Digital identity: enrollment, authentication, and all that

The course introduces the basic notions underlying the various aspects of digital identity management with a focus on a security-by-design approach complemented with the use of automated formal analysis techniques for security. First, it is explained why identity is the building block of any security strategy for current and future applications and services. Then, the various phases of the life cycle of digital identities are explained and the main security issues are highlighted. The interdependencies among the design and implementation choices performed in the various phases are also discussed. Finally, solutions for enrollment and authentication are described together with threat models and the most important mitigation techniques. During the various topics, the security goals and the security analysis problems are formalized so that automated analysis techniques based on constraint solving and model checking can be used to assist designers in the various phases of the development. Digital identity management solutions taken from the real world are considered to illustrate the various notions and techniques.

Period: April 4, 6, 8, 11, 12 (from 10:00 to 12:00 and from 14:00 to 16:00, CEST)

Duration: 20 hours

Location: University of Trento (room Garda - Povo1) and remotely (the link will be communicated to the registered students)

Schools: University of Trento - Mathematics Doctoral Programme, University of Trento - IECS Doctoral School, University of Genova - PhD Program in Security, Risk and Vulnerability

Assessment Method: small project or oral presentation of relevant literature

Related Publications

  • Andrea Bisegna, Roberto Carbone, Giulio Pellizzari and Silvio Ranise
    Micro-Id-Gym: a Flexible Tool for Pentesting Identity Management Protocols in the Wild and in the Laboratory
    In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI)
  • Roberto Carbone, Silvio Ranise, Giada Sciarretta and Luca ViganĂ²
    Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login
    In: ACM Transactions on Privacy and Security (TOPS) (DOI, complementary material, news)
  • Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta
    The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
    In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY 2020) (DOI, complementary material, news)
  • Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise
    MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols
    In: Emerging Technologies for Authorization and Authentication (ETAA 2019) (DOI, complementary material, news)

Involved People

Carbone Roberto

Roberto Carbone

Ranise Silvio

Silvio Ranise

Sciarretta Giada

Giada Sciarretta