May 8-11, 2018 | Shaw Centre | Ottawa, Ontario, Canada

Conference Program by Track

Pre-Conference Workshops

Day 1
08 May 2018

Intro to FIPS 140 (W00b)

Workshop presenters will share insight from the hundreds of validations they have helped complete over many years, shedding light on planning and execution strategies for future-proofed compliance. Whether you are...
Read More
Ray Potter

Introduction to Blockchain (W00c)

The recent rise in the price of bitcoin created renewed interest in the underlying technology that drives bitcoin called blockchain. Although there is a lot of interest and potential in...
Read More
Arthur Nicewick

Decrypting Crypto: An Introduction to Cryptography (W00a)

Cryptography is an interesting subject and a very important one when you are talking about security. But it is also a complicated topic and with all of the different rules,...
Read More
Jon Green

Introduction to Common Criteria (W01c)

This workshop will bring you up to speed on the history, terminology, specification, development, evaluation, certification, and evolution of Common Criteria, the most widely accepted standard for the mutual recognition...
Read More
Lachlan Turner

FIPS 140-2 Validation Process: Overview and Case Study (W01b)

An in-depth look at the real-world process of validation with input from professionals who have hands-on experience at each step. Includes a case study of an actual validated CM product.
Brad Proffitt
Ian Hall
Tammy Green

The Post Quantum Crypto World and the Need for Crypto Agility (W01a)

The security of all computer systems relies on and is built upon cryptographic primitives: block ciphers, hash function, digital signatures, key agreement protocols and more. If these core components of...
Read More
Tomislav Nad
Vladimir Soukharev

Plenary Sessions

Day 1
09 May 2018

Plenary Keynote Address: Digital Disruption and the Implications for Cybersecurity and Cryptography (P10a)

Digital Disruption is not a new subject but the speed of its adoption is increasing dramatically. In order to develop more efficient ways of interacting with customers and producing new...
Read More
Jason Hart

Plenary Keynote Address: What’s Next for Cryptography? How CSE Balances Privacy and Innovation in the Public and Private Sectors (P10b)

Maintaining one’s privacy in today’s interconnected digital world is becoming more challenging with each new technological advance. But how can organizations continue to be innovative, while also integrating adequate privacy...
Read More
Scott Jones
Day 2
10 May 2018

Cryptographic Module Game Program (P24)

Come watch three experienced contestants test their FIPS knowledge in a game of trivia related to algorithms, derived testing requirements, entropy, implementation guidance and more. A few members from the...
Read More
Nick Goble
Day 3
11 May 2018

CMUF Monthly Meeting (P31d)

The open monthly meeting of the Cryptographic Module User Forum. All are invited.
Steve Weingart

Summary Panel Discussion: Can Certification Keep Up With the Pace of Modern Development? (P33)

Product development is moving at an increasingly rapid pace, whereas certification schemes acquire more and more requirements to test against. Panelists will discuss the challenges of accelerating development cycle times,...
Read More
Brian Wood
Mary Baish
Anthony Busciglio
Michael Cooper
Shawn Geddis
Steve Weingart

Certification Programs Track

(C) Issues related to the CMVP, government programs and global certification
Day 1
09 May 2018

CMVP Programmatic Update (C11b)

This presentation will provide a quick snapshot of the CMVP – what’s been happening in the last year, where we are now, and what the plans and challenges are, moving...
Read More
Beverly Trapnell
Carolyn French

NIAP Update (C11c)

An update on the National Information Assurance Partnership (NIAP)
Dianne Hale

Update on the Automated Cryptographic Validation Program (ACVP) (C12a)

The Cryptographic Module Validation Program (CMVP) was established on July 17, 1995 by the National Institute of Standards and Technology (NIST) to validate cryptographic modules conforming to the Federal Information...
Read More
Harold Booth
Tim Anderson
Robert Relyea
Barry Fussell
Shawn Geddis
Apostol Vassilev

Mandating CMVP for NIAP Evaluations Panel Presentation (C13a)

Description to come….
Michael Cooper
Dianne Hale
Matt Keller
Edward Morris
Nithya Rachamadugu
Terrie Diaz

