April 28- May 1, 2020 | Hyatt Regency Bethesda, Maryland, USA

Conference Agenda

Tuesday 28 April

Optional Events: ICMC Pre-Conference Workshops and CSfC Conference

08:00 - 09:00 Registration

Regency Ballroom Foyer

09:00 - 12:30 ICMC Pre‑Conference Workshops and CSfC Conference

ICMC Pre-Conference Workshops
(Diplomat/Ambassador)

9:00 Workshop on Automated Cryptographic Validation Protocol (ACVP) (W00a) Christopher Celi, Computer Scientist, NIST, United States; Barry Fussell, Software Technical Leader, Cisco Systems, United States; Stephan Mueller, Principal Consultant, atsec information security corp, United States

ICMC Pre-Conference Workshops
(Chesapeake Suite)

9:00 You, Me and FIPS 140-3, an Introductory Workshop (W00b) Ryan Thomas, CSTL Lab Manager, Acumen Security, United States; Mark Minnoch, Co-Founder, KeyPair Consulting

CSfC Conference
(Cabinet/Judiciary Suite)

9:00 The Commercial Solutions for Classified (CSfC) Conference will provide a one-day overview of efforts by the National Security Agency’s (NSA) to quickly leverage a broad range of commercial products used in layered solutions protecting classified NSS data.

12:30 - 13:30 Lunch

Terrace

13:30 - 17:00 ICMC Pre‑Conference Workshops and CSfC Conference

ICMC Pre-Conference Workshops
(Diplomat/Ambassador)

13:30 FIPS Validations Case Study Workshop (W01a)

ICMC Pre-Conference Workshops
(Chesapeake Suite)

13:30 Preparing for the Quantum Era (W01b) Vlad Gheorghiu, Researcher, Institute for Quantum Computing, Canada; Bruno Huttner, Quantum Safe Product Management, ID Quantique SA, Switzerland.

CSfC Conference
(Cabinet/Judiciary Suite)

13:30 CSfC Conference (continued)

Wednesday 29 April

Conference Day 1

08:00 - 09:00 Registration

Regency Ballroom Foyer

09:00 - 10:35 Plenary Keynote Session

Regency Ballroom III, IV
9:00 Conference Welcome (P10a) Yi Mao, atsec, United States
9:10 CMUF Update (P10b) Speaker TBA, CMUF

GOVERNMENT PLENARY KEYNOTE

9:15 Enhancing Cybersecurity and Privacy Risk Management (P10c) Dr. Charles Romine, Director, Information Technology Laboratory, NIST, United States

INDUSTRY PLENARY KEYNOTE

9:55 The Domain Name System (DNS): A Cryptographer’s Perspective (P10d) Dr. Burt Kaliski Jr., SVP, CTO, Verisign, United States

10:35-11:15 Networking Break in Exhibits

Regency Ballroom I, II

11:15 - 12:45 Track Sessions

Random Bit Generators
(Regency Ballroom III)

11:15 Revising NIST SP 800 90B (N11a) Meltem Sonmez Turan, Cryptographer, NIST, United States


11:45 NIST Recommendations on Random Number Generation (N11b) John Kelsey, Computer Scientist, NIST, United States; Meltem Sonmez Turan, Cryptographer, NIST, United States


12:15 Integration of the NIST Randomness Beacon with External Modules (N11c) Harold Booth, Computer Scientist, NIST, United States

Certification Programs
(Regency Ballroom IV)

A seven part overview of the new standard for cryptographic certification presented by NIST.

11:15 FIPS 140-3 Overview: Introduction (C11a) Kim Schaffer, NIST, United States


11:45 FIPS 140-3 Overview: SP 800-140 Overview (C11b) Kim Schaffer, NIST, United States


12:15 FIPS 140-3 Overview: FIPS 140-2 Timeline and 140-2 and 3 Transitions (C11c) Kim Schaffer, NIST, United States; Beverly Trapnell, NIST, United States

Post-Quantum Crypto
(Diplomat/Ambassador)

TRACK KEYNOTE
11:15 Post Quantum Cryptography (Q11a) Brian LaMacchia, Distinguished Engineer, Microsoft, United States


11:45 Towards PQC Standardization—An Update (Q11b) Lily Chen, Mathematician, Manager of Cryptographic Technology Group, NIST, United States; Dustin Moody, Mathematician, Manager of Cryptographic Technology Group, NIST, United States


12:15 Advanced Cryptography in the Quantum World (Q11c) Sarah Mccarthy, Postdoctoral Cryptographic Researcher, Queen’s University Belfast, United Kingdom

General Technology
(Congress/Georgetown)

11:15 Threshold Schemes for Cryptographic Modules (G11a) Luís T.A.N. Brandão, Researcher, NIST, United States


11:45 GCM Compliance in IEEE 802.11 GCMP (G11b) Marcos Portnoi, PhD, Information Security Engineer Specialist, atsec information security, United States


TRACK KEYNOTE
12:15 Crypto Past—and Lessons for the Future (G11c) Charles Brookson, OBE CEng FIET FRSA; former Chairman OCG Security and TC Cyber, ETSI; former Security Group Chairman, GSM Association, Zeata Security, United Kingdom

12:45 - 14:00 Lunch in Exhibit Area

Regency Ballroom I, II; Regency Foyer; Cabinet/Judiciary/Congressional/Foyer; Terrace

14:00 - 15:30 Track Sessions

Random Bit Generators
(Regency Ballroom III)

TRACK KEYNOTE
14:00 BSI Approach: RNG Evaluation Methodology (N12a) Werner Schindler, BSI, Germany


14:30 Panel on Challenges of Validating of Random Bit Generators (N12b) Meltem Sonmez Turan, Cryptographer, NIST, United States [60 Min]

Certification Programs
(Regency Ballroom IV)

Continued: FIPS 140-3 Overview. Please note the unusual timing of these presentations.

14:00 FIPS 140-3 Overview: Non-Invasive (C12a) Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada


14:20 FIPS 140-3 Overview: Authentication (C12b) Kim Schaffer, NIST, United States


14:40 FIPS 140-3 Overview: 90-B Validations (C12c) Christopher Celi, Computer Scientist, NIST, United States; Timothy Hall, NIST, United States


15:10 FIPS 140-3 Overview: CAVP Overview (C12d) Christopher Celi, Computer Scientist, NIST, United States; Timothy Hall, NIST, United States

Post-Quantum Crypto
(Diplomat/Ambassador)

14:00 Hybrid Key Agreement/KEM Construction and Integration to IPsec IKEv2 VPN (Q12a) Basil Hess, Chief Cryptographic Engineer, InfoSec Global, Switzerland


14:30 Post-Quantum Panel Discussion To Be Announced (Q12b) [60 Min]

General Technology
(Congress/Georgetown)

14:00 A Countermeasure for Differential Power Analysis Attack (G12a) Mehri Yahyaei, Senior Manager of IT Laboratories, RCII, Iran


14:30 Switching Blindings: Higher Order Side Channel Resistant Conversion of Boolean to Arithmetic Masking and Vice-Versa (G12b) Lars Hoffmann, Technology Director Cryptanalysis, Giesecke+Devrient Mobile Security GmbH, Germany


15:00 Prime Proof Protocol and the Case for Finite Field Cryptography (G12c) Anna Johnston, Cryptographic Researcher, Juniper Networks, United States

15:30 - 16:00 Networking Break in Exhibits

Regency Ballroom I, II

16:00 - 17:30 Track Sessions

Random Bit Generators
(Regency Ballroom III)

16:00 Linux and SP800-90B Compliance (N13a) Stephan Mueller, Principal Consultant, atsec information security corp., United States


16:30 CMUF Entropy WG Report and SP800-90B Estimator Confidence Intervals and Assessment Stability (N13b) Joshua Hill, Information Security Scientist, UL VS, United States [60 Min]

Certification Programs
(Regency Ballroom IV)

16:00 Getting Ready for FIPS 140-3 (C13a) Yi Mao, VP, Lab Director, atsec information security, United States; Kim Schaffer, NIST, United States


16:30 101 on FIPS 140-3 (C13b) Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States; Kwok Wong, Senior Security Analyst, Cygnacom Solutions, United States


17:00 Invasive Species—A Guide to FIPS 140-3 Non-Invasive Testing Requirements (C13c) Renaudt Nunez, Senior Consultant, atsec information security, United States

Post-Quantum Crypto
(Diplomat/Ambassador)

16:00 Towards Post-Quantum TLS (Q13a) Kris Kwiatkowski, Cryptography Engineer, PQshield, United Kingdom


16:30 Experimenting with Post-Quantum Cryptography in TLS/SSH with the Open Quantum Safe Project (Q13b) Christian Paquin, Principal Program Manager, Microsoft Research, United States


17:00 A Window on the Post-Quantum World: Using Merkle-Based Signature Schemes (Q13c) David Hook, Lead Developer, Crypto Workshop/Legion of the Bouncy Castle, Australia

General Technology
(Congress/Georgetown)

16:00 How Cryptographic Proof of ID will Enable the Future of Identity Transactions (G13a) David Kelts, Director of Mobile ID Product Development, GET Group North America, United States


16:30 The NIST Project on Privacy Enhancing Cryptography (G13b) Angela Robinson, Mathematician, NIST, United States


17:00 Measuring The Reliability Of An Identity Claim (G13c) Wes Kussmaul, President, The Authenticity Institute, City of Osmio, United States

17:30 - 19:00 Welcome Reception in Exhibits

Regency Ballroom I, II

19:00 Dine-Around Bethesda

Thursday 30 April

Conference Day 2

08:00 - 09:00 Coffee in the Exhibits

Regency Ballroom I, II

9:00 - 10:30 Track Sessions

OASIS Standards
(Regency Ballroom III)

9:00 Latest Developments in PKCS#11 (S20a) Robert Relyea, PKCS#11 TC Co-Chair, OASIS and Principle Software Engineer, Red Hat, United States


9:30 PKCS#11 Panel—Vendor Q&A (S20b) Tony Cox, Co-Chair KMIP TC & Co-Chair PKCS#11 TC, OASIS, and VP Partners Alliances & Standards, Cryptsoft, Australia [60 Min]

Certification Programs
(Regency Ballroom IV)

9:00 NIST and NIAP Working Together (C20a) Mary Baish, Director, NIAP, United States; Michael Cooper, NIST, United States


9:30 CMVP Programmatic Update (C20b) Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada; Beverly Trapnell, NIST, United States


TRACK KEYNOTE
10:00 Transition to ISO/IEC 19790:2012 in JCMVP (C20c) Dr. Gen’Ya Sakurai, IPA, Japan

Post-Quantum Crypto
(Diplomat/Ambassador)

9:00 Challenges in Designing and Deploying Some Quantum Safe Key Exchange Schemes (Q20a) Shay Gueron, Professor, University of Haifa, Senior Principal Engineer, Cryptography Amazon Web Services, Israel


9:30 Panel on Post-Quantum Cryptography Migration: Get Your Organization Ready! (Q20b) [60 Min]

PCI
(Congress/Georgetown)

TRACK KEYNOTE
9:00 Track Keynote: PCI (I20a) Troy Leach, Chief Standards Architect & CTO, PCI Security Standards Council, United States


9:30 PCI Standards Update (I20b) Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States


10:00 Presentation TBA (I20c)

10:30 - 11:00 Networking Break in Exhibits

Regency Ballroom I, II

10:15 - 12:15 Track Sessions

OASIS Standards
(Regency Ballroom III)

11:00 KMIP vs PKCS#11 Revisited—Still No Contest! (S21a) Tony Cox, Co-Chair KMIP TC & Co-Chair PKCS#11 TC, OASIS, VP Partners Alliances & Standards, Cryptsoft, Australia

Open Source Crypto

TRACK KEYNOTE
11:30 Presentation TBA (S21b)


12:00 PARSEC—The Platform Abstraction for SECurity (S21c) Marcus Streets, Principal Security Architect, Arm Ltd, United Kingdom

Certification Programs
(Regency Ballroom IV)

11:00 NIAP Update—Crypto Policy Insights (C21a) Dianne Hale, Technical Leader, NIAP, United States


11:30 CMUF CPU Equivalency Working Group Panel Report and Discussion (C21b) Kelvin Desplanque, Compliance Engineer, Cisco Systems, Canada [60 Min]

Post-Quantum Crypto
(Diplomat/Ambassador)

11:00 Quantum Safe Crypto for National Security Needs (Q21a) Michael Kushin, President and CEO, BlackHorse Solutions, United States


11:30 Quantum Readiness Guide (Q21b) Bob Blakley, Global Head of Information Security Innovation, Citigroup, United States


12:00 Ways to Prepare for a Possible Quantum Future (Q21c) William Layton, NSA Cybersecurity, United States

PCI
(Congress/Georgetown)

11:00 Implementing and Auditing Modern PCI Cryptosystems (I21a) Sam Pfanstiel, Director, Security Consulting Services, ControlScan, United States


11:30 The Art of Designing Crypto Infrastructure for Payments (I21b) Adam Cason, Director of Product Marketing, Futurex, United States


12:00 Spoofing a Hardware Security Module (I21c) Jeff Stapleton, Security Architect: Cryptography, Wells Fargo, United States

12:30 - 13:30 Lunch in Exhibit Area

Regency Ballroom I, II; Regency Foyer; Cabinet/Judiciary/Congressional/Foyer; Terrace

13:30 - 15:00 Track Sessions

OS Crypto Standards
(Regency Ballroom III)

13:30 A Smart Solution to Integrate the Open Source Crypto to the Next-Generation Intel Technology (S22a) Juan Martinez, Junior Cybersecurity Consultant, jtsec Beyond IT Security, Spain; Assaf Cohen, CEO, Anqlave, Singapore


14:00 Open-Source Development of Cryptography: Best Practices and Lessons Learned Through Hyperledger Ursa (S22b) Hart Montgomery, Research Scientist in Cryptography, Fujitsu, United States


14:30 Hyperledger Frameworks in the Enterprise: Open Source and Deployment (S22c) Vipin Bharathan, Digital Transformation Consultant, DLT NYC, United States

Certification Programs
(Regency Ballroom IV)

13:30 NIST and NIAP: A Tale of Two Crypto Validations (C22a) Kenneth Lasoski, Lead Security Engineer, Acumen Security, United States


14:00 From Turtle to Cheetah: Fast and Effective Common Criteria Evaluations (C22b) Maria Fravventura, Sr. Security Evaluator and System Group Director, Brightsight, Netherlands


14:30 How to Design (and Operate) Efficient Schemes (C22c) Wouter Slegers, CEO, TrustCB, Netherlands

Post-Quantum Crypto
(Diplomat/Ambassador)

13:30 Research Challenges in PQC Migration and Cryptographic Agility (Q22a) David Ott, Sr. Staff Researcher and Academic Program Director, VMware, United States


14:00 Mobile Energy Requirements of the Upcoming NIST Post-Quantum Cryptography Standards (Q22b) Markku-Juhani Saarinen, Senior Cryptography Engineer, PQShield, United Kingdom


14:30 Post-Quantum Cryptography in Embedded IoT Devices (Q22c) Reza Azarderakhsh, Associate Professor, President/Founder, Florida Atlantic University and PQSecure Technologies, United States

PCI
(Congress/Georgetown)

13:30 PCI HSM Standard Against CC and FIPS (I22a) Andrew Jamieson, Technology and Security Director, UL, Australia


14:00 Cryptography and Key Management in PCI PIN and P2PE Standards (I22b) Di Li, atsec, China; Yan Liu, Principal Consultant, atsec, China


14:30 E2EE vs P2PE (I22c) Jordan Wiseman, Senior Consultant, Online Business Systems, United States

 

15:00-15:30 Networking Break in Exhibits

Regency Ballroom I, II (Exhibits Close at 15:30)

15:30 - 17:00 Track Sessions

Open Source Crypto
(Regency Ballroom III)

15:30 FIPS Surface Reduction in Red Hat Enterprise Linux 8 (S23a) Simo Sorce, Senior Principal Software Engineer, Red Hat, Inc., United States


16:00 OpenSSL Panel Discussion (S23b) [60 Min]

Certification Programs
(Regency Ballroom IV)

15:30 A Multi-Step Transition to New Algorithms: Key Establishment, Entropy and More (C23a) Allen Roginsky, Mathematician, NIST, United States


16:00 Transitioning to SP800-56A Rev3 (C23b) Swapneela Unkule, atsec information security, United States


16:30 Supporting TLSv1.3 in NDcPP (S23c) Michael Vogel, Principal Consultant, atsec information security, Germany

Embedded Crypto
(Diplomat/Ambassador)

15:30 Post-Quantum Authentication at the Edges of Complex and Highly Dynamic IoT Systems (E23a) Christopher Autry, CEO, Iothic, United Kingdom


16:00 Securing Embedded Systems Using Hardware-based Security Features (E23b) Arlen Baker, Principal Security Architect, Wind River, United States


16:30 Key Per IO Security Subsystem Class for NVM Express Storage Devices (E23c) Sridhar Balasubramanian, Principal Product Security Architect, NetApp, United States; Frederick Knight, Principal Standards Technologist, NetApp, United States

PCI
(Congress/Georgetown)

15:30 Inside the Maze: The Challenges of Cryptography During an Assessment (I23a) Jacob Ansari, Senior Manager, Schellman, United States


16:00 Cryptographic Standards and Standards Bodies—Panel Discussion (I23b) Lily Chen, Mathematician, NIST, United States; Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States [60 Min]

17:00 - 18:00 Crypto Jeopardy Game Show

Cabinet/Judiciary Suite

Your Host: Clint Winebrenner, Technical Lead—Product Certifications, Cisco, United States. Answers must be in the form of a question! Come watch last year’s champion versus three new experienced contestants test their FIPS knowledge in a game of trivia related to algorithms, derived testing requirements, entropy, implementation guidance and more. A few members from the audience will be selected to assist the contestants on specific questions and be eligible to win prizes. Drinks and snacks will be served. 

Friday 1 May

Conference Day 3

08:00 - 09:00 Coffee

Regency Foyer

09:00 - 10:30 Track Sessions

Open Source Crypto
(Regency Ballroom I)

9:00 Lessons Learnt from Cryptography Audits (S30a) Javed Samuel, Practice Director, NCC Group Cryptography Services, United States


9:30 TLS 1.3 Panel Discussion (S30b) [60 Min]

Certification Programs
(Regency Ballroom II)

9:00 Third Country Perspective to the EU CSA—What Will Be the Next Step? Confusion or Order? (C30a) Ibrahim Kirmizi, Common Criteria Scheme Manager, Turkish Standards Institution, Turkey


9:30 FedRAMP—Introduction and Update (C30b) Ravi Jagannathan, Security Architect, VMware, United States


10:00 Educating the Next Generation of FIPS 140 Certification Specialists (C30c) Kelvin Desplanque, Compliance Engineer, Cisco Systems, Canada

Embedded Crypto
(Regency Ballroom III)

9:00 Mission-Critical IoT Security—a 20/20 Perspective (E30a) Loren Shade, Vice President, Allegro Software, United States


9:30 PSA Certified—Progress and Plans (E30b) Marcus Streets, Principal Security Architect, Arm Ltd, United Kingdom


10:00 Scheme Update: Using SESIP to Simplify Security Evaluation and Build Trusted IoT Products (E30c) Olivier Van Nieuwenhuyze, Security Task Force Chair and Board of Director, GlobalPlatform, United Kingdom

General Technology
(Regency Ballroom IV)

9:00 Secure Development Practices under Agile Methodologies (G30a) Brian Pruss, Principal Staff Engineer, Secure Products Group, Motorola Solutions, United States


9:30 The HSM’s Evolving Role in our Future Digital World (G30b) Bruno Couillard, CTO, Crypto4A Technologies, Canada


10:00 Agility and Private Keys (G30c) Vladimir Soukharev, Chief Post-Quantum Researcher and Cryptographer, InfoSec Global, Canada

10:30 - 10:45 Networking Break

Regency Foyer

10:45 - 12:15 Track Sessions

End-User Experience
(Regency Ballroom I)

TRACK KEYNOTE
10:45 Presentation TBA (U31a)


11:15 Crypto Issues in the Current and Future Regulatory Landscape (U31b)


11:45 Cybersecurity Maturity Model Certification (CMMC) Overview (U31c) Katie Arrington, Chief Information Security Officer for Assistant Secretary of Defense for Acquisition, OUSD for A&S, United States

Certification Programs
(Regency Ballroom II)

10:45 The Basics of ACVP Communication and Interaction (C31a) Alex Thurston, Senior Software Developer, Lightship Security, Canada


11:15 Extending NIST’s CAVP Testing: Lessons Learned from CVE-2019-8741 (C31b) Nicky Mouha, Researcher, NIST, United States


11:45 FIPS 140-3 is here, great! But…what happens to my 140-2 certs? (C31c) Jonathan Smith, Senior Security Tester, CygnaCom Solutions, United States; Christopher Celi, Computer Scientist, NIST

Embedded Crypto
(Regency Ballroom III)

10:45 IoT Device Security Maturity (E31a) Martin Schaffer, Global Head of Secure Products & Systems, Digital Trust Services, SGS, Austria


TRACK KEYNOTE
11:15 New Directions in Automotive Security: Attacks and Countermeasures (E31b) Jorge Guajardo, Lead Expert & Manager, Security and Privacy Group, Bosch USA, United States


11:45 Practical Product Composition Approach for an Embedded Cryptographic Component (E31c) Robert Clemons, Technical Lead, NIAP, United States; Ken Elliott, NIAP, United States

General Technology
(Regency Ballroom IV)

10:45 Impact of Post Quantum Cryptography on C-ITS (G31a) Maria Christofi, Crypto Lab Manager, Oppida, France


11:15 Deep Learning and Extracting Insights from Encrypted Data with Darknet: Lessons Learnt and Challenges Ahead (G31b) Nayna Jain, Software Engineer, IBM Systems, United States


11:45 Strengths and Weaknesses: A Protection Evaluation of Traditional Hardware, Software Tokens, TEEs and Multi-Party Computation (G31c) Yehuda Lindell, Professor of Computer Science, Bar Ilan University, CEO & Co-Founder, Unbound Tech, Israel

12:15 - 12:45 CMUF Monthly Meeting

Cabinet/Judiciary Suite

12:45 - 13:30 Lunch

Regency Foyer, Cabinet/Judiciary Suite

13:30 - 15:00 Track Sessions

End-User Experience
(Regency Ballroom I)

13:30 The Certification Landscape and What Industry Needs (U32a) John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom


14:00 Algorithmic Testing: Efficient and Effective Approach (U32b) Shawn Geddis, Security and Certifications Engineer, Apple, United States; Stephan Mueller, Principal Consultant and Evaluator, atsec information security, United States


14:30 What Do the CVEs Tell Us? (U32c) Dawn Adams, IT Security Specialist, EWA-Canada, Canada; Iain Holness, Senior Resource, EWA-Canada, Canada

Certification Programs
(Regency Ballroom II)

13:30 CC in the Cloud (C32a) Joshua Brickman, Director, Security Evaluations, Oracle, United States


14:00 Certification Panel Discussion TBA (C32b) [60 Min]

Embedded Crypto
(Regency Ballroom III)

13:30 Towards Lightweight Cryptography Standardization (E32a) Kerry McKay, Computer Scientist, NIST, United States


14:00 Embedded Crypto Panel Discussion TBA (E32b) [60 Min]

15:00 - 15:15 Networking Break

Regency Foyer

15:15 - 16:15 Closing Remarks, Summary Panel Discussion

Regency Ballroom I

15:15 Closing Remarks (P33a), Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States
15:25 Summary Panel Discussion (P33b) An expert panel discussion on a topic of great importance to industry as selected by participants.