Moderator: Erin Connor, Consultant, Program Director, ICMC, Canada
09:00 Welcome and Introduction (P10a) Yi Mao, Managing Director, atsec information security corporation, United States
09:10 Government Keynote (P10b) Sami Khoury, Head, Canadian Centre for Cyber Security (CCCS), Canada
09:45 Industry Keynote: The Quantum “Threat”: A Blessing in Disguise for Cyber Resilience (P10c) Michele Mosca, Co-founder and CEO, evolutionQ, and Co-founder, Institute for Quantum Computing, Canada
Certifications Programs (C11) Validation Program Updates |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
11:05 CMVP Programmatic Update (C11a) Kailai Chen, CMVP Program Manager (Canada), Canadian Centre for Cyber Security (CCCS), Canada; Alex Ca|is, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States
11:35 CAVP Programmatic Update (C11b) Tim Hall, Security Testing, Validation, and Measurement Manager, NIST, United States
12:05 CMVP and CAVP Automation (C11c) Gavin O’Brien, Computer Scientist, National Institute of Standards and Technology (NIST), United States; David Hawes, Computer Scientist, National Institute of Standards and Technology (NIST), United States
Post-Quantum Crypto (Q11) Getting to PQC Migration |
Moderator: Roberta Faux, US Head of Cryptography and CTO, Arqit Quantum Inc., United States |
11:05 RSA Will Fall, How Do We Get Back Up? (Q11a) John Gray, Senior Principal Software Developer, Entrust, Canada
11:35 Detecting the Quantum-Vulnerable Cryptography in Your Enterprise (Q11b) David McGrew, Cisco Fellow, Cisco Systems, United States
12:05 The PQC Coalition: The Bright Present and Future of PQC Migration in the Real World (Q11c) Daniel Apon, Applied Cryptography Lead, MITRE, United States
RBG/Entropy (N11) Selected Topics |
Moderator: Marcos Portnoi, Lab Director, atsec information security, United States |
11:05 Multi-Certifiability of Cryptographic Modules: How to Make a TRNG Multi-Certifiable? (N11a) Ritu Ranjan Shrivastwa, Certification & Standardization Program Manager, Secure-IC, France
11:35 Assessing Random Bit Generator Quality with Granger Causality Extensions (N11b) Micah Thornton, Post-doctoral Researcher, University of Texas Southwestern Medical Center, Southern Methodist University, United States
12:05 Customer-Provided Entropy Provision for Virtual Machines in Hypervisor Environments (N11c) Rumman Mahmud, Staff 2 Security Compliance Engineer, VMware, United States
Certification Programs (C12) Physical Testing and ISO 19790 Updates |
Moderator: Apurva Varalikar, Laboratory Manager, Intertek, United States |
13:35 EFP/EFT Testing at Security Level 3 and 4 and Remote Testing Advocacy (C12a) Renaudt Nunez, Senior Consultant/Deputy Lab Manager, atsec information security corporation, United States
14:05 ISO 19790:2024 and 24579:2024 – How is Progress and What Has Changed? (C12b) Graham Costa, Security Architect and Certifications Manager, Thales, United Kingdom
14:35 Adoption of the Next Version of 19790 by the CMVP (C12c) Carolyn French, Canadian Centre for Cyber Security (CCCS), Canada
Post-Quantum Crypto (Q12) Standards and Migration Efforts |
Moderator: Roberta Faux, US Head of Cryptography and CTO, Arqit Quantum Inc., United States |
13:35 The First NIST PQC Standards (Q12a) Lily Chen, Mathematician and Manager, National Institute of Standards and Technology (NIST), United States; Dustin Moody, Mathematician, National Institute of Standards and Technology (NIST), United States
14:05 Migration to Post-Quantum Cryptography—Panel Presentation on NIST’s NCCoE Collaborative Efforts (Q12b) Leader: William Newhouse, Cybersecurity Engineer, National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST), United States Panelists: David McGrew, Cisco Fellow, Cisco Systems, United States; Christian Paquin, Principal Software Engineer, Microsoft, United States; Evan Pelecky, Product Manager, Thales Trusted Cyber Technologies (TCT), United States [60MIN]
RBG/Entropy (N12) Standards and Bridging the Gaps |
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States |
13:35 Update on AIS 20/31 (N12a) Werner Schindler, Head of Section, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany
14:05 Update on SP 800-90 (N12b) John Kelsey, Computer Scientist, NIST and KU Leuven, United States
