Security & Trust

Marco Pernpruner

Marco Pernpruner Researcher

Marco Pernpruner is a researcher with the Security & Trust research unit of Fondazione Bruno Kessler.

He received the BSc degree in Information and Business Organisation Engineering from the University of Trento in 2016, the MSc degree in Computer Science and Engineering from the University of Verona in 2019, and the PhD degree in Security, Risk and Vulnerability from the University of Genoa in 2024.

He joined the Security & Trust unit in October 2018 for an internship aimed at developing his Master’s thesis. From March 2019, he worked as a Research Assistant within the unit, focusing on the design and security analysis of enrollment and authentication procedures. In November 2020, he started his PhD under the supervision of Prof. Silvio Ranise and Dr. Giada Sciarretta. In 2022, he has also been a visiting PhD student at King’s College London, under the supervision of Prof. Luca Viganò.

His research focuses on digital identity, with a specialization in the design, security and risk assessment of multi-factor authentication and fully-remote enrollment procedures.

Publications

2024

  • Marco Pernpruner, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols
    In: IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 4, July/August 2024, Pages 1935-1950 (DOI, complementary material, news)

2021

  • Marco Pernpruner, Giada Sciarretta, Silvio Ranise
    A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-Remote Solutions Based on eDocuments
    In: 18th International Conference on Security and Cryptography (SECRYPT 2021) (DOI, complementary material)

2020

  • Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta
    The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
    In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY 2020) (DOI, complementary material, news)

Theses

  • Marco Pernpruner (PhD Thesis, University of Genoa, 2024)
    Integrating Security by Design and Automated Security Analysis for Digital Identity Management (link)
    Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
  • Marco Pernpruner (Master's Thesis, University of Verona, 2019)
    A passwordless out-of-band authentication protocol based on eID cards and push notifications: Design and formal security analysis
    Supervisor: Massimo Merro | Co-supervisors: Giada Sciarretta, Roberto Carbone

Dissemination

2024

  • May 16, 2024 • Specialized
    Marco Pernpruner
    The Role of Formal Methods in Digital Identity Management
    Workshop for the Master Course "Formal Techniques for Cryptographic Protocol Analysis" at UniTN

2022

  • January 27, 2022 • General
    Marco Pernpruner
    Identità digitale
    Cybersecurity Act (Digital Innovation Hub Vicenza) (Event, Video)

2021

  • June 23, 2021 • Specialized
    Marco Pernpruner
    How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis
    Identiverse 2021 (Video)
  • May 5, 2021 • General
    Marco Pernpruner, Giada Sciarretta, Alessandro Tomasi
    Identità digitale: identificazione e autenticazione
    PMI Academy, Accademia d'Impresa (Event, Video)
  • March 11, 2021 • Specialized
    Andrea Bisegna, Roberto Carbone, Marco Pernpruner, Silvio Ranise
    Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2
    Tech Talk (DedaGroup)
  • January 14, 2021 • Specialized
    Marco Pernpruner
    Automated Security and Risk Analysis of Strong Customer Authentication Solutions for the PSD2
    Recent Security Advances in the Finance Sector (FinTech, FINSEC and SOTER) (Event)

2020

  • September 28, 2020 • Specialized
    Marco Pernpruner
    Strong Customer Authentication for the PSD2: security issues and possible mitigations to share with end users
    Digital Finance Academy for Security (FINSEC) (Slides and video)
  • May 5, 2020 • General
    Marco Pernpruner, Giada Sciarretta, Silvio Ranise
    Cyber Security & Servizi Finanziari
    FBK Academy (News and video)

Supervised Theses

2024

  • Federico Graziola (Master's Thesis, University of Verona, 2024)
    Potenzialità e sfide nell'analisi formale di protocolli per l'identità digitale con Tamarin
    Supervisor: Mariano Ceccato | Co-supervisors: Marco Pernpruner, Giada Sciarretta

2022

  • Martina Vecellio Reane (Bachelor's Thesis, University of Trento, 2022)
    Automated Security and Risk Analysis of Remote Identity Proofing Procedures
    Supervisor: Silvio Ranise | Co-supervisors: Marco Pernpruner, Giada Sciarretta

2021

  • Leonardo Xompero (Bachelor's Thesis, University of Trento, 2021)
    A Survey of Risk-Based Authentication: How features and security actions can be used to mitigate attackers
    Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner
  • Giacomo Zanolli (Bachelor's Thesis, University of Trento, 2021)
    FIDO2 Passwordless Authentication: From the basics to an implementation in the context of an authorization system
    Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner
  • Adrien Beaugendre (Master's Thesis, University of Rennes 1 and University of Trento, 2021)
    A Flexible Risk Analysis on MuFASA Tool
    Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner

2020

  • Alessio Valenza (Bachelor's Thesis, University of Trento, 2020)
    Autenticazione bancaria post-PSD2: siamo al sicuro? Analisi automatica del rischio di protocolli di autenticazione
    Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner