Projects
Attribute Provisioning and Verifiable Credentials
Description
The most widespread identity management solutions are based on a centralized identity and federated ecosystem (e.g., SAML 2.0 and OpenID Connect). We are interested in exploring the viability for alternative systems that let users generate on-demand identities containing strictly necessary information, by aggregating validated identity attributes from different attribute authorities (e.g., via the use of Verifiable Credentials). This user-centric model provides benefits both for users (in terms of privacy and sovereignty) and service providers (in terms of highly certified information and number of attributes they can ask). An example is to allow users to log in into a service provider by sharing only the necessary information (e.g., having a certain age) instead of presenting the whole user identity.
Supervisors
Giada Sciarretta (giada.sciarretta@fbk.eu)
Alessandro Tomasi (altomasi@fbk.eu)
Prerequisites
Experience of Android development.
Innovative Scenarios for the Electronic Identity Card
Description
The Italian electronic identity card (CIE 3.0) can be exploited as an authentication mean, thanks to its capability to communicate via NFC (Near Field Communication) protocols and the cryptographic capabilities it is equipped with. We are interested in exploring further scenarios, such as the use of CIE 3.0 as an advanced electronic signature (FEA), pursuant to Article 64 and 65 of the Codice d’Amministrazione Digitale (CAD) legislation or the evolution of the authentication scheme by integrating innovative protocols (e.g., OpenID Connect and FIDO2).
Supervisor
Giada Sciarretta (giada.sciarretta@fbk.eu)
Prerequisites
Experience of Android development.
Design and Development of Automated Test Cases for Java Program
Description
Software testing is a crucial step in the software engineering process. The automation of the execution of test cases enhances the effectiveness of software testing and the quality of the code. In this internship, the System Under Test is a Java program developed in the context of secure data storage in the Cloud. The program, named CryptoAC, implements a state-of-the-art Access Control enforcement that combines cryptography and access control to protect sensitive data stored in the Cloud. CryptoAC is accessible through a web interface and RESTful APIs. The goal of this internship is to design and develop a suite of test cases for CryptoAC.
Supervisors
Stefano Berlato (sberlato@fbk.eu)
Roberto Carbone (carbone@fbk.eu)
Prerequisites
Experience of Java development, English proficiency.
Advanced Authentication Techniques
Description
Standard authentication methods, frequently relying only on passwords, are extremely vulnerable to many attacks that can compromise the overall security of the infrastructure. For this reason, innovative technologies are being studied and gradually adopted to strengthen authentication processes, especially in sensitive contexts such as Public Administration, online banking and eHealth. Among these new techniques, step-up authentication and risk-based authentication are extremely important, since they manage to adjust the strength of the authentication process according to the sensitivity of the requested resources and the risks connected with behavioral or contextual aspects, respectively. The main goal of this internship is to study these advanced authentication techniques both from a theoretical and practical perspective.
Supervisors
Marco Pernpruner (mpernpruner@fbk.eu)
Giada Sciarretta (giada.sciarretta@fbk.eu)
Prerequisites
No prerequisites needed.
FIDO2 Authentication Infrastructure
Description
FIDO2 is a cutting-edge standard providing a strong and passwordless authentication experience, by letting users leverage both physical authenticators (such as USB, NFC or BLE security keys) and platform authenticators (such as PINs or fingerprints registered on a smartphone) to properly authenticate. The most important feature of the FIDO2 standard is its reliance on a public-key infrastructure, so that no secret information is ever sent through the network. The main goal of this internship is to develop an infrastructure (composed of both an Android application and Java servlets) that implements the FIDO2 standard, thus investigating the security aspects needed to build a strong authentication environment.
Supervisors
Marco Pernpruner (mpernpruner@fbk.eu)
Giada Sciarretta (giada.sciarretta@fbk.eu)
Prerequisites
Experience of Android and Java development.
Enhancing TLSAssistant analysis capabilities
Description
TLSAssistant is an open-source testing tool designed to help administrators in securing and verifying their TLS deployment. By combining state-of-the-art analysis tools with a report system able to provide actionable security hints (e.g., guiding the mitigation process), it can drastically decrease the amount of time required to resolve a wide set of issues. Being in the process of refactoring its code, the main goal of this internship is to extend its capabilities by implementing additional modules able to increase the amount of available checks or to provide new ways to aggregate and share its results.
Time frame
Starting from March 2021
Supervisors
Salvatore Manfredi (smanfredi@fbk.eu)
Giada Sciarretta (giada.sciarretta@fbk.eu)
BSc/MSc
TBD
Prerequisites
Experience of Python development and knowledge of the TLS protocol.
Improving TLSAssistant webserver coverage
Description
TLSAssistant is an open-source testing tool designed to help administrators in securing and verifying their TLS deployment. By combining state-of-the-art analysis tools with a report system able to provide actionable security hints (e.g., guiding the mitigation process), it can drastically decrease the amount of time required to resolve a wide set of issues when using Apache or nginx HTTP server. The main goal of this internship is to increase the set of supported webservers by replicating the vulnerable systems and writing the set of mitigations that will guide the users.
Time frame
TBD
Supervisors
Salvatore Manfredi (smanfredi@fbk.eu)
Giada Sciarretta (giada.sciarretta@fbk.eu)
BSc/MSc
BSc
Prerequisites
Experience of OS virtualization, experience of Unix shell usage (Bash suggested) and knowledge of the TLS protocol.
Exploring security compliance in FinTech scenarios
Description
FinTech (contraction for financial technology) is a label that applies to all the financial services provided using digital technologies, it ranges from mobile payments to insurance, from crowd-funding to cryptocurrencies. Due to the highly sensitive nature of the FinTec transactions, it is mandatory to provide and abide by standards that can keep the entire ecosystem secure; two of them are PSD2 and PCI-DSS. The PSD2 requires Account Servicing Payment Service Providers (i.e. banks) to allow third parties to access the customer payment account. PCI-DSS is an industry standard created to ensure that all companies that process credit card information maintain a secure environment. While the currently used version (v3.2.1) has been published in 2018, PCI-DSS 4 will be completed in Q2 2021 and will bring several changes to an already existing and widely deployed standard. The main goal of this internship is to review the related documentation and to identify TLS-related checks, (eventually) leading to their implementation.
Time frame
TBD
Supervisors
Salvatore Manfredi (smanfredi@fbk.eu)
Giada Sciarretta (giada.sciarretta@fbk.eu)
BSc/MSc
TBD
Prerequisites
No prerequisites needed.
Training challenges for Capture-the-Flag
Description
Capture the Flag (CtF) competitions are fun competitions for cybersecurity learners and enthusiasts, regularly run for participants to test their skills. Many write-ups and samples are available in public archives. https://ctftime.org/
Much effort is expended by experts to train participants, both to work individually and as a team. We would like to offer some cryptographic challenges for our local node trainees, by setting up challenge containers (docker) and preparing training material. The implementation would also be very good practice for prospective participants.
Time frame
January - March 2021, preferably.
Supervisors
Alessandro Tomasi (altomasi@fbk.eu)
BSc/MSc
The core task should be achievable by a BSc student; additional goals are available for MSc students.
Prerequisites
Basic notions of cybersecurity are necessary. Expertise in cryptography would be very useful, as would familiarity with web servers and docker.
Attack patterns for Identity Management protocols
Description
Identity Management (IdM) protocols are the protocols supporting Single-Sign On (SSO) which is an authentication schema allowing the user to access different services using the same set of credentials. Two of the most known IdM protocols are SAML 2.0 SSO and OAuth 2.0/OpenID Connect. Several solutions for corporations like Google, Facebook and for Public Administration like eIDAS and SPID are based on IdM protocols. We propose to define attack patterns for assessing the security of IdM implementations. This activity can include the implementation of a plugin.
Time frame
Anytime
Supervisor
Andrea Bisegna - a.bisegna@fbk.eu
Roberto Carbone - carbone@fbk.eu
BSc/MSc
The core task should be achievable by a BSc student; additional goals are available for MSc students.
Prerequisites
Preferably basic knowledge of Java.