September 21-24, 2020 | Virtual Conference and Vendor Forum

Conference Agenda

All Times Shown Are Eastern Daylight Time (EDT)

Monday 21 September

Conference Day 1

09:00 - 10:35 Plenary Keynote Session

09:00 Conference Welcome, CMUF Update (P10ab) Yi Mao, atsec, United States

GOVERNMENT PLENARY KEYNOTE

09:15 Enhancing Cybersecurity and Privacy Risk Management (P10c) Dr. Charles Romine, Director, Information Technology Laboratory, NIST, United States

INDUSTRY PLENARY KEYNOTE

09:55 The Domain Name System (DNS): A Cryptographer’s Perspective (P10d) Dr. Burt Kaliski Jr., SVP, CTO, Verisign, United States

10:30-11:00 Break

11:00 - 12:30 Track Sessions

Random Bit Generators

11:00 Revising NIST SP 800 90B (N11a) Meltem Sonmez Turan, Cryptographer, NIST, United States


11:30 NIST Recommendations on Random Number Generation (N11b) John Kelsey, Computer Scientist, NIST, United States; Meltem Sonmez Turan, Cryptographer, NIST, United States


12:00 Integration of the NIST Randomness Beacon with External Modules (N11c) Harold Booth, Computer Scientist, NIST, United States

General Technology

TRACK KEYNOTE
11:00 Crypto Past—and Lessons for the Future (G11a) Charles Brookson, OBE CEng FIET FRSA; former Chairman OCG Security and TC Cyber, ETSI; former Security Group Chairman, GSM Association, Zeata Security, United Kingdom


11:30 A Countermeasure for Differential Power Analysis Attack (G11b) Mehri Yahyaei, Senior Manager of IT Laboratories, RCII, Iran


12:00 Strengths and Weaknesses: A Protection Evaluation of Traditional Hardware, Software Tokens, TEEs and Multi-Party Computation (G11c) Yehuda Lindell, Professor of Computer Science, Bar Ilan University, CEO & Co-Founder, Unbound Tech, Israel

12:30-13:00 Break

13:00-15:00 Track Sessions

Random Bit Generators

TRACK KEYNOTE
13:00 BSI Approach: RNG Evaluation Methodology (N12a) Werner Schindler, BSI, Germany


13:30 Linux and SP800-90B Compliance (N12b) Stephan Mueller, Principal Consultant, atsec information security corp., United States


14:00 CMUF Entropy WG Report and SP800-90B Estimator Confidence Intervals and Assessment Stability (N12c) Joshua Hill, Information Security Scientist, UL VS, United States [60 Min]

General Technology

13:00 GCM Compliance in IEEE 802.11 GCMP (G12a) Marcos Portnoi, PhD, Information Security Engineer Specialist, atsec information security, United States


13:30 Prime Proof Protocol and the Case for Finite Field Cryptography (G12b) Anna Johnston, Cryptographic Researcher, Juniper Networks, United States


14:00 How Cryptographic Proof of ID will Enable the Future of Identity Transactions (G12c) David Kelts, Director of Mobile ID Product Development, GET Group North America, United States


14:30 Measuring The Reliability Of An Identity Claim (G12d) Wes Kussmaul, President, The Authenticity Institute, City of Osmio, United States

15:00 - 15:30 Break

15:30-17:30 Track Sessions

Certification in the Cloud

15:30 CC in the Cloud (C13a) Joshua Brickman, Director, Security Evaluations, Oracle, United States


16:00 Panel Discussion on Cryptography and HSMs in the Cloud (C13b) Mary Baish, Director, NIAP, United States; Chris Brych, Senior Principal Security Analyst—Global Product Security, Oracle, Canada; Timothy Hall, NIST, United States; Ravi Jagannathan, Security Architect, VMware, United States [60 Min]

General Technology

15:30 The HSM’s Evolving Role in our Future Digital World (G13a) Bruno Couillard, CTO, Crypto4A Technologies, Canada


16:00 Agility and Private Keys (G13b) Vladimir Soukharev, Principal Cryptographic Technologist & Chief Post-Quantum Researcher, InfoSec Global, Canada


16:30 Threshold Schemes for Cryptographic Modules (G13c) Luís T.A.N. Brandão, Researcher, NIST, United States


17:00 Deep Learning and Extracting Insights from Encrypted Data with Darknet: Lessons Learnt and Challenges Ahead (G13d) Nayna Jain, Software Engineer, IBM Systems, United States

Tuesday 22 September

Conference Day 2

9:00 - 10:30 Track Sessions

Embedded Crypto

09:00 Post-Quantum Authentication at the Edges of Complex and Highly Dynamic IoT Systems (E20a) Christopher Autry, CEO, Iothic, United Kingdom


