September 18-20, 2024 | DoubleTree by Hilton, San Jose, California

ICMC20 Conference Agenda

All Times Shown Are Eastern Daylight Time (EDT)

Monday 21 September

Conference Day 1

09:00 - 10:35 Plenary Keynote Session

09:00 Opening Statement, Jose Ruiz, Co-Founder, jtsec, and Program Director, ICMC; Conference Welcome, CMUF Update (P10ab) Yi Mao, atsec, United States

GOVERNMENT PLENARY KEYNOTE

09:15 Enhancing Cybersecurity and Privacy Risk Management (P10c) Matthew Scholl, Chief, Computer Security Division, Information Technology Laboratory, NIST, United States

INDUSTRY PLENARY KEYNOTE

09:55 The Domain Name System (DNS): A Cryptographer’s Perspective (P10d) Dr. Burt Kaliski Jr., SVP, CTO, Verisign, United States

10:30-11:00 Break

11:00 - 12:30 Track Sessions

Random Bit Generators
Moderator: Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States

11:00 Revising NIST SP 800 90B (N11a) Meltem Sonmez Turan, Cryptographer, NIST, United States


11:30 NIST Recommendations on Random Number Generation (N11b) John Kelsey, Computer Scientist, NIST, United States; Meltem Sonmez Turan, Cryptographer, NIST, United States


12:00 Integration of the NIST Randomness Beacon with External Modules (N11c) Harold Booth, Computer Scientist, NIST, United States

General Technology
Moderator: Brian Wood, Device Security Certification Manager, Samsung Research America, United States

TRACK KEYNOTE
11:00 Crypto Past—and Lessons for the Future (G11a) Charles Brookson, OBE CEng FIET FRSA; former Chairman OCG Security and TC Cyber, ETSI; former Security Group Chairman, GSM Association, Zeata Security, United Kingdom


11:30 A Countermeasure for Differential Power Analysis Attack (G11b) Mehri Yahyaei, Senior Manager of IT Laboratories, RCII, Iran


12:00 Strengths and Weaknesses: A Protection Evaluation of Traditional Hardware, Software Tokens, TEEs and Multi-Party Computation (G11c) Yehuda Lindell, Professor of Computer Science, Bar Ilan University, CEO & Co-Founder, Unbound Tech, Israel

12:30-13:00 Break

 

12:30 All Aboard for FIPS 140-3! (P11d) Andreas Fabis, Marketing Director, atsec information security corporation, United States
SPONSORED

13:00-15:00 Track Sessions

Random Bit Generators
Moderator: Ashit Vora, Lab Director, Co-Founder, Acumen Security

TRACK KEYNOTE
13:00 BSI Approach: RNG Evaluation Methodology (N12a) Werner Schindler, BSI, Germany


13:30 Linux and SP800-90B Compliance (N12b) Stephan Mueller, Principal Consultant, atsec information security corp., United States


14:00 CMUF WG and IG7.19, the SP800-90B Estimator Confidence Intervals, and Assessment Stability (N12c) Joshua Hill, Information Security Scientist, KeyPair Consulting, United States [60 Min]

General Technology
Moderator: Loren Shade, VP Marketing, Allegro Software, and Founder, IoT Security Forum, Allegro Software

13:00 GCM Compliance in IEEE 802.11 GCMP (G12a) Marcos Portnoi, PhD, Information Security Engineer Specialist, atsec information security, United States


13:30 Prime Proof Protocol and the Case for Finite Field Cryptography (G12b) Anna Johnston, Cryptographic Researcher, Juniper Networks, United States


14:00 How Cryptographic Proof of ID will Enable the Future of Identity Transactions (G12c) David Kelts, Director of Mobile ID Product Development, GET Group North America, United States


14:30 Measuring The Reliability Of An Identity Claim (G12d) Wes Kussmaul, President, The Authenticity Institute, City of Osmio, United States

15:00 - 15:30 Break

 

15:00 Securing the IoT Edge Using FIPS Validated Cryptography (P12d) Loren Shade, Vice President, Allegro Software, United States
SPONSORED

15:30-17:30 Track Sessions

Certification in the Cloud
Moderator: Erin Connor, Consultant

15:30 CC in the Cloud (C13a) Joshua Brickman, Director, Security Evaluations, Oracle, United States


16:00 Panel Discussion on Cryptography and HSMs in the Cloud (C13b) Chris Brych, Senior Principal Security Analyst—Global Product Security, Oracle, Canada; Diane Hale, NIAP, United States; Timothy Hall, NIST, United States; Paul Hampton, Product Manager, Data Protection on Demand, Thales Group;  Ravi Jagannathan, Security Architect, VMware, United States [60 Min]

