May 14-17, 2019 | JW Marriott Parq Vancouver, Canada

Presentations by Track

FIPS 140-2 and the cloud (G11a)

The Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by...
Read More
Alan Halachmi

FIPS In The Cloud Working Group (G11b)

Update to the CMUF Working Group, FIPS in the Cloud. The working group was formed to create a pathway for vendors and labs to validate FIPS modules in 3rd party...
Read More
Ben Tucker
Yi Mao

Entropy as a Service – A scheme, implementation, experience (G11c)

Cryptography is facing new challenges with new technologies such as IoT, Cloud, Quantum Cryptography etc. As the number of secure connections are exponentially increasing, key generation, strength of keys are...
Read More
Ravi Jagannathan
Apostol Vassilev

Cloudy or Clouded? (G11d)

Cloud is a fantastic buzzword. Everybody knows about it and only a few knows about the mechanics. In this presentation we will analyze the current progress of the industry on...
Read More
Fabien Deboyser

Certificate Maintenance: 3SUB vs 5SUB (G13a)

IG G8 details the criteria that a module must meet in order to be submitted under one of the revalidation submission scenarios. According to IG G8, a module with security...
Read More
Abdullah Abubshait

A Protocol Protocol (G13b)

Representation of protocols such as TLS, SSH and IPsec vary widely in the Security Policies for modules validated to FIPS 140-2. This presentation covers associated guidance, representation of ciphersuites (and...
Read More
Steve Weymann

TLS v1.3 and FIPS: Can they be friends? (G13c)

In August 2017 a new version 1.3 of the Transport Layer Security (TLS) protocol which is a secure protocol for transporting data between devices and across the internet was released....
Read More
Ryan Thomas
Anthony Busciglio
Day 2
16 May 2019

FedRAMP Introduction (G21a)

Cloud is becoming a dominant tool for various government agencies. Hence securing the cloud has become a paramount task. FedRamp is US standard for clouds. In spite of FedRamp enforcement,...
Read More
Ravi Jagannathan

On Password Hashing and Password Hardening Schemes (G21b)

Passwords are the most cost effective and widely deployed means of human-computer authentication regardless of their vulnerability to dictionary attacks. Password hashing schemes (PHSs) compute password hashes, typically to be...
Read More
Sweta Mishra
Meltem Sonmez Turan

Shifting POSTs Into High Gear (G21c)

Recently, the self-test related IGs 9.1, 9.11 and 9.12 have been updated to reduce the number of tests performed during power on to help improve module performance. At the same...
Read More
Swapneela Unkule

KMIP vs PKCS#11 – There is no contest! (G21d)

With the lines between enterprise key managers and hardware security modules being continually blurred or at worst, not well understood, it is easy to see two of our leading industry...
Read More
Tony Cox

Encryption Key Management – understanding and mitigating your risks (G22a)

From its humble beginnings storing keys for encrypted data stored on disk and tape, encryption key management has come a long way with the availability of a stable and widely...
Read More
Bruce Rich

Source Code Reviews: The Good, the Bad, and the Ugly (G22b)

At some point during the development and validation of a cryptographic module, it is expected that the vendor’s certification expert(s) will have to perform at least one review of the...
Read More
Kelvin Desplanque

Validating the Implementations of the “New” and “Old” Key Establishment Standards (G22c)

The recent NIST publications of new versions of the key establishment standards formed a complicated landscape for the CMVP, the implementers, and testers. The standards keep evolving, the new parameter...
Read More
Allen Roginsky

Encryption Key Management Vs Key Vaulting (G23a)

This presentation will compare and contrast the concepts of encryption key management and encryption key vaulting citing specific examples and drawing on the speakers experience with the two relevant industry...
Read More
Steve Pate

Equivalency Working Group Report (G23b)

Equivalence Working Group Mission statement The Equivalence Working Group will work toward formulating recommendations, in the form of a draft Implementation Guidance (IG), which the CMVP finds acceptable to justify...
Read More
Vann Nguyen
Jennifer Brady
Rumman Mahmud
Renaudt Nunez
Carolyn French
Yi Mao
Edward Morris
Nithya Rachamadugu
Steve Weingart

Towards Standardization of Threshold cryptography at NIST (G23c)

The computer security Division at the National Institute of Standards and Technology is taking steps toward the standardization of threshold schemes for cryptographic primitives. These schemes have the potential to...
Read More
Nicky Mouha
Luis T.A.N. Brandao
Apostol Vassilev
Day 3
17 May 2019

Arm Platform Security Architecture: an introduction (G32a)

In order to improve the security of the Internet of Things, Arm are developing PSA to provide a secure platform for building devices. The PSA includes design principles and a...
Read More
Rob Coombs
Marcus Streets

CPU Equivalency Working Group Panel Report and Discussion (G32b)

Over the last several years, both CMVP and NIAP have been reducing the number of similar CPUs covered by a single CAVS test. Historically, an ARM was an ARM, an...
Read More
Renaudt Nunez
Carolyn French

Latest Cryptographic Module Test Technology Development Trends of KCMVP (C11a)

This presentation will introduce the major test technology development trends of KCMVP. Korea has been operating its own cryptographic module validation system since 2005 and has been conducting tests based...
Read More
Sung Ha Lee

Update on the Canadian Centre for Cyber Security (C11b)

This presentation will introduce the new Canadian Centre for Cyber Security (CCCS or Cyber Centre), a branch of the Communication Security Establishment (CSE). We’ll focus on who we are in...
Read More
Keith Merlo
Roy Crombie

CMVP Programmatic Update (C11d)

This presentation will provide the latest from the CMVP: from new and updated Implementation Guidance to lab accreditation changes, and all initiatives in between.
Beverly Trapnell
Carolyn French

Pearson Testing (C12a)

Gavin O’Brien

NIAP Update (C12b)

Diana Robinson

CCUF Update (C12c)

The CCUF would like to present an update on their activities.
Fiona Pattinson

ACVP Update (C13a)

Christopher Celi

With ACVP done what’s next on the road to automating the NIST crypto validation programs? (C13b)

NIST is working in close collaboration with the industry to address the shortcomings of the NIST Cryptographic Validation Programs and improve the efficiency and effectiveness of cryptographic module testing in...
Read More
Dominic Rizzo
Tim Anderson
Robert Relyea
Shawn Geddis
Apostol Vassilev
Day 2
16 May 2019

Secure Components – Certification That Benefits Edge, Fog & Cloud (C21a)

We are becoming increasingly ‘digitally dependent’, with connectivity spanning from our Edge devices, through the Fog and into the Cloud, helping us to manage every aspect of our personal, business...
Read More
Olivier Van Nieuwenhuyze

PSA Certification Programme (C21b)

This presentation will give a very brief introduction to Arm Platform Security Architecture (though that is a separate submission) and then explains why Arm have decided to introduce a new...
Read More
Rob Coombs
Marcus Streets

FIDO Authenticator Certification – FIPS 140-2 Companion Program (C21c)

The FIDO Alliance, a 250+ member association developing specifications and certification programs for simpler, stronger authentication, announced back in March 2018 the expansion of its certification program to include multi-level...
Read More
Roland Atoui

Securing a Connected World – How to create a certification Landscape (C22a)

This presentation will discuss the following problems: * Not all certification levels fit * How do you include HW/SW/Edge/Cloud? * Patching security issues * How do you re-use from 1...
Read More
John Boggie

Smart CC and CC-like Private Schemes (C22b)

Description TBA
Wouter Slegers

Composite Evaluation Approach Derived from Decades of Experience in Smart Card Evaluations for HSM and SAM (C22c)

Mandated in 2018, eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation defining standards for electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof of authentication...
Read More
Maria Fravventura

A new european regulation landscape for secure signature devices (C23a)

No one doubts that the handwritten signature will eventually be replaced by the digital signature. The European union is evolving towards new regulations for these systems based on certification. New...
Read More
Gonzalo Porlan

eIDAS: Will Common Criteria Replace FIPS 140-2? (C23b)

