Len Sassaman at the 27th Chaos Communication Congress.
|Died||July 3, 2011 (aged 31)
Leuven, Flemish Brabant, Belgium
Cause of death
|Known for||Mixmaster, X.509 attacks|
|Spouse(s)||Meredith L. Patterson (Married 2006)|
Sassaman was employed as the security architect and senior systems engineer for Anonymizer. He was a PhD candidate at the Katholieke Universiteit Leuven in Belgium, as a researcher with the Computer Security and Industrial Cryptography (COSIC) research group, led by Bart Preneel. David Chaum and Bart Preneel were his advisors.
Sassaman was a well-known cypherpunk, cryptographer and privacy advocate. He worked for Network Associates on the PGP encryption software, was a member of the Shmoo Group, a contributor to the OpenPGP IETF working group, the GNU Privacy Guard project, and frequently appeared at technology conferences like DEF CON. Sassaman was the co-founder of CodeCon along with Bram Cohen, co-founder of the HotPETS workshop (with Roger Dingledine of Tor and Thomas Heydt-Benjamin), co-author of the Zimmermann–Sassaman key-signing protocol, and at the age of 21, was an organizer of the protests following the arrest of Russian programmer Dmitry Sklyarov.
On February 11, 2006, at the fifth CodeCon, Sassaman proposed to returning speaker and noted computer scientist Meredith L. Patterson during the Q&A after her presentation, and they were married. The couple worked together on several research collaborations, including a critique of privacy flaws in the OLPC Bitfrost security platform, and a proposal of formal methods of analysis of computer insecurity in February 2011.
Meredith Patterson's current startup, Osogato, aims to commercialize Patterson's Support Vector Machine-based "query by example" research. Sassaman and Patterson announced Osogato's first product, a downloadable music recommendation tool, at SuperHappyDevHouse 21 in San Francisco.
In 2009, Dan Kaminsky presented joint work with Sassaman and Patterson at Black Hat in Las Vegas, showing multiple methods for attacking the X.509 certificate authority infrastructure. Using these techniques, the team demonstrated how an attacker could obtain a certificate that clients would treat as valid for domains the attacker did not control.
This lists all publications by Sassaman during his tenure with COSIC at Katholieke Universiteit Leuven.
- L. Sassaman, "The State of the OpenPGP Keyserver Infrastructure", North American Network Operators Group, 20th Conference, Washington, DC, USA, 2000.
- L. Sassaman, "Fundamental Flaws in the SSL Certificate Authority Model", DEFCON 9, Las Vegas, NV, USA, 2001.
- L. Sassaman, "The Promise of Privacy", 16th Conference on Systems Administration (LISA 2002), Philadelphia, PA, USA, 2002.
- L. Sassaman, "Anonymity Services and The Law", DEFCON 10, Las Vegas, NV, USA, 2002.
- L. Sassaman, "Forensic Dead-Ends: Tracing Users Through Anonymous Remailers", Black Hat Briefings, Las Vegas, NV, USA, 2002.
- L. Sassaman, "BOF: Future Directions for Anonymous Remailers", Computers, Freedom and Privacy, San Francisco, CA, USA, 2002.
- L. Sassaman and C. Wysopal, "Panel: How can Independent Researchers be adequately compensated for the valuable service they provide to vendors and customers while encouraging responsible reporting?", CyberSecurity, Research & Disclosure, Stanford, CA, USA, 2003.
- G. Danezis and L. Sassaman, "Heartbeat Traffic to Counter $(n-1)$ Attacks: Red-Green-Black Mixes", in Proceedings of the 2nd ACM workshop on Privacy in the electronic society (WPES 2003) ACM 101039, P. Samarati and P. F. Syverson (eds.), ACM, pp. 89–93, 2003.
- R. Lackey, P. Palfrader and L. Sassaman, "Behind the Remailers: The Operators and Developers of Anonymity Services", DEFCON 11, Las Vegas, NV, USA, 2003.
- R. Dingledine and L. Sassaman, "Attacks on Anonymity Systems: Theory and Practice", Black Hat Briefings, Las Vegas, NV, USA, 2003.
- L. Sassaman, "Designing Useful Privacy Applications", Black Hat Europe Briefings 2003, Amsterdam, NL, 2003.
- L. Sassaman, "Anonymity in Practice", COSIC Seminar, Leuven, BE, 2003.
