Click the icon to view presentations.
Tuesday, May 16, 2017 |
08:00 – 09:00 Registration (Foyer)
09:00 – 12:30 Pre-Conference Workshops
Pre-Conference Workshop W01a (Ballroom DE) | Pre-Conference Workshop W01b (Ballroom B) | ||
09:00 | Decrypting Crypto: Intro to Cryptography ![]()
|
Intro to FIPS 140 ![]() |
12:30 – 13:30 Lunch (Foyer)
13:30 – 17:00 Pre-Conference Workshops
Pre-Conference Workshop W02a (Ballroom DE) | Pre-Conference Workshop W02b (Ballroom B) | ||
13:30 | Intro to Crypto Hardware Attacks ![]() |
FIPS 140-2 Validation Process: Overview and Case Study ![]() |
Wednesday, May 17, 2017 |
08:00 – 09:00 Registration (Foyer)
09:00 – 10:20 Plenary Keynote Session (Ballroom ABCDE) Welcome , Yi Mao, CST Lab Manager, atsec information security; CMUF Overview
, Matt Keller, Vice President, Corsec
09:20 |
|
|
10:20 – 11:00 Networking Break in Exhibits (Hemingway Ballroom)
11:00 – 12:20 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Industry Vertical/Embedded Crypto (Ballroom B) | Quantum-Safe Crypto Track (Ballroom A) |
||||
11:00 |
C11a. Keynote: Assurance Architecture Through Testing |
G11a. Keynote: Building Trust in the Era of Cloud Computing |
E11a. Keynote: Applied Cryptography and Practical Example Audio not available. |
Q11a. Keynote: Update on ETSI QSC Standards Activities |
|||
11:20 |
Q11b. Update on the Quantum Threat, Mitigation Timelines and Managing Quantum Risk |
||||||
11:40 |
C11c. Third-Party Security Validation: The Role of FIPS 140-2, Common Criteria, and UC APL in Securing Products |
G11c. The 2017 NIST Transition to Stronger Cryptographic Algorithms |
E11c. Hardware Security Requirements for Vehicle-to-Everything Communications |
||||
12:00 |
Q11d. Quantum Threat…and Quantum Solution |
12:20 – 13:20 Lunch in Exhibit Area (Hemingway Ballroom)
13:20 – 14:20 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Industry Vertical/Embedded Crypto (Ballroom B) | Quantum-Safe Crypto Track (Ballroom A) |
||||
13:20 |
C12a. Validating Multiple Cryptographic Modules |
G12a. FIPS as a Vendor—Fitting a Square Peg Into a Round Hole |
E12a. Lessons Learned in IoT Threat Modelling |
Q12a. NIST Post-Quantum Cryptography Standardization |
|||
13:40 |
C12b. Rethinking the Definition of the Operational Environment in FIPS 140-2 |
G12b. FIPS Certification—Tales from the Dev Side |
E12b. FIPS 140-2 Cryptography in the IoT |
||||
14:00 |
C12c. Stop doing grunt work – Key to efficiently executing multiple certification efforts |
G12c. Case Study: Hybrid CM Validation Technology Challenges |
E12c. Secure Authentication without Identification |
Q12c. How to be Ready for Tomorrow’s Quantum Attacks |
14:20 – 14:40 Networking Break in Exhibits (Hemingway Ballroom)
14:40 – 15:40 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Industry Vertical/Embedded Crypto (Ballroom B) | Quantum-Safe Crypto Track (Ballroom A) |
||||
14:40 |
C13a. Is Common Criteria the New FIPS 140? |
G13a. Panel Discussion: Technology Challenges in CM Validation |
E13a. PKI and FICAM Overview and Outlook |
Q13a. Preparing Today for Key Management in a Post-Quantum Computing World |
|||
15:20 |
C13c. Certification Process. Are We on the Right Track? |
E13c. FIPS-140-2 Validation of a NIST SP800-73-4 Conformant Smart Card: The Challenges Ahead |
Q13c. CRYSTALS and Open Quantum Safe |
15:40 – 16:00 Networking Break in Exhibits (Hemingway Ballroom)
16:00 – 17:00 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Industry Vertical/Embedded Crypto (Ballroom B) | Quantum-Safe Crypto Track (Ballroom A) |
||||
16:00 |
C14a. Report from Equivalency Working Group |
G14a. A Tale of Two Entropy Source Validation Approaches: NIST 800 90B vs. BSI AIS 31 |
E14a. Overview/Case Study: Validating FIPS 140-2 Security in PIV Credential Cryptographic Modules |
Q14a. Post Quantum Cryptography and the Future of Digital Signatures |
|||
16:20 |
C14b. Update on FIPS 140-3 |
G14b. Entropy Estimation Methods for SW Environments in KCMVP |
E14b. An Executable Secure Mobility Solution using an NFC Crypto Module |
Q14b. Timing and Side-Channel Countermeasures for Quantum-Safe Cryptography [20MIN] |
|||
16:40 |
Q14c. Experience with Quantum Key Distribution |
17:00 – 18:20 Welcome Reception in Exhibits (Hemingway Ballroom) Sponsor:
18:20 – 21:00 Dine-Around DC
Enjoy an informal group dinner at one of Arlington’s best restaurants with your ICMC colleagues. Select a restaurant and reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:20 at the ICMC registration desk in the foyer and depart from there.
