09:00 Welcome to Attendees (P10a) Erin Connor, Program Director, ICMC, Canada; 09:00 Welcome and Introduction (P10a) Yi Mao, Managing Director, atsec information security corporation, United States
09:10 Government Keynote (P10b) Sami Khoury, Head, Canadian Centre for Cyber Security (CCCS), Canada
09:45 Industry Keynote: The Sunburst Event—A Catalyst for Change in Regulation and Security (P10c) Tim Brown, CISO, SolarWinds, United States
Certifications Programs (C11) Validation Program Updates |
11:05 CMVP Programmatic Update (C11a) Kailai Chen, CMVP Program Manager (Canada), Canadian Centre for Cyber Security (CCCS), Canada
11:35 CAVP Programmatic Update (C11b) Chris Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States
12:05 CMVP and CAVP Automation (C11c) Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology (NIST), United States; David Hawes, Computer Scientist, National Institute of Standards and Technology (NIST), United States
Post-Quantum Crypto (Q11) Getting to PQC Migration |
11:05 RSA Will Fall, How Do We Get Back Up? (Q11a) John Gray, Senior Principal Software Developer, Entrust, Canada
11:35 Detecting the Quantum-Vulnerable Cryptography in Your Enterprise (Q11b) David McGrew, Cisco Fellow, Cisco Systems, United States
12:05 The PQC Coalition: The Bright Present and Future of PQC Migration in the Real World (Q11c) Daniel Apon, Applied Cryptography Lead, MITRE, United States
RBG/Entropy (N11) Selected Topics |
11:05 Multi-Certifiability of Cryptographic Modules: How to Make a TRNG Multi-Certifiable? (N11a) Ritu Ranjan Shrivastwa, Certification & Standardization Program Manager, Secure-IC, France
11:35 Assessing Random Bit Generator Quality with Granger Causality Extensions (N11b) Micah Thornton, Post-doctoral Researcher, University of Texas Southwestern Medical Center, Southern Methodist University, United States
12:05 Customer-Provided Entropy Provision for Virtual Machines in Hypervisor Environments (N11c) Rumman Mahmud, Staff 2 Security Compliance Engineer, VMware, United States
Certification Programs (C12) Physical Testing and ISO 19790 Updates |
13:35 EFP/EFT Testing at Security Level 3 and 4 and Remote Testing Advocacy (C12a) Renaudt Nunez, Senior Consultant/Deputy Lab Manager, atsec information security corporation, United States
14:05 ISO 19790:2024 and 24579:2024 – How is Progress and What Has Changed? (C12b) Graham Costa, Thales, United Kingdom
14:35 Adoption of the Next Version of 19790 by the CMVP (C12c) Carolyn French, Canadian Centre for Cyber Security (CCCS), Canada
Post-Quantum Crypto (Q12) Standards and Migration Efforts |
13:35 The First NIST PQC Standards (Q12a) Lily Chen, Mathematician and Manager, National Institute of Standards and Technology (NIST), United States; Dustin Moody, Mathematician, National Institute of Standards and Technology (NIST), United States
14:05 Migration to Post-Quantum Cryptography—Panel Presentation on NIST’s NCCoE Collaborative Efforts (Q12b) Leader: William Newhouse, Cybersecurity Engineer, National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST), United States, David McGrew, Cisco Fellow, Cisco Systems, Anne Dames, Distinguished Engineer, IBM zSystems Crypto Technology Development, Christian Paquin, Principal Software Engineer, Microsoft, United States, Evan Pelecky, Product Manager, Thales Trusted Cyber Technologies (TCT), United States [60MIN]
RBG/Entropy (N12) Standards and Bridging the Gaps |
13:35 Update on AIS 20/31 (N12a) Werner Schindler, Head of Section, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany
14:05 Update on SP 800-90 (N12b) John Kelsey, Computer Scientist, NIST and KU Leuven, United States
14:35 Bridging the Gap Between the SP 800-90 Series and AIS 20/31 (N12c) Kerry McKay, National Institute of Standards and Technology (NIST), United States
Certification Programs (C13) ISO 19790 and Staying Up-to-Date |
15:35 Panel: Facing the Future: The Next ISO/IEC 19790 (C13a) Leader: Yi Mao, Managing Director, atsec U.S.A., atsec information security corporation, United States, Chris Brych, Senior Principal Security Analyst, Oracle, Canada, Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada, Graham Costa, Thales, Jonathan Smith, Senior FIPS Tester, Dekra, United States [60MIN]
16:35 Staying Active (and not Historical). FIPS Programmatic Algorithm Transitions by EOY and Early 2024 (C13c) William Tung, Sr. Security Analyst, Thales, United States
Post-Quantum Crypto (Q13) Challenges and Options |
15:35 A Vendor’s View on PQC Challenges (Q13a) Quang Trinh, Certification Product Manager, Palo Alto Networks, United States
16:05 Simple and Effective Steps to Achieve Quantum Safety Today (Q13b) Daniel Shiu, Chief Cryptographer, Arqit Quantum, United Kingdom
16:35 Integrating Quantum and Post-Quantum into 140-3 Modules Today (Q13c) Jonathan Smith, Senior FIPS Tester, Dekra, United States
RBG/Entropy (N13) Testing Entropy and Health |
15:35 Tailored Health Tests for Physical Entropy Sources (N13a) Johannes Mittmann, Mathematician, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany, John Kelsey, NIST, United States
16:05 Entropy Reviewers Open Floor (N13b) Leader: Chris Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States [60MIN]
Open to everyone. Located in the Exhibit Area, Canada Hall 3, on the third floor. Catch up your colleagues for a refreshing beverage at the end of the day’s events. Thanks to the generous support of Welcome Reception Sponsor atsec.
