September 20-22 2023 | Shaw Centre, Ottawa, Ontario, Canada.

Conference Agenda 2023

Wednesday 20 September

08:00-09:00 Registration

Parliament Foyer

09:00-10:30 Plenary Keynote Session

Canada Hall 3

09:00 Welcome to Attendees (P10a) Erin Connor, Program Director, ICMC, Canada; 09:00 Welcome and Introduction (P10a) Yi Mao, Managing Director, atsec information security corporation, United States

09:10 Government Keynote (P10b) Sami Khoury, Head, Canadian Centre for Cyber Security (CCCS), Canada


10:20-11:05 Networking Break in Exhibits

Canada Hall 3

11:05-12:35 Track Sessions

Room 215
Certifications Programs (C11)
Validation Program Updates

11:05 CMVP Programmatic Update (C11a) Kailai Chen, CMVP Program Manager (Canada), Canadian Centre for Cyber Security (CCCS), Canada


11:35 CAVP Programmatic Update (C11b) Chris Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States


12:05 CMVP and CAVP Automation (C11c) Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology (NIST), United States; David Hawes, Computer Scientist, National Institute of Standards and Technology (NIST), United States

Room 213
Post-Quantum Crypto (Q11)
Getting to PQC Migration

11:05 RSA Will Fall, How Do We Get Back Up? (Q11a) John Gray, Senior Principal Software Developer, Entrust, Canada


11:35 Detecting the Quantum-Vulnerable Cryptography in Your Enterprise (Q11b) David McGrew, Cisco Fellow, Cisco Systems, United States


12:05 The PQC Coalition: The Bright Present and Future of PQC Migration in the Real World (Q11c) Daniel Apon, Applied Cryptography Lead, MITRE, United States

Room 212
RBG/Entropy (N11)
Selected Topics

11:05 Multi-Certifiability of Cryptographic Modules: How to Make a TRNG Multi-Certifiable? (N11a) Ritu Ranjan Shrivastwa, Certification & Standardization Program Manager, Secure-IC, France


11:35 Assessing Random Bit Generator Quality with Granger Causality Extensions (N11b) Micah Thornton, Post-doctoral Researcher, University of Texas Southwestern Medical Center, Southern Methodist University, United States


12:05 Customer-Provided Entropy Provision for Virtual Machines in Hypervisor Environments (N11c) Rumman Mahmud, Staff 2 Security Compliance Engineer, VMware, United States

12:35-13:35 Lunch in Exhibit Area

Canada Hall 3

13:35-15:05 Track Presentations

Room 215
Certification Programs (C12)
Physical Testing and ISO 19790 Updates

13:35 EFP/EFT Testing at Security Level 3 and 4 and Remote Testing Advocacy (C12a) Renaudt Nunez, Senior Consultant/Deputy Lab Manager, atsec information security corporation, United States


14:05 ISO 19790:2024 and 24579:2024 – How is Progress and What Has Changed? (C12b) Graham Costa, Thales, United Kingdom


14:35 Adoption of the Next Version of 19790 by the CMVP (C12c) Carolyn French, Canadian Centre for Cyber Security (CCCS), Canada

Room 213
Post-Quantum Crypto (Q12)
Standards and Migration Efforts

13:35 The First NIST PQC Standards (Q12a) Lily Chen, Mathematician and Manager, National Institute of Standards and Technology (NIST), United States; Dustin Moody, Mathematician, National Institute of Standards and Technology (NIST), United States


14:05 Migration to Post-Quantum Cryptography—Panel Presentation on NIST’s NCCoE Collaborative Efforts (Q12b) Leader: William Newhouse, Cybersecurity Engineer, National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST), United States, David McGrew, Cisco Fellow, Cisco Systems, Anne Dames, Distinguished Engineer, IBM zSystems Crypto Technology Development, Christian Paquin, Principal Software Engineer, Microsoft, United States, Evan Pelecky, Product Manager, Thales Trusted Cyber Technologies (TCT), United States [60MIN]

