Biography

Ciao, I am Daniele, an Assistant Professor at EURECOM with the software and system security (S3) group. I am doing research and teaching in applied system security and privacy with an emphasis on wireless communication, such as Bluetooth and Wi-Fi, embedded systems, such as cars and fitness trackers, mobile systems such as smartphones, and cyber-physical systems such as industrial control systems.

I spent one year and a half as a Postdoc with Mathias Payer’s HexHive group at École Polytechnique Fédérale de Lausanne (EPFL). During my postdoc, among others, I’ve participated in the design, implementation and evaluation of DP3T/GAEN, a privacy-preserving contact-tracing technology now used by Android and iOS for proximity tracing.

I hold a PhD in Computer Science from the Singapore University of Technology and Design (SUTD). My PhD thesis is titled “Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems”. During my PhD I spent six months at the Computer Science Department of the University of Oxford as a visiting researcher advised by Kasper Rasmussen, and ten months as a visiting researcher at the Helmholtz Center for Information Security (CISPA) advised by Nils Ole Tippenhauer.

I hold a BS and MS in Electronics and Telecommunications Engineering from the University of Bologna (UniBO). I spent three months at the University of Massachusetts (UMass Amherst) as a research assistant to prepare my master thesis titled Design and Testing of Random Number Generators (RNG) advised by Wayne Burleson and Riccardo Rovatti.

Interests
  • Cyber-Physical Systems
  • Mobile Systems Security
  • Wireless Systems Security
  • Embedded Systems Security
  • Industrial Control System Security
  • Applied Cryptography
  • SoCurity
Education

  • PhD in Computer Science, 2019

    Singapore University of Technology and Design (SUTD)

  • MS in Electronics and Telecommunications Engineering, 2013

    University of Bologna (UniBO)

  • BS in Electronics and Telecommunications Engineering, 2010

    University of Bologna (UniBO)

Projects

*
All CPS Protocol Bluetooth
Jan 26, 2023
ENCOPIA
ENCOPIA

Enabling connected privacy assurance
Jan 26, 2023
Open-source ReSilient Hardware and software for Internet of thiNgs (ORSHIN)
Open-source ReSilient Hardware and software for Internet of thiNgs (ORSHIN)

Building contrained devices pivoting on open-source hardware and software
Mar 5, 2022
Bluetooth BLUR Attacks (BLURtooth)
Bluetooth BLUR Attacks (BLURtooth)

Standard-compliant attacks on Bluetooth’s Cross-Transport Key Derivation (CTKD)
Aug 7, 2020
DP3T/GAEN for COVID-19
DP3T/GAEN for COVID-19

Decentralized and privacy-preserving tracing techologies
May 18, 2020
Bluetooth BIAS Attacks
Bluetooth BIAS Attacks

Standard-compliant Bluetooth Impersonation AttackS (BIAS)
Aug 20, 2019
Bluetooth KNOB Attacks
Bluetooth KNOB Attacks

Standard-compliant attacks to the Key Negotiation Of Bluetooth (KNOB)
Feb 2, 2019
Reversing and Attacking Google Nearby
Reversing and Attacking Google Nearby

Reverse-engineering and attacking Google Nearby Connections API for Android
Nov 7, 2017
MiniCPS Framework
MiniCPS Framework

A framework for Cyber-Physical Systems real-time simulation, built on top of Mininet

Publications

S. Boussaha, L. Hock, M. Bermejo, R. Cuevas Rumin, A. Cuevas Rumin, D. Klein, M. Johns, L. Compagna, D. Antonioli, T. Barber (2024). FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds. PETS.

PDF Cite Code Project Slides Video

D. Antonioli (2023). BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses. ACM CCS.

PDF Cite Code Project Slides 37c3 37c3 Slides THCON'24 CVE-2023-24023

M. Casagrande, R. Cestaro, E. Losiouk, M. Conti, D. Antonioli (2023). E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem. ACM WiSec.

PDF Cite Code Project Poster Slides Video Demos THCON'24

M. Casagrande, E. Losiouk, M. Conti, M. Payer, D. Antonioli (2022). BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem. IACR CHES.

