E-mail phishing attacks remain one of the most significant challenges in IT security and are often used for initial access. Many organizations rely on phishing simulations to educate their staff to recognize suspicious e-mails. Previous studies have analyzed the effectiveness of these phishing simulations, with mixed findings. However, the perception of and attitudes towards phishing simulations among staff have received little to no attention.

This paper presents findings from a study that we carried out in cooperation with a multinational company that conducted phishing simulations over more than 12 months. We first conducted a quantitative survey involving 757 employees and then qualitative interviews with 22 participants to gain deeper insights into the perception of phishing simulations and the corresponding e-learning. We could not find evidence that employees feel attacked by their organisation as previous studies suspected. On the contrary, we found that a majority (86.9 %) have a positive or very positive attitude towards phishing simulations. The interviews revealed that some employees developed new routines for e-mail processing, but most describe themselves as having become more vigilant without concrete changes. Furthermore, we found evidence that phishing simulations create a false sense of security, as the employees feel protected by them. Additionally, lack of communication and feedback can negatively impact employees’ attitude and lead to adverse consequences. Finally, we show that only a small portion of the employees who clicked on the phishing website interacted with the interactive e-learning elements, which raises questions about its objective usefulness, although they are perceived as useful.

Virtual Private Networks (VPNs) provide confidentiality and hide the original IP address. Although many VPN providers promise not to record user activity, several media reports of data breaches show that this is often not true. Tor, on the other hand, allows anonymous communication using onion routing and takes privacy and anonymity seriously, but at the cost of performance loss. What is missing is a sweet spot between VPNs and anonymization networks that supports bulk downloads and video streaming but provides countermeasures against untrusted VPN providers and Autonomous System (AS)-level attackers.

In this paper, we present OnionVPN, an onion routing-based VPN tunnel, that provides better bulk transfer performance than Tor and offers additional security features over a VPN: (1) intermediate VPN nodes see only encrypted traffic, (2) protection against AS-level attackers with a new path selection algorithm, and (3) onion services with a novel cryptographic NAT traversal algorithm using the Noise protocol framework. We analyze 118 VPN providers, systematically compare them to our requirements and show that OnionVPN is currently possible with three VPN providers. An alternative to Tor for bulk traffic could relieve the Tor network and provide a better experience for other users who need higher privacy and anonymity features.

In today's dynamic business landscape, efficient supply chain management is crucial for maintaining competitiveness and sustainability. Traditional methods often lead to fragmented processes, lack of transparency, communication gaps, and increased operational costs. This research addresses these challenges through a case study, literature review, and comparative analysis, proposing a software platform solution named SuppliFlow. The study integrates insights from various sectors, including e-commerce, to explore Digital Supply Networks, Distribution Management, Integrated Supply Chain Management, and sustainability practices aligned with the Circular Economy. It also advances the concept of Supply Chain as a Service. This research develops customizable workflows within SuppliFlow, designed to cater to specific supply chain requirements from procurement to delivery. The integration of the Beckn Protocol, an open-source data protocol, is examined for its potential to establish decentralized networks and secure transactions. The study also investigates real-time order tracking and consolidated payments for financial and data management efficiencies. A SuppliFlow prototype tailored for assembly service providers was created and tested to assess its effectiveness in standardizing procurement-to-delivery processes. The findings indicate that SuppliFlow can enhance supply chain efficiency, reduce operational costs, and improve visibility. This research contributes to supply chain management by presenting a novel approach through the development and testing of SuppliFlow. The implications suggest potential pathways for future research and practical applications in improving organizational performance in the global marketplace.

This driving simulator study explores which kind and amount of non-driving-related animations can be implemented in cars’ front displays without causing significant driver distraction. While in recent years, a large amount of research has been conducted on how driving-relevant information must be displayed to capture the driver’s attention, the question on how non-driving-related animations can be conveyed in front displays without compromising the driver’s attention has rarely been addressed. However, due to the omnipresence of digital displays in present-day vehicles combined with observable efforts of vehicle manufacturers to increase the visual design appeal, the topic currently gains practical relevance. N = 53 participants were presented 16 animations that differed in stimulus salience features like fade-in time, brightness, target color, as well as internal and external movement. These animations were either displayed in the Cluster display or in the Central Infotainment Display (CID) and they were all irrelevant to the three driver tasks: To follow a lead vehicle (Car Following Task), perform a visual Detection Response Task (vDRT) and, optionally, react to a small set of driving-relevant info texts. In Test Drive 1, texts appeared in the Cluster only, whereas Test Drive 2, they appeared in both the Cluster and the CID. This was done to alter the task relevance of the two locations. Although a general effect of animations on vDRT performance could be observed across all study parts, this was with the exception of slow fading-in animations and other factors such as reduced brightness, target color, and the object size in the animation. Additionally, in Test Drive 1 a location effect could be observed: Animations displayed in the Cluster display led to a reduced vDRT performance when compared to animations that were displayed in the more distant CID. This effect disappeared when driving-relevant information texts were introduced to the CID in Test Drive 2. Taken together, visual attention was more vulnerable to animations of increased salience and to animations at lower-effort locations - an effect that can be moderated when the value of a more distant location is increased. The resulting design recommendations may be used to consider the risk of distractive features throughout the whole design process of in-car animations, reducing development costs, maximizing driving safety and providing a positive user experience.

