Program – Full Style

This presentation will describe recent progress on supersingular isogeny-based cryptography and our efforts to make it practical for real-world use. Abstract: Supersingular isogeny Diffie-Hellman (SIDH) has rapidly become one of... Read More

In this talk we will discuss the methodology of cryptography lifecycle management which helps organizations to identify cryptographic threats, transition to a crypto agile system and to be prepared for... Read More

An in-depth look at the real-world process of validation with input from professionals who have hands-on experience at each step. Includes a case study of an actual validated CM product.

In this course, we will review the main hardware attack families to integrated circuits (IC), from the physical manipulation of the IC and probing techniques to side channel analysis and... Read More

Physical Testing requirements are defined in section 5 of FIPS 140-2. Additional guidance is provided by the implementation guidance. This Workshop will detail the physical testing requirements for each security... Read More

The recent rise in the price of bitcoin created renewed interest in the underlying technology that drives bitcoin called blockchain. Although there is a lot of interest and potential in... Read More

NIST is working in close collaboration with the industry to address the shortcomings of the NIST Cryptographic Validation Programs and improve the efficiency and effectiveness of cryptographic module testing in... Read More

Description TBA

This presentation will introduce the major test technology development trends of KCMVP. Korea has been operating its own cryptographic module validation system since 2005 and has been conducting tests based... Read More

The Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by... Read More

The speaker will provide an overview and update of the current state of quantum computers and the threat they pose to cryptographic systems. He will discuss progress in preparing cryptographic... Read More

This presentation will introduce the new Canadian Centre for Cyber Security (CCCS or Cyber Centre), a branch of the Communication Security Establishment (CSE). We’ll focus on who we are in... Read More

Update to the CMUF Working Group, FIPS in the Cloud. The working group was formed to create a pathway for vendors and labs to validate FIPS modules in 3rd party... Read More

After about one-year analysis and evaluation on the first-round candidates, NIST announced the second-round candidates in January 2019. In this presentation, we will provide a summary on the second-round candidates... Read More

With the explosive growth of Internet of Things coupled with 5G communications and re-utilization of GSM 200kHz band for localized IoT applications, industry is going forward with massive investments in... Read More

Cryptography is facing new challenges with new technologies such as IoT, Cloud, Quantum Cryptography etc. As the number of secure connections are exponentially increasing, key generation, strength of keys are... Read More

Isogeny-based cryptography or more specifically supersingular isogeny Diffie-Hellman (SIDH) has recently received considerable attention form quantum-safe research community. A highly secure model of that, a.k.a supersingular isogeny key encapsulation (SIKE)... Read More

Driven by digitalisation of “everything”the trust in digital devices of all types and their authenticity and integrity becomes a critical factor for the success of new offerings and business models.... Read More

Cloud is a fantastic buzzword. Everybody knows about it and only a few knows about the mechanics. In this presentation we will analyze the current progress of the industry on... Read More

This presentation will provide the latest from the CMVP: from new and updated Implementation Guidance to lab accreditation changes, and all initiatives in between.

qTESLA is a simple and highly-efficient signature scheme whose security, based on the Ring-Learning With Errors (R-LWE) problem, is conjectured to thwart quantum computer attacks [1][2]. For example, qTESLA signatures... Read More

A non-volatile DIMM (NVDIMM) is a Dual In-line Memory Module (DIMM) that maintains the contents of Synchronous Dynamic Random Access Memory (SDRAM) during power loss. An NVDIMM-N class of device... Read More

The NISTIR 8200 report addresses the growing need to develop effective security standards for the Internet of Things (IoT). They have identified a wide range of critical categories impacted by... Read More

The NIST Special Publication (SP) 800-90 series of recommendations provide guidance on the construction and validation of random bit generators in the form of deterministic random bit generators or non-deterministic... Read More

Description TBA.

Come and learn about quantum technology and how it will affect your security operations in the future

Description to come:

The CCUF would like to present an update on their activities.

