Is it too late to talk about the International Cryptographic Modules Conference (ICMC)? Well, it really depends on how you look at it. If you were looking for a timely recap of the conference, then yes, I guess it is. But if you missed any of the details, this might be your last chance to catch up. And planning has just begun for next year’s conference, so here’s a chance to get early details of what might be coming up in the future!
ICMC was held September 24 – 26th this year in Gaithersburg, MD. The first day contained pre-conference workshop sessions that offered introductions to FIPS 140-2, side-channel analysis and testing, and discussions about cryptography in a mobile world. The second and third day offered two tracks: the certification program track and the technical track. I’m just going to discuss the conference as a whole and where I believe and hope it is going. If you would like to know more about the presentations, there are already several fantastic recounts of the each workshop and the extremely qualified presenters. Information can also be found on the conference website.
Unsure of what to expect for a first-time conference, especially one that sounded so technical, I was pleasantly surprised to see the number of representatives from both government (including NIST and CSEC) and private industry (including Blue Coat, McAfee, Symantec, and Cisco). Attendees hailed from across the globe, including the U.S., Canada, the U.K., France, Japan, and Korea.
The Certification Programs Track, focused on FIPS 140-2 and CMVP validation program requirements and related topics. The technical track dug more into the nitty-gritty of cryptography, including fault injection and key management. Presentations ranged from extremely technical, such as the discussions on entropy or Test Vector Leakage Assessments, to the non-technical, “Everything You Wanted To Know About Labs, But Where Afraid To Ask” panel session. Each track was equally attended and offered energetic discussion. There really were some great presentations. We even received an update on FIPS 140-3. More on that in a later blog post.
A great deal of the credit for such a positive conference experience goes to the host. Atsec Information Security, and Program Chair Fiona Pattinson in particular, did a fantastic job with hosting this conference. Fiona and her team set the informal tone early and kept it relaxed yet on schedule, throughout. It ran smoothly and was intimate, informative, and enjoyable. It was three days of getting together with some of the best minds in cryptography to discuss (and at times disagree about) the subject attendees are passionate about. You know you’ve attended a good conference when you leave thinking about next year.
As I mentioned, planning for ICMC 2014 is already taking place. Early in October, a survey was sent to the more than 120 registrants from ICMC 2013. Questions soliciting feedback on the sessions and conference location were asked to determine what worked and what could be improved upon for next year. The results were collected and Fiona and a group of 12 others (including myself) have begun a series of conference calls to discuss the who, when, and where of next year’s conference. The committee meets via these calls every two weeks and will continue to do so leading up to the event. The first meeting was held last Friday to discuss the survey results, selecting a location for next year’s conference, dates, and schedule. Although there has been only one meeting, if that one meeting is any indication, ICMC 2014 will be an even bigger success than the inaugural conference.
To find out more about FIPS 140-2, follow Corsec on Twitter, LinkedIn, or subscribe to our blog