ICMC is presented in six tracks, over the course of three days: | Advanced Technology Track (A) High-level technology issues, or special-focus subject matter | Certification Programs Track (C) Issues related to the CMVP, government programs and policy | General Technology Track (T) Tools and techniques relating to cryptographic modules |
Plenary Sessions (P) Industry overview topics are presented at the beginning and end of the conference. | User Experience Track (U) Information of interest to the cryptographic module end-user | Industry Vertical/Embedded Crypto Track (E) The application of embedded encryption in specific industry verticals | Common Criteria and Crypto Track (R) Encryption issues related to NIAP compliant products |
Wednesday, May 18
Plenary Session
Welcome and Introduction, Ryan Hill, Community Outreach Manager, atsec information security; Cryptographic Module User Forum (CMUF) Overview, Matt Keller, Vice President, Corsec
Keynote: Building our Collective Cryptographic Community (P01a) Joe Waddington, Director General—Cyber Defence, Information Technology Security, CSE
Keynote: Assuring the Faithfulness of Crypto Modules (P01b) David McGrew, Cisco Fellow, Cisco Systems
Certification Programs Track
Keynote: Overview of ISO 19790:2012 Revision (C02a) Randall Easter, Computer Security Division, STVM, NIST
CAVP—Inside the World of Cryptographic Algorithm Validation Testing (C02b) Sharon Keller, Computer Scientist, NIST
FIPS Inside (C02c) Carolyn French, Manager, Cryptographic Module Validation Program, Communications Security Establishment
Automated Run-time Validation for Cryptographic Modules (C03a) Apostol Vassilev, Technical Director, Research Lead–STVM, Computer Security Division, NIST; David McGrew , Cisco Fellow, Cisco Systems; Barry Fussell, Senior Software Engineer, Cisco Systems
Introduction on the Commercial Cryptography Scheme in China (C03b) Di Li, Senior Consultant, atsec information security corporation
The Current Status and Entropy Estimation Methodology in Korean CMVP (C03c) Yongjin Yeom, Kookmin University; Sangwoon Jang, Seog Chung Seo, National Security Research Institute
Germany and the Netherlands—Certification of Secure Cryptographic Modules (C04a) Leo Kool, Group Manager, BrightSight
The Open Trusted Technology Provider™ Standard (C04c) Erin Connor, Director, EWA-Canada
General Technology Track
Keynote: Modern Crypto Systems and Practical Attacks (G02a) Najwa Aaraj, Senior Vice President, Special Projects, DarkMatter
What is My Cryptographic Boundary? (G02b) Ying-Chong Hedy Leung, Senior Consultant, atsec information security corporation
Certification of Quantum Cryptographic Network Security Devices (G02c) Nino Walenta, Principle Research Scientist, Battelle Memorial Institute
Let’s Talk About Physical Security (G03a) Steve Weingart, Manager of Public Sector Certifications, Aruba, an HP Enterprise company
Standardized Testing of Public Algorithms (ECC and RSA) Using Test Vector Leakage Assessment (G03b) Gilbert Goodwill, Senior Principal Engineer, Rambus Cryptography Research; Michael Tunstall, Security Engineer, Rambus Cryptography Research Division
Analysis and Solutions for CAVS Testing Errors (G03c) Yuan Xu, Information Security Consultant, atsec information security corporation
Secure Access with Open Source Authentication (G04a) Donald Malloy, Director of Business Development, LSExperts
Huh, Must be Encrypted?! (G04b) Yi Mao, Lab Director, atsec information security corp.