FIPS 140-3 Update (C13c)

Description to come.
Michael Cooper
Day 2
10 May 2018

NIST and NIAP Working Together (C20a)

Increasing alignment between CAVP, CMVP, and NIAP Common Criteria evaluations has improved consistency and eliminated redundant testing. This presentation will explain the alignment, show progress reached, and outline plans for...
Read More
Mary Baish
Michael Cooper

“Revalidation in response to CVE” working group (C20b)

The “Revalidation in response to CVE” working group was created in 2015 and co-animated by the CMVP, labs and vendors. The mission of this working group was to allow vendors...
Read More
Ryan Thomas
Fabien Deboyser
Carolyn French

Touch the Cloud: Closing the FIPS Validation Gap (C20c)

There is a big gap between the user’s expectation for a FIPS validated product and the FIPS 140-2 requirements for a successful validation. The user’s expectation is that their data...
Read More
Yi Mao

Comments on NIST Standards for Random Number Testing (C21a)

Random numbers are essential for cryptographic applications. In FIPS 140-2, entropy assessment is a critical part of cryptographic key management. NIST SP800-22 and current draft NIST SP 800-90B are strongly...
Read More
Yuan Ma

Structured Entropy Assessment and Practical Evaluation Considerations (C21b)

NIST SP 800-90B offers a wealth of information on assessing entropy. However, as an evaluator, the standard remains silent on practical aspects of analysis that are otherwise significant to Common...
Read More
Greg McLearn

Automation of CAVS Testing: Bringing CAVP and Vendor Together (C21c)

The automation of CAVS Testing with the ACVP framework was introduced more than a year ago by the CAVP supported by NIST. Test definitions and a supporting library were developed...
Read More
Stephan Mueller

State of CAVP (C22a)

Description to come.
Harold Booth

Panel Discussion: ACVP—How It Will Change the Way You Work (C22b)

The Cryptographic Algorithm Validation Program program is beginning to roll out a complete set of CAVP algorithm testing capabilities with automated algorithm testing based on the ACVP protocol. Plans are...
Read More
Harold Booth
Shawn Geddis
Stephan Mueller
Dayanandini Pathmanathan
Alicia Squires

ACVP Client Integration for FIPS Algorithm Testing and Runtime Crypto Assessment (C23a)

As we move into a new dynamic of Automated Crypto Validations we must all consider how we will incorporate the ACV Protocol for FIPS algorithm testing. The Algorithm Test WG...
Read More
Ellie Daw
Barry Fussell

Realigning (Not Re-inventing!) the Wheel: Applying a Composition Model to FIPS 140-2 Validation (C23b)

Several assurance schemes employ a composition model – combining validated elements into a larger whole – to assurance and validation processes to reduce repetitive work and streamline processes. Current FIPS...
Read More
Steve Weymann

In FIPS 140-2 Validations, Why So Much Redundant Data Redundancy in FIPS 140-2 Validations? (C23c)

When working on FIPS 140-2 validations, labs and the CMVP have to handle a lot of information, in many different places. It is not always trivial to ensure that this...
Read More
Quentin Gouchet
Day 3
11 May 2018

A Look Back to a Decade of Security Certification, and a Look Forward the New Landscape in Europe (C30a)

This talk will summarize the past experience in more than ten years of application of the IT security evaluation and certification scheme in Spain, and will provide some forward looking...
Read More
Miguel Bañón

Building Certification Bodies (C30b)

Predictable, efficient, effective evaluations are the result of an interplay between developers, evaluators and certifiers. Over the years there has been much said about how developers and evaluators should improve...
Read More
Wouter Slegers

O-TTPS Certification as a Companion to CMVP and Common Criteria (C30c)

CMVP does not include evaluation of the delivery of the end product to the final customer. Common Criteria evaluations are moving away from Evaluation Assurance Levels (EALs) that include evaluation...
Read More
Teresa MacArthur

CAVP/CMVP Requirements from 800-90B (C31a)

Description to come.
Mary Baish
Michael Cooper
Allen Roginsky

TOO MANY CERTIFICATIONS! (C31b)

