Click any hyperlinked title to view presentation PDF.

Wednesday, May 18

Plenary Session

Welcome and Introduction, Ryan Hill, Community Outreach Manager, atsec information security; Cryptographic Module User Forum (CMUF) Overview, Matt Keller, Vice President, Corsec


 
Keynote: Building our Collective Cryptographic Community (P01a) Joe Waddington, Director General—Cyber Defence, Information Technology Security, CSE


 
Keynote: Assuring the Faithfulness of Crypto Modules (P01b) David McGrew, Cisco Fellow, Cisco Systems


 

Certification Programs Track

Keynote: Overview of ISO 19790:2012 Revision (C02a) Randall Easter, Computer Security Division, STVM, NIST


 
CAVP—Inside the World of Cryptographic Algorithm Validation Testing (C02b) Sharon Keller, Computer Scientist, NIST


 
FIPS Inside (C02c) Carolyn French, Manager, Cryptographic Module Validation Program, Communications Security Establishment


 
Automated Run-time Validation for Cryptographic Modules (C03a) Apostol Vassilev, Technical Director, Research Lead–STVM, Computer Security Division, NIST; David McGrew , Cisco Fellow, Cisco Systems; Barry Fussell, Senior Software Engineer, Cisco Systems


 
Introduction on the Commercial Cryptography Scheme in China (C03b) Di Li, Senior Consultant, atsec information security corporation


 
The Current Status and Entropy Estimation Methodology in Korean CMVP (C03c) Yongjin Yeom, Kookmin University; Sangwoon Jang, Seog Chung Seo, National Security Research Institute


 
Germany and the Netherlands—Certification of Secure Cryptographic Modules (C04a) Leo Kool, Group Manager, BrightSight


 
The Open Trusted Technology Provider™ Standard (C04c) Erin Connor, Director, EWA-Canada


 

General Technology Track

Keynote: Modern Crypto Systems and Practical Attacks (G02a) Najwa Aaraj, Senior Vice President, Special Projects, DarkMatter


 
What is My Cryptographic Boundary? (G02b) Ying-Chong Hedy Leung, Senior Consultant, atsec information security corporation


 
Certification of Quantum Cryptographic Network Security Devices (G02c) Nino Walenta, Principle Research Scientist, Battelle Memorial Institute


 
Let’s Talk About Physical Security (G03a) Steve Weingart, Manager of Public Sector Certifications, Aruba, an HP Enterprise company


 
Standardized Testing of Public Algorithms (ECC and RSA) Using Test Vector Leakage Assessment (G03b) Gilbert Goodwill, Senior Principal Engineer, Rambus Cryptography Research; Michael Tunstall, Security Engineer, Rambus Cryptography Research Division


 
Analysis and Solutions for CAVS Testing Errors (G03c) Yuan Xu, Information Security Consultant, atsec information security corporation


 
Secure Access with Open Source Authentication (G04a) Donald Malloy, Director of Business Development, LSExperts


 
Huh, Must be Encrypted?! (G04b) Yi Mao, Lab Director, atsec information security corp.


 

Afternoon Networking Break

Cryptographic Module Game Program (CMGP) Your Host: Nick Goble, Technical Marketing Engineer, Cisco


 

Thursday, May 19

Certification Programs Track

NIST and NIAP Working Together (C11a) Mary Baish, Deputy Director, NIAP; Matthew Scholl, Division Chief, Computer Security Division, NIST


Side Channel Testing Requirements in 19790 (C11b) Randall Easter, Computer Security Division, STVM, NIST


Testing Fault Injection and Side Channel in FIPS: Vision of a Smart Card Laboratory (C11c) Jose Ruiz Gualda, Common Criteria Leader, David Hernández García, R&D Engineer, Applus


Creating a Model of the FIPS 140 Testing and Validation Process with a View to Improving the Process (C12a) Kelvin Desplanque, Security Certification Engineer, Cisco Systems


Objective Security Evaluation: Possibly Feasible, or Feasibly Possible? (C12b) Andrew Jamieson, Security Laboratories Manager, Underwriters Laboratories


Validation Workflow (C12c) Carol Cantlon, IT Security Specialist, EWA-Canada


Cryptographic Transition Planning Panel Discussion (C13a) Moderator: Ralph Spencer Poore, PCIP, CISSP, CISA, CFE, CHS-III, Director, Emerging Standards, PCI Security Standards Council; Panelists: Dawn Adams, PA and CST Lab Manager, EWA-Canada; Todd Arnold, Senior Technical Staff Member (STSM), IBM Master Inventor, IBM Cryptographic Coprocessor Development; Terence Spies, Chief Technologist, HP Security Voltage, Hewlett-Packard Enterprise, Subcommittee Chair, ANSI X9F1


Modifying an Existing Commercial Product for Cryptographic Module Evaluation (C13b) Alan Gornall, Principal Consultant, Rycombe Consulting


GlobalPlatform: Facilitating the Certification of Multi-Applications (C13c) Hank Chavers, Technical Program Manager, GlobalPlatform


Entropy Requirements Comparison between FIPS 140-2, Common Criteria and ISO 19790 Standards (C14a) Richard Wang, FIPS Laboratory Manager, Gossamer Security Solutions; Tony Apted, CCTL Technical Director, Leidos


Entropy As a Service: Unlocking the Full Potential of Cryptography (C14b) Apostol Vassilev, Research Lead–STVM, Computer Security Division, NIST


 

General Technology Track

Smartphone Keystores Compared (G11a) William Supernor, CTO, KoolSpan


 
/Dev/Random and your FIPS 140-2 Validation can be Friends (G11b) Valerie Fenwick, Software Engineering Manager, Oracle


Using /Dev/Urandom the Right Way (G11c) Stephan Mueller, Principal Consultant and Evaluator, atsec information security corp.


 
An Overview of OpenSSL (G12a) Tim Hudson, CTO and Technical Director, Cryptsoft Pty Ltd.


 
Auditing OpenSSL (G12b) Kenneth White, Director & Co-Founder, Open Crypto Audit Project


 
LibreSSL Introduction and Overview (G12c) Giovanni Bechis, Owner, System Administrator and Developer, SnB, Developer, OpenBSD


 
Multi-Vendor Key Management with KMIP (G13a) Tim Hudson, CTO and Technical Director, Cryptsoft Pty ltd


 
Entropy: Finding Random Bits for OpenSSL (G13b) Denis Gauthier, Senior Software Development Manager, Oracle


 
Improving Module’s Performance When Executing the Power-up Tests (G13c) Allen Roginsky, Mathematician, NIST


 
GlobalPlatform’s Secure Component and the Root of Trust (G14a) Olivier Van Nieuwenhuyze, Security Task Force Chair, GlobalPlatform, Senior R&D Engineer, STMicroelectronics


 
CTO Panel Discussion: The Future of Security (G14b) Moderator: Matt Keller, Vice President, Corsec; Panelists: Jon Geater, CTO, Thales e-Security; Gorav Arora, Director of Technology in the CTO Office, Gemalto; Jasper Van Woudenberg, CTO, North America, Riscure


 

End-User Experience Track

Keynote: Worlds Collide: Are We Ready for Security at Warp Speed? (U11a) Jon Geater, CTO, Thales e-Security


 
The Pros and Cons of Using an Embedded FIPS Module vs. Validating an Entire Product (U11b) Anthony Busciglio, Laboratory Manager, Acumen Security


 
How Much is My Certification Really Worth—Keeping Standards Relevant in an Evolving World (U11c) Graham Costa, Security and Certifications Manager, Gemalto; William Tung, Senior Security & Certifications Analyst, Gemalto


 
Getting Value for Money from Your Certification Investment (U12a) Alan Gornall, Principal Consultant, Rycombe Consulting


 
FIPS 140-2 Security Policy Template Review (U12b) Ryan Thomas, FIPS 140-2 Program Manager, CGI Global Labs; Jennifer Cawthra, Security Testing, Validation and Measurement, NIST


 
Requirements for Certification and Regulation to Secure IoT Devices (U12c) Andreas Philipp, VP Marketing and Business Development, Utimaco


 
FIPS Validated Cryptography with Back Doors: Oops! (U13a) Valerie Fenwick, Software Engineering Manager, Oracle


 
Reconciling Vulnerability Response with Certifications—Comparison of Experiences in Europe and USA (U13b) Fabien Deboyser, Certification Engineer, Thales e-Security


 
Show Me The Warrant: Why Encrypted Messages Are Like Cherry Pie for Uncle Sam (U13c) Ray Potter, CEO & Founder, SafeLogic


 
The Life-Cycle of a Software Cryptographic Module (U14a) Steven Schmalz, Principal Systems Engineer, RSA—the Security Division of EMC


 
How to Build a Product Security Program with SDL & Certifications (U14b) Ashit Vora, Co-founder and Laboratory Director, Acumen Security; Chris Romeo, Founder, Principal Consultant, Security Journey


 

Friday, May 20

Common Criteria and Crypto Track

Keynote: Securing Mobility through the Canadian Medium Assurance Solutions Program (R21a) Greg Hills, Director, Architecture & Technology Assurance, Communications Security Establishment (CSE)


 
NIAP Update (R21b) Dianne Hale, NIAP


 
Cryptography and the Common Criteria in Canada (R21c) Cory Clark, IT Security Specialist, CSEC


 
Network Device Collaborative Cryptographic Module (R22a) Nick Goble, Technical Marketing Engineer, Cisco


 
An Update from the CCUF Crypto Technical Working Group (R22b) Ashit Vora, Crypto Technical Working Group, Common Criteria Users Forum


 
The Economics of Security Certifications—FIPS 140-2, Common Criteria, and UC APL (R23a) John Morris, President, Corsec


 
The CC Threads within ISO 19790 (R23b) Iain Holness, Security Engineer, Cygnacom Solutions; Dayanandini Pathmanathan, Common Criteria Evaluator, CygnaCom CCCEL Canada


 

Advanced Technology Track

Keynote: Quantum Computing Current Research and Standards for Quantum Safe Cryptography (A21a) Mark Pecen, CEO, Approach Infinity [Audio Not Available]
Update on the Quantum Threat, Mitigation, and Relevant Timelines (A21b) Michele Mosca, University Research Chair and Co-Founder, Institute for Quantum Computing, University of Waterloo; Co-Founder & CEO, evolutionQ Inc., Canada [Audio Not Available]
Quantum Safety In Certified Cryptographic Modules (A21c) William Whyte, Chief Scientist , Security Innovation [Audio Not Available]
Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers (A22a) Jasper van Woudenberg, CTO North America, Riscure


 
Deep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3 (A22b) Richard Wang, FIPS Laboratory Manager Gossamer Security Solutions; Ed Morris, Director, Gossamer Security Solutions


 
An Approach for Entropy Assessment of Ring Oscillator-Based Noise Sources (A23a) Joshua Hill, Information Security Scientist, InfoGard Laboratories


 
FIPS 202, the SHA-3 Standard (A23b) Michael Powers, Security Assurance Engineer, Leidos; Jason Tseng, CSTL Lab Manager, Leidos


 

Industry Vertical/Embedded Crypto

Keynote: Crypto as a Service (CaaS) for Embedded Security Infrastructures (E21a) Matt Landrock, CEO, Cryptomathic


 
Security Credential Management System (SCMS) Applications Beyond Vehicle to Vehicle Safety (E21b) Brian Romansky, Vice President Strategic Technology, TrustPoint Innovation


 
Connected Car Security in the V2X Infrastructure (E21c) Richard Soja, Senior Principal Engineer, NXP


 
Cryptographic Modules for the Internet of Things (E22a) Carol Cantlon, IT Security Specialist, EWA-Canada; Lawrence Dobranski, DSc, MBA, MSc (Eng), P.Eng., Director, ICT Security, Access & Compliance, Professional Affiliate, Department of Computer Science, University of Saskatchewan


 
Hardware-Intrinsic Identity for Mobile Payments (E22b) John Wallrabenstein, Chief Scientist, Sypris Research


 
IoT and Security: A Defense in Depth Perspective (E23a) Loren Shade, VP Marketing, Allegro Software


 

Summary Panel Discussion

The Value of Certification in Other Industry Verticals (P24) Moderator: Steve Weingart, Manager of Public Sector Certifications, Aruba, an HP Enterprise Company; Panelists: Mary, Baish, Deputy Director, NIAP; Jon Green, CTO, Aruba Government Solutions, Aruba, a Hewlett Packard Enterprise company; John Morris, President, Corsec; Shawn Wells, Chief Security Strategist, Public Sector, Red Hat. What will it take for FIPS 140-2, ISO/IEC 19790, and Common Criteria to be a best practice or requirement in health care, automotive, financial, IoT and other industries?