Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow. Thus it is easy for an attacker to set up its own IdP. In this paper we use a novel approach for analyzing SSO authentication schemes by introducing a malicious IdP. With this approach we evaluate one of the most popular and widely deployed SSO protocols - OpenID. We found four novel attack classes on OpenID, which were not covered by previous research, and show their applicability to real-life implementations. As a result, we were able to compromise 11 out of 16 existing OpenID implementations like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks in a open source tool OpenID Attacker, which additionally allows fine-granular testing of all parameters in OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. It is applicable to other SSO systems like OpenID Connect and SAML. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues

Pushing Open Government Through Social Media

E-government aims to enhance the interaction between citizens, business, and government. Recently, the term open government is increasingly used to emphasize the importance of co-creation in governmental issues. In this study, the social media activities of the municipalities of North Rhine-Westphalia, Germany, are investigated with regard to the topic “open government” as one pillar of e-government. The findings show that user interaction is mostly represented through likes and shares and rarely by comments. A topic detection of the posted content reveals that different terms are covered by the municipalities and shows that open government is getting more and more diverse in recent years. The number of posts is still increasing each year on the social media platforms Facebook and Twitter, but the topic of open government is still a peripheral phenomenon

More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of secure group communication in instant messaging. To approach an investigation of group instant messaging protocols, we first provide a comprehensive and realistic security model. This model combines security and reliability goals from various related literature to capture relevant properties for communication in dynamic groups. Thereby the definitions consider their satisfiability with respect to the instant delivery of messages. To show its applicability, we analyze three widely used real-world protocols: Signal, WhatsApp, and Threema. Since these protocols and their implementations are mostly undocumented for the public and two out of three applications among them are closed source, we describe the group protocols employed in Signal, WhatsApp, and Threema. By applying our model, we reveal several shortcomings with respect to the security definition. Therefore we propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications\u27 integrity – represented by the integrity of all exchanged messages – and(2) the groups\u27 closeness – represented by the members\u27 ability of managing the group – are not end-to-end protected. We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication

How Secure is TextSecure?

Instant Messaging has gained popularity by users for both private and business communication as low-cost short message replacement on mobile devices. However, until recently, most mobile messaging apps did not protect confidentiality or integrity of the messages. Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ motivated many people to use alternative messaging solutions to preserve the security and privacy of their communication on the Internet. Initially fueled by Facebook\u27s acquisition of the hugely popular mobile messaging app WhatsApp, alternatives claiming to provide secure communication experienced a significant increase of new users. A messaging app that claims to provide secure instant messaging and has attracted a lot of attention is TextSecure. Besides numerous direct installations, its protocol is part of Android\u27s most popular aftermarket firmware CyanogenMod. TextSecure\u27s successor Signal continues to use the underlying protocol for text messaging. In this paper, we present the first complete description of TextSecure\u27s complex cryptographic protocol, provide a security analysis of its three main components (key exchange, key derivation and authenticated encryption), and discuss the main security claims of TextSecure. Furthermore, we formally prove that - if key registration is assumed to be secure - TextSecure\u27s push messaging can indeed achieve most of the claimed security goals

Dopamine boosts intention and action awareness in Parkinson’s disease

Dopaminergic deficiency in Parkinson’s disease (PD) has been associated with underactivation of the supplementary motor area and a reduction of voluntary actions. In these patients, awareness of intention to act has been shown to be delayed. However, delayed awareness of intention to act has also been shown in patients with hyperdopaminergic states and an excess of unwilled movements, as in Tourette’s, and in patients with functional movement disorders. Hence, the role of dopamine in the awareness of intention and action remains unclear. 36 PD patients were tested ON and OFF dopaminergic medication and compared with 35 healthy age-matched controls. In addition, 17 PD patients with subthalamic deep brain stimulation (DBS) were tested ON medication and ON and OFF stimulation. Participants judged either the moment a self-generated action was performed, or the moment the urge to perform the action was felt, using the “Libet method”. Temporal judgments of intention and action awareness were comparable between unmedicated PD patients and controls. Dopaminergic medication boosted anticipatory awareness of both intentions and actions in PD patients, relative to an unmedicated condition. The difference between ON/OFF DBS was not statistically reliable. Functional improvement of motor ability in PD through dopaminergic supplementation leads to earlier awareness of both intention, and of voluntary action

Developing ecosystem service indicators: experiences and lessons learned from sub-global assessments and other initiatives

People depend upon ecosystems to supply a range of services necessary for their survival and well-being. Ecosystem service indicators are critical for knowing whether or not these essential services are being maintained and used in a sustainable manner, thus enabling policy makers to identify the policies and other interventions needed to better manage them. As a result, ecosystem service indicators are of increasing interest and importance to governmental and inter-governmental processes, including amongst others the Convention on Biological Diversity (CBD) and the Aichi Targets contained within its strategic plan for 2011-2020, as well as the emerging Intergovernmental Platform on Biodiversity and Ecosystem Services (IPBES). Despite this growing demand, assessing ecosystem service status and trends and developing robust indicators is o!en hindered by a lack of information and data, resulting in few available indicators. In response, the United Nations Environment Programme World Conservation Monitoring Centre (UNEP-WCMC), together with a wide range of international partners and supported by the Swedish International Biodiversity Programme (SwedBio)*, undertook a project to take stock of the key lessons that have been learnt in developing and using ecosystem service indicators in a range of assessment contexts. The project examined the methodologies, metrics and data sources employed in delivering ecosystem service indicators, so as to inform future indicator development. This report presents the principal results of this project

A multi-scale approach to analyze the role of the disjoining pressure in the overall stiffness of expansive clays

International audienc

A multi-scale formulation of the overall rigidity of unsaturated expansive clays derived by micromechanical analyses

International audienc

On message-level security

Die vorliegende Dissertation beschäftigt sich mit dem Thema Nachrichtensicherheit in Webservices und Single Sign-On Systemen. Durch die in der Dissertation beschriebene Methodologie sind zahlreiche Sicherheitslücken in verschiedenen Softwarebibliotheken und Webseiten identifiziert, gemeldet und behoben worden. Im ersten Teil der Dissertation wird die Sicherheit von SOAP-basierten Webservices untersucht. In diesem Rahmen wird die Software WS-Attacker zur Durchführung vollautomatischer Penetrationstests konzipiert und implementiert. Im zweiten Teil wird die Sicherheit von Single Sign-On Systemen untersucht. Es werden generische Angriffskonzepte entwickelt, die anschließend auf die Protokolle (1.) OpenID, (2.) OpenID Connect und (3.) SAML angewendet werden. Diese beruhen auf einem neuen Single Sign-On Angriffsparadigma, welches erstmals einen Identity Provider (IdP) für das Auffinden und für die Ausnutzung von Schwachstellen verwendet