PEASEC-Jahresbilanz 2023: Cyber-Rüstungskontrolle, Warn-Apps und Smart Farming (3 Promotionen), Dekansamt, SPS-Konferenz

@inproceedings{wursching_fido2_2023,
address = {New York, NY, USA},
series = {{CHI} '23},
title = {{FIDO2} the {Rescue}? {Platform} vs. {Roaming} {Authentication} on {Smartphones}},
url = {https://peasec.de/paper/2023/2023_WuerschingPutzHaeslerHollick_PlatformvsRoamingAuthenticationonSmartphones_CHI.pdf},
doi = {10.1145/3544548.3580993},
abstract = {Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.},
booktitle = {Proceedings of the {Conference} on {Human} {Factors} in {Computing} {Systems} ({CHI}) ({Best} {Paper} {Award})},
publisher = {Association for Computing Machinery},
author = {Würsching, Leon and Putz, Florentin and Haesler, Steffen and Hollick, Matthias},
year = {2023},
note = {event-place: Hamburg, HH, Germany},
keywords = {Security, UsableSec, HCI, Projekt-emergenCITY, A-Paper, AuswahlUsableSec, Ranking-CORE-A*},
}

@inproceedings{haesler_getting_2023,
address = {New York, NY, USA},
series = {{DIS} '23},
title = {Getting the {Residents}' {Attention}: {The} {Perception} of {Warning} {Channels} in {Smart} {Home} {Warning} {Systems}},
isbn = {978-1-4503-9893-0},
url = {https://peasec.de/paper/2023/2023_HaeslerWendelbornReuter_SmartHomeWarningSystems_DIS},
doi = {10.1145/3563657.3596076},
abstract = {About half a billion households are expected to use smart home systems by 2025. Although many IoT sensors, such as smoke detectors or security cameras, are available and governmental crisis warning systems are in place, little is known about how to warn appropriately in smart home environments. We created a Raspberry Pi based prototype with a speaker, a display, and a connected smart light bulb. Together with a focus group, we developed a taxonomy for warning messages in smart home environments, dividing them into five classes with different stimuli. We evaluated the taxonomy using the Experience Sampling Method (ESM) in a field study at participants' (N = 13) homes testing 331 warnings. The results show that taxonomy-based warning stimuli are perceived to be appropriate and participants could imagine using such a warning system. We propose a deeper integration of warning capabilities into smart home environments to enhance the safety of citizens.},
booktitle = {Proceedings of the {ACM} {Designing} {Interactive} {Systems} {Conference} ({DIS})},
publisher = {Association for Computing Machinery},
author = {Haesler, Steffen and Wendelborn, Marc and Reuter, Christian},
year = {2023},
note = {event-place: Pittsburgh, PA, USA},
keywords = {Student, Crisis, HCI, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, A-Paper, Ranking-CORE-A},
pages = {1114--1127},
}

@article{haunschild_preparedness_2023,
title = {Preparedness {Nudging} for {Warning} {Apps}? {A} {Mixed}-{Method} {Study} {Investigating} {Popularity} and {Effects} of {Preparedness} {Alerts} in {Warning} {Apps}},
volume = {172},
issn = {1071-5819},
url = {https://peasec.de/paper/2023/2023_HaunschildPauliReuter_NudgingWarningApps_IJHCS.pdf},
doi = {https://doi.org/10.1016/j.ijhcs.2023.102995},
abstract = {Warning apps are used by many to receive warnings about imminent disasters. However, their potential for increasing awareness about general hazards and for increasing preparedness is currently underused. With a mixed-method design that includes a representative survey of the German population, a design workshop and an app evaluation experiment, this study investigates users’ preferences regarding non-acute preparedness alerts’ inclusion in crisis apps and the effectiveness of Nudging in this context. The experiment shows that while the social influence nudge had no significant effect compared to the control group without a nudging condition, the confrontational nudge increased the number of taken recommended preparedness measures. The evaluation indicates that the preparedness alerts increased users’ knowledge and their motivation to use a warning app. This motivation is, in contrast, decreased when the messages are perceived as a disruption. While many oppose push notifications, favor finding persuasively designed preparedness advice in a separate menu or as an optional notification.},
journal = {International Journal on Human-Computer Studies (IJHCS)},
author = {Haunschild, Jasmin and Pauli, Selina and Reuter, Christian},
year = {2023},
keywords = {Student, Crisis, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, A-Paper, Selected, AuswahlCrisis, Ranking-ImpactFactor},
pages = {102995},
}

@article{bayer_multi-level_2023,
title = {Multi-{Level} {Fine}-{Tuning}, {Data} {Augmentation}, and {Few}-{Shot} {Learning} for {Specialized} {Cyber} {Threat} {Intelligence}},
issn = {0167-4048},
url = {https://peasec.de/paper/2023/2023_BayerFreyReuter_MultiLevelFineTuningForCyberThreatIntelligence_CS.pdf},
doi = {10.1016/j.cose.2023.103430},
abstract = {A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication},
journal = {Computers \& Security},
author = {Bayer, Markus and Frey, Tobias and Reuter, Christian},
year = {2023},
keywords = {Student, Security, Projekt-CYWARN, Projekt-CROSSING, A-Paper, Projekt-ATHENE, Ranking-ImpactFactor},
}

