September 14-16, 2022 | Westin Arlington Gateway

Conference Agenda 2022

Wednesday 14 September

Conference Sessions

08:00 - 09:00 Registration

09:00 - 10:30 Plenary Keynote Session

09:00 Welcome to Attendees (P10a) Sal la Pietra, CEO, atsec information security corporation, United States

09:20 Government Keynote (P10b) Troy Lange, Chief of Encryption Production and Solutions, Cybersecurity Directorate, National Security Agency, United States

09:55 Industry Keynote (P10c) TBA

10:30 - 11:15 Networking Break in Exhibits

11:15 - 12:45 Track Sessions

Certifications Programs (C11)

 
11:15 Cryptography Validation Programs Status (C11a) Tim Hall, Security Testing, Validation, and Measurement Manager, National Institute of Standards and Technology, United States


11:45 CMVP Programmatic Update (C11b) Jennifer Moufarrej, CMVP Program Manager (Canada), CCCS CMVP, Canada; Beverly Trapnell, CMVP Program Manager (US), NIST, United States


12:15 CAVP Programmatic Update (C11c) Chris Celi, CAVP Program Manager, National Institute of Standards and Technology, United States

Open-Source Cryptography (S11)

 
11:15 OpenSSL Update (S11a) OpenSSL Project Speaker TBA


11:45 AWS-Libcrypto and FIPS 140-3 (S11b) Daryl Martin, Manager, Amazon Web Services, Canada


12:15 Implementing the Post Quantum Survivors (S11c) David Hook, VP Software Engineering, Crypto Workshop, Legion of the Bouncy Castle/Keyfactor, Australia

Crypto Technology (G11)

 
11:15 Building Open Hardware Security Ecosystems (G11a) Colin O’Flynn, CTO, NewAE Technology, United States


11:45 NIST Crypto Publication Review Project (G11b) Meltem Sonmez Turan, Mathematician, National Institute of Standards and Technology, United States


12:15 NIST’s Crypto Publications Review: Block Cipher Modes of Operation: Status Update (G11c) Nicky Mouha, Researcher, Strativia, United States

12:45 - 13:45 Lunch in Exhibit Area

13:45 - 15:15 Track Sessions

Certifications Programs (C12)

 
13:45 CMVP Automation (C12a) David Hawes, Computer Scientist, National Institute of Standards and Technology, United States; Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology, United States


14:15 SP 800-140 & Implementation Guidance Updates (C12b) Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States; Kim Schaffer, IT Specialist, Cybersecurity, National Institute of Standards and Technology, United States


14:45 NIST Handbook 150-17 Updates (C12c) Jim Fox, Computer Scientist, National Institute of Standards and Technology, United States; Ben Livelsberger, CAVP Computer Scientist, National Institute of Standards and Technology, United States; Brad Moore, NVLAP CSTL Lead, National Institute of Standards and Technology, United States

Open-Source Cryptography (S12)

 
13:45 Transitioning Open Source Modules from FIPS-140-2 to FIPS-140-3 (S12a) Simo Sorce, Senior Principal Software Engineer, Red Hat, United States


14:15 The Rust Cryptographic Library Ecosystem (S12b) Joachim Vandersmissen, Consultant, atsec information security corporation, United States


14:45 What Would It Take to Replace OpenSSL? (S12c) Rich Salz, Senior Architect, Akamai Technologies, United States

Crypto Technology (G12)

 
13:45 Privacy-Friendly QR Codes for Identity (G12a) Christian Paquin, Principal Program Manager, Microsoft, United States


14:15 The Security Product Engineering Certification Gap Analysis—The Proverbial Elephant in the Room (G12b) Kelvin Desplanque, Senior Program Manager, Microsoft, Canada


14:45 Cryptographic Interfaces Suitable for Constrained Devices (G12c) Kris Kwiatkowski, Senior Cryptography Engineer, PQShield, United Kingdom

15:15 - 15:45 Networking Break in Exhibits

15:45-17:15 Track Sessions

Certifications Programs (C13)

 
15:45 Panel Discussion: Maintaining Validation for Module Updates (C13a) Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States [60MIN]


16:45 Single-Chip and Bound/Embedded Working Group Updates (C13c) Marc Ireland, Security Certification Expert, NXP Semiconductors, United States

OASIS (S13)

 
15:45 Quorate Operations with OASIS SAM Threshold Sharing Scheme (S13a) Tony Cox, Consultant, TC Logic, Australia


16:15 OASIS PKCS #11 Update (S13b) Robert Relyea, Co-Chair OASIS PKCS #11, Principle Programmer, Red Hat, United States


