Sven Dietrich

E-mail: spock (at) panther (dot) adelphi (dot) edu

Quick links: Biography, Research, Publications.

Biography

I am an Assistant Professor in the Computer Science department at Stevens Institute of Technology, where I joined in August 2007. Prior to this, I was a Senior Member of the Technical Staff at CERT Research , which is part of the Software Engineering Institute at Carnegie Mellon University, and where I held an appointment at the Carnegie Mellon CyLab and was part of the Carnegie Mellon University Information Networking Institute (INI) faculty. Previously I was a Senior Security Architect at the NASA Goddard Space Flight Center. I can still be sporadically found in the Department of Mathematics and Computer Science at Adelphi University. I maintain a small page on DDoS, and as the Associate Editor for IEEE Cipher I contribute to the Calls for Papers list.

Education

1989, B.S. in Computer Science and Mathematics, Adelphi University.
1991, M.S. in Mathematics, Adelphi University.
1997, Doctor of Arts in Mathematics (with some significant work in Computer Science), Adelphi University.

My dissertation title was A Formal Analysis of the Secure Sockets Layer Protocol. My advisor was Dr. Stephen Bloch. My mentor was Dr. Rob Bradley. See exactly where I fit in the big picture, in the Mathematics Genealogy Project. My direct ancestry is as follows:

Stephen Bloch, Ph.D. University of California, San Diego 1992
Samuel R. Buss, Ph.D. Princeton University 1985
Simon Kochen, Ph.D. Princeton University, 1959
Alonzo Church, Ph.D. Princeton University, 1927
Oswald Veblen, Ph.D. University of Chicago, 1903
E. H. Moore, Ph.D. Yale University, 1885
H. A. Newton, B.S. Yale University, 1850
Michel Chasles, Ph.D. Ecole Polytechnique, 1814
Simeon Poisson, Ph.D., Ecole Polytechnique
Joseph Louis Lagrange, Ph.D., unknown
Leonhard Euler, Ph.D. Universitaet Basel, 1726
Johann Bernoulli, Universitaet Basel, 1694
Jacob Bernoulli, Universitaet Basel, 1684
Gottfried Wilhelm Leibniz, Universitaet Altdorf, 1666

I am also an academic great-grand-nephew of Alan Turing, since both Simon Kochen and Alan Turing were under Alonzo Church's tutelage.

Research

Cryptography, formal methods for the analysis of cryptographic protocols, computer security, anonymity, privacy, applications of cryptography to electronic commerce.

Service

Program Chair: Financial Cryptography 2007.

Current program committees: Financial Cryptography 2009, ACM CCS 2009, SecureComm 2009, DIMVA 2009.
Recent program committees: Workshop on Information Security Applications (WISA) 2006 and 2007, Financial Cryptography 2006, DIMVA 2005, 2006, 2007 and 2008, ACM CCS 2007 and 2008.

Recent referee for: Journal of Computer Security, IEEE Transactions on Dependable and Secure Computing, and IEEE Security & Privacy Magazine.

Projects

These are some of the research projects I am participating in, either as a PI, or a Co-PI.

Supporting trust decisions. NSF-funded, 2005-2007. This project fights phishing attacks. See the CyLab aanouncement.

Past projects, some exciting, and some that are, well, you decide:

Defending against virus propagation on the Internet. NSF-funded, 2003-2008.
Levels of Anonymity and Traceability (LEVANT).
This project explored levels of anonymity and traceability from both technical and policy perspectives.
Network Attack Modeling and Simulation.
This project built a network attack simulation tool.
Active Network Defense. January 2002-May 2003.
This project investigated response actions to network threats, including DDoS, worms, and malicious code in general.
Distributed and survivable detection system for DDoS detection and analysis for high-speed and high-volume networks.
Forensic analysis and reverse-engineering of malicious code.
Security of Internet protocols in space (OMNI project).
Security architecture for space research and mission networks.
Public-key infrastructures for very large enterprises.

Publications

Dave Dittrich and Sven Dietrich. P2P as botnet command and control: a deeper insight, 2008 3rd International Conference on Malicious and Unwanted Software (Malware), October 2008 ("Best Paper" award). Local copy here.
Dave Dittrich and Sven Dietrich. New Directions in Peer-to-Peer Malware, IEEE Sarnoff Symposium 2008, April 2008, pp. 1-5. Local copy here.
Dave Dittrich and Sven Dietrich. Command and control structures in malware: From Handler/Agent to P2P, USENIX ;login: vol. 32, no. 6, December 2007, pp. 8-17. Local copy is here.
Sam Stover, Dave Dittrich, John Hernandez, and Sven Dietrich. Analysis of the Storm and Nugache Trojans: P2P is here, USENIX ;login: vol. 32, no. 6, December 2007, pp. 18-27. Local copy is here and here.

Sven Dietrich, Rachna Dhamija (Eds.). Financial Cryptography and Data Security, 11th International Conference, FC 2007, and 1st Workshop on Usable Security, USEC 2007, XII, 390 pages, Lecture Notes in Computer Science (LNCS) Vol. 4886, ISBN 978-3-540-77365-8, Springer Verlag, 2007.

Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher. Internet Denial of Service: Attack and Defense Mechanisms, Prentice Hall PTR, ISBN 0-13-147573-8, December 2004.
Sven Dietrich, John McHugh. Securing Wireless Devices, in Technical Report CMU/SEI-2003-TR-019 by Felix Bachmann, et al. SEI Independent Research & Development Projects, September 2003. Available here.
Sven Dietrich. Active Network Defense in ;login:, Special Focus Issue: Security, December 2002. Available in PDF (86 KB).
Sven Dietrich. Survivability with a Twist in ;login:, Special Focus Issue: Security, November 2001. Available in PDF (170KB).
Sven Dietrich, Peter Y A Ryan. The survivability of survivability, Information Survivability Workshop, 2001, Vancouver, BC. Workshop deferred to March 2002. Available in PDF.
Sven Dietrich, Neil Long, and David Dittrich. Analyzing Distributed Denial of Service Tools: The Shaft Case, in Proceedings of USENIX LISA 2000, December 2000. Available in PDF (169KB), Postscript (2.2MB) and gzipped Postscript (449KB), BibTeX. You can listen to the audio portion of the presentation (PDF, 111KB) on Dr. Dobb's technetcast.
Sven Dietrich. Scalpel, Gauze, and Decompilers: Dissecting Denial of Service (DDoS), in ;login:, Theme Issue: Security, November 2000. Available in PDF (216KB).
Sven Dietrich, Neil Long, and David Dittrich. Eine Analyse des Shaft Distributed Denial of Service Tools, in Information Security Bulletin (German Edition), Vol 2 Issue 3, Chi Publishing, July/August 2000.
Sven Dietrich, Neil Long, and David Dittrich. An Analysis of the Shaft Distributed Denial of Service Tool, in Information Security Bulletin, Vol 5 Issue 4, Chi Publishing, May 2000. Available in PDF.
David Dittrich, George Weaver, Sven Dietrich, and Neil Long. The "mstream" distributed denial of service attack tool, May 2000.
Sven Dietrich, Neil Long, and David Dittrich. Analysis of the ``Shaft'' distributed denial of service tool. March 2000.
The CERT Distributed Intruder Tools Workshop Results, December 1999. Also in PDF format
Sven Dietrich. Brute Force and Crack - Adelphi University: A Case Study. Math/CS TR 1996-005, October 1996. Abstract available.
Sven Dietrich, Linda Talisman. A Formal Analysis of the Secure Sockets Layer Protocol. Math/CS TR 1996-002, May 1996.

Talks and colloquia

Invited Speaker, Joint CMU-J / JPCERT/CC Workshop, DDoS: practical and research challenges, Tokyo, Japan (26 October 2005).
Panelist, Financial Cryptography and Data Security 2005, DDoS Economics, Panel on the Economics of Information Security, with Paul Syverson, Bezalel Gavish, Richard Clayton. Allan Friedman, moderator. Roseau, Dominica (3 March 2005).
Invited Speaker, Workshop on Security of Information Technologies, Large-scale attacks: DDoS and Worms, Algiers, Algeria (10 December 2003).
Invited Speaker, AMS Spring 2003 Eastern Sectional Meeting, Special Session on the History of Mathematics, Shifts in time: cryptography and randomness, Courant Institute, New York, NY (12 April 2003). An abstract is available. Also the official AMS abstract, or here as a local copy.
Panelist, SANS DDoS symposium with David Dittrich, Jelena Mirkovic, and Lance Spitzner. Gene Kim, panel moderator. Washington, DC (21 October 2002).
Panelist, HAL 2001 DDoS panel with Dave Dittrich, Dug Song, Scott McIntyre, and Mixter. John Gilmore, panel chair. Enschede, Netherlands (12 August 2001).
Invited Speaker, Hackers At Large (HAL2001), DDoS: analysis, detection & mitigation techniques, Enschede, Netherlands (11 August 2001).
14th USENIX LISA, Analyzing Distributed Denial of Service Tools: The Shaft Case, New Orleans, LA (8 December 2000).
9th USENIX Security Symposium, Dietrich's Discourse on Shaft (DDoS), Denver, CO (17 August 2000).
Invited Speaker, NASA Jet Propulsion Laboratory, Digital Signal Processing Research Group, Distributed Denial of Service Attacks: A New Problem for Networks, Pasadena, CA (18 May 2000).
21st IEEE Symposium on Security and Privacy, The History and Future of Distributed System Attack Methods, Berkeley, CA (16 May 2000).
Invited Speaker, NASA Goddard Space Flight Center Webmasters' Meeting, Distributed Denial of Service Attacks - A New Problem for the Web, Greenbelt, MD (21 March 2000).
Invited Speaker, NASA Jet Propulsion Laboratory, Digital Signal Processing Research Group, Playing hide and seek with information: Covert channels and other steganographic techniques , Pasadena, CA (13 May 1999). An abstract is available.
NASA Goddard Space Flight Center, SAG Security Talk Series, Covert Channels and other Information Hiding Techniques, Greenbelt, MD (16 March 1999). An abstract is available.
NASA Goddard Space Flight Center, SAG Security Talk Series, Current Computer and Network Security Trends, Greenbelt, MD (16 February 1999), joint presentation with other authors. An abstract is available.
Invited Speaker, Adelphi University, Department of Mathematics and Computer Science, Applications of elliptic function theory to computer cryptography, Garden City, NY (15 May 1998). An abstract is available.
Invited Speaker, NASA Jet Propulsion Laboratory, Digital Signal Processing Research Group, Formal Verification of Cryptographic Protocols, Pasadena, CA (7 May 1998). An abstract is available.
Invited Speaker, Naval Research Laboratory, Center for High Assurance Computer Systems, A Formal Analysis of the Secure Sockets Layer Protocol, Washington, DC (22 October 1997). An abstract is available.
NASA Goddard Space Flight Center Webmasters' Meeting, Web Security: How to better protect your Web server, Greenbelt, MD (14 October 1997).
DIMACS/DREI Workshop on Cryptography and Network Security, An Analysis of the SSL 3.0 Protocol, New Brunswick, NJ (15 August 1997).

Tutorials

Sven Dietrich, David Dittrich, DDoS for fun and profit.
- Full-day tutorial, USENIX Security Symposium 2006, Vancouver, BC, July 2006.
- Full-day tutorial, USENIX Security Symposium 2005, Baltimore, MD, August 2005.
Sven Dietrich, John McHugh, Distributed Denial of Service: Background, Diagnosis, and Mitigation.
- Full-day tutorial, ACSAC 2003, Las Vegas, NV, December 2003.
Sven Dietrich, John McHugh, Denial of Service Attacks: Background, Diagnosis and Mitigation.
- Half-day tutorial , ACSAC 2001, New Orleans, LA, December 2001.
- Full-day tutorial, ACSAC 2002, Las Vegas, NV, December 2002.
- Full-day tutorial, at MITRE, in the continued education program, McLean, VA, June 2003.

Teaching

I taught a Cryptology course in the Computational Mathematics Program at Duquesne University in the Spring 2007 semester.

I gave guest lectures on computer security during my stay at Carnegie Mellon University (list is out of date):

DDoS: An Introduction, 9 February 2005, for Adrian Perrig's 18-731 Network Security class.
DDoS: A Tutorial, 26 July 2004, for the Information Assurance Capacity Building Program.
Introduction to DDoS Concepts, 11 February 2004, for Adrian Perrig's 18-731 Network Security class.
DDoS: Basics, analysis, and potential countermeasures, 6 November 2003, for Adrian Perrig's class.
DDoS: Basics, analysis, and potential countermeasures, 16 October 2003, for the 95-752 Security Management course (taught by Tim Shimeall).
DDoS: fundamentals and reactions, 8 October 2003, for the 95-750 Security Architecture and Analysis course (taught by Nancy Mead, Tom Longstaff, and Rick Linger).
DDoS: techniques for mitigation, 18 September 2003, for the 15-829/18-839 Special Topics in Networking Security & Software Security class (taught by Dawn Xiaodong Song).
The effects of DDoS, 16 September 2003, for the 15829/18839 Special Topics in Networking Security & Software Security class (taught by Dawn Xiaodong Song).
Distributed Denial of Service: A Tutorial, 16 July 2003, for the Summer Information Assurance Capacity Building Program.
Perspectives on mitigation of DDoS, February 10, 2003, 19-601: Information Warfare (taught by Benoît Morel).
DDoS and its impacts, February 5, 2003, 19-601: Information Warfare (taught by Benoît Morel).
Distributed Denial of Service, July 2002, for the Summer Capacity Building Program.
Network denial-of-service attacks and defenses, March 13, 2002, 18-440: Internet Security (taught by Mike Reiter).

At Adelphi University, I taught several classes from 1991 to 1997, last in the summer session of 1997. The classes included MTH 110 Precalculus, CSC 271/272 Software I/II (Intermediate Unix/Principles of Programming Languages) and MTH 101 Introduction to Mathematical Ideas.

Cryptography and computer security links

Books on cryptography

Albrecht Beutelspacher. Cryptology (MAA, 1994)
Johannes A. Buchmann. Intrroduction to Cryptography (Springer Verlag, 2001). 2nd ed. 2004.
Richard Crandall, Carl B. Pomerance. Prime Numbers: A Computational Perspective (Springer Verlag, 2001). 2nd ed. 2005.
Dorothy Denning. _Cryptography and Data Security_ (Addison-Wesley, 1982)
Oded Goldreich. Foundations of Cryptography: Basic Tools (Cambridge University Press, 2001), and Foundations of Cryptography: Basic Applications (Cambridge University Press, 2004). See the full overview of the book. A third volume was originally planned, but currently abandoned (as of August 2005).
Neal Koblitz. A Course in Number Theory and Cryptography 2nd ed. (Springer Verlag, 1994).
Neal Koblitz. Algebraic Aspects of Cryptography (Springer Verlag, 1998). See also the Lecture Notes in Computer Science Cryptography and Security List.
Michael Luby. Pseudorandomness and Cryptographic Applications (Princeton Lecture Notes, 1996)
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. Handbook of Applied Cryptography (CRC Press, 1996). Several chapters are available online.
P Y A Ryan, Steve Schneider, Michael Goldsmith, Gavin Lowe, Bill Roscoe. Modelling and Analysis of Security Protocols. (Addison-Wesley, 2001)
Bruce Schneier. Applied Cryptography 2nd ed. (Wiley, 1996)
Doug Stinson. Cryptography Theory and Practice (CRC Press, 1995). The book has been shortened in the second edition (2002). The third edition is complete (not shortened like the second).
Henk van Tilborg. Fundamentals of Cryptology (Springer Verlag, 2000)
Serge Vaudenay, A Classical Introduction to Cryptography, Applications for Communications Security, (Springer Verlag, 2006).
Colin Williams, Scott Clearwater. Explorations in Quantum Computing (TELOS Publications, 1997) (contains a chapter on quantum cryptography). See Ultimate Zero and One by the same authors for a book on quantum computing and its impact on quantum cryptography.

Crypto policy and history books

Lance J. Hoffman, Editor, Building in Big Brother (Springer Verlag, 1995)
Whitfield Diffie, Susan Landau, Privacy on the Line,(MIT Press, 1998)
Stephen Levy. Crypto (Viking, 2001)
Simon Singh, The Code Book: The Secret History of Codes and Code Breaking (Anchor Books, 1999)

Anonymity and Security

In that light, if you care about the privacy of your phone conversations, for historical interest there was the Starium voice encryption hardware.
Phil Zimmerman's zFone for encrypted VoIP.
Encrypted mobile phones can be found at Cryptophone.
For privacy and anonymity resources, see the Anonymizer, FreeNet, Onion Routing, Zero Knowledge Freedom Server, Crowds and the Publius Anonymous Publishing System.

Check out the DIMACS Center at Rutgers University and their Special Year on Networks. For more starting points on cryptography, see Ron Rivest's links and the International Cryptography page. For more information on anonymity, check out Raph Levien's Remailer List (now defunct). For news on the topic of cryptography, see the NewsNow Crypto NewsLink.

Affiliations

Associate Editor for Cipher, the newsletter for the IEEE Computer Society's Technical Committee on Security and Privacy.

Former President of the New York Xi chapter of Pi Mu Epsilon, the National Mathematics Honor Society. Currently President-at-Large.

Member of the International Association for Cryptologic Research,the Association for Computing, the American Mathematical Society, the Mathematical Association of America, and the Society for Industrial and Applied Mathematics.

Also the "vice-advisor-at-large" to the Computer Club at Adelphi University.

Alumnus of the International School of Geneva. Check out the Alumni of Ecolint and the International Baccalaureate Organisation.

Miscellaneous

Check out the artwork of my friend Silvia. (high bandwidth)

Something puzzling, something intriguing: The Edgar Allen Poe Cryptographic Challenge. This was solved.

Something to jog your mind: IBM's Ponder This.

Some news about New York City:

The New York Times, with its affiliate event calendar NY Today.
A nice guide to NYC Night Life is available by New York Magazine.
The classic TONY - Timeout New York, the obsessive guide to impulsive entertainment.
What's going on in NYC? Watch NYC TV.
An overview of lifestyle in NYC is LX.TV.
Find out about the New Urbanism movement, which creates walkable living spaces in towns and cities.

Some international news feeds:

BBC World has a live 24 hour news feed using RealOne Player.
BBC News has a News 24 live feed (RealVideo).
Deutsche Welle has a live TV feed (RealVideo) (blocked in the US as of May 2006).
France2 TV offers their latest Journal (RealVideo).
The French TF1 TV channel offers news feeds of their most recent Journal televise, about half hour after broadcast (RealVideo).
The SwissInfo site offers recent multilingual news (RealVideo).
The German Tagesschau is being archived, together with Tagesthemen and Nachtmagazin (later editions). Video feeds are available about 1 hour after broadcast (RealVideo). Regular live feeds.
CNN has a News on demand page (QuickTime/RealVideo).
C-SPAN has a live news feed (RealVideo).
And while you're finding out what's out there in the world, some fundamental issues to think about, the Universal Declaration of Human Rights, from 1948.

Last modified: January 2009

Sven Dietrich / spock (at) abraxas (dot) adelphi (dot) edu
My PGP public key.