Our company’s move to AGILE methodology has caused a significant increase in the number of FIPS-140 re-certifications we do on our various cryptographic modules. This session will outline the magnitude...
Read More
Ken Fuchs

IG Updates: Chasing the Moving Target (C31c)

Recently, the CMVP Implementation Guidance (IG) began to be released every quarter. This is a welcome change which helps to keep track of the latest algorithm standards, transition announcements, the...
Read More
Swapneela Unkule

General Technology Track

(G) Tools and techniques relating to cryptographic modules
Day 1
09 May 2018

Usability, Validation and Abuse (G11b)

You’ve verified your system has implemented cryptography correctly, but can a general user be trusted to configure the system correctly? How much acrobatics did you employ in your security policy? Who...
Read More
Valerie Fenwick

Using FPGAs in the Cloud for Decentralized Trusted Execution (G12a)

In this presentation, we will discuss uses of trusted execution, hurdles to establishing trust in a public cloud, and how FPGAs can help to utilize new technology and innovations that...
Read More
Ahmed Ferozpuri

GlobalPlatform: Cryptography Algorithm Classification and Crypto Agility (G12b)

During its almost 20-year history, industry association, GlobalPlatform has held security at its core. The association develops specifications that enable collaborative and open ecosystems where digital services and devices can...
Read More
Olivier Van Nieuwenhuyze

Deep Inside: The Benefits and Implications of Sub-Chip FIPS Modules (G12c)

In 2015, The CMVP introduced the notion of sub-chip cryptographic subsystems in IG 1.20 Sub-Chip Cryptographic Subsystems. This approached allows vendor to isolate security subsystem designs that may be re-used...
Read More
Renaudt Nunez

Boundaries: Where Do You Draw the Line? (G13a)

Defining the scope of a cryptographic module can have a material effect on the ease, cost and usefulness of a certification. This session presents the issues associated in choosing a...
Read More
Alan Gornall

FIPS 140-2 Validations in a Secure Enclave (G13b)

Secure enclaves are becoming a popular way to separate and protect sensitive code and data from other processes running on a system. A FIPS 140-2 validated cryptographic software module is...
Read More
Chris Conlon

EncryptedQuery: A Practical Solution for PIR (G13c)

Private Information Retrieval (PIR) allows users to request and obtain data without revealing anything about either the request or the data returned. With increasing deployment of storage to the cloud,...
Read More
John Petro
Day 2
10 May 2018

Tamper Labels Examined (G20a)

Tamper Evidence Labels, or TELs, are an essential part of Security Level 2 for FIPS 140-2. TELSs are often used to meet the tamper evidence requirement. However, many developers think...
Read More
Steve Weingart

GPU-accelerated High-performance Hardware Security Module (G20b)

Driven by gaming and AI industries, Graphics Processing Unit (GPU) is developing rapidly in recent years and also well-known for its mighty general-purpose computing capability. Many researchers adopted such powerful...
Read More
Fangyu Zheng

Meeting FIPS 140 Requirements – An RSA Story (G20c)

RSA has built and FIPS 140 validated software crypto modules for our customers for almost two decades. But RSA is also a user of these crypto modules. This session will...
Read More
Steven Schmalz

10 Years of FIPS 140-2 Certifications at Red Hat (G21a)

In 2018, we are celebrating the 10 year anniversary of the FIPS 140-2 certification program at Red Hat. FIPS validation of open source software and making the Linux operating system...
Read More
Tomas Mraz

Panel Discussion: Technology Challenges in CM Validation (G21b)

Hear and share challenges in developing, preparing and validating hardware, software and firmware products for crypto certifications. Panel will discuss specific and common issues their organization face and ways they...
Read More
Tomas Mraz
Fangyu Zheng
Nithya Rachamadugu
Steven Schmalz

Analyzing Block Device Timing Events as a Source of Entropy (G22a)

This presentation offers comparative benchmarking of a variety of modern hard disks and solid state drives used as an entropy source within Linux environment. We analyzed block devices in various...
Read More
Mike Ounsworth
Kirill Sinitski

The Use of /dev/urandom as the Entropy Source in the Real World (G22b)

