Biography

Ciao, I am Daniele, an Assistant Professor (Class 1) at EURECOM with the software and system security (S3) group. I am doing research and teaching in system security and privacy with an emphasis on protocols, such as Bluetooth, FIDO2, and OCPP, embedded systems, such as vehicles, mobile, and IoT devices and cyber-physical systems such as industrial control systems.

In 2025, I got the French HDR (Habilitation à diriger des Recherches) from the École polytechnique presenting a thesis titled “Security and Privacy for Connected Devices”.

In 2020, spent one year and a half as a Postdoc with Mathias Payer’s HexHive group at École Polytechnique Fédérale de Lausanne (EPFL). During my postdoc, among others, I’ve participated in the design, implementation and evaluation of DP3T/GAEN, a privacy-preserving contact-tracing technology now used by Android and iOS for proximity tracing.

I hold a PhD in Computer Science from the Singapore University of Technology and Design (SUTD)My PhD was funded by a President Graduate Fellowship (PGF). My PhD thesis is titled “Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems”. During my PhD I spent six months at the Computer Science Department of the University of Oxford as a visiting researcher advised by Kasper Rasmussen, and ten months as a visiting researcher at the Helmholtz Center for Information Security (CISPA) advised by Nils Ole Tippenhauer.

I hold a BS and MS in Electronics and Telecommunications Engineering from the University of Bologna (UniBO). I spent three months at the University of Massachusetts (UMass Amherst) as a research assistant to prepare my master thesis titled Design and Testing of Random Number Generators (RNG) advised by Wayne Burleson and Riccardo Rovatti.

Interests
  • Mobile and Wireless Systems
  • Cyber-Physical Systems
  • Industrial Control System
  • Automotive Systems
  • IoT Protocols
  • Applied Cryptography
  • SoCurity
Education

  • French HDR, 2025

    École polytechnique (EP)

  • PhD in Computer Science, 2019

    Singapore University of Technology and Design (SUTD)

  • MS in Electronics and Telecommunications Engineering, 2013

    University of Bologna (UniBO)

  • BS in Electronics and Telecommunications Engineering, 2010

    University of Bologna (UniBO)

Publications

T. Sacchetti, D. Antonioli (2026). BLERP: BLE Re-Pairing Attacks and Defenses. NDSS.

PDF Cite Code Slides PI Demo CVE-2025-62235 BH Asia'26

F. Hofhammer, D. Antonioli, M. Payer (2026). PrivacyShield: Relaying BLE Beacons to Counter Unsolicited Tracking. USENIX SEC.

PDF Cite Code

S. Boussaha, V. Fresno-Gomez, T. Barber, D. Antonioli (2025). EmuOCPP: Effective and Scalable OCPP Security and Privacy Testing. USENIX VehicleSec.

PDF Cite Code Video

D. Donadel, G. Crestanello, G. Morandini, D. Antonioli, M. Conti, M. Merro (2025). SimProcess: High Fidelity Simulation of Noisy ICS Physical Processes. ACM CPSS.

PDF Cite BPA 🏆

V. Zubkov, T. Sacchetti, D. Antonioli, M. Strohmeier (2025). Bluetooth Security Testing with BlueToolkit: a Large-Scale Automotive Case Study . USENIX WOOT.

PDF Cite Code Poster Video DEF CON 32

S. Boussaha, V. Fresno-Gomez, T. Barber, D. Antonioli (2025). CheckOCPP: Automatic OCPP Packet Dissection and Compliance Check. IEEE ACSW.

PDF Cite Code Slides

M. Casagrande, D. Antonioli (2025). CTRAPS: CTAP Impersonation and API Confusion on FIDO2. IEEE Euro S&P.

PDF Cite Code Poster Slides Demos CVE-2024-35311 YSA-2024-02 DEF CON 33 Almanack Off By One

M. Casagrande, R. Cestaro, E. Losiouk, M. Conti, D. Antonioli (2024). E-Trojans: Ransomware, Tracking, DoS, and Data Leaks on Battery-powered Embedded Systems. Preprint.