Separate registration required. Enjoy an informal group dinner at one of Ottawa’s best restaurants in the historic Byward Market neighborhood with your ICMC colleagues. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:35 at the ICMC registration desk in the foyer and depart from there.
Certification Programs (C20) The View from NIAP |
09:00 NIAP Update (C20a) Jon Rolf, NIAP Director, NSA, United States
09:30 NIAP Entropy Analysis Report Guidance Update (C20b) Mary Baish, NSA, United States, Jon Rolf, NIAP Director, NSA
10:00 NIAP CNSA 2.0 Plans (C20c) Alison Becker, NSA, Center for Cybersecurity Standards, Rebecca Guthrie, NSA, Center for Cybersecurity Standards, United States
Post-Quantum Crypto (Q20) Implementations |
09:00 PQC – First Real Life Implementations (Q20a) Nils Gerhardt, CTO, Utimaco, Germany
09:30 Implementing a Post-Quantum End-To-End Encrypted Messaging Service (Q20b) Jaimee Brown, Senior Research Engineer, Teron Labs, Australia
10:00 Challenges of Hardware Chips Based on Post-Quantum Cryptographic and Physical Security Requirements (Q20c) Reza Azarderakhsh, CTO, Florida Atlantic University, United States
Open-Source Cryptography (S20) Selected Topics |
09:00 The Legion Goes Native, Experiences and Findings in the Hardware Jungle (S20a) David Hook, VP Software Engineering, Legion of the Bouncy Castle/Keyfactor, Australia
09:30 Update on PKCS #11 3.1/3.2 (S20b) Robert Relyea, Principle Programmer, Red Hat, United States
10:00 A Practical Guide for Proactive Key Management and PQ Readiness Using KMIP (S20c) Tony Cox, Consultant, TC Logic, Australia
Certification Programs (C21) Equivalency for Module Environments |
11:00 NIAP Equivalency Revisited (C21a) Jade Stewart, NIAP Staff, NIAP, United States
11:30 Panel Discussion: CPU Equivalency (C21b) Leader: Kevin Micciche, Senior Manager, Product Trust and Assurance, Aruba, United States [60MIN]
Post-Quantum Crypto (Q21) Controversy and Trends |
11:00 Lattice Cryptography Exposed! (Q21a) Luis Antonio Ruiz Lopez, Cryptographer, Lorica Cybersecurity, Canada
11:30 Panel Discussion: Trends and Issues in Post Quantum Cryptography (Q21b) Leader: Michele Mosca, University Research Chair & Co-Founder, Institute for Quantum Computing, EvolutionQ, Canada [60MIN]
Open-Source Cryptography (S21) Invited Speakers |
11:00 Formal Verification of Modern Cryptographic Algorithms in Software and Hardware (S21a) Ian Blumenfeld, Research Director – High Assurance Solutions, Two Six Technologies, United States
11:30 Open Quantum Safe Project (S21b) Douglas Stebila, Associate Professor of Cryptography, Department of Combinatorics & Optimization, University of Waterloo, Canada
12:00 Open SSL Update (S21c) Anton Arapov, Engineering Manager, OpenSSL Software Foundation, Czechia
Certification Programs (C22) Security and/or Compliance? |
13:30 Security: The Second Wave of Convergence (C22a) Dan O’Loughlin, Vice President, Engineering, Qualcomm Technologies Incorporated, United States
14:00 Panel Discussion: Security vs Compliance Part 2 (C22b) Leader: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States [60MIN]
Post-Quantum Crypto (Q22) Lattice and Hash-Based Cryptography |
13:30 Kyber and Dilithium Real Life Lessons (Q22a) Stephan Mueller, Primary Security Consultant, atsec information security corporation, United States
14:00 The State of the Art in Stateful Hash-Based Signatures (Q22b) Jim Goodman, Principal Security Architect, Crypto4A Technologies, Canada
14:30 Reimagining the State: Hash-Based Signatures in Merkle Tree Ladder Mode (Q22c) Burt Kaliski, Senior Vice President and Chief Technology Officer, Verisign, United States
Crypto Technology (G22) Problems for Resolution |
13:30 CVE-2022-37454: A Buffer Overflow Vulnerability Affecting Implementations of SHA-3 (G22a) Nicky Mouha, Researcher, Strativia, United States
14:00 Equivalence Classes in AES (G22b) David Cornwell, Principal Cryptographic and Security Consultant, atsec information security corporation, United States
14:30 Filling the Gaps in FIPS Cryptography (G22c) Joachim Vandersmissen, IT Security Consultant, atsec information security corporation, United States
Certification Programs (C23) Quantum Certification |
15:30 Introduction of Quantum Safe Equipment Certification Program in Korea (C23a) Min Hyung Kim, Project Manage for QKD Network, SK Telecom, South Korea
16:00 Panel Discussion: Towards Certification of Quantum Technologies (C23b) Leader: Sarah McCarthy, Cryptographic Strategist, EvolutionQ, Canada [60MIN]
Implementing Crypto Cybersecurity (U23) Selected Topics |
15:30 CVE Management: When is the Right Time to Revalidate? (U23a) Jennifer Brady, Senior Principal Security Analyst, Oracle, United States
16:00 Mitigating Non-Invasive Attacks (U23b) Iain Holness, Senior Program Manager – Common Criteria, Corsec Security, United States
16:30 A Modern Approach to HSM Form Factors (U23c) John O’Connor, VP Product Management, Crypto4A Technologies, Canada
Crypto Technology (G23) Cloud and Cryptography |
15:30 Panel Discussion: Trends and Issues in Cloud Computing Cryptography (G23a) Leader: Troy Leach, Chief Strategy Officer, Cloud Security Alliance, United States, Mark Bower, Vice President, Product Management, Anjuna Security, United States, Sam Pfanstiel, Principal Security Consultant, Coalfire, United States [60MIN]
16:30 AWS-Libcrypto Integrations (G23c) Dusan Kostic, Applied Scientist, Amazon Web Services (AWS), United States
We’re continuing our tradition of Thursday evening receptions. It’s an opportunity for all conference registrants to catch up with colleagues and start new conversations. Thanks to the generous support of Thursday Reception Sponsor Crypto4A.
Certification Programs (C30) Competing or Complimentary Objectives? |
09:00 Satisfying Seemingly Divergent Requirements—Taking Common Criteria into Consideration When Architecting Products for FIPS 140 Certifiability, What the FIPS Certification Specialist Needs to Know (C30a) Kelvin Desplanque, Platform Architect, Intel, Canada; Alicia Squires, Principal FIPS Technical Program Manager, Amazon Web Services (AWS), United States
09:30 Panel: Bringing Crypto Compliance and Validation Testing Objectives Together for FIPS 140-3 (C30b) Leader: Apostol Vassilev, Research Supervisor, National Institute of Standards and Technology (NIST), United States Panelists: Rochelle Casey, Principal Program Manager, Amazon Web Services (AWS), United States; Barry Fussell, Software Technical Leader, Cisco, United States; Andrew Karcher, Software Engineer, Cisco, United States; Yi Mao, VP, Lab Director, atsec information security, United States; Stephan Mueller, Principal Consultant, atsec information security, United States; Murugiah Souppaya, Computer Scientist, National Institute of Standards and Technology (NIST), United States [60MIN]
PCI (I30) Cryptography in the Payment Card Industry |
09:00 Updates in PCI Security Standards Council (I30a) Tim Cormier, Director of Lab Solutions, Payment Card Industry Security Standards Council (PCI SSC), United States
09:30 Payment Cryptography and the Cloud: Industry Trends in 2023 (I30b) Adam Cason, VP, Global and Strategic Alliances, Futurex, United States, Tim Cormier, Device Standards, PCI Security Standards Council, United States
10:00 Evolution of Payment HSM Standards (I30c) Tim Winston, Principal Industry Specialist, Amazon Web Services (AWS), United States; Smita Mahapatra, Senior Industry Specialist, Amazon Web Services (AWS)
Crypto Technology (G30) Multi-Party Schemes and Attestation |
09:00 NIST Call for Multi-Party Threshold Schemes: Brief Notes at ICMC 2023 (G30a) Luis Brandeo, Researcher, National Institute of Standards and Technology (NIST), United States
09:30 Attestation and FIPS: Past, Present and Future (G30b) Alessandro Fazio, atsec information security corporation, Italy
10:00 Doing Key Attestation Inside a FIPS Boundary and CA/B Forum BRs (G30c) Mike Ounsworth, Software Security Architect, Entrust, Canada
Certification Programs (C31) Selected Topics |
10:45 FIPS Physical Testing: A Ridiculous(ly) Informative Tutorial (C31a) Seamus Mulready, Cryptographic Securty Tester (FIPS), Lightship Security, Inc., Canada
11:15 Panel: Looking beyond 1SUBs (C31b) Leader: Bishakha Banerjee, Director – VMware Trust and Assurance, VMware, United States [60MIN]
PCI (I31) Status of, and Contributions to, Standards |
10:45 You Can Change the Future: Your Voice at the Foundation of Payment Security (I31a) Richard Kisley, Chief Engineer, IBM HSM, IBM, United States
11:15 Panel: Status of Cryptographic Security Standards (I31b) Leader: Ralph Poore, Associate Director, Payment Card Industry Security Standards Council (PCI SSC), United States Panelists: Lily Chen, Mathematician and Manager, National Institute of Standards and Technology (NIST), United States; Tim Cormier, Senior Manager, Device Standards, PCI Security Standards Council, United States; Richard Kisley, Chief Engineer, IBM HSM, IBM, United States; Jeff Stapleton, X9F4 Working Group Chair, Accredited Standards Committee X9, United States
[60MIN]
Crypto Technology (G31) Potential Applications |
10:45 Physically Uncloneable Function (PUF) in CMVP Modules (G31a) Sylvain Guilley, CTO, Secure-IC, France
11:15 Pre-silicon Side Channel Analysis for Certification (and Development) (G31b) Jasper van Woudenberg, CTO North America, Riscure, United States
11:45 Challenges in Automating Formal Methods for Cryptographic Algorithm Validation and Protocol Verification—The Use of Experimental Platform (G31c) Elzbieta Andrukiewicz, Head of Cybersecurity Department, National Institute of Telecommunications, Poland
Certification Programs (C32) CMVP Queue and a Research Topic |
13:30 Software Modules: Is It Time To Update Tested Configurations? (C32a) Kaleb Himes, Senior Software Engineer, wolfSSL, United States
14:00 Panel/Open Floor: Ideas and Issues for Speeding Up the CMVP Queue (C32b) Leader: Nithya Rachamadugu, VP Cybersecurity Certification, Dekra, United States Panelists: Jake Bajic, Director, Product Line Manager, Palo Alto Networks, United States; Carol Cantlon, Quality Manager Lightship Security, Canada [60MIN]
Embedded/IoT (E32) Trends and Issues |
13:30 Panel: Trends and Issues in IoT Cryptography (E32a) Leader: Loren Shade, Founder, IoT Security Forum, & VP Marketing, Allegro Software, United States [60MIN]
14:00 Lightweight Encryption (E32b) Speaker TBA
Crypto Technology (G32) Homomorphic Encryption and Privacy |
13:30 Practical Open-Source Fully Homomorphic Encryption with the OpenFHE Software Library (G32a) Kurt Rohloff, Co-Founder, OpenFHE, CTO & Co-Founder, Duality Technologies, United States
14:00 Enabling Large-Scale Privacy-Preserving Recurrent Neural Networks with Fully Homomorphic Encryption (G32b) Vele Tosevski, MASc Candidate, University of Toronto, Canada
14:30 Enhancing Privacy in the Age of AI: Cryptographic Schemes for Identity (G32c) Christian Paquin, Principal Software Engineer, Microsoft, United States
15:15 Summary Panel Discussion TBA (P33a)
16:15 Closing Remarks (P33b)