16:45 Update on OASIS Key Management Interoperability Protocol (KMIP) (S13c) Judith Furlong, OASIS Key Management Interoperability Protocol (KMIP) TC Chair, Distinguished Engineer, Dell EMC

Crypto Technology (G13)

 
15:45 Fitting Token-Based Authentication to FIPS 140-3 (G13a) Yi Mao, VP Lab Director, atsec information security corporation, United States; Volker Urban, IBM, Germany


16:15 Panel Discussion: Lightweight Crypto Outlook (G13b) Panelists: Santosh Ghosh, Intel Labs, United States[60MIN]

17:15 - 18:45 Welcome Reception in Exhibits

18:45 - 21:15 Dine-Around Arlington

Enjoy an informal group dinner at one of Arlington’s best restaurants with your ICMC colleagues. Select a restaurant and reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:45 at the ICMC registration desk in the foyer and depart from there.

Thursday 15 September

Conference Sessions

08:00 - 09:00 Coffee in the Exhibits

09:00 - 10:30 Track Sessions

Certifications Programs (C20)

 
09:00 Out of Bounds—A Look into FIPS 140-3 Boundary Definitions and Requirements (C20a) Renaudt Nunez, Senior Consultant, Deputy CST Lab Manager, atsec information security corporation, United States


09:30 360° View of FIPS 140-3 Certification (C20b) Yi Mao, VP Lab Director, atsec information security corporation, United States; Swapneela Unkule, atsec information security corporation, United States


10:00 140-3 for a 140-2 Module; Some Gotchas (C20c) Jonathan Smith, Senior Security Tester, DEKRA, United States

Random Bit Generators (RBG) (N20)

 
09:00 Update on the NIST SP 800-90 Series (N20a) Kerry McKay, Computer Scientist, National Institute of Standards and Technology, United States


09:30 Update on AIS 20/31 (N20b) Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany


10:00 Comparison of Functionality Classes AIS 20/31 and Constructions of SP 800 90 (N20c) Meltem Sonmez Turan, Mathematician, National Institute of Standards and Technology, United States; Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany

Crypto Technology (G20)

 
09:00 HSM Virtualization and Multitenancy: Strategies and Considerations (G20a) Adam Cason, VP, Global and Strategic Alliances, Futurex, United States


09:30 Emerging Trends That Will Challenge the Security Status Quo (G20b) Troy Leach, Security Executive in Residence, Cloud Security Alliance, United States


10:00 PKI and Authentication (G20c) Wes Kussmaul, President, The Authenticity Alliance, United States

10:30 - 11:00 Networking Break in Exhibits

11:00 - 12:30 Track Sessions

Certifications Programs (C21)

 
11:00 ISO/IEC 19790—Where to Next? (C21a) Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom


11:30 Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (C21b) Moderator: Miguel Bañón, Independent Consultant, Convenor, ISO/IEC JTC 1/SC 27/WG 3, Spain Panelists: Yi Mao, VP Lab Director, atsec information security corporation, United States; TBA [60MIN]

Random Bit Generators (RBG) (N21)

 
11:00 Stochastic Models for Entropy Estimation (N21a) John Kelsey, Computer Scientist, National Institute of Standards and Technology, United States [60MIN]


12:00 Self-Evaluating True Random Number Generators (N21c) Sylvain Guilley, CTO, Secure-IC, France

Post-Quantum Crypto (Q21)

 
11:00 Overview of Post-Quantum Cybersecurity (Q21a) Malek Ben Salem, Technology Research Director, Security, Accenture, United States


11:30 Challenges of Integrating Hybrid Post-Quantum Cryptography in NextG Networks (Q21b) Reza Azarderakhsh, Founder and President, PQSecure Technologies, Associate Professor, Florida Atlantic University, United States


12:00 Protocol-Independent Interfaces for Hybrid/Multi-Key Exchange (Q21c) Basil Hess, Research Engineer, IBM Research, Switzerland

12:30 - 13:30 Lunch in Exhibit Area

13:30 - 15:00 Track Sessions

Certifications Programs (C22)

 
13:30 Protocol-Related Rules Enforcement in FIPS Validations (C22a) Stephan Mueller, Principal Consultant, atsec information security corporation, United States


14:00 SPDM Design with FIPS 140-3 Compliance (C22b) Xiaoyu Ruan, Principal Engineer, Intel, United States


14:30 Setting Up an Internal CAVP ACVTS Lab (C22c) Richard Fant, Security Researcher, Intel, United States