Room 212
RBG/Entropy (N12)
Standards and Bridging the Gaps

13:35 Update on AIS 20/31 (N12a) Werner Schindler, Head of Section, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany


14:05 Update on SP 800-90 (N12b) John Kelsey, Computer Scientist, NIST and KU Leuven, United States


14:35 Bridging the Gap Between the SP 800-90 Series and AIS 20/31 (N12c) Kerry McKay, National Institute of Standards and Technology (NIST), United States

15:05-15:35 Networking Break in Exhibits

Canada Hall 3

15:35-17:05 Track Sessions

Room 215
Certification Programs (C13)
ISO 19790 and Staying Up-to-Date

15:35 Panel: Facing the Future: The Next ISO/IEC 19790 (C13a) Leader: Yi Mao, Managing Director, atsec U.S.A., atsec information security corporation, United States, Chris Brych, Senior Principal Security Analyst, Oracle, Canada, Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada, Graham Costa, Thales, Jonathan Smith, Senior FIPS Tester, Dekra, United States [60MIN]


16:35 Staying Active (and not Historical). FIPS Programmatic Algorithm Transitions by EOY and Early 2024 (C13c) William Tung, Sr. Security Analyst, Thales, United States


Room 213
Post-Quantum Crypto (Q13)
Challenges and Options

15:35 A Vendor’s View on PQC Challenges (Q13a) Quang Trinh, Certification Product Manager, Palo Alto Networks, United States


16:05 Simple and Effective Steps to Achieve Quantum Safety Today (Q13b) Daniel Shiu, Chief Cryptographer, Arqit Quantum, United Kingdom


16:35 Integrating Quantum and Post-Quantum into 140-3 Modules Today (Q13c) Jonathan Smith, Senior FIPS Tester, Dekra, United States

Room 212
RBG/Entropy (N13)
Testing Entropy and Health

15:35 Tailored Health Tests for Physical Entropy Sources (N13a) Johannes Mittmann, Mathematician, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany, John Kelsey, NIST, United States


16:05 Entropy Reviewers Open Floor (N13b) Leader: Chris Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States [60MIN]


17:05-18:35 Welcome Reception in Exhibits

Open to everyone. Located in the Exhibit Area, Canada Hall 3, on the third floor. Catch up your colleagues for a refreshing beverage at the end of the day’s events. Thanks to the generous support of Welcome Reception Sponsor atsec.

18:35-21:00 Dine-Around Ottawa

Separate registration required. Enjoy an informal group dinner at one of Ottawa’s best restaurants in the historic Byward Market neighborhood with your ICMC colleagues. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:35 at the ICMC registration desk in the foyer and depart from there.

Thursday 21 September

08:00-09:00 Coffee in the Exhibits

Canada Hall 3

09:00 - 10:30 Track Sessions

Room 215
Certification Programs (C20)
The View from NIAP

09:00 NIAP Update (C20a) Jon Rolf, NIAP Director, NSA, United States


09:30 NIAP Entropy Analysis Report Guidance Update (C20b) Mary Baish, NSA, United States, Jon Rolf, NIAP Director, NSA


10:00 NIAP CNSA 2.0 Plans (C20c) Alison Becker, NSA, Center for Cybersecurity Standards, Rebecca Guthrie, NSA, Center for Cybersecurity Standards, United States

Room 213
Post-Quantum Crypto (Q20)
Implementations

09:00 PQC – First Real Life Implementations (Q20a) Nils Gerhardt, CTO, Utimaco, Germany


09:30 Implementing a Post-Quantum End-To-End Encrypted Messaging Service (Q20b) Jaimee Brown, Senior Research Engineer, Teron Labs, Australia


10:00 Challenges of Hardware Chips Based on Post-Quantum Cryptographic and Physical Security Requirements (Q20c) Reza Azarderakhsh, CTO, Florida Atlantic University, United States

