Archivio FBK

Cybersecurity

 

Digital identity and security of cloud-edge native services are the two main research topics in the field of Cyber Security at FBK.  The development of automated methods and tools for risk and trust management for the largest number of organizations, especially those with limited security expertise, such as SMEs, are the research focus. Therefore, it becomes critical to design, develop and implement digital identity infrastructures in a way that ensures security, privacy and trust.


Challenges and strengths

There are two major challenges, among the many posed by the secure development of digital identity infrastructure, that emerge as particularly important:

  • Given the push for digitization of many processes in the public administration (especially health care) and individuals (such as banking) speeded up dramatically by the COVID-19 pandemic, identification processes have also been digitized and performed remotely and no longer in-person (e.g., it is possible to create a checking account without physically going to a bank branch). This transformation has led to the introduction of new attacks on remote identification processes that can lead to identity theft with potentially catastrophic consequences for the user who is the victim (e.g., economic in the case of access to financial services). For example, many of these processes use video fragments to compare the face of the person requesting digital identity creation with the image associated with the presented identity document: modern image manipulation techniques including video (e.g., those techniques that go by the name of deep fakes) manage to virtually paste the face of the victim whose identity document has been stolen in a dynamic manner in such a way that it is difficult for image control algorithms or a human operator to find such manipulations. The Center is developing techniques for detecting these types of threats and others that may jeopardize the identification process, providing a comprehensive classification of threats and related mitigations, while also developing automated techniques for risk assessment to help those developing these processes define the configuration of mitigations that offers the desired level of security.
  • In the short, medium and long term, it will be necessary to integrate the infrastructure for digital identity management with the growing and increasingly articulate and complex ecosystem of services and applications offered by the national and European public administration  in order to take full advantage of the benefits offered by the digitization of processes.
    The Center has established a strategic partnership with PagoPA to initiate a series of collaborations at both the technical and training levels to securely and reliably manage this transition using a risk managementapproach, a design with in mind the importance of a  ʻʻfrictionless ʼʼ user experience and increased user awareness of the benefits and limitations of the tool.

Technologies

FBK’s Cybersecurity research offers solutions to address the challenges posed by the three risks identified above: insecurity, lack of privacy, and distrust, based on a variety of techniques that include:

  • algorithms for security analysis, risk assessment and compliance with standards that allow the stakeholders involved to evaluate risks from different perspectives against different alternative project solutions;
  • cryptographic techniques for the integrity, authenticity and privacy of data transmitted, stored and processed by the infrastructure that allow the user to share data in a granular manner (selective disclosure);
  • declarative techniques for automating security and compliance testing of the implementation of infrastructures that allow administrators to continuously verify security and compliance against possible evolutions of the infrastructure itself and threats.

Major projects

  • European Digital Identity Wallet:  in June 2023, with the official launch of the POTENTIAL Consortium, the implementation of one of the  e-wallet  solutions involving Italy began, with the start of testing of the first use cases during 2024. The testing that will start in the Autonomous Province of Trento will focus on: identification and authentication for the use of digital public services (eGov), digital driver’s license. and electronic medical prescription (ePrescription). Thanks to PagoPA’s involvement, IO, the public services app, identified both as a model for the definition of the international wallet standard and for the implementation of the national digital wallet, will serve as the wallet.
  • Poste Italiane: within a joint laboratory, a testing plan was developed for the protection and monitoring of the SPID infrastructure developed by the Poste Italiane postal services.  This activity has been completed for some time and was a key contributor to developing expertise that led to the development of T3 techniques.
  • Poligrafico e Zecca dello Stato (IPZS): development of methodologies for the secure design of authentication infrastructures based on the Electronic Identity Card (CIE) 3.0 both nationally with the ʻEntra con CIEʼ button to access Italian Public Administration services and internationally with an authenticationapplication compliant with the eIDAS regulation to allow Italian citizens to access, with their CIE digitalidentity , the Public Administration services of another Member State (T1 techniques) and application of cryptographic techniques for the protection of messages exchanged and stored within the infrastructure (T2 techniques) and for the security and compliance testing of message exchange protocols (T3 techniques).   This activity began a few years ago and is in full swing and has led to the development of T1 and T2 techniques as well as the refinement of T3 techniques and, recently, the writing of a technical document published by AgID that contains the OpenID Connect technical rule lines for SPID and CIE.
  • Various Italian and international public and private organizations within the European ʻLarge Scale Pilot EUDIWalletʼ POTENTIAL projects (  https://www.digital-identity-wallet.eu/), NOBID (  https://www.nobidconsortium.com/) and DC4EU (  https://www.dc4eu.eu/) that aim to build the new infrastructure to make the digital identity of the various Member States portable at European level in accordance with the new version of the eIDAS 2.0 regulation (T1, T2 and T3 techniques).
  •  SERICS Foundation – Security and Rights in CyberSpace. The participation of the Center for Cybersecurity in the SERICS (Security and Rights in CyberSpace) Foundation will enable FBK to take part in some national-level strategic actions and innovative research activities in the field of cybersecurity envisaged by the National Recovery and Resilience Plan (PNRR) in the context of the Extended Partnerships on Topic area “7: Cybersecurity, new technologies and rights protection“.The activities will be part of the partnership’s Spoke 4 (Security of Operating Systems and Virtualization) and Spoke 5 (Encryption and security of distributed systems).
    In addition to producing innovative scientific results with significant impact both locally and nationally, participation in SERICS will guarantee FBK greater visibility to its work in Cybersecurity and expand its network to develop future collaborations.