09:00 Welcome to Attendees (P10a) Erin Connor, Program Director, ICMC, Canada; Sal la Pietra, President and Co-Founder, atsec information security corporation, United States
09:20 Government Keynote: A Domino Effect—Implementing Post-Quantum Cryptography (P10b) Troy Lange, Chief of Encryption Production and Solutions, Cybersecurity Directorate, National Security Agency, United States
09:55 Industry Keynote: And I Suggest You Let This One Marinate (P10c) Charles Henderson, Global Managing Partner and Head of X-Force, IBM, United States
Certifications Programs (C11) |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA |
11:15 Cryptography Validation Programs Status (C11a) Tim Hall, Security Testing, Validation, and Measurement Manager, National Institute of Standards and Technology, United States
11:45 CMVP Programmatic Update (C11b) Beverly Trapnell, CMVP Program Manager (US), NIST, United States; Sonia Roux, CCCS CMVP, Acting Supervisor, United States
12:15 CAVP Programmatic Update (C11c) Chris Celi, CAVP Program Manager, National Institute of Standards and Technology, United States
Open-Source Cryptography (S11) |
Moderator: Brian Wood, Program Manager for Security Certifications, Google |
11:15 OpenSSL Update (S11a) Martin Koci, Head of Avast Engineering Enabling Team and the OpenSSL Contributor, Avast, Czech Republic
11:45 AWS-Libcrypto and FIPS 140-3 (S11b) Daryl Martin, Manager, Amazon Web Services, Canada
12:15 Implementing the Post Quantum Survivors (S11c) David Hook, VP Software Engineering, Crypto Workshop, Legion of the Bouncy Castle/Keyfactor, Australia
Crypto Technology (G11) |
Moderator: Yi Mao, Managing Director, atsec information security |
11:15 Building Open Hardware Security Ecosystems (G11a) Colin O’Flynn, CTO, NewAE Technology, United States
11:45 NIST Crypto Publication Review Project (G11b) Meltem Sonmez Turan, Mathematician, National Institute of Standards and Technology, United States
12:15 NIST’s Crypto Publications Review: Block Cipher Modes of Operation: Status Update (G11c) Nicky Mouha, Researcher, Strativia, United States
Certifications Programs (C12) |
Moderator: Juan Gonzalez, Lab Director, Teron Labs |
13:45 CMVP Automation (C12a) David Hawes, Computer Scientist, National Institute of Standards and Technology, United States; Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology, United States
14:15 CMVP IGs and SP 800-140X Updates (C12b) Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States; Kim Schaffer, IT Specialist, Cybersecurity, National Institute of Standards and Technology, United States
14:45 NIST Handbook 150-17 Updates (C12c) Jim Fox, Computer Scientist, National Institute of Standards and Technology, United States; Ben Livelsberger, CAVP Computer Scientist, National Institute of Standards and Technology, United States; Brad Moore, NVLAP CSTL Lead, National Institute of Standards and Technology, United States
Open-Source Cryptography (S12) |
Moderator: Josh Brickman, Senior Director, Security Evaluations, Oracle |
13:45 Transitioning Open Source Modules from FIPS-140-2 to FIPS-140-3 (S12a) Robert Relyea, Co-Chair OASIS PKCS #11, Principle Programmer, Red Hat, United States
14:15 The Rust Cryptographic Library Ecosystem (S12b) Joachim Vandersmissen, Consultant, atsec information security corporation, United States
14:45 What Would It Take to Replace OpenSSL? (S12c) Rich Salz, Senior Architect, Akamai Technologies, United States
Crypto Technology (G12) |
Moderator: Loren Shade, VP Marketing, Allegro Software, and Founder, IoT Security Forum, Allegro Software |
13:45 Privacy-Friendly QR Codes for Identity (G12a) Christian Paquin, Principal Program Manager, Microsoft, United States
14:15 The Security Product Engineering Certification Gap Analysis—The Proverbial Elephant in the Room (G12b) Kelvin Desplanque, Senior Program Manager, Microsoft, Canada
14:45 Cryptographic Interfaces for Secure IoT Devices (G12c) Kris Kwiatkowski, Senior Cryptography Engineer, PQShield, United Kingdom
Certifications Programs (C13) |
Moderator: Fiona Stewart, Security and Certifications Engineer, Platform Security / SEAR |
15:45 NIST and NIAP Working Together (C13a) Cheri Ellis, National Information Assurance Partnership (NIAP), United States; Tim Hall, STVM Manager, National Institute of Standards and Technology, United States
16:15 Panel Discussion: Maintaining Validation for Module Updates (C13b) Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States Panelists: Tim Hall, STVM Manager, National Institute of Standards and Technology, United States; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States; Alicia Squires, Principal TPM for FIPS, AWS Cryptography, United States [60MIN]
OASIS (S13) |
Moderator: Valerie Fenwick, former PKCS11 TC co-chair |
15:45 Quorate Operations with OASIS SAM Threshold Sharing Scheme (S13a) Tony Cox, Consultant, TC Logic, Australia
16:15 OASIS PKCS #11 Update (S13b) Robert Relyea, Co-Chair OASIS PKCS #11, Principle Programmer, Red Hat, United States
16:45 Update on OASIS Key Management Interoperability Protocol (KMIP) (S13c) Tony Cox, Consultant, TC Logic, Australia
Crypto Technology (G13) |
Moderator: Brian Wood, Program Manager for Security Certifications, Google |
15:45 Fitting Token-Based Authentication to FIPS 140-3 (G13a) Yi Mao, Managing Director, atsec information security corporation, United States; Volker Urban, IBM, Germany
16:15 Panel Discussion: Lightweight Crypto Outlook (G13b) Moderator: Loren Shade, VP Marketing, Allegro Software, United States Panelists: Santosh Ghosh, Intel Labs, United States; Kerry McKay, Computer Scientist, National Institute of Standards and Technology, United States; Markku-Juhani Saarinen, Senior Cryptography Architect, PQShield, United Kingdom
[60MIN]
Enjoy an informal group dinner at one of Arlington’s best restaurants with your ICMC colleagues. Select a restaurant and reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:45 at the ICMC registration desk in the foyer and depart from there.
Certifications Programs (C20) |
Moderator: Fiona Stewart, Security and Certifications Engineer, Platform Security / SEAR |
09:00 Out of Bounds—A Look into FIPS 140-3 Boundary Definitions and Requirements (C20a) Renaudt Nunez, Senior Consultant, Deputy CST Lab Manager, atsec information security corporation, United States
09:30 360° View of FIPS 140-3 Certification (C20b) Yi Mao, Managing Director, atsec information security corporation, United States; Swapneela Unkule, atsec information security corporation, United States
10:00 140-3 for a 140-2 Module; Some Gotchas (C20c) Jonathan Smith, Senior Security Tester, DEKRA, United States
Random Bit Generators (RBG) (N20) |
Moderator: Shawn Geddis, Security and Certifications Engineer |
09:00 Update on the NIST SP 800-90 Series (N20a) Kerry McKay, Computer Scientist, National Institute of Standards and Technology, United States
09:30 Update on AIS 20/31 (N20b) Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
10:00 Comparison of Functionality Classes AIS 20/31 and Constructions of SP 800 90 (N20c) Meltem Sonmez Turan, Mathematician, National Institute of Standards and Technology, United States; Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
Crypto Technology (G20) |
Moderator: Steve Ratcliffe, FIPS Technical Lead for the Global Certification Team, Cisco Systems, United States |
09:00 HSM Virtualization and Multitenancy: Strategies and Considerations (G20a) Adam Cason, VP, Global and Strategic Alliances, Futurex, United States
09:30 Emerging Trends That Will Challenge the Security Status Quo (G20b) Troy Leach, Chief Strategy Officer, Cloud Security Alliance, United States
10:00 PKI and Authentication (G20c) Wes Kussmaul, President, The Authenticity Alliance, United States
