We are delighted to invite you to consider presenting at Tech Days 2023. Below you will find suggested topics that will be relevant and engaging for Tech Days attendees. If you have an idea for a session that is not on this list, please submit an abstract for our team to review. Tech Days will bring together three audiences including enterprise security, IoT security and hardcore security technology professionals.
■ The deadline for submission: November 8, 2022
■ Confirmation of acceptance: November 18, 2022
■ Deadline for your final presentation: January 23, 2023
■ Presentations must not exceed 25 minutes
■ Venue: W Hotel, Barcelona Spain
■ For reasons of transparency and compliance, we will need your stated approval to record the presentation and subsequently posted online.
■ For speakers coming outside of Europe, we will take time zone changes into consideration when assigning sessions times.
Enabling technologies for implementation of PKI products that are usable in multiple use cases. Without proper foundations from, say, random number generators, side-channel-safe implementations of crypto algorithms, or unambiguous coding of ASN.1 structures, we are neither secure nor interoperable.
State of the union for publicly trusted certificates in 2023? What are the new initiatives and requirements about code signing, network security, server certificates from CA/B forum? What are new developments with eIDAS 2.0 and how do you see it will unfold both within EU and internationally?
Hardware Security Modules
What HSM vendors and HSM users think about future developments and state of the art technology of HSM? All major HSM vendors offering cloud-HSM services, many have already included support for quantum-safe cryptography, and multi-party computing based on virtual HSMs. How is going with adoption of PKCS#11V3 and how are other HSM APIs being used? Are the implementations in trusted execution environments proving to be good alternatives to traditional form factors?
Standards and Compliances
We would like to hear your take about FIPS 140-3, eIDAS, NIS2, or Common Criteria, but definitely also about other standards or specifications that affect our area. What technologies are new or updated that affects PKI products or PKI deployments? Some examples we are interested to hear from you – how is going with FIPS 140-3 certified modules? Is the Cyber Resilience Act or EO 14017 affecting the use of PKI and digital signatures? What about standards or specifications that allow transitioning to new quantum-safe algorithms?
PKI in Practice
Use Cases for PKI
In post-event surveys, our attendees always like this topic since it brings together implementors and practitioners. We would like to hear how organizations use PKI, ranging from multiple use cases (email encryption, intranet TLS, Active Directory login, 802.1x, VPNs, etc), to cloud and hybrid deployments (performance and/or scale requirements) or critical infrastructure (“everything” stops working if the PKI is down). Very often it is the practitioners that point at deficiencies in products or standards! What challenges were experienced during integration, implementation or in operations and how were they overcome? We love to hear about automation – safe, repeatable and timesaving!
What are the best practices to deliver PKI to secure IoT/IIoT deployments? How some verticals, for instance transportation sector, think about and adopt IIoT Security? How well we address needs from Operational Technologies? What are the supply chain requirements to deliver robust and secure IoT solutions? Are the standards ready for manufacturers to lean on, such as ISA/IEC 62443, or NIST / ENISA guidelines?
Security for DevOps, Microservices and Emerging Technologies
Are containers what everyone will run? How well you find containers work with PKI? Issuing certificates to containers, code signing containers? What else is needed to provide seamless integration and automation of PKI related services that enable deployments and uses in modern architectures?
What is new and of relevance in protocols used to implement PKI in real-world scenarios? We are in particular interested in use cases that demonstrate automation and can scale well. Are there some updates with quantum-safe algorithms, and what are implications for users?
Code Signing and Supply Chain Security
Some vendors learn about the importance of code signing only when their signing keys are stolen. We would like to hear recommendations and examples on how to do it right with code signing? What are your experiences with code signing? How does GitHub's usage of Sigstore affect developers?
Both in and outside of the EU, document signing has become big business. It's no surprise that seamless document signing saves money for the business and public sectors. We would like to see cool implementations with integrated document management workflows. What about protecting other types of “documents” against forgery? For instance, how can we protect efficiently against “deep fakes”?
Machine Identity Management
How does your organization keep up with Machine Identity Management? While this topic is interwoven in many examples from above, from Use Cases for PKI to Code Signing, we like to hear is there perhaps a shift towards general Identity Management in your organization? How do you cope with new microservices being deployed ever so frequently? Are there some services that require special attention, for instance highly automated and semi-intelligent services, compared to simple IoT sensors? How do you cope with ever increasing number of identities to protect?
Agile Crypto / Agile PKI
The threat of quantum computers brought attention to cryptographic agility, but this is not the only reason there is an elephant in the room – consider migration efforts when a new standard is introduced. Is there an agile crypto that will upgrade us to whatever is state of the art? How about PKI in particular? Is it even realistic to assume we can create an agile PKI unless there is a plethora of new standards both for the client and server side?
Quantum Safe Cryptography
Updates from the last round of NIST candidates for PQC algorithms. NIST has spoken, and so have the cryptographers. Some very promising PQC algorithms are now not considered viable any longer. What is the state of the art for quantum safe cryptography in 2023 and how we move forward with deployments? Any early experiences with implementations in the field, be it Proof of Concept or even better – are there any enterprise wide deployments?