September 17-20, 2024 | DoubleTree by Hilton, San Jose, California

Conference Agenda 2024

New for 2024, presented September 17, the day before ICMC. This optional special-focus event will help you prepare now for the threat posed by future quantum computers. This special-focus event will include important, actionable information for anyone concerned with cybersecurity in a data-dependent enterprise.
Click Here for the PQ Cyber Day Agenda

Wednesday 18 September

Conference Sessions

08:00 - 09:00 Registration

Bayshore Foyer

09:00 - 10:15 Plenary Keynote Session

Gateway Ballroom

Moderator: Erin Connor, Consultant, Program Director, ICMC

09:00 Welcome Address (P10a) Yi Mao, CEO and Managing Director, atsec information security corp, United States

09:05 Government Keynote: PQC Roadmap for the Federal Government (P10b) Garfield Jones, Associate Chief of Strategic Technology, Cybersecurity and Infrastructure Security Agency (CISA), United States

09:40 Industry Keynote: The Post-Quantum Question (P10c) Nick Sullivan, Co-Chair, Crypto Forum Research Group (CFRG), Co-Chair, Internet Research Task Force (IRTF) and Principal, Cryptography Consulting, United States

10:30 - 11:15 Networking Break in Exhibits

Bayshore Ballroom

11:00-12:30 Track Sessions

Cedar/Pine Room
Certification Programs (C11)
Validation Program Updates
Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia

11:00 CMVP Program Update (C11a) David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States


11:30 CMVP Program Future Plans and Issues (C11b) David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Kailai Chen, CMVP Program Manager (Canada), Canadian Centre for Cyber Security (CCCS), Canada


12:00 NIAP Policy 5 and Equivalency Updates (C11c) Jade Stewart, Portfolio Manager, NIAP, United States

Fir Room
Embedded/IoT (E11)
Selected Topics

11:00 NIST SP800-90B Certifiable Software-Based TRNG for IoT (E11a) Tesfa Mael, Embedded/Software Systems Engineer, wolfSSL, United States


11:30 Stirring the SBOM Soup with FIPS (E11b) Loren Shade, VP of Marketing, Allegro Software, United States


12:00 Scaling IoT Security Assessment and Certification with EN 17927 (SESIP) (E11c) Olivier Van Nieuwenhuyze, Vice Chair and Security Task Force Chair, GlobalPlatform, United Kingdom

Oak Room
Open-Source Cryptography (S11)
Updates and Strategies
Track Sponsor

 

 

11:00 Strategies for Evaluating Open-Source Cryptography (S11a) Javed Samuel, Vice President Crypto Services, NCC Group Cryptography Services, United States


11:30 Update on PKCS #11 3.2 (S11b) Robert Relyea, OASIS PKCS #11 Co-chair, Red Hat, United States


12:00 OpenSSL Roadmap Update (S11c) Neil Horman, Software Engineer, OpenSSL

12:30-13:30 Lunch in Exhibit Area

Bayshore Ballroom

13:30-15:00 Track Sessions

Certification Programs (C12)
Relationships and Entropy
Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia

13:30 Navigating Vendor and Lab Relationships: Best Practices and Lessons Learned from FIPS 140-3 (C12a) James Dean, Deputy Lab Manager, UL Solutions, Canada


14:00 Entropy Reviewer Panel (C12b) Leader: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States; Timothy Hall, Security Testing, Validation, and Measurement Manager National Institute of Standards and Technology (NIST), United States [60 MIN]

Crypto Technology (G12)
Cloudy Update Insights

13:30 Insights from Automated Large-Scale Analysis of FIPS 140 Certificates (G12a) Adam Janovský, PhD Candidate, Masaryk University, Czechia


14:00 NIST SP 800-38 Series: Status Update on Block Cipher Modes of Operation (G12b) Nicky Mouha, Researcher, Strativia, United States


14:30 FIPS 140-3 in the Cloud: Practical Strategies from a Real-World Case Study (G12c) Brandon Harvey, Principal Security Analyst, Oracle, United States

Open-Source Cryptography (S12)
In Practice

13:30 Striking a Balance: Utilizing Hardware Intrinsics for Accelerating Post-Quantum Cryptography (S12a) Alexander Scheel, Principal Software Engineer, Keyfactor / Bouncy Castle, United States


14:00 A Further Practical Guide for Proactive Key Management and PQ Readiness Using KMIP (S12b) Tony Cox, Consultant, TC Logic, Australia


14:30 Building an Open-Source FIPS Soft-Token in Rust (S12c) Simo Sorce, Distinguished Engineer, Red Hat, United States

15:00-15:30 Networking Break in Exhibits

Bayshore Ballroom

15:30-17:00 Track Sessions

Certification Programs (C13)
International Updates
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States

15:30 Cryptographic Evaluation in Europe Is Now a Reality: The Spanish Case (C13a) Juan Martínez, Crypto Manager, jtsec Beyond IT Security, Spain


16:00 Panel: The Upcoming ISO/IEC 19790:2024 (C13b) Leader: Yi Mao, CEO and Managing Director, atsec information security corp, United States; Graham Costa, Security and Certifications Manager, Thales, United Kingdom; Carolyn French, CMVP Program Manager, Canadian Centre for Cyber Security, Canada; Margaret Salter, Director of Applied Cryptography, AWS, United States [60 MIN]

Crypto Technology (G13)
Authentication, Metrics, and Gaps

15:30 Machines Do Not Have Thumbs: Multifactor Authentication for Non-Humans (G13a) Marcos Portnoi, Lab Director & CISO, atsec information security corp, United States


16:00 Security Metrics in Pre-Silicon Processor and System Design (G13b) William Santiago, Distinguished Research Scientist and Manager, IBM, United States


16:30 Bridging the FIPS 140-3 Gap: Insights from Multiple Module Gap Analyses with a Vendor Perspective (G13c) Jennifer Brady, Senior Principal Security Analyst, Oracle, United States

Open-Source Cryptography (S13)
Support and Validation
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

15:30 Supporting OpenSSL Providers from a Fork (S13a) Rich Salz, Principal Architect, Akamai Technologies, United States


16:00 Taking OpenSSL3 to FIPS 140-3 (S13b) Randall Steck, Founder/CEO, Symbiotic Systems Research, LLC, United States


16:30 OpenSSL FIPS Validation Updates (S13c) Apurva Varalikar, Laboratory Manager, Acumen Security, United States

17:00-18:30 Welcome Reception in Exhibits

Bayshore Ballroom

18:30-21:00 Dine-Out San Jose

Separate registration required. Enjoy an informal group dinner and drinks at an iconic Silicon Valley restaurant with your ICMC colleagues. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:30 at the ICMC registration desk in the foyer and depart from there.

 

Thursday 19 September

Conference Sessions

08:00 - 09:00 Coffee in the Exhibits

Bayshore Ballroom

09:00 - 10:30 Track Sessions

Cedar/Pine Room
Crypto Technology (G20)
Vendor Viewpoints

09:00 High Availability Cryptography and FIPS (G20a) Alicia Squires, Principal FIPS Technical Program Manager, Amazon Web Services (AWS), United States; Swapneela Unkule, CST Lab Manager, atsec information security corp, United States


09:30 Topic TBA (G20b) Speaker TBA 


10:00 Designing Cryptographic Systems (G20c) Anna Johnston, Cryptographer (Principal Engineer), Juniper Networks, United States

Fir Room
Post-Quantum Crypto (Q20)
Quantum-Safe Issues
Oak Room
RBG/Entropy (N20)
Everything Entropy
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States

09:00 Practical Guide to Entropy (N20a) Lisa Rabe, Security Research Engineer, Cisco Systems, United States


09:30 A Practical Guide to Entropy Noise Sources (N20b) Richard Fant, Security Researcher, Intel, United States


10:00 Post-Processing Algorithms and Conditioning Functions for Entropy Sources (N20c) Johannes Mittmann, Mathematician, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States

10:30 - 11:00 Networking Break in Exhibits

Bayshore Ballroom

11:00 - 12:30 Track Sessions

Crypto Technology (G21)
Implementation Topics

11:00 The Hitchhiker’s Guide to FHE (G21a) Sandra Guasch Castelló, Staff Privacy Engineer, SandboxAQ, Spain


11:30 Topic TBA (G21b) Speaker TBA


12:00 Componentization–Cryptographic Module Reuse Scenarios (G21c) ​​Kelvin Desplanque, Platform Security Architect, Intel, United States

Post-Quantum Crypto (Q21)
Selected Topics
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States

11:00 The First NIST PQC Standards (Crypto Module Edition) (Q21a) Lily Chen, Mathematician, NIST Fellow, United States


11:30 Topic TBA (Q21b) Speaker TBA


12:00 All the Things PQ – End-to-End PQ-Secure FIDO2 Protocol (Q21c) Nina Bindel, Staff Researcher, SandboxAQ, Germany

RBG/Entropy (N21)
New and Old RNGs

11:00 XDRBG – A New Lean DRBG (N21a) Stephan Mueller, Principal Consultant, atsec information security corp, United States; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States