Afternoon Networking Break
Cryptographic Module Game Program (CMGP) Your Host: Nick Goble, Technical Marketing Engineer, Cisco
Thursday, May 19
Certification Programs Track
NIST and NIAP Working Together (C11a) Mary Baish, Deputy Director, NIAP; Matthew Scholl, Division Chief, Computer Security Division, NIST
Side Channel Testing Requirements in 19790 (C11b) Randall Easter, Computer Security Division, STVM, NIST
Testing Fault Injection and Side Channel in FIPS: Vision of a Smart Card Laboratory (C11c) Jose Ruiz Gualda, Common Criteria Leader, David Hernández García, R&D Engineer, Applus
Creating a Model of the FIPS 140 Testing and Validation Process with a View to Improving the Process (C12a) Kelvin Desplanque, Security Certification Engineer, Cisco Systems
Objective Security Evaluation: Possibly Feasible, or Feasibly Possible? (C12b) Andrew Jamieson, Security Laboratories Manager, Underwriters Laboratories
Validation Workflow (C12c) Carol Cantlon, IT Security Specialist, EWA-Canada
Cryptographic Transition Planning Panel Discussion (C13a) Moderator: Ralph Spencer Poore, PCIP, CISSP, CISA, CFE, CHS-III, Director, Emerging Standards, PCI Security Standards Council; Panelists: Dawn Adams, PA and CST Lab Manager, EWA-Canada; Todd Arnold, Senior Technical Staff Member (STSM), IBM Master Inventor, IBM Cryptographic Coprocessor Development; Terence Spies, Chief Technologist, HP Security Voltage, Hewlett-Packard Enterprise, Subcommittee Chair, ANSI X9F1
Modifying an Existing Commercial Product for Cryptographic Module Evaluation (C13b) Alan Gornall, Principal Consultant, Rycombe Consulting
GlobalPlatform: Facilitating the Certification of Multi-Applications (C13c) Hank Chavers, Technical Program Manager, GlobalPlatform
Entropy Requirements Comparison between FIPS 140-2, Common Criteria and ISO 19790 Standards (C14a) Richard Wang, FIPS Laboratory Manager, Gossamer Security Solutions; Tony Apted, CCTL Technical Director, Leidos
Entropy As a Service: Unlocking the Full Potential of Cryptography (C14b) Apostol Vassilev, Research Lead–STVM, Computer Security Division, NIST
General Technology Track
Smartphone Keystores Compared (G11a) William Supernor, CTO, KoolSpan
/Dev/Random and your FIPS 140-2 Validation can be Friends (G11b) Valerie Fenwick, Software Engineering Manager, Oracle
Using /Dev/Urandom the Right Way (G11c) Stephan Mueller, Principal Consultant and Evaluator, atsec information security corp.
An Overview of OpenSSL (G12a) Tim Hudson, CTO and Technical Director, Cryptsoft Pty Ltd.
Auditing OpenSSL (G12b) Kenneth White, Director & Co-Founder, Open Crypto Audit Project
LibreSSL Introduction and Overview (G12c) Giovanni Bechis, Owner, System Administrator and Developer, SnB, Developer, OpenBSD
Multi-Vendor Key Management with KMIP (G13a) Tim Hudson, CTO and Technical Director, Cryptsoft Pty ltd
Entropy: Finding Random Bits for OpenSSL (G13b) Denis Gauthier, Senior Software Development Manager, Oracle
Improving Module’s Performance When Executing the Power-up Tests (G13c) Allen Roginsky, Mathematician, NIST
GlobalPlatform’s Secure Component and the Root of Trust (G14a) Olivier Van Nieuwenhuyze, Security Task Force Chair, GlobalPlatform, Senior R&D Engineer, STMicroelectronics
CTO Panel Discussion: The Future of Security (G14b) Moderator: Matt Keller, Vice President, Corsec; Panelists: Jon Geater, CTO, Thales e-Security; Gorav Arora, Director of Technology in the CTO Office, Gemalto; Jasper Van Woudenberg, CTO, North America, Riscure
End-User Experience Track
Keynote: Worlds Collide: Are We Ready for Security at Warp Speed? (U11a) Jon Geater, CTO, Thales e-Security
The Pros and Cons of Using an Embedded FIPS Module vs. Validating an Entire Product (U11b) Anthony Busciglio, Laboratory Manager, Acumen Security
How Much is My Certification Really Worth—Keeping Standards Relevant in an Evolving World (U11c) Graham Costa, Security and Certifications Manager, Gemalto; William Tung, Senior Security & Certifications Analyst, Gemalto
Getting Value for Money from Your Certification Investment (U12a) Alan Gornall, Principal Consultant, Rycombe Consulting
FIPS 140-2 Security Policy Template Review (U12b) Ryan Thomas, FIPS 140-2 Program Manager, CGI Global Labs; Jennifer Cawthra, Security Testing, Validation and Measurement, NIST