Entropy sources, being the starting point of randomness, are closely scrutinized via their design documents, quality justifications, and health-checks as specified in government certificates. This talk will focus on /dev/urandom...
Read More
Rumman Mahmud
Richard Wang

Industry Vertical/Embedded Crypto Track

(E) Embedded encryption in specific industry verticals
Day 1
09 May 2018

Industry Vertical/Embedded Crypto Track Keynote: Embedded Encryption and Blockchain Technologies for IoT Security (E11a)

This presentation will address the hardening of IoT networks and devices, covering security configurations, HSMs integration, usage of embedded crypto protocols, and integration of BlockChain technologies within such ecosystems. This...
Read More
Dr. Najwa Aaraj

“FIPS 140-2 Inside” – You’re (probably) Doing it Wrong (E11b)

A product may satisfy FIPS 140-2 requirements by incorporating a validated cryptographic module, a strategy called “FIPS 140-2 Inside.” How do vendors responsibly integrate cryptographic functionality into their product to...
Read More
Mark Minnoch

IoT Security—GAME OF TRUST (E11c)

The Internet of Things will connect many things in our daily-life and in many different ways. In this sense, the consumer must be ready to trust these communicating devices which...
Read More
Isaac Dangana
Roland Atoui

FIPS, IoT Medical Devices and the DoD/VA (E12a)

The importance of data in delivering efficient and effective healthcare has long been obvious. The increased focus on value-based care or patient outcomes is shifting financial incentives to a model...
Read More
Loren Shade

FIPS 140-2 Perspectives on IoT Devices in a Blockchain Setting (E12b)

IoT devices are quickly becoming an important force in contemporary Internet-based networks. The security of IoT deployments is a developing process and challenges remain. Another emerging technology with security potential...
Read More
William Sandberg-Maitland

Secrets of Crypto Technology Revealed for Enhanced ICS Cybersecurity (E12c)

In today’s connected digital world, cryptographic technologies are gaining rapid and wide-ranging acceptance. Cryptographic algorithms such as block ciphers, digital signature, message authentication, secure hashing and random number generation are...
Read More
Chris Guo

Trusted and Localized Entropy Source for Advanced IoT Security (E13a)

Unpredictable random numbers are essential elements of cryptography. Encryption system is as safe as the quality of random numbers used. CMVP provides a slew of deterministic random number generators that...
Read More
Jongwon “JP” Park

Blockchain Internals Made Simple (E13b)

Blockchain is the foundational technology behind bitcoin and many other crypto-currencies. Art Nicewick is a Machine Learning and AI technologist and has prepared a presentation that animates the Blockchain process...
Read More
Arthur Nicewick

Security Certification Schemes for Smart Cars (E13c)

Smart Cars can be defined as systems providing connected, added-value features in order to enhance car users’ experience or improve car safety & security. Basically the smart car architecture consists...
Read More
Jose Emilio Rico

Post-Quantum Crypto Track

(Q) The quantum computing threat, quantum-ready algorithms, quantum-based entropy and PKI
Day 1
09 May 2018

Quantum Update (Q11b)

Description to come.
Michele Mosca

Chairman’s Report from ETSI TC Cyber Working Group for Quantum Safe Cryptography (Q11c)

This session will provide a brief report on the QSC group at ETSI as well as an update on quantum-safe X.509 certificate extension in ITU-T Study Group 17.
Mark Pecen

NIST Post-Quantum Cryptography Standardization Update (Q12a)

Before the deadline of Nov. 30, 2017, NIST received more than 80 submissions from researchers of 25 countries and 6 continents. After checking “complete and proper”, the first-round submissions are...
Read More
Dustin Moody
Lily Chen

The Libpqcrypto Software Library For Post-Quantum Cryptography (Q12b)

The European PQCRYPTO consortium, working jointly with many other researchers around the world, submitted 22 proposals to NIST’s ongoing post-quantum standardization project. Each submission specifies a family of cryptographic systems,...
Read More
Daniel J. Bernstein

Post-Quantum Isogeny-Based Cryptography Gets Practical (Q12c)

