DePIN: From Decentralization Promise to Security Reality - A Critical Dissection of Trust, Privacy, and Architectural Illusions
In this talk, we critically examine DePIN systems through the lens of two complementary studies. First, we provide a systematic analysis of the DePIN paradigm, identifying its core architectural pillars - blockchain, IoT, and tokenomics - and exposing fundamental vulnerabilities arising from operating in a zero-trust, open-participation environment.
Overview
Decentralized Physical Infrastructure Networks (DePIN) are often portrayed as a cornerstone of the Web3 paradigm, enabling the sharing and monetization of physical resources (such as bandwidth, storage, and computation) through decentralized, token-driven ecosystems. By removing centralized intermediaries, DePIN promises transparency, resilience, and user sovereignty. However, this vision comes with a non-trivial attack surface and a set of largely underexplored security and privacy risks.
We show how classical issues such as Sybil attacks, malicious resource providers, and sensitive data exposure are not only inherited but amplified in DePIN settings. Second, we move from theory to practice by dissecting one of the most prominent DePIN use cases: decentralized VPNs (dVPNs). Through an operator-centric, measurement-driven study, we reveal a significant gap between advertised decentralization and actual deployments. Our findings demonstrate that commercial dVPNs often rely on centralized control-plane components, introducing hidden chokepoints that undermine both resilience and censorship resistance. Moreover, we show that the trust model is fundamentally shifted rather than eliminated: untrusted exit-node operators gain visibility into user traffic patterns, enabling behavioral inference and raising serious privacy concerns.
Overall, this seminar challenges the dominant narrative of DePIN as inherently secure and decentralized. In particular, we argue that dVPN systems frequently exhibit architectural centralization under decentralized branding, coupled with expanded trust boundaries and novel threat vectors. We conclude by outlining key research directions toward building verifiable, privacy-preserving, and truly decentralized infrastructure systems.
Presenters
Brief Biography
Roberto Di Pietro (Fellow, IEEE; Distinguished Scientist, ACM; Fellow, AAIA; Member Academia Europaea) is a Professor of Computer Science with the KAUST CEMSE Division, Saudi Arabia. Previously, he was a Professor in Cybersecurity and founder of the Cyber-Security Research Innovation Lab (CRI-Lab) at Hamad Bin Khalifa University (HBKU)-College of Science and Engineering (CES), Qatar.
Previously, at Bell Labs (Alcatel-Lucent/Nokia), he served as Global Head for Security Research, managing three security research departments based in Paris, Munich and Espoo, aligning research with business objectives and moving research results into innovation. Before, he was a tenured professor at the University of Padova. He started his career as a senior military officer within the Italian Ministry of Defence (MoD), working on security-related nationwide technology projects.
He has been working in the cybersecurity field for more than 25 years, leading technology-oriented and research-focused teams in the private sector, government and academia. He has served as a senior security consultant for international organizations, including the United Nations (U.N.) and U.N. agencies (the International Atomic Energy Agency (IAEA), the United Nations Global Service Centre (UNLB) and the World Intellectual Property Organization (WIPO)). In addition to his international experience, he was appointed Seconded National Expert and detached for one year at the European Union Agency for Criminal Justice Cooperation (Eurojust).
As per his drive for innovation, besides being involved in the mergers and acquisitions (M&A) of startups—and having founded one (exited)—he is on the board of research centres and startups.
In 2011-2012, he was awarded a Chair of Excellence from the University Carlos III, Madrid, Spain. In 2020, he received the Jean-Claude Laprie Award for having significantly influenced the theory and practice of Dependable Computing. In 2022, he was awarded the Individual Innovation Award from HBKU. He has been consistently included in Stanford University's "World Ranking Top 2% Scientists" list since this ranking existed.
His education accounts for an M.S. in Computer Science ('94) and an M.S. in Informatics ('03), both from the University of Pisa (UniPi), Italy, and a Specialization Diploma in Operations Research and Strategic Decisions ('03) and a Ph.D. degree in Computer Science ('04), both from the University of Rome "La Sapienza."
In his academic career, he has secured more than $9 million in funding (either as LPI or PI).
