A Framework to Reveal Clandestine Organ Trafficking in the Dark Web and Beyond

Due to the scarcity of transplantable organs, patients have to wait on long lists for many years to get a matching kidney. This scarcity has created an illicit market place for wealthy recipients to avoid long waiting times. Brokers arrange such organ transplants and collect most of the payment that is sometimes channeled to fund other illicit activities. In order to collect and disburse payments, they often resort to money laundering-like schemes of money transfers. As the low-cost Internet arrives in some of the affected countries, social media and the dark web are used to illegally trade human organs. This paper presents a model to assess the risk of human organ trafficking in specific areas and shows methods and tools to discover digital traces of organ trafficking using publicly available tools

Effects of eight neuropsychiatric copy number variants on human brain structure

Many copy number variants (CNVs) confer risk for the same range of neurodevelopmental symptoms and psychiatric conditions including autism and schizophrenia. Yet, to date neuroimaging studies have typically been carried out one mutation at a time, showing that CNVs have large effects on brain anatomy. Here, we aimed to characterize and quantify the distinct brain morphometry effects and latent dimensions across 8 neuropsychiatric CNVs. We analyzed T1-weighted MRI data from clinically and non-clinically ascertained CNV carriers (deletion/duplication) at the 1q21.1 (n = 39/28), 16p11.2 (n = 87/78), 22q11.2 (n = 75/30), and 15q11.2 (n = 72/76) loci as well as 1296 non-carriers (controls). Case-control contrasts of all examined genomic loci demonstrated effects on brain anatomy, with deletions and duplications showing mirror effects at the global and regional levels. Although CNVs mainly showed distinct brain patterns, principal component analysis (PCA) loaded subsets of CNVs on two latent brain dimensions, which explained 32 and 29% of the variance of the 8 Cohen’s d maps. The cingulate gyrus, insula, supplementary motor cortex, and cerebellum were identified by PCA and multi-view pattern learning as top regions contributing to latent dimension shared across subsets of CNVs. The large proportion of distinct CNV effects on brain morphology may explain the small neuroimaging effect sizes reported in polygenic psychiatric conditions. Nevertheless, latent gene brain morphology dimensions will help subgroup the rapidly expanding landscape of neuropsychiatric variants and dissect the heterogeneity of idiopathic conditions

A metric to assess the trustworthiness of certificate authorities

In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by public key infrastructures. One of the key criticisms is the architecture’s implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a metric to compensate this assumption by a differentiating assessment of a CA’s individual trustworthiness based on objective criteria. The metric utilizes a wide range of factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection. The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA’s different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric’s outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model.In der jüngeren Vergangenheit führte eine Reihe von Sicherheitsvorfällen zu Skepsis bezüglich des momentan etablierten Vertrauensmodells von Public-Key-Infrastrukturen. Einer der Hauptkritikpunkte ist dabei die implizite Annahme, dass Zertifizierungsstellen (CAs) a priori vertrauenswürdig sind. Diese Arbeit stellt eine Metrik vor, welche diese Annahme durch eine differenzierte Beurteilung der individuellen Vertrauenswürdigkeit einer CA auf Basis objektiver Kriterien kompensieren soll. Hierfür bedient sie sich einer Vielzahl verschiedener Faktoren aus technischen Richtlinien und Forschungsarbeiten. Die Metrik besteht aus in sich abgeschlossenen Submetriken. Diese ermöglichen eine einfache Erweiterung des bestehenden Kriterienkatalogs. Der Fokus liegt dabei auf Aspekten, welche durch praktisch anwendbare, unabhängige Methoden der Datenerhebung beurteilt werden können. Die Metrik ist dafür vorgesehen, Organisationen, Dienstleistern und Einzelpersonen bei der Entscheidung zu helfen, welchen CAs sie trauen und welchen sie nicht trauen sollten. Die modularisierten Submetriken sind dafür in themenverwandte Gruppen unterteilt, welche verschiedene Eigenschaften und Aufgaben der CAs abdecken. Durch eine individuelle Gewichtung der einzelnen Submetrik-Gruppen kann die Metrik an Hand eines beispielhaften Angreifer-Modells an maßgeschneiderte Schutzbedarfe angepasst werden

MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness

Public key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a holistic metric to compensate this assumption by a differentiating assessment of a CA's individual trustworthiness based on objective criteria. The metric utilizes a wide range of technical and non-technical factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection. The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA's different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric's outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model

MERCAT: A metric for the evaluation and reconsideration of certificate authority trustworthiness

Public key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a holistic metric to compensate this assumption by a differentiating assessment of a CA's individual trustworthiness based on objective criteria. The metric utilizes a wide range of technical and non-technical factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection. The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA's different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric's outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model