PDF Cite Code Project Poster Slides Video Demos HWIO'23

D. Antonioli, M. Payer (2022). On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats. IEEE WOOT.

PDF Cite Code Project Project Slides Video CVE-2019-9506 CVE-2020-10135

D. Antonioli, N. O. Tippenhauer, K. Rasmussen, M. Payer (2022). BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy. ACM AsiaCCS.

PDF Cite Code Project Slides Video Website CVE-2020-15802 CVE-2022-20361

J. Wu, R. Wu, D. Antonioli, M. Payer, N. O. Tippenhauer, D. Xu, D. J. Tian, A. Bianchi (2021). LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks. USENIX Security.

PDF Cite Code Slides Video

DP3T Team (2020). Early Evidence of Effectiveness of Digital Contact Tracing for SARS-CoV-2 in Switzerland. EMH Swiss medical weekly.

PDF Cite

DP3T Team (2020). Decentralized Privacy-Preserving Proximity Tracing. IEEE DEB.

PDF Cite

D. Antonioli, N. O. Tippenhauer, K. Rasmussen (2020). Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy. ACM TOPS.

PDF Cite Code Project knobattack.com CVE-2019-9506

D. Antonioli, N. O. Tippenhauer, K. Rasmussen (2020). BIAS: Bluetooth Impersonation AttackS. IEEE S&P.

PDF Cite Code Project Slides Video Teaser Website CVE-2020-10135

D. Antonioli, N. O. Tippenhauer, K. Rasmussen (2019). The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR. USENIX Security.

PDF Cite Code Project Slides Video Website CVE-2019-9506 CyberWire Oxford IR1915

See all publications

Talks

A Quest to Secure Standard and Proprietary Wireless Systems
In this talk we will explore recent research on real world wireless security protocols. We will cover standard protocols such as Bluetooth pairing and session establishment and proprietary ones such as IoT application layer protocols used to secure traffic between companion mobile applications and electric scooters and fitness trackers.
Jul 22, 2024 00:00 University of Verona (UniVR)
A Quest to Secure Standard and Proprietary Wireless Systems
Information and Entertainment for Automotive Researchers
Keynote given at ACSW'24 (EuroS&P Workshop) covering Automotive Bluetooth Security and E-Spoofer.
Jul 8, 2024 00:00 Vienna
Information and Entertainment for Automotive Researchers
A Quest to Secure Proprietary and Standard Wireless Protocols
Keynote given at RESSI'24 covering, among others, BLUFFS, E-Spoofer, and BreakMi.
May 17, 2024 00:00 Eppe-Sauvage
A Quest to Secure Proprietary and Standard Wireless Protocols
A Quest to Secure Standard and Proprietary Wireless Protocols
Talk covering, among others, BLUFFS, E-Spoofer, and BreakMi.
May 14, 2024 00:00 Virtual
A Quest to Secure Standard and Proprietary Wireless Protocols
BLUFFS: Breaking and fixing the Bluetooth standard. One More Time.
YouTube (37c3)
Apr 4, 2024 00:00 Toulouse, France
BLUFFS: Breaking and fixing the Bluetooth standard. One More Time.
E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem
YouTube (WiSec'23)
Apr 4, 2024 00:00 Toulouse, France
E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem
Bluetooth Security at NECS Winter School
This lecture overviews recent and impactful research on Bluetooth security and privacy. We will cover protocol-level vulnerabilities in the Bluetooth specification affecting billions of devices, such as KNOB, BIAS, BLUR, and BLUFFS.
Jan 8, 2024 00:00 Cortina d'Ampezzo, Italy
Bluetooth Security at NECS Winter School
See all events

