Analysing the Security of Google's implementation of OpenID Connect

Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user. A number of authors have analysed the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites which support its use for sign-in. Our study reveals serious vulnerabilities of a number of types, all of which allow an attacker to log in to an RP website as a victim user. Further examination suggests that these vulnerabilities are caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions which sacrifice security for simplicity of implementation. We also give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems

Fractal Characterizations of MAX Statistical Distribution in Genetic Association Studies

Two non-integer parameters are defined for MAX statistics, which are maxima of $d$ simpler test statistics. The first parameter, $d_{MAX}$, is the fractional number of tests, representing the equivalent numbers of independent tests in MAX. If the $d$ tests are dependent, $d_{MAX} < d$. The second parameter is the fractional degrees of freedom $k$ of the chi-square distribution $\chi^2_k$ that fits the MAX null distribution. These two parameters, $d_{MAX}$ and $k$, can be independently defined, and $k$ can be non-integer even if $d_{MAX}$ is an integer. We illustrate these two parameters using the example of MAX2 and MAX3 statistics in genetic case-control studies. We speculate that $k$ is related to the amount of ambiguity of the model inferred by the test. In the case-control genetic association, tests with low $k$ (e.g. $k=1$) are able to provide definitive information about the disease model, as versus tests with high $k$ (e.g. $k=2$) that are completely uncertain about the disease model. Similar to Heisenberg's uncertain principle, the ability to infer disease model and the ability to detect significant association may not be simultaneously optimized, and $k$ seems to measure the level of their balance

Cryptanalysis of an MPEG-Video Encryption Scheme Based on Secret Huffman Tables

This paper studies the security of a recently-proposed MPEG-video encryption scheme based on secret Huffman tables. Our cryptanalysis shows that: 1) the key space of the encryption scheme is not sufficiently large against divide-and-conquer (DAC) attack and known-plaintext attack; 2) it is possible to decrypt a cipher-video with a partially-known key, thus dramatically reducing the complexity of the DAC brute-force attack in some cases; 3) its security against the chosen-plaintext attack is very weak. Some experimental results are included to support the cryptanalytic results with a brief discuss on how to improve this MPEG-video encryption scheme.Comment: 8 pages, 4 figure

A two-step approach for calculating chloride diffusion coefficient in concrete with both natural and recycled concrete aggregates.

This paper presents an analytical approach to calculate the effective diffusion coefficient of chlorides in concrete with both natural and recycled concrete aggregates. In the approach the concrete is treated as a composite consisting of three phases, namely mortar, natural aggregate plus interfacial transition zone, and recycled concrete aggregate plus interfacial transition zone. The effective diffusion coefficient of chlorides in the composite is calculated through two steps. The first step is to calculate the effective diffusion coefficients of chlorides in the natural aggregate plus interfacial transition zone and in the recycled concrete aggregate plus interfacial transition zone by using multilayer spherical approximation, the results of which provide the information about the quality of recycled concrete aggregate in terms of chloride penetration resistance. The second step is to calculate the effective diffusion coefficient of chlorides in the three-phase concrete composite by using effective medium approximation, the results of which provide the information about the influence of recycled concrete aggregate on the diffusivity of recycled aggregate concrete. The analytical expression of the effective diffusion coefficient is derived and carefully compared with the results obtained from both the experiments and numerical simulations, which demonstrates that the present analytical model is rational and reliable. The analytical expression presented can be used to predict the service life of recycled aggregate concrete exposed to chloride environment

Effect of isovector-scalar meson on neutron star matter in strong magnetic fields

We study the effects of isovector-scalar meson $\delta$ on the equation of state (EOS) of neutron star matter in strong magnetic fields. The EOS of neutron-star matter and nucleon effective masses are calculated in the framework of Lagrangian field theory, which is solved within the mean-field approximation. From the numerical results one can find that the $\delta$-field leads to a remarkable splitting of proton and neutron effective masses. The strength of $\delta$-field decreases with the increasing of the magnetic field and is little at ultrastrong field. The proton effective mass is highly influenced by magnetic fields, while the effect of magnetic fields on the neutron effective mass is negligible. The EOS turns out to be stiffer at $B < 10^{15}$G but becomes softer at stronger magnetic field after including the $\delta$-field. The AMM terms can affect the system merely at ultrastrong magnetic field($B > 10^{19}$G). In the range of $10^{15}$ G -- $10^{18}$ G the properties of neutron-star matter are found to be similar with those without magnetic fields.Comment: 26 pages, 9 figure

Effects of social media brand-related content on fashion products buying behaviour – a moderated mediation model

Purpose – This study examines in which circumstances consumer’s self-congruity moderates the indirect influence of consumer-based brand equity (mediating role) in the relationship between firm-created and user-generated social media content and intention to purchase fashion products. Design/methodology/approach – In this study, we carried out an online survey with social media users of fashion brands and collected data from 622 participants across two samples to investigate whether consumers’ perceptions of equity of fashion brands mediate the relationship between social media brand-related communication created by both firms and users and the intention to buy the fashion brands. The indirect relationship is further moderated by self-congruity. Findings – The results indicate that (i) brand equity mediates the relationship between social media communication and purchase intentions of fashion products, and (ii) self-congruity moderates the relationship between social media communication types and purchase intentions, such that higher/lower levels of self-congruity strengthen/weaken the impact of social media communication on purchase intentions. Originality/value – This study contributes to the business and marketing literature by exploring how social media communication, branding, and fashion align with the individual’s self-concept and buying behaviour

Annular electroconvection with shear

We report experiments on convection driven by a radial electrical force in suspended annular smectic A liquid crystal films. In the absence of an externally imposed azimuthal shear, a stationary one-dimensional (1D) pattern consisting of symmetric vortex pairs is formed via a supercritical transition at the onset of convection. Shearing reduces the symmetries of the base state and produces a traveling 1D pattern whose basic periodic unit is a pair of asymmetric vortices. For a sufficiently large shear, the primary bifurcation changes from supercritical to subcritical. We describe measurements of the resulting hysteresis as a function of the shear at radius ratio $\eta \sim 0.8$. This simple pattern forming system has an unusual combination of symmetries and control parameters and should be amenable to quantitative theoretical analysis.Comment: 12 preprint pages, 3 figures in 2 parts each. For more info, see http://mobydick.physics.utoronto.c

Bromoform and dibromomethane measurements in the seacoast region of New Hampshire, 2002–2004

Atmospheric measurements of bromoform (CHBr3) and dibromomethane (CH2Br2) were conducted at two sites, Thompson Farm (TF) in Durham, New Hampshire (summer 2002–2004), and Appledore Island (AI), Maine (summer 2004). Elevated mixing ratios of CHBr3 were frequently observed at both sites, with maxima of 37.9 parts per trillion by volume (pptv) and 47.4 pptv for TF and AI, respectively. Average mixing ratios of CHBr3 and CH2Br2 at TF for all three summers ranged from 5.3–6.3 and 1.3–2.3 pptv, respectively. The average mixing ratios of both gases were higher at AI during 2004, consistent with AI\u27s proximity to sources of these bromocarbons. Strong negative vertical gradients in the atmosphere corroborated local sources of these gases at the surface. At AI, CHBr3 and CH2Br2 mixing ratios increased with wind speed via sea‐to‐air transfer from supersaturated coastal waters. Large enhancements of CHBr3 and CH2Br2 were observed at both sites from 10 to 14 August 2004, coinciding with the passage of Tropical Storm Bonnie. During this period, fluxes of CHBr3 and CH2Br2 were 52.4 ± 21.0 and 9.1 ± 3.1 nmol m−2 h−1, respectively. The average fluxes of CHBr3 and CH2Br2 during nonevent periods were 18.9 ± 12.3 and 2.6 ± 1.9 nmol m−2 h−1, respectively. Additionally, CHBr3 and CH2Br2 were used as marine tracers in case studies to (1) evaluate the impact of tropical storms on emissions and distributions of marine‐derived gases in the coastal region and (2) characterize the transport of air masses during pollution episodes in the northeastern United States

Directed Molecular Stacking for Engineered Fluorescent Three-Dimensional Reduced Graphene Oxide and Coronene Frameworks

[EN] Three‐dimensional fluorescent graphene frameworks with controlled porous morphologies are of significant importance for practical applications reliant on controlled structural and electronic properties, such as organic electronics and photochemistry. Here we report a synthetically accessible approach concerning directed aromatic stacking interactions to give rise to new fluorogenic 3D frameworks with tuneable porosities achieved through molecular variations. The binding interactions between the graphene‐like domains present in the in situ‐formed reduced graphene oxide (rGO) with functional porphyrin molecules lead to new hybrids via an unprecedented solvothermal reaction. Functional free‐base porphyrins featuring perfluorinated aryl groups or hexyl chains at their meso‐ and β‐positions were employed in turn to act as directing entities for the assembly of new graphene‐based and foam‐like frameworks and of their corresponding coronene‐based hybrids. Investigations in the dispersed phase and in thin‐film by XPS, SEM and FLIM shed light onto the nature of the aromatic stacking within functional rGO frameworks (denoted rGOFs) which was then modelled semi‐empirically and by DFT calculations. The pore sizes of the new emerging reduced graphene oxide hybrids are tuneable at the molecular level and mediated by the bonding forces with the functional porphyrins acting as the “molecular glue”. Single crystal X‐ray crystallography described the stacking of a perfluorinated porphyrin with coronene, which can be employed as a molecular model for understanding the local aromatic stacking order and charge transfer interactions within these rGOFs for the first time. This opens up a new route to controllable 3D framework morphologies and pore size from the Ångstrom to the micrometre scale. Theoretical modelling showed that the porosity of these materials is mainly due to the controlled inter‐planar distance between the rGO, coronene or graphene sheets. The host‐guest chemistry involves the porphyrins acting as guests held through π‐π stacking, as demonstrated by XPS. The objective of this study is also to shed light into the fundamental localised electronic and energy transfer properties in these new molecularly engineered porous and fluorogenic architectures, aiming in turn to understand how functional porphyrins may exert stacking control over the notoriously disordered local structure present in porous reduced graphene oxide fragments. By tuning the porosity and the distance between the graphene sheets using aromatic stacking with porphyrins, it is also possible to tune the electronic structure of the final nanohybrid material, as indicated by FLIM experiments on thin films. Such nanohybrids with highly controlled pores dimensions and morphologies open the way to new design and assembly of storage devices and applications incorporating π‐conjugated molecules and materials and their π‐stacks may be relevant towards selective separation membranes, water purification and biosensing applications.S.I.P. and S.W.B. thank The Royal Society and STFC for funding. B.Y.M. thanks the University of Bath for a studentship (ORS). D.G.C. thanks the Fundación General CSIC for funding (ComFuturo Program). Dr. Jose A. Ribeiro Martins, Professors Jeremy K. M. Sanders and Paul Raithby are acknowledged for training, helpful discussions and porphyrin supramolecular chemistry. The S.I.P. group thanks the EPSRC for funding to the Centre of Graphene Science (EP/K017160/1) and to the Centre for Doctoral Training in Sustainable Chemical Technologies (EP/L016354/1). The authors thank EPSRC National Service for Mass Spectrometry at Swansea and EPSRC National Service for Crystallography at Southampton for data collection. The authors also acknowledge the ERC for the Consolidator Grant O2SENSE (617107, 2014–2019)