Computer Security and Industrial Cryptography
Katholieke Universiteit Leuven
|Departement of Electrical Engineering
Kasteelpark Arenberg 10
My research is centered around the topic of privacy enhancing technologies. In particular, I am focused on both attacking and defending anonymous communication systems, exploring the applicability of information-theoretic secure systems for privacy solutions, and designing protocols which satisfy the specific needs of the use case for which they are applied. I have a very strong interest in the real-world applicability of my work; while some of what I do is pure theory, I have always held the believe that if a system cannot be implemented easily or be easily understood by the implementors, its utility is limited. Similarly, I believe that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users. Thus, I follow closely the fields of HCI and Applied Programming as well as Information Theory, Cryptography, and Anonymity.
- PKI Layer Cake: New Collision Attacks Against the Global X.509 Infrastructure. Dan Kaminsky, Meredith L. Patterson, and Len Sassaman. In Proceedings of Financial Cryptography and Data Security - 14th International Conference (FC 2010), R. Sion (ed.), Springer-Verlag, 16 pages, 2010.
- How to Bypass Two Anonymity Revocation Schemes. George Danezis and Len Sassaman. In Proceedings of the Privacy Enhancing Technologies Symposium 2008 (PETS 2008), N. Borisov, and I. Goldberg (eds.), Springer-Verlag, 15 pages, 2008.
- Freezing More Than Bits: Chilling Effects of the OLPC XO Security Model. Meredith L. Patterson, Len Sassaman, and David Chaum. In Proceedings of Usability, Psychology, and Security 2008 (UPSEC 2008), E. Churchill, and R. Dhamija (eds.), USENIX, 5 pages, 2008.
- Subliminal Channels in the Private Information Retrieval Protocols. Meredith L. Patterson and Len Sassaman. In Proceedings of the 28th Symposium on Information Theory in the Benelux (WIC 2007), R. Veldhuis, H. Cronie, and F. Hoeksema (eds.), 8 pages, 2007.
- The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval. Len Sassaman, Bram Cohen, and Nick Mathewson. In Proceedings of the Workshop on Privacy in the Electronic Society 2005 (WPES 2005), S. De Capitani di Vimercati, and R. Dingledine (eds.), ACM, 9 pages, 2005.
- Comparison between Two Practical Mix Designs. Claudia Díaz, Len Sassaman and Evelyne Dewitte. In Proceedings of the 9th European Symposium on Research in Computer Security (ESORICS'04), P. Samarati et al. (eds.), Springer LNCS 3193, pp. 141-159, 2004.
- Heartbeat Traffic to Counter $(n-1)$ Attacks: Red-Green-Black Mixes. George Danezis and Len Sassaman. In Proceedings of the Workshop on Privacy in the Electronic Society 2003 (WPES 2003), P. Samarati, and P. F. Syverson (eds.), ACM, 5 pages, 2003.
Here is much more comprehensive list of my academic activities, including speaking engagements, publications, and conferences attended.
External reviewer for CCS 2011
External reviewer for 11th Privacy Enhancing Technologies Symposium
Program committee member for ShmooCon 2011
Program committee member for 2nd Workshop on Ethics in Computer Security Research (WECSR 2011)
Program committee member for 2010 IEEE International Conference on Privacy, Security, Risk and Trust (PASSAT2010)
Program committee member for ShmooCon 2010
Program committee member for 10th Privacy Enhancing Technologies Symposium
Program committee member for 2009 IEEE International Conference on Privacy, Security, Risk and Trust (PASSAT-09)
Program committee member for IEEE Workshop on Web Privacy and Trust (WPT 2009)
Program committee co-chair for CodeCon 2009
Program committee member for 9th Privacy Enhancing Technologies Symposium
Program committee member for Financial Cryptography and Data Security '09
External reviewer for CCS 2008
Program co-chair for HotPETS 2008
External reviewer for 8th Privacy Enhancing Technologies Symposium
Program committee member for NDSS Symposium 2008
External reviewer for CCS 2007
External reviewer for WPES 2003
Program committee member and general chair for CodeCon 2002, CodeCon 2003, and CodeCon 2004
Program committee chair for CodeCon 2005 and CodeCon 2006
Member, The Shmoo Group
Affiliate Scholar, Institute for Ethics and Emerging Technologies (Joined 2010)
Member, International Association for Cryptologic Research (Joined 2005)
Member, Werkgemeenschap voor Informatie en Communicatietheorie (Joined 2007)
Member, The International Financial Cryptography Association (Joined 2010)
Member, Association for Computing Machinery (Joined 2008)
Member, IEEE Student Branch Leuven (Joined 2008)
Member, Society for Industrial and Applied Mathematics (Joined 2009)
Student Member, Society for Neuroscience (Admitted 2010)
Member, Electronic Frontier Foundation (Joined 2001)
Member, Foundation for a Free Information Infrastructure e.V. (Joined 2011)
Member, The Internet Society, Belgium Chapter (Joined 2009)
Member, ICANN's Noncommercial Users Constituency (NCUC) (Joined June 2010)
Member, The Internet Engineering Task Force (IETF) (Joined 1998)
Member, Liga voor Mensenrechten (Joined 2011)
Member, The Foresight Institute (Joined 2010)
Advisor, Scientific Advisory Board, The Lifeboat Foundation. (Joined 2009)
- Mixmaster is a mix-net implementation with widespread deployment and over ten years of development and use.
- The Pynchon Gate is an information-theoretic PIR-based pseudonymity system designed to obviate the need for reply-block based nym-servers.
- CodeCon is a conference I co-founded with Bram Cohen, aimed at attracting developers of active, highly practical projects with working code.
- HotPETS is a workshop I co-founded with Roger Dingledine and Thomas Heydt-Benjamin, to fill the void left as the PET Workshop matured into the PET Symposium. Influenced by PET and CodeCon, the goal of the workshop is to encourage discussion of "real-world" projects still in a formative state.
- Firekeeper is a browser-level intrusion detection system using Snort rules to detect and block browser-based attacks. This project was selected for the 2006 Google Summer of Code and sponsored by The Shmoo Group, and I served as mentor for its author, Jan Wrobel, for the duration of the Summer of Code program.
- Osogato, Inc. is a startup database software company, whose flagship product OBELisQ integrates fuzzy data mining into the standard relational database model. I am an advisor to the company.
- DIYBIO/Biohacking is a hobby I enjoy, with my wife Meredith.
- High security ink research is a side-interest of mine, which grew out of my passion for fountain pens.