Marco
Pernpruner
Experience
Researcher
Fondazione Bruno Kessler, Trento, Italy
Research Unit: Security & Trust.
Focus on digital identity, with a specialization in the security by design, security and risk assessment of fully-remote enrollment and multi-factor authentication protocols.
PhD Student
Fondazione Bruno Kessler, Trento, Italy
Research Unit: Security & Trust.
PhD in Security, Risk and Vulnerability.
Curriculum: Cyber Security and Reliable Artificial Intelligence.
PhD Program in agreement between Fondazione Bruno Kessler and the University of Genoa.
Visiting PhD Student
King's College, London, United Kingdom
Department of Informatics.
Supervisor: Prof. Luca Viganò.
Research in the field of mutations applied to Identity Management protocols, to evaluate the effects of unexpected behaviour by the legitimate user on the overall security of the protocols.
Research Assistant
Fondazione Bruno Kessler, Trento, Italy
Research Unit: Security & Trust.
Design, security analysis (also through formal techniques) and risk assessment of Identity Management solutions, including multi-factor authentication protocols based on eID documents and enrollment protocols to connect users' digital and real identities.
Intern
Fondazione Bruno Kessler, Trento, Italy
Research Unit: Security & Trust.
Design, implementation and security analysis of a multi-factor authentication protocol based on the Italian eID card and push notifications, as part of the joint project between FBK and IPZS (Poligrafico e Zecca dello Stato Italiano, the Italian Government Printing Office and Mint).
Education
PhD in Security, Risk and Vulnerability
University of Genoa, Italy
Cycle: XXXVI.
Curriculum: Cyber Security and Reliable Artificial Intelligence.
Final Grade: cum laude.
Thesis: "Integrating Security by Design and Automated Security Analysis for Digital Identity Management".
Supervisor: Prof. Silvio Ranise.
Co-supervisors: Dr. Giada Sciarretta.
External reviewers: Prof. Luca Viganò, Prof. Nicola Zannone.
PhD Program in agreement between Fondazione Bruno Kessler and the University of Genoa.
Master's Degree in Computer Science and Engineering
University of Verona, Italy
Curriculum: Cyber Security.
Final Grade: 108/110.
Thesis: "A passwordless out-of-band authentication protocol based on eID cards and push notifications: Design and formal security analysis".
Supervisor: Prof. Massimo Merro.
Co-supervisors: Dr. Giada Sciarretta, Dr. Roberto Carbone (FBK).
Bachelor's Degree in Information and Business Organisation Engineering
University of Trento, Italy
Final Grade: 104/110.
Thesis: "Trasformazione digitale dei processi all'interno di un Settore Arbitrale".
Supervisor: Prof. Nicola Mezzetti.
Winner of Merit Award by University of Trento.
Research
Publications
Conference Papers
-
A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments
In: Proceedings of the 18th International Conference on Security and Cryptography (SECRYPT 2021), Pages 222-233. -
The Good, the Bad and the (Not So) Ugly of Out-of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY '20), Pages 223-234.
Other
Dissemination
-
Sicurezza informatica e identità digitale
Presented at: Corso di sicurezza informatica, Brokers Italiani. -
Identità digitale
Presented at: Cybersecurity Act, Digital Innovation Hub Vicenza. -
How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis
Presented at: Identiverse 2021. -
Identità digitale: identificazione remota, autenticazione sicura e gestione degli attributi
Presented at: PMI Academy, Accademia d'Impresa. -
Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2
Presented at: Tech Talk, DedaGroup. -
Automated Security and Risk Analysis of Strong Customer Authentication Solutions for the PSD2
Presented at: Recent Security Advances in the Finance Sector, FinTech, FINSEC and SOTER European Projects. -
Strong Customer Authentication for the PSD2: security issues and possible mitigations to share with end users
Presented at: Digital Finance Academy for Security, FINSEC European Project. -
Cyber Security & Servizi Finanziari
Presented at: FBK Academy, Fondazione Bruno Kessler (FBK).
Academic
Teaching Activity
Theses Supervision
-
Leonardo Xompero
A Survey of Risk-Based Authentication: How features and security actions can be used to mitigate attackers
Master's Degree in Computer Science, University of Trento. Thesis Co-supervisor. -
Giacomo Zanolli
FIDO2 Passwordless Authentication: From the basics to an implementation in the context of an authorization system
Bachelor's Degree in Computer Science, University of Trento. Thesis Co-supervisor. -
Adrien Beaugendre
A Flexible Risk Analysis on MuFASA Tool
Master's Degree in Computer Science, University of Trento. Thesis Co-supervisor. -
Alessio Valenza
Autenticazione bancaria post-PSD2: siamo al sicuro? Analisi automatica del rischio di protocolli di autenticazione
Bachelor's Degree in Computer Science, University of Trento. Thesis Co-supervisor.