Dissertations / Theses on the topic 'OpenID Connect'

Electronic identification is used by an individual to prove who he or she is by electronic means and is normally used for logging in to various services. In Sweden there are a number of different solutions that are developed and provided by different parties. In order to promote and coordinate electronic identification for public services, the Swedish E-identification Board was founded in 2011. The Board has developed a technical framework for integration between the Relying Party and the Identity Provider based on the Security Assertion Markup Language V2.0 (SAML) standard. SAML is a quite old standard that has some limitations complicating an electronic identification solution based on it. A newer competing standard is OpenID Connect, which could be a possible candidate as an alternative to SAML. The objective of this thesis is to determine to what extent it is possible to ensure confidentiality, integrity, and accountability in an electronic identification based on OpenID Connect. To achieve this, a number of requirements for electronic identifications were identified and a design proposal based on OpenID Connect was developed together with a proof-of-concept implementation. The design proposal was evaluated against the requirements, with the final result that an electronic identification based on OpenID Connect could meet the requirements.
E-legitimation används av en individ för visa vem han eller hon är på elektronisk väg och används vanligtvis för att logga in på olika tjänster. I Sverige finns ett antal olika lösningar som utvecklas och tillhandahålls av olika parter. För att främja och samordna elektronisk identifiering för offentliga tjänster grundades E-legitimationsnämnden 2011. Nämnden har tagit fram ett tekniskt ramverk för integrationen mellan Förlitande Part och Legitimeringstjänst baserad på Security Assertion Markup Language V2.0 (SAML) standarden. SAML är en relativt gammal standard med vissa begränsningar som komplicerar en e-legitimationslösning baserad på den. En nyare konkurrerande standard är OpenID Connect, vilket kan vara en möjlig kandidat som ett alternativ till SAML. Syftet med detta examensarbete är att undersöka i vilken utsträckning det är möjligt att säkerställa sekretess, integritet och ansvarsskyldighet för en e-legitimation baserad på OpenID Connect. För att uppnå detta, identifierades ett antal krav för e-legitimationer och ett designförslag baserat på OpenID Connect utvecklades tillsammans med en proof-of-concept implementation. Designförslaget utvärderades mot kraven, med det slutliga resultatet att en e-legitimation baserad på OpenID Connect kan uppfylla kraven.

The use of digital services has never been as important as it is today.It is possible to do everything from researching family history to banktransactions on the Internet. This creates a demand for secure servicesto ensure secure authentication of users. Electronic signatures havebecome an important part of e-identification over the last year due tothe the COVID-19 pandemic forcing many people to work remotely.OpenID Connect, or OIDC, is a framework that supports secureauthentication and authorization. But, it does not support electronicsignatures. The work done in this project has shown that an extensionof the OIDC framework is feasible for electronic signatures.A proof of concept has been built to analyse if an extension tothe OIDC framework was possible. The signature flow implementedis structured according to a proposal developed by an experiencedgroup of people working with e-identification. It extends the OIDCauthentication request with additional information to enable supportfor electronic signatures. The signature is done using BankID as an IDP.This work shows that it is possible to perform an electronic sig-nature, with an OpenID Connect authentication flow with signatureextension. The work has focuses on one model using an IDP thatperforms signing. An approach with a stand-alone signature service ispossible, but would be more complex for a limited proof of concept.

Federated Identity Management (FIM) and Single-Sign-On (SSO) concepts improve both productivity andsecurity for organizations by assigning the responsibility of user data management and authentication toone single central entity called identity provider, and consequently, the users have to maintain only oneset of credential to access resources at multiple service provider. The implementation of any FIM and SSOprotocol is complex due to the involvement of multiple organizations, sensitive user data, and myriadsecurity issues. There are many instances of faulty implementations that compromised on security forease of implementation due to lack of proper guidance. OpenID Connect (OIDC) is the latest protocolwhich is an open standard, lightweight and platform independent to implement Federated IdentityManagement; it offers several advantages over the legacy protocols and is expected to have widespreaduse. An implementation framework that addresses all the important aspects of the FIM lifecycle isrequired to ensure the proper application of the OIDC protocol at the enterprise level. In this researchwork, an implementation framework was designed for OIDC protocol by incorporating all the importantrequirements from a managerial, technical and security perspective of an enterprise level federatedidentity management. The research work closely follows the design science research process, and theframework was evaluated for its completeness, efficiency, and usability.

Il lavoro raccolto in questa tesi comprende sia lo studio delle soluzioni Single Sign-On e del loro impiego in contesti reali, sia il lavoro di implementazione di un sistema di Identity Provider nella realtà CINECA. Lo studio parte dal concetto di identità digitale e di come essa viene gestita nei sistemi di autenticazione. In questo lavoro è rappresentata l'analisi della figura di Identity Provider che va dallo studio delle componenti e dei workflow di processo del caso d'uso SPID all'esame del sistema Shibboleth nella sua interezza. La piattaforma Shibboleth è una soluzione di Single Sign-On molto ricca e funzionale e per questo motivo è quella adottata dal CINECA nell'erogazione dei propri servizi. Il lavoro implementativo compreso in questa tesi è nato dall'esigenza CINECA di evolvere i propri sistemi Shibboleth in una soluzione unica e trasversale alle diverse esigenze applicative aziendali. Lo studio e la realizzazione di questo progetto ha portato all'individuazione di un prototipo di piattaforma che verrà sviluppato appieno nei prossimi mesi e che verrà adottato dal CINECA in futuro.

Il lavoro effettuato in questa tesi prevede la creazione di un sistema configurabile da installare su un’applicazione web che sia in grado di offrire l’interazione con i Social Network più diffusi. Attraverso questo lavoro è stato approfondito lo studio di Spring Social, strumento in grado di gestire la connessione ai Social Network che utilizzano OAuth per concedere l'autorizzazione. Inoltre è stato realizzato un prototipo sviluppato con AngularJS che soddisfacesse i requisiti dati.

Single Sign-On (SSO) är en autentiseringsprocess som tillåter en utvecklare att delegera autentiseringsansvaret till en dedikerad tjänst. OAuth 2.0 är ett auktoriseringsramverk som ofta står som grund för ett autentiseringslager som i sin tur möjliggör SSO. En identitetsleverantör är tjänsten som står för hantering av användaruppgifterna och autentiseringen, två vanliga identitetsleverantörer är Google och Facebook som i sin tur implementerar SSO med hjälp utav autentiseringslagren OpenID Connect respektive Facebooks egna autentiseringslager. Det har visat sig att många klienter som ska utnyttja SSO med OAuth 2.0 implementerar det fel så att säkerhetsbrister uppstår, studier har utförts med förslag till lösningar men många bristande implementationer fortsätter produceras och existera. Att skapa diverse verktyg för att främja säkerhet i dessa sammanhang är en metod där OAuthGuard utvecklats med visionen att även kunna skydda användaren, direkt från en webbläsare. OAuthGuard har även tidigare använts för att analysera säkerheten med Google SSO och visat att 50% av undersökta klienter har brister, men motsvarande studie eller verktyg saknas för Facebook SSO. Denna studie gjorde en motsvarande undersökning för Facebook SSO-klienter med en vidareutvecklad version av OAuthGuard och fann att de lider av brister med liknande trend som tidigare studies resultat mot Google-SSO-klienter, men att färre Facebook- SSO-klienter har brister i jämförelse. Vid vidareutvecklingen av OAuthGuard upptäcktes ett antal svårigheter och framtiden för denna typ av verktyg behöver vidare analyseras. Vidare analys behöver även göras för att bedöma om Facebook-SSO kan vara att föredra över Google-SSO ur säkerhetsperspektiv samt vidare utforskande av nya säkerhetsfrämjande metoder behöver utföras.
Single Sign-On (SSO) is an authentication process that allows a developer to delegate the authentication responsibility to a dedicated service. OAuth 2.0 is an authorization framework that often serves as a base for authentication layers to be built upon that in turn allows for SSO. An identity provider is the service that is responsible for handling user credentials and the authentication, two common identity providers are Google and Facebook that implement SSO with the authentication layers OpenID Connect respectively Facebooks own authentication layer. It has been shown that many clients using OAuth 2.0 as base for SSO make faulty implementations leading to security issues, a number of studies has proposed solutions to these issues but faulty implementations are continually being made. To create various tools to promote security in these contexts is a method where OAuthGuard has been developed with the vision to also directly protect the common website user directly from the browser. OAuthGuard has been used in an earlier study to analyze the security of clients using Google SSO and discovered that 50% of the analyzed clients had flaws, no comparable study has been done for clients using Facebook SSO, which is the second largest third party log in variant. This study made a comparable investigation for Facebook SSO clients with a further developed version of OAuthGuard and found that these clients suffer from flaws with a similar trend as the previous study with Google-SSO clients, although fewer Facebook-SSO clients suffer from these flaws. When further developing OAuthGuard a dumber of difficulties was discovered and the future of these kind of tools needs to be investigated. Further analysis needs to be done to assess if Facebook-SSO should be recommended over Google-SSO from a security perspective and also further exploration of new methods to promote security needs to be done.

OAuth 2.0 and OpenID Connect are two of the most widely used protocols to support secure and frictionless access delegation and single sign-on login solutions, which have been extensively integrated within web and mobile native applications. While securing the OAuth and OpenID Connect implementations within the web applications is widely investigated, this is not true for mobile native applications due to their peculiarities compared to web applications. Given that, we investigate the availability of necessary information to mobile native application developers. Our investigation reveals that mobile native application developers need to access many sparse documents and understand technical security writing, when they are not necessarily security experts that leads to insecure integration of OAuth and OpenID Connect solutions due to various implementation flaws. Thus, to assist mobile native application developers in the understanding of OAuth and OpenID Connect documentations, we demystify the OAuth and OpenID Connect core documentations and two of the most security-critical profiles for governmental and financial domains, namely “International Government Assurance” and “Financial Grade API” to extract the wealth information and summarize them in plain English. To secure the integration of OAuth and OpenID Connect solutions, the OAuth working group and the OpenID foundation have produced many security-related documents to provide general guidelines and best current practices. These documents explain the features that OAuth and OpenID Connect providers must support and how web and mobile native application developers should implement these solutions for the different use case scenarios. In addition, due to the peculiarities of mobile native applications, the OAuth working group has published the “OAuth 2.0 for Na- tive Apps” documentation dedicated to assist mobile native application developers. Recently, the OAuth working group released AppAuth SDK to support mobile native application developers in the secure implementation of access delegation and single sign-on login solutions within mobile native applications. It enables mobile native applications to authorize and authenticate users by communicating with OAuth and OpenID Connect providers, beside embedding the security and usability best current practices described in [DB17]. We thus perform a comprehensive analysis to investigate the compliance with the best current practices of the main OAuth and OpenID Connect providers and top-ranked Google Play Store applications. Our analysis shows that 7 out of 14 providers, and 5 out of 87 top-ranked Google Play Store applications are fully compliant with the best current practices and none of the Google Play Store applications use AppAuth SDK. We conjecture that the root-causes of the non-compliant solutions are different for OAuth and OpenID Connect providers and Google Play Store applications. Concerning providers, they might be aware of these best current practices violations and their non-compliant solutions can be due to legacy reasons. Concerning Google Play Store applications, their non-compliant solutions can be due to the following: (i) the best current practices documents for OAuth and OpenID Connect are sparse, and mobile native application developers may be either unaware of them or misinterpret them as they are not (necessarily) security expert, (ii) lack of the best current practices adoption by OAuth and OpenID Connect providers that leads to the difficulty in integration of AppAuth SDK within mobile native applications. In addition, even in the case of compliant OAuth and OpenID Connect providers, the mobile native application developers still need to properly configure the AppAuth SDK and write the secure code to invoke the SDK properly within their mobile native applications, which is not a daunting task, and (iii) the pressure on mobile native application developers to provide new functionalities for the mobile native applications may result in prioritizing the functionality over the security—as performing a risk as- assessment procedure is a complex task in the context of OAuth and OpenID Connect solutions—they could not have the resources to perform a risk assessment procedure. The above-mentioned problems motivate us to propose methodologies to assist mobile native application developers with the secure implementation of OAuth and OpenID Connect solutions within their mobile native applications. To this aim, we provide a reference model for OAuth and OpenID Connect solutions by utilizing the extracted information from various documents that can be used within a risk as- assessment approach to enable mobile native application developers with an informed decision w.r.t. their implementation choices. In addition, we design a wizard-based approach and implement it within an Android Studio plugin called mIDAssistant that assists mobile native application developers with automatic integration of the core functionalities and ensures the enforcement of the best current practices by leveraging AppAuth SDK. The effectiveness of our approach has been verified in several real-world scenarios (e.g., pull printing), research and innovation projects (e.g., the EIT Digital activity API Assistant), and in the context of industrial collaborations (Poste Italiane, IPZS). Furthermore, we had the opportunity to present our work to the OAuth working group experts (during the OAuth Security Workshop), and they have shown interest in our approach.

Third-party authentication services are becoming more common since it eases the login procedure by not forcing users to create a new login for every website thatuses authentication. Even though it simplifies the login procedure the users still have to be conscious about what data is being shared between the identity provider (IDP) and the relying party (RP). This thesis presents a tool for collecting data about third-party authentication that outperforms previously made tools with regards to accuracy, precision and recall. The developed tool was used to collect information about third-party authentication on a set of websites. The collected data revealed that third-party login services offered by Facebook and Google are most common and that Twitters login service is significantly less common. Twitter's login service shares the most data about the users to the RPs and often gives the RPs permissions to perform write actions on the users Twitter account.  In addition to our large-scale automatic data collection, three manual data collections were performed and compared to previously made manual data collections from a nine-year period. The longitudinal comparison showed that over the nine-year period the login services offered by Facebook and Google have been dominant.It is clear that less information about the users are being shared today compared to earlier years for Apple, Facebook and Google. The Twitter login service is the only IDP that have not changed their permission policies. This could be the reason why the usage of the Twitter login service on websites have decreased.  The results presented in this thesis helps provide a better understanding of what personal information is exchanged by IDPs which can guide users to make well educated decisions on the web.

As software systems become increasingly larger and more complex, the need to make them easily maintained increases, as large systems are expected to last for many years. It has been estimated that system maintenance is a large part of many IT-departments’ software develop­ment costs. In order to design a complex system to be maintainable it is necessary to introduce structure, often as models in the form of a system architecture and a system design. As development of complex large-scale systems progresses over time, the models may need to be reconstructed. Perhaps because development may have diverted from the initial plan, or because changes had to be made during implementation. This thesis presents a reconstructed documentation of a complex large-scale system, as well as suggestions for how to improve the existing design based on identified needs and insufficiencies. The work was performed primarily using a qualitative manual code review approach of the source code, and the proposal was generated iteratively. The proposed design was evaluated and it was concluded that it does address the needs and insufficiencies, and that it can be realistically implemented.

Nous présentons dans cette thèse les évolutions apportées au solveur Galerkin Discontinu Teta-CLAC, issu de la collaboration IRMA-AxesSim, au cours du projet HOROCH (2015-2018). Ce solveur permet de résoudre les équations de Maxwell en 3D, en parallèle sur un grand nombre d'accélérateurs OpenCL. L'objectif du projet HOROCH était d'effectuer des simulations de grande envergure sur un modèle numérique complet de corps humain. Ce modèle comporte 24 millions de mailles hexaédriques pour des calculs dans la bande de fréquences des objets connectés allant de 1 à 3 GHz (Bluetooth). Les applications sont nombreuses : téléphonie et accessoires, sport (maillots connectés), médecine (sondes : gélules, patchs), etc. Les évolutions ainsi apportées comprennent, entre autres : l'optimisation des kernels OpenCL à destination des CPU dans le but d'utiliser au mieux les architectures hybrides ; l'expérimentation du runtime StarPU ; le design d'un schéma d'intégration à pas de temps local ; et bon nombre d'optimisations permettant au solveur de traiter des simulations de plusieurs millions de mailles
In this thesis, we present the evolutions made to the Discontinuous Galerkin solver Teta-CLAC – resulting from the IRMA-AxesSim collaboration – during the HOROCH project (2015-2018). This solver allows to solve the Maxwell equations in 3D and in parallel on a large amount of OpenCL accelerators. The goal of the HOROCH project was to perform large-scale simulations on a complete digital human body model. This model is composed of 24 million hexahedral cells in order to perform calculations in the frequency band of connected objects going from 1 to 3 GHz (Bluetooth). The applications are numerous: telephony and accessories, sport (connected shirts), medicine (probes: capsules, patches), etc. The changes thus made include, among others: optimization of OpenCL kernels for CPUs in order to make the best use of hybrid architectures; StarPU runtime experimentation; the design of an integration scheme using local time steps; and many optimizations allowing the solver to process simulations of several millions of cells

For 500 years transient light phenomena (TLP) have been observed on the lunar surface by ground-based observers. The actual physical reason for most of these events is today still unknown. Current plans of NASA and SpaceX to send astronauts back to the Moon and already successful deep-space CubeSat mission will allow in the future research nanosatellite missions to the cislunar space. This thesis presents a new hardware and software concept for a future payload on such a nanosatellite. The main task was to develop and implement a high-performance image processing algorithm which task is to detect short brightening flashes on the lunar surface. Based on a review of historic reported phenomena, possible explanation theories for these phenomena and currently active and planed ground- or space-based observatories possible reference scenarios were analyzed. From the presented scenarios one, the detection of brightening events was chosen and requirements for this scenario stated. Afterwards, possible detectors, processing computers and image processing algorithms were researched and compared regarding the specified requirements. This analysis of available algorithm was used to develop a new high-performance detection algorithm to detect transient brightening events on the Moon. The implementation of this algorithm running on the processor and the internal GPU of a MacMini achieved a framerate of 55 FPS by processing images with a resolution of 4.2 megapixel. Its functionality and performance was verified on the remote telescope operated by the Chair of Space Technology of the University of Würzburg. Furthermore, the developed algorithm was also successfully ported on the Nvidia Jetson Nano and its performance compared with a FPGA based image processing algorithm. The results were used to chose a FPGA as the main processing computer of the payload. This concept uses two backside illuminated CMOS image sensor connected to a single FPGA. On the FPGA the developed image processing algorithm should be implemented. Further work is required to realize the proposed concept in building the actual hardware and porting the developed algorithm onto this platform.

碩士
明新科技大學
資訊管理系碩士班
104
With the rapid development of Internet and wireless networks, people can access a variety of cloud services anytime anywhere through Internet using various Internet-enabled devices. To simplify the user login process, many cloud services provide single sign-on mechanisms that allow users to login using their existing large sites accounts without creating new accounts. Public cloud network environment is vulnerable to various attacks such as eavesdropping, modification or misuse; authentication, capable of stopping illegal users from accessing cloud services, is an important foundation of cloud computing security; adequate security is needed to prevent those problems. The thesis analyzes security and privacy requirements of user authentication in cloud computing, examines the problems of single sign-on mechanisms – OpenID Connect, then proposes solutions. Finally, a website with single sign-on mechanism OpenID Connect is constructed and those security problems users might encounter during login are tested. Hope that the risks of user authentication in cloud computing should be understood in more detail, and the users’ confidence in adopting cloud services can thus be increased. The development of cloud computing can be fostered.

Orientação: José Quintino Rogado
Atualmente é um fato admitido que os sistemas informáticos estão cada vez mais presentes no dia-a-dia dos cidadãos, tendo assumido um papel fundamental nas suas vidas. O seu constante e rápido crescimento tem-se generalizado através do desenvolvimento de múltiplas aplicações disponíveis na Web ou destinadas a dipositivos móveis, que facilitam as suas tarefas diárias e estabelecem inclusivamente novos meios de interação social. De forma a garantir a identidade e a privacidade dos seus utilizadores, a maioria destas aplicações requerem autenticação, sejam elas aplicações nativas dos sistemas operativos, aplicações móveis ou aplicações orientadas para a Web. Como tem sido amplamente divulgado [1], os métodos tradicionais de autenticação apresentam inúmeras fragilidades, quer nos requisitos de segurança com que são concebidos, quer pelo facto de obrigarem os utilizadores a memorizar inúmeras credenciais, distintas para cada aplicação. No sentido de mitigar este problema, atualmente existem várias soluções que permitem aos utilizadores usar um único conjunto de credenciais, armazenadas num único Provedor de Identidade, que podem ser utilizadas para aceder a múltiplas plataformas, sem necessidade de autenticação adicional. Embora constitua uma comodidade indiscutível, esta abordagem tornam os utilizadores extremamente dependentes dos grandes ‘players’ da Internet, que geralmente fornecem os seus serviços em troca da exploração dos dados dos utilizadores, para fins comerciais. Este trabalho tem por objetivo demonstrar, com base no conhecimento adquirido e numa prova de conceito original desenvolvida especificamente, que ainda existe evolução possível nesta área, integrando duas tecnologias atuais, o protocolo OPenID Connect e o Cartão de Cidadão Nacional que, conjugadas, permitem criar um método de autenticação pessoal forte e seguro, que pode ser completamente gerido pelo utilizador.
It is currently a well-known fact that computer systems are increasingly present in citizens' daily life and have played a key role in their lives. Its constant and rapid growth has been generalized through the development of multiple applications available on the Web or intended for mobile devices, which facilitate their daily tasks and even establish new means of social interaction. In order to ensure the identity and privacy of your users, most of these applications require authentication, whether they are native applications of operating systems, mobile applications or web applications. As has been widely publicized [1] traditional authentication methods present numerous weaknesses both in the security requirements with which they are designed and in requiring users to store countless different credentials for each application. In order to mitigate this problem, several solutions currently exist that allow users to use a single set of credentials, stored in a single Identity Provider, that can be used to access multiple platforms without the need for additional authentication. However, while it is an indisputable convenience, this approach makes users extremely dependent on the major Internet players, who generally provide their services in return for the exploitation of user data for commercial purposes. This paper aims to demonstrate, based on the knowledge acquired and a specifically developed original proof of concept, that there is still possible evolution in this area, integrating two current technologies, the OpenID Connect protocol and the ‘Cartão Cidadão’ that, together, allow to create a strong and secure personal authentication method that can be completely managed by the user.

