necessary to understand how the US-Canada validation authority manages the ISO requirements and testing while meeting CMVP requirements.
Kim Schaffer

FIPS 140-3 Overview: FIPS 140-2 Timeline and 140-2 and 3 Transitions (C11c)

As CMVP stands up FIPS 140-3, this presentation addresses the roadmap and management of FIPS 140-2 and what this means to vendors, labs, and users. This is an overview of...
Read More
Beverly Trapnell
Kim Schaffer

FIPS 140-3 Overview: Non-Invasive (C12a)

Indirect physical attacks such as sustained power monitoring have demonstrated that it is possible for some equipment to reveal sensitive key information. This presentation will provide an overview as to...
Read More
Carolyn French

FIPS 140-3 Overview: Authentication (C12b)

This talk walks through the standards necessary to understand how the US-Canada validation authority manages the ISO requirements and testing while meeting CMVP requirements.
Kim Schaffer

FIPS 140-3 Overview: CAVP Overview (C12d)

CAVP has reformulated the algorithm process over the last year. This presentation will address how the process now works, who can use the service, and how the information is used.c
Christopher Celi
Tim Hall

FIPS 140-3 Overview: 90-B Validations (C12c)

This presentation discusses how these validations will be integrated into the CAVP program and automation.
Christopher Celi
Tim Hall

Getting Ready for FIPS 140-3 (C13a)

On behalf of the Cryptographic Module User’s Forum (CMUF) FIPS 140-3 Transition Working Group (WG), the speaker will report the work performed by the WG to assist the Cryptographic Module...
Read More
Yi Mao

101 on FIPS 140-3 (C13b)

This presentation will explain the key differences between FIPS 140-2 and 140-3 requirements for the most used levels (1 and 2) of software, hardware and hybrid modules. A summary mapping...
Read More
Kwok Wong
Nithya Rachamadugu

Invasive Species—A Guide to FIPS 140-3 Non-Invasive Testing Requirements (C13c)

“Intelligence is the ability to adapt to change” —Stephen Hawking Our world is in a constant state of change. The security world is no different. In the past, security was...
Read More
Renaudt Nunez
Day 5
28 Mar 2020

NIST and NIAP Working together (C20a)

Description to come
Mary Baish
Day 6
30 Apr 2020

CMVP Programmatic Update (C20b)

This presentation will provide the latest from the CMVP: from new and updated Implementation Guidance to lab accreditation changes, and all initiatives in between.
Carolyn French

Track Keynote: Transition to ISO/IEC 19790:2012 in JCMVP (C20c)

IPA/JCMVP is the validation authority of cryptographic module validation in Japan. IPA/JCMVP has started two-year transition period of cryptographic module security requirements to ISO/IEC 19790:2012 and ISO/IEC 24759:2017, from July...
Read More
Dr. Gen’ya Sakurai

NIAP Update—Crypto Policy Insights (C21a)

Description to come
Dianne Hale

CMUF CPU Equivalency Working Group Panel Report and Discussion (C21b)

Over the last several years, both the CMVP and NIAP have been reducing the number of similar CPUs covered by a single CAVS test. Historically, an ARM was an ARM,...
Read More
Kevin Micciche
Lachlan Turner
Kelvin Desplanque
Dianne Hale
Tim Hall

NIST and NIAP: A Tale of Two Crypto Validations (C22a)

In this talk, we will analyze in depth the need for harmonization between NIAP and CAVP (FIPS) requirements. We will review changes to the recent NIAP Policy 5 Guidance update...
Read More
Kenneth Lasoski

From Turtle to Cheetah: Fast and Effective Common Criteria Evaluations (C22b)

Highly regulated industries and critical infrastructure environments demand fulfillment of security requirements through rigorous and standardized approaches. In this context, the value of Common Criteria certifications is internationally recognized, but...
Read More
Maria Fravventura

How to Design (and Operate) Efficient Schemes (C22c)

There is a great need for security and assurance in the fast growing connected world. To address this need, very many dedicated security evaluation schemes are popping up, often with...
Read More
Wouter Slegers

A Multi-Step Transition to New Algorithms: Key Establishment, Entropy and More (C23a)

Several NIST key establishment standards have been recently updated: SP 800-56A, 56B and 56C. As these standards represent a significant shift in the key agreement and key transport paradigms, it...
Read More
Allen Roginsky

Transitioning to SP800-56A Rev3 (C23b)

Recently, FIPS 140-2 Implementation Guidance (IG) D.8 and D.1-rev3 have been updated to state the requirements for vendor affirmation to NIST Special Publication (SP) 800-56A Rev3 and the transition from...
Read More
Swapneela Unkule

Supporting TLSv1.3 in NDcPP (S23c)

TLS is one of the widely used protocols for secure communication channels between connected devices. Security has improved for TLSv1.3 compared to previous versions of TLS. Therefore, the Network iTC...
Read More
Michael Vogel
Day 7
28 Mar 2020

Third Country Perspective to the EU CSA—What Will Be the Next Step? Confusion or Order? (C30a)

The EU has established a new Cyber Security Law. The objectives are to standardize and protect the market, eliminating the duplicate efforts and different policies among members. Although the law...
Read More
İbrahim Halil Kirmizi
Day 8
01 May 2020

FedRAMP—Introduction and Update (C30b)

Cloud has become an inevitable infrastructure for government agencies world wide. So, securing workloads in the cloud has become a high priority task. FedRAMP is an established US government Risk...
Read More
Ravi Jagannathan

Educating the Next Generation of FIPS 140 Certification Specialists (C30c)

If you read the news these days relating to cyber security, it is virtually impossible to miss the large number of articles which focus on the ever-increasing labor shortage in...
Read More
Kelvin Desplanque

The Basics of ACVP Communication and Interaction (C31a)

ACVP is becoming the only accepted method by which cryptographic algorithms are validated and certified with NIST. As the CAVS tool’s time comes to an end, so to do some...
Read More
Alex Thurston

Extending NIST’s CAVP Testing: Lessons Learned from CVE-2019-8741 (C31b)

The security of cryptography in practice relies not only on the resistance of the algorithms against cryptanalytical attacks, but also on the correctness of their implementations. NIST maintains the CAVP,...
Read More
Nicky Mouha

FIPS 140-3 is here, great! But…what happens to my 140-2 certs? (C31c)

The much-awaited FIPS 140-3 is here but the elephant in the room is “what happens to all the 140-2 module and algorithm certificates?” This presentation will look at the various...
Read More
Christopher Celi
Jonathan Smith

CC in the Cloud (C32a)

The Common Criteria has been a framework for product evaluation of security functions since its inception in the late 1990s. As DevOps became the trend for development of agile cloud...
Read More
Joshua Brickman

Panel Discussion on Cryptography and HSMs in the Cloud (C32b)

Description to come
Ravi Jagannathan
Chris Brych
Tim Hall

Common Criteria

Day 1
15 May 2019

A Protocol Protocol (G13b)

Representation of protocols such as TLS, SSH and IPsec vary widely in the Security Policies for modules validated to FIPS 140-2. This presentation covers associated guidance, representation of ciphersuites (and...
Read More
Day 2
16 May 2019

FedRAMP Introduction (G21a)

Cloud is becoming a dominant tool for various government agencies. Hence securing the cloud has become a paramount task. FedRamp is US standard for clouds. In spite of FedRamp enforcement,...
Read More
Ravi Jagannathan

PSA Certification Programme (C21b)

This presentation will give a very brief introduction to Arm Platform Security Architecture (though that is a separate submission) and then explains why Arm have decided to introduce a new...
Read More
Rob Coombs
Marcus Streets

Composite Evaluation Approach Derived from Decades of Experience in Smart Card Evaluations for HSM and SAM (C22c)

Mandated in 2018, eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation defining standards for electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof of authentication...
Read More
Maria Fravventura

eIDAS: Will Common Criteria Replace FIPS 140-2? (C23b)

