Challenges in using cryptography - End-user and developer perspectives

"Encryption is hard for everyone" is a prominent result of the security and privacy research to date. Email users struggle to encrypt their email, and institutions fail to roll out secure communication via email. Messaging users fail to understand through which most secure channel to send their most sensitive messages, and developers struggle with implementing cryptography securely. To better understand how to support actors along the pipeline of developing, implementing, deploying, and using cryptography effectively, I leverage the human factor to understand their challenges and needs, as well as opportunities for support. To support research in better understanding developers, I created a tool to remotely conduct developer studies, specifically with the goal of better understanding the implementation of cryptography. The tool was successfully used for several published developers studies. To understand the institutional rollout of cryptography, I analyzed the email history of the past 27 years at Leibniz University Hannover and measured the usage of email encryption, finding that email encryption and signing is hardly used even in an institution with its own certificate authority. Furthermore, the usage of multiple email clients posed a significant challenge for users when using S/MIME and PGP. To better understand and support end users, I conducted several studies with different text disclosures, icons, and animations to find out if users can be convinced to communicate via their secure messengers instead of switching to insecure alternatives. I found that users notice texts and animations, but their security perception did not change much between texts and visuals, as long as any information about encryption is shown. In this dissertation, I investigated how to support researchers in conducting research with developers; I established that usability is one of the major factors in allowing developers to implement the functions of cryptographic libraries securely; I conducted the first large scale analysis of encrypted email, finding that, again, usability challenges can hamper adoption; finally, I established that the encryption of a channel can be effectively communicated to end users. In order to roll out secure use of cryptography to the masses, adoption needs to be usable on many levels. Developers need to be able to securely implement cryptography, and user communication needs to be either encrypted by default, and users need to be able to easily understand which communication' encryption protects them from whom. I hope that, with this dissertation, I show that, with supporting humans along the pipeline of cryptography, better security can be achieved for all

Characteristic retinal atrophy pattern allows differentiation between pediatric MOGAD and MS after a single optic neuritis episode.

BACKGROUND Optic neuritis (ON) is the most prevalent manifestation of pediatric multiple sclerosis (MSped) and myelin-oligodendrocyte glycoprotein antibody-associated disease (MOGADped) in children > 6 years. In this study, we investigated retinal atrophy patterns and diagnostic accuracy of optical coherence tomography (OCT) in differentiating between both diseases after the first ON episode. METHODS Patients were retrospectively identified in eight tertial referral centers. OCT, VEP and high/low-contrast visual acuity (HCVA/LCVA) have been investigated > 6 months after the first ON. Prevalence of pathological OCT findings was identified based on data of 144 age-matched healthy controls. RESULTS Thirteen MOGADped (10.7 ± 4.2 years, F:M 8:5, 21 ON eyes) and 21 MSped (14.3 ± 2.4 years, F:M 19:2, 24 ON eyes) patients were recruited. We observed a significantly more profound atrophy of both peripapillary and macular retinal nerve fiber layer in MOGADped compared to MSped (pRNFL global: 68.2 ± 16.9 vs. 89.4 ± 12.3 µm, p < 0.001; mRNFL: 0.12 ± 0.01 vs. 0.14 ± 0.01 mm3, p < 0.001). Neither other macular layers nor P100 latency differed. MOGADped developed global atrophy affecting all peripapillary segments, while MSped displayed predominantly temporal thinning. Nasal pRNFL allowed differentiation between both diseases with the highest diagnostic accuracy (AUC = 0.902, cutoff < 62.5 µm, 90.5% sensitivity and 70.8% specificity for MOGADped). OCT was also substantially more sensitive compared to VEP in identification of ON eyes in MOGAD (pathological findings in 90% vs. 14%, p = 0.016). CONCLUSION First MOGAD-ON results in a more severe global peripapillary atrophy compared to predominantly temporal thinning in MS-ON. Nasal pRNFL allows differentiation between both diseases with the highest accuracy, supporting the additional diagnostic value of OCT in children with ON

Characteristic retinal atrophy pattern allows differentiation between pediatric MOGAD and MS after a single optic neuritis episode

