April 7-10, 2025 | Toronto, Canada

Conference Agenda 2022

Wednesday 14 September

Break Sponsor

08:00 - 09:00 Registration

09:00 - 10:30 Plenary Keynote Session

09:00 Welcome to Attendees (P10a) Erin Connor, Program Director, ICMC, Canada; Sal la Pietra, President and Co-Founder, atsec information security corporation, United States

09:20 Government Keynote: A Domino Effect—Implementing Post-Quantum Cryptography (P10b) Troy Lange, Chief of Encryption Production and Solutions, Cybersecurity Directorate, National Security Agency, United States

09:55 Industry Keynote: And I Suggest You Let This One Marinate (P10c) Charles Henderson, Global Managing Partner and Head of X-Force, IBM, United States

10:30 - 11:15 Networking Break in Exhibits

11:15 - 12:45 Track Sessions

Certifications Programs (C11)
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA

11:15 Cryptography Validation Programs Status (C11a) Tim Hall, Security Testing, Validation, and Measurement Manager, National Institute of Standards and Technology, United States


11:45 CMVP Programmatic Update (C11b) Beverly Trapnell, CMVP Program Manager (US), NIST, United States; Sonia Roux, CCCS CMVP, Acting Supervisor, United States


12:15 CAVP Programmatic Update (C11c) Chris Celi, CAVP Program Manager, National Institute of Standards and Technology, United States

Open-Source Cryptography (S11)
Moderator: Brian Wood, Program Manager for Security Certifications, Google

11:15 OpenSSL Update (S11a) Martin Koci, Head of Avast Engineering Enabling Team and the OpenSSL Contributor, Avast, Czech Republic


11:45 AWS-Libcrypto and FIPS 140-3 (S11b) Daryl Martin, Manager, Amazon Web Services, Canada


12:15 Implementing the Post Quantum Survivors (S11c) David Hook, VP Software Engineering, Crypto Workshop, Legion of the Bouncy Castle/Keyfactor, Australia

Crypto Technology (G11)
Moderator: Yi Mao, Managing Director, atsec information security

11:15 Building Open Hardware Security Ecosystems (G11a) Colin O’Flynn, CTO, NewAE Technology, United States


11:45 NIST Crypto Publication Review Project (G11b) Meltem Sonmez Turan, Mathematician, National Institute of Standards and Technology, United States


12:15 NIST’s Crypto Publications Review: Block Cipher Modes of Operation: Status Update (G11c) Nicky Mouha, Researcher, Strativia, United States

12:45 - 13:45 Lunch in Exhibit Area

13:45 - 15:15 Track Sessions

Certifications Programs (C12)
Moderator: Juan Gonzalez, Lab Director, Teron Labs

13:45 CMVP Automation (C12a) David Hawes, Computer Scientist, National Institute of Standards and Technology, United States; Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology, United States


14:15 CMVP IGs and SP 800-140X Updates (C12b) Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States; Kim Schaffer, IT Specialist, Cybersecurity, National Institute of Standards and Technology, United States


14:45 NIST Handbook 150-17 Updates (C12c) Jim Fox, Computer Scientist, National Institute of Standards and Technology, United States; Ben Livelsberger, CAVP Computer Scientist, National Institute of Standards and Technology, United States; Brad Moore, NVLAP CSTL Lead, National Institute of Standards and Technology, United States

Open-Source Cryptography (S12)
Moderator: Josh Brickman, Senior Director, Security Evaluations, Oracle

13:45 Transitioning Open Source Modules from FIPS-140-2 to FIPS-140-3 (S12a) Robert Relyea, Co-Chair OASIS PKCS #11, Principle Programmer, Red Hat, United States


14:15 The Rust Cryptographic Library Ecosystem (S12b) Joachim Vandersmissen, Consultant, atsec information security corporation, United States


14:45 What Would It Take to Replace OpenSSL? (S12c) Rich Salz, Senior Architect, Akamai Technologies, United States

Crypto Technology (G12)
Moderator: Loren Shade, VP Marketing, Allegro Software, and Founder, IoT Security Forum, Allegro Software

13:45 Privacy-Friendly QR Codes for Identity (G12a) Christian Paquin, Principal Program Manager, Microsoft, United States


14:15 The Security Product Engineering Certification Gap Analysis—The Proverbial Elephant in the Room (G12b) Kelvin Desplanque, Senior Program Manager, Microsoft, Canada