Posts

FP-tracer PETS'24 Paper and Artifact
Modern websites use attribute-based browser fingerprinting to track us(ers) using our browser’s JavaScript API. They can track us without cookies, and regardless of what we click on websites’ consent banners.
Jul 1, 2024 1 min read
E-Spoofer and BLUFFS Talks at THCON'24
Salut, Marco Casagrande will talk about E-Spoofer and I will talk about BLUFFS at the 2024 Toulouse Hacking Convention (THCON)! Both research works are funded by the ORSHIN Horizon Europe research grant.
Mar 13, 2024 1 min read
Recorded BLUFFS Talk at 37c3
YouTube Media CCC More here.
Dec 30, 2023 1 min read
BLUFFS Talk at 37c3
See you in Hamburg 🇩🇪 at 37c3
Dec 22, 2023 1 min read
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses
Breaking and fixing the Bluetooth standard. One More Time. Paper Slides Toolkit CVE-2023-24023 BT SIG note
Nov 27, 2023 1 min read
See all posts

Reviews

Summary

  • 216 submissions reviewed since 2016 (last update 2024-02-22)
  • Associate Editor (AE): ACM Transactions on Privacy and Security (TOPS)
  • Distinguished reviewer: NDSS'24, WOOT'21
  • Chair: Poster&Demo (WiSec'24), Publicity (NSS'20)
  • 2024: WiSec, SEC, NDSS, DIMVA, CPSS, AsiaCCS, CPSS, RAID
  • 2023: WOOT, WiSec, SEC, NDSS, CPSS, AsiaCCS, CPSS
  • 2022: WOOT, S&P, SEC, CPSS, AsiaCCS, CPSS
  • 2021: WOOT, SEC, AsiaCCS, NSS

Conferences

  • USENIX Security Symposium (SEC)
  • ACM Asia Conference on Computer and Communications Security (AsiaCCS)
  • International Conference on Network and System Security (NSS)
  • IEEE Symposium on Security and Privacy (S&P)
  • Network and Distributed System Security Symposium (NDSS)
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)
  • Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
  • ACM Symposium on Research in Attacks, Intrusions and Defenses (RAID)

Journals

  • ACM Transactions on Privacy and Security (TOPS)
  • IEEE Transactions on Information Forensics and Security (TIFS)
  • IEEE Transactions on Wireless Communications (TWC)
  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • IEEE Network
  • Computer Networks (ComNet)
  • Journal of Systems Research (JSys)
  • Journal of Computer Science and Technology (JCST)
  • IEEE Computer (COM)

Workshops

  • USENIX Workshop on Offensive Technologies (WOOT)
  • IEEE Workshop on Cyber-Physical Systems Security (CPS-Sec)
  • ACM Cyber-Physical System Security Workshop (CPSS)

Grants

  • German Research Foundation (DFG)

Publishers

  • Manning Publications

Students

PhD

  • Marco Casagrande
  • Soumaya Boussaha
  • Tommaso Sacchetti

Master (selected)

  • Riccardo Cestaro (UniPD, Mille E Una Lode Award, 2nd prize CLUSIT Award'22)
  • Alex Ferragni (EPFL, CSEM lab)
  • Emiljano Gjiriti (EPFL, CSEM lab)

Courses

Currently as Asst. Prof

  • Spring 2022: A Bluetooth Course (ABC) MSc.
    • Bluetooth, wireless, and network security
  • Fall 2021: Mobile System Security (MOBISEC) MSc.
    • Android and iOS security

TA as a PhD (2015-2018)

  • 2018: Security Principles (SPR) MSc, University of Oxford UK, Prof K.B. Rasmussen
    • CIA, Authentication, Cryptography, RSA, Protocols
    • Exercises and presentation of Scyther
  • 2017: Networks BSc, SUTD Singapore, Prof N.O. Tippenhauer
    • TCP/IP, UDP, BGP, SDN, HTTP, REST, TLS, tunnels, NAT
    • Lab session, grading, office hours
  • 2017: Security BSc, SUTD Singapore, Prof N.O. Tippenhauer
    • CIA, Cryptography, Exploitation, TLS, CTF, Network Security
    • Lab session, grading, office hours

For fun and micro profit (2013-2015)

  • External Prof for High School Final Exams in Informatics (Italy) LAMP, SQL, PHP, JS, relational DB, MVC, HTTP(S)
  • Grad/undergrad private lessons: linear algebra, calculus, programming (C, Pascal)
  • High school private lessons: math, physics, programming (C++)

Contact