IG G8 details the criteria that a module must meet in order to be submitted under one of the revalidation submission scenarios. According to IG G8, a module with security... Read More

Secure Architectures of Future Emerging Cryptography (SAFEcrypto) aims to provide a new generation of practical, robust and physically secure post-quantum cryptographic solutions that ensure long-term security for future ICT systems,... Read More

Internet of Things (IoT) ecosystems have become increasingly prevalent, fundamentally changing the way we live, work and play. Billions of IoT devices already exist, with hundreds more coming online each... Read More

NIST is working in close collaboration with the industry to address the shortcomings of the NIST Cryptographic Validation Programs and improve the efficiency and effectiveness of cryptographic module testing in... Read More

Representation of protocols such as TLS, SSH and IPsec vary widely in the Security Policies for modules validated to FIPS 140-2. This presentation covers associated guidance, representation of ciphersuites (and... Read More

The automotive industry has rapidly evolved in recent times in such a way that the cars have been transformed from a simple mode of transport to the ultimate mobile device.... Read More

Moderated by: Kelly Richdale

In August 2017 a new version 1.3 of the Transport Layer Security (TLS) protocol which is a secure protocol for transporting data between devices and across the internet was released.... Read More

The importance of connected devices, services, and platforms in modern society is growing rapidly, and nowhere is this more apparent than the smart city. Made up of a wide range... Read More

A cryptographic module is often thought as a black box delivering a cryptographic service (e.g. encryption/decryption, authentication, key generation): it is implicitly assumed that what happens inside the cryptographic module... Read More

Cloud is becoming a dominant tool for various government agencies. Hence securing the cloud has become a paramount task. FedRamp is US standard for clouds. In spite of FedRamp enforcement,... Read More

Description TBA.

This keynote will focus on sharing some of the successes and opportunities in achieving SDL (Security Development Lifecycle) at a large enterprise software vendor with a multitude of offerings. It... Read More

This presentation will give a very brief introduction to Arm Platform Security Architecture (though that is a separate submission) and then explains why Arm have decided to introduce a new... Read More

TLS (formerly SSL) is fairly well known, and most people are familiar with it through the ‘s’ at the end of the ‘https’ in web URLs. Securing communication is also... Read More

NIST announced that the transition from the legacy CAVS cryptographic testing tool to ACVP would likely happen in the beginning of 2019. The transition involves a new method of communication... Read More

The FIDO Alliance, a 250+ member association developing specifications and certification programs for simpler, stronger authentication, announced back in March 2018 the expansion of its certification program to include multi-level... Read More

Recently, the self-test related IGs 9.1, 9.11 and 9.12 have been updated to reduce the number of tests performed during power on to help improve module performance. At the same... Read More

The objective of this presentation will be to provide an update from the CMUF Security Policy Working Group. This talk will present “near” final versions of example Level 2 hardware... Read More

Description TBA

We are becoming increasingly ‘digitally dependent’, with connectivity spanning from our Edge devices, through the Fog and into the Cloud, helping us to manage every aspect of our personal, business... Read More

With the lines between enterprise key managers and hardware security modules being continually blurred or at worst, not well understood, it is easy to see two of our leading industry... Read More

You embark on the exciting journey of building a brand spanking new security hardware device. You require Fips 140-2 certification before deploying your device to the market place, everyone needs... Read More

Many security certification schemes exist and are a useful tool to check compliance or conformity to certain security criteria ideally nailed down in standards. However, the processes involved usually require... Read More

This presentation will discuss the following problems: * Not all certification levels fit * How do you include HW/SW/Edge/Cloud? * Patching security issues * How do you re-use from 1... Read More

From its humble beginnings storing keys for encrypted data stored on disk and tape, encryption key management has come a long way with the availability of a stable and widely... Read More

The OpenSSL 1.0.2 distribution that supports a FIPS 140-2 validated module will not be supported by the OpenSSL Management Committee past 2019. A new FIPS 140 module that supports TLS... Read More

Crypto Done Right (https://cryptodoneright.org) is a research project under development at Johns Hopkins funded by a grant from Cisco. We introduced the project at ICMC 2018. The goal of the... Read More

At some point during the development and validation of a cryptographic module, it is expected that the vendor’s certification expert(s) will have to perform at least one review of the... Read More

This presentation describes a user’s perspective on management of entire application stack with certified components, involving both FIPS hardware and Common Criteria applications on top. Further, we discuss how this... Read More

Description TBA

The recent NIST publications of new versions of the key establishment standards formed a complicated landscape for the CMVP, the implementers, and testers. The standards keep evolving, the new parameter... Read More

The purpose of this presentation is to establish the importance of a vulnerability management framework in an organisation. Presenters will walk through Gemalto’s vulnerability management process as a part of... Read More

