Conference Audio Archive 2017

09:20

P01a. Know Who Is Touching Your Stuff: Driving Security Across the Value Chain  [30MIN] Edna Conway, Chief Security Officer, Global Value Chain, Cisco Systems

P01b. Deficient Standards, Complex Certification: Can We Escape the Vicious Circle? [30MIN] Joan Daemen, Principal Cryptographer, STMicroelectronics

11:00

C11a. Keynote: Assurance Architecture Through Testing  [40MIN] Michael Cooper, IT Specialist, NIST

G11a. Keynote: Building Trust in the Era of Cloud Computing  [40MIN] David Gerendas, Group Product Manager, McAfee

E11a. Keynote: Applied Cryptography and Practical Example  [40MIN] Dr. Najwa Aaraj, Senior Vice President, Special Projects, DarkMatter

Audio not available.

Q11a. Keynote: Update on ETSI QSC Standards Activities [20MIN] Mark Pecen, CEO, Approach Infinity

11:20

Q11b. Update on the Quantum Threat, Mitigation Timelines and Managing Quantum Risk  [40MIN] Michele Mosca, Institute for Quantum Computing, University of Waterloo & evolutionQ Inc.

11:40

C11c. Third-Party Security Validation: The Role of FIPS 140-2, Common Criteria, and UC APL in Securing Products  [40MIN] John Morris, President, Corsec

G11c. The 2017 NIST Transition to Stronger Cryptographic Algorithms  [40MIN] Allen Roginsky, Mathematician, NIST

E11c. Hardware Security Requirements for Vehicle-to-Everything Communications  [40MIN] William Whyte, Chief Scientist Security Innovation

12:00

Q11d. Quantum Threat…and Quantum Solution  [20MIN] Bruno Huttner, Quantum Safe Product Management, ID Quantique SA

13:20

C12a. Validating Multiple Cryptographic Modules [20MIN] Steve Ratcliffe, TME, Cisco Systems; Khai Van, Security Tester, Gossamer Security Solutions

G12a. FIPS as a Vendor—Fitting a Square Peg Into a Round Hole  [20MIN] Malcolm Levy, Certification Manager, Check Point Software Technologies

E12a. Lessons Learned in IoT Threat Modelling  [20MIN] Paul Bottinelli, Security Systems Developer, ETAS Canada

Q12a. NIST Post-Quantum Cryptography Standardization  [40MIN] Lily Chen, Mathematician, NIST

13:40

C12b. Rethinking the Definition of the Operational Environment in FIPS 140-2  [20MIN] Kelvin Desplanque, Security Certification Engineer, Cisco Systems

G12b. FIPS Certification—Tales from the Dev Side   [20MIN] Alan Kaye, Director, Compliance Management, Fortinet

E12b. FIPS 140-2 Cryptography in the IoT  [20MIN] Chris Conlon, Software Engineer, wolfSSL

14:00

C12c. Stop doing grunt work – Key to efficiently executing multiple certification efforts   [20MIN] Ashit Vora, Co-founder & Laboratory Director, Acumen Security

G12c. Case Study: Hybrid CM Validation Technology Challenges  [20MIN] Steve Taylor, Intel

E12c. Secure Authentication without Identification  [20MIN] Jan Camenisch, IBM Research–Zurich

Q12c. How to be Ready for Tomorrow’s Quantum Attacks  [20MIN] Vladimir Soukharev, Cryptographer, InfoSec Global

14:40

C13a. Is Common Criteria the New FIPS 140? [40MIN] Anthony Busciglio, Laboratory Director, Acumen Security

G13a. Panel Discussion: Technology Challenges in CM Validation  [60MIN] Moderator: Nithya Rachamadugu, Director, CygnaCom Panelists: Malcolm Levy, Certification Manager, Check Point Software Technologies; Robert Relyea, Principal Software Engineer, Red Hat; Steve Taylor, Federal Technology Specialist, Intel, Névine Ebeid, Principal Engineer, TrustPoint Innovation

E13a. PKI and FICAM Overview and Outlook  [40MIN] Judith Spencer, PMA Chair, Certipath

Q13a. Preparing Today for Key Management in a Post-Quantum Computing World [40MIN] Tanja Lange, Technische Universiteit Eindhoven; Tony Cox, VP Partners, Alliances and Standards, Cryptsoft Pty Ltd.

15:20

C13c. Certification Process. Are We on the Right Track? [20MIN] Fabien Deboyser, Certification Engineer, Thales e-Security

E13c. FIPS-140-2 Validation of a NIST SP800-73-4 Conformant Smart Card: The Challenges Ahead   [20MIN] Christophe Goyet, VP of Technology, Oberthur Technologies of America

Q13c. CRYSTALS and Open Quantum Safe [20MIN] Tancrède Lepoint, Computer Scientist, SRI International

16:00

C14a. Report from Equivalency Working Group [20MIN] Edward Morris, Lab Director, Gossamer Security Solutions; Carolyn French, Manager, Cryptographic Module Validation Program, Communications Security Establishment

G14a. A Tale of Two Entropy Source Validation Approaches: NIST 800 90B vs. BSI AIS 31 [20MIN] Meltem Sonmez Turan, NIST

E14a. Overview/Case Study: Validating FIPS 140-2 Security in PIV Credential Cryptographic Modules [20MIN] Roger Butler, Chief Architect, TecSec

Q14a. Post Quantum Cryptography and the Future of Digital Signatures [20MIN] Florian Caullery, Dark Matter

16:20

C14b. Update on FIPS 140-3 [40MIN] Kim Schaffer, NIST

G14b. Entropy Estimation Methods for SW Environments in KCMVP [40MIN] Seogchung Seo, National Security Research Institute, Korea; Sangwoon Jang, National Research Institute, Korea; Yewon Kim, Kookmin Security University, Korea; and Yongjin Yeom, Kookmin University, Korea

E14b. An Executable Secure Mobility Solution using an NFC Crypto Module [40MIN] Richard Schaeffer, CEO, Tocreo Labs

Q14b. Timing and Side-Channel Countermeasures for Quantum-Safe Cryptography [20MIN] William Whyte, Chief Scientist, Security Innovation

16:40

Q14c. Experience with Quantum Key Distribution [20MIN] Konstantinos Karagiannis, CTO, Security Consulting Practice, BT Americas

09:00

C20a. NIST & NIAP Working Together [40MIN] Janine Pedersen, Director, National Information Assurance Partnership (NIAP); Melanie Cook, Operations Lead–STVM, Computer Security Division, NIST

G20a. How I Learned to Stop Worrying and Love AES-GCM [40MIN] Quentin Gouchet, atsec information security

R20a. Keynote Presentation [40MIN] Shawn Wells, Chief Security Strategist, Public Sector, Red Hat

Audio not available.

S20a. Keynote: Driving Security Improvements in Critical Open Source Projects [40MIN] Nicko van Someren, CTO, Linux Foundation

Audio not available.

10:00

C21a. Update on the Automated Cryptographic Validation Program (ACVP) [80MIN] Apostol Vassilev, Research Lead—STVM, CSD; Barry Fussell, Technical Leader, Cisco Systems; Robert Relyea, Principal Software Engineer, Red Hat; Shawn Geddis, Security & Certifications Engineer, Apple; Simon Vera-Schockner, Architect GCDS, Akamai Technologies; Melanie Cook,, Operations Lead – STVM, CSD, NIST

G21a. Trusted Cryptographic Modules, Malware and Encryption [40MIN] Steve Schmalz, CISSP Principal Systems Engineer RSA, The Security Division of EMC

R21a. NIAP Update [40MIN] Diane Hale, NSA

S21a. Inside the OpenSSL 1.1 FIPS Module Project [40MIN] Mark Minnoch, Technical Account Manager, SafeLogic; Tim Hudson, CTO and Technical Director, Cryptsoft Pty Ltd.

Audio not available.

10:40

Session breaks early.

R21c. Understanding Protection Profiles [40MIN] Lachlan Turner, Founder & Principal Consultant, Ark Infosec Labs Inc.

S21c. FIPS Certification and the Bouncy Castle Project, or, What do you mean I can’t just do a new release tomorrow? [40MIN] David Hook, Bouncy Castle

Audio not available.

11:40

C22a. PKCS#11 Goes to 3.0! [40MIN] Valerie Fenwick, Director of Software Engineering, Intel

G22a. Smartphone Keystores and Key Management: 2017 Edition [40MIN] William Supernor, CTO, Koolspan

R22a. Commercial Product Assurance: Its Relation to CC [40MIN] Simon Milford, Head of Cyber Security, DNV GL

S22a. Open Source Validations [40MIN] Chris Brych, Senior Principal Security Analyst, Oracle

Audio not available.

12:20

C22c. Revalidation in Response to CVEs—CMUF WG [20MIN] Fabien Deboyser, Thales e-Security

G22c. The Expanding Role of Hardened Encryption and PKI Management in the Cloud  [20MIN] Adam Cason, Director of Product Marketing, Futurex

R22c. Common Criteria Protection Profile for Trusted Execution Environment [20MIN] Hank Chavers, Technical Program Manager, Global Platform

S22c. Network Time Synchronization for Cryptographic Protocols  [20MIN] Daniel Franke, Akamai

Audio not available.

13:40

C23a. CMVP Inside [20MIN] Carolyn French, Manager, Cryptographic Module Validation Program Communications Security Establishment; Jennifer Cawthra, Program Manager, NIST

G23a. Fast, Quantum-Resistant Public-Key Solutions for Constrained Devices Using Group Theoretic Cryptography [40MIN] Derek Atkins, CTO, SecureRF

R23a. CC for Smart Cards and Mobile Security [40MIN] Wouter Slegers, CEO, Your Creative Solutions

S23a. TLS Panel Discussion [60MIN] Moderator: Tim Hudson, CTO and Technical Director, Cryptsoft Pty Ltd. Panelists: Steve Marquess, OpenSSL; David Hook, Bouncy Castle; Nicko van Someren, CTO, Linux Foundation; Kenneth White, Open Crypto Audit Project

14:00

C23b. Standing With Integrity-Integrity Check Using Random Sampling [20MIN] Renaudt Nunez, IT Security Consultant, atsec information security

14:20

C23c. Getting Over the Self-Test Hurdle [20MIN] Alan Gornall, Principle Consultant, Rycombe Consulting

G23c. Control Your Cloud: BYOK is Good, But Not Enough [20MIN] Matt Landrock, CEO, Cryptomathic

R23c. Improving cPPs with User Participation [20MIN] Quang Trinh, Cisco

15:00

C24a. FIPS in China? Easier Than the Language! [40MIN] Yuan Xu, atsec information security; Di Li, Senior Consultant, atsec China

G24a. Quantum Safe PKI Transitions [40MIN] Mike Brown, CTO, ISARA Corporation

R24a. Panel Discussion: The Move to cPPs [60MIN] Moderator: Kirill Sinitski, Common Criteria Evaluator, CygnaCom CCCEL Canada Panelists: Alan Kaye, Director, Compliance Management, Fortinet; Leo Kool, Senior Security Evaluator, Brightsight; Andy Nissen, Software Development Manager, McAfee, Tony Boswell, Senior Principal Consultant, DNV GL

Is the move to cPPs (and the fact that they’re relying more on FIPS for their underpinning) an improvement on the EAL?

S24a. TLS 1.3 [40MIN] Rich Salz, Senior Architect, Akamai Technologies; Member, OpenSSL Dev Team

15:40

C24c. Malaysian Validation Programs Overview [20MIN], H.A. Rani, CyberSecurity Malaysia

G24c. Surveying the Physical Landscape [20MIN]  Marc Ireland, FIPS Program Manager, UL Verification Services

S24c. Penetration Testing: TLS 1.2, and Initial Research on How to Attack TLS 1.3 Stacks [20MIN] Alex Moneger, Citrix Systems

16:20

C25a. Australian Validation Programs Overview [40MIN] Simon Reardon, Evaluations Program, Cyber & Information Security Division, Australian Signals Directorate

G25a. What Type of Module Am I? [40MIN] Yi Mao, CST Lab Manager, atsec information security

R25a. The Common Criteria—What’s Next? [40MIN] Joshua Brickman, Director, Security Evaluations, Oracle

S25a. Crypto++: Past Validations and Future Directions [20MIN] Jeffrey Walton, Consultant

16:40

C25b. Towards an International Cryptographic Validation Program; Where Are We Now? [20MIN] Clint Winebrenner, Technical Lead, FIPS Cisco Systems

S25b. Evolving Practice in TLS, VPNs, and Secrets Management [20MIN] Kenneth White, Security Architecture, Public Cloud, Applied Cryptography Research & Development, Open Crypto Audit Project

09:00

U30a. Keynote: Cryptographic Standards Acceptance and the User Experience [20MIN] Gordon Bass, Director, Cybersecurity Operations Office, Office of the CIO, U.S. Department of Energy

A30a. Keynote: Nano-Ciphers, The Challenge of Small-Data Encryption [40MIN] Terence Spies, Chief Technologist, HP Security Voltage

R30a. Introducing the Dedicated Security Components Protection Profile [20MIN] Shawn Pinet, Senior Security & Certifications Analyst, Gemalto; Shawn Geddis, Security & Certifications Engineer, Apple

Y30a. Keynote: From Heartbleed to Juniper and Beyond [40MIN] Matthew Green, Johns Hopkins University

09:20

U30b. Updates from the Security Policy and Remote Testing Working Groups [20MIN] Ryan Thomas, Laboratory Manager, Acumen Security

R30b. FIPS!…I Did It Again [20MIN] Justin Fisher, Booz Allen Hamilton

10:00

U31a. Crypto: You’re Doing it Wrong [40MIN] Jon Green, Sr. Director, Security Architecture and Federal CTO, Aruba Networks/HPE

A31a. A Survey of the Classical and Quantum Cryptanalysis of AES [40MIN] David Cornwell, Lead Engineer, Booz Allen Hamilton

R31a. Development of CPPs for Full Disk Encryption [20MIN] Garry McCracken, VP, Technology, WinMagic

Y31a. Autocrypt: E-mail Encryption for Everyone [40MIN] Daniel Kahn Gillmor, Senior Staff Technologist, ACLU Speech, Privacy, and Technology Project

10:20

R31b. Common Criteria Crypto Working Group [20MIN] Mary Baish, NIAP; Fritz Bollman, BSI

10:40

U31c. What Does Your FIPS Certificate Say? [20MIN] Swapneela Unkule, atsec information security

A31c. Reducing IoT Ecosystem Exposure to Breaches, Data Theft, and Ruined Reputations: 7 Key Elements for Proactive IoT Security [40MIN] Loren Shade, VP Marketing, Allegro Software

R31c. Toward Continuous Certification [40MIN] Greg Mclearn, Lightship Security

Y31c. Encryption and Cybersecurity Policy Under the New Administration [40MIN] Neema Singh Guliani, Legislative Counsel (Privacy and Technology), ACLU

11:00

U31d. Keeping It Valid: Maintenance of FIPS 140-2 Validated Modules [20MIN] Shashi Karanam, Senior Certifications Consultant, Corsec Security

11:40

U32a. Panel Discussion: Ask the Labs [60MIN] Moderator: Ryan Horan, Security Test, Validation and Measurement Group, NIST Panelists: Marc Ireland, FIPS Program Manager, UL Verification Services; Yi Mao, CST Lab Manager, atsec information security; Edward Morris, Cofounder, Gossamer Security Solutions; Ryan Thomas Laboratory Manager, Acumen Security; Jonathan Smith, Senior CST Lab Tester, CygnaCom
Your opportunity to ask representatives from validating labs everything you’ve always wanted to know about cryptographic module validation (but were afraid to ask)

Audio not available.

A32a. MACSec Security Service FIPS Validation [20MIN] Zhiqiang Wang, Lab Manager, Gossamer Security Solutions

R32a. Selecting and Maintaining a Crypto Module for ISO 19790 and CC [40MIN] Iain Holness, Common Criteria Evaluator, Security Engineer Cygnacom Solutions

Y32a. Revisiting Threat Models for Cryptography [40MIN] Bart Preneel, Professor, University of Leuven

12:00

A32b. Usage of SP800-56A in Industry Standard Protocols [20MIN] Michael Powers, Security Assurance Engineer, Leidos

12:20

A32c. Avoiding Falsely Passing a Device in TVLA Testing [20MIN] Gilbert Goodwill, Senior Manager/DPA Team Lead Rambus–Cryptography Research Division

R32c. Satisfying CC Cryptography Requirements through CAVP/CMVP Certifications [20MIN] Anthony Apted, CCTL Technical Director, Leidos

Y32c. Zero Knowledge Doesn’t Mean Zero Ethics [20MIN] Joshua Marpet, SVP, Compliance and Managed Services CyberGRC

13:40

U33a. Entropy—A Case of Supply and Demand [20MIN] Richard Moulds, VP Strategy, Whitewood Encryption

Audio not available.

A33a. Storing Cryptographic Keys in Persistent Browser Storage [20MIN] Francisco Corella, Founder & CTO, Pomcor

Re-set room for Summary Panel Discussion

Y33a. Thomas Jefferson and Apple versus the FBI [40MIN] Daniel J. Bernstein, University of Illinois at Chicago, USA; Technische Universiteit Eindhoven, Netherlands

14:00

U33b. How Random is Your Random? (Assessing Entropy with SP800-90B) [40MIN] Stephan Mueller, Principal Consultant, atsec information security

Audio not available.

A33b. Efficient Application of Countermeasures for Elliptic Curve Cryptography [40MIN] Vladimir Soukharev, InfoSec Global