14:45 Cryptographic Interfaces for Secure IoT Devices (G12c) Kris Kwiatkowski, Senior Cryptography Engineer, PQShield, United Kingdom

15:15 - 15:45 Networking Break in Exhibits

15:45-17:15 Track Sessions

Certifications Programs (C13)
Moderator: Fiona Stewart, Security and Certifications Engineer, Platform Security / SEAR

15:45 NIST and NIAP Working Together (C13a) Cheri Ellis, National Information Assurance Partnership (NIAP), United States; Tim Hall, STVM Manager, National Institute of Standards and Technology, United States


16:15 Panel Discussion: Maintaining Validation for Module Updates (C13b) Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States Panelists: Tim Hall, STVM Manager, National Institute of Standards and Technology, United States; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States; Alicia Squires, Principal TPM for FIPS, AWS Cryptography, United States [60MIN]

OASIS (S13)
Moderator: Valerie Fenwick, former PKCS11 TC co-chair

15:45 Quorate Operations with OASIS SAM Threshold Sharing Scheme (S13a) Tony Cox, Consultant, TC Logic, Australia


16:15 OASIS PKCS #11 Update (S13b) Robert Relyea, Co-Chair OASIS PKCS #11, Principle Programmer, Red Hat, United States


16:45 Update on OASIS Key Management Interoperability Protocol (KMIP) (S13c) Tony Cox, Consultant, TC Logic, Australia

Crypto Technology (G13)
Moderator: Brian Wood, Program Manager for Security Certifications, Google

15:45 Fitting Token-Based Authentication to FIPS 140-3 (G13a) Yi Mao, Managing Director, atsec information security corporation, United States; Volker Urban, IBM, Germany


16:15 Panel Discussion: Lightweight Crypto Outlook (G13b) Moderator: Loren Shade, VP Marketing, Allegro Software, United States Panelists: Santosh Ghosh, Intel Labs, United States; Kerry McKay, Computer Scientist, National Institute of Standards and Technology, United States; Markku-Juhani Saarinen, Senior Cryptography Architect, PQShield, United Kingdom
[60MIN]

17:15 - 18:45 Welcome Reception in Exhibits

18:45 - 21:15 Dine-Around Arlington

Enjoy an informal group dinner at one of Arlington’s best restaurants with your ICMC colleagues. Select a restaurant and reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:45 at the ICMC registration desk in the foyer and depart from there.

 

Learn more

Thursday 15 September

Break Sponsor

08:00 - 09:00 Coffee in the Exhibits

09:00 - 10:30 Track Sessions

Certifications Programs (C20)
Moderator: Fiona Stewart, Security and Certifications Engineer, Platform Security / SEAR

09:00 Out of Bounds—A Look into FIPS 140-3 Boundary Definitions and Requirements (C20a) Renaudt Nunez, Senior Consultant, Deputy CST Lab Manager, atsec information security corporation, United States


09:30 360° View of FIPS 140-3 Certification (C20b) Yi Mao, Managing Director, atsec information security corporation, United States; Swapneela Unkule, atsec information security corporation, United States


10:00 140-3 for a 140-2 Module; Some Gotchas (C20c) Jonathan Smith, Senior Security Tester, DEKRA, United States

Random Bit Generators (RBG) (N20)
Moderator: Shawn Geddis, Security and Certifications Engineer

09:00 Update on the NIST SP 800-90 Series (N20a) Kerry McKay, Computer Scientist, National Institute of Standards and Technology, United States


09:30 Update on AIS 20/31 (N20b) Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany


10:00 Comparison of Functionality Classes AIS 20/31 and Constructions of SP 800 90 (N20c) Meltem Sonmez Turan, Mathematician, National Institute of Standards and Technology, United States; Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany

Crypto Technology (G20)
Moderator: Steve Ratcliffe, FIPS Technical Lead for the Global Certification Team, Cisco Systems, United States

09:00 HSM Virtualization and Multitenancy: Strategies and Considerations (G20a) Adam Cason, VP, Global and Strategic Alliances, Futurex, United States


09:30 Emerging Trends That Will Challenge the Security Status Quo (G20b) Troy Leach, Chief Strategy Officer, Cloud Security Alliance, United States


10:00 PKI and Authentication (G20c) Wes Kussmaul, President, The Authenticity Alliance, United States