Over the past few years, assessment of compliance of products and services with the eIDAS regulation has been at the center of extensive debate. Product developers, service providers, certification authorities,...
Read More
Arnold Abromeit
Graham Costa
Dieter Bong
Jonathan Allin
Maria Fravventura
Day 3
17 May 2019

Dealing with Overlapping Certification Requirements and Maximizing Your FIPS Investment (C31a)

This presentation will provide an overview of testing deemed necessary in FIPS and a summary of the challenges and opportunities for re-use in other Certifications based on lessons learned from...
Read More
Smita Mahapatra

Evaluating Cryptography in a Common Criteria context (K32a)

Cryptography is almost in all IT products providing security. As such, the evaluation of the cryptographic code is part of a Common Criteria evaluation. On the other side, in a...
Read More
Maria Christofi

Embedded Crypto and IoT

Day 1
15 May 2019

Emerging Cryptography Trends in the Internet of Things (E11b)

With the explosive growth of Internet of Things coupled with 5G communications and re-utilization of GSM 200kHz band for localized IoT applications, industry is going forward with massive investments in...
Read More

Building trust takes time. Or just cryptography and secure execution? (E11c)

Driven by digitalisation of “everything”the trust in digital devices of all types and their authenticity and integrity becomes a critical factor for the success of new offerings and business models....
Read More

Encryption Standardization for NVDIMM-N class PMEM devices (E11d)

A non-volatile DIMM (NVDIMM) is a Dual In-line Memory Module (DIMM) that maintains the contents of Synchronous Dynamic Random Access Memory (SDRAM) during power loss. An NVDIMM-N class of device...
Read More
Sridhar Balasubramanian

IoT and the NISTIR 8200: A Step Towards Standardization (E12a)

The NISTIR 8200 report addresses the growing need to develop effective security standards for the Internet of Things (IoT). They have identified a wide range of critical categories impacted by...
Read More
Jennifer Brady

FIPS Validation and Mission-Critical IoT Ecosystems (E13a)

Internet of Things (IoT) ecosystems have become increasingly prevalent, fundamentally changing the way we live, work and play. Billions of IoT devices already exist, with hundreds more coming online each...
Read More
Loren Shade

HSM requirements for V2X connected cars communications (E13b)

The automotive industry has rapidly evolved in recent times in such a way that the cars have been transformed from a simple mode of transport to the ultimate mobile device....
Read More

Securing the Smart City: Architectural Considerations for CA and Remote Key Distribution (E13c)

The importance of connected devices, services, and platforms in modern society is growing rapidly, and nowhere is this more apparent than the smart city. Made up of a wide range...
Read More
Adam Cason
Day 2
16 May 2019

IoT TLS: Why It Is Hard (S21b)

TLS (formerly SSL) is fairly well known, and most people are familiar with it through the ‘s’ at the end of the ‘https’ in web URLs. Securing communication is also...
Read More
David Brown

Entropy

Day 1
15 May 2019

Entropy as a Service – A scheme, implementation, experience (G11c)

Cryptography is facing new challenges with new technologies such as IoT, Cloud, Quantum Cryptography etc. As the number of secure connections are exponentially increasing, key generation, strength of keys are...
Read More
Ravi Jagannathan
Apostol Vassilev

Random Numbers, Entropy Sources and You (N12a)

The NIST Special Publication (SP) 800-90 series of recommendations provide guidance on the construction and validation of random bit generators in the form of deterministic random bit generators or non-deterministic...
Read More
John Kelsey

Evaluation and Validation of Random Bit Generators (N12b)

Description to come:
Werner Schindler
John Kelsey
Joshua Hill
Allen Roginsky
Apostol Vassilev
Day 2
17 May 2019

The IID Assumption and You! (N31a)

In an SP800-90B assessment, the vendor must determine if their noise source supports an IID assumption, and justify any claim that the source output is IID. The SP800-90B IID assessment...
Read More
Joshua Hill

