Conference Agenda 2022

11:15 Cryptography Validation Programs Status (C11a) Tim Hall, Security Testing, Validation, and Measurement Manager, National Institute of Standards and Technology, United States

11:45 CMVP Programmatic Update (C11b) Beverly Trapnell, CMVP Program Manager (US), NIST, United States; Sonia Roux, CCCS CMVP, Acting Supervisor, United States

12:15 CAVP Programmatic Update (C11c) Chris Celi, CAVP Program Manager, National Institute of Standards and Technology, United States

11:15 OpenSSL Update (S11a) Martin Koci, Head of Avast Engineering Enabling Team and the OpenSSL Contributor, Avast, Czech Republic

11:45 AWS-Libcrypto and FIPS 140-3 (S11b) Daryl Martin, Manager, Amazon Web Services, Canada

12:15 Implementing the Post Quantum Survivors (S11c) David Hook, VP Software Engineering, Crypto Workshop, Legion of the Bouncy Castle/Keyfactor, Australia

11:15 Building Open Hardware Security Ecosystems (G11a) Colin O’Flynn, CTO, NewAE Technology, United States

11:45 NIST Crypto Publication Review Project (G11b) Meltem Sonmez Turan, Mathematician, National Institute of Standards and Technology, United States

12:15 NIST’s Crypto Publications Review: Block Cipher Modes of Operation: Status Update (G11c) Nicky Mouha, Researcher, Strativia, United States

13:45 CMVP Automation (C12a) David Hawes, Computer Scientist, National Institute of Standards and Technology, United States; Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology, United States

14:15 CMVP IGs and SP 800-140X Updates (C12b) Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States; Kim Schaffer, IT Specialist, Cybersecurity, National Institute of Standards and Technology, United States

14:45 NIST Handbook 150-17 Updates (C12c) Jim Fox, Computer Scientist, National Institute of Standards and Technology, United States; Ben Livelsberger, CAVP Computer Scientist, National Institute of Standards and Technology, United States; Brad Moore, NVLAP CSTL Lead, National Institute of Standards and Technology, United States

13:45 Transitioning Open Source Modules from FIPS-140-2 to FIPS-140-3 (S12a) Robert Relyea, Co-Chair OASIS PKCS #11, Principle Programmer, Red Hat, United States

14:15 The Rust Cryptographic Library Ecosystem (S12b) Joachim Vandersmissen, Consultant, atsec information security corporation, United States

14:45 What Would It Take to Replace OpenSSL? (S12c) Rich Salz, Senior Architect, Akamai Technologies, United States

13:45 Privacy-Friendly QR Codes for Identity (G12a) Christian Paquin, Principal Program Manager, Microsoft, United States

14:15 The Security Product Engineering Certification Gap Analysis—The Proverbial Elephant in the Room (G12b) Kelvin Desplanque, Senior Program Manager, Microsoft, Canada

14:45 Cryptographic Interfaces for Secure IoT Devices (G12c) Kris Kwiatkowski, Senior Cryptography Engineer, PQShield, United Kingdom

15:45 NIST and NIAP Working Together (C13a) Cheri Ellis, National Information Assurance Partnership (NIAP), United States; Tim Hall, STVM Manager, National Institute of Standards and Technology, United States

16:15 Panel Discussion: Maintaining Validation for Module Updates (C13b) Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States Panelists: Tim Hall, STVM Manager, National Institute of Standards and Technology, United States; Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States; Alicia Squires, Principal TPM for FIPS, AWS Cryptography, United States [60MIN]

15:45 Quorate Operations with OASIS SAM Threshold Sharing Scheme (S13a) Tony Cox, Consultant, TC Logic, Australia

16:15 OASIS PKCS #11 Update (S13b) Robert Relyea, Co-Chair OASIS PKCS #11, Principle Programmer, Red Hat, United States