Mandated in 2018, eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation defining standards for electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof of authentication... Read More

No one doubts that the handwritten signature will eventually be replaced by the digital signature. The European union is evolving towards new regulations for these systems based on certification. New... Read More

This presentation will compare and contrast the concepts of encryption key management and encryption key vaulting citing specific examples and drawing on the speakers experience with the two relevant industry... Read More

As more limits get introduced on the use of reflection in Java, Java 9 saw the introduction of multi-release jar files. These class archive files allow a JVM to dynamically... Read More

Data encryption, advanced authentication, digital signing and other cryptography-based security functions have come to play a vital role in organizations’ cybersecurity and regulatory compliance initiatives. To secure their digital assets... Read More

Equivalence Working Group Mission statement The Equivalence Working Group will work toward formulating recommendations, in the form of a draft Implementation Guidance (IG), which the CMVP finds acceptable to justify... Read More

Standard AES encryption of data provides confidentiality, but inhibits operations such as addition and comparison of ciphertexts. Baffle has developed a cryptographic technology using AES that allows data operations on... Read More

Over the past few years, assessment of compliance of products and services with the eIDAS regulation has been at the center of extensive debate. Product developers, service providers, certification authorities,... Read More

This is a joint presentation made by Paul Yang for BaishanCloud and Zhenlong Zhao from TrustChain. In this presentation, we would like to introduce the cutting-edge blockchain open source projects... Read More

The computer security Division at the National Institute of Standards and Technology is taking steps toward the standardization of threshold schemes for cryptographic primitives. These schemes have the potential to... Read More

The Red Hat Enterprise Linux 8 brings a concept of system-wide cryptographic policies which allow easy selection of allowed cryptographic algorithms and protocols that apply to all the core cryptographic... Read More

If encrypted data safeguards privacy, why do so few organizations and individuals encrypt their data? Encryption must be usable for widespread adoption. I’ll introduce the four principles of usable encryption... Read More

The session will look at how, among all of the practices and controls, cryptography acts as the nuts and bolts of security and why there would be very little Confidentiality,... Read More

This presentation will provide an overview of testing deemed necessary in FIPS and a summary of the challenges and opportunities for re-use in other Certifications based on lessons learned from... Read More

When implementing TLS 1.3 using a straightforward design for an HKDF interface in NSS, presenters ran into a number of issues that needed to be solved, particularly when running in... Read More

In an SP800-90B assessment, the vendor must determine if their noise source supports an IID assumption, and justify any claim that the source output is IID. The SP800-90B IID assessment... Read More

ISO/IEC 19790 provides the security requirements for a cryptographic module. Originally based on the U.S. FIPS 140-2, the ISO version has been further developed and improved in subsequent editions. The... Read More

Security of a virtual platform begins with a “Chain of Trust.” The trust chain means that a suitable trust anchor is used to validate the first software component launched, and... Read More

Description TBA

One of the major challenges in any distributed computing system is the availability of proper computing devices, i.e., powerful enough to accomplish the assigned tasks. This issue might be resolved... Read More

With the advent of the Internet of Things (IoTs), all kinds of modern electrical devices such as smart phones, medical devices, network sensors as well as traditional computing platforms are... Read More

In order to improve the security of the Internet of Things, Arm are developing PSA to provide a secure platform for building devices. The PSA includes design principles and a... Read More

One of the mandatory steps during FIPS module initialization is performing of Integrity Checking. Usually such checking does not cause any difficulties and can be easily addressed by well-known approaches.... Read More

Cryptography is almost in all IT products providing security. As such, the evaluation of the cryptographic code is part of a Common Criteria evaluation. On the other side, in a... Read More

Description TBA

Over the last several years, both CMVP and NIAP have been reducing the number of similar CPUs covered by a single CAVS test. Historically, an ARM was an ARM, an... Read More

While most auditing of cryptographic modules are around its effectiveness against an adversary, adversaries themselves are also updating their tooling to use strong cryptography. From crypto-locking malware to advanced command-and-control... Read More

Electronics devices are always targeted with different kind of attacks due to their activities related to data processing, data storage, and data transactions. Side-channel analysis techniques for detecting and quantifying... Read More

Description TBA

A randomness Beacon produces timed outputs of fresh public randomness. It pulsates randomness in an expected format at expected times, making it available to the public. Beacons offer the potential... Read More

If ISO/IEC 19790 is adopted as FIPS 140-3, what will it bring to the field of physical security? What changes will be necessary for us to remain compliant to the... Read More

Panelists will discuss the role of cryptographic modules in the cloud including current use cases, mitigation of security issues and CVEs, impact of 5G and smart cities, key security, the... Read More

Can you believe FIPS 140-2 is almost 19 years old!?! FIPS 140-2 is old enough to drive … it’s old enough to vote. After some false starts its time to... Read More

An in-depth look at the real-world process of validation with input from professionals who have hands-on experience at each step. Includes a case study of an actual validated CM product.

Description to come

Description to come

Answers must be in the form of a question! Come watch last year’s champion versus three new experienced contestants test their FIPS knowledge in a game of trivia related to... Read More

Description to come

Description to come

Description to come

As one of the earliest protocols in the internet, the domain name system (DNS) emerged during an era in which today’s global network was still an experiment. Security was not... Read More

NIST SP 800-90B – Recommendation for the Entropy Sources used for Random Bit Generation provides guidance for the development and validation of entropy sources. In this talk, we discuss the... Read More

Charles Brookson will provide a lively discussion on Crypto Past—and Lessons for the Future. Having been involved in security and cryptography in British Telecom since 1978, he will share many... Read More

The NIST Special Publication (SP) 800-90 series of recommendations provide guidance on the construction and validation of random bit generators in the form of deterministic random bit generators or non-deterministic... Read More

The side-channel analysis takes advantage of the key-dependent physical leakages provided by a cryptographic device, in order to recover secret information (key bytes, typically). Most of these attacks exploit the... Read More

Co-authors: Harold Booth, Luís T.A.N. Brandão, John Kelsey, René Peralta Following a 2013 prototype implementation, the NIST Beacon was upgraded in 2018 to match the new reference for Randomness beacons... Read More

A number of cryptographic key management and protection technologies are available today. Some have been in use for many years, while others are emerging in response to the transforming IT... Read More

Join atsec for a quick overview of how we made sure to be ready for the switch from FIPS 140-2 to FIPS 140-3 – and how you can benefit from... Read More

The evaluation guideline AIS 31 has been effective in the German certification scheme (Common Criteria) for almost two decades. The AIS 31, or more precisely, the corresponding mathematical-technical document defines... Read More

Galois/Counter Mode (GCM) is an approved block mode for the Advanced Encryption Standard (AES) cipher under FIPS 140-2, described in NIST Special Publication (SP) 800-38D. In that document, the security... Read More

Starting on November 7, 2020, FIPS 140-2 validations require that noise sources seeding Deterministic Random Bit Generators (DRBGs) must be compliant to NIST Special Publication (SP) 800-90B, “Recommendation for the... Read More

NIST 186-5 and other standards are slowly edging away from finite field based cryptography. The discrete logarithm problem over alternate groups have become more popular due to perceptions of improved... Read More

A new ISO standard has made in-person digital identity transactions with privacy protection a reality. Today, when we share our physical ID card, we lose control of our personal information.... Read More

Description to come

Wouldn’t it be great to know with absolute certainty that an identity claim is valid? Unfortunately that’s almost never possible. At some point the question becomes: how much identity reliability... Read More

Understanding the IoT AXIOM. Critical IoT Security Elements. FIPS Role in securing the IoT Edge.

The Common Criteria has been a framework for product evaluation of security functions since its inception in the late 1990s. As DevOps became the trend for development of agile cloud... Read More

Hardware Security Modules (HSM) have been around for many years in a variety of forms but they acquired their more “modern” denomination in January 1994 with the publication FIPS 140-1.... Read More

The talk will address the challenges that we face when we need to either migrate from one cryptographic scheme to another or be able to support multiple cryptographic schemes. Even... Read More

Description to come

Co-authors: Luís T.A.N. Brandão, Michael Davidson, Apostol Vassilev NIST is moving towards the standardization of threshold schemes for cryptographic primitives. The roadmap for this endeavor has two main tracks: single-device... Read More

Learning from encrypted data can address some of the primary concerns related to privacy, propriety, and legality of sharing sensitive data and potentially enable federated learning to gain insights from... Read More

With the development of IoT, millions and soon billions of autonomous devices are getting connected. One crucial step, which is necessary for the security of these devices, is to ensure... Read More