Thursday, May 18, 2017 |
08:00 – 09:00 Coffee in Exhibits (Hemingway Ballroom) CMUF Face-to-Face Meeting (Conference Services Center—Open to All)
09:00 – 09:40 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Open-Source Crypto Track (Ballroom A) |
||||
Moderator: | Moderator: | ![]() |
Moderator: | ||||
09:00 |
C20a. NIST & NIAP Working Together |
G20a. How I Learned to Stop Worrying and Love AES-GCM |
R20a. Keynote Presentation Audio not available. |
S20a. Keynote: Driving Security Improvements in Critical Open Source Projects Audio not available. |
09:40 – 10:00 Networking Break in Exhibits (Hemingway Ballroom)
10:00 – 11:20 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Open-Source Crypto Track (Ballroom A) |
||||
10:00 |
C21a. Update on the Automated Cryptographic Validation Program (ACVP) |
G21a. Trusted Cryptographic Modules, Malware and Encryption |
R21a. NIAP Update |
S21a. Inside the OpenSSL 1.1 FIPS Module Project Audio not available. |
|||
10:40 |
Session breaks early. |
R21c. Understanding Protection Profiles |
S21c. FIPS Certification and the Bouncy Castle Project, or, What do you mean I can’t just do a new release tomorrow? Audio not available. |
||||
|
11:20 – 11:40 Networking Break in Exhibits (Hemingway Ballroom)
11:40 – 12:40 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Open-Source Crypto Track (Ballroom A) |
||||
11:40 |
C22a. PKCS#11 Goes to 3.0! |
G22a. Smartphone Keystores and Key Management: 2017 Edition |
R22a. Commercial Product Assurance: Its Relation to CC |
S22a. Open Source Validations Audio not available. |
|||
12:20 |
C22c. Revalidation in Response to CVEs—CMUF WG |
G22c. The Expanding Role of Hardened Encryption and PKI Management in the Cloud |
R22c. Common Criteria Protection Profile for Trusted Execution Environment |
S22c. Network Time Synchronization for Cryptographic Protocols Audio not available. |
12:40 – 13:40 Lunch in Exhibit Area (Hemingway Ballroom) Sponsor:
13:40 – 14:40 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Open-Source Crypto Track (Ballroom A) |
||||
13:40 |
C23a. CMVP Inside |
G23a. Fast, Quantum-Resistant Public-Key Solutions for Constrained Devices Using Group Theoretic Cryptography |
R23a. CC for Smart Cards and Mobile Security |
S23a. TLS Panel Discussion |
|||
14:00 |
C23b. Standing With Integrity-Integrity Check Using Random Sampling |
||||||
14:20 |
C23c. Getting Over the Self-Test Hurdle |
G23c. Control Your Cloud: BYOK is Good, But Not Enough |
R23c. Improving cPPs with User Participation |
14:40 – 15:00 Networking Break in Exhibits (Hemingway Ballroom, Exhibits Close at 15:00)
15:00 – 16:00 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Open-Source Crypto Track (Ballroom A) |
||||
15:00 |
C24a. FIPS in China? Easier Than the Language! |
G24a. Quantum Safe PKI Transitions |
R24a. Panel Discussion: The Move to cPPs Is the move to cPPs (and the fact that they’re relying more on FIPS for their underpinning) an improvement on the EAL? |
S24a. TLS 1.3 |
|||
15:40 |
C24c. Malaysian Validation Programs Overview |
G24c. Surveying the Physical Landscape |
S24c. Penetration Testing: TLS 1.2, and Initial Research on How to Attack TLS 1.3 Stacks |
16:00 – 16:20 Networking Break (Foyer)
16:20 – 17:00 Conference Sessions
Certification Programs Track (Ballroom DE) |
General Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Open-Source Crypto Track (Ballroom A) |
||||
16:20 |
C25a. Australian Validation Programs Overview |
G25a. What Type of Module Am I? |
R25a. The Common Criteria—What’s Next? |
S25a. Crypto++: Past Validations and Future Directions |
|||
16:40 |
C25b. Towards an International Cryptographic Validation Program; Where Are We Now? |
S25b. Evolving Practice in TLS, VPNs, and Secrets Management |
17:00 – 18:00 Cryptographic Module Game Program (Ballroom C)
![]() |
Come watch three experienced contestants test their FIPS knowledge in a game of trivia related to algorithms, derived testing requirements, entropy, implementation guidance and more. A few members from the audience will be selected to assist the contestants on specific questions and be eligible to win prizes. Your Host: Nick Goble, Technical Marketing Engineer, Cisco |
Friday, May 19, 2017 |
08:00 – 09:00 Coffee (Foyer)
09:00 – 09:40 Conference Sessions