Certifications Programs (C21) |
Moderator: Fiona Stewart, Security and Certifications Engineer, Platform Security / SEAR |
11:00 NIAP Update (C21a) Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States
11:30 Single-Chip and Bound/Embedded Working Group Updates (C21b) Marc Ireland, Security Certification Expert, NXP Semiconductors, United States
12:00 ISO/IEC 19790—Where to Next? (C21c) Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom
Random Bit Generators (RBG) (N21) |
Moderator: Shawn Geddis, Security and Certifications Engineer |
11:00 Stochastic Models for Entropy Estimation (N21a) John Kelsey, Computer Scientist, National Institute of Standards and Technology, United States and Johannes Mittmann, Mathematician, BSI, Germany
[60MIN]
12:00 Self-Evaluating True Random Number Generators (N21c) Sylvain Guilley, CTO, Secure-IC, France
Post-Quantum Crypto (Q21) |
Moderator: Roberta Faux, Director of Innovation and Strategic Initiatives, Lorica Systems |
11:00 Overview of Post-Quantum Cybersecurity (Q21a) Malek Ben Salem, Technology Research Director, Security, Accenture, United States
11:30 Challenges of Integrating Hybrid Post-Quantum Cryptography in NextG Networks (Q21b) Reza Azarderakhsh, Founder and President, PQSecure Technologies, Associate Professor, Florida Atlantic University, United States
12:00 Protocol-Independent Interfaces for Hybrid/Multi-Key Exchange (Q21c) Basil Hess, Research Engineer, IBM Research, Switzerland
Certifications Programs (C22) |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA |
13:30 Protocol-Related Rules Enforcement in FIPS Validations (C22a) Stephan Mueller, Principal Consultant, atsec information security corporation, United States
14:00 SPDM Design with FIPS 140-3 Compliance (C22b) Xiaoyu Ruan, Principal Engineer, Intel, United States
14:30 Setting Up an Internal CAVP ACVTS Lab (C22c) Richard Fant, Security Researcher, Intel, United States
Random Bit Generators (RBG) (N22) |
Moderator: Marcos Portnoi, Lab Director, atsec information security corporation |
13:30 Entropy Source Validation (ESV) Demo (N22a) Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology, United States
14:00 Entropy Reviewer Panel (N22b) Moderator: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology, United States Panelists: Alex Calis, CMVP Deputy Program Manager, National Institute of Standards and Technology (NIST), United States; Tim Hall, Security Testing, Validation, and Measurement Manager Account, National Institute of Standards and Technology (NIST), United States; Allen Roginsky, Computer Scientist, National Institute of Standards and Technology (NIST), United States [60MIN]
Post-Quantum Crypto (Q22) |
Moderator: Michele Mosca, University Research Chair & Co-Founder, Institute for Quantum Computing, University of Waterloo |
13:30 Post-Quantum Crypto Side-Channel Tests and CSP Walk-Through (Q22a) Markku-Juhani Saarinen, Senior Cryptography Architect, PQShield, United Kingdom [60MIN]
14:30 The Signal Protocol for the Post-Quantum Era (Q22c) Jaimee Brown, Senior Research Engineer, Teron Labs, Australia
Certifications Programs (C23) |
Moderator: Yi Mao, Managing Director, atsec information security |
15:30 Simplification of Multiple International Standards for Cryptographic Modules (C23a) Dave Horn, Product Manager, Motorola Solutions, United States
16:00 Cryptography Standards: Bridging the Gap Between EU and US Markets (C23b) Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Management, STMicroelectronics, Secretary/Treasurer, GlobalPlatform, Belgium
16:30 PSA Arm Architecture for Independent Certification (C23c) Marcus Streets, Senior Principal Security Architect, Arm / PSA Certified, United Kingdom
Random Bit Generators (RBG) (N23) |
Moderator: Valerie Fenwick, former PKCS11 TC co-chair |
15:30 Software Random Bit Generators and the NIST SP800-90B Entropy Standard (N23a) Juan Gonzalez, Laboratory Director, Teron Labs, Australia
16:00 Experiences with the Entropy Source Validation (N23b) Marcos Portnoi, Lab Director, atsec information security, United States
16:30 The Device-Independent Approach and Standardization of QRNG (N23c) Kevin Milner, Cryptographic Engineer, Quantinuum, United Kingdom
Post-Quantum Crypto (Q23) |
Moderator: Dave Cornwell, Principal Consultant, atsec information security |
15:30 The First NIST PQC Standards (Q23a) Dustin Moody, Mathematician, National Institute of Standards and Technology, United States
16:00 Panel Discussion: Now What? Changes in the Post-Quantum Ecosystem (Q23b) Moderator: Michele Mosca, Co-Founder, President and CEO, evolutionQ, Canada Panelists: Melanie Anderson, Director, Cryptographic Security and Systems Development, Canadian Centre for Cyber Security, Canada; Anne Dames, Distinguished Engineer, IBM zSystems Crypto Technology Development, United States; Bruno Couillard, CTO, Crypto4A, Canada; Nick Hamilton, Head of Product, Quantum Security, SandboxAQ, United States[60MIN]
Certifications Programs (C30) |
Moderator: Alan Grau, VP of Sales & Business Development, PQShield, United States |
Track Sponsor
09:00 A Call to CMVP for a New Type of FIPS 140 Certificate (C30a) Alan Gornall, Consultant, Rycombe Consulting, United Kingdom
09:30 Introduction to the NCCoE CMVP and PQC Applied Crypto Projects (C30b) Murugiah Souppaya, Computer Scientist, National Institute of Standards and Technology (NIST), United States; Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology (NIST), United States; Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST), United States
10:00 Malaysian Validation Programs Overview (C30c) Nik Azura, CyberSecurity Malaysia MySEF, Malaysia; Hazlin Abdul Rani, Lab Director, CyberSecurity Malaysia MySEF, Malaysia
Post-Quantum Crypto (Q30) |
Moderator: Jason Lawlor, President, Lightship Security, Inc. |
09:00 BasQuaNA: Building a Standardized Quantum-Safe Networking Architecture (Q30a) James Goodman, Principal Security Architect, Crypto4A, Canada; Sarah McCarthy, Postdoctoral Fellow, University of Waterloo, Canada
09:30 PQ-HPKE: Post-Quantum Hybrid Public Key Encryption (Q30b) Panos Kampanakis, Sr. Security Engineer, Amazon Web Services, United States
10:00 The Evolving Security of Post Quantum Cryptography (Q30c) Luis Antonio Ruiz Lopez, Cryptographer, Lorica Cybersecurity, Canada
User Experience (U30) |
Moderator: Josh Brickman, Senior Director, Security Evaluations, Oracle |
09:00 Let’s Deep Dive Some Non-Invasive Attacks (U30a) Iain Holness, Senior Resource, Corsec, Canada
09:30 Open Source Transitioning Strategies to FIPS 140-3 (U30b) Jennifer Brady, Senior Principal Security Analyst, Oracle; Chris Brych, Senior Principal Security Analyst, Oracle, Canada
10:00 Things I Wish I Had Known About FIPS 140 When I Worked for a Vendor—The Combined FIPS Lab and Vendor Perspectives (U30c) Timothy Myers, Senior Security Engineer, UL Verification Services, United States
Embedded IoT (E31) |
Moderator: Jason Lawlor, President, Lightship Security, Inc. |
10:45 IoT Cybersecurity Improvement Act 2022 (E31a) Loren Shade, VP Marketing, Allegro Software, United States
11:15 Panel Discussion: Embedded / IoT Outlook (E31b) Moderator: John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom Panelists: Fritz Bollmann, Head of Software Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Michael Fagan, National Institute of Standards and Technology, United States; Michael Grimm, Principal Security Program Manager, Microsoft, United States; Yann L’Hyver, Senior Staff Engineer – Hardware Security Certification Qualcomm, United States; Marcus Streets, Senior Principal Security Architect, Arm / PSA Certified, United Kingdom [60MIN]
PCI (I31) |
