Security & Trust

Marco Pernpruner

Marco Pernpruner PhD Student

Marco Pernpruner is a student of the PhD Program in Security, Risk and Vulnerability, jointly offered by the University of Genoa and Fondazione Bruno Kessler. He received the BSc degree in Information and Business Organisation Engineering from the University of Trento in 2016, and the MSc degree in Computer Science and Engineering from the University of Verona in 2019.

He joined the Security & Trust Unit in October 2018 for an internship aimed at developing his Master’s thesis. From March 2019, he worked as a Research Assistant within the unit, focusing on the design and security analysis of enrollment and authentication procedures. In November 2020, he started his PhD under the supervision of Prof. Silvio Ranise and Dr. Giada Sciarretta. In 2022, he has also been a visiting PhD student at King’s College London, under the supervision of Prof. Luca Viganò.

His research focuses on digital identity, with a specialization in the design, security and risk assessment of multi-factor authentication and fully-remote enrollment procedures.

Publications

2023

  • Marco Pernpruner, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols
    In: IEEE Transactions on Dependable and Secure Computing (TDSC) (DOI, complementary material, news)
  • Cecilia Pasquini, Marco Pernpruner, Giada Sciarretta, Silvio Ranise
    Towards a Fine-Grained Threat Model for Video-Based Remote Identity Proofing
    In: ECML/PKDD 2023 Post-Workshops and Tutorials Proceedings (news)

2021

  • Marco Pernpruner, Giada Sciarretta, Silvio Ranise
    A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-Remote Solutions Based on eDocuments
    In: 18th International Conference on Security and Cryptography (SECRYPT 2021) (DOI, complementary material)

2020

  • Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta
    The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
    In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY 2020) (DOI, complementary material, news)

Theses

  • Marco Pernpruner (PhD Thesis, University of Genoa, 2024)
    Integrating Security by Design and Automated Security Analysis for Digital Identity Management
    Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
  • Marco Pernpruner (Master's Thesis, University of Verona, 2019)
    A passwordless out-of-band authentication protocol based on eID cards and push notifications: Design and formal security analysis
    Supervisors: Massimo Merro | Co-supervisors: Giada Sciarretta, Roberto Carbone

Dissemination

2022

  • January 27, 2022 • General
    Marco Pernpruner
    Identità digitale
    Cybersecurity Act (Digital Innovation Hub Vicenza) (Event, Video)

2021

  • June 23, 2021 • Specialized
    Marco Pernpruner
    How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis
    Identiverse 2021 (Video)
  • May 5, 2021 • General
    Marco Pernpruner, Giada Sciarretta, Alessandro Tomasi
    Identità digitale: identificazione e autenticazione
    PMI Academy, Accademia d'Impresa (Event, Video)
  • March 11, 2021 • Specialized
    Andrea Bisegna, Roberto Carbone, Marco Pernpruner, Silvio Ranise
    Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2
    Tech Talk (DedaGroup)
  • January 14, 2021 • Specialized
    Marco Pernpruner
    Automated Security and Risk Analysis of Strong Customer Authentication Solutions for the PSD2
    Recent Security Advances in the Finance Sector (FinTech, FINSEC and SOTER) (Event)

2020

  • September 28, 2020 • Specialized
    Marco Pernpruner
    Strong Customer Authentication for the PSD2: security issues and possible mitigations to share with end users
    Digital Finance Academy for Security (FINSEC) (Slides and video)
  • May 5, 2020 • General
    Marco Pernpruner, Giada Sciarretta, Silvio Ranise
    Cyber Security & Servizi Finanziari
    FBK Academy (News and video)

Supervised Theses

2022

  • Martina Vecellio Reane (Bachelor's Thesis, University of Trento, 2022)
    Automated Security and Risk Analysis of Remote Identity Proofing Procedures
    Supervisors: Silvio Ranise | Co-supervisors: Marco Pernpruner, Giada Sciarretta

2021

  • Leonardo Xompero (Bachelor's Thesis, University of Trento, 2021)
    A Survey of Risk-Based Authentication: How features and security actions can be used to mitigate attackers
    Supervisors: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner
  • Giacomo Zanolli (Bachelor's Thesis, University of Trento, 2021)
    FIDO2 Passwordless Authentication: From the basics to an implementation in the context of an authorization system
    Supervisors: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner
  • Adrien Beaugendre (Master's Thesis, University of Rennes 1 and University of Trento, 2021)
    A Flexible Risk Analysis on MuFASA Tool
    Supervisors: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner

2020

  • Alessio Valenza (Bachelor's Thesis, University of Trento, 2020)
    Autenticazione bancaria post-PSD2: siamo al sicuro? Analisi automatica del rischio di protocolli di autenticazione
    Supervisors: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner