The Tenth International Cryptographic Module Conference

The 10th International Cryptographic Module Conference (ICMC) was held from September 14th to 16th 2022, at the Westin Arlington Gateway in the Washington, D.C. area. Yi Mao, Managing Director for atsec information security, wrote the welcome letter in this year's program:

Dear ICMC 2022 Participants,

A very warm welcome to the tentth annual ICMC! In September 2013, atsec initiated the first ICMC in a frugal Holiday Inn in Gaithersburg, Maryland, only 1.4 miles away from the NIST campus, to maximize their attendance. We had a total of 163 participants at the first ICMC. This tenth conference is recovering to the pre-COVID level, with close to 400 participants.

The ICMC has been growing healthier and stronger every year with more sponsors, users, labs, and vendors from all market segments worldwide. The spirit of the conference hasn’t changed since its inauguration: it is a platform where we improve the communication among all parties involved in designing, implementing, using, testing, and validating crypto modules, and where issues are discussed, and proposals are heard. The ideas sparked at the ICMC foster fruitful results from the various Cryptographic Module User Forum (CMUF) working groups. As we celebrate this historic tenth year of our endeavor, we acknowledge the NIST CMVP/CAVP and the CCCS CMVP as well as many individuals whose significant contributions built the cryptographic module validation community in the past decade. Whether a veteran or a newcomer in this field, everybody is a winner at the ICMC through collaboration!

Nowadays, many of our daily activities have been moved from the physical, tangible world to its digital counterpart in cyberspace. The COVID pandemic pushes us to be even more dependent on the internet. The demand for information security has reached the highest level ever. Modern cryptography, a fascinating interdisciplinary field of mathematics, computer science, and electrical engineering, offers an answer to information security and underpins our online commerce, privacy, and national security.

We witness rapid developments as new algorithms and protocols emerge, replacing their predecessors. The Entropy Source Validation (ESV) program has been set up for full service, replacing ENT labels on the CMVP certificates. The transition to the FIPS 140-3 standard is complete, and FIPS 140-2 reports are no longer accepted. Embracing change seems to be the only unchanging principle to stay relevant into the future.

It’s exciting to see the industry embracing cryptography and our society demanding validated crypto modules. Still, we face the challenge of having a long review pending queue in the validation process. To avoid becoming a victim of our success, we need to find a collaborative solution with a spirit of innovation to automate the CMVP. The ICMC brings together inspired people in this vibrant field to ensure we navigate the cutting edge successfully.

We also commemorated our dear friend and colleague, Dr. Bertrand du Castel with a blog post containing heartfelt memories of his life and genius. Please read the blog article here.

The conference itself started off with the opening ceremony by Sal la Pietra, President and Co-Founder of atsec information security.

Sal gave out commemorative golden coins in recognition of the distinguished contributors to the success of the ICMC and the growth of CMUF. 

The ICMC was three information packed days where we saw familiar faces and made new friends. As a platinum sponsor of the ICMC, atsec had a strong presence with a booth and six well-received talks:

• The Rust Cryptographic Library Ecosystem - Joachim Vandersmissen
• Fitting Token-Based Authentication to FIPS 140-3 - Yi Mao & Volker Urban (IBM)
  
• Out of Bounds - A Look into FIPS 140-3 Boundary Definitions and Requirements - Renaudt Nunez
• 360° View of FIPS 140-3 Certification - Swapneela Unkule
• Protocol-Related Rules Enforcement in FIPS Validations - Stephan Mueller
• Experiences with the Entropy Source Validation - Marcos Portnoi

Our atsec colleagues also moderated several presentation tracks:

• Crypto Technology - Yi Mao
• Random Bit Generators (RBG) - Marcos Portnoi
• Certification Programs - Yi Mao
• Post-Quantum Crypto - Dave Cornwell
  

At the closing ceremony, atsec also presented two dozen silver coins and Bertrand’s book to those who scored high in our "Your contribution is key to winning" game. Winners demonstrated their significant contributions to the ICMC and CMUF through their answers to the game questions and their presence at the ICMC22 closing meeting. We thank you for your participation in the game.

Overall, the tenth annual ICMC was a great success and we are looking forward to the ICMC23 on September 20 through 22 in Ottawa, Canada.