Marco Pernpruner

Marco Pernpruner

Cybersecurity Professional • PhD

Researcher in digital identity management, with experience in innovative industrial projects. Actively involved in sharing knowledge by delivering seminars and webinars at international events, teaching at the university level, and mentoring students during their thesis journey.

In my free time, I am a volleyball referee in the Italian Serie A and a member of local referee commissions, where I am responsible for the development and improvement of referees.

Age

30 years

Location

Trento, Italy


Topics

Current

Digital Identity
Formal Methods
Risk Assessment
Security Analysis
Security by Design
Threat Modeling

Past

Financial Security
Risk-Based Authentication

Skills

Markup/Styling Languages

HTML
CSS
LaTeX
Markdown

Programming Languages

Android
C/C++
Java
JavaScript
PHP
Python

Protocols

Authentication
FIDO2
Identity Proofing

Regulations

eIDAS
ETSI TS 119 461
PSD2
NIST 800-63

Technologies

Git
MySQL
PostgreSQL
SQLite

Tools

Bitbucket
GitHub
GitLab
Microsoft Word
Microsoft Excel
Microsoft PowerPoint

Soft Skills

Curiosity
Leadership
Organization
Precision
Problem Solving
Public Speaking

Languages

Italian (native)
English (C1)

Work

Researcher

November 2023 - Current
Research Unit

Security & Trust

Research Center

Center for Cybersecurity

Research activities dealing with digital identity, with specialization in the security by design, security and risk assessment of fully-remote enrollment and multi-factor authentication protocols, also in complex ecosystems.

Related topics:
Digital Identity
Formal Methods
Security by Design
Security Analysis
Risk Assessment
Threat Modeling

Junior Researcher (PhD Student)

November 2020 - October 2023
Research Unit

Security & Trust

Research Center

Center for Cybersecurity

Research activities on digital identity as part of the PhD Program in “Security, Risk and Vulnerability”, offered by the University of Genoa in collaboration with Fondazione Bruno Kessler.

Related topics:
Digital Identity
Formal Methods
Security by Design
Security Analysis
Risk Assessment
Threat Modeling

Visiting PhD Student

July - October 2022
Department

Informatics

Supervisor

Prof. Luca Viganò

Research in the field of mutations applied to Identity Management protocols, to evaluate the effects of unexpected behaviour by the legitimate user on the overall security.

Related topics:
Digital Identity
Formal Methods
Security Analysis
Security Mutations

Research Assistant

March 2019 - October 2020
Research Unit

Security & Trust

Research Center

Center for Information Technology

Design, security analysis (also through formal techniques) and risk assessment of Identity Management solutions, including multi-factor authentication protocols based on eID documents and enrollment protocols to connect users’ digital and real identities.

Related topics:
Digital Identity
Formal Methods
Security by Design
Security Analysis
Risk Assessment

Intern

October 2018 - January 2019
Research Unit

Security & Trust

Research Center

Center for Information Technology

Design, implementation and security analysis of a multi-factor authentication protocol based on the Italian eID card and push notifications, as part of the joint project between FBK and IPZS (Poligrafico e Zecca dello Stato Italiano, the Italian Government Printing Office and Mint).

Related topics:
Digital Identity
Security by Design
Security Analysis

Significant Experience

Volleyball Referee

December 2011 - Current
Current role

National Referee in "Serie A"

Started refereeing in 2011, reaching the Regional category in 2013, the B role in 2016, and finally the A role in 2022. In 2016, officiated the men’s final of the Regions Trophy. Subsequently, participated in several National Youth Finals, refereeing the respective semifinal matches: U14 men in 2017, U18 women in 2018, and U18 men in 2019.

Over the years, also held additional roles: electronic report officer (2013-2020), associate observer (since 2016), and third referee (since 2020).

Related skills:
Communication
Decision-Making
Leadership
People Management
Stress Management

Member of Local Refereeing Commissions

July 2016 - Current
2016-2019

Local Committee of Verona

Since 2022

Local Committee of Trentino

Responsible for Referees’ improvement and development.