16:45 Update on OASIS Key Management Interoperability Protocol (KMIP) (S13c) Tony Cox, Consultant, TC Logic, Australia

15:45 Fitting Token-Based Authentication to FIPS 140-3 (G13a) Yi Mao, Managing Director, atsec information security corporation, United States; Volker Urban, IBM, Germany

16:15 Panel Discussion: Lightweight Crypto Outlook (G13b) Moderator: Loren Shade, VP Marketing, Allegro Software, United States Panelists: Santosh Ghosh, Intel Labs, United States; Kerry McKay, Computer Scientist, National Institute of Standards and Technology, United States; Markku-Juhani Saarinen, Senior Cryptography Architect, PQShield, United Kingdom
[60MIN]

09:00 Out of Bounds—A Look into FIPS 140-3 Boundary Definitions and Requirements (C20a) Renaudt Nunez, Senior Consultant, Deputy CST Lab Manager, atsec information security corporation, United States

09:30 360° View of FIPS 140-3 Certification (C20b) Yi Mao, Managing Director, atsec information security corporation, United States; Swapneela Unkule, atsec information security corporation, United States

10:00 140-3 for a 140-2 Module; Some Gotchas (C20c) Jonathan Smith, Senior Security Tester, DEKRA, United States

09:00 Update on the NIST SP 800-90 Series (N20a) Kerry McKay, Computer Scientist, National Institute of Standards and Technology, United States

09:30 Update on AIS 20/31 (N20b) Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany

10:00 Comparison of Functionality Classes AIS 20/31 and Constructions of SP 800 90 (N20c) Meltem Sonmez Turan, Mathematician, National Institute of Standards and Technology, United States; Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany

09:00 HSM Virtualization and Multitenancy: Strategies and Considerations (G20a) Adam Cason, VP, Global and Strategic Alliances, Futurex, United States

09:30 Emerging Trends That Will Challenge the Security Status Quo (G20b) Troy Leach, Chief Strategy Officer, Cloud Security Alliance, United States

10:00 PKI and Authentication (G20c) Wes Kussmaul, President, The Authenticity Alliance, United States

11:00 NIAP Update (C21a) Jon Rolf, Director, National Information Assurance Partnership (NIAP), United States

11:30 Single-Chip and Bound/Embedded Working Group Updates (C21b) Marc Ireland, Security Certification Expert, NXP Semiconductors, United States

12:00 ISO/IEC 19790—Where to Next? (C21c) Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom

11:00 Stochastic Models for Entropy Estimation (N21a) John Kelsey, Computer Scientist, National Institute of Standards and Technology, United States and Johannes Mittmann, Mathematician, BSI, Germany

[60MIN]

12:00 Self-Evaluating True Random Number Generators (N21c) Sylvain Guilley, CTO, Secure-IC, France

11:00 Overview of Post-Quantum Cybersecurity (Q21a) Malek Ben Salem, Technology Research Director, Security, Accenture, United States

11:30 Challenges of Integrating Hybrid Post-Quantum Cryptography in NextG Networks (Q21b) Reza Azarderakhsh, Founder and President, PQSecure Technologies, Associate Professor, Florida Atlantic University, United States

12:00 Protocol-Independent Interfaces for Hybrid/Multi-Key Exchange (Q21c) Basil Hess, Research Engineer, IBM Research, Switzerland

13:30 Protocol-Related Rules Enforcement in FIPS Validations (C22a) Stephan Mueller, Principal Consultant, atsec information security corporation, United States

14:00 SPDM Design with FIPS 140-3 Compliance (C22b) Xiaoyu Ruan, Principal Engineer, Intel, United States

14:30 Setting Up an Internal CAVP ACVTS Lab (C22c) Richard Fant, Security Researcher, Intel, United States

13:30 Entropy Source Validation (ESV) Demo (N22a) Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology, United States