Mid-sized thermal energy storage (TES) systems, especially in the distributed sector, have received little attention for public buildings. Validation of such systems, especially for the use of multiple renewables with different operating modes using CFD simulations, is still pending. The objective of this study is to validate a CFD model for the operation of complex and mid-sized TES systems for simultaneous charging and discharging cycles to enable investigations on optimized operating modes, geometric optimizations, and predictive charging and discharging scenarios. For this purpose, the 60 m3 local heating storage of Großbardorf, Germany, was used to obtain real-time operating conditions and in-situ temperature distribution data. Charging and discharging cycles as well as combined scenarios were calculated and compared with the experimentally determined dynamics of the thermocline. Simulations were performed using the open-source tool OpenFOAM® with the single-phase transient solver buoyantPimpleFoam in laminar and turbulent modes, including ambient heat losses. Good agreement was found between simulated and experimental data, especially in the regions of layer transitions with a RMSE of 1.2 ℃ or less over the entire observation period. It is shown how the validation allows further improvements and optimizations of TES with greater confidence. In particular, for research on the efficient use of multiple, fluctuating renewable energies and the increase of self-sufficiency in the decentralized sector, a demand-optimized charging and discharging layout is presented for a mid-sized TES to be installed at the new Institute for Hydrogen and Energy Technology (iwe) at Hof University of Applied Sciences. By conducting research in facilities such as the iwe, this approach will not only create opportunities for the future deployment of renewable energy storage and related systems, but also highlight the importance of decarbonization in the decentralized sector.

Trusted Execution Environments (TEEs) are widely available, allowing the isolation of security-sensitive trusted services from an untrusted commodity OS. Driven by manifold use cases, more and more trusted services requiring network connectivity are developed. Typically, the traffic of trusted services is routed through the OS, while cryptography ensures confidentiality and integrity. However, the extent to which TEEs can also help to provide network availability for trusted services remains underexplored. We introduce Conditional Network Availability (CNA) as a novel concept for TEE-based networking, ensuring that a trusted service can process network traffic, whenever the potentially malicious OS can do so. Our concept prevents an attacker from monopolizing the network channel (e.g., for a botnet campaign). TEE-based remote device management, system monitoring, and intrusion detection systems can profit from our concept. Proposing a split-driver model, we implement a proof-of-concept on real hardware, multiplexing a complex Ethernet interface between the OS and the ARM TrustZone TEE. Our evaluation shows that our system achieves near-native throughput while keeping the additions to the TCB small.

Background

The Migraine Disability Assessment (MIDAS) is widely used. However, there are limited data on how much a reduction in the MIDAS score indicates a change that matters to the patient.

Methods

Data from the DMKG (i.e. German Migraine and Headache Society) Headache Registry were used to determine the minimal important difference (MID) of the MIDAS, using the Patient Global Impression of Change (PGIC) as anchor and applying average change and receiver operating characteristic curve methods.

Results

In total, 1218 adult migraine patients (85.6% female, 40.2 ± 12.8 years, baseline MIDAS 44.2 ± 47.4, follow-up MIDAS 36.5 ± 45.3) were included. For patients with baseline MIDAS >20 (MIDAS grade IV, n = 757), different methods using PGIC “somewhat improved” as anchor yielded percent change MIDs of the MIDAS between −29.4% and −33.2%. For baseline MIDAS between 6 and 20 (grades II and III, n = 334), using PGIC “much improved” as anchor, difference change MIDs were between −3.5 and −4.5 points.

Conclusions

Based on the above results, we estimated the MID of the MIDAS at −30% for patients with a baseline MIDAS >20, and at −4 points for those with a baseline MIDAS of 6–20, for a tertiary headache care population.

Trial Registration

The DMKG Headache Registry is registered with the German Clinical Trials Register (DRKS 00021081).

In our project, we aimed to create historically authentic and vivid virtual representations of historic personalities that are connected to the regional Fichtelgebirge (Bavaria, Germany) to support the storytelling of our immersive XR applications. We are describing the tools in detail, the process of the tool chain and the resulting media. Next, we are discussing the challenges in media production like historical correctness and the consultation of historians. In order to create visual reproducibility we are explaining the detailed text prompts, their limitations and how to cope with resulting errors of the human physiognomy. Finally, we are briefly describing the application of the animated and talking generated historic characters in an immersive interactive WebXR environment. The XR experience is presented in web browsers on smartphones, tablets and XR headsets and the underlying software is based on the open-source framework Aframe. Our paper will describe the process, the results and the limitations in detail. Furthermore, we will provide a flow chart of the tool pipeline with visual examples of these aspects. The animations and voices of the historic characters will be demonstrated in videos of the XR application.

The manufacturing industry, driven by Industry 4.0, is experiencing a paradigm shift with the integration of collaborative robots (cobots). These cobots are essential for safe human-robot collaboration, requiring predictable trajectories in the task space. To address the complexity of interpolating key poses, this research introduces a novel C2-continuous interpolation scheme with unit dual quaternion pose representation. This scheme facilitates smooth, synchronized motion along a given set of key poses. Leveraging the algebraic efficiency and double cover property of unit dual quaternions, the proposed method provides improved computational efficiency and a user-friendly trajectory definition interface, which is particularly beneficial for non-expert users.

Large botnets like Mirai, with 600,000 infected devices, prove that cyber criminals have recognized the potential of attacks against the fast-growing Internet of Things. Moreover, recent critical vulnerabilities like Ripple20 and Amnesia:33 show that taking over a remote system via the network is a real threat. Alarmingly, modern strains of malware rely on exploiting such vulnerabilities to spread, with an increasing tendency. Hence, effective techniques to mitigate the consequences of modern IoT malware are necessary.To that end, we propose TeeFilter, a novel network filtering engine that allows manufacturers and operators of IoT devices to restrict the network traffic of their devices. By selectively executing parts of the network stack in a Trusted Execution Environment, TeeFilter remains untampered even if the operating system is compromised. The operators can specify filtering rules in an LLVM-compatible programming language and compile them into eBPF code. Subsequently, TeeFilter can load and enforce the rules. We formally verify the majority of TeeFilter for correctness and memory safety to eradicate whole classes of vulnerabilities and prototype our system on real hardware to show that the network overhead is negligible. Therefore, we believe that our system is an impactful step to enhance the resiliency of future IoT infrastructure.

Surfing is a complex sport that encounters the interaction between the surfer and the highly unsteady water hydrodynamic of ocean or river waves. With the availability of off-shore river waves or wave pools, it becomes more and more popular being included in the Olympic Games 2021 in Tokyo/Japan. To analyze the biomechanical characteristics of surfers, all forces that act on the surfer have to be measured which has not yet been done before.

Four pressure sensors were integrated water-tightly in a 3D-printed surfboard fin, each two sensors on opposite side. The fin was mounted at the rear end of a surf board on the left side of the centerline within a three-fin-configuration. The sensors were connected to a micro controller with micro SD-card within the board that performed and stored the measurement data with an acquisition rate of 27 Hz. For the measurements, a male surfer performed a set of turning maneuvers on an artificial river wave as shown in figure 2. Thereby, the surfer’s motion was recorded by a camera using frame-rate of 30 fps. The synchronization of the pressure and the video signals was achieved in a post-processing step.

The pressure signals showed a negative pressure difference between the inside sensors and the outside sensors at all surf maneuvers, see figure 3. It generated an outwardly directed force that becomes largest during the turns. The smallest pressure difference was detected on the surf-path from the left to right side of the wave or the other way around.

Taking both lateral fins into account, the pressure forces are contrarily directed apart from the surfboard. This arrangement generates the stabilizing effect of the board’s rear end which helps the surfer to keep the board on the desired track. Especially during the turns, the forces became largest giving the surfer a stable center of rotation at the rear end of the board. This stabilizing effect of surfboard fins was reported and observed in computational models [1,2,3]. The measurement of hydrodynamic forces enables to develop a biomechanical model of a surfer that show the characteristic biomechanic stress level peak and location within the surfer’s body.