Random Bit Generators (RBG) (N22)

 
13:30 Entropy Source Validation (ESV) Demo (N22a) Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology, United States


14:00 Entropy Reviewer Panel (N22b) Moderator: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology, United States Panelists: Alex Calis, CMVP Deputy Program Manager, National Institute of Standards and Technology (NIST), United States; Tim Hall, Security Testing, Validation, and Measurement Manager Account, National Institute of Standards and Technology (NIST), United States; Allen Roginsky, Computer Scientist, National Institute of Standards and Technology (NIST), United States [60MIN]

Post-Quantum Crypto (Q22)

 
13:30 Post-Quantum Crypto Side-Channel Tests and CSP Walk-Through (Q22a) Markku-Juhani Saarinen, Senior Cryptography Architect, PQShield, United Kingdom [60MIN]


14:30 The Signal Protocol for the Post-Quantum Era (Q22c) Jaimee Brown, Senior Research Engineer, Teron Labs, Australia

15:00-15:30 Networking Break in Exhibits

15:30 - 17:00 Track Sessions

Certifications Programs (C23)

 
15:30 Simplification of Multiple International Standards for Cryptographic Modules (C23a) Dave Horn, Product Manager, Motorola Solutions, United States


16:00 Cryptography Standards: Bridging the Gap Between EU and US Markets (C23b) Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Management, STMicroelectronics, Secretary/Treasurer, GlobalPlatform, Belgium


16:30 PSA Arm Architecture for Independent Certification (C23c) Marcus Streets, Senior Principal Security Architect, Arm / PSA Certified, United Kingdom

Random Bit Generators (RBG) (N23)

 
15:30 Software Random Bit Generators and the NIST SP800-90B Entropy Standard (N23a) Juan Gonzalez, Laboratory Director, Teron Labs, Australia


16:00 Experiences with the Entropy Source Validation (N23b) Marcos Portnoi, Principal Information Security Engineer Specialist, atsec information security, United States


16:30 The Device-Independent Approach and Standardization of QRNG (N23c) Sherilyn Wright, Quantum Information Scientist, Cambridge Quantum/Quantinuum, United Kingdom

Post-Quantum Crypto (Q23)

 
15:30 The First NIST PQC Standards (Q23a) Dustin Moody, Mathematician, National Institute of Standards and Technology, United States


16:00 Panel Discussion: Now What? Changes in the Post-Quantum Ecosystem (Q23b) Moderator: Michele Mosca, Co-Founder, President and CEO, evolutionQ, Canada Panelists: TBA [60MIN]

Friday 16 September

Conference Sessions

08:00 - 09:00 Coffee

09:00 - 10:30 Track Sessions

Certifications Programs (C30)

 
09:00 A Call to CMVP for a New Type of FIPS 140 Certificate (C30a) Alan Gornall, Consultant, Rycombe Consulting, United Kingdom


09:30 Challenges and Experiences on Our First ISO/IEC 19790 Cryptographic Module Test Project (C30b) Yasir Emre Bulut, Laboratory Manager, OKTEM Laboratory, Turkey


10:00 Malaysian Validation Programs Overview (C30c) Nik Azura, CyberSecurity Malaysia MySEF, Malaysia; Hazlin Abdul Rani, Lab Director, CyberSecurity Malaysia MySEF, Malaysia

Post-Quantum Crypto (Q30)

 
09:00 BasQuaNA: Building a Standardized Quantum-Safe Networking Architecture (Q30a) James Goodman, Principal Security Architect, Crypto4A, Canada; Sarah McCarthy, Postdoctoral Fellow, University of Waterloo, Canada


09:30 PQ-HPKE: Post-Quantum Hybrid Public Key Encryption (Q30b) Panos Kampanakis, Sr. Security Engineer, Amazon Web Services, United States


10:00 Challenges in Standardization of Post-Quantum Cryptography (Q30c) Ludovic Perret, Associate Professor, Sorbonne University/LIP6, France

User Experience (U30)

 
09:00 Let’s Deep Dive Some Non-Invasive Attacks (U30a) Iain Holness, Senior Resource, Corsec, Canada


09:30 Open Source Transitioning Strategies to FIPS 140-3 (U30b) Jennifer Brady, Senior Principal Security Analyst, Oracle; Chris Brych, Senior Principal Security Analyst, Oracle, Canada


10:00 Things I Wish I Had Known About FIPS 140 When I Worked for a Vendor—The Combined FIPS Lab and Vendor Perspectives (U30c) Timothy Myers, Senior Security Engineer, UL Verification Services, United States

10:30 - 10:45 Networking Break

10:45 - 12:15 Track Sessions

Embedded IoT (E31)

 
10:45 IoT Cybersecurity Improvement Act 2022 (E31a) Loren Shade, VP Marketing, Allegro Software, United States


11:15 Panel Discussion: Embedded / IoT Outlook (E31b) Moderator: John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom Panelists: TBA [60MIN]

PCI (I31)

 
10:45 PCI Standards Update—What’s New (I31a) Andrew Jamieson, Vice President, Standards, PCI Security Standards Council, United States


11:15 Panel Discussion: State of Cryptographic Standards (I31b) Moderator: Ralph Poore, Associate Director, PCI Security Standards Council, United States Panelists: Lily Chen, Manager, Emerging Cryptographic Technology Group, National Institute of Standards and Technology, United States; Tim Cormier, Senior Manager, Device Standards, PCI Security Standards Council, United States; Jim Northey, Director, FIX Trading Community, Chair, ISO TC68 Financial Services, United States; Jeff Stapleton, X9F4 Working Group Chair, Accredited Standards Committee X9, United States [60MIN]

User Experience (U31)

 
10:45 Post-Quantum Cryptography and US Government Activities (U31a) Lubjana Beshaj, West Point, Albania


11:15 Policy Implications on Cryptography in the Cybersecurity Executive Order
(U31b) Gordon Bitko, Senior Vice President, Information Technology Industry Council (ITI), United States


11:45 Cryptography in the Next Generation of the Cybersecurity Framework (U31c) Cherilyn Pascoe, Senior Technology Policy Advisor, National Institute of Standards and Technology (NIST), United States

12:15 - 13:30 Lunch, CMUF Monthly Meeting

13:30 - 15:00 Track Sessions

Embedded IoT (E32)

 
13:30 Selected Cryptography Vulnerabilities of IoT Implementations (E32a) Paul Bottinelli, Principal Security Consultant, Cryptography Services, NCC Group, Canada


14:00 Securing the Embedded Software Supply Chain, Do You Know What is in Your Systems? (E32b) Mark Hermeling, VP Global Solutions Engineering, GrammaTech, Canada


14:30 TBA (E32c) 

PCI (I32)

 
13:30 PCI-HSM 4.0—Has the Introduction of ‘Cloud HSM’ Met its Target? (I32a) Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom


14:00 Understanding ASC X9 TR-31 Key Blocks, X9.143, PCI Requirements (I32b) Richard Kisley, Chief Engineer, IBM HSM, IBM, United States


14:30 ISO Format PIN Block—PCI Restrictions (I32c) Smita Mahapatra, Senior Industry Specialist, Amazon Web Services, United States

Homomorphic Cryptography (H32)

 
13:30 Smart Cities, Safe Cities, Ubiquitous Connectivity and Your Privacy (H32a) Tom Rondeau, Program Manager, Defense Advanced Research Projects Agency (DARPA), United States


14:00 Fast Arithmetic Hardware Library For RLWE-Based Homomorphic Encryption (H32b) Michel Kinsy, Director – Secure, Trusted, and Assured Microelectronics (STAM) Center, Arizona State University, United States


14:30 Confidential Deep Packet Inspection of Network Traffic Using Homomorphic Encryption (H32c) Luis Antonio Ruiz Lopez, Cryptographer, Lorica Cybersecurity, Canada

15:00 - 15:15 Networking Break

15:15 - 16:15 Closing Remarks, Summary Panel Discussion

15:15 Summary Panel Discussion: Forecasting the Next Decade—Cryptographic Nirvana or Cryptographic Apocalypse? (P33a)

On the 10th anniversary of ICMC, panelists will discuss the outlook for the next decade. Will we be protected by privacy-enhancing technologies and universal frameworks for cybersecurity? Or will we be devastated by powerful new computers and complicated, fragmented, overly-rigid standards? An expert panel from a wide range of backgrounds will prognosticate.
Moderator: Brian Wood, Program Manager, Google, United States  Panelists: Matt Barrett, Former Program Manager for the NIST Cybersecurity Framework, Co-Founder and COO, CyberESI, United States; Shawn Geddis, Security and Certifications Engineer, Platform Security, SEAR, Apple, United States; Ed Morris, Co-Founder, Gossamer Security Solutions, United States; Nick Sullivan, Head of Research, Cloudflare, United States [60MIN]


16:15 Celebrating 10 Years of ICMC (P33b) Yi Mao, VP Lab Director, atsec information security corporation, United States

16:30 Adjourn