Be a New Source

Intoduction to the Summer 2020 issue of XRDS, "View Source / be a new source

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow. Thus it is easy for an attacker to set up its own IdP. In this paper we use a novel approach for analyzing SSO authentication schemes by introducing a malicious IdP. With this approach we evaluate one of the most popular and widely deployed SSO protocols - OpenID. We found four novel attack classes on OpenID, which were not covered by previous research, and show their applicability to real-life implementations. As a result, we were able to compromise 11 out of 16 existing OpenID implementations like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks in a open source tool OpenID Attacker, which additionally allows fine-granular testing of all parameters in OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. It is applicable to other SSO systems like OpenID Connect and SAML. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues

Geovisualization of household energy consumption characteristics

A vast amount of quantitative data is available within the energy sector, however, there is limited understanding of the relationships between neighbourhoods, demographic characteristics and domestic energy consumption habits. We report upon research that will combine datasets relating to energy consumption, saving and loss with geodemographics to enable better understanding of energy user types. A novel interactive interface is planned to evaluate the performance of these energy-based classifications. The research aims to help local governments and the energy industry in targeting households and populations for new energy saving schemes and in improving efforts to promote sustainable energy consumption. Energy based neighbourhood classifications will also promote consumption awareness amongst domestic users. This poster describes the research methodology, data sources and visualization requirements

Chemically specifi C multiscale modeling of clay-polymer nanocomposites reveals intercalation dynamics, tactoid self-assembly and emergent materials properties

A quantitative description is presented of the dynamical process of polymer intercalation into clay tactoids and the ensuing aggregation of polymerentangled tactoids into larger structures, obtaining various characteristics of these nanocomposites, including clay-layer spacings, out-of-plane clay-sheet bending energies, X-ray diffractograms, and materials properties. This model of clay-polymer interactions is based on a three-level approach, which uses quantum mechanical and atomistic descriptions to derive a coarse-grained yet chemically specifi c representation that can resolve processes on hitherto inaccessible length and time scales. The approach is applied to study collections of clay mineral tactoids interacting with two synthetic polymers, poly(ethylene glycol) and poly(vinyl alcohol). The controlled behavior of layered materials in a polymer matrix is centrally important for many engineering and manufacturing applications. This approach opens up a route to computing the properties of complex soft materials based on knowledge of their chemical composition, molecular structure, and processing conditions.This work was funded in part by the EU FP7 MAPPER project (grant number RI-261507) and the Qatar National Research Fund (grant number 09–260–1–048). Supercomputing time was provided by PRACE on JUGENE (project PRA044), the Hartree Centre (Daresbury Laboratory) on BlueJoule and BlueWonder via the CGCLAY project, and on HECToR and ARCHER, the UK national supercomputing facility at the University of Edinburgh, via EPSRC through grants EP/F00521/1, EP/E045111/1, EP/I017763/1 and the UK Consortium on Mesoscopic Engineering Sciences (EP/L00030X/1). The authors are grateful to Professor Julian Evans for stimulating discussions during the course of this project. Data-storage and management services were provided by EUDAT (grant number 283304)

An XRI naming system for dynamic and federated clouds: a performance analysis

Abstract Cloud platforms are dynamic, self-optimizing, continuously changing environments where resources can be composed with other ones in order to provide many types of services to their users, e.g., companies, governments, organizations, and desktop/mobile clients. In order to enable cloud platforms to manage and control their assets, they need to name, identify, and resolve their virtual resources in different operating contexts. In such a scenario, naming, resource location, and information retrieval raise several issues regarding name space management. This paper aims to propose a standard practice for the implementation of a cloud naming system based on the eXtensible Resource Identifier (XRI) technology. More specifically, by means of the development of a Cloud Name Space Management (CNSM) front-end interacting with the OpenXRI architecture, we investigate its performance simulating typical cloud name space management tasks

Synthesis and thermoelectric characterization of Bi2Te3 nanoparticles

We report a novel synthesis for near monodisperse, sub-10-nm Bi2Te3 nanoparticles. At first, a new reduction route to bismuth nanoparticles is described which are applied as starting materials in the formation of rhombohedral Bi2Te3 nanoparticles. After ligand removal by a novel hydrazine hydrate etching procedure, the nanoparticle powder is spark plasma sintered to a pellet with preserved crystal grain sizes. Unlike previous works on the properties of Bi2Te3 nanoparticles, the full thermoelectric characterization of such sintered pellets shows a highly reduced thermal conductivity and the same electric conductivity as bulk n-type Bi2Te3.Comment: 8 pages, 8 figures, 1 tabl