Matteo Rizzi

Bachelor in Computer Science, Security Administrator and Research Scientist

Born in 1998, 30 September, I hold the positions of Security Administrator at Fondazione Bruno Kessler and Research Scientist in the organization's Security and Trust unit. I joined the S&T unit to explore and improve TLS analysis and delve into identity management. While safeguarding Fondazione Bruno Kessler from cyber threats, I am looking into new opportunities and technologies and working with Istituto Poligrafico e Zecca dello Stato.

Experiences

Fondazione Bruno Kessler (Trento, Italy)

Security Administrator $\bullet$$\bullet$ Sep, 2022 - Present

Studying the state of the art and applying my expertise of risk analysis, red teaming, blue teaming, OSINT, and offensive technologies; conducting continuous pentests on the infrastructure and introducing new defenses to safeguard and protect Fondazione Bruno Kessler from cybercriminals.

Junior Research Scientist $\bullet$$\bullet$ Feb, 2021 - Present

Security analysis of the TLS deployments of IPZS projects, TLS Analysis in Android Apps and TLS tool enhancement within the Security & Trust research unit.

Internship $\bullet$$\bullet$ Feb, 2020 - May, 2020

Study and improvement of TLS analysis tools within the Security & Trust research unit.

Futuro & Conoscenza S.r.l. (Trento & Rome, Italy)

Junior Research Scientist $\bullet$$\bullet$ Jul, 2021 - Present

Collaboration between Fondazione Bruno Kessler and IPZS to promote the exchange of know-how and competences in the field of security technologies (material and digital) such as identification and and anti-counterfeiting, as well as the creation of a center for the coordination and exploitation of research.

Papers

Demo: TLSAssistant v2

in ACM Symposium on Access Control Models and Technologies, SACMAT $\bullet$$\bullet$ Jun, 2022

Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise.

A Modular and Extensible Framework for Securing TLS

in 12th ACM Conference on Data and Application Security and Privacy, CODASPY $\bullet$$\bullet$ Apr, 2022

Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise.

Awards

Premio Tesi - Clusit (Milan, Italy)

Placed 3rd, Associazione Italiana per la Sicurezza Informatica 17th Edition $\bullet$$\bullet$ Sep, 2022

The "Innovare la sicurezza delle Informazioni" award is given to the most innovative university theses in information security to foster cooperation between companies, institutions, and students in Italy. A point of interchange between the productive and scientific worlds, students and the working world, motivated by participants' demands and experiences.

Teaching and Tutoring

Internship Tutor

Andrea Brandolini and Mattia Andreolli in FBK, Security and Trust Unit $\bullet$$\bullet$ Jun, 2022 - Present

Andrea Brandolini and Mattia Andreolli are two outstanding students from Istituto Tecnico Tecnologico Buonarroti (Trento, Italy). They readily comprehended complicated topics like as databases and overflow threats despite just being in their third year. They are working with me and my colleague Salvatore Manfredi on a project that will raise awareness about security postures (e.g. password management, phishing awareness and more).

Federico Cucino in FBK, Security and Trust Unit $\bullet$$\bullet$ Feb, 2022 - Apr, 2022

I had the opportunity to oversee Federico Cucino, an undergraduate student at University of Trento, thanks to my colleague Salvatore Manfredi. Federico did an excellent job by collecting information on overall webserver use and, more specifically, Public Administration in Italy. Upon learning that NGINX was competing with APACHE, he included several mitigations into NGINX and developed a parser for TLSAssistant.

The parser can quickly scan an NGINX configuration and automatically repair any TLS vulnerabilities discovered. Federico was finally able to analyze the TLS environment in deep and correct additional flaws he discovered in the tool.

Ivan Valentini in FBK, Security and Trust Unit $\bullet$$\bullet$ Feb, 2022 - Apr, 2022

Thanks to my colleague Salvatore Manfredi, I have overseen the internship of an undergraduate student at University of Trento, Ivan Valentini. Ivan, a talented student, researched the TLS area to see what new threats had emerged. Ivan encountered ALPACA, Racoon, Zombie POODLE, Golden DOODLE, 0-Length OpenSSL, and Sleeping POODLE after researching the literature. Using POODLE variations as a starting point, Ivan investigated the optimal method for integrating these vulnerability checks into TLSAssistant. Ivan progressively included all prior vulnerability assessments (i.e. ALPACA, POODLE variants and Racoon). Not only did he incorporate them into our tool, but he also corrected and made the external tool TLSScanner more efficient by statistically demonstrating it by scanning the Alexa top 50,000 websites.

Projects

Multi-CIE System

Ideation of the Multi-CIE function in the CieID App $\bullet$$\bullet$ Jan, 2022 - March, 2022

The CieID App allows users to verify themselves for public services in Italy by using the CIE Card, commonly known as Carta di Identità Elettronica (eID card). Worked as part of a team to develop the best method for storing multiple eID cards in the APP while keeping the highest level of security and determining the optimum balance of security and usability.

breaking-telegram

PoC script to break Telegram $\bullet$$\bullet$ 2021

Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media received with this functionality, automatically.

TLSAssistant

Starting from Version 1.3 $\bullet$$\bullet$ 2020 - Present

Fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.

iHashDNA

Perceptual hashing library in python $\bullet$$\bullet$ 2020 - 2022 (Suspended)

Python library to easily check if two images are similar without machine learning by using Perceptual Hashing (phash and whash combined), with ban and unban image system.

Minor Works

Mallodroid

Conversion in Python 3 and enhancements $\bullet$$\bullet$ 2020 - 2021

telegram-deep-fakes-bot

Easy implementation and use of the first order model $\bullet$$\bullet$ 2020

Rappresentanti Bot

HelpDesk Telegram bot to support DISI Students in University of Trento $\bullet$$\bullet$ 2019

Education

University of Trento (Trento, Italy)

Bachelor of Computer Science $\bullet$$\bullet$ Sept, 2017 - Mar, 2021

Thesis in TLS Analyzers for Android Apps - State-of-the-art Analysis and Integration in TLSAssistant.

I.I.S. Primo Levi (Badia Polesine, Italy)

High School Diploma $\bullet$$\bullet$ Sept, 2012 - Sept, 2017

Final elaborate in psychoanalysis of James Joyce and the artificial intelligences.

Certifications

CyberWiser - CyberRange And Capacity Building in CyberSecurity

First Certificate

Cambridge Assessment English - B2 $\bullet$$\bullet$ Apr, 2017

ECDL Base

ECDL / ICDL Certification $\bullet$$\bullet$ May, 2016

Technical and Programming Skills

I am widely proficient in everything that touches the cybersecurity realm. My areas of expertise include security testing, vulnerability assessment, cyberrisk assessment, network security (e.g. DmZ, firewalls, honeypots), privacy, trust, OSINT, and digital identity. During the Machine Learning course, I worked with advanced deep learning systems (such as a convolutional neural network to identify Covid-19 from radiography, in 2020), achieved the highest gpa in multimedia data security (e.g. invisible and visible watermarking, compression resistant watermarking and classifying differences from video compression applied by Facebook and Youtube). I also earned the highest GPA in the Offensive Technologies course, in which I learned how to perform attack and defense in the cyberspace.

Throughout my career, I have discovered numerous flaws —some of them critical— in the infrastructures used by the Fondazione Bruno Kessler. I was also able to collaborate with the Postal Police while researching new technologies in the field. In addition, I managed to analyze the CIEApp (Carta Identità Elettronica) with the Open Web Application Security Project (OWASP). Threat intelligence is a topic that deeply interests me.

Programming Skills

Known Standards

Interests and Soft Skills

Work Interests

What i really want to do in my future $\bullet$$\bullet$ 2023

I am passionate about CyberSecurity, Privacy, Forensics and Digital Identity, as well as the solutions that embrace these areas, which include (but are not limited to) Security Protocol Analysis, Access Control, Zero-Trust and Zero-Knowledge methods, Malware Analysis and AI-Powered CyberSecurity. I am particularly intrigued by the idea of developing novel solutions and conducting scientific research in these fields.

University of Trento (Trento, Italy)

Student Representative for DISI $\bullet$$\bullet$ Nov, 2018 - Nov, 2022

Department Of Information Engineering And Computer Science