Preprint Cite BHUS'25 Dark Reading

T. Sacchetti, M. Bognar, J. De Meulemeester, B. Gierlichs, F. Piessens, V. Bezsmertnyi, MC. Molteni, S. Cristalli, A. Gringiani, O. Thomas, D. Antonioli (2024). AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling. ACM TECS.

PDF Cite Code Tutorial

S. Boussaha, L. Hock, M. Bermejo, R. Cuevas Rumin, A. Cuevas Rumin, D. Klein, M. Johns, L. Compagna, D. Antonioli, T. Barber (2024). FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds. PETS.

PDF Cite Code Slides Video

D. Antonioli (2023). BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses. ACM CCS.

PDF Cite Code Slides 37c3 37c3 Slides THCON'24 CVE-2023-24023

M. Casagrande, R. Cestaro, E. Losiouk, M. Conti, D. Antonioli (2023). E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem. ACM WiSec.

PDF Cite Code Poster Slides Video Demos THCON'24

See all publications

Talks

CTRAPS: CTAP Client Impersonation and API Confusion on FIDO2
Talk on CTRAPS attacks on FIDO2 as part of ETHZ ZISC seminars.
Jun 20, 2025 00:00 Zurich
CTRAPS: CTAP Client Impersonation and API Confusion on FIDO2
FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds
Talk on FP-tracer and browser fingerprinting at Privasky'25.
Mar 18, 2025 00:00 Correncon en Vercors (Grenoble)
FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds
On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats
Talk on Automotive Bluetooth Security at AMUSEC'25. Cars are some of the most security-critical consumer devices. On the one hand, owners expect rich infotainment features, including audio, hands-free calls, contact management, or navigation through their connected mobile phone.
Mar 14, 2025 00:00 Marseille
On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats
A Quest to Secure Standard and Proprietary Wireless Systems
In this talk we will explore recent research on real world wireless security protocols. We will cover standard protocols such as Bluetooth pairing and session establishment and proprietary ones such as IoT application layer protocols used to secure traffic between companion mobile applications and electric scooters and fitness trackers.
Jul 22, 2024 00:00 University of Verona (UniVR)
A Quest to Secure Standard and Proprietary Wireless Systems
Information and Entertainment for Automotive Researchers
Keynote given at ACSW'24 (EuroS&P Workshop) covering Automotive Bluetooth Security and E-Spoofer.
Jul 8, 2024 00:00 Vienna
Information and Entertainment for Automotive Researchers
A Quest to Secure Proprietary and Standard Wireless Protocols
Keynote given at RESSI'24 covering, among others, BLUFFS, E-Spoofer, and BreakMi.
May 17, 2024 00:00 Eppe-Sauvage
A Quest to Secure Proprietary and Standard Wireless Protocols
A Quest to Secure Standard and Proprietary Wireless Protocols
Talk covering, among others, BLUFFS, E-Spoofer, and BreakMi.
May 14, 2024 00:00 Virtual
A Quest to Secure Standard and Proprietary Wireless Protocols
See all events

Posts

BLERP Peripheral Impersonation Attack Demo
Here is Tommaso Sacchetti demonstrating the BLERP peripheral impersonation attack against a vulnerable Android 13 build (2024). In this setup, an attacker in proximity impersonates a trusted mouse, triggers an unauthenticated re-pairing, and takes over the input channel.
Mar 23, 2026 1 min read
BLERP Peripheral Impersonation Attack Demo
E-Trojans Black Hat USA 25 Video
Last summer, Marco Casagrande and I talked about E-Trojans: Ransomware, Tracking, DoS, and Data Leaks on Xiaomi Electric Scooters at Black Hat USA 2025. Our presentation is online:
Mar 18, 2026 1 min read
E-Trojans Black Hat USA 25 Video
DCS-CI: Design for Cyber Secure Critical Infra
The call for submission for the first edition of the DCS-CI conference is online. The Design of Cyber-Secure Critical Infrastructure (DCS-CI) 26 conference invites researchers, practitioners, and thought leaders to submit original work that advances our collective understanding of how to design, deploy, and maintain secure critical infrastructure systems.
Mar 16, 2026 1 min read
DCS-CI: Design for Cyber Secure Critical Infra
WiSec'26 Call for Posters and Demos
I am excited to chair the WiSec Demo and Poster session. Please submit your great posters and demos via this HotCRP instance! All poster titles must be prefixed with POSTER: and all demo titles with DEMO:.
Mar 16, 2026 1 min read
WiSec'26 Call for Posters and Demos
BLERP: BLE Re-Pairing Attacks and Defenses
In mid 2024, Tom and I looked at BLE re-pairing, an underlooked attack surface. We uncovered four critical re-pairing attacks and design-level vulnerabilities that allow device impersonation and MitM of arbitrary devices in BLE range.
Feb 14, 2026 1 min read
BLERP: BLE Re-Pairing Attacks and Defenses
See all posts