14:00 Entropy Reviewer Panel (N22b) Moderator: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology, United States Panelists: Alex Calis, CMVP Deputy Program Manager, National Institute of Standards and Technology (NIST), United States; Tim Hall, Security Testing, Validation, and Measurement Manager Account, National Institute of Standards and Technology (NIST), United States; Allen Roginsky, Computer Scientist, National Institute of Standards and Technology (NIST), United States [60MIN]

13:30 Post-Quantum Crypto Side-Channel Tests and CSP Walk-Through (Q22a) Markku-Juhani Saarinen, Senior Cryptography Architect, PQShield, United Kingdom [60MIN]

14:30 The Signal Protocol for the Post-Quantum Era (Q22c) Jaimee Brown, Senior Research Engineer, Teron Labs, Australia

15:30 Simplification of Multiple International Standards for Cryptographic Modules (C23a) Dave Horn, Product Manager, Motorola Solutions, United States

16:00 Cryptography Standards: Bridging the Gap Between EU and US Markets (C23b) Olivier Van Nieuwenhuyze, Security Lobbying & Standardization Senior Management, STMicroelectronics, Secretary/Treasurer, GlobalPlatform, Belgium

16:30 PSA Arm Architecture for Independent Certification (C23c) Marcus Streets, Senior Principal Security Architect, Arm / PSA Certified, United Kingdom

15:30 Software Random Bit Generators and the NIST SP800-90B Entropy Standard (N23a) Juan Gonzalez, Laboratory Director, Teron Labs, Australia

16:00 Experiences with the Entropy Source Validation (N23b) Marcos Portnoi, Lab Director, atsec information security, United States

16:30 The Device-Independent Approach and Standardization of QRNG (N23c) Kevin Milner, Cryptographic Engineer, Quantinuum, United Kingdom

15:30 The First NIST PQC Standards (Q23a) Dustin Moody, Mathematician, National Institute of Standards and Technology, United States

16:00 Panel Discussion: Now What? Changes in the Post-Quantum Ecosystem (Q23b) Moderator: Michele Mosca, Co-Founder, President and CEO, evolutionQ, Canada Panelists: Melanie Anderson, Director, Cryptographic Security and Systems Development, Canadian Centre for Cyber Security, Canada; Anne Dames, Distinguished Engineer, IBM zSystems Crypto Technology Development, United States; Bruno Couillard, CTO, Crypto4A, Canada; Nick Hamilton, Head of Product, Quantum Security, SandboxAQ, United States[60MIN]

 Track Sponsor

09:00 A Call to CMVP for a New Type of FIPS 140 Certificate (C30a) Alan Gornall, Consultant, Rycombe Consulting, United Kingdom

09:30 Introduction to the NCCoE CMVP and PQC Applied Crypto Projects (C30b) Murugiah Souppaya, Computer Scientist, National Institute of Standards and Technology (NIST), United States; Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology (NIST), United States; Bill Newhouse, Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST), United States

10:00 Malaysian Validation Programs Overview (C30c) Nik Azura, CyberSecurity Malaysia MySEF, Malaysia; Hazlin Abdul Rani, Lab Director, CyberSecurity Malaysia MySEF, Malaysia

09:00 BasQuaNA: Building a Standardized Quantum-Safe Networking Architecture (Q30a) James Goodman, Principal Security Architect, Crypto4A, Canada; Sarah McCarthy, Postdoctoral Fellow, University of Waterloo, Canada

09:30 PQ-HPKE: Post-Quantum Hybrid Public Key Encryption (Q30b) Panos Kampanakis, Sr. Security Engineer, Amazon Web Services, United States

10:00 The Evolving Security of Post Quantum Cryptography (Q30c) Luis Antonio Ruiz Lopez, Cryptographer, Lorica Cybersecurity, Canada

09:00 Let’s Deep Dive Some Non-Invasive Attacks (U30a) Iain Holness, Senior Resource, Corsec, Canada

09:30 Open Source Transitioning Strategies to FIPS 140-3 (U30b) Jennifer Brady, Senior Principal Security Analyst, Oracle; Chris Brych, Senior Principal Security Analyst, Oracle, Canada

10:00 Things I Wish I Had Known About FIPS 140 When I Worked for a Vendor—The Combined FIPS Lab and Vendor Perspectives (U30c) Timothy Myers, Senior Security Engineer, UL Verification Services, United States

10:45 IoT Cybersecurity Improvement Act 2022 (E31a) Loren Shade, VP Marketing, Allegro Software, United States

11:15 Panel Discussion: Embedded / IoT Outlook (E31b) Moderator: John Boggie, Director, Head of Cybersecurity Certification, NXP Semiconductors, United Kingdom Panelists: Fritz Bollmann, Head of Software Certification, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; Michael Fagan, National Institute of Standards and Technology, United States; Michael Grimm, Principal Security Program Manager, Microsoft, United States; Yann L’Hyver, Senior Staff Engineer – Hardware Security Certification Qualcomm, United States; Marcus Streets, Senior Principal Security Architect, Arm / PSA Certified, United Kingdom [60MIN]

10:45 PCI Standards Update—What’s New (I31a) Andrew Jamieson, Vice President, Standards, PCI Security Standards Council, United States

11:15 Panel Discussion: State of Cryptographic Standards (I31b) Moderator: Ralph Poore, Associate Director, PCI Security Standards Council, United States Panelists: Lily Chen, Manager, Emerging Cryptographic Technology Group, National Institute of Standards and Technology, United States; Jim Northey, Director, FIX Trading Community, Chair, ISO TC68 Financial Services, United States; Jeff Stapleton, X9F4 Working Group Chair, Accredited Standards Committee X9, United Statesl; Andrew Jamieson, Vice President, Standards, PCI SSC [60MIN]

10:45 Post-Quantum Cryptography and US Government Activities (U31a) Lubjana Beshaj, Cyber Fellow of Mathematics, Army Cyber Institute, Assistant Professor, Department of Mathematical Sciences, West Point, United States

11:15 Policy Implications on Cryptography in the Cybersecurity Executive Order
(U31b) Leopold Wildenauer, Policy Manager, Public Sector, Information Technology Industry Council (ITI), United States

11:45 Cryptography in the Next Generation of the Cybersecurity Framework (U31c) Cherilyn Pascoe, Senior Technology Policy Advisor, National Institute of Standards and Technology (NIST), United States

13:30 Selected Cryptography Vulnerabilities of IoT Implementations (E32a) Paul Bottinelli, Technical Director, Cryptography Services, NCC Group, Canada

14:00 Securing the Embedded Software Supply Chain, Do You Know What is in Your Systems? (E32b) Mark Hermeling, VP Global Solutions Engineering, GrammaTech, Canada

14:30 FIPS 140 Cryptography in IoT (E32c) Kaleb Himes, Senior Software Engineer, wolfSSL, United States

13:30 PCI-HSM 4.0—Has the Introduction of ‘Cloud HSM’ Met its Target? (I32a) Graham Costa, Co-Editor ISO/IEC 19790, Security and Certifications Manager, Thales, United Kingdom

14:00 Understanding ASC X9 TR-31 Key Blocks, X9.143, PCI Requirements (I32b) Richard Kisley, Chief Engineer, IBM HSM, IBM, United States

14:30 ISO Format PIN Block—PCI Restrictions (I32c) Smita Mahapatra, Senior Industry Specialist, Amazon Web Services, United States

13:30 Confidential Deep Packet Inspection of Network Traffic Using Homomorphic Encryption (H32b) Yousef Sadrossadat, Lorica Cybersecurity, Canada

14:00 Fast Arithmetic Hardware Library For RLWE-Based Homomorphic Encryption (H32c) Michel Kinsy, Director – Secure, Trusted, and Assured Microelectronics (STAM) Center, Arizona State University, United States