A Framework for Side-Channel Resistant Hardware/Software Codesign Using Quantum Crypto-Module (QCM) Supported by Quantum Entropy Chip (QEC) (N31c)

With the advent of the Internet of Things (IoTs), all kinds of modern electrical devices such as smart phones, medical devices, network sensors as well as traditional computing platforms are...
Read More
Junghyun Francis Baik

Presentations by NIST

Day 1
14 May 2019

FIPS 140-2 Validation Process: Overview and Case Study (W00b)

An in-depth look at the real-world process of validation with input from professionals who have hands-on experience at each step. Includes a case study of an actual validated CM product.
Alex Calis
Diana Robinson
Brad Proffitt
Ian Hall

Workshop on Automated Cryptographic Validation Protocol (ACVP) (W01b)

NIST is working in close collaboration with the industry to address the shortcomings of the NIST Cryptographic Validation Programs and improve the efficiency and effectiveness of cryptographic module testing in...
Read More
Christopher Celi
Barry Fussell
Stephan Mueller
Apostol Vassilev
Day 2
15 May 2019

Second Round Candidates in NIST PQC Standardization (Q11b)

After about one-year analysis and evaluation on the first-round candidates, NIST announced the second-round candidates in January 2019. In this presentation, we will provide a summary on the second-round candidates...
Read More
Dustin Moody
Lily Chen

Entropy as a Service – A scheme, implementation, experience (G11c)

Cryptography is facing new challenges with new technologies such as IoT, Cloud, Quantum Cryptography etc. As the number of secure connections are exponentially increasing, key generation, strength of keys are...
Read More
Ravi Jagannathan
Apostol Vassilev

CMVP Programmatic Update (C11d)

This presentation will provide the latest from the CMVP: from new and updated Implementation Guidance to lab accreditation changes, and all initiatives in between.
Beverly Trapnell
Carolyn French

Random Numbers, Entropy Sources and You (N12a)

The NIST Special Publication (SP) 800-90 series of recommendations provide guidance on the construction and validation of random bit generators in the form of deterministic random bit generators or non-deterministic...
Read More
John Kelsey

Evaluation and Validation of Random Bit Generators (N12b)

Description to come:
Werner Schindler
John Kelsey
Joshua Hill
Allen Roginsky
Apostol Vassilev

ACVP Update (C13a)

Christopher Celi

With ACVP done what’s next on the road to automating the NIST crypto validation programs? (C13b)

NIST is working in close collaboration with the industry to address the shortcomings of the NIST Cryptographic Validation Programs and improve the efficiency and effectiveness of cryptographic module testing in...
Read More
Tim Anderson
Robert Relyea
Shawn Geddis
Apostol Vassilev
Day 3
16 May 2019

Validating the Implementations of the “New” and “Old” Key Establishment Standards (G22c)

The recent NIST publications of new versions of the key establishment standards formed a complicated landscape for the CMVP, the implementers, and testers. The standards keep evolving, the new parameter...
Read More
Allen Roginsky

Towards Standardization of Threshold cryptography at NIST (G23c)

The computer security Division at the National Institute of Standards and Technology is taking steps toward the standardization of threshold schemes for cryptographic primitives. These schemes have the potential to...
Read More
Nicky Mouha
Luis T.A.N. Brandao
Apostol Vassilev
Day 4
17 May 2019

ISO/IEC 19790 Updates (C31b)

ISO/IEC 19790 provides the security requirements for a cryptographic module. Originally based on the U.S. FIPS 140-2, the ISO version has been further developed and improved in subsequent editions. The...
Read More
Michael Cooper
Fiona Pattinson

NIST and NIAP Working Together (C32a)

Description TBA
Mary Baish
Michael Cooper

The new NIST reference for Randomness Beacons (A32c)

A randomness Beacon produces timed outputs of fresh public randomness. It pulsates randomness in an expected format at expected times, making it available to the public. Beacons offer the potential...
Read More
Luis T.A.N. Brandao
John Kelsey