11:30 Panel: Standardization of Random Number Generators–Perspective from BSI and NIST (N21b) Leader: John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States [60 MIN]

12:30 - 13:30 Lunch in Exhibit Area

Bayshore Ballroom

13:30 - 15:00 Track Sessions

Certification Programs (C22)
Vendor and Lab Perspectives

13:30 FIPS Everywhere – Can We Do It? (C22a) Margaret Salter, Sr Principal, Cryptography, AWS, United States


14:00 If I Led the CMVP: Thoughts for the CMVP from Labs and Vendors (C22b) Leader: David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Swapneela Unkule, CST Lab Manager atsec information security, United States [60 MIN]

Post-Quantum Crypto (Q22)
Post Quantum and HSMs

13:30 NIST NCCoE PQC Migration HSM Interoperability Testing (Q22a) Jim Goodman, Chief Technology Officer and Principal Security Architect, Crypto4A Technologies, Canada


14:00 Panel: HSMs & Post-Quantum: Can They Keep Up? (Q22b) Leader: Bruno Couillard, CEO, Crypto4A Technologies, Canada [60 MIN]

RBG/Entropy (N22)
Practical Entropy

13:30 DRNG Trees and RBGC Constructions (N22a) Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States


14:00 Developing a Stochastic Model for a Ring Oscillator and Determination of Correlation Between Ring Oscillators (N22b) Steele Myrick, Entropy Analyst, Corsec Security, United States


14:30 Exploring On-Chip Cache (L1/L2/L3) and a DDR-RAM-Based Non-Physical Noise Sources for BSI (N22c) Simon Rix, FIPS Lab Manager, Intertek EWA-Canada, Canada

15:00-15:30 Networking Break in Exhibits

Bayshore Ballroom

15:30 - 17:00 Track Sessions

Certification Programs (C23)
Selected Topics

15:30 Dedicated Security Component – A FIPS Module in the CC World (C23a) Brian Wood, Program Manager for Security Certifications, Google, United States; Joachim Vandersmissen, Deputy CC Lab Manager atsec information security, United States


16:00 A Funny Thing Happened on the Way to the Test Lab (C23b) Seamus Mulready, Cryptographic Security Tester (FIPS), Lightship Security, Canada


16:30 Demystifying First-Party Lab Accreditation Process (C23c) Shola Adegboye, Security Research Engineer/Scientist, Intel, United States

Post-Quantum Crypto (Q23)
Interoperability and Transition

15:30 PQC Interoperability Project (Q23a) John Gray, Senior Principal Software Applications Developer, Entrust, Canada


16:00 Panel: Crypto Agility in Post-Quantum Cryptography: How to Transition Smoothly (Q23b) Leader: Marcos Portnoi, Lab Director, atsec information security corp, United States; Jai Arun, Head of IBM Quantum Safe Product Management & Strategy; Russ Housley, Owner, Vigil Security; Jim Goodman, Co-Founder, Chief Technical Officer, Crypto4A Technologies; Lily Chen, Mathematician, NIST Fellow, United States [60 MIN]

RBG/Entropy (N23)
Health Tests and ESV Trends

15:30 The SP800-90B Approved Health Tests and Their Cutoffs (N23a) Joshua Hill, Information Security Scientist, KeyPair Consulting, United States


16:00 Health Testing with Sample Variance (N23b) Yvonne Cliff, Senior Research Engineer, Teron Labs, Australia


16:30 Trends of the ESV Submissions to Date (N23c) Chris Bell, Security Engineer, Intertek Acumen, United States

Friday 20 September

Conference Sessions

08:00 - 09:00 Coffee

Bayshore Ballroom

09:00 - 10:30 Track Sessions

Cedar/Pine Room
Certification Programs (C30)
Selected Topics

09:00 Making Sense of the FIPS 140 Validation Review Queue (C30a) Chris Brych, Senior Principal Security Analyst, Oracle, Canada


09:30 Panel: NCCoE Automation of Module Validation Project (AMVP) (C30b) Leader: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States; Walker Riley, IT Security Consultant, atsec information security corp, United States; Raoul Gabiam, Principal Cloud and Cybersecurity Engineer, MITRE, United States; Courtney Maatta, Senior Customer Solutions Manager, Amazon Web Services (AWS), United States; Stephan Mueller, Principal Consultant, atsec information security, United States; Barry Fussell, Principal Engineer, Cisco Systems, United States [60 MIN]

Fir Room
Post-Quantum Crypto (Q30)
Real World Issues

09:00 Applied PQC – Deploying Stateful Hash-Based Signature Algorithms in Distributed Environments (Q30a) Nils Gerhardt, CTO, Utimaco, Utimaco, Germany


09:30 Towards a Quantum-Secure Future: Exploring QKD as a Complement to PQC (Q30b) Marc Wehling, Evaluator, TÜV Informationstechnik, Germany


10:00 Post-Quantum Cryptographic Hardware Engineering (Q30c) Reza Azarderakhsh, Professor, Florida Atlantic University, and CEO, PQSecure, United States

Oak Room
Implementing Crypto Cybersecurity (U30)
Common Modules

09:00 Vulnerability Handling in Common Criteria (U30a) Daniel O’Loughlin, Vice President Engineering, Qualcomm Technologies, United States


09:30 Panel: Certifications and Common Modules – A Story of Collaboration, Capability, and Change (U30b) Leader: Trish Wolff, Leader FIPS Certifications, Cisco Systems, United States [60 MIN]

10:30 - 10:45 Networking Break

Bayshore Ballroom

10:45 - 12:15 Track Sessions

Certification Programs (C31)
Hardware Concerns

10:45 Side-Channel Vulnerabilities, a Closer Look at NIST Standardization (C31a) Sven Bettendorf, Lead Expert for Quantum Technologies, TÜV Informationstechnik, Germany


11:15 Hardware Equivalency for Single-Chip Modules (C31b) Swapneela Unkule, CST Lab Manager, atsec information security corp, United States


11:45 Physical Security of Single Chips (C31c) Renaudt Nunez, Senior IT Security Consultant, atsec information security corp, United States

Post-Quantum Crypto (Q31)
Timing and Inventories

10:45 Tooling for Detecting Timing Leaks (Not Only) in Quantum-Safe Implementations (Q31a) Basil Hess, Senior Research Engineer, IBM Research, Switzerland


11:15 Panel: How to Make the Most Out of Cryptographic Inventories for Your Organization (Q31b) Leader: Ryan Hurst, Advisor, SandboxAQ, United Kingdom; Najwa Aaraj, CEO, Technology Innovation Institute (TII); Garfield Jones, Associate Chief of Strategic Technology, Cybersecurity and Infrastructure Security Agency (CISA) [60 MIN]

Implementing Crypto Cybersecurity (U31)
Selected Topics

10:45 Fighting Deepfakes Thru Provenance Attestation (U31b) Asaf Shen, Senior Director for Product Management, Qualcomm Technologies, Inc., United States


11:15 Supporting OpenSSL3 Providers Architecture in Restrictive OSes (e.g., iOS) (U31b) Alexander Zaslavsky, Lead SW Eng, SafeLogic, Spain


11:45 PQKMS: Provably Zero-Trust, Attribute-Based Key Management System (U31c) Yogesh Swami, CTO, SecureSubstrates, United States

12:15 - 13:30 Lunch

Bayshore Ballroom

12:30 - 13:15 CMUF Monthly Meeting

Fir Room

13:30 - 15:00 Track Sessions

Certification Programs (C32)
Components

13:30 Module Component Pre-Validation Packages: Enhancing Reusability for Scalable Certifications (C32a) Graham Costa, Security and Certifications Manager, Thales, United Kingdom


14:00 Decoupling Applets from Smart Card/Java Card Validations (C32b) Apurva Varalikar, Laboratory Manager, Acumen Security, United States


14:30 ISO FHE standardization (C32c) Speaker TBA

Post-Quantum Crypto (Q32)
Post Quantum Considerations

13:30 A Gentle Introduction to Lattice Cryptanalysis (Q32a) Daniel Shiu, Chief Cryptographer, Arqit Quantum, United Kingdom


14:00 Challenges and Solutions for Implementing Post-Quantum Algorithms in FIPS Modules (Q32b) Michael Hamburg, Manager Security Engineering, Rambus, United States


14:30 Considerations for Deploying PQC Algorithms at Scale (Q32c) Brian Jarvis, Software Development Manager, Amazon Web Services (AWS), United States

Implementing Crypto Cybersecurity (U32)
In the Field

13:30 Modes of Operation for Digital Signature Schemes (U32a) Dr. Burt Kaliski Jr., Senior Vice President and Chief Technology Officer, VeriSign, United States


14:00 ISO, X9 and Payment Security (U32b) Richard Kisley, Chief Engineer, IBM HSM, United States


14:30 Medical Device Cybersecurity (U32c) Arnab Ray, Director of Cybersecurity (Product and Manufacturing), Abbott Labs, United States

15:00 - 15:15 Networking Break

Bayshore Ballroom

15:15 - 16:15 Summary Plenary Session

Cedar/Pine Room

16:15 Adjourn