09:30 Securing Embedded Systems Using Hardware-based Security Features (E20b) Arlen Baker, Principal Security Architect, Wind River, United States


10:00 Key Per IO Security Subsystem Class for NVM Express Storage Devices (E20c) Sridhar Balasubramanian, Principal Product Security Architect, NetApp, United States; Frederick Knight, Principal Standards Technologist, NetApp, United States

PCI

TRACK KEYNOTE
09:00 Track Keynote: PCI (I20a) Troy Leach, SVP, Engagement Officer, PCI Security Standards Council, United States


09:30 PCI HSM Standard Against CC and FIPS (I20b) Andrew Jamieson, Technology and Security Director, UL, Australia


10:00 Cryptography and Key Management in PCI PIN and P2PE Standards (I20c) Di Li, atsec, China; Yan Liu, Principal Consultant, atsec, China

10:30 - 11:00 Break

11:00 - 12:30 Track Sessions

Embedded Crypto

TRACK KEYNOTE
11:00 New Directions in Automotive Security: Attacks and Countermeasures (E21a) Jorge Guajardo, Lead Expert & Manager, Security and Privacy Group, Bosch USA, United States


11:30 PSA Certified—Progress and Plans (E21b) Marcus Streets, Principal Security Architect, Arm Ltd, United Kingdom


12:00 Scheme Update: Using SESIP to Simplify Security Evaluation and Build Trusted IoT Products (E21c) Olivier Van Nieuwenhuyze, Security Task Force Chair and Board of Director, GlobalPlatform, United Kingdom

PCI

11:00 PCI Standards Update (I21a) Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States


11:30 PCI-PTS Evaluation Challenges (I21b) Steve Jia, Lab Manager, EWA, Canada; Smita Mahapatra, Security and Certifications Analyst, Thales, Canada


12:00 Session TBA

12:30 - 13:00 Break

13:00 - 15:00 Track Sessions

Embedded Crypto

13:00 IoT Device Security Maturity (E22a) Martin Schaffer, Global Head of Secure Products & Systems, Digital Trust Services, SGS, Austria


13:30 Mission-Critical IoT Security—a 20/20 Perspective (E22b) Loren Shade, Vice President, Allegro Software, United States


14:00 Practical Product Composition Approach for an Embedded Cryptographic Component (E22c) Robert Clemons, Technical Lead, NIAP, United States; Ken Elliott, NIAP, United States


14:30 Towards Lightweight Cryptography Standardization (E22d) Kerry McKay, Computer Scientist, NIST, United States

PCI

13:00 The Art of Designing Crypto Infrastructure for Payments (I22a) Adam Cason, Director of Product Marketing, Futurex, United States


13:30 Spoofing a Hardware Security Module (I22b) Jeff Stapleton, Chair of the X9F4 Cybersecurity and Cryptographic Solutions Workgroup, United States


14:00 E2EE vs P2PE (I22c) Jordan Wiseman, Senior Consultant, Online Business Systems, United States


14:30 Inside the Maze: The Challenges of Cryptography During an Assessment (I22d) Jacob Ansari, Senior Manager, Schellman, United States

15:00 - 15:30 Break

15:30 - 17:30 Track Sessions

End-User Experience

TRACK KEYNOTE
15:30 Cybersecurity Maturity Model Certification (CMMC) Overview (U23a) Katie Arrington, Chief Information Security Officer for Assistant Secretary of Defense for Acquisition, OUSD for A&S, United States


16:00 An Overview of Recent Policy Trends in Data Protection and Regulation: The Potential Impact of State, National, and International Policy on Innovators and Users (U23b) Jennifer Huddleston, Director of Technology and Innovation Policy, American Action Forum, United States


16:30 Algorithmic Testing: Efficient and Effective Approach (U23c) Shawn Geddis, Security and Certifications Engineer, Apple, United States; Stephan Mueller, Principal Consultant and Evaluator, atsec information security, United States


17:00 What Do the CVEs Tell Us? (U23d) Dawn Adams, IT Security Specialist, EWA-Canada, Canada; Iain Holness, Senior Resource, EWA-Canada, Canada

PCI

15:30 Cryptographic Standards and Standards Bodies—Panel Discussion (I23a) Lily Chen, Mathematician, NIST, United States; Ralph Spencer Poore, Director, Emerging Standards, PCI Security Standards Council, United States; Jeff Stapleton, Chair of the X9F4 Cybersecurity and Cryptographic Solutions Workgroup, United States [60 Min]

Wednesday 23 September

Conference Day 3

09:00 - 10:30 Track Sessions

Certification Programs

A seven part overview of the new standard for cryptographic certification presented by NIST.