Moderator: Ralph Poore, Director Emerging Standards, PCI Security Standards Council |
10:45 PCI Standards Update—What’s New (I31a) Andrew Jamieson, Vice President, Standards, PCI Security Standards Council, United States
11:15 Panel Discussion: State of Cryptographic Standards (I31b) Moderator: Ralph Poore, Associate Director, PCI Security Standards Council, United States Panelists: Lily Chen, Manager, Emerging Cryptographic Technology Group, National Institute of Standards and Technology, United States; Jim Northey, Director, FIX Trading Community, Chair, ISO TC68 Financial Services, United States; Jeff Stapleton, X9F4 Working Group Chair, Accredited Standards Committee X9, United Statesl; Andrew Jamieson, Vice President, Standards, PCI SSC [60MIN]
User Experience (U31) |
Moderator: Juan Gonzalez, Lab Director, Teron Labs |
10:45 Post-Quantum Cryptography and US Government Activities (U31a) Lubjana Beshaj, Cyber Fellow of Mathematics, Army Cyber Institute, Assistant Professor, Department of Mathematical Sciences, West Point, United States
11:15 Policy Implications on Cryptography in the Cybersecurity Executive Order
(U31b) Leopold Wildenauer, Policy Manager, Public Sector, Information Technology Industry Council (ITI), United States
11:45 Cryptography in the Next Generation of the Cybersecurity Framework (U31c) Cherilyn Pascoe, Senior Technology Policy Advisor, National Institute of Standards and Technology (NIST), United States
Embedded IoT (E32) |
Moderator: Loren Shade, VP Marketing, Allegro Software, and Founder, IoT Security Forum, Allegro Software |
13:30 Selected Cryptography Vulnerabilities of IoT Implementations (E32a) Paul Bottinelli, Technical Director, Cryptography Services, NCC Group, Canada
14:00 Securing the Embedded Software Supply Chain, Do You Know What is in Your Systems? (E32b) Mark Hermeling, VP Global Solutions Engineering, GrammaTech, Canada
14:30 FIPS 140 Cryptography in IoT (E32c) Kaleb Himes, Senior Software Engineer, wolfSSL, United States
PCI (I32) |
Moderator: Ralph Poore, Director Emerging Standards, PCI Security Standards Council |
13:30 PCI-HSM 4.0—Has the Introduction of ‘Cloud HSM’ Met its Target? (I32a) Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom
14:00 Understanding ASC X9 TR-31 Key Blocks, X9.143, PCI Requirements (I32b) Richard Kisley, Chief Engineer, IBM HSM, IBM, United States
14:30 ISO Format PIN Block—PCI Restrictions (I32c) Smita Mahapatra, Senior Industry Specialist, Amazon Web Services, United States
Homomorphic Encryption (H32) |
Moderator: Roberta Faux, Director of Innovation and Strategic Initiatives, Lorica Systems |
13:30 Confidential Deep Packet Inspection of Network Traffic Using Homomorphic Encryption (H32b) Yousef Sadrossadat, Lorica Cybersecurity, Canada
14:00 Fast Arithmetic Hardware Library For RLWE-Based Homomorphic Encryption (H32c) Michel Kinsy, Director – Secure, Trusted, and Assured Microelectronics (STAM) Center, Arizona State University, United States
15:15 Summary Panel Discussion: Forecasting the Next Decade—Cryptographic Nirvana or Cryptographic Apocalypse? (P33a)
On the 10th anniversary of ICMC, panelists will discuss the outlook for the next decade. Will we be protected by privacy-enhancing technologies and universal frameworks for cybersecurity? Or will we be devastated by powerful new computers and complicated, fragmented, overly-rigid standards? An expert panel from a wide range of backgrounds will prognosticate.
Moderator: Brian Wood, Program Manager, Google, United States Panelists: Matt Barrett, Former Program Manager for the NIST Cybersecurity Framework, Co-Founder and COO, CyberESI, United States; David McGrew, Cisco Fellow, Cisco Systems, United States; Ed Morris, Co-Founder, Gossamer Security Solutions, United States [60MIN]
16:15 Celebrating 10 Years of ICMC (P33b) Yi Mao, Managing Director, atsec information security corporation, United States