14:35 Bridging the Gap Between the SP 800-90 Series and AIS 20/31 (N12c) Kerry McKay, National Institute of Standards and Technology (NIST), United States; Werner Schindler, Head of Section, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany
Certification Programs (C13) ISO 19790 and Staying Up-to-Date |
Moderator: Simon Rix, Senior Manager and FIPS Lab Manager, Intertek, Canada |
15:35 Panel: Facing the Future: The Next ISO/IEC 19790 (C13a) Leader: Yi Mao, Managing Director, atsec U.S.A., atsec information security corporation, United States Panelists: Chris Brych, Senior Principal Security Analyst, Oracle, Canada; Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada; Graham Costa, Security Architect and Certifications Manager, Thales, United Kingdom; Jonathan Smith, Senior FIPS Tester, Dekra, United States [60MIN]
16:35 Staying Active (and not Historical). FIPS Programmatic Algorithm Transitions by EOY and Early 2024 (C13c) William Tung, Sr. Security Analyst, Thales, United States
Post-Quantum Crypto (Q13) Challenges and Options |
Moderator: Loren Shade, Founder, IoT Security Forum, & VP Marketing, Allegro Software, United States |
15:35 A Vendor’s View on PQC Challenges (Q13a) Quang Trinh, Certification Product Manager, Palo Alto Networks, United States
16:05 Simple and Effective Steps to Achieve Quantum Safety Today (Q13b) Daniel Shiu, Chief Cryptographer, Arqit Quantum, United Kingdom
16:35 Integrating Quantum and Post-Quantum into 140-3 Modules Today (Q13c) Jonathan Smith, Senior FIPS Tester, Dekra, United States
RBG/Entropy (N13) Testing Entropy and Health |
Moderator: Erin Connor, Consultant, Program Director, ICMC, Canada |
15:35 Tailored Health Tests for Physical Entropy Sources (N13a) Johannes Mittmann, Mathematician, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, NIST, United States
16:05 Entropy Reviewers Open Floor (N13b) Tim Hall, Security Testing, Validation, and Measurement Manager, NIST, United States
Open to everyone. Located in the Exhibit Area, Canada Hall 3, on the third floor. Catch up your colleagues for a refreshing beverage at the end of the day’s events. Thanks to the generous support of Welcome Reception Sponsor atsec.
Separate registration required. Enjoy an informal group dinner at one of Ottawa’s best restaurants in the historic Byward Market neighborhood with your ICMC colleagues. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:35 at the ICMC registration desk in the foyer and depart from there.
Certification Programs (C20) The View from NIAP |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
09:00 NIAP Update (C20a) Jon Rolf, NIAP Director, NSA, United States
09:30 NIAP Entropy Analysis Report Guidance Update (C20b) Mary Baish, NSA, United States; Jon Rolf, NIAP Director, NSA, United States
10:00 NIAP CNSA 2.0 Plans (C20c) Rebecca Guthrie, NSA, Center for Cybersecurity Standards, United States; Jon Rolf, NIAP Director, NSA, United States
Post-Quantum Crypto (Q20) Implementations |
Moderator: Michele Mosca, Co-founder and CEO, evolutionQ, and Co-founder, Institute for Quantum Computing, Canada |
09:00 PQC – First Real Life Implementations (Q20a) Volker Krummel, Chapter Lead PQC, Utimaco, Germany
09:30 Implementing a Post-Quantum End-To-End Encrypted Messaging Service (Q20b) Jaimee Brown, Senior Research Engineer, Teron Labs, Australia
10:00 Challenges of Hardware Chips Based on Post-Quantum Cryptographic and Physical Security Requirements (Q20c) Dr. Reza Azarderakhsh, Professor at FAU and CEO at PQSecure, United States
Open-Source Cryptography (S20) Selected Topics |
Moderator: Renaudt Nunez, Senior Consultant/Deputy Lab Manager, atsec information security corporation, United States |
09:00 The Legion Goes Native, Experiences and Findings in the Hardware Jungle (S20a) David Hook, VP Software Engineering, Legion of the Bouncy Castle/Keyfactor, Australia
09:30 Update on PKCS #11 3.1/3.2 (S20b) Robert Relyea, Principle Programmer, Red Hat, United States
10:00 A Practical Guide for Proactive Key Management and PQ Readiness Using KMIP (S20c) Tony Cox, Consultant, TC Logic, Australia
Certification Programs (C21) Equivalency for Module Environments |
Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States |
11:00 NIAP Equivalency Revisited (C21a) Jade Stewart, NIAP Staff, NIAP, United States; Edward Morris, CST Lab Manager, Gossamer Security Solutions, United States
11:30 Panel Discussion: CPU Equivalency (C21b) Leader: Kevin Micciche, Senior Manager, Product Trust and Assurance, Aruba, United States Panelists: Edward Morris, CST Lab Manager, Gossamer Security Solutions, United States; Ryan Thomas, Director, Lightship Security, Canada [60MIN]
Post-Quantum Crypto (Q21) Controversy and Trends |
Moderator: Michele Mosca, Co-founder and CEO, evolutionQ, and Co-founder, Institute for Quantum Computing, Canada |
11:00 Lattice Cryptography Exposed! (Q21a) Luis Antonio Ruiz Lopez, Cryptographer, Lorica Cybersecurity, Canada
11:30 Panel Discussion: Testing and Assessment for Quantum Safe Cryptography (Q21b) Leader: Michele Mosca, Co-founder and CEO, evolutionQ, and Co-founder, Institute for Quantum Computing, Canada; Donna Dodson, Senior Strategy Advisor, evolutionQ, United States; Werner Schindler, Head of Section, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany; Bruno Couillard, President & CEO, Crypto4A Technologies, Inc., Canada; Marcos Portnoi, Lab Director, atsec information security, United States [60MIN]
Open-Source Cryptography (S21) Invited Speakers |
Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia |
11:00 An Overview of Recent Vulnerabilities in OpenSSL (S21a) Dr. Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States
11:30 New Initiatives in Open Source Post-Quantum Software (S21b) Douglas Stebila, Associate Professor of Cryptography, Department of Combinatorics & Optimization, University of Waterloo, Canada
12:00 Open SSL Update (S21c) Anton Arapov, Engineering Manager, OpenSSL Software Foundation, Czechia; Tomas Mraz, OpenSSL Software Foundation, Czechia
Certification Programs (C22) Security and/or Compliance? |
Moderator: Anantha Kandiah, Engineering Director, Teron Labs, Australia |
13:30 Security: The Second Wave of Convergence (C22a) Dan O’Loughlin, Vice President, Engineering, Qualcomm Technologies Incorporated, United States
14:00 Panel Discussion: Security vs Compliance Part 2 (C22b) Leader: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States Panelists: Alicia Squires, Principal FIPS Technical Program Manager, Amazon Web Services (AWS), United States; Jon Rolf, NSA, United States; Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada [60MIN]
Post-Quantum Crypto (Q22) Lattice and Hash-Based Cryptography |
Moderator: Marcos Portnoi, Lab Director, atsec information security, United States |
13:30 Kyber and Dilithium Real Life Lessons (Q22a) Stephan Mueller, Primary Security Consultant, atsec information security corporation, United States
14:00 The State of the Art in Stateful Hash-Based Signatures (Q22b) Jim Goodman, Principal Security Architect, Crypto4A Technologies, Canada
14:30 Reimagining the State: Hash-Based Signatures in Merkle Tree Ladder Mode (Q22c) Dr. Burt Kaliski Jr., Senior Vice President and Chief Technology Officer, Verisign, United States
Crypto Technology (G22) Problems for Resolution |
Moderator: Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States |
13:30 CVE-2022-37454: A Buffer Overflow Vulnerability Affecting Implementations of SHA-3 (G22a) Nicky Mouha, Researcher, Strativia, United States
14:00 Equivalence Classes in AES (G22b) David Cornwell, Principal Cryptographic and Security Consultant, atsec information security corporation, United States
14:30 Filling the Gaps in FIPS Cryptography (G22c) Joachim Vandersmissen, IT Security Consultant, atsec information security corporation, United States
Certification Programs (C23) Quantum Certification |
Moderator: Skip Norton, VP Business Development, QuintessenceLabs, United States |
15:30 Introduction of Quantum Safe Equipment Certification Program in Korea (C23a) Min Hyung Kim, Project Manage for QKD Network, SK Telecom, South Korea
16:00 Panel Discussion: Towards Certification of Quantum Technologies (C23b) Leader: Sarah McCarthy, Cryptographic Strategist, EvolutionQ, Canada Panelists: Norbert Lutkenhaus, Institute for Quantum Computing, University of Waterloo, Canada; Chris Erven, CEO, KETS Quantum Security, United Kingdom; Bruno Huttner, Director of Strategic Quantum Initiatives, ID Quantique, Switzerland; Sylvain Chenard, Networks Infrastructure Business Group, Senior Product Manager at Nokia, Canada [60MIN]
Implementing Crypto Cybersecurity (U23) Selected Topics |