Main duties:

  • Organization of training courses for new Referees, with proper allocation of instructors.
  • Theoretical training and development of Referees through periodic meetings dealing with both rules-related and psychological perspectives.
  • Development of written exams dealing with the rules of the game, to verify and improve the theoretical knowledge by the Referees.
Related skills:
Communication
Leadership
Organization
Public Speaking

Certified Referees' Instructor

May 2017 - Current

Training and mentoring referees.

Related skills:
Communication
Microsoft PowerPoint
Public Speaking

Education

PhD in Security, Risk and Vulnerability

November 2020 - May 2024
Grade

Cum laude

Curriculum

Cybersecurity and Reliable Artificial Intelligence

Cycle

XXXVI

PhD Program in agreement between Fondazione Bruno Kessler and the University of Genoa.

Thesis: “Integrating Security by Design and Automated Security Analysis for Digital Identity Management”.
Supervisor: Prof. Silvio Ranise.
Co-supervisor: Dott.ssa Giada Sciarretta.
External reviewers: Prof. Luca Viganò, Prof. Nicola Zannone.

Attended courses:

  • Digital Forensics and Computer Crimes, Security and privacy in socio-technical systems, Research Methodology, Introduction to Law and Security, Resilience Assessment of Complex Systems as a Multidisciplinary Approach to Prevention and Disaster Management, Mobile Security, Writing in the Sciences, Risk Management and Performance, Risk Management.

Master's Degree in Computer Science and Engineering

October 2016 - July 2019
Grade

108/110

Curriculum

Cybersecurity

Thesis: “A passwordless out-of-band authentication protocol based on eID cards and push notifications: Design and formal security analysis”.
Supervisor: Prof. Massimo Merro.
Co-supervisors: Dr. Giada Sciarretta, Dr. Roberto Carbone (FBK).

Attended courses (by year):

  • Information systems, Analysis of information systems, System theory (Dynamical systems, Discrete event systems), Foundation of computing (Semantics of programming languages, Artificial intelligence), Algorithms (Algorithms, Computational complexity), Network security, Automated system verification;
  • Software security, Cryptography, Malware, Organization studies.

Bachelor's Degree in Information and Business Organisation Engineering

September 2013 - September 2016
Grade

104/110

Thesis: “Trasformazione digitale dei processi all’interno di un Settore Arbitrale”.
Supervisor: Prof. Nicola Mezzetti.

Attended courses (by year):

  • Communication networks, General computer science, Calculus 1, Fundamental of business economics, Geometry and Linear Algebra, Physics;
  • Object-oriented programming, Software Project Management, Business organization and production/operation management, Quality and innovation engineering, Electronics for product innovation, Database systems, Stochastic modelling methodologies for engineering, Optimization techniques for TLC;
  • Information systems, Software engineering 2, Multimedia communications, Strategic management, Computer architectures, Advanced networks/Data security, Mobile and tablet programming laboratory.

Winner of Merit Award by University of Trento.


Awards

PhD Scholarship

Scholarship for the PhD program in “Security, Risk and Vulnerability” at the University of Genoa.


University Merit Award

Merit Award issued by University of Trento for the Bachelor.


High School Scholarship

Scholarship “Mario Negri” for High School (academic year 2012/2013).


High School Scholarship

Scholarship “Mario Negri” for High School (academic year 2011/2012).


Middle School Scholarship

Scholarship “Perio Michiara” for Middle School (academic year 2007/2008).


Projects


Research and Industrial Projects

2024

METAfora – Metodologie e tEcnologie di rappresenTazione per il metAverso

Bit4id S.r.l.
Funded by

Ministero delle Imprese e del Made in Italy

Definition of a framework for remote identification processes (onboarding) in the context of the Metaverse. In addition to the design of an onboarding system based on cross-device flows, the framework includes security and risk analysis using an automated tool to explore various protocols (actions and related mitigations) and tracks design choices (audit process and compliance with regulatory requirements).

Related topics:
Identity Proofing
Metaverse
Security Analysis

2024

Notarify 3.0

B-Zero S.r.l.
Funded by

Autonomous Province of Trento

Analysis and identification of the best methodologies for integrating publicly and legally recognized digital identity solutions (SPID/CIE) within the Notarify platform.

Related topics:
Authentication
Electronic Identity Documents

2023

Scenari Innovativi di Identità Digitale

Futuro & Conoscenza S.r.l.

Analysis, design and security assessment for the integration of the FIDO2 protocol across three scenarios: IT Wallet, federated ecosystems, and non-federated ecosystems.

Related topics:
Digital Identity Wallet
FIDO2
Security by Design
Security Analysis

2023

Scenari Innovativi di Identità Fisica

Futuro & Conoscenza S.r.l.

Definition of mitigations for the cross-device remote flow in credential presentation of the digital wallet, with ranking of each mitigation by security and usability levels to facilitate discussions among the involved stakeholders.

Related topics:
Digital Identity Wallet

2020 - 2021

Protocollo DLT CherryChain

CherryChain S.r.l.
Funded by

Autonomous Province of Trento

Development of a system for managing identities provided by external entities using the internal network protocol, defining access policies corresponding to these identities, and introducing assurance mechanisms to ensure compliance with these policies. Security properties were verified through formal methods.

Related topics:
Electronic Identity Documents
Identity Proofing

2018 - 2020

DigiMat Lab

Istituto Poligrafico e Zecca Dello Stato S.p.A.

Design, security analysis (including formal techniques), and risk assessment of Identity Management solutions using the Electronic Identity Card (CIE 3.0) for secure and reliable authentication of citizens.

Related topics:
Authentication
Digital Identity
Electronic Identity Documents
Formal Methods
Risk Assessment
Security Analysis


Personal Projects

2015 - Current

Management Software Design, Development and Maintenance

  • Portale Arbitri FIPAV Verona (2015-2020): digital platform to streamline referee management for the Local Committee of Verona. The system handled the full bureaucratic lifecycle, including personal file management, match approvals, payment procedures, and the organization of referee training courses and instructors. It also facilitated the planning of supervisions and the collection of detailed performance reports, significantly improving operational efficiency and communication across all levels of refereeing.

  • Portale Territorio FIPAV (since 2018): digital platform aimed at simplifying interactions between the National Refereeing Commission and Local Committees. This initiative brought about a major digital transformation, automating and streamlining the entire bureaucratic lifecycle. By reducing administrative workload on both sides, the platform enhanced productivity, transparency, and coordination across multiple regions.

  • Portale CRUG Trentino (since 2022): digital platform for the Local Committee of Trentino, to manage the full range of referee-related administrative tasks under the Refereeing Commission. The system supports the organization of training courses, the appointment of instructors, and the generation of reimbursement requests. It also aids in planning referee supervisions and collecting performance reports, providing a structured and efficient way to handle these processes.

Related skills:
HTML
CSS
PHP
JavaScript
MySQL

2015 - Current

Website Design, Development and Maintenance

  • Dialogica: marketing consultant company based in Milan, Italy.
  • Enrico Patacca: amateur photographer, winner of the Grand Prix at “Al Thani” Award for Photography 2015.
  • FIPAV Verona: local committee of the Italian Volleyball Federation.
  • Green ID: gardening and landscaping company based in Milan, Italy.
  • The Valuehub: marketing consultant company based in Milan, Italy.
Related skills:
HTML
CSS
PHP
JavaScript
MySQL


University Projects

2017 - 2019

RideSharing

Course

Foundation of computing (Artificial intelligence)

University

Verona

Comprehensive ride-sharing ecosystem to simplify passenger transportation. The system featured a web application for organizations to define routes and assign passengers, while an Android app optimized the routes and guided drivers through their stops. Passengers received notifications when the vehicle was approaching and could adjust their participation status, triggering real-time route updates. Notifications were sent via push alerts and a custom Telegram bot, ensuring smooth communication between passengers and drivers. The application was successfully tested and used in real-world contexts, demonstrating its effectiveness in optimizing transportation logistics.

Related skills:
HTML
CSS
PHP
JavaScript
MySQL
Android

2016

EatOnTime

Course

Mobile and tablet programming laboratory

University

Trento

Android mobile application that helps users track food expiration dates to better plan their meals. The app notifies users when products are nearing expiration, reducing waste and encouraging efficient food management by alerting them in advance.

Related skills:
Android

2014 - 2015

InTouch

Course

Object-oriented programming

University

Trento

Social interaction platform with a command-line interface using C++. The platform facilitated user communication and interactions through a text-based interface.

Related skills:
C/C++

Publications


Conference Papers

Beyond Screens: Investigating Identity Proofing for the Metaverse Through Cross-Device Flows

Marco Pernpruner, Cecilia Pasquini, Giada Sciarretta, Silvio Ranise
In: 2nd International Conference on Intelligent Metaverse Technologies & Applications
Related topics:
Identity Proofing
Metaverse

A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments

Marco Pernpruner, Giada Sciarretta, Silvio Ranise
In: Proceedings of the 18th International Conference on Security and Cryptography (SECRYPT 2021)
Related topics:
Electronic Identity Documents
Identity Proofing
Risk Assessment
Security Analysis

The Good, the Bad and the (Not So) Ugly of Out-of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis

Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta
In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY '20)
Related topics:
Authentication
Electronic Identity Documents
Formal Methods
Risk Assessment
Security Analysis
Security by Design


Journal Papers

An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols

Marco Pernpruner, Roberto Carbone, Giada Sciarretta, Silvio Ranise
In: IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 4
Related topics:
Authentication
Formal Methods
Risk Assessment
Security Analysis


Workshop Papers

Towards a Fine-Grained Threat Model for Video-Based Remote Identity Proofing

Cecilia Pasquini, Marco Pernpruner, Giada Sciarretta, Silvio Ranise
In: Machine Learning and Principles and Practice of Knowledge Discovery in Databases
Related topics:
Identity Proofing
Threat Modeling


Standards

Cross-Device Flows: Security Best Current Practice

Pieter Kasselman, Daniel Fett, Filip Skokan
Internet-Draft draft-ietf-oauth-cross-device-security, Internet Engineering Task Force
Role: Acknowledged Contributor
Related topics:
Authentication
Formal Methods


Other

Valutazione automatica dei rischi di sicurezza delle procedure di autenticazione bancarie

Roberto Carbone, Marco Pernpruner, Silvio Ranise, Giada Sciarretta
In: Exprivia Threat Intelligence Report, Vol. 3Q2020, Pages 61-67
Related topics:
Authentication
Financial Security
Risk Assessment

Dissemination


Presentations in Conferences and Workshops

A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments

Marco Pernpruner
18th International Conference on Security and Cryptography (SECRYPT 2021)
6 - 8 July 2021• Online
Related topics:
Electronic Identity Documents
Identity Proofing
Risk Assessment
Security Analysis

The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis

Marco Pernpruner
Tenth ACM Conference on Data and Application Security and Privacy (CODASPY '20)
3 - 4 August 2020• Online
Related topics:
Authentication
Electronic Identity Documents
Formal Methods
Risk Assessment
Security Analysis
Security by Design


Seminars and Webinars

The Role of Formal Methods in Digital Identity Management

Marco Pernpruner
Master's Course "Formal Techniques for Cryptographic Protocol Analysis", University of Trento
16 May 2024• Trento, Italy
Related topics:
Digital Identity
Formal Methods

Integrating Security by Design and Automated Security Analysis for Digital Identity Management

Marco Pernpruner
CYS Seminar, Cybersecurity Group, King's College London
24 October 2022• London, UK
Related topics:
Digital Identity
Risk Assessment
Security Analysis
Security by Design

