F&C CIE
Autenticazione con CIE
Overview
The Italian Electronic Identity Card (CIE 3.0) allows citizens to authenticate securely to online services of institutions and public administrations. The objective of this project is to update eIDAS-notified scenarios with security assessment of the newly implemented functionalities (e.g., analysis of the TLS configuration, OWASP analysis of the CIE Id app) and design of possible evolutions (e.g., multiple CIE support on the same device, PUK Recovery).
Details
- Period: from 01/04/2021 until 31/03/2022.
Related Tools
- TLSAssistant [documentation, code]
Related Collaborations
Related Publications
-
Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
Empirical Validation on the Usability of Security Reports for Patching TLS Misconfigurations: User- and Case-Studies on Actionable Mitigations
In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (DOI) -
Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
Demo: TLSAssistant v2 - A Modular and Extensible Framework for Securing TLS
In: Proceedings of the 27th ACM Symposium on Access Control Models and Technologies (SACMAT 2022) (DOI, news) -
Andrea Bisegna, Roberto Carbone, Silvio Ranise
Integrating a Pentesting Tool for IdM Protocols in a Continuous Delivery Pipeline
In: 4th International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2021) (DOI) -
Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
Do Security Reports Meet Usability? - Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations
In: The 16th International Conference on Availability, Reliability and Security (ARES 2021) (ETACS 2021) (DOI, complementary material, news)