General Technology
Moderator: Anantha Kandiah, Director of Engineering, Teron Labs

15:30 The HSM’s Evolving Role in our Future Digital World (G13a) Bruno Couillard, CTO, Crypto4A Technologies, Canada


16:00 Agility and Private Keys (G13b) Vladimir Soukharev, Principal Cryptographic Technologist & Chief Post-Quantum Researcher, InfoSec Global, Canada


16:30 Threshold Schemes for Cryptographic Modules (G13c) Luís T.A.N. Brandão, Researcher, NIST, United States


17:00 Deep Learning and Extracting Insights from Encrypted Data with Darknet: Lessons Learnt and Challenges Ahead (G13d) Nayna Jain, Software Engineer, IBM Systems, United States

Tuesday 22 September

Conference Day 2

9:00 - 10:30 Track Sessions

Embedded Crypto
Moderator: Loren Shade, VP Marketing, Allegro Software, and Founder, IoT Security Forum, Allegro Software

09:00 Downsizing QRNG Chips for IoT Devices (E20a) Bruno Huttner, Director of Strategic Quantum Initiatives, and Quantum Key Distribution Expert, ID Quantique, Switzerland


09:30 Securing Embedded Systems Using Hardware-based Security Features (E20b) Arlen Baker, Principal Security Architect, Wind River, United States


10:00 Key Per IO Security Subsystem Class for NVM Express Storage Devices (E20c) Sridhar Balasubramanian, Principal Product Security Architect, NetApp, United States; Frederick Knight, Principal Standards Technologist, NetApp, United States

PCI
Moderator: Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States

TRACK KEYNOTE
09:00 Track Keynote: PCI (I20a) Troy Leach, SVP, Engagement Officer, PCI Security Standards Council, United States


09:30 PCI HSM Standard Against CC and FIPS (I20b) Andrew Jamieson, Technology and Security Director, UL, Australia


10:00 Cryptography and Key Management in PCI PIN and P2PE Standards (I20c) Di Li, atsec, China; Yan Liu, Principal Consultant, atsec, China

10:30 - 11:00 Break

 

10:30 Deploying Cryptographic Capabilities Using Modern Standards (P20d) Tony Cox, VP Partners, Alliances & Standards, Cryptsoft, Australia
SPONSORED

11:00 - 12:30 Track Sessions

Embedded Crypto
Moderator: Colin O’Flynn, CEO, NewAE Technology

TRACK KEYNOTE
11:00 New Directions in Automotive Security: Attacks and Countermeasures (E21a) Jorge Guajardo, Lead Expert & Manager, Security and Privacy Group, Bosch USA, United States


11:30 PSA Certified—Progress and Plans (E21b) Marcus Streets, Principal Security Architect, Arm Ltd, United Kingdom


12:00 Scheme Update: Using SESIP to Simplify Security Evaluation and Build Trusted IoT Products (E21c) Olivier Van Nieuwenhuyze, Security Task Force Chair and Board of Director, GlobalPlatform, United Kingdom

PCI
Moderator: Seth Nielson, Founder and Chief Scientist, Crimson Vista

11:00 PCI Standards Update (I21a) Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States


11:30 Fast-Track Your SoftPOS Deployment (I21b) Christian Damour, Pre-sales Manager – Security FIME, France


12:00 Implementing and Auditing Modern PCI Cryptosystems (I21c) Sam Pfanstiel, Director, Security Consulting Services ControlScan, United States

12:30 - 13:00 Break

 

12:30 Zero Touch Device Lifecycle Security (P21d) Tomas Gustavsson, CTO, PrimeKey Solutions
SPONSORED

13:00 - 15:00 Track Sessions

Embedded Crypto
Moderator: Steve Weingart, Consultant/Owner, Highland Tech LLC

13:00 IoT Device Security Maturity (E22a) Tomislav Nad, Head of Cryptography & System Security, SGS, Austria


13:30 Mission-Critical IoT Security—a 20/20 Perspective (E22b) Loren Shade, Vice President, Allegro Software, United States


14:00 Practical Product Composition Approach for an Embedded Cryptographic Component (E22c) Robert Clemons, Technical Lead, NIAP, United States; Ken Elliott, NIAP, United States


14:30 Towards Lightweight Cryptography Standardization (E22d) Kerry McKay, Computer Scientist, NIST, United States

PCI
Moderator: Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States

13:00 The Art of Designing Crypto Infrastructure for Payments (I22a) Adam Cason, Vice President of Global and Strategic Alliances, Futurex, United States


13:30 Spoofing a Hardware Security Module (I22b) Jeff Stapleton, Chair of the X9F4 Cybersecurity and Cryptographic Solutions Workgroup, United States


14:00 E2EE vs P2PE (I22c) Jordan Wiseman, Senior Consultant, Online Business Systems, United States


14:30 Inside the Maze: The Challenges of Cryptography During an Assessment (I22d) Jacob Ansari, Senior Manager, Schellman, United States

15:00 - 15:30 Break

 

FIPS 140: On the Precipice of Irrelevance? (P22e) Ray Potter, CEO & Founder, SafeLogic, United States
SPONSORED

15:30 - 17:30 Track Sessions

End-User Experience
Moderator: Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States

TRACK KEYNOTE
15:30 Cybersecurity Maturity Model Certification (CMMC) Overview (U23a) Katie Arrington, Chief Information Security Officer for Assistant Secretary of Defense for Acquisition, OUSD for A&S, United States


16:00 An Overview of Recent Policy Trends in Data Protection and Regulation: The Potential Impact of State, National, and International Policy on Innovators and Users (U23b) Jennifer Huddleston, Director of Technology and Innovation Policy, American Action Forum, United States


16:30 Algorithmic Testing: Efficient and Effective Approach (U23c) Shawn Geddis, Security and Certifications Engineer, United States; Stephan Mueller, Principal Consultant and Evaluator, atsec information security, United States


17:00 What Do the CVEs Tell Us? (U23d) Dawn Adams, IT Security Specialist, EWA-Canada, Canada; Iain Holness, Senior Resource, EWA-Canada, Canada

PCI
Moderator: Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States

15:30 Cryptographic Standards and Standards Bodies—Panel Discussion (I23a) Lily Chen, Mathematician, NIST, United States; Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States; Tony Seymour, Editor ISO 27099 PKI / Trusted Service Providers and ISO 21188; and Consultant, Comsign Europe, United Kingdom; Jeff Stapleton, Chair of the X9F4 Cybersecurity and Cryptographic Solutions Workgroup, United States [60 Min]

Wednesday 23 September

Conference Day 3

09:00 - 10:30 Track Sessions

Certification Programs
Moderator: Kim Schaffer, NIST, United States

A seven part overview of the new standard for cryptographic certification presented by NIST.

09:00 FIPS 140-3 Overview: Introduction (C30a) Kim Schaffer, NIST, United States


09:30 FIPS 140-3 Overview: SP 800-140 Overview (C30b) Kim Schaffer, NIST, United States


10:00 FIPS 140-3 Overview: FIPS 140-2 Timeline and 140-2 and 3 Transitions (C30c) Kim Schaffer, NIST, United States; Beverly Trapnell, NIST, United States

OASIS Standards
Moderator: Mark Cox, Distinguished Software Engineer, Security, Red Hat, and Founder and Management Committee member, The OpenSSL Group

09:00 KMIP vs PKCS#11 Revisited—Still No Contest! (S30a) Tony Cox, Co-Chair KMIP TC & Co-Chair PKCS#11 TC, OASIS, VP Partners Alliances & Standards, Cryptsoft, Australia


09:30 Latest Developments in PKCS#11 (S30b) Robert Relyea, PKCS#11 TC Co-Chair, OASIS and Principle Software Engineer, Red Hat, United States

Open Source Crypto

10:00 A Smart Solution to Integrate the Open Source Crypto to the Next-Generation Intel Technology (S30c) Juan Martinez, Junior Cybersecurity Consultant, jtsec Beyond IT Security, Spain; Assaf Cohen, CEO, Anqlave, Singapore

10:30 - 11:00 Break

 

10:30 Fast-Tracking Your DPA Testing (P30d) Colin O’Flynn, CEO, NewAE Technology
SPONSORED

11:00 - 12:30 Track Sessions

Certification Programs
Moderator: Kim Schaffer, NIST, United States

Continued: FIPS 140-3 Overview. Please note the unusual timing of these presentations.

11:00 FIPS 140-3 Overview: Non-Invasive (C31a) Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada


11:20 FIPS 140-3 Overview: Authentication (C31b) Kim Schaffer, NIST, United States


11:40 FIPS 140-3 Overview: 90-B Validations (C31c) Christopher Celi, Computer Scientist, NIST, United States; Timothy Hall, NIST, United States


12:10 FIPS 140-3 Overview: CAVP Overview (C31d) Christopher Celi, Computer Scientist, NIST, United States; Timothy Hall, NIST, United States

Open Source Crypto
Moderator: Mark Cox, Distinguished Software Engineer, Security, Red Hat, and Founder and Management Committee member, The OpenSSL Group

TRACK KEYNOTE
11:00 The Value of Open Security (S31a) Jason Keirstead, Chief Architect—Security Threat Management, IBM, Canada


11:30 Open-Source Development of Cryptography: Best Practices and Lessons Learned Through Hyperledger Ursa (S31b) Hart Montgomery, Research Scientist in Cryptography, Fujitsu, United States


12:00 PARSEC—The Platform Abstraction for SECurity (S31c) Marcus Streets, Principal Security Architect, Arm Ltd, United Kingdom

12:30 - 13:00 Break

13:00 - 15:00 Track Sessions

Certification Programs
Moderator: Brian Wood, Device Security Certification Manager, Samsung Research America, United States

13:00 Getting Ready for FIPS 140-3 (C32a) Yi Mao, VP, Lab Director, atsec information security, United States; Kim Schaffer, NIST, United States


13:30 101 on FIPS 140-3 (C32b) Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States; Kwok Wong, Senior Security Analyst, Cygnacom Solutions, United States


14:00 NIST and NIAP Working Together (C32c) Mary Baish, Director, NIAP, United States; Michael Cooper, NIST, United States


14:30 CMVP Programmatic Update (C32d) Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada; Beverly Trapnell, NIST, United States

Open Source Crypto
Moderator: Anantha Kandiah, Director of Engineering, Teron Labs

13:00 Supporting TLSv1.3 in NDcPP (S32a) Michael Vogel, Principal Consultant, atsec information security, Germany


13:30 Hyperledger Frameworks in the Enterprise: Open Source and Deployment (S32b) Vipin Bharathan, Digital Transformation Consultant, DLT NYC, United States


14:00 FIPS Surface Reduction in Red Hat Enterprise Linux 8 (S32c) Simo Sorce, Senior Principal Software Engineer, Red Hat, Inc., United States


14:30 Lessons Learnt from Cryptography Audits (S32d) Javed Samuel, Vice President, NCC Group Cryptography Services, United States

15:00 - 15:30 Break

15:30 - 17:30 Track Sessions

Certification Programs
Moderator: Brian Wood, Device Security Certification Manager, Samsung Research America, United States

15:30 NIAP Update—Crypto Policy Insights (C33a) Dianne Hale, Technical Leader, NIAP, United States


16:00 Extending NIST’s CAVP Testing: Lessons Learned from CVE-2019-8741 (C33b) Nicky Mouha, Researcher, NIST, United States


16:30 The NIST Project on Privacy Enhancing Cryptography (C33c) Angela Robinson, Mathematician, NIST, United States

Post-Quantum Crypto
Moderator: Ashit Vora, Lab Director, Co-Founder, Acumen Security

15:30 Towards Post-Quantum TLS (Q33a) Kris Kwiatkowski, Cryptography Engineer, PQShield, United Kingdom

Thursday 24 September

Conference Day 4

09:00 - 10:30 Track Sessions

Certification Programs
Moderator: Steve Weingart, Consultant/Owner, Highland Tech LLC

TRACK KEYNOTE
09:00 Transition to ISO/IEC 19790:2012 in JCMVP (C40a) Shinji Sato, IPA, Japan


09:30 CMUF CPU Equivalency Working Group Panel Report and Discussion (C40b) Kelvin Desplanque, Compliance Engineer, Cisco Systems, Canada; Dianne Hale, Technical Leader, NIAP, United States; Tim Hall, NIST, United States; Kevin Micciche, Manager, Trust and Assurance, Aruba, a Hewlett Packard Enterprise company, United States; Lachlan Turner Director Consulting, Lightship Security, Canada [60 Min]

Post-Quantum Crypto
Moderator: Seth Nielson, Founder and Chief Scientist, Crimson Vista

09:00 A Window on the Post-Quantum World: Using Merkle-Based Signature Schemes (Q40a) David Hook, Lead Developer, Crypto Workshop/Legion of the Bouncy Castle, Australia


09:30 Challenges in Designing and Deploying Some Quantum Safe Key Exchange Schemes (Q40b) Shay Gueron, Professor, University of Haifa, Senior Principal Engineer, Cryptography Amazon Web Services, Israel


10:00 Mobile Energy Requirements of the Upcoming NIST Post-Quantum Cryptography Standards (Q40c) Markku-Juhani Saarinen, Senior Cryptography Engineer, PQShield, United Kingdom