@article{riebe_privacy_2023,
title = {Privacy {Concerns} and {Acceptance} {Factors} of {OSINT} for {Cybersecurity}: {A} {Representative} {Survey}},
url = {https://petsymposium.org/popets/2023/popets-2023-0028.pdf},
doi = {https://doi.org/10.56553/popets-2023-0028},
abstract = {The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.},
number = {1},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Riebe, Thea and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Security, UsableSec, HCI, Projekt-ATHENE-FANCY, Projekt-CYWARN, A-Paper, AuswahlUsableSec, Ranking-CORE-A},
pages = {477--493},
}

@article{bayer_survey_2023,
title = {A {Survey} on {Data} {Augmentation} for {Text} {Classification}},
volume = {55},
url = {https://dl.acm.org/doi/pdf/10.1145/3544558},
doi = {10.1145/3544558},
abstract = {Data augmentation, the artificial creation of training data for machine learning by transformations, is a widely studied research field across machine learning disciplines. While it is useful for increasing a model's generalization capabilities, it can also address many other challenges and problems, from overcoming a limited amount of training data, to regularizing the objective, to limiting the amount data used to protect privacy. Based on a precise description of the goals and applications of data augmentation and a taxonomy for existing works, this survey is concerned with data augmentation methods for textual classification and aims to provide a concise and comprehensive overview for researchers and practitioners. Derived from the taxonomy, we divide more than 100 methods into 12 different groupings and give state-of-the-art references expounding which methods are highly promising by relating them to each other. Finally, research perspectives that may constitute a building block for future work are provided.},
number = {7},
journal = {ACM Computing Surveys (CSUR)},
author = {Bayer, Markus and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Crisis, Projekt-CYWARN, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, A-Paper, AuswahlKaufhold, Ranking-CORE-A*, Selected, AuswahlCrisis, Ranking-ImpactFactor},
pages = {1--39},
}

@article{reinhold_extrust_2023,
title = {{ExTRUST}: {Reducing} {Exploit} {Stockpiles} {With} a {Privacy}-{Preserving} {Depletion} {Systems} for {Inter}-{State} {Relationships}},
volume = {4},
url = {https://peasec.de/paper/2023/2023_ReinholdKuehnGuentherSchneiderReuter_ExTrust-ehem-BlockED_TTaS.pdf},
doi = {10.1109/TTS.2023.3280356},
abstract = {Cyberspace is a fragile construct threatened by malicious cyber operations of different actors, with vulnerabilities in IT hardware and software forming the basis for such activities, thus also posing a threat to global IT security. Advancements in the field of artificial intelligence accelerate this development, either with artificial intelligence enabled cyber weapons, automated cyber defense measures, or artificial intelligence-based threat and vulnerability detection. Especially state actors, with their long-term strategic security interests, often stockpile such knowledge of vulnerabilities and exploits to enable their military or intelligence service cyberspace operations. While treaties and regulations to limit these developments and to enhance global IT security by disclosing vulnerabilities are currently being discussed on the international level, these efforts are hindered by state concerns about the disclosure of unique knowledge and about giving up tactical advantages. This leads to a situation where multiple states are likely to stockpile at least some identical exploits, with technical measures to enable a depletion process for these stockpiles that preserve state secrecy interests and consider the special constraints of interacting states as well as the requirements within such environments being non-existent. This paper proposes such a privacy-preserving approach that allows multiple state parties to privately compare their stock of vulnerabilities and exploits to check for items that occur in multiple stockpiles without revealing them so that their disclosure can be considered. We call our system ExTRUST and show that it is scalable and can withstand several attack scenarios. Beyond the intergovernmental setting, ExTRUST can also be used for other zero-trust use cases, such as bug-bounty programs.},
number = {2},
journal = {IEEE Transactions on Technology and Society},
author = {Reinhold, Thomas and Kuehn, Philipp and Günther, Daniel and Schneider, Thomas and Reuter, Christian},
year = {2023},
keywords = {Peace, Student, Projekt-ATHENE-SecUrban, Projekt-CROSSING, A-Paper, Selected, Cyberwar, AuswahlPeace, Projekt-GRKPrivacy},
pages = {158--170},
}

@article{riebe_values_2023,
title = {Values and {Value} {Conflicts} in the {Context} of {OSINT} {Technologies} for {Cybersecurity} {Incident} {Response}: {A} {Value} {Sensitive} {Design} {Perspective}},
url = {https://link.springer.com/article/10.1007/s10606-022-09453-4},
doi = {10.1007/s10606-022-09453-4},
abstract = {The negotiation of stakeholder values as a collaborative process throughout technology development has been studied extensively within the fields of Computer Supported Cooperative Work and Human-Computer Interaction. Despite their increasing significance for cybersecurity incident response, there is a gap in research on values of importance to the design of open-source intelligence (OSINT) technologies for this purpose. In this paper, we investigate which values and value conflicts emerge due to the application and development of machine learning (ML) based OSINT technologies to assist cyber security incident response operators. For this purpose, we employ a triangulation of methods, consisting of a systematic survey of the technical literature on the development of OSINT artefacts for cybersecurity (N = 73) and an empirical value sensitive design case study, comprising semi-structured interviews with stakeholders (N = 9) as well as a focus group (N = 7) with developers. Based on our results, we identify implications relevant to the research on and design of OSINT artefacts for cybersecurity incident response.},
journal = {Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW)},
author = {Riebe, Thea and Bäumler, Julian and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Student, Security, UsableSec, HCI, Projekt-CYWARN, Projekt-ATHENE-SecUrban, Projekt-CROSSING, A-Paper, Ranking-ImpactFactor, Ranking-CORE-B},
}

