Daniele Lain

Daniele Lain

System Security @ ETH Zurich


$ whoami

I'm at the System Security group at ETH Zurich, where I recently defended my Ph.D. under the supervision of Prof. Srdjan Čapkun.

My current research focuses on the broad area of human-centered security through novel attacks, countermeasures, and large-scale measurements. My interests include designing usable systems, authentication techniques, security awareness and education, user interactions with security-sensitive elements, and how modern hardware and software security shape future system designs.

Besides academic venues, my research appeared in several industry venues and media: our attacks on keyboard sounds were featured in Black Hat USA and covered by Forbes, BBC, and Tom's Hardware, among others. Our findings on phishing awareness training were showcased in podcasts such as Malwarebytes and First Watch, as well as at the Security Awareness Day '23 hosted by the Swiss national CERT.

I play and organize Capture The Flag competitions. I founded No Pwn Intended at the University of Padua, and coordinate the Italian team mhackeroni with whom I played 6 DEF CON CTF finals finals and hacked a satellite in orbit. Thus, I greatly enjoy applying teaching-by-doing, at all levels of education. I've designed hands-on courses and labs for bachelor's, master's, and continuing education programs at both the University of Padua and ETH.

Before my doctorate, I earned an M.Sc. (with honors) and a B.Sc. in Computer Science at University of Padua in Italy, where I also spent a year as a research assistant in Prof. Mauro Conti's group.

Publications

See also my Google Scholar profile.


Content, Nudges and Incentives: A Study on the Effectiveness and Perception of Embedded Phishing Training

Daniele Lain, Tarek Jost, Sinisa Matetic, Kari Kostiainen, Srdjan Capkun.

ACM CCS '24.   Distinguished Paper Award  PDF  ]

On (The Lack Of) Code Confidentiality in Trusted Execution Environments

Ivan Puddu, Moritz Schneider, Daniele Lain, Stefano Boschetto, Srdjan Capkun.

IEEE S&P '24.   PDF  ]

Breaking Bad: How Compilers Break Constant-Time Implementations

Moritz Schneider, Daniele Lain, Ivan Puddu, Nicolas Dutly, Srdjan Capkun.

arXiv  (2024).   PDF  ]

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

Daniele Lain, Kari Kostiainen, Srdjan Capkun.

IEEE S&P '22.   PDF  ]

2FE: Two-Factor Encryption for Cloud Storage

Anders Dalskov, Daniele Lain, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun.

arXiv preprint  (2020).   PDF  ]

IntegriScreen: Visually Supervising Remote User Interactions on Compromised Clients

Ivo Sluganovic, Enis Ulqinaku, Aritra Dhar, Daniele Lain, Srdjan Capkun, Ivan Martinovic.

arXiv preprint  (2020).   PDF  ]

2FA-PP: 2nd factor phishing prevention

Enis Ulqinaku, Daniele Lain, Srdjan Capkun.

ACM WiSec '19.   PDF  ]

Pilot: Password and pin information leakage from obfuscated typing videos

Kiran Balagani, Matteo Cardaioli*, Mauro Conti, Paolo Gasti, Martin Georgiev, Tristan Gurtler, Daniele Lain*, Charissa Miller, Kendall Molas, Nikita Samarin, others.

Journal of Computer Security  (2019).   PDF  ]

Skype & Type: Keyboard Eavesdropping in Voice-over-IP

Stefano Cecconello*, Alberto Compagno, Mauro Conti, Daniele Lain*, Gene Tsudik.

ACM TOPS  (2019).   PDF  ]

TEEvil: Identity Lease via Trusted Execution Environments

Ivan Puddu, Daniele Lain, Moritz Schneider, Elizaveta Tretiakova, Sinisa Matetic, Srdjan Capkun.

arXiv preprint  (2019).   PDF  ]

Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets

Andrea Biondo, Mauro Conti, Daniele Lain.

NDSS '18.   PDF  slides  ]

Silk-tv: Secret information leakage from keystroke timing videos

Kiran S Balagani, Mauro Conti, Paolo Gasti, Martin Georgiev, Tristan Gurtler, Daniele Lain*, Charissa Miller, Kendall Molas, Nikita Samarin, Eugen Saraci, others.

ESORICS '18.   PDF  slides  ]

Don't Skype & Type! Acoustic eavesdropping in Voice-over-IP

Alberto Compagno, Mauro Conti, Daniele Lain, Gene Tsudik.

ACM ASIACCS '17.   PDF  slides  ]

It's always April fools' day!: On the difficulty of social network misinformation classification via propagation features

Mauro Conti, Daniele Lain*, Riccardo Lazzeretti, Giulio Lovisotto*, Walter Quattrociocchi.

IEEE WIFS '17.   PDF  ]

Boten ELISA: A novel approach for botnet C&C in online social networks

Alberto Compagno, Mauro Conti, Daniele Lain*, Giulio Lovisotto*, Luigi Vincenzo Mancini.

IEEE CNS '15.   PDF  slides  ]

Teaching & Supervision

I enjoy teaching and applying the principles of teaching-by-doing to cybersecurity concepts, inspired by the idea that targeted application of concepts greatly complements more conventional forms of teaching. My teaching experience and main contributions besides "ordinary" teaching duties include:

At University of Padua, I organized a set of hands-on courses on practical security topics (covering fundamental Capture The Flag skills, from web exploitation to memory vulnerabilities and cryptanalysis) called playground in 17-18 and 18-19, awarding 2 credits to students.
I was an instructor for the team that won the Italian National Cyberchallenge in 2018.
I also ran CTF laboratories at the System Security Summer School 2019, and as part of the Networks and Security B.Sc. course at University of Padua in 2016-2017.

I had the opportunity to supervise several great students both at ETH and in Padua:

CTF

I'm passionate about playing CTFs since my first ' OR 1=1; --. I admire its didactic potential, its great community building aspects and individual and team growth. I founded and lead No Pwn Intended, the academic team of the University of Padua.
I coordinate mhackeroni, the main Italian CTF team that (among other successes) played 6 DEF CON CTF Finals in Las Vegas and won the first-of-its-kind Hack-A-Sat 4 competition by hacking a satellite in orbit.
With mhackeroni, I organized and ran mhackectf: Enterprise Edition, a large online attack-defense CTF in 2020.

Media & Talks

Some selected presentations and talks: