Sven Dietrich
E-mail: spock (at) panther (dot) adelphi (dot) edu
Quick links: Biography, Research, Publications.
Biography
I am an Assistant Professor in the Computer Science department at Stevens Institute of Technology, where I joined in August 2007. Prior
to this, I was a Senior Member of the Technical Staff at CERT Research
, which is part of the Software
Engineering
Institute at Carnegie Mellon
University, and where I held an appointment at the Carnegie Mellon CyLab and was part of the Carnegie Mellon University Information
Networking Institute (INI) faculty. Previously
I was a Senior Security Architect at the NASA Goddard Space Flight Center.
I can still be sporadically found in the Department
of Mathematics and Computer Science at Adelphi University. I
maintain a small
page on DDoS, and as the Associate Editor for IEEE
Cipher I contribute to the Calls
for Papers
list.
Education
- 1989, B.S. in Computer Science and Mathematics, Adelphi
University.
- 1991, M.S. in Mathematics, Adelphi University.
- 1997, Doctor of Arts in Mathematics (with some
significant
work in Computer Science), Adelphi University.
My dissertation title was A
Formal Analysis of the Secure
Sockets Layer Protocol. My advisor was Dr. Stephen Bloch. My
mentor was Dr. Rob Bradley.
See
exactly where
I fit in the big picture,
in the Mathematics
Genealogy Project. My direct ancestry is as follows:
- Stephen Bloch, Ph.D. University of California, San Diego 1992
- Samuel R. Buss, Ph.D. Princeton University 1985
- Simon Kochen, Ph.D. Princeton University, 1959
- Alonzo Church, Ph.D. Princeton University, 1927
- Oswald Veblen, Ph.D. University of Chicago, 1903
- E. H. Moore, Ph.D. Yale University, 1885
- H. A. Newton, B.S. Yale University, 1850
- Michel Chasles, Ph.D. Ecole Polytechnique, 1814
- Simeon Poisson, Ph.D., Ecole Polytechnique
- Joseph Louis Lagrange, Ph.D., unknown
- Leonhard Euler, Ph.D. Universitaet Basel, 1726
- Johann Bernoulli, Universitaet Basel, 1694
- Jacob Bernoulli, Universitaet Basel, 1684
- Gottfried Wilhelm Leibniz, Universitaet Altdorf, 1666
I am also an academic great-grand-nephew of Alan Turing, since
both Simon Kochen and Alan Turing were under Alonzo Church's
tutelage.
Research
Cryptography, formal methods for the analysis of cryptographic
protocols, computer security, anonymity, privacy, applications of
cryptography to electronic commerce.
Service
Program Chair: Financial Cryptography 2007.
Current program committees:
Financial Cryptography 2009, ACM CCS 2009, SecureComm 2009, DIMVA 2009.
Recent program committees: Workshop on Information Security
Applications (WISA) 2006 and 2007, Financial
Cryptography 2006, DIMVA 2005, 2006, 2007 and 2008, ACM CCS 2007 and 2008.
Recent referee for: Journal of Computer Security, IEEE
Transactions on Dependable and Secure Computing, and IEEE Security &
Privacy Magazine.
Projects
These are some of the research projects I am participating
in, either as a PI, or a Co-PI.
Past projects, some exciting, and some that are, well, you decide:
- Defending
against virus propagation on the Internet. NSF-funded, 2003-2008.
- Levels of
Anonymity and Traceability (LEVANT).
- This project explored
levels of anonymity and traceability
from both technical and policy perspectives.
- Network
Attack Modeling and Simulation.
- This project built a
network attack simulation tool.
- Active Network Defense. January 2002-May 2003.
- This project
investigated response actions to network
threats, including DDoS, worms, and malicious code in general.
- Distributed and survivable detection system for DDoS detection
and analysis for high-speed and high-volume networks.
- Forensic analysis and reverse-engineering of malicious code.
- Security of Internet protocols in space (OMNI project).
- Security architecture for space research and mission networks.
- Public-key infrastructures for very large enterprises.
Publications
- Dave Dittrich and Sven Dietrich. P2P as botnet command and control: a deeper insight, 2008 3rd International Conference on Malicious and Unwanted Software (Malware), October 2008 ("Best Paper" award). Local copy here.
- Dave Dittrich and Sven Dietrich.
New Directions in Peer-to-Peer Malware, IEEE Sarnoff Symposium 2008, April 2008, pp. 1-5. Local copy here.
- Dave Dittrich and Sven Dietrich. Command and control structures
in malware: From Handler/Agent to P2P, USENIX ;login: vol. 32, no. 6, December 2007, pp. 8-17. Local copy is here.
- Sam Stover, Dave Dittrich, John Hernandez, and Sven Dietrich. Analysis of the Storm and
Nugache Trojans: P2P is here, USENIX ;login: vol. 32, no. 6, December 2007, pp. 18-27. Local copy is here and here.
- Sven Dietrich, Rachna Dhamija (Eds.). Financial Cryptography and
Data Security, 11th International Conference, FC 2007, and 1st Workshop
on Usable Security, USEC 2007, XII, 390 pages, Lecture Notes in
Computer Science (LNCS) Vol. 4886, ISBN
978-3-540-77365-8, Springer Verlag, 2007.
- Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher.
Internet Denial of
Service: Attack and Defense Mechanisms, Prentice Hall PTR, ISBN
0-13-147573-8, December 2004.
- Sven Dietrich, John McHugh. Securing Wireless Devices, in
Technical Report CMU/SEI-2003-TR-019 by Felix Bachmann, et al. SEI
Independent Research & Development Projects,
September 2003. Available here.
- Sven Dietrich. Active Network Defense in ;login:,
Special
Focus Issue: Security, December 2002. Available in PDF (86
KB).
- Sven Dietrich. Survivability with a Twist in ;login:,
Special Focus Issue: Security, November 2001. Available in PDF
(170KB).
- Sven Dietrich, Peter Y A Ryan. The survivability of
survivability, Information
Survivability Workshop, 2001, Vancouver, BC.
Workshop deferred to March 2002. Available in PDF.
- Sven Dietrich, Neil Long, and David Dittrich. Analyzing
Distributed Denial of Service Tools: The Shaft Case, in
Proceedings of USENIX
LISA 2000, December 2000. Available in PDF (169KB),
Postscript
(2.2MB) and gzipped
Postscript (449KB), BibTeX.
You can listen to the audio portion of the presentation
(PDF, 111KB) on Dr.
Dobb's technetcast.
- Sven Dietrich. Scalpel, Gauze, and Decompilers: Dissecting
Denial of Service (DDoS), in ;login:,
Theme Issue:
Security, November 2000. Available in PDF
(216KB).
- Sven Dietrich, Neil Long, and David Dittrich. Eine Analyse
des Shaft Distributed Denial of Service Tools, in
Information Security Bulletin (German Edition), Vol 2 Issue 3, Chi Publishing,
July/August 2000.
- Sven Dietrich, Neil Long, and David Dittrich. An Analysis
of the Shaft Distributed Denial of Service Tool, in
Information Security Bulletin, Vol 5 Issue 4, Chi Publishing,
May 2000. Available in PDF.
- David Dittrich, George Weaver, Sven Dietrich, and Neil Long.
The "mstream" distributed denial of service attack tool, May 2000.
- Sven Dietrich, Neil Long, and David Dittrich.
Analysis of the ``Shaft'' distributed denial of service
tool. March 2000.
- The CERT
Distributed Intruder Tools Workshop Results, December 1999. Also in
PDF
format
- Sven Dietrich. Brute Force and Crack - Adelphi University: A
Case Study. Math/CS TR 1996-005,
October 1996. Abstract
available.
- Sven Dietrich, Linda Talisman. A Formal Analysis of the
Secure Sockets Layer Protocol.
Math/CS TR 1996-002, May 1996.
Talks and colloquia
- Invited Speaker, Joint CMU-J / JPCERT/CC Workshop, DDoS: practical and research challenges, Tokyo, Japan (26 October 2005).
- Panelist, Financial Cryptography and Data
Security 2005, DDoS Economics, Panel on the Economics of Information Security,
with Paul Syverson, Bezalel Gavish, Richard Clayton. Allan Friedman, moderator. Roseau,
Dominica (3 March 2005).
- Invited Speaker, Workshop on
Security of Information Technologies, Large-scale attacks: DDoS
and Worms, Algiers, Algeria (10 December 2003).
- Invited Speaker, AMS Spring 2003 Eastern Sectional Meeting, Special Session on
the History of Mathematics, Shifts in time: cryptography and
randomness, Courant Institute, New York, NY (12 April 2003). An
abstract is available. Also the official AMS
abstract, or here as a local
copy.
- Panelist, SANS DDoS
symposium with David Dittrich, Jelena Mirkovic, and Lance
Spitzner. Gene Kim, panel moderator. Washington, DC (21 October
2002).
- Panelist, HAL 2001 DDoS panel with Dave Dittrich, Dug Song, Scott McIntyre,
and Mixter. John Gilmore, panel chair. Enschede, Netherlands (12
August 2001).
- Invited Speaker, Hackers At Large (HAL2001), DDoS: analysis, detection &
mitigation techniques, Enschede, Netherlands (11 August
2001).
- 14th USENIX LISA, Analyzing Distributed Denial of Service
Tools: The Shaft Case, New Orleans, LA (8 December
2000).
- 9th USENIX Security Symposium, Dietrich's Discourse on
Shaft (DDoS), Denver, CO (17 August 2000).
- Invited Speaker, NASA Jet Propulsion Laboratory, Digital Signal Processing
Research
Group, Distributed Denial of Service Attacks: A New Problem
for Networks,
Pasadena, CA (18 May 2000).
- 21st IEEE Symposium on Security and Privacy, The History
and Future of Distributed System Attack Methods, Berkeley,
CA (16 May 2000).
- Invited Speaker, NASA Goddard Space Flight Center
Webmasters' Meeting, Distributed Denial of Service Attacks -
A New Problem for the Web, Greenbelt, MD (21 March
2000).
- Invited Speaker, NASA Jet Propulsion Laboratory, Digital Signal Processing
Research
Group, Playing hide and seek with information: Covert channels
and other steganographic techniques
,
Pasadena, CA (13 May 1999). An abstract
is available.
- NASA Goddard Space Flight Center, SAG Security Talk Series,
Covert Channels and other Information Hiding Techniques,
Greenbelt, MD (16 March 1999). An abstract
is available.
- NASA Goddard Space Flight Center, SAG Security Talk Series,
Current Computer and Network Security Trends, Greenbelt,
MD (16 February 1999), joint presentation with other authors. An
abstract
is available.
- Invited Speaker, Adelphi University, Department of Mathematics and Computer
Science, Applications of elliptic function
theory to computer cryptography, Garden City, NY (15 May 1998).
An abstract is available.
- Invited Speaker, NASA Jet Propulsion Laboratory, Digital Signal Processing
Research Group, Formal Verification of Cryptographic Protocols,
Pasadena, CA (7 May 1998). An abstract is available.
- Invited Speaker, Naval Research Laboratory, Center for High Assurance
Computer Systems, A Formal Analysis of the
Secure Sockets Layer Protocol, Washington, DC (22 October 1997).
An abstract
is available.
- NASA Goddard Space Flight Center Webmasters' Meeting, Web Security: How to better protect
your Web server, Greenbelt, MD (14 October 1997).
- DIMACS/DREI Workshop on Cryptography and Network Security, An Analysis of the SSL 3.0
Protocol, New Brunswick, NJ (15 August 1997).
Tutorials
- Sven Dietrich, David Dittrich, DDoS for fun and profit.
- Sven Dietrich, John McHugh, Distributed Denial of Service:
Background, Diagnosis, and Mitigation.
- Sven Dietrich, John McHugh, Denial of Service Attacks:
Background, Diagnosis and Mitigation.
- Half-day
tutorial, ACSAC
2001, New Orleans, LA,
December 2001.
- Full-day
tutorial, ACSAC 2002, Las
Vegas, NV, December 2002.
- Full-day tutorial, at MITRE,
in the continued
education program, McLean, VA, June 2003.
Teaching
I taught a Cryptology course in the Computational
Mathematics Program at Duquesne University in the Spring 2007
semester.
I gave guest lectures on computer security during my stay at
Carnegie Mellon University (list is out of date):
- DDoS: An Introduction, 9 February 2005, for Adrian Perrig's
18-731 Network Security class.
- DDoS: A Tutorial, 26 July 2004, for the Information
Assurance
Capacity Building Program.
- Introduction to DDoS Concepts, 11 February 2004, for
Adrian
Perrig's 18-731 Network Security class.
- DDoS: Basics, analysis, and potential countermeasures, 6
November 2003, for Adrian Perrig's class.
- DDoS: Basics, analysis, and potential countermeasures,
16 October 2003, for the 95-752 Security
Management course (taught by Tim Shimeall).
- DDoS: fundamentals and reactions, 8 October 2003, for
the 95-750 Security
Architecture
and Analysis course (taught by Nancy Mead, Tom Longstaff, and Rick
Linger).
- DDoS: techniques for mitigation, 18 September 2003, for
the 15-829/18-839
Special Topics in Networking Security & Software Security
class (taught by Dawn
Xiaodong Song).
- The effects of DDoS, 16 September 2003, for the 15829/18839
Special Topics in Networking Security & Software Security
class (taught by Dawn
Xiaodong Song).
- Distributed Denial of Service: A Tutorial, 16 July
2003, for the Summer
Information Assurance Capacity Building Program.
- Perspectives on mitigation of DDoS, February 10, 2003,
19-601: Information
Warfare (taught by Benoît Morel).
- DDoS and its impacts, February 5, 2003, 19-601:
Information
Warfare (taught by Benoît Morel).
- Distributed Denial of Service, July 2002, for the Summer
Capacity Building Program.
- Network denial-of-service attacks and defenses, March
13, 2002, 18-440: Internet Security (taught by Mike Reiter).
At Adelphi University, I taught several classes from 1991
to 1997, last in
the summer session of 1997. The classes included MTH 110 Precalculus,
CSC 271/272 Software I/II (Intermediate Unix/Principles of Programming
Languages) and MTH 101 Introduction to Mathematical Ideas.
Cryptography and computer security links
Books on cryptography
- Albrecht
Beutelspacher. Cryptology
(MAA,
1994)
- Johannes A. Buchmann. Intrroduction
to Cryptography (Springer
Verlag, 2001). 2nd ed. 2004.
- Richard Crandall, Carl B. Pomerance. Prime
Numbers: A Computational Perspective (Springer Verlag, 2001). 2nd ed.
2005.
- Dorothy
Denning. _Cryptography and Data Security_ (Addison-Wesley,
1982)
- Oded Goldreich. Foundations
of Cryptography: Basic Tools (Cambridge
University Press,
2001), and Foundations
of Cryptography: Basic Applications (Cambridge University Press,
2004). See the full overview of the book.
A third volume was originally planned, but currently abandoned (as of
August 2005).
- Neal Koblitz. A
Course in Number Theory and Cryptography 2nd ed. (Springer
Verlag, 1994).
- Neal Koblitz. Algebraic
Aspects of Cryptography (Springer
Verlag, 1998).
See also the Lecture
Notes in Computer Science Cryptography and Security List.
- Michael Luby. Pseudorandomness and Cryptographic Applications
(Princeton Lecture Notes, 1996)
- Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. Handbook
of Applied Cryptography (CRC Press,
1996). Several chapters are available online.
- P Y A Ryan, Steve Schneider, Michael Goldsmith, Gavin Lowe,
Bill Roscoe. Modelling
and Analysis of Security Protocols. (Addison-Wesley,
2001)
- Bruce Schneier. Applied
Cryptography 2nd ed. (Wiley,
1996)
- Doug Stinson. Cryptography
Theory and Practice (CRC Press,
1995). The book
has been shortened in the second
edition (2002). The third
edition is complete (not shortened like the second).
- Henk van Tilborg. Fundamentals
of Cryptology (Springer Verlag,
2000)
- Serge Vaudenay, A Classical Introduction to
Cryptography, Applications for Communications Security, (Springer Verlag, 2006).
- Colin Williams, Scott Clearwater. Explorations
in Quantum Computing (TELOS
Publications,
1997) (contains a chapter on quantum cryptography). See Ultimate
Zero and One by the same authors for a book on
quantum computing and its impact on quantum cryptography.
Crypto policy and history books
- Lance J. Hoffman, Editor, Building
in Big Brother (Springer
Verlag, 1995)
- Whitfield Diffie, Susan Landau, Privacy
on the Line,(MIT Press, 1998)
- Stephen Levy. Crypto
(Viking, 2001)
- Simon Singh, The Code Book: The
Secret History of Codes and Code Breaking (Anchor Books, 1999)
Anonymity and Security
Check out the DIMACS Center at
Rutgers University and their Special
Year on Networks. For more starting points on cryptography, see Ron
Rivest's links and the International
Cryptography page. For more information on anonymity, check out
Raph
Levien's Remailer List (now defunct). For news on the topic of
cryptography, see the
NewsNow
Crypto NewsLink.
Affiliations
Associate Editor for Cipher, the
newsletter for the
IEEE Computer Society's Technical Committee on
Security and Privacy.
Former President of the New York Xi chapter
of Pi
Mu Epsilon, the National Mathematics Honor Society.
Currently President-at-Large.
Member of the International
Association
for Cryptologic Research,the Association
for Computing, the American
Mathematical Society, the Mathematical
Association of America, and the Society
for Industrial and Applied Mathematics.
Also the "vice-advisor-at-large" to the Computer
Club at Adelphi University.
Alumnus of the International
School
of Geneva. Check out the Alumni
of Ecolint and the International
Baccalaureate
Organisation.
Miscellaneous
Check out the artwork of my friend Silvia. (high
bandwidth)
Something puzzling, something intriguing: The Edgar Allen Poe
Cryptographic Challenge. This was solved.
Something to jog your mind: IBM's Ponder This.
Some news about New York City:
Some international news feeds:
Last modified: January 2009
Sven Dietrich / spock (at) abraxas (dot) adelphi (dot) edu
My PGP public key.