Security Analysis of an Attractive Online Authentication Standard：FIDO UAF Protocol

FIDO(Fast IDentity Online) Alliance proposed a set of standard in 2014 for change the nature of online authentication. By now, it has drawn attention from many companies, including Google, VISA, Intel etc. In this paper, we analyze the FIDO UAF(Universal Authentication Framework) Protocol, one of the two sets of specifications in the standard. We first present protocols' cryptographic abstractions for the registration and authentication protocols of the FIDO UAF. According to the abstractions, we discuss on selected security goals presented in the standard to study UAF security properties. We also propose three attacks, which the first two are based on an assumption that an attacker can corrupt the software installed on the user device, and the third is based on two users sharing a FIDO roaming authenticator. The results of the attacks are to impersonate the legitimate user to pass the online authentication.

镉离子污染条件下微生物群落中细菌与藻类的相互作用

【背景】水体微生物有着丰富的多样性,不同种类的微生物之间的相互作用对水体生态系统的组成结构与功能具有重要影响。水体内的藻类与某些微生物可以发生多种相互作用,然而人们对逆境条件下的菌藻有益相互作用尚缺乏深入研究。【目的】为了研究镉对水体微生物群落的影响以及镉胁迫下菌藻之间可能的相互作用。【方法】本研究运用了基于16S rRNA基因的高通量测序技术,分析在不同Cd^2+条件下微生物群落结构的变化,利用微生物相互作用网络分析菌藻之间可能发生的相互作用。【结果】通过分离培养筛选出了与集胞藻PCC6803互作抗Cd^2+的关键细菌Y9菌株。【结论】研究结果表明Y9菌株属于Phyllobacteriaceae科,与微生物群落组成和微生物互作网络的分析结果相符。本研究为探索水体环境中微生物种间相互作用、菌藻互作抗Cd2+的生态效应提供参考依据。