Moderator: Joshua Brickman, Senior Director, Security Evaluations, Oracle, United States |
15:30 CVE Management: When is the Right Time to Revalidate? (U23a) Jennifer Brady, Senior Principal Security Analyst, Oracle, United States
16:00 Mitigating Non-Invasive Attacks (U23b) Iain Holness, Senior Program Manager – Common Criteria, Corsec Security, United States
16:30 A Modern Approach to HSM Form Factors (U23c) John O’Connor, VP Product Management, Crypto4A Technologies, Canada
Crypto Technology (G23) Cloud and Cryptography |
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States |
15:30 Panel Discussion: Trends and Issues in Cloud Computing Cryptography (G23a) Leader: Ryan Thomas, Director, Lightship Security, Canada Panelists: Sam Pfanstiel, PhD, Principal Security Consultant, Coalfire, United States; Jeff Andersen, Staff Software Engineer, Google, United States; Adam Cason, Vice President of Global and Strategic Alliances, Futurex, United States; Evgeny Gervis, CEO, Safelogic, United States [60MIN]
16:30 Digital Identity Wallet and the Cloud (G23c) Fabien Deboyser, Security Certification Expert, NXP Semiconductors, France
We’re continuing our tradition of Thursday evening receptions. It’s an opportunity for all conference registrants to catch up with colleagues and start new conversations. Thanks to the generous support of Thursday Reception Sponsor Crypto4A.
Certification Programs (C30) Competing or Complimentary Objectives? |
Moderator: Erin Connor, Consultant, Program Director, ICMC, Canada |
09:00 Satisfying Seemingly Divergent Requirements—Taking Common Criteria into Consideration When Architecting Products for FIPS 140 Certifiability, What the FIPS Certification Specialist Needs to Know (C30a) Kelvin Desplanque, Platform Architect, Intel, Canada; Alicia Squires, Principal FIPS Technical Program Manager, Amazon Web Services (AWS), United States
09:30 Panel: Bringing Crypto Compliance and Validation Testing Objectives Together for FIPS 140-3 (C30b) Leader: Apostol Vassilev, Research Supervisor, National Institute of Standards and Technology (NIST), United States Panelists: Rochelle Casey, Principal Program Manager, Amazon Web Services (AWS), United States; Barry Fussell, Principal Engineer, Cisco Systems, United States; Andrew Karcher, Software Engineer, Cisco, United States; Yi Mao, Managing Director, atsec information security, United States; Stephan Mueller, Principal Consultant, atsec information security, United States; Murugiah Souppaya, Computer Scientist, National Institute of Standards and Technology (NIST), United States [60MIN]
PCI (I30) Cryptography in the Payment Card Industry |
Moderator: Ralph Poore, Associate Director, PCI Security Standards Council, United States |
09:00 Updates in PCI Security Standards Council (I30a) Tim Cormier, Director of Lab Solutions, Payment Card Industry Security Standards Council (PCI SSC), United States
09:30 Payment Cryptography and the Cloud: Industry Trends in 2023 (I30b) Adam Cason, VP, Global and Strategic Alliances, Futurex, United States
10:00 Evolution of Payment HSM Standards (I30c) Tim Winston, Principal Industry Specialist, Amazon Web Services (AWS), United States; Smita Mahapatra, Senior Industry Specialist, Amazon Web Services (AWS), United States
Crypto Technology (G30) Multi-Party Schemes and Attestation |
Moderator: Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States |
09:00 NIST Call for Multi-Party Threshold Schemes: Brief Notes at ICMC 2023 (G30a) Lily Chen, Mathematician and Manager, National Institute of Standards and Technology (NIST), United States
09:30 Attestation and FIPS: Past, Present and Future (G30b) Alessandro Fazio, atsec information security corporation, Italy
10:00 Doing Key Attestation Inside a FIPS Boundary and CA/B Forum BRs (G30c) Mike Ounsworth, Software Security Architect, Entrust, Canada
Certification Programs (C31) Selected Topics |
Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia |
10:45 FIPS Physical Testing: A Ridiculous(ly) Informative Tutorial (C31a) Seamus Mulready, Cryptographic Security Tester (FIPS), Lightship Security, Inc., Canada
11:15 Panel: Looking beyond 1SUBs (C31b) Leader: Bishakha Banerjee, Director – VMware Trust and Assurance, VMware, United States Panelists: David Hook, VP Software Engineering, Legion of the Bouncy Castle/Keyfactor, Australia; Graham Costa, Security Architect and Certifications Manager, Thales, United Kingdom; Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States [60MIN]
PCI (I31) Status of, and Contributions to, Standards |
Moderator: Ralph Poore, Associate Director, PCI Security Standards Council, United States |
10:45 You Can Change the Future: Your Voice at the Foundation of Payment Security (I31a) Richard Kisley, Senior Technical Staff Member, IBM, United States
11:15 Panel: Status of Cryptographic Security Standards (I31b) Leader: Ralph Poore, Associate Director, Payment Card Industry Security Standards Council (PCI SSC), United States Panelists: Lily Chen, Mathematician and Manager, National Institute of Standards and Technology (NIST), United States; Richard Kisley, Senior Technical Staff Member, IBM, United States; Jeff Stapleton, X9F4 Working Group Chair, Accredited Standards Committee X9, United States; Emma Sutcliffe, SVP, PCI Security Standards Council, United States [60MIN]
Crypto Technology (G31) Potential Applications |
Moderator: Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States |
10:45 Physically Uncloneable Function (PUF) in CMVP Modules (G31a) Sylvain Guilley, CTO, Secure-IC, France
11:15 Extensible Key Attestation for Cryptographic Modules (G31b) Jean-Pierre Fiset, Principal System Architect, Crypto4A Technologies, Canada
11:45 Challenges in Automating Formal Methods for Cryptographic Algorithm Validation and Protocol Verification—The Use of Experimental Platform (G31c) Elzbieta Andrukiewicz, Head of Cybersecurity Department, National Institute of Telecommunications, Poland; Tomasz Brengos, Assistant Professor, Warsaw University of Technology
Certification Programs (C32) CMVP Queue and a Research Topic |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
13:30 Software Modules: Is it time to update tested configurations? (C32a) Kaleb Himes, Senior Software Engineer, wolfSSL, United States
14:00 Panel/Open Floor: Ideas and Issues for Speeding Up the CMVP Queue (C32b) Leader: Nithya Rachamadugu, VP Cybersecurity Certification, Dekra, United States Panelists: Jake Bajic, Director, Product Line Manager, Palo Alto Networks, United States; Carol Cantlon, Quality Manager Lightship Security, Canada, Steve Weymann, Co-Founder, KeyPair Consulting Inc., United States [60MIN]
Embedded/IoT (E32) Trends and Issues |
Moderator: Loren Shade, Founder, IoT Security Forum, & VP Marketing, Allegro Software, United States |
13:30 Ascon – The New NIST Standard for Lightweight Authenticated Encryption and Hashing (E32a) Maria Eichlseder, Assistant Professor of Cryptography, Co-designer of Ascon, Graz University of Technology, Austria
14:00 Panel: Trends and Issues in IoT Cryptography (E32b) Leader: Loren Shade, Founder, IoT Security Forum, & VP Marketing, Allegro Software, United States Panelists: Kaleb Himes, Senior Software Engineer, wolfSSL, United States; David Hook, VP Software Engineering, Legion of the Bouncy Castle/Keyfactor, Australia [60MIN]
Crypto Technology (G32) Homomorphic Encryption and Privacy |
Moderator: Seth Nielson, Founder and Chief Scientist, Crimson Vista, United States |
13:30 Practical Open-Source Fully Homomorphic Encryption with the OpenFHE Software Library (G32a) Kurt Rohloff, Co-Founder, OpenFHE, CTO & Co-Founder, Duality Technologies, United States
14:00 Enabling Large-Scale Privacy-Preserving Recurrent Neural Networks with Fully Homomorphic Encryption (G32b) Vele Tosevski, MASc Candidate, University of Toronto, Canada
14:30 Enhancing Privacy in the Age of AI: Cryptographic Schemes for Identity (G32c) Christian Paquin, Principal Software Engineer, Microsoft, United States
15:15 Summary Panel Discussion: Our Robot Overlords – Artificial Intelligence, Cybersecurity, and Certifications (P33a) Leader: Roberta Faux, US Head of Cryptography and CTO, Arqit Quantum Inc., United States, Werner Schindler, Head of Section, Bundesamt fur Sicherheit in der Informationstechnik (BSI), Germany; Philip Lafrance, Standards Manager, ISARA Corporation, Canada; William Newhouse, Cybersecurity Engineer, National Cybersecurity Center of Excellence, National Institute of Standards and Technology (NIST), United States
16:15 Closing Remarks (P33b) Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA