• DEADLINE: July 10, 2023

Automated security, privacy, and risk management of digital identity solutions

University of Genoa

Cybersecurity and Reliable Artificial Intelligence
Cycle: 39

Nowadays, digital identities are employed by the majority of European governments and private enterprises to provide a wide range of services, from secure access to social networks to online banking. As the Digital 2023 global overview report shows, the number of digital identities is growing: we have 4.76 billion social media users and spend trillions of dollars on e-commerce.
Digital identity is therefore a key ingredient for securing new IT systems and digital infrastructures such as those based on zero trust. For these reasons, the secure deployment of digital identity solutions is a mandatory prerequisite for building trust in digital ecosystems and is an obligation shared by security practitioners and consumers.
The research work to be conducted in the thesis aims to develop a new approach for automated security, privacy, and risk management in the design, development, and maintenance of digital identity solutions. The challenge is to deal with the multiple dimensions of the design space as a continuum in which specifications are analyzed both in isolation and as refinements of each other.
The approach should take into account the specific security and privacy issues of each phase and, at the same time, consider the interdependencies among the design and implementation choices performed in the various phases, bridging the gap among them.
The resulting approach should be automated, auditable, provide actionable hints to reduce risk, and be easy to integrate into the wide range of services and applications that arise in the plethora of use case scenarios resulting from the pressure of digital transformation. This activity includes:
– Analysis of state-of-the-art identity management solutions and their security issues.
– Identification of relevant use cases.
– Specification of a (semi-)automatic approach for security and risk management of digital identity solutions.
– Implementation of the approach on a tool and experimental evaluation on real-world use cases.

References:
M. Pernpruner, R. Carbone, G. Sciarretta and S. Ranise. An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols. Submitted to IEEE Transactions on Dependable and Secure Computing (TDSC).
G. Sciarretta, R. Carbone, S. Ranise, L. Viganò. Formal analysis of mobile multi-factor authentication with single sign-on login. ACM Transactions on Privacy and Security (TOPS) 23 (3), 1-37.
M. Pernpruner, R. Carbone, S. Ranise, G. Sciarretta. The Good, the Bad and the (Not So) Ugly of Out-of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis. In Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (pp.223-234), 2020.
A. Sharif, M. Ranzi, R. Carbone, G. Sciarretta, F. A. Marino, S. Ranise. The eIDAS Regulation: a Survey of Technological Trends for European Electronic Identity Schemes. MDPI Journal of Applied Science (APPLSCI), 2022.

APPLY HERE

FBK Contact

Roberto Carbone

Are you ready to join FBK international community?

We welcome motivated applicants who are passionate about research, eager to learn, and driven by curiosity to explore new ideas.

Keep in contact with us!

Six reasons to become a PhD student at FBK

At FBK, our PhD program is designed to develop highly specialized researchers in a unique, stimulating environment

Being a PhD student in FBK
Welcome to FBK
RESEARCH
AT FBK​

A Hub of innovation and collaboration​

TOWARD PHD EXCELLENCE

FBK stands out as one of Italy’s leading research institutions

international
network

National and international
companies and universities

learning opportunities

Explore a world of learning
at FBK

Discover Trento

One of the most Italy’s
livable city

Join FBK

A truly international
community