May 8-11, 2018 | Shaw Centre | Ottawa, Ontario, Canada

Conference Audio Archive 2016

Click any hyperlinked title to view presentation PDF.

Wednesday, May 18

Plenary Session

Welcome and Introduction, Ryan Hill, Community Outreach Manager, atsec information security; Cryptographic Module User Forum (CMUF) Overview, Matt Keller, Vice President, Corsec

Keynote: Building our Collective Cryptographic Community (P01a) Joe Waddington, Director General—Cyber Defence, Information Technology Security, CSE

Keynote: Assuring the Faithfulness of Crypto Modules (P01b) David McGrew, Cisco Fellow, Cisco Systems


Certification Programs Track

Keynote: Overview of ISO 19790:2012 Revision (C02a) Randall Easter, Computer Security Division, STVM, NIST

CAVP—Inside the World of Cryptographic Algorithm Validation Testing (C02b) Sharon Keller, Computer Scientist, NIST

FIPS Inside (C02c) Carolyn French, Manager, Cryptographic Module Validation Program, Communications Security Establishment

Automated Run-time Validation for Cryptographic Modules (C03a) Apostol Vassilev, Technical Director, Research Lead–STVM, Computer Security Division, NIST; David McGrew , Cisco Fellow, Cisco Systems; Barry Fussell, Senior Software Engineer, Cisco Systems

Introduction on the Commercial Cryptography Scheme in China (C03b) Di Li, Senior Consultant, atsec information security corporation

The Current Status and Entropy Estimation Methodology in Korean CMVP (C03c) Yongjin Yeom, Kookmin University; Sangwoon Jang, Seog Chung Seo, National Security Research Institute

Germany and the Netherlands—Certification of Secure Cryptographic Modules (C04a) Leo Kool, Group Manager, BrightSight

The Open Trusted Technology Provider™ Standard (C04c) Erin Connor, Director, EWA-Canada


General Technology Track

Keynote: Modern Crypto Systems and Practical Attacks (G02a) Najwa Aaraj, Senior Vice President, Special Projects, DarkMatter

What is My Cryptographic Boundary? (G02b) Ying-Chong Hedy Leung, Senior Consultant, atsec information security corporation

Certification of Quantum Cryptographic Network Security Devices (G02c) Nino Walenta, Principle Research Scientist, Battelle Memorial Institute

Let’s Talk About Physical Security (G03a) Steve Weingart, Manager of Public Sector Certifications, Aruba, an HP Enterprise company

Standardized Testing of Public Algorithms (ECC and RSA) Using Test Vector Leakage Assessment (G03b) Gilbert Goodwill, Senior Principal Engineer, Rambus Cryptography Research; Michael Tunstall, Security Engineer, Rambus Cryptography Research Division

Analysis and Solutions for CAVS Testing Errors (G03c) Yuan Xu, Information Security Consultant, atsec information security corporation

Secure Access with Open Source Authentication (G04a) Donald Malloy, Director of Business Development, LSExperts

Huh, Must be Encrypted?! (G04b) Yi Mao, Lab Director, atsec information security corp.


Afternoon Networking Break

Cryptographic Module Game Program (CMGP) Your Host: Nick Goble, Technical Marketing Engineer, Cisco


Thursday, May 19

Certification Programs Track

NIST and NIAP Working Together (C11a) Mary Baish, Deputy Director, NIAP; Matthew Scholl, Division Chief, Computer Security Division, NIST

Side Channel Testing Requirements in 19790 (C11b) Randall Easter, Computer Security Division, STVM, NIST

Testing Fault Injection and Side Channel in FIPS: Vision of a Smart Card Laboratory (C11c) Jose Ruiz Gualda, Common Criteria Leader, David Hernández García, R&D Engineer, Applus

Creating a Model of the FIPS 140 Testing and Validation Process with a View to Improving the Process (C12a) Kelvin Desplanque, Security Certification Engineer, Cisco Systems

Objective Security Evaluation: Possibly Feasible, or Feasibly Possible? (C12b) Andrew Jamieson, Security Laboratories Manager, Underwriters Laboratories

Validation Workflow (C12c) Carol Cantlon, IT Security Specialist, EWA-Canada

Cryptographic Transition Planning Panel Discussion (C13a) Moderator: Ralph Spencer Poore, PCIP, CISSP, CISA, CFE, CHS-III, Director, Emerging Standards, PCI Security Standards Council; Panelists: Dawn Adams, PA and CST Lab Manager, EWA-Canada; Todd Arnold, Senior Technical Staff Member (STSM), IBM Master Inventor, IBM Cryptographic Coprocessor Development; Terence Spies, Chief Technologist, HP Security Voltage, Hewlett-Packard Enterprise, Subcommittee Chair, ANSI X9F1

Modifying an Existing Commercial Product for Cryptographic Module Evaluation (C13b) Alan Gornall, Principal Consultant, Rycombe Consulting

GlobalPlatform: Facilitating the Certification of Multi-Applications (C13c) Hank Chavers, Technical Program Manager, GlobalPlatform

Entropy Requirements Comparison between FIPS 140-2, Common Criteria and ISO 19790 Standards (C14a) Richard Wang, FIPS Laboratory Manager, Gossamer Security Solutions; Tony Apted, CCTL Technical Director, Leidos

Entropy As a Service: Unlocking the Full Potential of Cryptography (C14b) Apostol Vassilev, Research Lead–STVM, Computer Security Division, NIST


General Technology Track

Smartphone Keystores Compared (G11a) William Supernor, CTO, KoolSpan

/Dev/Random and your FIPS 140-2 Validation can be Friends (G11b) Valerie Fenwick, Software Engineering Manager, Oracle

Using /Dev/Urandom the Right Way (G11c) Stephan Mueller, Principal Consultant and Evaluator, atsec information security corp.

An Overview of OpenSSL (G12a) Tim Hudson, CTO and Technical Director, Cryptsoft Pty Ltd.

Auditing OpenSSL (G12b) Kenneth White, Director & Co-Founder, Open Crypto Audit Project

LibreSSL Introduction and Overview (G12c) Giovanni Bechis, Owner, System Administrator and Developer, SnB, Developer, OpenBSD

Multi-Vendor Key Management with KMIP (G13a) Tim Hudson, CTO and Technical Director, Cryptsoft Pty ltd

Entropy: Finding Random Bits for OpenSSL (G13b) Denis Gauthier, Senior Software Development Manager, Oracle

Improving Module’s Performance When Executing the Power-up Tests (G13c) Allen Roginsky, Mathematician, NIST

GlobalPlatform’s Secure Component and the Root of Trust (G14a) Olivier Van Nieuwenhuyze, Security Task Force Chair, GlobalPlatform, Senior R&D Engineer, STMicroelectronics

CTO Panel Discussion: The Future of Security (G14b) Moderator: Matt Keller, Vice President, Corsec; Panelists: Jon Geater, CTO, Thales e-Security; Gorav Arora, Director of Technology in the CTO Office, Gemalto; Jasper Van Woudenberg, CTO, North America, Riscure


End-User Experience Track

Keynote: Worlds Collide: Are We Ready for Security at Warp Speed? (U11a) Jon Geater, CTO, Thales e-Security

The Pros and Cons of Using an Embedded FIPS Module vs. Validating an Entire Product (U11b) Anthony Busciglio, Laboratory Manager, Acumen Security

How Much is My Certification Really Worth—Keeping Standards Relevant in an Evolving World (U11c) Graham Costa, Security and Certifications Manager, Gemalto; William Tung, Senior Security & Certifications Analyst, Gemalto

Getting Value for Money from Your Certification Investment (U12a) Alan Gornall, Principal Consultant, Rycombe Consulting

FIPS 140-2 Security Policy Template Review (U12b) Ryan Thomas, FIPS 140-2 Program Manager, CGI Global Labs; Jennifer Cawthra, Security Testing, Validation and Measurement, NIST

Requirements for Certification and Regulation to Secure IoT Devices (U12c) Andreas Philipp, VP Marketing and Business Development, Utimaco

FIPS Validated Cryptography with Back Doors: Oops! (U13a) Valerie Fenwick, Software Engineering Manager, Oracle

Reconciling Vulnerability Response with Certifications—Comparison of Experiences in Europe and USA (U13b) Fabien Deboyser, Certification Engineer, Thales e-Security

Show Me The Warrant: Why Encrypted Messages Are Like Cherry Pie for Uncle Sam (U13c) Ray Potter, CEO & Founder, SafeLogic

The Life-Cycle of a Software Cryptographic Module (U14a) Steven Schmalz, Principal Systems Engineer, RSA—the Security Division of EMC

How to Build a Product Security Program with SDL & Certifications (U14b) Ashit Vora, Co-founder and Laboratory Director, Acumen Security; Chris Romeo, Founder, Principal Consultant, Security Journey


Friday, May 20

Common Criteria and Crypto Track

Keynote: Securing Mobility through the Canadian Medium Assurance Solutions Program (R21a) Greg Hills, Director, Architecture & Technology Assurance, Communications Security Establishment (CSE)

NIAP Update (R21b) Dianne Hale, NIAP

Cryptography and the Common Criteria in Canada (R21c) Cory Clark, IT Security Specialist, CSEC

Network Device Collaborative Cryptographic Module (R22a) Nick Goble, Technical Marketing Engineer, Cisco

An Update from the CCUF Crypto Technical Working Group (R22b) Ashit Vora, Crypto Technical Working Group, Common Criteria Users Forum

The Economics of Security Certifications—FIPS 140-2, Common Criteria, and UC APL (R23a) John Morris, President, Corsec

The CC Threads within ISO 19790 (R23b) Iain Holness, Security Engineer, Cygnacom Solutions; Dayanandini Pathmanathan, Common Criteria Evaluator, CygnaCom CCCEL Canada


Advanced Technology Track

Keynote: Quantum Computing Current Research and Standards for Quantum Safe Cryptography (A21a) Mark Pecen, CEO, Approach Infinity [Audio Not Available]
Update on the Quantum Threat, Mitigation, and Relevant Timelines (A21b) Michele Mosca, University Research Chair and Co-Founder, Institute for Quantum Computing, University of Waterloo; Co-Founder & CEO, evolutionQ Inc., Canada [Audio Not Available]
Quantum Safety In Certified Cryptographic Modules (A21c) William Whyte, Chief Scientist , Security Innovation [Audio Not Available]
Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers (A22a) Jasper van Woudenberg, CTO North America, Riscure

Deep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3 (A22b) Richard Wang, FIPS Laboratory Manager Gossamer Security Solutions; Ed Morris, Director, Gossamer Security Solutions

An Approach for Entropy Assessment of Ring Oscillator-Based Noise Sources (A23a) Joshua Hill, Information Security Scientist, InfoGard Laboratories

FIPS 202, the SHA-3 Standard (A23b) Michael Powers, Security Assurance Engineer, Leidos; Jason Tseng, CSTL Lab Manager, Leidos


Industry Vertical/Embedded Crypto

Keynote: Crypto as a Service (CaaS) for Embedded Security Infrastructures (E21a) Matt Landrock, CEO, Cryptomathic

Security Credential Management System (SCMS) Applications Beyond Vehicle to Vehicle Safety (E21b) Brian Romansky, Vice President Strategic Technology, TrustPoint Innovation

Connected Car Security in the V2X Infrastructure (E21c) Richard Soja, Senior Principal Engineer, NXP

Cryptographic Modules for the Internet of Things (E22a) Carol Cantlon, IT Security Specialist, EWA-Canada; Lawrence Dobranski, DSc, MBA, MSc (Eng), P.Eng., Director, ICT Security, Access & Compliance, Professional Affiliate, Department of Computer Science, University of Saskatchewan

Hardware-Intrinsic Identity for Mobile Payments (E22b) John Wallrabenstein, Chief Scientist, Sypris Research

IoT and Security: A Defense in Depth Perspective (E23a) Loren Shade, VP Marketing, Allegro Software


Summary Panel Discussion

The Value of Certification in Other Industry Verticals (P24) Moderator: Steve Weingart, Manager of Public Sector Certifications, Aruba, an HP Enterprise Company; Panelists: Mary, Baish, Deputy Director, NIAP; Jon Green, CTO, Aruba Government Solutions, Aruba, a Hewlett Packard Enterprise company; John Morris, President, Corsec; Shawn Wells, Chief Security Strategist, Public Sector, Red Hat. What will it take for FIPS 140-2, ISO/IEC 19790, and Common Criteria to be a best practice or requirement in health care, automotive, financial, IoT and other industries?