Pre-Conference Workshops (Ottawa Salon 210) |
09:00 Decrypting Crypto: An Introduction to Cryptography (W00a) Jon Green, HPE, United States
Pre-Conference Workshops (Ottawa Salon 212) |
09:00 Intro to FIPS 140 (W00b) Yi Mao, Lab Director, atsec information security, United States
Pre-Conference Workshops (Ottawa Salon 211) |
09:00 Introduction to Blockchain (W00c) Arthur Nicewick, SalusSec LLC, United States
Rideau Canal Atrium
Pre-Conference Workshops (Ottawa Salon 210) |
13:30 The Post Quantum Crypto World and the Need for Crypto Agility (W01a) Tomislav Nad, InfoSec Global, Switzerland; Vladimir Soukharev, Chief Post-Quantum Researcher & Cryptographer, InfoSec Global, Canada
Pre-Conference Workshops (Ottawa Salon 212) |
13:30 FIPS 140-2 Validation Process: Overview and Case Study (W01b) Tammy Green, Senior Principal Security Architect, Symantec, United States; Ian Hall, Certification Architect, Symantec, United States; Brad Proffitt, Business Director, Lightship Security, Canada; Carolyn French, Communications Security Establishment, Canada
Pre-Conference Workshops (Ottawa Salon 211) |
13:30 Introduction to Common Criteria (W01c) Lachlan Turner, Partner, Lightship Security, Canada
Conference Sessions
Rideau Canal Atrium
Ottawa Salon 213-215
09:00 Welcome Address, Yi Mao, atsec information security
09:10 Plenary Keynote Address: Digital Disruption and the Implications for Cybersecurity and Cryptography (P10a) Jason Hart, CTO Data Protection, Gemalto, United Kingdom
09:50 Plenary Keynote Address: What’s Next for Cryptography? How CSE Balances Privacy and Innovation in the Public and Private Sectors (P10b) Scott Jones, Assistant Deputy Minister, Information Technology Security, Communications Security Establishment, Canada
Ottawa Salon 214
Certification Programs (Ottawa Salon 210) |
11:15 Certification Track Keynote Address: Increasing the Value of Certifications to the End-User (C11a) Jeff Blank, Technical Director, Endpoint Solutions, NSA Cybersecurity, United States
11:45 CMVP Programmatic Update (C11b) Carolyn French, GoC, Canada; Beverly Trapnell, NIST, United States
12:15 NIAP Update (C11c) Dianne Hale, NIAP, United States
General Technology (Ottawa Salon 209) |
11:15 General Technology Track Keynote: Hardware Security Modules (HSM), Past, Present and Future (G11a) Bruno Couillard, Crypto4A, Canada
11:45 Usability, Validation and Abuse (G11b) Valerie Fenwick, Director of Software Engineering, Platform Security Division, Intel, United States
12:15 SP800-90B: Testing Process, Result Bounds, and Current Issues (G11c) Joshua Hill, Information Security Scientist, UL, United States
Industry Vertical/Embedded Crypto (Ottawa Salon 211) |
11:15 Industry Vertical/Embedded Crypto Track Keynote: Embedded Encryption and Blockchain Technologies for IoT Security (E11a) Dr. Najwa Aaraj, United States
11:45 “FIPS 140-2 Inside”—You’re (Probably) Doing It Wrong (E11b) Mark Minnoch, KeyPair Consulting, United States
12:15 IoT Security—GAME OF TRUST (E11c) Roland Atoui, Red Alert Labs, France; Isaac Dangana, Red Alert Labs, France
Post-Quantum Crypto (Ottawa Salon 212) |
11:15 Post-Quantum Crypto Track Keynote: Progress in Post-Quantum Cryptography (Q11a) Tanja Lange, Eindhoven University of Technology, Netherlands
11:45 Quantum Update (Q11b) Michele Mosca, Institute for Quantum Computing, University of Waterloo & evolutionQ Inc., Canada
12:15 Chairman’s Report from ETSI TC Cyber Working Group for Quantum Safe Cryptography (Q11c) Mark Pecen, CEO, Approach Infinity & COO, ISARA Corporation, Canada
Ottawa Salon 213-215
Certification Programs (Ottawa Salon 210) |
13:45 Update on the Automated Cryptographic Validation Program (ACVP) (C12a) Apostol Vassilev, NIST, United States; Tim Anderson, Amazon, United States; Harold Booth, NIST, United States; Shawn Geddis, United States; Barry Fussell, Cisco, United States; Bradley Moore, NIST, United States; Robert Relyea, Red Hat, United States
[90MIN]
General Technology (Ottawa Salon 209) |
13:45 Using FPGAs in the Cloud for Decentralized Trusted Execution (G12a) Ahmed Ferozpuri, George Mason University, United States
14:15 GlobalPlatform: Cryptography Algorithm Classification and Crypto Agility (G12b) Olivier Van Nieuwenhuyze, GlobalPlatform Board Member and Security Task Force Chair, Netherlands
14:45 Deep Inside: The Benefits and Implications of Sub-Chip FIPS Modules (G12c) Renaudt Nunez, atsec information security, United States
Industry Vertical/Embedded Crypto (Ottawa Salon 211) |
13:45 FIPS, IoT Medical Devices and the DoD/VA (E12a) Loren Shade, Allegro Software, United States
14:15 FIPS 140-2 Perspectives on IoT Devices in a Blockchain Setting (E12b) William Sandberg-Maitland, SPYRUS, Canada
14:45 Secrets of Crypto Technology Revealed for Enhanced ICS Cybersecurity (E12c) Chris Guo, Ultra Electronics, 3eTI.com, United States
Post-Quantum Crypto (Ottawa Salon 212) |
13:45 NIST Post-Quantum Cryptography Standardization Update (Q12a) Lily Lidong Chen, NIST, United States; Dustin Moody, NIST, United States
14:15 The Libpqcrypto Software Library For Post-Quantum Cryptography (Q12b) Daniel J. Bernstein, University of Illinois at Chicago, United States
14:45 Practical Quantum-Resistant Cryptography from Supersingular Isogenies (Q12c) Patrick Longa, Microsoft Research, United States
Ottawa Salon 213-215
Certification Programs (Ottawa Salon 210) |
15:45 Mandating CMVP for NIAP Evaluations Panel Presentation (C13a) Moderator: Dianne Hale, NIAP, United States, Panelists: Michael Cooper, IT Specialist, NIST, United States; Terrie Diaz, Product Certification Engineer, Cisco Systems, United States; Matt Keller, Corsec, United States; Edward Morris, Co-founder, Gossamer Security Solutions, United States; Nithya Rachamadugu, Director Cygnacom United States
[60MIN]
16:45 FIPS 140-3 Update (C13c) Michael Cooper, IT Specialist, NIST, United States
General Technology (Ottawa Salon 209) |
15:45 AES DUKPT and its Applicability in General Purpose Crypto (G13a) Steven Bowles, Chief Security Officer, Futurex, Canada
16:15 FIPS 140-2 Validations in a Secure Enclave (G13b) Chris Conlon, wolfSSL, United States
16:45 EncryptedQuery: A Practical Solution for PIR (G13c) John Petro, Envieta Systems, United States
Industry Vertical/Embedded Crypto (Ottawa Salon 211) |
15:45 Trusted and Localized Entropy Source for Advanced IoT Security (E13a) Jongwon JP Park, EYL, South Korea; Junghyun Francis Baik, EYL, South Korea
16:15 Blockchain Internals Made Simple (E13b) Arthur Nicewick CTO SalusSec, United States
16:45 Security Certification Schemes for Smart Cars (E13c) Jose Emilio Rico, Lab Technical Manager, DEKRA, Spain
Post-Quantum Crypto (Ottawa Salon 212) |
15:45 Recent Progress in Hardware Implementations of Post-Quantum Isogeny-Based Cryptography (Q13a) Reza Azarderakhsh, Florida Atlantic University and PQSecure Technologies, United States
16:15 Integrating Quantum-Resistant Algorithms into Applications (Q13b) Christian Paquin, Microsoft, United States
16:45 Open Quantum Safe (Q13c) Vlad Gheorghiu, University of Waterloo, Canada
Enjoy an informal group dinner at one of Ottawa’s best restaurants with your ICMC colleagues. Select a restaurant and reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:45 at the ICMC registration desk and depart from there. Click here to reserve your seat!
Conference Sessions
Ottawa Salon 213-215
Certification Programs (Ottawa Salon 210) |
09:00 NIST and NIAP Working Together (C20a) Mary Baish, NIAP, United States; Michael Cooper, NIST, United States
09:30 “Revalidation in Response to CVE” Working Group (C20b) Fabien Deboyser, Thales eSecurity, United States; Carolyn French, CSE, Canada; Ryan Thomas, Acumen Security, United States
10:00 Touch the Cloud: Closing the FIPS Validation Gap (C20c) Yi Mao, Lab Director, atsec information security, United States
General Technology (Ottawa Salon 209) |
09:00 Tamper Labels Examined (G20a) Steve Weingart, Aruba, a Hewlett Packard Enterprise company, United States
09:30 GPU-Accelerated High-Performance Hardware Security Module (G20b) Fangyu Zheng, Institute of Information Engineering, CAS, China
10:00 Meeting FIPS 140 Requirements—An RSA Story (G20c) Steven Schmalz, RSA, United States
Common Criteria (Ottawa Salon 211) |
09:00 Common Criteria Track Keynote (R20a) Miguel Banon, Global Technology Leader for Cybersecurity, Epoche and Espri (a DEKRA company), Spain
09:30 Is 2018 a Make or Break Year for CC? (R20b) John Boggie, NXP Semiconductors, United Kingdom
10:00 Making Objectivity Work Harder: Text, Tools and Fuzzing (R20c) Tony Boswell, DNV GL Technical Assurance Laboratory, United Kingdom
Post-Quantum Crypto (Ottawa Salon 212) |
09:00 Advances in Quantum Key Distribution: Standardization, Networking, and Space Applications (Q20a) Bruno Huttner, ID Quantique, Switzerland
09:30 A Session Key Service for Post-Quantum Security in Standard Protocols (Q20b) David Mcgrew, Cisco Systems, United States
10:00 Isogeny-Based Quantum-Resistant Group Key Agreement (Q20c) Vladimir Soukharev, Chief Post-Quantum Researcher & Cryptographer, InfoSec Global, Canada
Ottawa Salon 213-215
Certification Programs (Ottawa Salon 210) |
11:00 Comments on NIST Standards for Random Number Testing (C21a) Yuan Ma, Institute of Information Engineering, Chinese Academy of Sciences, China
11:30 Structured Entropy Assessment and Practical Evaluation Considerations (C21b) Greg McLearn, Lightship Security, Inc., Canada
12:00 Automation of CAVS Testing: Bringing CAVP and Vendor Together (C21c) Stephan Mueller, atsec information security, United States
General Technology (Ottawa Salon 209) |
11:00 10 Years of FIPS 140-2 Certifications at Red Hat (G21a) Tomas Mraz, Red Hat, Czech Republic
11:30 Panel Discussion: Technology Challenges in CM Validation (G21b) Moderator: Nithya Rachamadugu, Director, CygnaCom, United States Panelists: Tomas Mraz, Senior SW Engineer, Red Hat, Czech Republic; Steven Schmalz, Principal Systems Engineer, RSA—the Security Division of EMC, United States; Fangyu Zheng, Institute of Information Engineering, CAS, China
[60MIN]
Common Criteria (Ottawa Salon 211) |
11:00 Identifying Cryptographic Implementations in Common Criteria (R21a) Cory Clark, Government of Canada, Canada
11:30 A Survey of Common Criteria Certification Scheme Cryptographic Algorithm Requirements (R21b) King Ables, atsec information security corporation, United States
12:00 Smart Application of CC: CC Can Actually Be Efficient, Lean and Useful! (R21c) Wouter Slegers, Your Creative Solutions, Netherlands
Post-Quantum Crypto (Ottawa Salon 212) |
11:00 A Brief Introduction to Quantum Random Number Generation Technologies (Q21a) Jeong Woon Choi, Quantum Technology Lab, SK Telecom, South Korea
11:30 Panel Discussion: QRNG Outlook (Q21b) Moderator: Michele Mosca, University Research Chair and Co-Founder, Institute for Quantum Computing, University of Waterloo; Co-Founder & CEO, evolutionQ Inc., Canada; Panelists: Bruno Huttner, Quantum Safe Product Management, ID Quantique,Switzerland Sae Woo Nam, NIST, United States; Bertrand Reulet, Professor, Université de Sherbrooke, Canada; David Sabourin, Acting Director, Cryptographic Client Services and Operations, Canada.
[60MIN]
Ottawa Salon 213-215
Certification Programs (Ottawa Salon 210) |
13:30 State of CAVP (C22a) Harold Booth, NIST, United States
14:00 Panel Discussion: ACVP—How It Will Change the Way You Work (C22b) Moderator: Harold Booth, NIST, United States; Panelists: Shawn Geddis; Stephan Mueller, atsec, United States; Dayanandini Pathmanathan, Common Criteria Evaluator Cygnacom Solutions; Alicia Squires, Global Certifications Team – Manager, FIPS/Common Criteria Cisco Systems.
[60MIN]
General Technology (Ottawa Salon 209) |
13:30 Analyzing Block Device Timing Events as a Source of Entropy (G22a) Kirill Sinitski, CygnaCom, Canada; Mike Ounsworth, EntrustDatacard, Canada
14:00 The Use of /dev/urandom as the Entropy Source in the Real World (G22b) Rumman Mahmud, Cisco Systems, United States; Zhiqiang Wang, Gossamer Security Solutions, United States
14:30 Abstractions To Help Developers Write Good Crypto (G22c) Isaac Potoczny-Jones, CEO, Tozny, United States
Common Criteria (Ottawa Salon 211) |
13:30 CC and Crypto Evaluations in Turkey (R22a) İbrahim Halil Kirimizi, Common Criteria Certification Specialist, Turkish Standards Institution, Turkey
14:00 Completeness in High Assurance Common Criteria Evaluation for eIDAS in Europe (R22b) Leo Kool, Sr. Security Evaluator, Brightsight, Netherlands
14:30 Spanish Catalogue of Qualified Products: A New Way of Using CC for Procurement (R22c) Jose Ruiz Gualda, Co-Founder, jtsec, Spain
Open-Source Crypto (Ottawa Salon 212) |
13:30 OS Crypto Track Keynote: Challenges in Implementing Usable Advanced Crypto (S22a) Shai Halevi, Principal Research Staff Member, IBM T. J. Watson Research Center
14:00 Avoiding Burning at Sunset – Future Certification Planning in Bouncy Castle (S22b) David Hook, Director/Consultant, Crypto Workshop, Australia
14:30 OpenSSL Project Overview (S22c) Rich Salz, Senior Architect Akamai Technologies & Member, OpenSSL Dev Team, United States
Ottawa Salon 213-215 (Exhibits Close at 15:30)
Certification Programs (Ottawa Salon 210) |
15:30 ACVP Client Integration for FIPS Algorithm Testing and Runtime Crypto Assessment (C23a) Barry Fussell, Cisco Systems, United States; Ellie Daw, Cisco Systems, United States
16:00 Realigning (Not Re-inventing!) the Wheel: Applying a Composition Model to FIPS 140-2 Validation (C23b) Steve Weymann, KeyPair Consulting Inc., United States
16:30 In FIPS 140-2 Validations, Why So Much Redundant Data Redundancy in FIPS 140-2 Validations? (C23c) Quentin Gouchet, atsec information security, United States
General Technology (Ottawa Salon 209) |
15:30 Traditional Hardware Security Modules vs Real World Requirements. Is There a Gap? (G23a) Martin Oczko, PrimeKey Labs GmbH, Germany
16:00 The Details of an Ongoing Transition to the Stronger Key Establishment Methods (G23b) Allen Roginsky, NIST, United States
16:30 KMIP 2.0 vs Crypto in a Cybersecurity Context (G23c) Tony Cox, Cryptsoft, Australia; Chuck White, Fornetix, United States
Common Criteria (Ottawa Salon 211) |
15:30 Flaw Remediation Begins Where Product Certification Finishes (R23a) Malcolm Levy, Check Point Software Technologies, United States
16:00 Panel Discussion: FIPS and Common Criteria–How They Play Together (R23b) Moderator: Steve Weingart, Aruba, a Hewlett Packard Enterprise company, United States, Panelists: Joshua Brickman, Director, Security Evaluations Oracle; Erin Connor Director EWA-Canada; Alan Kaye Director, Compliance Management Fortinet, Canada; Laurie Mack Director Security & Certifications, Gemalto, United States