- L. Sassaman, "Introduction to Anonymity Techniques", University of Cambridge Security Seminar, Cambridge, UK, 2003.
- S. Kopsell, L. Sassaman and A. Shostack, "Panel: Experiences Deploying Anonymous Communication Systems", Workshop on Privacy Enhancing Technologies 2003, Dresden, DE, 2003.
- L. Sassaman, "Privacy Issues in Identity Management", 13th CACR Information Security Workshop & 5th Annual Privacy and Security Workshop, Toronto, ON, CA, 2004.
- L. Sassaman, "Making Privacy Enhancing Technology a Reality", TOORCON, San Diego, CA, USA, 2004.
- C. Diaz, L. Sassaman and E. Dewitte, "Comparison between two practical mix designs", in 9th European Symposium on Research in Computer Security (ESORICS 2004), "Lecture Notes in Computer Science 3193", D. Gollmann, P. Ryan and P. Samarati (eds.), Springer-Verlag, pp. 141–159, 2004.
- L. Sassaman, "The Anonymity Toolkit", Black Hat Briefings, Las Vegas, NV, USA, 2004.
- L. Sassaman, "Ten Years of Practical Anonymity", The Fifth HOPE Conference, New York, NY, USA, 2004.
- L. Sassaman, B. Cohen and N. Mathewson, "The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval", in "Proceedings of the 4th ACM workshop on Privacy in the electronic society (WPES 2005)", S. De Capitani di Vimercati and R. Dingledine (eds.), ACM, pp. 1–9, 2005.
- R. Dingledine, P. Palfrader and L. Sassaman, "Panel: Future Anonymity Systems", What The Hack, Liempde, NL, 2005.
- L. Sassaman, "Anonymity for 2015", 24th Chaos Communication Congress, Berlin, DE, 2007.
- L. Sassaman, "Anonymity and its Discontents", Black Hat Briefings, Las Vegas, NV, USA, 2007.
- L. Sassaman and B. Preneel, "Solving the Byzantine Postman Problem", Technical Report ESAT-COSIC 2007-004, 15 pages, 2007.
- K. Kursawe, P. Palfrader and L. Sassaman, "Echolot and Leuchtfeuer: Measuring the Reliability of Unreliable Mixes", Technical Report ESAT-COSIC 2007-005, 15 pages, 2007.
- M. L. Patterson and L. Sassaman, "Subliminal Channels in the Private Information Retrieval Protocols", in Proceedings of the 28th Symposium on Information Theory in the Benelux, Werkgemeenschap voor Informatie- en Communicatietheorie, 8 pages, 2007.
- L. Sassaman, "The Faithless Endpoint: How Tor puts certain users at greater risk", Technical Report ESAT-COSIC 2007-003, pp. 1–4, 2007.
- L. Sassaman and B. Preneel, "The Byzantine Postman Problem: A Trivial Attack against PIR-based Nym Servers", Technical Report ESAT-COSIC 2007-001, pp. 1–7, 2007.
- G. Danezis and L. Sassaman, "How to Bypass Two Anonymity Revocation Schemes", in Privacy Enhancing Technologies - 8th International Symposium, PETS 2008, "Lecture Notes in Computer Science 5134", N. Borisov and I. Goldberg (eds.), Springer-Verlag, pp. 187–201, 2008.
- L. Sassaman and B. Preneel, "The Byzantine Postman Problem", in Proceedings of the 29th Symposium on Information Theory in the Benelux, Werkgemeenschap voor Informatie- en Communicatietheorie, pp. 129–135, 2008.
- L. Sassaman, "A Review of the OLPC XO Security Model", Stanford University Security Seminar, Stanford, CA, USA, 2008.
- M. L. Patterson, L. Sassaman and D. Chaum, "Freezing More Than Bits: Chilling Effects of the OLPC XO Security Model", in Usability, Psychology and Security 2008, E. Churchill and R. Dhamija (eds.), USENIX, pp. 5:1-5:5, 2008.
- L. Sassaman, "Freezing More Than Bits: Chilling Effects of the OLPC XO Security Model", University of California, Berkeley Security Reading Group, Berkeley, CA, USA, 2008.
- L. Sassaman, "Toward an Information-Theoretically Secure Anonymous Communication Service", Master thesis, Katholieke Universiteit Leuven, B. Preneel (promotor), 94 pages, 2008.
- L. Sassaman, "Lessons in Vulnerability Disclosure: So You Broke The Internet -- What Now?", COSIC Seminar, Leuven, BE, 2009.
- D. Kaminsky and L. Sassaman, "Breaking Web Security: Practical Attacks on X.509", Black Hat Briefings, Las Vegas, NV, USA, 2009.
- L. Sassaman, "Minimizing Attack Surfaces with Language-Theoretic Security", EIDMA/DIAMANT Cryptography Working Group, Utrecht, NL, 2010.
- J. C. Anderson, L. Sassaman and E. You, "The rise of Distributed, Decentralized, Amateur/Citizen Science and Do It Yourself Biology: Safety and Security Concerns", Open Science Summit 2010, Berkeley, CA, USA, 2010.
- M. L. Patterson and L. Sassaman, "Exploiting the Forest with Trees", Black Hat Briefings, Las Vegas, NV, USA, 2010.
- M. L. Patterson and L. Sassaman, "Exploiting Computational Slack in Protocol Grammars", PH-Neutral, Berlin, DE, 2010.
- L. Sassaman, "Language Theoretic Security Attacks: Exploiting Computational Slack in Protocol Grammars", COSIC Seminar, Leuven, BE, 2010.
- L. Sassaman, "Ethical Guidelines for Computer Security Researchers: 'Be Reasonable'", in Workshop on Ethics in Computer Security Research 2010, "Lecture Notes in Computer Science", Springer-Verlag, 6 pages, 2010.
- L. F. Cranor, E. Kenneally and L. Sassaman, "Towards a Code of Ethics for Computer Security Research", Workshop on Ethics in Computer Security Research (WECSR 2010), Tenerife, ES, 2010.
- D. Kaminsky, M. L. Patterson and L. Sassaman, "PKI Layer Cake: New Collision Attacks Against the Global X.509 Infrastructure", in Financial Cryptography and Data Security - 14th International Conference, FC 2010, "Lecture Notes in Computer Science 6052", R. Sion (ed.), Springer-Verlag, 16 pages, 2010.
- M. L. Patterson and L. Sassaman, "Towards a Theory of Computer Insecurity: a Formal Language-Theoretic Approach" on YouTube (presentation), Dartmouth College Institute for Security, Technology and Society Speaker Series, Hanover, NH, USA, 2011.
- McCullagh, Declan; Benner, Jeffrey (24 July 2001). "Sklyarov Release in Feds' Hands". Wired.
- Slutsky, Irina (11 December 2008). "Len Sassaman & Meredith Patterson are CodeCon Valentines". YouTube.
- Barras, Colin (5 June 2008). "Laptops could Betray Users in the Developing World". New Scientist (2659).(registration required)
- Sassaman, Len; Patterson, Meredith L. (February 17, 2011). "Towards a formal theory of computer insecurity: a language-theoretic approach" (FLASH VIDEO). Institute for Security, Technology and Society, Dartmouth College.
- Goodin, Dan (30 July 2009). "Wildcard certificate spoofs web authentication - SSL felled by null string". The Register.
- Rodney. "Dan Kaminsky Feels a disturbance in The Internet". Semiaccurate.com.
- l33tdawg (3 July 2011). "RIP: Len Sassaman, crypto expert and privacy advocate". Hack In The Box SecNews.
- Orlowski, Andrew (July 6, 2011). "Cryptographer Len Sassaman, RIP". The Register. Retrieved 2013-10-27.
- maradydd (Meredith Patterson) (3 July 2011). "Len Sassaman has passed away". Hacker News, YCombinator.com.
- Patterson, Meredith L (3 July 2011). "@wimremes unfortunately, it is. I got the call from the Leuven police about three hours ago. (I'm in TX visiting family at the moment.)". Twitter.com.
- Kaminsky, Dan (August 4, 2011). "Black Ops of TCP/IP 2011". pp. 12–16.
- "COSIC Publication List :LSassaman". COSIC Publication Search Engine, Katholieke Universiteit Leuven.
|Wikimedia Commons has media related to Len Sassaman.|
- Sassaman's home page at the Wayback Machine (archived July 6, 2011)
- Sassaman's former blog at the Wayback Machine (archived April 6, 2009)