Room 212
Open-Source Cryptography (S20)
Selected Topics

09:00 The Legion Goes Native, Experiences and Findings in the Hardware Jungle (S20a) David Hook, VP Software Engineering, Legion of the Bouncy Castle/Keyfactor, Australia


09:30 Update on PKCS #11 3.1/3.2 (S20b) Robert Relyea, Principle Programmer, Red Hat, United States


10:00 A Practical Guide for Proactive Key Management and PQ Readiness Using KMIP (S20c) Tony Cox, Consultant, TC Logic, Australia

10:30-11:00 Networking Break in Exhibits

Canada Hall 3

11:00-12:30 Track Sessions

Room 215
Certification Programs (C21)
Equivalency for Module Environments

11:00 NIAP Equivalency Revisited (C21a) Jade Stewart, NIAP Staff, NIAP, United States


11:30 Panel Discussion: CPU Equivalency (C21b) Leader: Kevin Micciche, Senior Manager, Product Trust and Assurance, Aruba, United States [60MIN]

Room 213
Post-Quantum Crypto (Q21)
Controversy and Trends

11:00 Lattice Cryptography Exposed! (Q21a) Luis Antonio Ruiz Lopez, Cryptographer, Lorica Cybersecurity, Canada


11:30 Panel Discussion: Trends and Issues in Post Quantum Cryptography (Q21b) Leader: Michele Mosca, University Research Chair & Co-Founder, Institute for Quantum Computing, EvolutionQ, Canada [60MIN]

Room 212
Open-Source Cryptography (S21)
Invited Speakers

11:00 Formal Verification of Modern Cryptographic Algorithms in Software and Hardware (S21a) Ian Blumenfeld, Research Director – High Assurance Solutions, Two Six Technologies, United States


11:30 Open Quantum Safe Project (S21b) Douglas Stebila, Associate Professor of Cryptography, Department of Combinatorics & Optimization, University of Waterloo, Canada


12:00 Open SSL Update (S21c) Anton Arapov, Engineering Manager, OpenSSL Software Foundation, Czechia

12:30-13:30 Lunch in Exhibit Area

Canada Hall 3

13:30-15:00 Track Sessions

Room 215
Certification Programs (C22)
Security and/or Compliance?

13:30 Security: The Second Wave of Convergence (C22a) Dan O’Loughlin, Vice President, Engineering, Qualcomm Technologies Incorporated, United States


14:00 Panel Discussion: Security vs Compliance Part 2 (C22b) Leader: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States [60MIN]

Room 213
Post-Quantum Crypto (Q22)
Lattice and Hash-Based Cryptography

13:30 Kyber and Dilithium Real Life Lessons (Q22a) Stephan Mueller, Primary Security Consultant, atsec information security corporation, United States


14:00 The State of the Art in Stateful Hash-Based Signatures (Q22b) Jim Goodman, Principal Security Architect, Crypto4A Technologies, Canada


14:30 Reimagining the State: Hash-Based Signatures in Merkle Tree Ladder Mode (Q22c) Burt Kaliski, Senior Vice President and Chief Technology Officer, Verisign, United States

Room 212
Crypto Technology (G22)
Problems for Resolution

13:30 CVE-2022-37454: A Buffer Overflow Vulnerability Affecting Implementations of SHA-3 (G22a) Nicky Mouha, Researcher, Strativia, United States


14:00 Equivalence Classes in AES (G22b) David Cornwell, Principal Cryptographic and Security Consultant, atsec information security corporation, United States


14:30 Filling the Gaps in FIPS Cryptography (G22c) Joachim Vandersmissen, IT Security Consultant, atsec information security corporation, United States

15:00-15:30 Networking Break in Exhibits

Exhibits End at 15:30
Canada Hall 3

15:30 - 17:00 Track Sessions

Room 215
Certification Programs (C23)
Quantum Certification

15:30 Introduction of Quantum Safe Equipment Certification Program in Korea (C23a) Min Hyung Kim, Project Manage for QKD Network, SK Telecom, South Korea


16:00 Panel Discussion: Towards Certification of Quantum Technologies (C23b) Leader: Sarah McCarthy, Cryptographic Strategist, EvolutionQ, Canada [60MIN]

Room 213
Implementing Crypto Cybersecurity (U23)
Selected Topics

15:30 CVE Management: When is the Right Time to Revalidate? (U23a) Jennifer Brady, Senior Principal Security Analyst, Oracle, United States


16:00 Mitigating Non-Invasive Attacks (U23b) Iain Holness, Senior Program Manager – Common Criteria, Corsec Security, United States


16:30 A Modern Approach to HSM Form Factors (U23c) John O’Connor, VP Product Management, Crypto4A Technologies, Canada

Room 212
Crypto Technology (G23)
Cloud and Cryptography

15:30 Panel Discussion: Trends and Issues in Cloud Computing Cryptography (G23a) Leader: Troy Leach, Chief Strategy Officer, Cloud Security Alliance, United States, Mark Bower, Vice President, Product Management, Anjuna Security, United States, Sam Pfanstiel, Principal Security Consultant, Coalfire, United States [60MIN]


16:30 AWS-Libcrypto Integrations (G23c) Dusan Kostic, Applied Scientist, Amazon Web Services (AWS), United States

17:00-18:30 THURSDAY EVENING RECEPTION

Room 214

We’re continuing our tradition of Thursday evening receptions. It’s an opportunity for all conference registrants to catch up with colleagues and start new conversations. Thanks to the generous support of Thursday Reception Sponsor Crypto4A.

Friday 22 September

08:30-09:00 Coffee

Room 214

09:00-10:30 Track Sessions

Room 215
Certification Programs (C30)
Competing or Complimentary Objectives?

09:00 Satisfying Seemingly Divergent Requirements—Taking Common Criteria into Consideration When Architecting Products for FIPS 140 Certifiability, What the FIPS Certification Specialist Needs to Know (C30a) Kelvin Desplanque, Platform Architect, Intel, Canada; Alicia Squires, Principal FIPS Technical Program Manager, Amazon Web Services (AWS), United States


09:30 Panel: Bringing Crypto Compliance and Validation Testing Objectives Together for FIPS 140-3 (C30b) Leader: Apostol Vassilev, Research Supervisor, National Institute of Standards and Technology (NIST), United States Panelists: Rochelle Casey, Principal Program Manager, Amazon Web Services (AWS), United States; Barry Fussell, Software Technical Leader, Cisco, United States; Andrew Karcher, Software Engineer, Cisco, United States; Yi Mao, VP, Lab Director, atsec information security, United States; Stephan Mueller, Principal Consultant, atsec information security, United States; Murugiah Souppaya, Computer Scientist, National Institute of Standards and Technology (NIST), United States [60MIN]

Room 213
PCI (I30)
Cryptography in the Payment Card Industry

09:00 Updates in PCI Security Standards Council (I30a) Tim Cormier, Director of Lab Solutions, Payment Card Industry Security Standards Council (PCI SSC), United States


09:30 Payment Cryptography and the Cloud: Industry Trends in 2023 (I30b) Adam Cason, VP, Global and Strategic Alliances, Futurex, United States, Tim Cormier, Device Standards, PCI Security Standards Council, United States


10:00 Evolution of Payment HSM Standards (I30c) Tim Winston, Principal Industry Specialist, Amazon Web Services (AWS), United States; Smita Mahapatra, Senior Industry Specialist, Amazon Web Services (AWS)

Room 212
Crypto Technology (G30)
Multi-Party Schemes and Attestation

09:00 NIST Call for Multi-Party Threshold Schemes: Brief Notes at ICMC 2023 (G30a) Luis Brandeo, Researcher, National Institute of Standards and Technology (NIST), United States


09:30 Attestation and FIPS: Past, Present and Future (G30b) Alessandro Fazio, atsec information security corporation, Italy


10:00 Doing Key Attestation Inside a FIPS Boundary and CA/B Forum BRs (G30c) Mike Ounsworth, Software Security Architect, Entrust, Canada

