Conference Agenda 2024

Cedar/Pine Room

11:00 CMVP Program Update (C11a) David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States

11:30 CMVP Program Future Plans and Issues (C11b) David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Kailai Chen, CMVP Program Manager (Canada), Canadian Centre for Cyber Security (CCCS), Canada

12:00 NIAP Policy 5 and Equivalency Updates (C11c) Jade Stewart, Portfolio Manager, NIAP, United States

Fir Room

11:00 NIST SP800-90B Certifiable Software-Based TRNG for IoT (E11a) Tesfa Mael, Embedded/Software Systems Engineer, wolfSSL, United States

11:30 Stirring the SBOM Soup with FIPS (E11b) Loren Shade, VP of Marketing, Allegro Software, United States

12:00 Scaling IoT Security Assessment and Certification with EN 17927 (SESIP) (E11c) Olivier Van Nieuwenhuyze, Vice Chair and Security Task Force Chair, GlobalPlatform, United Kingdom

Oak Room

Track Sponsor

11:00 Strategies for Evaluating Open-Source Cryptography (S11a) Javed Samuel, Vice President Crypto Services, NCC Group Cryptography Services, United States

11:30 Update on PKCS #11 3.2 (S11b) Robert Relyea, OASIS PKCS #11 Co-chair, Red Hat, United States

12:00 OpenSSL Roadmap Update (S11c) Neil Horman, Software Engineer, OpenSSL

13:30 Navigating Vendor and Lab Relationships: Best Practices and Lessons Learned from FIPS 140-3 (C12a) James Dean, Deputy Lab Manager, UL Solutions, Canada

14:00 Entropy Reviewer Panel (C12b) Leader: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States; Timothy Hall, Security Testing, Validation, and Measurement Manager National Institute of Standards and Technology (NIST), United States [60 MIN]

13:30 Insights from Automated Large-Scale Analysis of FIPS 140 Certificates (G12a) Adam Janovský, PhD Candidate, Masaryk University, Czechia

14:00 NIST SP 800-38 Series: Status Update on Block Cipher Modes of Operation (G12b) Nicky Mouha, Researcher, Strativia, United States

14:30 FIPS 140-3 in the Cloud: Practical Strategies from a Real-World Case Study (G12c) Brandon Harvey, Principal Security Analyst, Oracle, United States

13:30 Striking a Balance: Utilizing Hardware Intrinsics for Accelerating Post-Quantum Cryptography (S12a) David Hook, VP Software Engineering, Legion of the Bouncy Castle, Keyfactor/Legion of the Bouncy Castle, 

14:00 A Further Practical Guide for Proactive Key Management and PQ Readiness Using KMIP (S12b) Tony Cox, Consultant, TC Logic, Australia

14:30 Building an Open-Source FIPS Soft-Token in Rust (S12c) Simo Sorce, Distinguished Engineer, Red Hat, United States

15:30 Cryptographic Evaluation in Europe Is Now a Reality: The Spanish Case (C13a) Juan Martínez, Crypto Manager, jtsec Beyond IT Security, Spain

16:00 Panel: The Upcoming ISO/IEC 19790:2024 (C13b) Leader: Yi Mao, CEO and Managing Director, atsec information security corp, United States; Graham Costa, Security and Certifications Manager, Thales, United Kingdom; Carolyn French, CMVP Program Manager, Canadian Centre for Cyber Security, Canada; Margaret Salter, Director of Applied Cryptography, AWS, United States; Timothy Hall, Security Testing, Validation, and Measurement Manager National Institute of Standards and Technology (NIST), United States; Jon Rolf, Director , NIAP National Security Agency (NSA), United States [60 MIN]

15:30 Machines Do Not Have Thumbs: Multifactor Authentication for Non-Humans (G13a) Marcos Portnoi, Lab Director & CISO, atsec information security corp, United States

16:00 Security Metrics in Pre-Silicon Processor and System Design (G13b) William Santiago, Distinguished Research Scientist and Manager, IBM, United States

16:30 Bridging the FIPS 140-3 Gap: Insights from Multiple Module Gap Analyses with a Vendor Perspective (G13c) Jennifer Brady, Senior Principal Security Analyst, Oracle, United States

15:30 Supporting OpenSSL Providers from a Fork (S13a) Rich Salz, Principal Architect, Akamai Technologies, United States

16:00 Taking OpenSSL3 to FIPS 140-3 (S13b) Randall Steck, Founder/CEO, Symbiotic Systems Research, LLC, United States

16:30 OpenSSL FIPS Validation Updates (S13c) Apurva Varalikar, Laboratory Manager, Acumen Security, United States

Cedar/Pine Room

09:00 High Availability Cryptography and FIPS (G20a) Alicia Squires, Principal FIPS Technical Program Manager, Amazon Web Services (AWS), United States; Swapneela Unkule, CST Lab Manager, atsec information security corp, United States

09:30 Cryptographic Agility and Key Rotation (G20b) Sophie Schmieg, Information Security Engineer | ISE Crypto, Google, United States

10:00 Designing Cryptographic Systems (G20c) Anna Johnston, Cryptographer (Principal Engineer), Juniper Networks, United States

Fir Room

09:00 Multimodal Cryptography: A Defense-in-Depth Approach to Quantum-Safe Security (Q20a) Sarah McCarthy, Cryptographic Strategist, evolutionQ, Canada

09:30 Panel: Quantum Resilience In Depth – What to Do If Our Current Quantum-Safe Strategies Don’t Work (Q20b) Leader: Bruno Couillard, CEO, Crypto4A Technologies, Canada [60 MIN]

Oak Room

09:00 Practical Guide to Entropy (N20a) Lisa Rabe, Security Research Engineer, Cisco Systems, United States

09:30 A Practical Guide to Entropy Noise Sources (N20b) Richard Fant, Security Researcher, Intel, United States

10:00 Post-Processing Algorithms and Conditioning Functions for Entropy Sources (N20c) Johannes Mittmann, Mathematician, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States

11:00 The Hitchhiker’s Guide to FHE (G21a) Sandra Guasch Castelló, Staff Privacy Engineer, SandboxAQ, Spain

11:30 Topic TBA (G21b) Speaker TBA

12:00 Componentization–Cryptographic Module Reuse Scenarios (G21c) ​​Kelvin Desplanque, Platform Security Architect, Intel, United States

11:00 The First NIST PQC Standards (Crypto Module Edition) (Q21a) Lily Chen, Mathematician, NIST Fellow, United States

11:30 Topic TBA (Q21b) Speaker TBA

12:00 All the Things PQ – End-to-End PQ-Secure FIDO2 Protocol (Q21c) Nina Bindel, Staff Researcher, SandboxAQ, Germany

11:00 XDRBG – A New Lean DRBG (N21a) Stephan Mueller, Principal Consultant, atsec information security corp, United States; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States

11:30 Panel: Standardization of Random Number Generators–Perspective from BSI and NIST (N21b) Leader: John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States [60 MIN]

13:30 FIPS Everywhere – Can We Do It? (C22a) Margaret Salter, Sr Principal, Cryptography, AWS, United States

14:00 If I Led the CMVP: Thoughts for the CMVP from Labs and Vendors (C22b) Leader: David Hawes, CMVP Program Manager, National Institute of Standards and Technology (NIST), United States; Swapneela Unkule, CST Lab Manager atsec information security, United States [60 MIN]

13:30 NIST NCCoE PQC Migration HSM Interoperability Testing (Q22a) Jim Goodman, Chief Technology Officer and Principal Security Architect, Crypto4A Technologies, Canada

14:00 Panel: HSMs & Post-Quantum: Can They Keep Up? (Q22b) Leader: Bruno Couillard, CEO, Crypto4A Technologies, Canada [60 MIN]

13:30 DRNG Trees and RBGC Constructions (N22a) Werner Schindler, Head of Section, Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany; John Kelsey, Computer Scientist, National Institute of Standards and Technology (NIST) and COSIC/KU Leuven, United States

14:00 Developing a Stochastic Model for a Ring Oscillator and Determination of Correlation Between Ring Oscillators (N22b) Steele Myrick, Entropy Analyst, Corsec Security, United States

14:30 Exploring On-Chip Cache (L1/L2/L3) and a DDR-RAM-Based Non-Physical Noise Sources for BSI (N22c) Simon Rix, FIPS Lab Manager, Intertek EWA-Canada, Canada

15:30 Dedicated Security Component – A FIPS Module in the CC World (C23a) Brian Wood, Program Manager for Security Certifications, Google, United States; Joachim Vandersmissen, Deputy CC Lab Manager atsec information security, United States

16:00 A Funny Thing Happened on the Way to the Test Lab (C23b) Seamus Mulready, Cryptographic Security Tester (FIPS), Lightship Security, Canada

16:30 Demystifying First-Party Lab Accreditation Process (C23c) Shola Adegboye, Security Research Engineer/Scientist, Intel, United States

15:30 PQC Interoperability Project (Q23a) John Gray, Senior Principal Software Applications Developer, Entrust, Canada

16:00 Panel: Crypto Agility in Post-Quantum Cryptography: How to Transition Smoothly (Q23b) Leader: Marcos Portnoi, Lab Director, atsec information security corp, United States; Jai Arun, Head of IBM Quantum Safe Product Management & Strategy; Russ Housley, Owner, Vigil Security; Jim Goodman, Co-Founder, Chief Technical Officer, Crypto4A Technologies; Lily Chen, Mathematician, NIST Fellow, United States [60 MIN]

15:30 The SP800-90B Approved Health Tests and Their Cutoffs (N23a) Joshua Hill, Information Security Scientist, KeyPair Consulting, United States

16:00 Health Testing with Sample Variance (N23b) Yvonne Cliff, Senior Research Engineer, Teron Labs, Australia

16:30 Trends of the ESV Submissions to Date (N23c) Chris Bell, Security Engineer, Intertek Acumen, United States

Cedar/Pine Room

09:00 Making Sense of the FIPS 140 Validation Review Queue (C30a) Chris Brych, Senior Principal Security Analyst, Oracle, Canada

09:30 Panel: NCCoE Automation of Module Validation Project (AMVP) (C30b) Leader: Christopher Celi, CAVP Program Manager, National Institute of Standards and Technology (NIST), United States; Walker Riley, IT Security Consultant, atsec information security corp, United States; Raoul Gabiam, Principal Cloud and Cybersecurity Engineer, MITRE, United States; Courtney Maatta, Senior Customer Solutions Manager, Amazon Web Services (AWS), United States; Stephan Mueller, Principal Consultant, atsec information security, United States; Barry Fussell, Principal Engineer, Cisco Systems, United States; Alex Calis, CMVP Deputy Program Manager (US), National Institute of Standards and Technology, United States [60 MIN]

Fir Room

09:00 Applied PQC – Deploying Stateful Hash-Based Signature Algorithms in Distributed Environments (Q30a) Nils Gerhardt, CTO, Utimaco, Utimaco, Germany

09:30 Towards a Quantum-Secure Future: Exploring QKD as a Complement to PQC (Q30b) Marc Wehling, Evaluator, TÜV Informationstechnik, Germany

10:00 Post-Quantum Cryptographic Hardware Engineering (Q30c) Reza Azarderakhsh, Professor, Florida Atlantic University, and CEO, PQSecure, United States

Oak Room

09:00 Vulnerability Handling in Common Criteria (U30a) Daniel O’Loughlin, Vice President Engineering, Qualcomm Technologies, United States

09:30 Panel: Certifications and Common Modules – A Story of Collaboration, Capability, and Change (U30b) Leader: Trish Wolff, Leader FIPS Certifications, Cisco Systems, United States [60 MIN]

10:45 Side-Channel Vulnerabilities, a Closer Look at NIST Standardization (C31a) Sven Bettendorf, Lead Expert for Quantum Technologies, TÜV Informationstechnik, Germany

11:15 Hardware Equivalency for Single-Chip Modules (C31b) Swapneela Unkule, CST Lab Manager, atsec information security corp, United States; Yann L’Hyver, Engineer, Senior Staff, Qualcomm Technologies, Inc., United States

11:45 Physical Security of Single Chips (C31c) Renaudt Nunez, Senior IT Security Consultant, atsec information security corp, United States

10:45 Tooling for Detecting Timing Leaks (Not Only) in Quantum-Safe Implementations (Q31a) Basil Hess, Senior Research Engineer, IBM Research, Switzerland

11:15 Panel: How to Make the Most Out of Cryptographic Inventories for Your Organization (Q31b) Leader: Ryan Hurst, Advisor, SandboxAQ, United Kingdom; Najwa Aaraj, CEO, Technology Innovation Institute (TII); Garfield Jones, Associate Chief of Strategic Technology, Cybersecurity and Infrastructure Security Agency (CISA); Lily Chen, Mathematician, NIST Fellow, United States  [60 MIN]

10:45 Fighting Deepfakes Thru Provenance Attestation (U31b) Asaf Shen, Senior Director for Product Management, Qualcomm Technologies, Inc., United States

11:15 Supporting OpenSSL3 Providers Architecture in Restrictive OSes (e.g., iOS) (U31b) Alexander Zaslavsky, Lead SW Eng, SafeLogic, Spain

11:45 PQKMS: Provably Zero-Trust, Attribute-Based Key Management System (U31c) Yogesh Swami, CTO, SecureSubstrates, United States

13:30 Module Component Pre-Validation Packages: Enhancing Reusability for Scalable Certifications (C32a) Graham Costa, Security and Certifications Manager, Thales, United Kingdom

14:00 Decoupling Applets from Smart Card/Java Card Validations (C32b) Apurva Varalikar, Laboratory Manager, Acumen Security, United States

14:30 ISO FHE standardization (C32c) Speaker TBA

13:30 A Gentle Introduction to Lattice Cryptanalysis (Q32a) Daniel Shiu, Chief Cryptographer, Arqit Quantum, United Kingdom

14:00 Challenges and Solutions for Implementing Post-Quantum Algorithms in FIPS Modules (Q32b) Michael Hamburg, Manager Security Engineering, Rambus, United States

14:30 Considerations for Deploying PQC Algorithms at Scale (Q32c) Brian Jarvis, Software Development Manager, Amazon Web Services (AWS), United States

13:30 Modes of Operation for Digital Signature Schemes (U32a) Dr. Burt Kaliski Jr., Senior Vice President and Chief Technology Officer, VeriSign, United States

14:00 ISO, X9 and Payment Security (U32b) Richard Kisley, Chief Engineer, IBM HSM, United States

14:30 Medical Device Cybersecurity (U32c) Arnab Ray, Director of Cybersecurity (Product and Manufacturing), Abbott Labs, United States