[60MIN]
Open-Source Crypto (Ottawa Salon 212) |
15:30 OpenSSL FIPS Module Validation Project (S23a) Tim Hudson, CTO and Technical Director, Cryptsoft Pty, Australia; Ashit Vora, Acumen Security, United States
16:00 China and Crypto Open Source Projects (S23b) Paul Yang, Architect, BaishanCloud, China
16:30 LibreSSL (S23c) Brent Cook, OpenBSD, United States
Come watch three experienced contestants test their FIPS knowledge in a game of trivia related to algorithms, derived testing requirements, entropy, implementation guidance and more. A few members from the audience will be selected to assist the contestants on specific questions and be eligible to win prizes. Your Host: Nick Goble, CGI, United States
Ottawa Salon 213, 215
Conference Sessions
Rideau Canal Atrium
Certification Programs (Ottawa Salon 210) |
09:00 A Look Back to a Decade of Security Certification, and a Look Forward the New Landscape in Europe (C30a) Miguel Banon, Global Technology Leader for Cybersecurity, Epoche and Espri (a DEKRA company), Spain
09:30 Building Certification Bodies (C30b) Wouter Slegers, CEO, Your Creative Solutions, Netherlands
10:00 O-TTPS Certification as a Companion to CMVP and Common Criteria (C30c) Teresa MacArthur, EWA-Canada, Canada
Advanced Technology (Ottawa Salon 209) |
09:00 Advanced Technology Track Keynote: Lightweight Post-Quantum Crypto: An Oxymoron (A30a) Victor Mateu, Crypto Developer, DarkMatter, United Arab Emirates
09:30 Permutation-Based Cryptography (A30b) Guido Bertoni, Security Pattern, Italy
10:00 Sizing Up the Threshold: Challenges and Opportunities in the Standardization of Threshold Schemes for Cryptographic Primitives (A30c) Apostol Vassilev, NIST, United States
End-User Experience (Ottawa Salon 211) |
09:00 End-User Experience Track Keynote: Building Composed Security Solutions for Multinational and Interagency Operations (U30a) Alex MacPherson, Cyber Security Engineering & Architecture, National Defense / Government of Canada, Canada
09:30 The FIPS 140-2 CM Overall Rating: What’s (Not) in It For Me? (U30b) Sridhar Balasubramanian, NetApp, United States; Mike Scanlin, NetApp, United States
[60MIN]
Open-Source Crypto (Ottawa Salon 212) |
09:00 TLS 1.3 and NSS (S30a) Robert Relyea, Red Hat, United States
09:30 TLS Panel Discussion (S30b) Moderator: Tim Hudson, CTO and Technical Director, Cryptsoft Pty, Australia; Panelists: Brent Cook, OpenBSD, United States; David Hook, Director/Consultant, Crypto Workshop, Australia Rich Salz, Senior Architect, Akamai Technologies & Member, OpenSSL Dev Team, United States;
[60MIN]
Rideau Canal Atrium
Certification Programs (Ottawa Salon 210) |
10:45 CAVP/CMVP Requirements from 800-90B (C31a) Mary Baish, NIAP; Michael Cooper, IT Specialist, NIST; Allen Roginsky NIST
11:15 TOO MANY CERTIFICATIONS! (C31b) Ken Fuchs, Motorola Solutions, United States
11:45 IG Updates: Chasing the Moving Target (C31c) Swapneela Unkule, atsec information security, United States
Advanced Technology (Ottawa Salon 209) |
10:45 Panel Discussion: The Future of HSMs and New Technology for Hardware Based Security Solutions (A31a) Tony Cox, Cryptsoft, Australia; Thorsten Groetker CTO, Utimaco; Tim Hudson, Cryptsoft, Australia; Todd Moore, Gemalto, United States; Robert Burns, Thales, United States
[60MIN]
11:45 The Role of Product Platforms in Information Security: Building on the Success of Cryptographic Modules (A31c) Lawrence Dobranski, Catalone IT Security, Canada
End-User Experience (Ottawa Salon 211) |