This presentation will describe recent progress on supersingular isogeny-based cryptography and our efforts to make it practical for real-world use. Abstract: Supersingular isogeny Diffie-Hellman (SIDH) has rapidly become one of...
Read More
Patrick Longa

Recent Progress in Hardware Implementations of Post-Quantum Isogeny-Based Cryptography (Q13a)

Isogeny-based cryptography is one of the emerging candidates of quantum-safe algorithms in the quantum era. This scheme is attractive in a sense that it requires smallest key size in comparison...
Read More
Reza Azarderakhsh

Integrating Quantum-Resistant Algorithms into Applications (Q13b)

Quantum computers pose a threat to the cryptography in used today. Thankfully, many quantum-safe alternatives have been proposed to alleviate this problem. None of these new proposals, however, provide a...
Read More
Christian Paquin

Open Quantum Safe (Q13c)

Description to come.
Vlad Gheorghiu
Day 2
10 May 2018

Advances in Quantum Key Distribution: Standardisation, Networking, and Space Applications (Q20a)

Recent progress in quantum computing have brought the threat of the quantum computer to existing public-key cryptosystems to a realistic level. The community is now well aware of the fact...
Read More
Bruno Huttner

A Session Key Service for Post-Quantum Security in Standard Protocols (Q20b)

An operational quantum computer would render insecure the key establishment methods used in most standard communication security protocols. To protect against this eventuality, we develop a model in which a...
Read More
David McGrew

Panel Discussion: QRNG Outlook (Q21b)

This panel will be comprised of experts behind some current QRNG technology products and those responsible for setting global standards for entropy. Panelists will provide a perspective on current projects...
Read More
David Sabourin
Sae Woo Nam
Bertrand Reulet
Khaled Ouafi
Michele Mosca

Common Criteria Track

(R) Issues related to Common Criteria and NIAP-compliant products
Day 1
10 May 2018

Common Criteria Track Keynote (R20a)

Description to come.
Michael Grimm

Is 2018 a Make or Break Year for CC? (R20b)

This presentation will provide a rationale on the supposition that 2018 may be a pivotal year for the Common Criteria and security Certification as a whole. This will take into...
Read More
John Boggie

Making Objectivity Work Harder: Text, Tools and Fuzzing (R20c)

We have been making great efforts to increase objectivity in evaluation requirements and methodology over the past few years. However, we find there are places where subjectivity still has to...
Read More
Tony Boswell

Identifiying Cryptographic Implementations in Common Criteria (R21a)

Cryptography plays a vital role in providing security for IT products evaluated under Common Criteria. It is important to properly identify what is actually being used by the product, particularly...
Read More
Cory Clark

A Survey of Common Criteria Certification Scheme Cryptographic Algorithm Requirements (R21b)

Common Criteria evaluations require testing of all cryptographic functions claimed in a Security Target but the precise algorithms, key lengths, and amount of testing required may vary from one scheme...
Read More
King Ables

Smart Application of CC: CC can Actually be Efficient, Lean and Useful! (R21c)

What if I told you that you can have a full CC evaluation, without needlessly redoing boring paperwork tracing over and over again, within short and predictable timeframes, and still...
Read More
Wouter Slegers

Completeness in High Assurance Common Criteria Evaluation for eIDAS in Europe (R22b)

Security of electronic identification (eID) and trust services of electronic transactions is defined in the EU eIDAS regulation on the highest attack level. Common Criteria (CC) is used to show...
Read More
Leo Kool

Spanish Catalogue of Qualified Products: A New Way of Using CC for Procurement (R22c)

The acquisition of an IT security product handling national or sensitive information must be preceded by verification process warranting that the security mechanisms implemented in the product are adequate to...
Read More
Javier Tallon
Jose Ruiz Gualda

Flaw Remediation Begins Where Product Certification Finishes (R23a)

Flaw remediation is part of the product lifecycle. It is the one thing that transcends one certification to the next, and begins not later than the moment a product certification...
Read More
Malcolm Levy

Panel Discussion: FIPS and Common Criteria–How They Play Together (R23b)

CC validation requirements can differ from CMVP. Should products be designed around CMVP needs or CC? This is a continuation of last year’s popular summary panel discussion session, featuring authoritative...
Read More
Alan Kaye
Joshua Brickman
Erin Connor
Laurie Mack
Steve Weingart