У дипломній роботі проведено комплексне дослідження методів та засобів аутентифікації особи та наведено сфери їх застосування. На основі проведених досліджень було проаналізовано сучасні методи аутентифікації користувачів веб-орієнтованих комп’ютерних систем. Досліджено технології аутентифікації користувачів веб-орієнтованих комп’ютерних систем. Було обрано та розглянуто середовище проектування системи. На основі обраної моделі протоколу аутентифікації розроблено алгоритми роботи та спроектовано систему аутентифікації користувачів веб-орієнтованих комп’ютерних систем. На базі програмної реалізації проведено тестування та дослідження ефективності та стабільності роботи.

碩士
中原大學
應用數學研究所
99
With the human need in life, the civilizations were changed, and the development of technology and science. The invention of the computer was of great benefit to humanity. The computer appears to solved many kind of problems on computing. The “ Chess Game ” was evolved by computer science, and had their own system. The computer chess game usually have three phases, including opening database, endgame database, and midgame search. In this paper, we focus on the opening book system for computer Connect6. At the beginning of the system built that should be collection chess manual and do knowledge as possible, and then construct a useful opening book system. Therefore, on the base of the opening book system, the midgame can have more information to do search and do well on moves choose.

Connected-Component-Labeling (CCL) für 2D-Bilddaten ist ein bekanntes Problem im Bereich der Bildverarbeitung. Ziel ist es, zusammenhängende Pixelgruppen mit gleichen Eigenschaften zu erkennen und mit einem eindeutigen Label zu versehen. Zur Lösung von CCL-Problemen für 2D-Bilddaten werden sowohl sequentielle als auch parallele Algorithmen untersucht. Unter den bekannten Algorithmen gibt es solche, die asymptotisch optimale Eigenschaften besitzen. Speziell für den Bereich der Bildverarbeitung interessant sind außerdem auf Konturierung basierende Algorithmen. Die zusätzlich extrahierten Konturen können z.B. für die Buchstabenerkennung genutzt werden. Seit der jüngeren Vergangenheit werden Grafikprozessoren (GPUs) mit großem Erfolg für allgemeines Computing eingesetzt. So existieren auch mehrere Implementationen von Connected-Component-Labeling-Algorithmen für GPUs, welche im Vergleich mit Varianten für CPUs oft deutlich schneller sind. Diese GPU-basierten Ansätze verarbeiten typischerweise das Pixelgitter direkt. Im Rahmen der vorliegenden Arbeit werden mehrere neue parallele CCL-Algorithmen vorgeschlagen, welche auf Konturen basieren und sowohl für GPUs als auch für Multicore-CPUs geeignet sind. Diese werden experimentell mit Implementationen aus der Literatur unter Verwendung aktueller GPUs und CPUs verglichen. Dabei erreichen in vielen Fällen die vorgeschlagenen Techniken ein besseres Laufzeitverhalten. Das ist auf GPUs insbesondere dann besonders deutlich, wenn sich die evaluierten Datensätze durch einen geringen Anteil von Konturen im Vergleich zur Fläche der Connected-Components auszeichnen.