Marco
Pernpruner
Experience

Visiting PhD Student
King's College, London, United Kingdom
Department of Informatics.
Supervisor: Prof. Luca Viganò.

PhD Student
Fondazione Bruno Kessler, Trento, Italy
Research Unit: Security & Trust.
PhD in Security, Risk and Vulnerability.
Curriculum: Cyber Security and Reliable Artificial Intelligence.
PhD Program in agreement between University of Genoa and Fondazione Bruno Kessler.

Research Assistant
Fondazione Bruno Kessler, Trento, Italy
Research Unit: Security & Trust.
Design, security analysis (also through formal techniques) and risk assessment of Identity Management solutions, including multi-factor authentication protocols based on eID documents and enrollment protocols to connect users' digital and real identities with given levels of assurance.

Intern
Fondazione Bruno Kessler, Trento, Italy
Research Unit: Security & Trust.
Design, implementation and security analysis of a multi-factor authentication protocol based on the Italian eID card and push notifications, as part of the joint project between FBK and IPZS (Poligrafico e Zecca dello Stato Italiano, the Italian Government Printing Office and Mint).
Education

PhD in Security, Risk and Vulnerability
University of Genoa, Italy
Cycle: XXXVI.
Curriculum: Cyber Security and Reliable Artificial Intelligence.
PhD Program in agreement between University of Genoa and Fondazione Bruno Kessler.

Master's Degree in Computer Science and Engineering
University of Verona, Italy
Curriculum: Cyber Security.
Final Grade: 108/110.
Thesis: "A passwordless out-of-band authentication protocol based on eID cards and push notifications: Design and formal security analysis".
Supervisor: Prof. Massimo Merro.
Co-supervisors: Dr. Giada Sciarretta, Dr. Roberto Carbone (FBK).

Bachelor's Degree in Information and Business Organisation Engineering
University of Trento, Italy
Final Grade: 104/110.
Thesis: "Trasformazione digitale dei processi all'interno di un Settore Arbitrale".
Supervisor: Prof. Nicola Mezzetti.
Winner of Merit Award by University of Trento.
Research
Publications
Conference Papers
-
A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments
In: Proceedings of the 18th International Conference on Security and Cryptography (SECRYPT 2021), Pages 222-233. -
The Good, the Bad and the (Not So) Ugly of Out-of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY '20), Pages 223-234.
Other
Dissemination
-
Sicurezza informatica e identità digitale
Presented at: Corso di sicurezza informatica, Brokers Italiani. -
Identità digitale
Presented at: Cybersecurity Act, Digital Innovation Hub Vicenza. -
How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis
Presented at: Identiverse 2021. -
Identità digitale: identificazione remota, autenticazione sicura e gestione degli attributi
Presented at: PMI Academy, Accademia d'Impresa. -
Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2
Presented at: Tech Talk, DedaGroup. -
Automated Security and Risk Analysis of Strong Customer Authentication Solutions for the PSD2
Presented at: Recent Security Advances in the Finance Sector, FinTech, FINSEC and SOTER European Projects. -
Strong Customer Authentication for the PSD2: security issues and possible mitigations to share with end users
Presented at: Digital Finance Academy for Security, FINSEC European Project. -
Cyber Security & Servizi Finanziari
Presented at: FBK Academy, Fondazione Bruno Kessler (FBK).
Academic
Teaching Activity
Theses Supervision
-
Leonardo Xompero
A Survey of Risk-Based Authentication: How features and security actions can be used to mitigate attackers
Master's Degree in Computer Science, University of Trento. Thesis Co-supervisor. -
Giacomo Zanolli
FIDO2 Passwordless Authentication: From the basics to an implementation in the context of an authorization system
Bachelor's Degree in Computer Science, University of Trento. Thesis Co-supervisor. -
Adrien Beaugendre
A Flexible Risk Analysis on MuFASA Tool
Master's Degree in Computer Science, University of Trento. Thesis Co-supervisor. -
Alessio Valenza
Autenticazione bancaria post-PSD2: siamo al sicuro? Analisi automatica del rischio di protocolli di autenticazione
Bachelor's Degree in Computer Science, University of Trento. Thesis Co-supervisor.