New for 2024, presented September 17, the day before ICMC. This optional special-focus event will help you prepare now for the threat posed by future quantum computers. This special-focus event will include important, actionable information for anyone concerned with cybersecurity in a data-dependent enterprise.
Click Here for the PQ Cyber Day Agenda
Conference Sessions
Bayshore Foyer
Gateway Ballroom
Moderator: Erin Connor, Consultant, Program Director, ICMC
09:00 Welcome Address (P10a) Yi Mao, CEO and Managing Director, atsec information security corp, United States
09:05 Government Keynote: PQC Roadmap for the Federal Government (P10b) Garfield Jones, Associate Chief of Strategic Technology, Cybersecurity and Infrastructure Security Agency (CISA), United States
09:40 Industry Keynote: The Post-Quantum Question (P10c) Nick Sullivan, Co-Chair, Crypto Forum Research Group (CFRG), Co-Chair, Internet Research Task Force (IRTF) and Principal, Cryptography Consulting, United States
Bayshore Ballroom
Certification Programs (C11) Validation Program Updates |
Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia |
11:00 CMVP Program Update (C11a) David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States
11:30 CMVP Program Future Plans and Issues (C11b) David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Kailai Chen, CMVP Program Manager (Canada), Canadian Centre for Cyber Security (CCCS), Canada
12:00 NIAP Policy 5 and Equivalency Updates (C11c) Jade Stewart, Portfolio Manager, NIAP, United States
Embedded/IoT (E11) Selected Topics |
11:00 NIST SP800-90B Certifiable Software-Based TRNG for IoT (E11a) Tesfa Mael, Embedded/Software Systems Engineer, wolfSSL, United States
11:30 Stirring the SBOM Soup with FIPS (E11b) Loren Shade, VP of Marketing, Allegro Software, United States
12:00 Scaling IoT Security Assessment and Certification with EN 17927 (SESIP) (E11c) Olivier Van Nieuwenhuyze, Vice Chair and Security Task Force Chair, GlobalPlatform, United Kingdom
Open-Source Cryptography (S11) Updates and Strategies |
11:00 Strategies for Evaluating Open-Source Cryptography (S11a) Javed Samuel, Vice President Crypto Services, NCC Group Cryptography Services, United States
11:30 Update on PKCS #11 3.2 (S11b) Robert Relyea, OASIS PKCS #11 Co-chair, Red Hat, United States
12:00 OpenSSL Roadmap Update (S11c) Neil Horman, Software Engineer, OpenSSL
Bayshore Ballroom
Certification Programs (C12) Relationships and Entropy |
Moderator: Juan Gonzalez, Laboratory Director, Teron Labs, Australia |
13:30 Navigating Vendor and Lab Relationships: Best Practices and Lessons Learned from FIPS 140-3 (C12a) James Dean, Deputy Lab Manager, UL Solutions, Canada
14:00 Entropy Reviewer Panel (C12b) Leader: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States; Timothy Hall, Security Testing, Validation, and Measurement Manager National Institute of Standards and Technology (NIST), United States [60 MIN]
Crypto Technology (G12) Cloudy Update Insights |
13:30 Insights from Automated Large-Scale Analysis of FIPS 140 Certificates (G12a) Adam Janovský, PhD Candidate, Masaryk University, Czechia
14:00 NIST SP 800-38 Series: Status Update on Block Cipher Modes of Operation (G12b) Nicky Mouha, Researcher, Strativia, United States
14:30 FIPS 140-3 in the Cloud: Practical Strategies from a Real-World Case Study (G12c) Brandon Harvey, Principal Security Analyst, Oracle, United States
Open-Source Cryptography (S12) In Practice |
13:30 Striking a Balance: Utilizing Hardware Intrinsics for Accelerating Post-Quantum Cryptography (S12a) David Hook, VP Software Engineering, Legion of the Bouncy Castle, Keyfactor/Legion of the Bouncy Castle,
14:00 A Further Practical Guide for Proactive Key Management and PQ Readiness Using KMIP (S12b) Tony Cox, Consultant, TC Logic, Australia
14:30 Building an Open-Source FIPS Soft-Token in Rust (S12c) Simo Sorce, Distinguished Engineer, Red Hat, United States
Bayshore Ballroom
Certification Programs (C13) International Updates |
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States |
15:30 Cryptographic Evaluation in Europe Is Now a Reality: The Spanish Case (C13a) Juan Martínez, Crypto Manager, jtsec Beyond IT Security, Spain