Optical coherence tomography; Optic neuritis; Pediatric patientsTomografía de coherencia óptica; Neuritis óptica; Pacientes pediátricosTomografia de coherència òptica; Neuritis òptica; Pacients pediàtricsBackground Optic neuritis (ON) is the most prevalent manifestation of pediatric multiple sclerosis (MSped) and myelin-oligodendrocyte glycoprotein antibody-associated disease (MOGADped) in children > 6 years. In this study, we investigated retinal atrophy patterns and diagnostic accuracy of optical coherence tomography (OCT) in differentiating between both diseases after the first ON episode. Methods Patients were retrospectively identified in eight tertial referral centers. OCT, VEP and high/low-contrast visual acuity (HCVA/LCVA) have been investigated > 6 months after the first ON. Prevalence of pathological OCT findings was identified based on data of 144 age-matched healthy controls. Results Thirteen MOGADped (10.7 ± 4.2 years, F:M 8:5, 21 ON eyes) and 21 MSped (14.3 ± 2.4 years, F:M 19:2, 24 ON eyes) patients were recruited. We observed a significantly more profound atrophy of both peripapillary and macular retinal nerve fiber layer in MOGADped compared to MSped (pRNFL global: 68.2 ± 16.9 vs. 89.4 ± 12.3 µm, p < 0.001; mRNFL: 0.12 ± 0.01 vs. 0.14 ± 0.01 mm3, p < 0.001). Neither other macular layers nor P100 latency differed. MOGADped developed global atrophy affecting all peripapillary segments, while MSped displayed predominantly temporal thinning. Nasal pRNFL allowed differentiation between both diseases with the highest diagnostic accuracy (AUC = 0.902, cutoff < 62.5 µm, 90.5% sensitivity and 70.8% specificity for MOGADped). OCT was also substantially more sensitive compared to VEP in identification of ON eyes in MOGAD (pathological findings in 90% vs. 14%, p = 0.016). Conclusion First MOGAD-ON results in a more severe global peripapillary atrophy compared to predominantly temporal thinning in MS-ON. Nasal pRNFL allows differentiation between both diseases with the highest accuracy, supporting the additional diagnostic value of OCT in children with ON.Open Access funding enabled and organized by Projekt DEAL. No

Temporal Impacts of Problematic Social Media Content on Perceived Employee Hirability

Job applicants’ social media postings and presence can impact employers’ perceptions during the hiring process. The current study expands this line of inquiry, exploring the effects of both message characteristics (i.e. post temporality) and individual characteristics (i.e. hiring manager’s view about individuals’ ability to change over time). Results of a 2 (problematic content: present v. absent) × 3 (post temporality: recent v. 2 years ago v. 5 years ago) experiment (N = 220) revealed the negative main effect of the presence of problematic social media content was moderated by the temporality of the post: More recent posts more substantively impacted perceptions of person-job fit. This moderation effect was further moderated by the manager’s incrementalism: the belief people’s personalities can change over time. Similar patterns of effects were not identified for broader perceptions of the applicant’s general employability

ONTOLOGICAL META-ANALYSIS AND SYNTHESIS OF HIPAA

We present ontological meta-analysis and synthesis of HIPAA (Health Insurance Portability and Accountability Act) as a method for reviewing, mapping, and visualizing the research literature in the domain cumulatively, logically, systematically, and systemically. The method will highlight the domain\u27s bright spots which are heavily emphasized, the light spots which are lightly emphasized, the blind spots which have been overlooked, and the blank spots which may never be emphasized. It will highlight the biases and asymmetries in the domain\u27s research; the research can then be realigned to make it stronger and more effective. We present an ontology for HIPAA, map the literature onto the ontology, and highlight its bright, light, and blank/blind spots in an ontological map. We conclude with a discussion of how such a map can be used to realign HIPAA research and practice

The Transparent Trap: A Multidisciplinary Perspective on the Design of Transparent Online Disclosures in the EU

This is the author accepted manuscript. The final version is available from Springer via the DOI in this record.In its drive to prevent market failures and safeguard consumers, the European legislator has embraced the information approach. In the context of online trade, this requires online traders to disclose ever-growing amounts of information to consumers regarding contract terms, the handling of their personal information, and the use of cookies on the trader’s website, to name just a few of the areas involved. However, whilst adopting substantive information obligations for traders, the European legislator still tends to disregard scholarship on effective information design. This paper recommends empirically tested, interdisciplinary criteria for the design of effective disclosures online, with a focus on their application in the EU. Without clear guidance as to how disclosures should be formulated, traders are left open to accidental or purposeful obfuscation.This research is funded by the DFG (German Research Foundation; project number: WU 824/1-1). It is part of the research project “The ABC of Online Disclosure Duties. Towards a More Uniform Assessment of the Transparency of Consumer Information in Europe” funded by the DFG and the NWO, Netherlands Organisation for Scientific Research under the Open Research Area for the Social Sciences funding program. We sincerely thank Marco Loos and Mia Junuzović, who are also participating in this project, as well as the anonymous reviewers for their valuable comments and suggestions. We also thank participants of workshops where we presented this paper for their feedback. All authors contributed equally to the paper