Requirements for Certification and Regulation to Secure IoT Devices (U12c) Andreas Philipp, VP Marketing and Business Development, Utimaco
FIPS Validated Cryptography with Back Doors: Oops! (U13a) Valerie Fenwick, Software Engineering Manager, Oracle
Reconciling Vulnerability Response with Certifications—Comparison of Experiences in Europe and USA (U13b) Fabien Deboyser, Certification Engineer, Thales e-Security
Show Me The Warrant: Why Encrypted Messages Are Like Cherry Pie for Uncle Sam (U13c) Ray Potter, CEO & Founder, SafeLogic
The Life-Cycle of a Software Cryptographic Module (U14a) Steven Schmalz, Principal Systems Engineer, RSA—the Security Division of EMC
How to Build a Product Security Program with SDL & Certifications (U14b) Ashit Vora, Co-founder and Laboratory Director, Acumen Security; Chris Romeo, Founder, Principal Consultant, Security Journey
Friday, May 20
Common Criteria and Crypto Track
Keynote: Securing Mobility through the Canadian Medium Assurance Solutions Program (R21a) Greg Hills, Director, Architecture & Technology Assurance, Communications Security Establishment (CSE)
NIAP Update (R21b) Dianne Hale, NIAP
Cryptography and the Common Criteria in Canada (R21c) Cory Clark, IT Security Specialist, CSEC
Network Device Collaborative Cryptographic Module (R22a) Nick Goble, Technical Marketing Engineer, Cisco
An Update from the CCUF Crypto Technical Working Group (R22b) Ashit Vora, Crypto Technical Working Group, Common Criteria Users Forum
The Economics of Security Certifications—FIPS 140-2, Common Criteria, and UC APL (R23a) John Morris, President, Corsec
The CC Threads within ISO 19790 (R23b) Iain Holness, Security Engineer, Cygnacom Solutions; Dayanandini Pathmanathan, Common Criteria Evaluator, CygnaCom CCCEL Canada
Advanced Technology Track
Keynote: Quantum Computing Current Research and Standards for Quantum Safe Cryptography (A21a) Mark Pecen, CEO, Approach Infinity
Update on the Quantum Threat, Mitigation, and Relevant Timelines (A21b) Michele Mosca, University Research Chair and Co-Founder, Institute for Quantum Computing, University of Waterloo; Co-Founder & CEO, evolutionQ Inc., Canada
Quantum Safety In Certified Cryptographic Modules (A21c) William Whyte, Chief Scientist , Security Innovation
Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers (A22a) Jasper van Woudenberg, CTO North America, Riscure
Deep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3 (A22b) Richard Wang, FIPS Laboratory Manager Gossamer Security Solutions; Ed Morris, Director, Gossamer Security Solutions
An Approach for Entropy Assessment of Ring Oscillator-Based Noise Sources (A23a) Joshua Hill, Information Security Scientist, InfoGard Laboratories
FIPS 202, the SHA-3 Standard (A23b) Michael Powers, Security Assurance Engineer, Leidos; Jason Tseng, CSTL Lab Manager, Leidos
Industry Vertical/Embedded Crypto
Keynote: Crypto as a Service (CaaS) for Embedded Security Infrastructures (E21a) Matt Landrock, CEO, Cryptomathic
Security Credential Management System (SCMS) Applications Beyond Vehicle to Vehicle Safety (E21b) Brian Romansky, Vice President Strategic Technology, TrustPoint Innovation
Connected Car Security in the V2X Infrastructure (E21c) Richard Soja, Senior Principal Engineer, NXP
Cryptographic Modules for the Internet of Things (E22a) Carol Cantlon, IT Security Specialist, EWA-Canada; Lawrence Dobranski, DSc, MBA, MSc (Eng), P.Eng., Director, ICT Security, Access & Compliance, Professional Affiliate, Department of Computer Science, University of Saskatchewan
Hardware-Intrinsic Identity for Mobile Payments (E22b) John Wallrabenstein, Chief Scientist, Sypris Research
IoT and Security: A Defense in Depth Perspective (E23a) Loren Shade, VP Marketing, Allegro Software
Summary Panel Discussion
The Value of Certification in Other Industry Verticals (P24) Moderator: Steve Weingart, Manager of Public Sector Certifications, Aruba, an HP Enterprise Company; Panelists: Mary, Baish, Deputy Director, NIAP; Jon Green, CTO, Aruba Government Solutions, Aruba, a Hewlett Packard Enterprise company; John Morris, President, Corsec; Shawn Wells, Chief Security Strategist, Public Sector, Red Hat. What will it take for FIPS 140-2, ISO/IEC 19790, and Common Criteria to be a best practice or requirement in health care, automotive, financial, IoT and other industries?