16:00 Panel: The Upcoming ISO/IEC 19790:2024 (C13b) Leader: Yi Mao, CEO and Managing Director, atsec information security corp, United States; Graham Costa, Security and Certifications Manager, Thales, United Kingdom; Carolyn French, CMVP Program Manager, Canadian Centre for Cyber Security, Canada; Margaret Salter, Director of Applied Cryptography, AWS, United States; Timothy Hall, Security Testing, Validation, and Measurement Manager National Institute of Standards and Technology (NIST), United States; Jon Rolf, Director , NIAP National Security Agency (NSA), United States [60 MIN]
Crypto Technology (G13) Authentication, Metrics, and Gaps |
15:30 Machines Do Not Have Thumbs: Multifactor Authentication for Non-Humans (G13a) Marcos Portnoi, Lab Director & CISO, atsec information security corp, United States
16:00 Security Metrics in Pre-Silicon Processor and System Design (G13b) William Santiago, Distinguished Research Scientist and Manager, IBM, United States
16:30 Bridging the FIPS 140-3 Gap: Insights from Multiple Module Gap Analyses with a Vendor Perspective (G13c) Jennifer Brady, Senior Principal Security Analyst, Oracle, United States
Open-Source Cryptography (S13) Support and Validation |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
15:30 Supporting OpenSSL Providers from a Fork (S13a) Rich Salz, Principal Architect, Akamai Technologies, United States
16:00 Taking OpenSSL3 to FIPS 140-3 (S13b) Randall Steck, Founder/CEO, Symbiotic Systems Research, LLC, United States
16:30 OpenSSL FIPS Validation Updates (S13c) Apurva Varalikar, Laboratory Manager, Acumen Security, United States
Bayshore Ballroom
Separate registration required. Enjoy an informal group dinner and drinks at an iconic Silicon Valley restaurant with your ICMC colleagues. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:30 at the ICMC registration desk in the foyer and depart from there.
Conference Sessions
Bayshore Ballroom
Crypto Technology (G20) Vendor Viewpoints |
09:00 High Availability Cryptography and FIPS (G20a) Alicia Squires, Principal FIPS Technical Program Manager, Amazon Web Services (AWS), United States; Swapneela Unkule, CST Lab Manager, atsec information security corp, United States
09:30 Cryptographic Agility and Key Rotation (G20b) Sophie Schmieg, Information Security Engineer | ISE Crypto, Google, United States
10:00 Designing Cryptographic Systems (G20c) Anna Johnston, Cryptographer (Principal Engineer), Juniper Networks, United States
Post-Quantum Crypto (Q20) Quantum-Safe Issues |
09:00 Multimodal Cryptography: A Defense-in-Depth Approach to Quantum-Safe Security (Q20a) Sarah McCarthy, Cryptographic Strategist, evolutionQ, Canada
09:30 Panel: Quantum Resilience In Depth – What to Do If Our Current Quantum-Safe Strategies Don’t Work (Q20b) Leader: Bruno Couillard, CEO, Crypto4A Technologies, Canada [60 MIN]
RBG/Entropy (N20) Everything Entropy |
Moderator: Brian Wood, Program Manager for Security Certifications, Google, United States |
09:00 Practical Guide to Entropy (N20a) Lisa Rabe, Security Research Engineer, Cisco Systems, United States
09:30 A Practical Guide to Entropy Noise Sources (N20b) Richard Fant, Security Researcher, Intel, United States
10:00 Post-Processing Algorithms and Conditioning Functions for Entropy Sources (N20c) Johannes Mittmann, Mathematician, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States
Bayshore Ballroom
Crypto Technology (G21) Implementation Topics |
11:00 The Hitchhiker’s Guide to FHE (G21a) Sandra Guasch Castelló, Staff Privacy Engineer, SandboxAQ, Spain
11:30 Topic TBA (G21b) Speaker TBA
12:00 Componentization–Cryptographic Module Reuse Scenarios (G21c) Kelvin Desplanque, Platform Security Architect, Intel, United States
Post-Quantum Crypto (Q21) Selected Topics |
Moderator: Nithya Rachamadugu, VP Cybersecurity Certification, DEKRA, United States |
11:00 The First NIST PQC Standards (Crypto Module Edition) (Q21a) Lily Chen, Mathematician, NIST Fellow, United States
11:30 Topic TBA (Q21b) Speaker TBA
12:00 All the Things PQ – End-to-End PQ-Secure FIDO2 Protocol (Q21c) Nina Bindel, Staff Researcher, SandboxAQ, Germany