Over the past few years, assessment of compliance of products and services with the eIDAS regulation has been at the center of extensive debate. Product developers, service providers, certification authorities,...
Read More
Arnold Abromeit
Graham Costa
Dieter Bong
Jonathan Allin
Maria Fravventura
Day 3
17 May 2019

Dealing with Overlapping Certification Requirements and Maximizing Your FIPS Investment (C31a)

This presentation will provide an overview of testing deemed necessary in FIPS and a summary of the challenges and opportunities for re-use in other Certifications based on lessons learned from...
Read More
Smita Mahapatra
Shawn Pinet

ISO/IEC 19790 Updates (C31b)

ISO/IEC 19790 provides the security requirements for a cryptographic module. Originally based on the U.S. FIPS 140-2, the ISO version has been further developed and improved in subsequent editions. The...
Read More
Michael Cooper
Randall Easter
Fiona Pattinson

FIPS 140-3 Update (C31c)

Description TBA
Matthew Scholl

NIST and NIAP Working Together (C32a)

Description TBA
Mary Baish
Michael Cooper

FIPS and CC : Symbiotic Certifications (C32b)

Description TBA
Erin Connor
Nithya Rachamadugu

Second Round Candidates in NIST PQC Standardization (Q11b)

After about one-year analysis and evaluation on the first-round candidates, NIST announced the second-round candidates in January 2019. In this presentation, we will provide a summary on the second-round candidates...
Read More
Dustin Moody
Lily Chen

Post-Quantum Cryptography Based on Isogenies and Progress in Hardware (Q11c)

Isogeny-based cryptography or more specifically supersingular isogeny Diffie-Hellman (SIDH) has recently received considerable attention form quantum-safe research community. A highly secure model of that, a.k.a supersingular isogeny key encapsulation (SIKE)...
Read More
Reza Azarderakhsh

The post-quantum signature scheme qTESLA and its integration into the TLS protocol (Q11d)

qTESLA is a simple and highly-efficient signature scheme whose security, based on the Ring-Learning With Errors (R-LWE) problem, is conjectured to thwart quantum computer attacks [1][2]. For example, qTESLA signatures...
Read More
Patrick Longa

SAFEcrypto Project (Q13a)

Secure Architectures of Future Emerging Cryptography (SAFEcrypto) aims to provide a new generation of practical, robust and physically secure post-quantum cryptographic solutions that ensure long-term security for future ICT systems,...
Read More
Sarah McCarthy

Panel on Integrating Quantum Key Derivation in the Real World (Q13b)

Moderator: Kelly Richdale; Panelist: John Prisco
John Prisco
Kelly Richdale

Emerging Cryptography Trends in the Internet of Things (E11b)

With the explosive growth of Internet of Things coupled with 5G communications and re-utilization of GSM 200kHz band for localized IoT applications, industry is going forward with massive investments in...
Read More
Chuck White

Building trust takes time. Or just cryptography and secure execution? (E11c)

Driven by digitalisation of “everything”the trust in digital devices of all types and their authenticity and integrity becomes a critical factor for the success of new offerings and business models....
Read More
Martin Oczko

Encryption Standardization for NVDIMM-N class PMEM devices (E11d)

A non-volatile DIMM (NVDIMM) is a Dual In-line Memory Module (DIMM) that maintains the contents of Synchronous Dynamic Random Access Memory (SDRAM) during power loss. An NVDIMM-N class of device...
Read More
Sridhar Balasubramanian

IoT and the NISTIR 8200: A Step Towards Standardization (E12a)

The NISTIR 8200 report addresses the growing need to develop effective security standards for the Internet of Things (IoT). They have identified a wide range of critical categories impacted by...
Read More
Jennifer Brady

FIPS Validation and Mission-Critical IoT Ecosystems (E13a)

Internet of Things (IoT) ecosystems have become increasingly prevalent, fundamentally changing the way we live, work and play. Billions of IoT devices already exist, with hundreds more coming online each...
Read More
Loren Shade

HSM requirements for V2X connected cars communications (E13b)

The automotive industry has rapidly evolved in recent times in such a way that the cars have been transformed from a simple mode of transport to the ultimate mobile device....
Read More
Jose Emilio Rico

Securing the Smart City: Architectural Considerations for CA and Remote Key Distribution (E13c)

The importance of connected devices, services, and platforms in modern society is growing rapidly, and nowhere is this more apparent than the smart city. Made up of a wide range...
Read More
Adam Cason

IoT TLS: Why It Is Hard (S21b)

TLS (formerly SSL) is fairly well known, and most people are familiar with it through the ‘s’ at the end of the ‘https’ in web URLs. Securing communication is also...
Read More
David Brown

Update on the New OpenSSL FIPS Module Development Project (S22a)

The OpenSSL 1.0.2 distribution that supports a FIPS 140-2 validated module will not be supported by the OpenSSL Management Committee past 2019. A new FIPS 140 module that supports TLS...
Read More
Chris Brych

A Reflection: Compliance, Security, and the new world of Multi-release Jars with Bouncy Castle (S23a)

As more limits get introduced on the use of reflection in Java, Java 9 saw the introduction of multi-release jar files. These class archive files allow a JVM to dynamically...
Read More
David Hook

Open Source Chinese Blockchain and Services (S23b)

This is a joint presentation made by Paul Yang for BaishanCloud and Zhenlong Zhao from TrustChain. In this presentation, we would like to introduce the cutting-edge blockchain open source projects...
Read More
Zhenlong Zhao
Paul Yang

System-wide cryptographic policies and FIPS (S23c)

The Red Hat Enterprise Linux 8 brings a concept of system-wide cryptographic policies which allow easy selection of allowed cryptographic algorithms and protocols that apply to all the core cryptographic...
Read More
Tomas Mraz
Day 2
17 May 2019

PKCS #11 interface for HKDF to support TLS 1.3 (S31a)

When implementing TLS 1.3 using a straightforward design for an HKDF interface in NSS, presenters ran into a number of issues that needed to be solved, particularly when running in...
Read More
Robert Relyea

Building Security In: Observations From the Front Lines (U21a)

This keynote will focus on sharing some of the successes and opportunities in achieving SDL (Security Development Lifecycle) at a large enterprise software vendor with a multitude of offerings. It...
Read More
Manish Gaur

Transition to ACVP: Challenges for CAVS Users (U21b)

NIST announced that the transition from the legacy CAVS cryptographic testing tool to ACVP would likely happen in the beginning of 2019. The transition involves a new method of communication...
Read More
Stephan Mueller

Update from the Security Policy Working Group (U21c)

The objective of this presentation will be to provide an update from the CMUF Security Policy Working Group. This talk will present “near” final versions of example Level 2 hardware...
Read More
Mark Hanson
Ryan Thomas

Squaring the Circle (U21d)

You embark on the exciting journey of building a brand spanking new security hardware device. You require Fips 140-2 certification before deploying your device to the market place, everyone needs...
Read More
Oreste Panaia

Crypto Done Right, One Year In. Lessons Learned and Next Steps (U22a)

Crypto Done Right (https://cryptodoneright.org) is a research project under development at Johns Hopkins funded by a grant from Cisco. We introduced the project at ICMC 2018. The goal of the...
Read More
Dr. Seth Nielson

Can the complete application stack be agile and remain compliant? (U22b)

This presentation describes a user’s perspective on management of entire application stack with certified components, involving both FIPS hardware and Common Criteria applications on top. Further, we discuss how this...
Read More
Tomas Gustavsson

Oh crap, another vulnerability report… Now what? (U22c)

The purpose of this presentation is to establish the importance of a vulnerability management framework in an organisation. Presenters will walk through Gemalto’s vulnerability management process as a part of...
Read More
Smita Mahapatra
Shawn Pinet

Secure Multiparty Computation Applications for Key Protection and Key Management (T23a)

Data encryption, advanced authentication, digital signing and other cryptography-based security functions have come to play a vital role in organizations’ cybersecurity and regulatory compliance initiatives. To secure their digital assets...
Read More
Oz Mishli

Operating on Encrypted Data Without Compromising Confidentiality (T23b)

Standard AES encryption of data provides confidentiality, but inhibits operations such as addition and comparison of ciphertexts. Baffle has developed a cryptographic technology using AES that allows data operations on...
Read More
Priyadarshan Kolte

Going Viral: Four Principles of Usable Encryption (T23c)

If encrypted data safeguards privacy, why do so few organizations and individuals encrypt their data? Encryption must be usable for widespread adoption. I’ll introduce the four principles of usable encryption...
Read More
Will Ackerly

An Architectural Framework for Virtual Trustworthy Systems (A31b)

Security of a virtual platform begins with a “Chain of Trust.” The trust chain means that a suitable trust anchor is used to validate the first software component launched, and...
Read More
Jeff Hewett

Privacy-Preserving Planning and Coordination Among Autonomous Systems Equipped with Resource-Constrained Devices (A31c)

One of the major challenges in any distributed computing system is the availability of proper computing devices, i.e., powerful enough to accomplish the assigned tasks. This issue might be resolved...
Read More
Mehrdad Nojoumian

Kernel FIPS Software Integrity Test and KASLR (A32a)

One of the mandatory steps during FIPS module initialization is performing of Integrity Checking. Usually such checking does not cause any difficulties and can be easily addressed by well-known approaches....
Read More
Heorhii Levchenko

Adversarial Perspectives on Cryptography (A32b)

While most auditing of cryptographic modules are around its effectiveness against an adversary, adversaries themselves are also updating their tooling to use strong cryptography. From crypto-locking malware to advanced command-and-control...
Read More
Brent Cook

The new NIST reference for Randomness Beacons (A32c)

A randomness Beacon produces timed outputs of fresh public randomness. It pulsates randomness in an expected format at expected times, making it available to the public. Beacons offer the potential...
Read More
Rene Peralta
Luis T.A.N. Brandao
John Kelsey

Random Numbers, Entropy Sources and You (G12a)

The NIST Special Publication (SP) 800-90 series of recommendations provide guidance on the construction and validation of random bit generators in the form of deterministic random bit generators or non-deterministic...
Read More
John Kelsey

Evaluation and Validation of Random Bit Generators (N12b)

Description to come:
Werner Schindler
John Kelsey
Joshua Hill
Allen Roginsky
Apostol Vassilev
Day 2
17 May 2019

The IID Assumption and You! (N31a)

In an SP800-90B assessment, the vendor must determine if their noise source supports an IID assumption, and justify any claim that the source output is IID. The SP800-90B IID assessment...
Read More
Joshua Hill

On the Next Revision of SP 800-90B (N31b)

NIST SP 800-90B – Recommendation for the Entropy Sources used for Random Bit Generation provides guidance for the development and validation of entropy sources. The recommendation is published in January...
Read More
Meltem Sonmez Turan

A Framework for Side-Channel Resistant Hardware/Software Codesign Using Quantum Crypto-Module (QCM) Supported by Quantum Entropy Chip (QEC) (N31c)

With the advent of the Internet of Things (IoTs), all kinds of modern electrical devices such as smart phones, medical devices, network sensors as well as traditional computing platforms are...
Read More
Junghyun Francis Baik
Jongwon “JP” Park

Evaluating Cryptography in a Common Criteria context (K32a)

Cryptography is almost in all IT products providing security. As such, the evaluation of the cryptographic code is part of a Common Criteria evaluation. On the other side, in a...
Read More
Maria Christofi

Study Side-Channel Analysis for Hardware Based on Probabilistic Programs (K32b)

Electronics devices are always targeted with different kind of attacks due to their activities related to data processing, data storage, and data transactions. Side-channel analysis techniques for detecting and quantifying...
Read More
Mehri Yahyaei

Back to the Future – A Look Into ISO/IEC 19790 Physical Security Requirements (K32c)

If ISO/IEC 19790 is adopted as FIPS 140-3, what will it bring to the field of physical security? What changes will be necessary for us to remain compliant to the...
Read More
Renaudt Nunez