Marco
Pernpruner

PhD Student at Fondazione Bruno Kessler and University of Genoa

Experience

November 2024 - present

Researcher

Fondazione Bruno Kessler, Trento, Italy

Research Unit: Security & Trust.

Focus on digital identity, with a specialization in the security by design, security and risk assessment of fully-remote enrollment and multi-factor authentication protocols.

November 2020 - May 2024

PhD Student

Fondazione Bruno Kessler, Trento, Italy

Research Unit: Security & Trust.

PhD in Security, Risk and Vulnerability.

Curriculum: Cyber Security and Reliable Artificial Intelligence.

PhD Program in agreement between Fondazione Bruno Kessler and the University of Genoa.

July 2022 - October 2022

Visiting PhD Student

King's College, London, United Kingdom

Department of Informatics.

Supervisor: Prof. Luca Viganò.

Research in the field of mutations applied to Identity Management protocols, to evaluate the effects of unexpected behaviour by the legitimate user on the overall security of the protocols.

March 2019 - October 2020

Research Assistant

Fondazione Bruno Kessler, Trento, Italy

Research Unit: Security & Trust.

Design, security analysis (also through formal techniques) and risk assessment of Identity Management solutions, including multi-factor authentication protocols based on eID documents and enrollment protocols to connect users' digital and real identities.

October 2018 - January 2019

Intern

Fondazione Bruno Kessler, Trento, Italy

Research Unit: Security & Trust.

Design, implementation and security analysis of a multi-factor authentication protocol based on the Italian eID card and push notifications, as part of the joint project between FBK and IPZS (Poligrafico e Zecca dello Stato Italiano, the Italian Government Printing Office and Mint).

Education

November 2020 - May 2024

PhD in Security, Risk and Vulnerability

University of Genoa, Italy

Cycle: XXXVI.

Curriculum: Cyber Security and Reliable Artificial Intelligence.

Final Grade: cum laude.

Thesis: "Integrating Security by Design and Automated Security Analysis for Digital Identity Management".

Supervisor: Prof. Silvio Ranise.

Co-supervisors: Dr. Giada Sciarretta.

External reviewers: Prof. Luca Viganò, Prof. Nicola Zannone.

PhD Program in agreement between Fondazione Bruno Kessler and the University of Genoa.

October 2016 - July 2019

Master's Degree in Computer Science and Engineering

University of Verona, Italy

Curriculum: Cyber Security.

Final Grade: 108/110.

Thesis: "A passwordless out-of-band authentication protocol based on eID cards and push notifications: Design and formal security analysis".

Supervisor: Prof. Massimo Merro.

Co-supervisors: Dr. Giada Sciarretta, Dr. Roberto Carbone (FBK).

September 2013 - September 2016

Bachelor's Degree in Information and Business Organisation Engineering

University of Trento, Italy

Final Grade: 104/110.

Thesis: "Trasformazione digitale dei processi all'interno di un Settore Arbitrale".

Supervisor: Prof. Nicola Mezzetti.

Winner of Merit Award by University of Trento.

Research

Publications

Conference Papers

  1. Marco Pernpruner, Giada Sciarretta, Silvio Ranise
    A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments
    In: Proceedings of the 18th International Conference on Security and Cryptography (SECRYPT 2021), Pages 222-233.
  2. Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta
    The Good, the Bad and the (Not So) Ugly of Out-of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
    In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY '20), Pages 223-234.

Other

  1. Roberto Carbone, Marco Pernpruner, Giada Sciarretta, Silvio Ranise
    Valutazione automatica dei rischi di sicurezza delle procedure di autenticazione bancarie
    In: Exprivia Threat Intelligence Report, Vol. 3Q2020, Pages 61-67.

Dissemination

  1. Marco Pernpruner
    Sicurezza informatica e identità digitale
    Presented at: Corso di sicurezza informatica, Brokers Italiani.
  2. Marco Pernpruner
    Identità digitale
    Presented at: Cybersecurity Act, Digital Innovation Hub Vicenza.
  3. Marco Pernpruner
    How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis
    Presented at: Identiverse 2021.
  4. Marco Pernpruner, Giada Sciarretta, Alessandro Tomasi
    Identità digitale: identificazione remota, autenticazione sicura e gestione degli attributi
    Presented at: PMI Academy, Accademia d'Impresa.
  5. Andrea Bisegna, Roberto Carbone, Marco Pernpruner, Silvio Ranise
    Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2
    Presented at: Tech Talk, DedaGroup.
  6. Marco Pernpruner
    Automated Security and Risk Analysis of Strong Customer Authentication Solutions for the PSD2
    Presented at: Recent Security Advances in the Finance Sector, FinTech, FINSEC and SOTER European Projects.
  7. Marco Pernpruner
    Strong Customer Authentication for the PSD2: security issues and possible mitigations to share with end users
    Presented at: Digital Finance Academy for Security, FINSEC European Project.
  8. Marco Pernpruner, Giada Sciarretta, Silvio Ranise
    Cyber Security & Servizi Finanziari
    Presented at: FBK Academy, Fondazione Bruno Kessler (FBK).

Academic

Teaching Activity

  1. Laboratorio di Programmazione
    Bachelor's Degree in Mathematics, University of Trento. Academic Year 2021/2022. Teaching Assistant.
  2. Laboratorio di Programmazione
    Bachelor's Degree in Mathematics, University of Trento. Academic Year 2020/2021. Teaching Assistant.

Theses Supervision

  1. Leonardo Xompero
    A Survey of Risk-Based Authentication: How features and security actions can be used to mitigate attackers
    Master's Degree in Computer Science, University of Trento. Thesis Co-supervisor.
  2. Giacomo Zanolli
    FIDO2 Passwordless Authentication: From the basics to an implementation in the context of an authorization system
    Bachelor's Degree in Computer Science, University of Trento. Thesis Co-supervisor.
  3. Adrien Beaugendre
    A Flexible Risk Analysis on MuFASA Tool
    Master's Degree in Computer Science, University of Trento. Thesis Co-supervisor.
  4. Alessio Valenza
    Autenticazione bancaria post-PSD2: siamo al sicuro? Analisi automatica del rischio di protocolli di autenticazione
    Bachelor's Degree in Computer Science, University of Trento. Thesis Co-supervisor.