I am currently Head of Cyber Electromagnetic Warfare Research at Cy4Gate S.p.A.
Prior to this, I worked as a Senior Security Researcher at Technology Innovation Institute, and as Security Researcher at Consorzio Nazionale Interuniversitario per le Telecomunicazioni.
During my Bachelor’s thesis, advised by Prof. Gennaro Boggia, I came up with a lightweight key agreement protocol for constrained IoT devices in IEEE 802.15.4e networks by adopting the Elliptic Curve Diffie Hellman protocol and the implicit certificates ECQV.
During my Master’s thesis, advised by Prof. Luigi Alfredo Grieco, I designed and implemented a security framework for Intelligent Transport Systems in Horizon 2020 BONVOYAGE project by leveraging the Attribute Based Encryption.
My Ph.D, advised by Prof. Roberto Di Pietro, allowed me to design and developing of (i) a dead-reckoning system that leverages the jamming signal to estimate the UAV position; (ii) a privacy-preserving, distributed, and lightweight solution for co-location detection and collision avoidance of autonomous UAVs, and (iii) an anonymous remote identification system for UAVs to allow them to broadcast RemoteID-compliant messages using ephemeral pseudonyms.
My research journey allowed me to publish, 21 journal papers, 11 conference papers, 1 contribution for the Encyclopedia of Cryptography, Security and Privacy, 12 proof-of-concepts, and 3 patents.
Ph.D in Computer Science and Engineering, 2021
Hamad Bin Khalifa University, Doha, Qatar
MSc in Computer Science and Engineering (cum laude), 2017
Politecnico di Bari, Bari, Italy
BSc in Computer Science, and Automation Engineering, 2014
Politecnico di Bari, Bari, Italy
Remote Identification (RID) regulations recently promulgated worldwide are forcing commercial drones to broadcast wirelessly the location of the pilot in plaintext. However, in many real-world use cases, the plaintext availability of such information leads to privacy issues, allowing the extraction of sensitive information about the pilot and confidential details about the drone’s business. To address this issue, this paper proposes SNELL, a RID-compliant solution for selective authenticated pilot location disclosure. Using SNELL, a drone can disclose RID messages providing encrypted information about the pilot’s location. At the same time, thanks to the smart integration of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) techniques, the data about the pilot location can be decrypted only by receivers with a set of attributes satisfying an access control policy chosen by the drone at run-time. Thanks to an extensive experimental assessment carried out on a real medium-end drone (Lumenier QAV-R) and a constrained chip (ESP32), we demonstrate that SNELL can fulfil all the requirements imposed by RID and relevant standardization authorities in terms of pilot location update time and message size while also requiring negligible energy toll on RID-compliant drones.
Discovering mutual proximity and avoiding collisions is one of the most critical services needed by the next generation of Unmanned Aerial Vehicles (UAVs). However, currently available solutions either rely on sharing mutual locations, neglecting the location privacy of involved parties, or are applicable for fully autonomous vehicles only—leaving unaddressed Remotely-Piloted UAVs’ safety needs. Alternatively, proximity can be discovered by adding sensing capabilities. However, in addition to the cost of the sensors, the complexity of integration, and the toll on the energy budget, the effectiveness of such solutions is usually limited by short detection ranges, making them hardly useful in high-mobility scenarios. In this paper, we propose LPPD (an acronym for Lightweight Privacy-preserving Proximity Discovery), a unique solution for privacy-preserving proximity discovery among remotely piloted UAVs based on the exchange of wireless messages. LPPD integrates two main building blocks: (i) a custom space tessellation technique based on randomized spheres; and, (ii) a lightweight cryptographic primitive for private-set intersection. Another feature enjoyed by LPPD is that it does not require online third parties. LPPD is rooted in sound theoretical results and is supported by an experimental assessment performed on a real drone. In particular, experimental results show that LPPD achieves 100% proximity discovery while taking only 39.66 milliseconds in the most lightweight configuration and draining only the 5 · 10− 6% of the UAV’s battery capacity. In addition, LPPD’s security properties are formally verified.
The Federal Aviation Administration (FAA) recently introduced a new standard, namely, remote identification, to improve accountability for unmanned aerial vehicles (UAVs) operations. This rule requires UAV operators to broadcast messages revealing sensitive data, such as identity and location on the wireless channel. However, this leads to security and privacy concerns among UAV operators. Unauthorized parties may easily discover the location and identity of a UAV flying in a specific area and launch attacks on it such as using wireless jamming or tracking its activity. This review investigates and systematizes the main weaknesses affecting the Remote ID capability required of modern UAVs, and the approaches through which attackers can exploit these weaknesses to disrupt safety and accountability. Moreover, this article analyzes current solutions that mitigate privacy issues associated with Remote ID. Finally, we identify multiple challenges that require to be addressed by both industry and academia, and we propose future research directions to improve the security and privacy of UAVs.
Current collision avoidance techniques deployed on Unmanned Aerial Vehicles (UAVs) rely on short-range sensors, such as proximity sensors, cameras, and microphones. Unfortunately, their efficiency is significantly limited in several situations; for instance, when a remote UAV approaches at high velocity, or when the surrounding environment is impaired (e.g., fog, noise). In the cited cases, to avoid collisions and maintain self-separation, UAVs often rely on the indiscriminate broadcast of their location. Therefore, an adversary could easily identify the location of the UAV and attack it, e.g., by physically shutting it down, launching wireless jamming attacks, or continuing tracking its movements. To address the above-introduced threats, in this article we present PPCA, a lightweight, distributed, and privacy-preserving scheme to avoid collisions among UAVs. Our solution, based on an ingenious tessellation of the space, is accompanied by a thorough analytical model and is supported by an extensive experimental campaign performed on a real 3DR-Solo drone. The achieved results are striking: PPCA can efficiently and effectively avoid collisions among UAVs, by requiring a limited bandwidth and computational overhead (84.85% less than traditional privacy-preserving proximity testing approaches), while providing unique benefits in terms of privacy of the participating UAVs.