End-User Experience Track (Ballroom E) |
Advanced Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Crypto Policy & Ethics Track (Ballroom A) |
||||
09:00 |
U30a. Keynote: Cryptographic Standards Acceptance and the User Experience |
A30a. Keynote: Nano-Ciphers, The Challenge of Small-Data Encryption |
R30a. Introducing the Dedicated Security Components Protection Profile |
Y30a. Keynote: From Heartbleed to Juniper and Beyond |
|||
09:20 |
U30b. Updates from the Security Policy and Remote Testing Working Groups |
R30b. FIPS!…I Did It Again |
09:40 – 10:00 Networking Break (Foyer)
10:00 – 11:20 Conference Sessions
End-User Experience Track (Ballroom E) |
Advanced Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Crypto Policy & Ethics Track (Ballroom A) |
||||
10:00 |
U31a. Crypto: You’re Doing it Wrong |
A31a. A Survey of the Classical and Quantum Cryptanalysis of AES |
R31a. Development of CPPs for Full Disk Encryption |
Y31a. Autocrypt: E-mail Encryption for Everyone |
|||
10:20 |
R31b. Common Criteria Crypto Working Group |
||||||
10:40 |
U31c. What Does Your FIPS Certificate Say? |
A31c. Reducing IoT Ecosystem Exposure to Breaches, Data Theft, and Ruined Reputations: 7 Key Elements for Proactive IoT Security |
R31c. Toward Continuous Certification |
Y31c. Encryption and Cybersecurity Policy Under the New Administration |
|||
11:00 |
U31d. Keeping It Valid: Maintenance of FIPS 140-2 Validated Modules |
11:20 – 11:40 Networking Break (Foyer)
11:40 – 12:40 Conference Sessions
End-User Experience Track (Ballroom E) |
Advanced Technology Track (Ballroom C) |
Common Criteria Track (Ballroom B) |
Crypto Policy & Ethics Track (Ballroom A) |
||||
11:40 |
U32a. Panel Discussion: Ask the Labs Audio not available. |
A32a. MACSec Security Service FIPS Validation |
R32a. Selecting and Maintaining a Crypto Module for ISO 19790 and CC |
Y32a. Revisiting Threat Models for Cryptography |
|||
12:00 |
A32b. Usage of SP800-56A in Industry Standard Protocols |
||||||
12:20 |
A32c. Avoiding Falsely Passing a Device in TVLA Testing |
R32c. Satisfying CC Cryptography Requirements through CAVP/CMVP Certifications |
Y32c. Zero Knowledge Doesn’t Mean Zero Ethics |
12:40 – 13:40 Lunch (Hemingway Ballroom)
13:40 – 14:40 Conference Sessions
End-User Experience Track (Ballroom E) |
Advanced Technology Track (Ballroom C) |
Crypto Policy & Ethics Track (Ballroom A) |
|||||
13:40 |
U33a. Entropy—A Case of Supply and Demand Audio not available. |
A33a. Storing Cryptographic Keys in Persistent Browser Storage |
Re-set room for Summary Panel Discussion |
Y33a. Thomas Jefferson and Apple versus the FBI |
|||
14:00 |
U33b. How Random is Your Random? (Assessing Entropy with SP800-90B) Audio not available. |
A33b. Efficient Application of Countermeasures for Elliptic Curve Cryptography |
|
||||
14:40 – 14:50 Networking Break (Foyer)
14:50 – 15:50 P34a. Closing Remarks , Nithya Rachamadugu, Director, CygnaCom; Summary Panel Discussion–FIPS and Common Criteria–How They Play Together
[60MIN] (Ballroom B)
CC validation requirements can differ from CMVP. Should products be designed around CMVP needs or CC? ICMC will end with a plenary session panel of authoritative leaders in a discussion on a topic which was selected by ICMC participants by general survey. Moderator: Steve Weingart, Manager of Public Sector Certifications, Aruba, an HP Enterprise Company Panelists: Erin Connor, Director, EWA-Canada; Tammy Green, Senior Principal Security Architect, Symantec; Laurie Mack, Director Security & Certifications, Gemalto; Bill Shelton Director, Federal Certifications and Policy, Juniper Networks
For access to this content, please join our email list. We take your privacy seriously. We never sell lists or email addresses.
Our Simple Mailing List Policies: We hate spam. Unless you authorize it or we're compelled by law, we won't share your mail address with anyone else, ever. We value your information. We'll keep it as secure as we can. We will send mail at reasonable intervals, which is at most a few times a month and definitely not once a day. We'll do our best to meet all applicable privacy, spam, and other relevant rules and regulations. If you think we've failed to do that, please contact us so we can investigate and correct as required.