Open-Source Crypto Track

(S) Efforts to audit, improve and certify the security of the leading OS crypto projects.
Day 1
10 May 2018

OS Crypto Track Keynote: Challenges in Implementing Usable Advanced Crypto (S22a)

Experience building libraries for advanced crypto tools such as homomorphic encryption, secure multi-party computation, and similar, and attempting to actually use them to do real work.
Shai Halevi

Avoiding Burning at Sunset – Future Certification Planning in Bouncy Castle (S22b)

The NIST sunsetting policy came into effect at the start of 2017, restricting the life of existing certifications to 5 years. Applications, on the other hand, often have a life...
Read More
David Hook

OpenSSL FIPS Module Validation Project (S23a)

Description to come.
Tim Hudson
Ashit Vora

China and Crypto Open Source Projects (S23b)

This presentation will provide an overview of China’s participation in global open source activities, with a specific focus on crypto development. This presentation will be of particular interest to those...
Read More
Paul Yang

LibreSSL (S23c)

Brent Cook
Day 2
11 May 2018

TLS 1.3 and NSS (S30a)

Description to come.
Robert Relyea

TLS Panel Discussion (S30b)

Brent Cook
Rich Salz
David Hook
Tim Hudson

A Case Study on Certification and Audit of Open Source Security Software (S31a)

EJBCA project started in 2001. Now it its 6th major version, it is used worldwide for variety of use-cases. We share experiences of Common Criteria EAL4+ certification of an open source...
Read More
Tomas Gustavsson

Proving the Correctness of Amazon’s s2n TLS Library (S31b)

The s2n library is Amazon’s open source implementation of the Transport Layer Security (TLS) protocol. It is “designed to be simple, small, fast, and with security as a priority”. These...
Read More
Aaron Tomb

Do You Really Know Where Your Crypto is Executing? (S31c)

Let’s face it, most of us make use of OpenSSL in one form or another. If we don’t use it directly, it’s highly probable that some of the processes which...
Read More
Kelvin Desplanque

The Linux Kernel Self-Protection Project (S32a)

The goal of the Kernel Self-Protection Project is to eliminate classes of bugs and methods of exploitation in the Linux kernel. In this presentation the attendees will learn about the...
Read More
Gustavo A. R. Silva
Day 3
25 Apr 2018

Reproducible Builds on NetBSD (S32b)

Reproducible Builds is a collection of engineering practices that encompasses software development, build, and release processes in order to create a verifiable path from a collection of human readable source...
Read More
Christos Zoulas
Day 4
11 May 2018

Security in the Zephyr Project (S32c)

The Zephyr Project is an open source RTOS. This presentation will cover the basics of the project, and the efforts of the security working group, including the challenges of focusing...
Read More
David Brown

End-User Experience Track

(U) CM products, certifications, and vulnerabilities for organizations that rely on crypto security
Day 1
11 May 2018

The FIPS 140-2 CM overall rating: What’s [not] in it for me? (U30b)

The CMVP standards page “boldly” states that “It is important for vendors and users of cryptographic modules to realize that the overall rating of a cryptographic module is not necessarily...
Read More
Mike Scanlin
Sridhar Balasubramanian

A Quantum of Safety – Rooting Trust in a Quantum World (U31a)

The coming age of Quantum Computers will bring complexities and changes that we don’t understand yet. This session will explain what you need to understand about the potential of quantum...
Read More
Mike Brown

Towards A Crowd-Sourced Cryptographic Knowledge Base (U31b)

Incorrectly deployed cryptography remains a scourge in cyberspace, and we identify recent hacks and breaches related to this problem. We believe that one source of such incorrect deployment stems from...
Read More
Dr. Seth Nielson
Debra Baker

Keys, Hollywood, and History: The truth about ICANN and the DNSSEC Root Key (U31c)

For better or worse, Internet security has gained notoriety recently and with it greater interest in some of the humble functions ICANN performs. Specifically, much has been made by Hollywood...
Read More
Richard Lamb

The Role of Product Platforms in Information Security: Building on the Success of Cryptographic Modules (A31c)