10:45 A Quantum of Safety—Rooting Trust in a Quantum World (U31a) Mike Brown, ISARA Corporation, Canada
11:15 Towards A Crowd-Sourced Cryptographic Knowledge Base (U31b) Debra Baker, Cisco, United States; Seth Nielson, Johns Hopkins University, United States
11:45 Keys, Hollywood, and History: The Truth About ICANN and the DNSSEC Root Key (U31c) Richard Lamb, Self-Employed, United States
Open-Source Crypto (Ottawa Salon 212) |
10:45 A Case Study on Certification and Audit of Open Source Security Software (S31a) Tomas Gustavsson, CTO, PrimeKey Solutions AB, Sweden
11:15 Proving the Correctness of Amazon’s s2n TLS Library (S31b) Aaron Tomb, Galois, United States
11:45 Do You Really Know Where Your Crypto is Executing? (S31c) Kelvin Desplanque, Cisco Systems, Canada; Barry Fussell, Cisco Systems, United States
Ottawa Salon 210 (Open to All)
Rideau Canal Atrium
Industry Perspectives (Ottawa Salon 210) |
13:30 Reducing Conflict of Interest in Third Party Security Testing Validations/Certifications (Y32a) Carol Cantlon, EWA-Canada, Canada
14:00 Brexit, and What It Means for Product Evaluations in the UK and Europe (Y32b) Simon Milford, DNV GL, United Kingdom
14:30 The EU Cybersecurity Act: Is This the First Tangible Evidence of the Balkanization of Common Criteria? (Y32c) Joshua Brickman, Oracle, United States; Elaine Newton, Oracle, United States
Advanced Technology (Ottawa Salon 209) |
13:30 Efficient Side-Channel Testing Using TVLA (A32a) Gilbert Goodwill, Rambus – Cryptography Research, United States; Gary Kenworthy, Rambus – Cryptography Research, United States
14:00 Breaking Symmetric White-Box Algorithms Using CPA and DFA (A32b) Gabriel Goller, R&D Specialist Cryptology, G+D Mobile Security, Germany
14:30 Campfire Stories: Test to Break or Test to Verify? (A32c) Bart Jan Koning, Riscure, United States; Erwin in ‘t Veld, Product Manager, Riscure, United States
End-User Experience (Ottawa Salon 211) |
13:30 Update from the “Security Policy” Working Group (U32a) Ryan Thomas, Acumen Security, United States
14:00 We Feel Your Pain! Getting Ready for Certification (U32b) Alan Kaye, Fortinet, Canada; Brad Proffitt, Lightship Security, Canada
14:30 Planning Ahead: Certificate Maintenance (U32c) Abdullah Abubshait, Cygnacom Solutions, United States
Open-Source Crypto (Ottawa Salon 212) |
13:30 The Linux Kernel Self-Protection Project (S32a) Gustavo A. R. Silva, Linux Kernel Engineer, Linux Foundation’s Core Infrastructure Initiative, Mexico
14:00 Reproducible Builds on NetBSD (S32b) Christos Zoulas, Secretary NetBSD, United States
14:30 Security in the Zephyr Project (S32c) David Brown, Senior SW Engineer, Linaro, United States
Rideau Canal Atrium
Ottawa Salon 210
Can Certification Keep Up With the Pace of Modern Development? (P33) Product development is moving at an increasingly rapid pace, whereas certification schemes acquire more and more requirements to test against. Panelists will discuss the challenges of accelerating development cycle times, changing rules, evolving technologies, and the demands of virtualization. Moderator: Steve Weingart, Aruba, a Hewlett Packard Enterprise company, United States, Panelists: Mary Baish, Acting Director, NIAP, United States; Tony Busciglio, Co-Founder & Laboratory Director, Acumen Security, United States; Michael Cooper, IT Specialist, NIST, United States; Shawn Geddis, Security & Certifications Engineer, United States; Brian Wood, Device Security Certification Manager, Samsung Research America, United States