10:30-10:45 Networking Break

Room 214

10:45-12:15 Track Sessions

Room 215
Certification Programs (C31)
Selected Topics

10:45 FIPS Physical Testing: A Ridiculous(ly) Informative Tutorial (C31a) Seamus Mulready, Cryptographic Securty Tester (FIPS), Lightship Security, Inc., Canada


11:15 Panel: Looking beyond 1SUBs (C31b) Leader: Bishakha Banerjee, Director – VMware Trust and Assurance, VMware, United States [60MIN]

Room 213
PCI (I31)
Status of, and Contributions to, Standards

10:45 You Can Change the Future: Your Voice at the Foundation of Payment Security (I31a) Richard Kisley, Chief Engineer, IBM HSM, IBM, United States


11:15 Panel: Status of Cryptographic Security Standards (I31b) Leader: Ralph Poore, Associate Director, Payment Card Industry Security Standards Council (PCI SSC), United States Panelists: Lily Chen, Mathematician and Manager, National Institute of Standards and Technology (NIST), United States; Tim Cormier, Senior Manager, Device Standards, PCI Security Standards Council, United States; Richard Kisley, Chief Engineer, IBM HSM, IBM, United States; Jeff Stapleton, X9F4 Working Group Chair, Accredited Standards Committee X9, United States
[60MIN]

Room 212
Crypto Technology (G31)
Potential Applications

10:45 Physically Uncloneable Function (PUF) in CMVP Modules (G31a) Sylvain Guilley, CTO, Secure-IC, France


11:15 Pre-silicon Side Channel Analysis for Certification (and Development) (G31b) Jasper van Woudenberg, CTO North America, Riscure, United States


11:45 Challenges in Automating Formal Methods for Cryptographic Algorithm Validation and Protocol Verification—The Use of Experimental Platform (G31c) Elzbieta Andrukiewicz, Head of Cybersecurity Department, National Institute of Telecommunications, Poland

12:15-13:30 Lunch, CMUF Monthly Meeting

Lunch: Room 214
CMUF Monthly Meeting: Room 215

13:30-15:00 Track Sessions

Room 215
Certification Programs (C32)
CMVP Queue and a Research Topic

13:30 Software Modules: Is It Time To Update Tested Configurations? (C32a) Kaleb Himes, Senior Software Engineer, wolfSSL, United States


14:00 Panel/Open Floor: Ideas and Issues for Speeding Up the CMVP Queue (C32b) Leader: Nithya Rachamadugu, VP Cybersecurity Certification, Dekra, United States Panelists: Jake Bajic, Director, Product Line Manager, Palo Alto Networks, United States; Carol Cantlon, Quality Manager Lightship Security, Canada [60MIN]

Room 213
Embedded/IoT (E32)
Trends and Issues

13:30 Panel: Trends and Issues in IoT Cryptography (E32a) Leader: Loren Shade, Founder, IoT Security Forum, & VP Marketing, Allegro Software, United States [60MIN]


14:00 Lightweight Encryption (E32b) Speaker TBA

Room 212
Crypto Technology (G32)
Homomorphic Encryption and Privacy

13:30 Practical Open-Source Fully Homomorphic Encryption with the OpenFHE Software Library (G32a) Kurt Rohloff, Co-Founder, OpenFHE, CTO & Co-Founder, Duality Technologies, United States


14:00 Enabling Large-Scale Privacy-Preserving Recurrent Neural Networks with Fully Homomorphic Encryption (G32b) Vele Tosevski, MASc Candidate, University of Toronto, Canada


14:30 Enhancing Privacy in the Age of AI: Cryptographic Schemes for Identity (G32c) Christian Paquin, Principal Software Engineer, Microsoft, United States

15:00-15:15 Networking Break

Room 214

15:15-16:30 Summary Panel Discussion, Closing Remarks

Room 215

15:15 Summary Panel Discussion TBA (P33a)


16:15 Closing Remarks (P33b)

16:30 Adjourn