Description TBA

Processors used in today’s embedded systems span the spectrum of available hardware-based security features that can be enabled to secure these systems. This session will examine use cases of three... Read More

Description to come

The Key Per IO (KPIO) proposal is a joint initiative between NVMe and TCG Work Groups (WGs) to define a new KPIO Security Subsystem Class (SSC) under TCG Opal SSC... Read More

Cryptography and key management are the important techniques used in PCI (Payment Card Industry) standards family including but not limited to PCI DSS (Data security standard), PIN security, P2PE (Point... Read More

Explore how system architects and implementers can quickly and effectively harness cryptographic capabilities, as encompassed in several industry standards, to provide trusted and repeatable security solutions. We’ll review Cryptsoft’s history... Read More

Cryptography plays an essential role in most PCI security standards. This session provides an update on the status of cryptography in PCI standards including existing sunrise and sunset dates for... Read More

Automotive security has received considerable interest from academic and industry communities in the past 10 years.  In this talk, after providing a brief overview of attacks on automotive platforms, we... Read More

Topics to be covered: Introduction to payment acceptance on a mobile device (COTS). What about consumer experience? Payment schemes’ view. From security in a POS to security in a SoftPOS.... Read More

This presentation will report on PSA Certified, a new certification scheme for Inustrial IOT. Last year at the ICMC I spoke about PSA Certified. Since then we have fully launched... Read More

Underlying most modern security systems that protect confidentiality and integrity is the fundamental concept of cryptography; and powering every cryptographic system is the oft-overlooked presumption of a solid cryptosystem and... Read More

Today, the average time it takes for an IoT device to be attacked once connected to the internet is just five minutes. The security problem, however, is no longer limited... Read More

The design, development, and certification of cryptographic modules for protecting PCI data in a payments ecosystem is a unique challenge, especially when compared with general-purpose, embedded, or IoT environments. Compliance... Read More

Description to come

This talk compares valid key management techniques using a cryptographic hardware security module (HSM) with commonly used untrustworthy software-based crypto methods that basically spoof the HSM. Two hardware-based techniques are... Read More

There is an ever-growing population of IoT devices finding their way into the Department of Homeland Security’s (DHS) designated critical infrastructure ecosystems. The rich data from these devices drive next-generation... Read More

With the imminent publication of the Dedicated Security Component (DSC) collaborative Protection Profile (cPP), cryptographic capabilities that are currently specified in other Protection Profiles (PPs) (such as NIAP’s Mobile Device... Read More

Encrypting cardholder data flowing through an entity’s network is one of the most common ways merchants try to reduce or eliminate the burden of becoming PCI compliant. Using encryption to... Read More

Cryptography plays an important role in compliance with PCI standards, such as PCI DSS, P2PE, and PCI PIN. Assessors need to look at cryptosystems for handling payment data as well... Read More

The National Institute of Standards and Technology is holding a competition-like process to standardize lightweight cryptographic algorithms. This presentation will include the submission requirements, evaluation criteria, and tentative timeline, as... Read More

The proliferation of compliance programs serving the U.S. Federal market and regulated industries has created a confusing network of overlapping product certifications. When some require validated encryption but others don’t,... Read More

OUSD(A&S) is working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC). The CMMC... Read More

This panel will discuss the standards process and challenges associated with creating and adopting cryptographic standards in support of information security. The focus will be on applicability to financial services... Read More

Description to come

Cryptographic algorithm testing is and was always an integral part of FIPS 140-2 validations. In the past, the Cryptographic Algorithm Validation System (CAVS) was provided by NIST. Now, NIST is... Read More

The list of CVEs is always expanding, with some very familiar faces always present, and some less-familiar faces popping up occasionally. What is that telling us about different types of... Read More

FIPS 140-3 is structured very differently than the previous standard. This talk focuses on the ISO and NIST requirement documents and how they influence the CMVP program.

With the lines between enterprise key managers and hardware security modules being continually blurred or at worst, not well understood, it is easy to see two of our leading industry... Read More

This presentation walks through the standards necessary to understand how the US-Canada validation authority manages the ISO requirements and testing while meeting CMVP requirements.

With PKCS#11 V3.0 released as an OASIS standard, and v3.1 going through the final review and publication process, the OASIS PKCS#11 Co-chairs will provide an overview of what has changed... Read More

As CMVP stands up FIPS 140-3, this presentation addresses the roadmap and management of FIPS 140-2 and what this means to vendors, labs, and users. This is an overview of... Read More

Intel SGX is a trusted execution environment developed by Intel that enhances protection against disclosure or modification of data by partitioning the application into CPU-hardened enclaves and offering much higher... Read More

Whether you plan for it or not, Differential Power Analysis (DPA) is going to be a part of many security evaluations going forward, being part of requirements in FIPS 140-3.... Read More

Indirect physical attacks such as sustained power monitoring have demonstrated that it is possible for some equipment to reveal sensitive key information. This presentation will provide an overview as to... Read More

We are at the pinnacle of innovation for security. Yet, Security leaders today are stressed with too much to do, too many security tools, too much complexity, too many alerts, and... Read More

This talk walks through the standards necessary to understand how the US-Canada validation authority manages the ISO requirements and testing while meeting CMVP requirements.

There have been many exciting new developments in cryptography in recent years. Cryptographic technologies like zero knowledge proofs and homomorphic encryption enable exciting new applications. But these new cryptosystems are... Read More

This presentation discusses how these validations will be integrated into the CAVP program and automation.

PARSEC is a collaborative project led by Docker and Arm to provide a consistent interface for Edge devices access crytpographic assets stored in a wide range of endpoints. PARSEC provides... Read More

CAVP has reformulated the algorithm process over the last year. This presentation will address how the process now works, who can use the service, and how the information is used.c

On behalf of the Cryptographic Module User’s Forum (CMUF) FIPS 140-3 Transition Working Group (WG), the speaker will report the work performed by the WG to assist the Cryptographic Module... Read More

TLS is one of the widely used protocols for secure communication channels between connected devices. Security has improved for TLSv1.3 compared to previous versions of TLS. Therefore, the Network iTC... Read More

This presentation will explain the key differences between FIPS 140-2 and 140-3 requirements for the most used levels (1 and 2) of software, hardware and hybrid modules. A summary mapping... Read More

SDLC and open source cryptography in Hyperledger, defense in depth from development, testing, deployment and operation of blockchain frameworks. An open source cryptography library (Ursa) targeted to the Blockchain use... Read More

During the development cycle of Red Hat Enterprise Linux 8, the RHEL Crypto team engineers have worked on multiple fronts to both increase the amount of software we can consider... Read More

Description to come

This presentation will provide the latest from the CMVP: from new and updated Implementation Guidance to lab accreditation changes, and all initiatives in between.

NCC Group Cryptography Services has completed numerous cryptography audits across a range of open-source cryptography projects over a number of years. During this talk, the speaker will focus on the... Read More

Recently Cloudflare announced a wide-scale post-quantum experiment that was conducted in cooperation with Google. We focused on using post-quantum key exchange algorithms by real clients for the TLS session establishment... Read More

Description to come

The security of cryptography in practice relies not only on the resistance of the algorithms against cryptanalytical attacks, but also on the correctness of their implementations. NIST maintains the CAVP,... Read More

Co-authors: Luís T.A.N. Brandão, René Peralta, Angela Robinson Privacy-enhancing cryptography (PEC) techniques, such as zero-knowledge proofs (ZKPs) and secure multi-party computation (SMPC), enable multiple agents to interact meaningfully without revealing... Read More

Description to come:

Description TBA

Two of the most “production ready” post-quantum signature algorithms are the eXtended Merkle Signature Scheme (XMSS) and Leighton-Micali Hash-Based Signatures (LMS). Both schemes have RFCs issued for them, with other... Read More

IPA/JCMVP is the validation authority of cryptographic module validation in Japan. IPA/JCMVP has started two-year transition period of cryptographic module security requirements to ISO/IEC 19790:2012 and ISO/IEC 24759:2017, from July... Read More

This presentation provides an update on the NIST Post-Quantum Cryptography Standardization process. As we proceed to the third-round selection, this presentation shares what has been learned in evaluating the first... Read More

Over the last several years, both the CMVP and NIAP have been reducing the number of similar CPUs covered by a single CAVS test. Historically, an ARM was an ARM,... Read More

Alongside advances in quantum computing which create the need for quantum-safe cryptography, further advances in technology such as the internet of things (IoT) give rise to additional problems to be... Read More

Standardization of Post-Quantum Cryptography (PQC) was started by NIST in 2016 and has proceeded to its second elimination round. The upcoming standards are intended to replace (or supplement) current RSA... Read More

This talk will look at what is required to ensure that the connected world is secure. Specifically, it will look at the third-party certification and what we need to do... Read More

Highly regulated industries and critical infrastructure environments demand fulfillment of security requirements through rigorous and standardized approaches. In this context, the value of Common Criteria certifications is internationally recognized, but... Read More

To address the requirements of the market for IoT product evaluations, the standard SESIP (Security Evaluation Standard for IoT Platforms) was designed in and for the IoT time scales. This light-weight... Read More

There is a great need for security and assurance in the fast growing connected world. To address this need, very many dedicated security evaluation schemes are popping up, often with... Read More

Hybrid key agreement schemes combining classical and post-quantum schemes have a key benefit as the solid and well-researched security of classical schemes is combined with the quantum-safety of new schemes.... Read More

The EU has established a new Cyber Security Law. The objectives are to standardize and protect the market, eliminating the duplicate efforts and different policies among members. Although the law... Read More

Recently, FIPS 140-2 Implementation Guidance (IG) D.8 and D.1-rev3 have been updated to state the requirements for vendor affirmation to NIST Special Publication (SP) 800-56A Rev3 and the transition from... Read More

Evolutions on quantum computing make us worry about its impact on actual technologies. In such a context, in this talk we are interested in the impacts of the post-quantum cryptography... Read More

Several NIST key establishment standards have been recently updated: SP 800-56A, 56B and 56C. As these standards represent a significant shift in the key agreement and key transport paradigms, it... Read More

The cryptographic landscape is evolving as quantum computing emerges. New quantum-safe standards will be published in the next few years. These changing global standards will pose many challenges for organizations.... Read More

Description to come

Cloud has become an inevitable infrastructure for government agencies world wide. So, securing workloads in the cloud has become a high priority task. FedRAMP is an established US government Risk... Read More

In this talk, we will analyze in depth the need for harmonization between NIAP and CAVP (FIPS) requirements. We will review changes to the recent NIAP Policy 5 Guidance update... Read More

Details of the presentation will be announced, based on pending events and positions. This presentation will address and explain the NSA positions on cryptographic choices today that best position organizations... Read More

Description TBA

If you read the news these days relating to cyber security, it is virtually impossible to miss the large number of articles which focus on the ever-increasing labor shortage in... Read More

Supersingular Isogeny Key Encapsulation (SIKE) is the only key exchange mechanism based on elliptic curves submitted to NIST for standardization. Although SIKE is a younger candidate in comparison to the... Read More

ACVP is becoming the only accepted method by which cryptographic algorithms are validated and certified with NIST. As the CAVS tool’s time comes to an end, so to do some... Read More

After giving an overview of the Open Quantum Safe (OQS) project, the presenter will describe recent post-quantum cryptography experiments in TLS/SSH using OQS, including: 1) benchmarks on the impact of... Read More

The much-awaited FIPS 140-3 is here but the elephant in the room is “what happens to all the 140-2 module and algorithm certificates?” This presentation will look at the various... Read More

Description to come

This talk will discuss the challenges and opportunities faced by the move to cloud based HSMs. The current standardization landscape will be discussed, including a dive into the new PCI... Read More

ISO standardization has made in-person digital identity transactions with privacy protection a reality. Today, when we share our physical ID card, we lose control of our personal information. Once handed... Read More

This session will provide an ISO 19790 Update.

The Department of Defense (DoD) has always considered cryptographic security a top priority for products listed on the Department of Defense Information Network Approved Products List (DoDIN APL). From its... Read More

The state of the art in privacy-enhancing cryptography (PEC) includes various tools that fall outside traditional standardization activities. Yet, as technology advances, some of these PEC tools (ZKP, SMPC, PSI,... Read More

A standards-based perspective on managing PIN in the payment ecosystem, this presentation includes PCI PIN, X9 PIN, and ISO PIN considerations.

Update on NIST and NIAP cooperative activities  

Online Certificate Status Protocol (OCSP) gives users of a PKI a means of knowing whether an x.509 certificate is valid in real time. The protocol is intended to replace the... Read More

The current state of the Cryptographic Algorithm Validation Program (CAVP) operations will be presented.

