A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments

Marco Pernpruner, Marco Pernpruner, Giada Sciarretta, Silvio Ranise, Silvio Ranise

2021

Abstract

More and more online services are characterised by the need for strongly verifying the real-world identity of end users, especially when sensitive operations have to be carried out: just imagine a fully-remote signature of a contract, and what could happen whether someone managed to perform it by using another person’s name. For this reason, the identity management lifecycle contains specific procedures – called enrollment or onboarding – providing a certain level of assurance on digital users’ real identities. These procedures must be as secure as possible to prevent frauds and identity thefts. In this paper, we present a framework composed of a specification language, a security analysis methodology and a risk analysis methodology for enrollment solutions. For concreteness, we apply our framework to a real use case (i.e., fully-remote solutions relying on electronic documents as identity evidence) in the context of a collaboration with an Italian FinTech startup. Beyond validating the framework, we analyse and highlight the essential role of mitigations on the overall security of enrollment procedures.

Download


Paper Citation


in Harvard Style

Pernpruner M., Sciarretta G. and Ranise S. (2021). A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 222-233. DOI: 10.5220/0010554502220233


in Bibtex Style

@conference{secrypt21,
author={Marco Pernpruner and Giada Sciarretta and Silvio Ranise},
title={A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={222-233},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010554502220233},
isbn={978-989-758-524-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-remote Solutions based on eDocuments
SN - 978-989-758-524-1
AU - Pernpruner M.
AU - Sciarretta G.
AU - Ranise S.
PY - 2021
SP - 222
EP - 233
DO - 10.5220/0010554502220233