10:30 - 11:00 Networking Break in Exhibits

11:00 - 12:30 Track Sessions

Certifications Programs (C21)
Moderator: Fiona Stewart, Security and Certifications Engineer, Platform Security / SEAR

11:00 NIAP Update (C21a) Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States


11:30 Single-Chip and Bound/Embedded Working Group Updates (C21b) Marc Ireland, Security Certification Expert, NXP Semiconductors, United States


12:00 ISO/IEC 19790—Where to Next? (C21c) Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom

Random Bit Generators (RBG) (N21)
Moderator: Shawn Geddis, Security and Certifications Engineer

11:00 Stochastic Models for Entropy Estimation (N21a) John Kelsey, Computer Scientist, National Institute of Standards and Technology, United States and Johannes Mittmann, Mathematician, BSI, Germany

[60MIN]


12:00 Self-Evaluating True Random Number Generators (N21c) Sylvain Guilley, CTO, Secure-IC, France

Post-Quantum Crypto (Q21)
Moderator: Roberta Faux, Director of Innovation and Strategic Initiatives, Lorica Systems

11:00 Overview of Post-Quantum Cybersecurity (Q21a) Malek Ben Salem, Technology Research Director, Security, Accenture, United States


11:30 Challenges of Integrating Hybrid Post-Quantum Cryptography in NextG Networks (Q21b) Reza Azarderakhsh, Founder and President, PQSecure Technologies, Associate Professor, Florida Atlantic University, United States


12:00 Protocol-Independent Interfaces for Hybrid/Multi-Key Exchange (Q21c) Basil Hess, Research Engineer, IBM Research, Switzerland

12:30 - 13:30 Lunch in Exhibit Area

13:30 - 15:00 Track Sessions

Certifications Programs (C22)
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA

13:30 Protocol-Related Rules Enforcement in FIPS Validations (C22a) Stephan Mueller, Principal Consultant, atsec information security corporation, United States


14:00 SPDM Design with FIPS 140-3 Compliance (C22b) Xiaoyu Ruan, Principal Engineer, Intel, United States


14:30 Setting Up an Internal CAVP ACVTS Lab (C22c) Richard Fant, Security Researcher, Intel, United States

Random Bit Generators (RBG) (N22)
Moderator: Marcos Portnoi, Lab Director, atsec information security corporation

13:30 Entropy Source Validation (ESV) Demo (N22a) Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology, United States


14:00 Entropy Reviewer Panel (N22b) Moderator: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology, United States Panelists: Alex Calis, CMVP Deputy Program Manager, National Institute of Standards and Technology (NIST), United States; Tim Hall, Security Testing, Validation, and Measurement Manager Account, National Institute of Standards and Technology (NIST), United States; Allen Roginsky, Computer Scientist, National Institute of Standards and Technology (NIST), United States [60MIN]

Post-Quantum Crypto (Q22)
Moderator: Michele Mosca, University Research Chair & Co-Founder, Institute for Quantum Computing, University of Waterloo

13:30 Post-Quantum Crypto Side-Channel Tests and CSP Walk-Through (Q22a) Markku-Juhani Saarinen, Senior Cryptography Architect, PQShield, United Kingdom [60MIN]


14:30 The Signal Protocol for the Post-Quantum Era (Q22c) Jaimee Brown, Senior Research Engineer, Teron Labs, Australia

15:00-15:30 Networking Break in Exhibits

Exhibits End at 15:30

15:30 - 17:00 Track Sessions

Certifications Programs (C23)
Moderator: Yi Mao, Managing Director, atsec information security

15:30 Simplification of Multiple International Standards for Cryptographic Modules (C23a) Dave Horn, Product Manager, Motorola Solutions, United States


16:00 Cryptography Standards: Bridging the Gap Between EU and US Markets (C23b) Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Management, STMicroelectronics, Secretary/Treasurer, GlobalPlatform, Belgium


16:30 PSA Arm Architecture for Independent Certification (C23c) Marcus Streets, Senior Principal Security Architect, Arm / PSA Certified, United Kingdom

Random Bit Generators (RBG) (N23)
Moderator: Valerie Fenwick, former PKCS11 TC co-chair

15:30 Software Random Bit Generators and the NIST SP800-90B Entropy Standard (N23a) Juan Gonzalez, Laboratory Director, Teron Labs, Australia


16:00 Experiences with the Entropy Source Validation (N23b) Marcos Portnoi, Lab Director, atsec information security, United States


16:30 The Device-Independent Approach and Standardization of QRNG (N23c) Kevin Milner, Cryptographic Engineer, Quantinuum, United Kingdom

Post-Quantum Crypto (Q23)
Moderator: Dave Cornwell, Principal Consultant, atsec information security

15:30 The First NIST PQC Standards (Q23a) Dustin Moody, Mathematician, National Institute of Standards and Technology, United States


16:00 Panel Discussion: Now What? Changes in the Post-Quantum Ecosystem (Q23b) Moderator: Michele Mosca, Co-Founder, President and CEO, evolutionQ, Canada Panelists: Melanie Anderson, Director, Cryptographic Security and Systems Development, Canadian Centre for Cyber Security, Canada; Anne Dames, Distinguished Engineer, IBM zSystems Crypto Technology Development, United States; Bruno Couillard, CTO, Crypto4A, Canada; Nick Hamilton, Head of Product, Quantum Security, SandboxAQ, United States[60MIN]

Friday 16 September

Break Sponsor

08:00 - 09:00 Coffee

09:00 - 10:30 Track Sessions

Certifications Programs (C30)
Moderator: Alan Grau, VP of Sales & Business Development, PQShield, United States

 Track Sponsor


09:00 A Call to CMVP for a New Type of FIPS 140 Certificate (C30a) Alan Gornall, Consultant, Rycombe Consulting, United Kingdom


09:30 Introduction to the NCCoE CMVP and PQC Applied Crypto Projects (C30b) Murugiah Souppaya, Computer Scientist, National Institute of Standards and Technology (NIST), United States; Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology (NIST), United States; Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST), United States


10:00 Malaysian Validation Programs Overview (C30c) Nik Azura, CyberSecurity Malaysia MySEF, Malaysia; Hazlin Abdul Rani, Lab Director, CyberSecurity Malaysia MySEF, Malaysia

Post-Quantum Crypto (Q30)
Moderator: Jason Lawlor, President, Lightship Security, Inc.

09:00 BasQuaNA: Building a Standardized Quantum-Safe Networking Architecture (Q30a) James Goodman, Principal Security Architect, Crypto4A, Canada; Sarah McCarthy, Postdoctoral Fellow, University of Waterloo, Canada


09:30 PQ-HPKE: Post-Quantum Hybrid Public Key Encryption (Q30b) Panos Kampanakis, Sr. Security Engineer, Amazon Web Services, United States


10:00 The Evolving Security of Post Quantum Cryptography (Q30c) Luis Antonio Ruiz Lopez, Cryptographer, Lorica Cybersecurity, Canada

User Experience (U30)
Moderator: Josh Brickman, Senior Director, Security Evaluations, Oracle

09:00 Let’s Deep Dive Some Non-Invasive Attacks (U30a) Iain Holness, Senior Resource, Corsec, Canada


09:30 Open Source Transitioning Strategies to FIPS 140-3 (U30b) Jennifer Brady, Senior Principal Security Analyst, Oracle; Chris Brych, Senior Principal Security Analyst, Oracle, Canada


10:00 Things I Wish I Had Known About FIPS 140 When I Worked for a Vendor—The Combined FIPS Lab and Vendor Perspectives (U30c) Timothy Myers, Senior Security Engineer, UL Verification Services, United States

10:30 - 10:45 Networking Break

10:45 - 12:15 Track Sessions

Embedded IoT (E31)
Moderator: Jason Lawlor, President, Lightship Security, Inc.

10:45 IoT Cybersecurity Improvement Act 2022 (E31a) Loren Shade, VP Marketing, Allegro Software, United States


11:15 Panel Discussion: Embedded / IoT Outlook (E31b) Moderator: John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom Panelists: Fritz Bollmann, Head of Software Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Michael Fagan, National Institute of Standards and Technology, United States; Michael Grimm, Principal Security Program Manager, Microsoft, United States; Yann L’Hyver, Senior Staff Engineer – Hardware Security Certification Qualcomm, United States; Marcus Streets, Senior Principal Security Architect, Arm / PSA Certified, United Kingdom [60MIN]

PCI (I31)
Moderator: Ralph Poore, Director Emerging Standards, PCI Security Standards Council

10:45 PCI Standards Update—What’s New (I31a) Andrew Jamieson, Vice President, Standards, PCI Security Standards Council, United States


11:15 Panel Discussion: State of Cryptographic Standards (I31b) Moderator: Ralph Poore, Associate Director, PCI Security Standards Council, United States Panelists: Lily Chen, Manager, Emerging Cryptographic Technology Group, National Institute of Standards and Technology, United States; Jim Northey, Director, FIX Trading Community, Chair, ISO TC68 Financial Services, United States; Jeff Stapleton, X9F4 Working Group Chair, Accredited Standards Committee X9, United Statesl; Andrew Jamieson, Vice President, Standards, PCI SSC [60MIN]

User Experience (U31)
Moderator: Juan Gonzalez, Lab Director, Teron Labs

10:45 Post-Quantum Cryptography and US Government Activities (U31a) Lubjana Beshaj, Cyber Fellow of Mathematics, Army Cyber Institute, Assistant Professor, Department of Mathematical Sciences, West Point, United States


11:15 Policy Implications on Cryptography in the Cybersecurity Executive Order
(U31b) Leopold Wildenauer, Policy Manager, Public Sector, Information Technology Industry Council (ITI), United States


11:45 Cryptography in the Next Generation of the Cybersecurity Framework (U31c) Cherilyn Pascoe, Senior Technology Policy Advisor, National Institute of Standards and Technology (NIST), United States

12:15 - 13:30 Lunch, CMUF Monthly Meeting

13:30 - 15:00 Track Sessions

Embedded IoT (E32)
Moderator: Loren Shade, VP Marketing, Allegro Software, and Founder, IoT Security Forum, Allegro Software

13:30 Selected Cryptography Vulnerabilities of IoT Implementations (E32a) Paul Bottinelli, Technical Director, Cryptography Services, NCC Group, Canada


14:00 Securing the Embedded Software Supply Chain, Do You Know What is in Your Systems? (E32b) Mark Hermeling, VP Global Solutions Engineering, GrammaTech, Canada


14:30 FIPS 140 Cryptography in IoT (E32c) Kaleb Himes, Senior Software Engineer, wolfSSL, United States

PCI (I32)
Moderator: Ralph Poore, Director Emerging Standards, PCI Security Standards Council

13:30 PCI-HSM 4.0—Has the Introduction of ‘Cloud HSM’ Met its Target? (I32a) Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom


14:00 Understanding ASC X9 TR-31 Key Blocks, X9.143, PCI Requirements (I32b) Richard Kisley, Chief Engineer, IBM HSM, IBM, United States


14:30 ISO Format PIN Block—PCI Restrictions (I32c) Smita Mahapatra, Senior Industry Specialist, Amazon Web Services, United States

Homomorphic Encryption (H32)
Moderator: Roberta Faux, Director of Innovation and Strategic Initiatives, Lorica Systems

13:30 Confidential Deep Packet Inspection of Network Traffic Using Homomorphic Encryption (H32b) Yousef Sadrossadat, Lorica Cybersecurity, Canada


14:00 Fast Arithmetic Hardware Library For RLWE-Based Homomorphic Encryption (H32c) Michel Kinsy, Director – Secure, Trusted, and Assured Microelectronics (STAM) Center, Arizona State University, United States

15:00 - 15:15 Networking Break

15:15 - 16:15 Closing Remarks, Summary Panel Discussion

15:15 Summary Panel Discussion: Forecasting the Next Decade—Cryptographic Nirvana or Cryptographic Apocalypse? (P33a)

On the 10th anniversary of ICMC, panelists will discuss the outlook for the next decade. Will we be protected by privacy-enhancing technologies and universal frameworks for cybersecurity? Or will we be devastated by powerful new computers and complicated, fragmented, overly-rigid standards? An expert panel from a wide range of backgrounds will prognosticate.
Moderator: Brian Wood, Program Manager, Google, United States  Panelists: Matt Barrett, Former Program Manager for the NIST Cybersecurity Framework, Co-Founder and COO, CyberESI, United States; David McGrew, Cisco Fellow, Cisco Systems, United States; Ed Morris, Co-Founder, Gossamer Security Solutions, United States [60MIN]


16:15 Celebrating 10 Years of ICMC (P33b) Yi Mao, Managing Director, atsec information security corporation, United States

16:30 Adjourn