RBG/Entropy (N21) New and Old RNGs |
Moderator: Marcos Portnoi, Lab Director & CISO, atsec information security corp, United States |
11:00 XDRBG – A New Lean DRBG (N21a) Stephan Mueller, Principal Consultant, atsec information security corp, United States; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States
11:30 Panel: Standardization of Random Number Generators–Perspective from BSI and NIST (N21b) Leader: John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States [60 MIN]
Bayshore Ballroom
Certification Programs (C22) Vendor and Lab Perspectives |
13:30 FIPS Everywhere – Can We Do It? (C22a) Margaret Salter, Sr Principal, Cryptography, AWS, United States
14:00 If I Led the CMVP: Thoughts for the CMVP from Labs and Vendors (C22b) Leader: David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Swapneela Unkule, CST Lab Manager atsec information security, United States [60 MIN]
Post-Quantum Crypto (Q22) Post Quantum and HSMs |
13:30 NIST NCCoE PQC Migration HSM Interoperability Testing (Q22a) Jim Goodman, Chief Technology Officer and Principal Security Architect, Crypto4A Technologies, Canada
14:00 Panel: HSMs & Post-Quantum: Can They Keep Up? (Q22b) Leader: Bruno Couillard, CEO, Crypto4A Technologies, Canada [60 MIN]
RBG/Entropy (N22) Practical Entropy |
Moderator: Marcos Portnoi, Lab Director & CISO, atsec information security corp, United States |
13:30 DRNG Trees and RBGC Constructions (N22a) Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States
14:00 Developing a Stochastic Model for a Ring Oscillator and Determination of Correlation Between Ring Oscillators (N22b) Steele Myrick, Entropy Analyst, Corsec Security, United States
14:30 Exploring On-Chip Cache (L1/L2/L3) and a DDR-RAM-Based Non-Physical Noise Sources for BSI (N22c) Simon Rix, FIPS Lab Manager, Intertek EWA-Canada, Canada
Bayshore Ballroom
Certification Programs (C23) Selected Topics |
15:30 Dedicated Security Component – A FIPS Module in the CC World (C23a) Brian Wood, Program Manager for Security Certifications, Google, United States; Joachim Vandersmissen, Deputy CC Lab Manager atsec information security, United States
16:00 A Funny Thing Happened on the Way to the Test Lab (C23b) Seamus Mulready, Cryptographic Security Tester (FIPS), Lightship Security, Canada
16:30 Demystifying First-Party Lab Accreditation Process (C23c) Shola Adegboye, Security Research Engineer/Scientist, Intel, United States
Post-Quantum Crypto (Q23) Interoperability and Transition |
15:30 PQC Interoperability Project (Q23a) John Gray, Senior Principal Software Applications Developer, Entrust, Canada
16:00 Panel: Crypto Agility in Post-Quantum Cryptography: How to Transition Smoothly (Q23b) Leader: Marcos Portnoi, Lab Director, atsec information security corp, United States; Jai Arun, Head of IBM Quantum Safe Product Management & Strategy; Russ Housley, Owner, Vigil Security; Jim Goodman, Co-Founder, Chief Technical Officer, Crypto4A Technologies; Lily Chen, Mathematician, NIST Fellow, United States [60 MIN]
RBG/Entropy (N23) Health Tests and ESV Trends |
15:30 The SP800-90B Approved Health Tests and Their Cutoffs (N23a) Joshua Hill, Information Security Scientist, KeyPair Consulting, United States
16:00 Health Testing with Sample Variance (N23b) Yvonne Cliff, Senior Research Engineer, Teron Labs, Australia
16:30 Trends of the ESV Submissions to Date (N23c) Chris Bell, Security Engineer, Intertek Acumen, United States
Conference Sessions
Bayshore Ballroom
Certification Programs (C30) Selected Topics |
09:00 Making Sense of the FIPS 140 Validation Review Queue (C30a) Chris Brych, Senior Principal Security Analyst, Oracle, Canada
09:30 Panel: NCCoE Automation of Module Validation Project (AMVP) (C30b) Leader: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States; Walker Riley, IT Security Consultant, atsec information security corp, United States; Raoul Gabiam, Principal Cloud and Cybersecurity Engineer, MITRE, United States; Courtney Maatta, Senior Customer Solutions Manager, Amazon Web Services (AWS), United States; Stephan Mueller, Principal Consultant, atsec information security, United States; Barry Fussell, Principal Engineer, Cisco Systems, United States; Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States [60 MIN]
Post-Quantum Crypto (Q30) Real World Issues |
09:00 Applied PQC – Deploying Stateful Hash-Based Signature Algorithms in Distributed Environments (Q30a) Nils Gerhardt, CTO, Utimaco, Utimaco, Germany
09:30 Towards a Quantum-Secure Future: Exploring QKD as a Complement to PQC (Q30b) Marc Wehling, Evaluator, TÜV Informationstechnik, Germany
10:00 Post-Quantum Cryptographic Hardware Engineering (Q30c) Reza Azarderakhsh, Professor, Florida Atlantic University, and CEO, PQSecure, United States
Implementing Crypto Cybersecurity (U30) Common Modules |
09:00 Vulnerability Handling in Common Criteria (U30a) Daniel O’Loughlin, Vice President Engineering, Qualcomm Technologies, United States
09:30 Panel: Certifications and Common Modules – A Story of Collaboration, Capability, and Change (U30b) Leader: Trish Wolff, Leader FIPS Certifications, Cisco Systems, United States [60 MIN]
Bayshore Ballroom
Certification Programs (C31) Hardware Concerns |
10:45 Side-Channel Vulnerabilities, a Closer Look at NIST Standardization (C31a) Sven Bettendorf, Lead Expert for Quantum Technologies, TÜV Informationstechnik, Germany
11:15 Hardware Equivalency for Single-Chip Modules (C31b) Swapneela Unkule, CST Lab Manager, atsec information security corp, United States; Yann L’Hyver, Engineer, Senior Staff, Qualcomm Technologies, Inc., United States
11:45 Physical Security of Single Chips (C31c) Renaudt Nunez, Senior IT Security Consultant, atsec information security corp, United States
Post-Quantum Crypto (Q31) Timing and Inventories |
10:45 Tooling for Detecting Timing Leaks (Not Only) in Quantum-Safe Implementations (Q31a) Basil Hess, Senior Research Engineer, IBM Research, Switzerland
11:15 Panel: How to Make the Most Out of Cryptographic Inventories for Your Organization (Q31b) Leader: Ryan Hurst, Advisor, SandboxAQ, United Kingdom; Najwa Aaraj, CEO, Technology Innovation Institute (TII); Garfield Jones, Associate Chief of Strategic Technology, Cybersecurity and Infrastructure Security Agency (CISA); Lily Chen, Mathematician, NIST Fellow, United States [60 MIN]
Implementing Crypto Cybersecurity (U31) Selected Topics |
Moderator: Loren Shade, VP of Marketing, Allegro Software, United States |
10:45 Fighting Deepfakes Thru Provenance Attestation (U31b) Asaf Shen, Senior Director for Product Management, Qualcomm Technologies, Inc., United States
11:15 Supporting OpenSSL3 Providers Architecture in Restrictive OSes (e.g., iOS) (U31b) Alexander Zaslavsky, Lead SW Eng, SafeLogic, Spain
11:45 PQKMS: Provably Zero-Trust, Attribute-Based Key Management System (U31c) Yogesh Swami, CTO, SecureSubstrates, United States
Bayshore Ballroom
Fir Room
Certification Programs (C32) Components |
13:30 Module Component Pre-Validation Packages: Enhancing Reusability for Scalable Certifications (C32a) Graham Costa, Security and Certifications Manager, Thales, United Kingdom
14:00 Decoupling Applets from Smart Card/Java Card Validations (C32b) Apurva Varalikar, Laboratory Manager, Acumen Security, United States
14:30 ISO FHE standardization (C32c) Speaker TBA
Post-Quantum Crypto (Q32) Post Quantum Considerations |
13:30 A Gentle Introduction to Lattice Cryptanalysis (Q32a) Daniel Shiu, Chief Cryptographer, Arqit Quantum, United Kingdom
14:00 Challenges and Solutions for Implementing Post-Quantum Algorithms in FIPS Modules (Q32b) Michael Hamburg, Manager Security Engineering, Rambus, United States
14:30 Considerations for Deploying PQC Algorithms at Scale (Q32c) Brian Jarvis, Software Development Manager, Amazon Web Services (AWS), United States
Implementing Crypto Cybersecurity (U32) In the Field |
Moderator: Loren Shade, VP of Marketing, Allegro Software, United States |
13:30 Modes of Operation for Digital Signature Schemes (U32a) Dr. Burt Kaliski Jr., Senior Vice President and Chief Technology Officer, VeriSign, United States
14:00 ISO, X9 and Payment Security (U32b) Richard Kisley, Chief Engineer, IBM HSM, United States
14:30 Medical Device Cybersecurity (U32c) Arnab Ray, Director of Cybersecurity (Product and Manufacturing), Abbott Labs, United States
Bayshore Ballroom
Cedar/Pine Room