10:30 - 11:00 Break

11:00 - 12:30 Track Sessions

Certification Programs
Moderator: Erin Connor, Consultant

11:00 The Certification Landscape and What Industry Needs (C41a) John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom


Due to unforeseen circumstances this session has been cancelled:

11:30 From Turtle to Cheetah: Fast and Effective Common Criteria Evaluations (C41b) Maria Fravventura, Sr. Security Evaluator and System Group Director, Brightsight, Netherlands

Replaced with:

11:30 SESIP: Building an Optimised Methodology On and For IoT times (C41b) Wouter Slegers, CEO, TrustCB, Netherlands


12:00 How to Design (and Operate) Efficient Schemes (C41c) Wouter Slegers, CEO, TrustCB, Netherlands

Post-Quantum Crypto
Moderator: Roberta Faux, Director of Advanced Cryptography, BlackHorse Solutions

TRACK KEYNOTE
11:00 Post Quantum Cryptography (Q41a) Brian LaMacchia, Distinguished Engineer, Microsoft, United States


11:30 Towards PQC Standardization—An Update (Q41b) Lily Chen, Mathematician, Manager of Cryptographic Technology Group, NIST, United States; Dustin Moody, Mathematician, Manager of Cryptographic Technology Group, NIST, United States


12:00 Advanced Cryptography in the Quantum World (Q41c) Sarah Mccarthy, Postdoctoral Cryptographic Researcher, Queen’s University Belfast, United Kingdom

12:30 - 13:00 Break

13:00 - 15:00 Track Sessions

Certification Programs
Moderator: Erin Connor, Consultant

13:00 Third Country Perspective to the EU CSA—What Will Be the Next Step? Confusion or Order? (C42a) Ibrahim Kirmizi, Common Criteria Scheme Manager, Turkish Standards Institution, Turkey


13:30 Transitioning to SP800-56A Rev3 (C42b) Swapneela Unkule, atsec information security, United States


14:00 A Multi-Step Transition to New Algorithms: Key Establishment, Entropy and More (C42c) Allen Roginsky, Mathematician, NIST, United States


14:30 FedRAMP—Introduction and Update (C42d) Ravi Jagannathan, Security Architect, VMware, United States

Post-Quantum Crypto
Moderator: Yi Mao, Principal Consultant, atsec

13:00 Hybrid Key Agreement/KEM Construction and Integration to IPsec IKEv2 VPN (Q42a) Basil Hess, Chief Cryptographic Engineer, InfoSec Global, Switzerland


13:30 Impact of Post Quantum Cryptography on C-ITS (Q42b) Maria Christofi, Crypto Lab Manager, Oppida, France


14:00 Quantum Safe Crypto for National Security Needs (Q42c) Michael Kushin, President and CEO, BlackHorse Solutions, United States


14:30 Quantum Readiness Guide (Q42b) Bob Blakley, Global Head of Information Security Innovation, Citigroup, United States

15:00 - 15:30 Break

15:30 - 17:30 Track Sessions

Certification Programs
Moderator: Joshua Brickman, Director, Security Evaluations, Oracle Inc.

15:30 NIST and NIAP: A Tale of Two Crypto Validations (C43a) Kenneth Lasoski, Lead Security Engineer, Acumen Security, United States


16:00 Educating the Next Generation of FIPS 140 Certification Specialists (C43b) Kelvin Desplanque, Compliance Engineer, Cisco Systems, Canada


16:30 The Basics of ACVP Communication and Interaction (C43c) Alex Thurston, Senior Software Developer, Lightship Security, Canada


17:00 FIPS 140-3 is here, great! But…what happens to my 140-2 certs? (C43d) Jonathan Smith, Senior Security Tester, CygnaCom Solutions, United States

Post-Quantum Crypto
Moderator: Roberta Faux, Director of Advanced Cryptography, BlackHorse Solutions

15:30 Ways to Prepare for a Possible Quantum Future (Q43a) William Layton, NSA Cybersecurity, United States


16:00 Research Challenges in PQC Migration and Cryptographic Agility (Q43b) David Ott, Sr. Staff Researcher and Academic Program Director, VMware, United States


16:30 Post-Quantum Cryptography in Embedded IoT Devices (Q43c) Reza Azarderakhsh, Associate Professor, President/Founder, Florida Atlantic University and PQSecure Technologies, United States


17:00 Experimenting with Post-Quantum Cryptography in TLS/SSH with the Open Quantum Safe Project (Q43d) Christian Paquin, Principal Program Manager, Microsoft Research, United States

17:30-18:00 Summary Presentation

17:30 Summary Presentation (P44a) Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States