Identità digitale

Marco Pernpruner
Cybersecurity Act, Digital Innovation Hub Vicenza
27 January 2022• Online
Related topics:
Digital Identity

How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis

Marco Pernpruner
Identiverse 2021
23 June 2021• Online
Related topics:
Authentication
Electronic Identity Documents
Risk Assessment
Security Analysis

Identità digitale: identificazione remota, autenticazione sicura e gestione degli attributi

Marco Pernpruner, Giada Sciarretta, Alessandro Tomasi
PMI Academy, Accademia d'Impresa
5 May 2021• Online
Related topics:
Authentication
Digital Identity
Identity Proofing

Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2

Andrea Bisegna, Roberto Carbone, Marco Pernpruner, Silvio Ranise
Tech Talk, DedaGroup
11 March 2021• Online
Related topics:
Financial Security
PSD2
Risk Assessment
Security Analysis

Automated Security and Risk Analysis of Strong Customer Authentication Solutions for the PSD2

Marco Pernpruner
Recent Security Advances in the Finance Sector, FinTech, FINSEC and SOTER European Projects
24 January 2021• Online
Related topics:
Financial Security
PSD2
Risk Assessment
Security Analysis

Strong Customer Authentication for the PSD2: security issues and possible mitigations to share with end users

Marco Pernpruner
Digital Finance Academy for Security, FINSEC European Project
28 September 2020• Online
Related topics:
Financial Security
PSD2

Cyber Security & Servizi Finanziari

Marco Pernpruner, Silvio Ranise, Giada Sciarretta
FBK Academy, Fondazione Bruno Kessler
5 May 2020• Online
Related topics:
Financial Security

Teaching


University Courses

February - September 2024

Laboratorio di Programmazione

Bachelor's Degree in Mathematics, University of Trento
Lecturer: Silvio Ranise • Assistant: Marco Pernpruner • 6 CFU
Related skills:
Java

September 2023 - February 2024

Advanced Programming of Cryptographic Methods

Master's Degree in Mathematics, University of Trento
Lecturer: Silvio Ranise • Assistants: Marco Pernpruner, Riccardo Longo • 6 CFU
Related skills:
C/C++
Java

February - September 2022

Laboratorio di Programmazione

Bachelor's Degree in Mathematics, University of Trento
Lecturer: Silvio Ranise • Assistant: Marco Pernpruner • 6 CFU
Related skills:
Java

February - September 2021

Laboratorio di Programmazione

Bachelor's Degree in Mathematics, University of Trento
Lecturer: Silvio Ranise • Assistant: Marco Pernpruner • 6 CFU
Related skills:
Java


Modules in University Courses

March 2023

MuFASA: a tool for the security analysis of multi-factor authentication procedures

Lecturer: Marco Pernpruner
Module of the course: "Cryptography and Codes: enrollment, authentication, authorization, and all that"
PhD Program, University of Genoa and University of Trento
Lecturers: Roberto Carbone, Silvio Ranise, Giada Sciarretta
Related topics:
Authentication
Security Analysis

April 2022

MuFASA: a tool for the security analysis of multi-factor authentication procedures

Lecturer: Marco Pernpruner
Module of the course: "Digital identity: enrollment, authentication, and all that"
PhD Program, University of Genoa and University of Trento
Lecturers: Roberto Carbone, Silvio Ranise, Giada Sciarretta
Related topics:
Authentication
Security Analysis

July 2021

MuFASA: a tool for the security analysis of multi-factor authentication procedures

Lecturer: Marco Pernpruner
Module of the course: "Digital identity: enrollment, authentication, and all that"
PhD Program, University of Genoa and University of Trento
Lecturers: Roberto Carbone, Silvio Ranise, Giada Sciarretta
Related topics:
Authentication
Security Analysis


Other

April 2022

Sicurezza informatica e identità digitale

Brokers Italiani
Lecturer: Marco Pernpruner
Related topics:
Digital Identity
Risk Assessment