09:00 FIPS 140-3 Overview: Introduction (C30a) Kim Schaffer, NIST, United States


09:30 FIPS 140-3 Overview: SP 800-140 Overview (C30b) Kim Schaffer, NIST, United States


10:00 FIPS 140-3 Overview: FIPS 140-2 Timeline and 140-2 and 3 Transitions (C30c) Kim Schaffer, NIST, United States; Beverly Trapnell, NIST, United States

OASIS Standards

09:00 KMIP vs PKCS#11 Revisited—Still No Contest! (S30a) Tony Cox, Co-Chair KMIP TC & Co-Chair PKCS#11 TC, OASIS, VP Partners Alliances & Standards, Cryptsoft, Australia


09:30 Latest Developments in PKCS#11 (S30b) Robert Relyea, PKCS#11 TC Co-Chair, OASIS and Principle Software Engineer, Red Hat, United States

Open Source Crypto

10:00 A Smart Solution to Integrate the Open Source Crypto to the Next-Generation Intel Technology (S30c) Juan Martinez, Junior Cybersecurity Consultant, jtsec Beyond IT Security, Spain; Assaf Cohen, CEO, Anqlave, Singapore

10:30 - 11:00 Break

11:00 - 12:30 Track Sessions

Certification Programs

Continued: FIPS 140-3 Overview. Please note the unusual timing of these presentations.

11:00 FIPS 140-3 Overview: Non-Invasive (C31a) Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada


11:20 FIPS 140-3 Overview: Authentication (C31b) Kim Schaffer, NIST, United States


11:40 FIPS 140-3 Overview: 90-B Validations (C31c) Christopher Celi, Computer Scientist, NIST, United States; Timothy Hall, NIST, United States


12:10 FIPS 140-3 Overview: CAVP Overview (C31d) Christopher Celi, Computer Scientist, NIST, United States; Timothy Hall, NIST, United States

Open Source Crypto

TRACK KEYNOTE
11:00 The Value of Open Security (S31a) Jason Keirstead, Chief Architect—Security Threat Management, IBM, Canada


11:30 Open-Source Development of Cryptography: Best Practices and Lessons Learned Through Hyperledger Ursa (S31b) Hart Montgomery, Research Scientist in Cryptography, Fujitsu, United States


12:00 PARSEC—The Platform Abstraction for SECurity (S31c) Marcus Streets, Principal Security Architect, Arm Ltd, United Kingdom

12:30 - 13:00 Break

13:00 - 15:00 Track Sessions

Certification Programs

13:00 Getting Ready for FIPS 140-3 (C32a) Yi Mao, VP, Lab Director, atsec information security, United States; Kim Schaffer, NIST, United States


13:30 101 on FIPS 140-3 (C32b) Nithya Rachamadugu, Senior Director, Cygnacom Solutions, United States; Kwok Wong, Senior Security Analyst, Cygnacom Solutions, United States


14:00 NIST and NIAP Working Together (C32c) Mary Baish, Director, NIAP, United States; Michael Cooper, NIST, United States


14:30 CMVP Programmatic Update (C32d) Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada; Beverly Trapnell, NIST, United States

Open Source Crypto

13:00 Supporting TLSv1.3 in NDcPP (S32a) Michael Vogel, Principal Consultant, atsec information security, Germany


13:30 Towards Post-Quantum TLS (S32b) Kris Kwiatkowski, Cryptography Engineer, PQshield, United Kingdom


14:00 FIPS Surface Reduction in Red Hat Enterprise Linux 8 (S32c) Simo Sorce, Senior Principal Software Engineer, Red Hat, Inc., United States


14:30 Lessons Learnt from Cryptography Audits (S32d) Javed Samuel, Vice President, NCC Group Cryptography Services, United States

15:00 - 15:30 Break

15:30 - 17:30 Track Sessions

Certification Programs

15:30 NIAP Update—Crypto Policy Insights (C33a) Dianne Hale, Technical Leader, NIAP, United States


16:00 Extending NIST’s CAVP Testing: Lessons Learned from CVE-2019-8741 (C33b) Nicky Mouha, Researcher, NIST, United States


16:30 The NIST Project on Privacy Enhancing Cryptography (C33c) Angela Robinson, Mathematician, NIST, United States

Open Source Crypto

15:30 Hyperledger Frameworks in the Enterprise: Open Source and Deployment (S33a) Vipin Bharathan, Digital Transformation Consultant, DLT NYC, United States

Thursday 24 September

Conference Day 4

09:00 - 10:30 Track Sessions

Certification Programs

TRACK KEYNOTE
09:00 Transition to ISO/IEC 19790:2012 in JCMVP (C40a) Shinji Sato, IPA, Japan


09:30 CMUF CPU Equivalency Working Group Panel Report and Discussion (C40b) Kelvin Desplanque, Compliance Engineer, Cisco Systems, Canada; Dianne Hale, Technical Leader, NIAP, United States; Tim Hall, NIST, United States; Kevin Micciche, Manager, Trust and Assurance, Aruba, a Hewlett Packard Enterprise company, United States; Lachlan Turner Director Consulting, Lightship Security, Canada [60 Min]

Post-Quantum Crypto

09:00 A Window on the Post-Quantum World: Using Merkle-Based Signature Schemes (Q40a) David Hook, Lead Developer, Crypto Workshop/Legion of the Bouncy Castle, Australia


09:30 Challenges in Designing and Deploying Some Quantum Safe Key Exchange Schemes (Q40b) Shay Gueron, Professor, University of Haifa, Senior Principal Engineer, Cryptography Amazon Web Services, Israel


10:00 Mobile Energy Requirements of the Upcoming NIST Post-Quantum Cryptography Standards (Q40c) Markku-Juhani Saarinen, Senior Cryptography Engineer, PQShield, United Kingdom

10:30 - 11:00 Break

11:00 - 12:30 Track Sessions

Certification Programs

11:00 The Certification Landscape and What Industry Needs (C41a) John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom


11:30 From Turtle to Cheetah: Fast and Effective Common Criteria Evaluations (C41b) Maria Fravventura, Sr. Security Evaluator and System Group Director, Brightsight, Netherlands


12:00 How to Design (and Operate) Efficient Schemes (C41c) Wouter Slegers, CEO, TrustCB, Netherlands

Post-Quantum Crypto

TRACK KEYNOTE
11:00 Post Quantum Cryptography (Q41a) Brian LaMacchia, Distinguished Engineer, Microsoft, United States


11:30 Towards PQC Standardization—An Update (Q41b) Lily Chen, Mathematician, Manager of Cryptographic Technology Group, NIST, United States; Dustin Moody, Mathematician, Manager of Cryptographic Technology Group, NIST, United States


12:00 Advanced Cryptography in the Quantum World (Q41c) Sarah Mccarthy, Postdoctoral Cryptographic Researcher, Queen’s University Belfast, United Kingdom

12:30 - 13:00 Break

11:00 - 12:30 Track Sessions

Certification Programs

13:00 Third Country Perspective to the EU CSA—What Will Be the Next Step? Confusion or Order? (C42a) Ibrahim Kirmizi, Common Criteria Scheme Manager, Turkish Standards Institution, Turkey


13:30 Transitioning to SP800-56A Rev3 (C42b) Swapneela Unkule, atsec information security, United States


14:00 A Multi-Step Transition to New Algorithms: Key Establishment, Entropy and More (C42c) Allen Roginsky, Mathematician, NIST, United States


14:30 FedRAMP—Introduction and Update (C42d) Ravi Jagannathan, Security Architect, VMware, United States

Post-Quantum Crypto

13:00 Hybrid Key Agreement/KEM Construction and Integration to IPsec IKEv2 VPN (Q42a) Basil Hess, Chief Cryptographic Engineer, InfoSec Global, Switzerland


13:30 Impact of Post Quantum Cryptography on C-ITS (Q42b) Maria Christofi, Crypto Lab Manager, Oppida, France


14:00 Quantum Safe Crypto for National Security Needs (Q42c) Michael Kushin, President and CEO, BlackHorse Solutions, United States


14:30 Quantum Readiness Guide (Q42b) Bob Blakley, Global Head of Information Security Innovation, Citigroup, United States

15:00 - 15:30 Break

15:30 - 17:30 Track Sessions

Certification Programs

15:30 NIST and NIAP: A Tale of Two Crypto Validations (C43a) Kenneth Lasoski, Lead Security Engineer, Acumen Security, United States


16:00 Educating the Next Generation of FIPS 140 Certification Specialists (C43b) Kelvin Desplanque, Compliance Engineer, Cisco Systems, Canada


16:30 The Basics of ACVP Communication and Interaction (C43c) Alex Thurston, Senior Software Developer, Lightship Security, Canada


17:00 FIPS 140-3 is here, great! But…what happens to my 140-2 certs? (C43d) Jonathan Smith, Senior Security Tester, CygnaCom Solutions, United States

Post-Quantum Crypto

15:30 Ways to Prepare for a Possible Quantum Future (Q43a) William Layton, NSA Cybersecurity, United States


16:00 Research Challenges in PQC Migration and Cryptographic Agility (Q43b) David Ott, Sr. Staff Researcher and Academic Program Director, VMware, United States


16:30 Post-Quantum Cryptography in Embedded IoT Devices (Q43c) Reza Azarderakhsh, Associate Professor, President/Founder, Florida Atlantic University and PQSecure Technologies, United States


17:00 Experimenting with Post-Quantum Cryptography in TLS/SSH with the Open Quantum Safe Project (Q43d) Christian Paquin, Principal Program Manager, Microsoft Research, United States