@article{reuter_increasing_2023,
title = {Increasing {Adoption} {Despite} {Perceived} {Limitations} of {Social} {Media} in {Emergencies}: {Representative} {Insights} on {German} {Citizens}’ {Perception} and {Trends} from 2017 to 2021},
volume = {96},
issn = {2212-4209},
url = {https://peasec.de/paper/2023/2023_ReuterKaufholdBiselliPleil_SocialMediaEmergenciesSurvey_IJDRR.pdf},
doi = {https://doi.org/10.1016/j.ijdrr.2023.103880},
abstract = {The value of social media in crises, disasters, and emergencies across different events, participants, and states is now well-examined in crisis informatics research. Previous research has contributed to the state of the art with empirical insights on the use of social media, approaches for the gathering and processing of big social data, the design and evaluation of information systems, and the analysis of cumulative and longitudinal data. While some studies examined social media use representatively for their target audience, these usually only comprise a single point of inquiry and do not allow for a trend analysis. This work provides results (1) of a representative survey with German citizens from 2021 on use patterns, perceptions, and expectations regarding social media during emergencies. Furthermore, it (2) compares these results to previous surveys and provides insights on temporal changes and trends from 2017, over 2019 to 2021. Our findings highlight that social media use in emergencies increased in 2021 and 2019 compared to 2017. Between 2019 and 2021, the amount of information shared on social media remained on a similar level, while the perceived disadvantages of social media in emergencies significantly increased. In light of demographic variables, the results of the 2021 survey confirm previous findings, according to which older individuals (45+ years) use social media in emergencies less often than younger individuals (18-24 years). Furthermore, while the quicker availability of information was one of the reasons for social media use, especially the potential information overload was a key factor for not using social media in emergencies. The results are discussed in light of the dynamic nature of attitudes regarding social media in emergencies and the need to account for heterogeneity in user expectations to build trustworthy information ecosystems in social media.},
journal = {International Journal of Disaster Risk Reduction (IJDRR)},
author = {Reuter, Christian and Kaufhold, Marc-André and Biselli, Tom and Pleil, Helene},
year = {2023},
keywords = {Student, Crisis, Projekt-emergenCITY, Projekt-CYLENCE, A-Paper, AuswahlCrisis, Projekt-NEBULA, Ranking-ImpactFactor, SocialMedia},
}

@article{schmid_digital_2023,
title = {Digital {Volunteers} {During} the {COVID}-19 {Pandemic}: {Care} {Work} on {Social} {Media} for {Socio}-technical {Resilience}},
volume = {3},
issn = {2748-5625},
url = {https://ojs.weizenbaum-institut.de/index.php/wjds/article/view/78},
doi = {10.34669/WI.WJDS/3.3.6},
abstract = {Like past crises, the COVID-19 pandemic has also activated individual volunteers to help to respond to the crisis. This includes digital volunteers, who have organized physical aid and conducted activities on social media. Analyzing German volunteering support groups on Facebook and related Reddit threads in the context of the COVID-19 pandemic, we {\textbackslash}updatedshow what type of help is offered and how social media users interact with each other, trying to cope with the situation. We reveal that most users offering help online conduct mostly typical care work, such as buying groceries or giving advice. Crucially, volunteering is characterized by relationships of care and thus builds on affirmative interactions. Albeit some misdirected offers and regressive interruptions, people use the possibility to make their voices heard and, showing empathy, help each other to cope with crisis. Social media like Facebook mediate societal structures, including relationships of care, offering a space for continuous, cumulatively resilient conduct of care work. Reflecting on the traditional division of labor in crisis volunteering and counter-productive dynamics of care and empathy, we aim for feminist ethics of care which allows for interactions on social media that foster generative computer-supported collaboration.},
number = {1},
journal = {Weizenbaum Journal of the Digital Society},
author = {Schmid, Stefka and Guntrum, Laura and Haesler, Steffen and Schultheiß, Lisa and Reuter, Christian},
month = may,
year = {2023},
keywords = {Peace, Projekt-TraCe, Student, Crisis, HCI, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, SocialMedia},
}

@article{reinhold_preventing_2023,
title = {Preventing the escalation of cyber conflicts: towards an approach to plausibly assure the non-involvement in a cyberattack},
volume = {12},
issn = {2524-6976},
url = {https://doi.org/10.1007/s42597-023-00099-7},
doi = {10.1007/s42597-023-00099-7},
abstract = {While cyberspace has evolved into a commonly shared space vital to our individual lives and societies, malicious cyber activities by state actors as part of espionage operations, regarding defense strategies, or as part of traditional conflicts have strongly increased. In contrast, attributing the origin of such activities remains problematic. The ambiguity of digital data raises the problem of misinterpreting available information, increasing the risk of misinformed reactions and conflict escalation. In order to reduce this risk, this paper proposes a transparency system based on technologies which usually already exist for IT security measures that an accused actor in a specific incident can use to provide credible information which plausibly assures his non-involvement. The paper analyses the technical requirements, presents the technical concept and discusses the necessary adjustments to existing IT networks for its implementation. Intended as a measure for conflict de-escalation, the paper further discusses the limitations of this approach, especially with regard to technical limits as well as the political motivation and behavior of states.},
number = {1},
journal = {Zeitschrift für Friedens- und Konfliktforschung (ZeFKo)},
author = {Reinhold, Thomas and Reuter, Christian},
month = apr,
year = {2023},
keywords = {Peace, Security, Projekt-ATHENE-SecUrban, Projekt-CROSSING},
pages = {31--58},
}

@article{reinhold_zur_2023,
title = {Zur {Debatte} über die {Einhegung} eines {Cyberwars}: {Analyse} militärischer {Cyberaktivitäten} im {Krieg} {Russlands} gegen die {Ukraine}},
issn = {2524-6976},
url = {https://doi.org/10.1007/s42597-023-00094-y},
doi = {10.1007/s42597-023-00094-y},
abstract = {Der Überfall Russlands auf die Ukraine und der sich anschließende Krieg haben neben vielen anderen sicherheitspolitischen Gewissheiten auch zum ersten Mal die Rolle des Cyberspace in einem offenen Angriffskrieg demonstriert und bedenkenswerte Entwicklungen offenbart. Ziel dieses Beitrags ist es, die militärischen Aktivitäten im Cyberspace im Rahmen des Krieges Russlands gegen die Ukraine auf der Grundlage der öffentlich verfügbaren Informationen zu analysieren und im Hinblick auf die bis dato gängigen Vorstellungen eines Cyberwars zu bewerten. Darauf aufbauend werden mögliche Schlussfolgerungen betrachtet, zum einen mit Blick auf die zukünftige Bedeutung von Cyberaktivitäten für Russland, hinsichtlich des generellen militärischen Einsatzes von Cyberwirkmitteln und dessen weiterer Entwicklung, und in Bezug auf zukünftige internationale Debatten zur Einhegung von Cyberwars und des schädigenden Einsatzes von Cyberwirkmitteln.},
journal = {Zeitschrift für Friedens- und Konfliktforschung (ZeFKo)},
author = {Reinhold, Thomas and Reuter, Christian},
month = mar,
year = {2023},
keywords = {Peace, Projekt-TraCe, Security, Projekt-ATHENE-SecUrban},
}

@article{haunschild_preparedness_2023,
title = {Preparedness {Nudging} for {Warning} {Apps}? {A} {Mixed}-{Method} {Study} {Investigating} {Popularity} and {Effects} of {Preparedness} {Alerts} in {Warning} {Apps}},
volume = {172},
issn = {1071-5819},
url = {https://peasec.de/paper/2023/2023_HaunschildPauliReuter_NudgingWarningApps_IJHCS.pdf},
doi = {https://doi.org/10.1016/j.ijhcs.2023.102995},
abstract = {Warning apps are used by many to receive warnings about imminent disasters. However, their potential for increasing awareness about general hazards and for increasing preparedness is currently underused. With a mixed-method design that includes a representative survey of the German population, a design workshop and an app evaluation experiment, this study investigates users’ preferences regarding non-acute preparedness alerts’ inclusion in crisis apps and the effectiveness of Nudging in this context. The experiment shows that while the social influence nudge had no significant effect compared to the control group without a nudging condition, the confrontational nudge increased the number of taken recommended preparedness measures. The evaluation indicates that the preparedness alerts increased users’ knowledge and their motivation to use a warning app. This motivation is, in contrast, decreased when the messages are perceived as a disruption. While many oppose push notifications, favor finding persuasively designed preparedness advice in a separate menu or as an optional notification.},
journal = {International Journal on Human-Computer Studies (IJHCS)},
author = {Haunschild, Jasmin and Pauli, Selina and Reuter, Christian},
year = {2023},
keywords = {Student, Crisis, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, A-Paper, Selected, AuswahlCrisis, Ranking-ImpactFactor},
pages = {102995},
}

@article{bayer_multi-level_2023,
title = {Multi-{Level} {Fine}-{Tuning}, {Data} {Augmentation}, and {Few}-{Shot} {Learning} for {Specialized} {Cyber} {Threat} {Intelligence}},
issn = {0167-4048},
url = {https://peasec.de/paper/2023/2023_BayerFreyReuter_MultiLevelFineTuningForCyberThreatIntelligence_CS.pdf},
doi = {10.1016/j.cose.2023.103430},
abstract = {A Design Science Artefact for Cyber Threat Detection and Actor Specific Communication},
journal = {Computers \& Security},
author = {Bayer, Markus and Frey, Tobias and Reuter, Christian},
year = {2023},
keywords = {Student, Security, Projekt-CYWARN, Projekt-CROSSING, A-Paper, Projekt-ATHENE, Ranking-ImpactFactor},
}