The Cryptographic Module Validation Program has enjoyed considerable success and longevity since it was first launched in 1995. Cryptographic Modules are part of a larger class of lesser-known reusable components...
Read More
Lawrence Dobranski

Update from the “Security Policy” Working Group (U32a)

Getting the band back together again! The objective of this presentation is to provide an update on the working group and to outline the group’s efforts.  The session will also...
Read More
Ryan Thomas

We Feel Your Pain! Getting Ready for Certification (U32b)

The CC certification process can be a long, painful process even for experienced vendors and labs. A key factor in reducing that pain is understanding what needs to be done...
Read More
Brad Proffitt
Alan Kaye

Planning Ahead: Certificate Maintenance (U32c)

Not all FIPS re-validations are the same. Going through a re-validation to maintain a FIPS certificate due to module changes, such as bug fixes, software updates, hardware changes or even...
Read More
Abdullah Abubshait

Advanced Technology Track

(A) High-level technology issues, or special-focus subject matter

Track Sponsor

Day 1
11 May 2018

Permutation-based Cryptography (A30b)

Cryptographic permutations are a relatively new kind of primitive for devising symmetric cryptography functions, like authentication, (authenticated) encryption and hashing. Their maturity level is acknowledged by the community, with, e.g.,...
Read More
Guido Bertoni
Joan Daemen

Sizing Up the Threshold: Challenges and Opportunities in the Standardization of Threshold Schemes for Cryptographic Primitives (A30c)

Threshold schemes can be used to promote secure implementations of cryptographic primitives, even when a number (lower than a certain threshold) of components in a device or of parties in...
Read More
Apostol Vassilev

Panel Discussion: The Future of HSMs and New Technology for Hardware Based Security Solutions (A31a)

From securing satellite communications to underpinning our global financial systems, Hardware Security Modules (HSMs) form the backbone of many of the world’s encryption and security systems. These critical elements of...
Read More
Robert Burns
Todd Moore
Tony Cox
Tim Hudson

The Role of Product Platforms in Information Security: Building on the Success of Cryptographic Modules (A31c)

The Cryptographic Module Validation Program has enjoyed considerable success and longevity since it was first launched in 1995. Cryptographic Modules are part of a larger class of lesser-known reusable components...
Read More
Lawrence Dobranski

Efficient Side-Channel Testing Using TVLA (A32a)

Power, electromagnetic, timing and other side-channels are powerful attack vectors for cryptographic devices. Protecting against these attacks is an important design consideration whose results must be validated. Countermeasures may be...
Read More
Gary Kenworthy

Breaking Symmetric White-box Algorithms using CPA and DFA (A32b)

White-box Cryptography tries to implement secure cryptographic algorithms so that an omnipotent attacker cannot find the correct key even with complete control over a system, e.g. when running a cryptographic...
Read More
Gabriel Goller

Campfire Stories: Test to Break or Test to Verify? (A32c)

Cost-sensitive markets like automotive and IoT increasingly rely on cryptographic security mechanisms to protect IP, privacy and safety. As security test lab we long had the mantra of testing to...
Read More
Erwin in ‘t Veld
Bart Jan Koning

Industry Perspectives Track

(Y) Issues related to policy, economics, and ethics affecting encryption-based security
Day 1
11 May 2018

Reducing Conflict of Interest in Third Party Security Testing Validations/Certifications (Y32a)

There is a problem with the security product testing paradigm. Currently, most formal IT security product validations/certifications are financed by the product vendor and not a sponsor. The economics of...
Read More
Carol Cantlon

Brexit, and What it Means for Product Evaluations in the UK and Europe (Y32b)

The political landscape has been, and continues to be so, changing following the decision by the UK to leave the European Union (known as Brexit). What is the impact on...
Read More
Simon Milford

The EU Cybersecurity Act: Is this the First Tangible Evidence of the Balkanization of Common Criteria? (Y32c)

In September of 2017 the European Commission (EC) published a proposal for a Regulation on Cybersecurity (the Cybersecurity Act). A portion of the act empowers the European Commission to create...
Read More
Elaine Newton
Joshua Brickman