Steve Weingart to Speak at the Non-Invasive Attack Testing Workshop in Nara, Japan
2011-09-26, Austin, TX–atsec’s principal consultant Steve Weingart will be a panelist at the Non-Invasive Attack Testing Workshop (September 25th–27th, 2011) in Nara, Japan l. Weingart was asked to join the panel as a laboratory representative discussing the practicality of non-invasive testing and how it fits into the conformance testing and business requirements of the laboratories. He will give a short introduction of the subject matter before joining the panel discussion.
The workshop aims to encourage the development of test methodology, metrics, and tools for evaluating the effectiveness of mitigations against non-invasive attacks, such as power analysis and electromagnetic analysis, on cryptographic modules. The workshop has been organized by NIST (National Institute of Standards and Technology) and AIST (Institute of Advanced Industrial Science and Technology).
Steve Weingart, BSEE, CISA, Texas PI; has worked in security and cryptography for over 25 years since he joined IBM’s Thomas J. Watson Research Center in the 1980’s. He was on the panel that was convened by NIST to write FIPS 140-1 and was the lead hardware and physical security engineer for IBM’s 4758, the first device validated at FIPS 140-1 security level 4. Steve has since worked as a developer, tester, and consultant on dozens of FIPS 140, security, and cryptography related projects. He currently is a Principal Consultant at atsec where he performs standards testing, training, and consulting for FIPS 140-2 and other security standards.
Weingart is a recognized expert in the field of hardware security and has published several leading papers on the subject including:
“Building the IBM 4758 Secure Coprocessor” http://www.research.ibm.com/people/s/sailer/publications/2001/ibm4758.pdf and “Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses”
atsec provides a wide range of consultation, testing and evaluation services in the field of IT security for hardware including cryptographic modules and embedded systems. http://www.atsec.com/us/fips-140-2-testing.html
About atsec information security
atsec information security is an independent, standards-based information technology security services company with offices in the U.S., Germany, Sweden, and China. atsec’s services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology, as well as information security consultancy.
atsec offers evaluation and testing services leading to formal certification of information security technology, including evaluations under Common Criteria schemes in the U.S., Germany, and Sweden. In addition, the atsec US organization operates a Cryptographic and Security Testing Laboratory accredited under the Cryptographic Module Validation and the Cryptographic Algorithm Validation Programs of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada for validating cryptographic modules under the FIPS 140-2 standard.
atsec is also an experienced Payment Card Industry (PCI) Security Standards Council Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and Payment Application Qualified Security Assessor (PA-QSA) and accredited as a third-party auditor for the North American Security Products Organization (NASPO).
We work with leading global companies such as Apple, IBM, Hewlett-Packard, Honeywell, Quantum Corporation, Red Hat, NationZ, Huawei, and ZTE Corporation.
Andreas Fabis, firstname.lastname@example.org
atsec information security