Thesis (Co-)Supervision

July 2024

Potenzialità e sfide nell'analisi formale di protocolli per l'identità digitale con Tamarin

Federico Graziola
Master's Degree in Computer Science and Engineering, University of Verona
Supervisor: Mariano Ceccato • Co-supervisors: Marco Pernpruner, Giada Sciarretta
Related topics:
Formal Methods
Security Analysis

July 2022

Automated Security and Risk Analysis of Remote Identity Proofing Procedures

Martina Vecellio Reane
Bachelor's Degree in Computer, Communication and Electronic Engineering, University of Trento
Supervisor: Silvio Ranise • Co-supervisors: Marco Pernpruner, Giada Sciarretta
Related topics:
Identity Proofing
Risk Assessment
Security Analysis

September 2021

A Survey of Risk-Based Authentication: How features and security actions can be used to mitigate attackers

Leonardo Xompero
Bachelor's Degree in Computer Science, University of Trento
Supervisor: Silvio Ranise • Co-supervisors: Giada Sciarretta, Marco Pernpruner
Related topics:
Authentication
Risk-Based Authentication

July 2021

FIDO2 Passwordless Authentication: From the basics to an implementation in the context of an authorization system

Giacomo Zanolli
Bachelor's Degree in Computer Science, University of Trento
Supervisor: Silvio Ranise • Co-supervisors: Giada Sciarretta, Marco Pernpruner
Related topics:
Authentication
FIDO2
WebAuthn

March 2021

A Flexible Risk Analysis on MuFASA Tool

Adrien Beaugendre
Master's Degree in Computer Science, University of Trento and University of Rennes 1
Supervisor: Silvio Ranise • Co-supervisors: Giada Sciarretta, Marco Pernpruner
Related topics:
Risk Assessment

March 2020

Autenticazione bancaria post-PSD2: siamo al sicuro? Analisi automatica del rischio di protocolli di autenticazione

Alessio Valenza
Bachelor's Degree in Computer Science, University of Trento
Supervisor: Silvio Ranise • Co-supervisors: Giada Sciarretta, Marco Pernpruner
Related topics:
Authentication
Financial Security
Risk Assessment

Community Service


Committees

Program Committee Co-Chair

3rd International Workshop on Trends in Digital Identity (TDI 2025)

3 February 2025 • Bologna, Italy

Program Committee Co-Chair

2nd International Workshop on Trends in Digital Identity (TDI 2024)

9 April 2024 • Rome, Italy

Web Chair

28th ACM Symposium on Access Control Models and Technologies (SACMAT 2023)

7 - 9 June 2023 • Trento, Italy

Program Committee Member

1st International Workshop on Trends in Digital Identity (TDI 2023)

6 June 2023 • Trento, Italy


Other

Session Chair of the "Research and Innovation" Session

2nd International Workshop on Trends in Digital Identity (TDI 2024)

9 April 2024 • Rome, Italy

Session Chair of the "Demos and Posters" Session

28th ACM Symposium on Access Control Models and Technologies (SACMAT 2023)

7 - 9 June 2023 • Trento, Italy

Session Chair of the "Italian Scenario" Session

1st International Workshop on Trends in Digital Identity (TDI 2023)

6 June 2023 • Trento, Italy

Organization Activities


Organization of Conferences and Workshops

3rd International Workshop on Trends in Digital Identity (TDI 2025)

3 February 2025 • Bologna, Italy

9th OAuth Security Workshop (OSW 2024)

10 - 12 April 2024 • Rome, Italy

2nd International Workshop on Trends in Digital Identity (TDI 2024)

9 April 2024 • Rome, Italy

28th ACM Symposium on Access Control Models and Technologies (SACMAT 2023)

7 - 9 June 2023 • Trento, Italy

1st International Workshop on Trends in Digital Identity (TDI 2023)

6 June 2023 • Trento, Italy