This is an introduction to the PCI Security Track. Troy Leach will provide an overview of PCI Standards and industry direction with an emphasis on the role that cryptography plays... Read More

As was discussed in CMUF training sessions in summer 2019, actual requirements for Non-Invasive Attacks are expected to be announced by CMVP by the end of 2021. This presentation will... Read More

The current state of the Cryptographic Module Validation Program (CMVP) operations will be presented.

Side-channels are non-intentional physical emanations which might leak sensitive information out of the boundary of chip. The threat is well-known: even if cryptographic keys are kept safe while at rest,... Read More

This is a reprise of last years highly successful panel discussion. The status of ANSI/X9,ISO, NIST and PCI standards in the crypto space forms the basis of this discussion.

New and upcoming CMVP Implementation Guidance will be presented.

MACsec, also known as IEEE 802.1AE, is a network security standard that adds confidentiality and integrity to layer 2 traffic. The standard was initially published in 2006 as an extension... Read More

Since the end of the 90s, side-channel attacks have gotten more public attention starting with simple and differential power analysis going towards profiled attacks and machine learning in the recent... Read More

Certification evaluation process can be challenging for all parties involved. Vendors want their products to market and evaluation labs evaluate against various standards such as FIPS 140-2/140-3 and PCI to... Read More

As outlined in NISTIR 7977, NIST commits itself to the periodic review and maintenance of its cryptographic standards and guidelines. In this context, NIST has established the Crypto Publication Review... Read More

Within the past year, ACVT has been going on at full speed between NIST, the vendors, and the labs. atsec has been a pioneer in this work in collaboration with... Read More

IBM first achieved PCI HSM for the Crypto Express 6S (CEX6S) with Common Cryptographic Architecture (CCA) firmware for IBM Z in 2018. IBM achieved an update certification in 2019 and... Read More

Two separate working group updates will be provided. 1. Single Chip Working Group – Details about the group itself (when it was formed, # of members, etc.) – Group objectives... Read More

Implementing P2PE can be difficult for any organization, but bringing together disparate legacy processes and key management systems into a unified product strategy that is both efficient and P2PE-compliant can... Read More

A secure implementation of a randomness beacon, such as specified by NISTIR 8213, poses a number of challenges related to the composition of various components and functions. For example, it... Read More

AWS is working with NIST, IETF and ETSI to ensure that post-quantum standards are ready. We are gaining experience in deployment on a large scale by enabling PQ TLS in... Read More

Most of the 100+ products we certify a year are “platforms” that need to be composed with software towards a complete end-product. It is those end-products that actually have the... Read More

Organizations within the Federal Government will increasingly use Internet of Things (IoT) devices for the mission benefits they can offer, but care must be taken in the acquisition and integration... Read More

This is a placeholder, pending approval of final content. The general intent is to give an update on the NSA position regarding the use of post-quantum cryptography, plans for the... Read More

This presentation will discuss Quantum Threat

Hardware security modules have long represented the industry standard way of protecting private and secret keys for information security infrastructures. As information processing moves to the cloud this panel discusses... Read More

Description to come

The transition to post-quantum cryptography (PQC) is underway and in just a few months NIST will announce their Round 3 selections, naming the first set of PQC algorithms to be... Read More

The current state of transitioning from FIPS 140-2 to FIPS 140-3 and associated changes will be presented.

The United States Federal Government has passed the first Internet of Things (IoT) legislation that prohibits federal agencies from purchasing IoT devices that do not meet specified security protocols. According... Read More

NIST post quantum cryptography (PQC) candidates will soon undergo a third round of vetting and standards are likely to be published in draft form by 2022. But the real work... Read More

The current state of the NIST automation and processing of CMVP and CAVP validations will be presented.

Public-key cryptography at the heart of all protocols will need to be replaced or supplemented with post-quantum components to achieve long-term security. This talk describes avenues and problems in transitioning... Read More

The current state of the Handbook 150-17 and the CMVP and CAVP scopes will be presented.

Device Identifier Composition Engine (DICE) is an emerging industry standard published by the Trusted Computing Group (TCG). DICE is intended to be a more lightweight alternative to the TCG’s well-known... Read More

The potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems... Read More

This presentation is a joined case study between Bundesdruckerei & Deutsche Fiskal and PrimeKey. It will show how to design and implement a Common Criteria Certified Cloud Service for fiscalization.... Read More

In 2016, NIST announced a worldwide call for submissions to replace the public-key cryptographic algorithms which would be threatened by attacks from a large-scale quantum computer. In response, NIST received... Read More