Reviews

Summary

  • 257 submissions reviewed since 2016 (last update 2025-04-11)
  • Associate Editor: ACM Transactions on Privacy and Security (TOPS)
  • Distinguished reviewer: NDSS'24, WOOT'21
  • Chair: Program (CPSS'26), Artifact Evaluation (NDSS'26, NDSS'27), Poster&Demo (WiSec'24, WiSec'26), Publicity (NSS'20)

Conferences and Workshops

  • 2027: PETS, S&P, NDSS
  • 2026: PETS, S&P, NDSS, WiSec, CPSS, ACSW, VehicleSec
  • 2025: WiSec, DIMVA, CPSS, WOOT, RAID, ACSW
  • 2024: WiSec, SEC, NDSS, DIMVA, CPSS, AsiaCCS, CPSS, RAID
  • 2023: WOOT, WiSec, SEC, NDSS, CPSS, AsiaCCS, CPSS
  • 2022: WOOT, S&P, SEC, CPSS, AsiaCCS, CPSS
  • 2021: WOOT, SEC, AsiaCCS, NSS

Journals

  • ACM Transactions on Privacy and Security (TOPS)
  • IEEE Transactions on Information Forensics and Security (TIFS)
  • IEEE Security & Privacy
  • IEEE Transactions on Wireless Communications (TWC)
  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • IEEE Network
  • IEEE Computer (COM)
  • Elsevier Computers & Security (COSE)
  • Elsevier Computer Networks (ComNet)
  • Journal of Systems Research (JSys)
  • Journal of Computer Science and Technology (JCST)

Grants

  • German Research Foundation (DFG)

Publishers

  • Manning Publications

Students

PhD

Graduated PhD

Master (selected)

  • Joppe De Boe (KUL, COSIC)
  • Victor Fresno-Gomez (Best Master Thesis and Matricula de Honor from UPM)
  • Yavuz Akin (EURECOM)
  • Elyssa Boulila (EURECOM)
  • Riccardo Cestaro (UniPD, Mille E Una Lode Award, CLUSIT Award'22)
  • Alex Ferragni (EPFL, HexHive, CSEM lab)
  • Emiljano Gjiriti (EPFL, HexHive, CSEM lab)

Courses

At EURECOM (since 2021)

  • 2021–current: Mobile System Security (MOBISEC) MSc.
    • Android and iOS security
  • 2022–current: A Bluetooth Course (ABC) MSc.
    • Bluetooth, wireless, and network security

TA as a PhD (2015-2018)

  • 2018: Security Principles (SPR) MSc, University of Oxford UK, Prof K.B. Rasmussen
    • CIA, Authentication, Cryptography, RSA, Protocols
    • Exercises and presentation of Scyther
  • 2017: Networks BSc, SUTD Singapore, Prof N.O. Tippenhauer
    • TCP/IP, UDP, BGP, SDN, HTTP, REST, TLS, tunnels, NAT
    • Lab session, grading, office hours
  • 2017: Security BSc, SUTD Singapore, Prof N.O. Tippenhauer
    • CIA, Cryptography, Exploitation, TLS, CTF, Network Security
    • Lab session, grading, office hours

For fun and micro profit (2013-2015)

  • External Prof for High School Final Exams in Informatics (Italy) LAMP, SQL, PHP, JS, relational DB, MVC, HTTP(S)
  • Grad/undergrad private lessons: linear algebra, calculus, programming (C, Pascal)
  • High school private lessons: math, physics, programming (C++)

Contact