@article{riebe_privacy_2023,
title = {Privacy {Concerns} and {Acceptance} {Factors} of {OSINT} for {Cybersecurity}: {A} {Representative} {Survey}},
url = {https://petsymposium.org/popets/2023/popets-2023-0028.pdf},
doi = {https://doi.org/10.56553/popets-2023-0028},
abstract = {The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.},
number = {1},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Riebe, Thea and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Security, UsableSec, HCI, Projekt-ATHENE-FANCY, Projekt-CYWARN, A-Paper, AuswahlUsableSec, Ranking-CORE-A},
pages = {477--493},
}

@article{bayer_survey_2023,
title = {A {Survey} on {Data} {Augmentation} for {Text} {Classification}},
volume = {55},
url = {https://dl.acm.org/doi/pdf/10.1145/3544558},
doi = {10.1145/3544558},
abstract = {Data augmentation, the artificial creation of training data for machine learning by transformations, is a widely studied research field across machine learning disciplines. While it is useful for increasing a model's generalization capabilities, it can also address many other challenges and problems, from overcoming a limited amount of training data, to regularizing the objective, to limiting the amount data used to protect privacy. Based on a precise description of the goals and applications of data augmentation and a taxonomy for existing works, this survey is concerned with data augmentation methods for textual classification and aims to provide a concise and comprehensive overview for researchers and practitioners. Derived from the taxonomy, we divide more than 100 methods into 12 different groupings and give state-of-the-art references expounding which methods are highly promising by relating them to each other. Finally, research perspectives that may constitute a building block for future work are provided.},
number = {7},
journal = {ACM Computing Surveys (CSUR)},
author = {Bayer, Markus and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Crisis, Projekt-CYWARN, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, A-Paper, AuswahlKaufhold, Ranking-CORE-A*, Selected, AuswahlCrisis, Ranking-ImpactFactor},
pages = {1--39},
}

@article{guntrum_using_2023,
title = {Using {Digitally} {Mediated} {Methods} in {Sensitive} {Contexts}: {A} {Threat} {Analysis} and {Critical} {Reflection} on {Security}, {Privacy}, and {Ethical} {Concerns} in the {Case} of {Afghanistan}},
volume = {11},
issn = {2524-6976},
url = {https://link.springer.com/article/10.1007/s42597-022-00088-2},
doi = {10.1007/s42597-022-00088-2},
abstract = {Given the lack of empirical examples of how research can be conducted via digital means in sensitive contexts, this paper provides a threat model using Afghanistan, where the Taliban took power in August 2021, as an example. Both technical and non-technical research-related risks are analyzed, paying attention to research ethics, data security, and privacy. We argue that any threat model and risk analysis is highly context-dependent. Our analysis reveals that in certain research processes, human security does not necessarily coincide with data security and that an ambivalence exists between privacy and usability. In addition to the concrete threat analysis, the paper identifies some general technical solutions (e.g., encryption methods, communication software) for different research steps to foster secure and ethically justifiable research.},
number = {2},
journal = {Zeitschrift für Friedens- und Konfliktforschung (ZeFKo)},
author = {Guntrum, Laura and Güldenring, Benjamin and Kuntke, Franz and Reuter, Christian},
month = oct,
year = {2023},
keywords = {Peace, Projekt-TraCe, Projekt-ATHENE-FANCY},
pages = {95--128},
}

@article{reinhold_challenges_2023,
title = {Challenges for {Cyber} {Arms} {Control}: {A} {Qualitative} {Expert} {Interview} {Study}},
volume = {16},
issn = {1866-2196},
url = {https://doi.org/10.1007/s12399-023-00960-w},
doi = {10.1007/s12399-023-00960-w},
abstract = {The militarization of cyberspace has been a topic in international fora and scientific debates for several years. However, the development of applicable, and verifiable arms control measures that can effectively reduce the risk of military escalations in cyberspace is still hindered by the characteristics of this domain. The article analyses challenges and obstacles of dual-use, proliferation, constant technological progress, the importance of the private sector, difficulties in defining and verifying weapons and difficulties in attributing attacks.},
number = {3},
journal = {Zeitschrift für Außen- und Sicherheitspolitik (ZfAS)},
author = {Reinhold, Thomas and Pleil, Helene and Reuter, Christian},
month = aug,
year = {2023},
keywords = {Peace, Security, Projekt-ATHENE-SecUrban, Projekt-CROSSING},
pages = {289--310},
}

@article{reinhold_extrust_2023,
title = {{ExTRUST}: {Reducing} {Exploit} {Stockpiles} {With} a {Privacy}-{Preserving} {Depletion} {Systems} for {Inter}-{State} {Relationships}},
volume = {4},
url = {https://peasec.de/paper/2023/2023_ReinholdKuehnGuentherSchneiderReuter_ExTrust-ehem-BlockED_TTaS.pdf},
doi = {10.1109/TTS.2023.3280356},
abstract = {Cyberspace is a fragile construct threatened by malicious cyber operations of different actors, with vulnerabilities in IT hardware and software forming the basis for such activities, thus also posing a threat to global IT security. Advancements in the field of artificial intelligence accelerate this development, either with artificial intelligence enabled cyber weapons, automated cyber defense measures, or artificial intelligence-based threat and vulnerability detection. Especially state actors, with their long-term strategic security interests, often stockpile such knowledge of vulnerabilities and exploits to enable their military or intelligence service cyberspace operations. While treaties and regulations to limit these developments and to enhance global IT security by disclosing vulnerabilities are currently being discussed on the international level, these efforts are hindered by state concerns about the disclosure of unique knowledge and about giving up tactical advantages. This leads to a situation where multiple states are likely to stockpile at least some identical exploits, with technical measures to enable a depletion process for these stockpiles that preserve state secrecy interests and consider the special constraints of interacting states as well as the requirements within such environments being non-existent. This paper proposes such a privacy-preserving approach that allows multiple state parties to privately compare their stock of vulnerabilities and exploits to check for items that occur in multiple stockpiles without revealing them so that their disclosure can be considered. We call our system ExTRUST and show that it is scalable and can withstand several attack scenarios. Beyond the intergovernmental setting, ExTRUST can also be used for other zero-trust use cases, such as bug-bounty programs.},
number = {2},
journal = {IEEE Transactions on Technology and Society},
author = {Reinhold, Thomas and Kuehn, Philipp and Günther, Daniel and Schneider, Thomas and Reuter, Christian},
year = {2023},
keywords = {Peace, Student, Projekt-ATHENE-SecUrban, Projekt-CROSSING, A-Paper, Selected, Cyberwar, AuswahlPeace, Projekt-GRKPrivacy},
pages = {158--170},
}

@article{riebe_values_2023,
title = {Values and {Value} {Conflicts} in the {Context} of {OSINT} {Technologies} for {Cybersecurity} {Incident} {Response}: {A} {Value} {Sensitive} {Design} {Perspective}},
url = {https://link.springer.com/article/10.1007/s10606-022-09453-4},
doi = {10.1007/s10606-022-09453-4},
abstract = {The negotiation of stakeholder values as a collaborative process throughout technology development has been studied extensively within the fields of Computer Supported Cooperative Work and Human-Computer Interaction. Despite their increasing significance for cybersecurity incident response, there is a gap in research on values of importance to the design of open-source intelligence (OSINT) technologies for this purpose. In this paper, we investigate which values and value conflicts emerge due to the application and development of machine learning (ML) based OSINT technologies to assist cyber security incident response operators. For this purpose, we employ a triangulation of methods, consisting of a systematic survey of the technical literature on the development of OSINT artefacts for cybersecurity (N = 73) and an empirical value sensitive design case study, comprising semi-structured interviews with stakeholders (N = 9) as well as a focus group (N = 7) with developers. Based on our results, we identify implications relevant to the research on and design of OSINT artefacts for cybersecurity incident response.},
journal = {Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW)},
author = {Riebe, Thea and Bäumler, Julian and Kaufhold, Marc-André and Reuter, Christian},
year = {2023},
keywords = {Student, Security, UsableSec, HCI, Projekt-CYWARN, Projekt-ATHENE-SecUrban, Projekt-CROSSING, A-Paper, Ranking-ImpactFactor, Ranking-CORE-B},
}

@article{reuter_increasing_2023,
title = {Increasing {Adoption} {Despite} {Perceived} {Limitations} of {Social} {Media} in {Emergencies}: {Representative} {Insights} on {German} {Citizens}’ {Perception} and {Trends} from 2017 to 2021},
volume = {96},
issn = {2212-4209},
url = {https://peasec.de/paper/2023/2023_ReuterKaufholdBiselliPleil_SocialMediaEmergenciesSurvey_IJDRR.pdf},
doi = {https://doi.org/10.1016/j.ijdrr.2023.103880},
abstract = {The value of social media in crises, disasters, and emergencies across different events, participants, and states is now well-examined in crisis informatics research. Previous research has contributed to the state of the art with empirical insights on the use of social media, approaches for the gathering and processing of big social data, the design and evaluation of information systems, and the analysis of cumulative and longitudinal data. While some studies examined social media use representatively for their target audience, these usually only comprise a single point of inquiry and do not allow for a trend analysis. This work provides results (1) of a representative survey with German citizens from 2021 on use patterns, perceptions, and expectations regarding social media during emergencies. Furthermore, it (2) compares these results to previous surveys and provides insights on temporal changes and trends from 2017, over 2019 to 2021. Our findings highlight that social media use in emergencies increased in 2021 and 2019 compared to 2017. Between 2019 and 2021, the amount of information shared on social media remained on a similar level, while the perceived disadvantages of social media in emergencies significantly increased. In light of demographic variables, the results of the 2021 survey confirm previous findings, according to which older individuals (45+ years) use social media in emergencies less often than younger individuals (18-24 years). Furthermore, while the quicker availability of information was one of the reasons for social media use, especially the potential information overload was a key factor for not using social media in emergencies. The results are discussed in light of the dynamic nature of attitudes regarding social media in emergencies and the need to account for heterogeneity in user expectations to build trustworthy information ecosystems in social media.},
journal = {International Journal of Disaster Risk Reduction (IJDRR)},
author = {Reuter, Christian and Kaufhold, Marc-André and Biselli, Tom and Pleil, Helene},
year = {2023},
keywords = {Student, Crisis, Projekt-emergenCITY, Projekt-CYLENCE, A-Paper, AuswahlCrisis, Projekt-NEBULA, Ranking-ImpactFactor, SocialMedia},
}

@article{kuehn_common_2023,
title = {Common vulnerability scoring system prediction based on open source intelligence information sources},
url = {https://peasec.de/paper/2023/2023_KuehnRelkeReuter_CommonVulnerabilityScoringSystemOSINT_CompSec.pdf},
doi = {10.1016/j.cose.2023.103286},
abstract = {The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a ()cvss vector and score. This assessment is time consuming and requires expertise. Various works already try to predict vectors or scores using machine learning based on the textual descriptions of the vulnerability to enable faster assessment. However, for this purpose, previous works only use the texts available in databases such as nvd. With this work, the publicly available web pages referenced in the nvd are analyzed and made available as sources of texts through web scraping. A dl based method for predicting the vector is implemented and evaluated. The present work provides a classification of the nvd’s reference texts based on the suitability and crawlability of their texts. While we identified the overall influence of the additional texts is negligible, we outperformed the state-of-the-art with our dl prediction models.},
journal = {Computers \& Security},
author = {Kuehn, Philipp and Relke, David N. and Reuter, Christian},
year = {2023},
keywords = {Student, Security, UsableSec, Projekt-CYWARN, Projekt-ATHENE-SecUrban, Ranking-ImpactFactor, Ranking-CORE-B},
}

@article{guntrum_dual-use_2023,
title = {Dual-{Use} {Technologies} in the {Context} of {Autonomous} {Driving}: {An} {Empirical} {Case} {Study} {From} {Germany}},
issn = {1866-2196},
url = {https://doi.org/10.1007/s12399-022-00935-3},
doi = {10.1007/s12399-022-00935-3},
abstract = {The article examines which technical aspects of autonomous driving are potentially transferable to the military sector. Through expert interviews the strong fragmentation of technologies in the field of autonomous driving becomes apparent. This hinders the clear identification of a specific dual-use technology. Environmental perception, artificial intelligence and sensors are considered to have the highest transferability rate from civil research to the military sector. Therefore, sensor development should receive special attention.},
journal = {Zeitschrift für Außen- und Sicherheitspolitik (ZfAS)},
author = {Guntrum, Laura and Schwartz, Sebastian and Reuter, Christian},
month = jan,
year = {2023},
keywords = {Peace, Projekt-TraCe, Projekt-ATHENE-SecUrban},
}

@article{franken_buchrezension_2023,
title = {Buchrezension: {Stahlhut}, {Björn}/{Lammert}, {Martin} ({Hrsg}.): {Gesamtstaatliche} {Sicherheitsvorsorge} – gerüstet für den {Ernstfall}!?, 200 {S}., {BWV}, {Berlin} 2022.},
issn = {2197-6082},
url = {https://link.springer.com/article/10.1007/s42520-023-00496-5},
doi = {https://doi.org/10.1007/s42520-023-00496-5},
journal = {Neue Politische Literatur (NPL)},
author = {Franken, Jonas and Reuter, Christian},
year = {2023},
keywords = {Peace},
}

@book{reuter_science_2023-1,
address = {Darmstadt, Germany},
title = {Science {Peace} {Security} ‘23 - {Proceedings} of the {Interdisciplinary} {Conference} on {Technical} {Peace} and {Security} {Research}},
url = {https://tuprints.ulb.tu-darmstadt.de/id/eprint/24777},
abstract = {The conference Science · Peace · Security '23 took place from September 20 to 22, 2023, at the Georg-Christoph-Lichtenberg-Haus of the Technical University of Darmstadt. It focused on the transformation of technologies, their role in wars and conflicts, and issues related to arms control. The three-day scientific conference welcomed over 110 participants from Germany and speakers from the United Kingdom, Sweden, the USA, Colombia, India, Italy, Switzerland, Norway, the Czech Republic, Iraq, Austria, and the Netherlands. More than 50 different organizations were represented, ensuring interdisciplinary exchange. The program covered a wide range of topics reflecting societal discourses in light of a changing global security landscape. In total, the conference featured 40 presentations, workshops, discussions, and panels that discussed current and future challenges in the field of technical peace and conflict research. Particularly relevant topics included: Artificial Intelligence, Unmanned Weapons Systems, Rocket and Space Technologies (Nuclear) Arms Control, Regulation of Biological and Chemical Weapons, Information Technologies for Surveillance and Oppression of Civilians, (Civilian) Critical Infrastructures, Digital Peacebuilding, Human-Machine Interaction, Dual-Used, Cyber Attacks and Relevant Technology and Security Policies.},
publisher = {TUprints},
author = {Reuter, Christian and Riebe, Thea and Guntrum, Laura},
year = {2023},
doi = {10.26083/tuprints-00024777},
keywords = {Peace, Projekt-TraCe, Security, Projekt-CROSSING},
}

@book{reinhold_towards_2023,
address = {Darmstadt, Germany},
title = {Towards a {Peaceful} {Development} of {Cyberspace}: {Challenges} and {Technical} {Measures} for the {De}-{Escalation} of {State}-{Led} {Cyberconflicts} and {Arms} {Control} of {Cyberweapons}},
url = {https://tuprints.ulb.tu-darmstadt.de/24559/},
abstract = {Cyberspace, already a few decades old, has become a matter of course for most of us, part of our everyday life. At the same time, this space and the global infrastructure behind it are essential for our civilizations, the economy and administration, and thus an essential expression and lifeline of a globalized world. However, these developments also create vulnerabilities and thus, cyberspace is increasingly developing into an intelligence and military operational area – for the defense and security of states but also as a component of offensive military planning, visible in the creation of military cyber-departments and the integration of cyberspace into states' security and defense strategies. In order to contain and regulate the conflict and escalation potential of technology used by military forces, over the last decades, a complex tool set of transparency, de-escalation and arms control measures has been developed and proof-tested. Unfortunately, many of these established measures do not work for cyberspace due to its specific technical characteristics. Even more, the concept of what constitutes a weapon – an essential requirement for regulation – starts to blur for this domain. Against this background, this thesis aims to answer how measures for the de-escalation of state-led conflicts in cyberspace and arms control of cyberweapons can be developed. In order to answer this question, the dissertation takes a specifically technical perspective on these problems and the underlying political challenges of state behavior and international humanitarian law in cyberspace to identify starting points for technical measures of transparency, arms control and verification. Based on this approach of adopting already existing technical measures from other fields of computer science, the thesis will provide proof of concepts approaches for some mentioned challenges like a classification system for cyberweapons that is based on technical measurable features, an approach for the mutual reduction of vulnerability stockpiles and an approach to plausibly assure the non-involvement in a cyberconflict as a measure for de-escalation. All these initial approaches and the questions of how and by which measures arms control and conflict reduction can work for cyberspace are still quite new and subject to not too many debates. Indeed, the approach of deliberately self-restricting the capabilities of technology in order to serve a bigger goal, like the reduction of its destructive usage, is yet not very common for the engineering thinking of computer science. Therefore, this dissertation also aims to provide some impulses regarding the responsibility and creative options of computer science with a view to the peaceful development and use of cyberspace.},
publisher = {Dissertation (Dr. rer. nat.), Department of Computer Science, Technische Universität Darmstadt},
author = {Reinhold, Thomas},
year = {2023},
doi = {10.26083/tuprints-00024559},
keywords = {Peace, Security, Projekt-CROSSING, Projekt-ATHENE, Dissertation},
}

@book{riebe_technology_2023,
address = {Darmstadt, Germany},
title = {Technology {Assessment} of {Dual}-{Use} {ICTs} – {How} to assess {Diffusion}, {Governance} and {Design}},
url = {https://tuprints.ulb.tu-darmstadt.de/22849/},
abstract = {Technologies that can be used in military and civilian applications are referred to as dual-use. The dual-use nature of many information and communications technologies (ICTs) raises new questions for research and development for national, international, and human security. Measures to deal with the risks associated with the various dual-use technologies, including proliferation control, design approaches, and policy measures, vary widely. For example, Autonomous Weapon Systems (AWS) have not yet been regulated, while cryptographic products are subject to export and import controls. Innovations in artificial intelligence (AI), robotics, cybersecurity, and automated analysis of publicly available data raise new questions about their respective dual-use risks.
Dual-use risks have been systematically discussed so far, especially in the life sciences, which have contributed to the development of methods for assessment and risk management. Dual-use risks arise, among other things, from the fact that safety-critical technologies can be easily disseminated or modified, as well as used as part of a weapon system. Therefore, the development and adaptation of robots and software requires an independent consideration that builds on the insights of related dual-use discourses. Therefore, this dissertation considers the management of such risks in terms of the proliferation, regulation, and design of individual dual-use information technologies. Technology Assessment (TA) is the epistemological framework for this work, bringing together the concepts and approaches of Critical Security Studies (CSS) and Human-Computer Interaction (HCI) to help evaluate and shape dual-use technologies.
In order to identify the diffusion of dual-use at an early stage, the dissertation first examines the diffusion of dual-use innovations between civilian and military research in expert networks on LinkedIn, as well as on the basis of AI patents in a patent network. The results show low diffusion and tend to confirm existing studies on diffusion in patent networks. In the following section, the regulation of dual-use technologies is examined in the paper through two case studies. The first study uses a discourse analysis to show the value conflicts with regard to the regulation of autonomous weapons systems using the concept of Meaningful Human Control (MHC), while a second study, as a long-term comparative case study, analyzes the change and consequences of the regulation of strong cryptography in the U.S. as well as the programs of intelligence agencies for mass surveillance. Both cases point to the central role of private companies, both in the production of AWS and as intermediaries for the dissemination of encryption, as well as surveillance intermediaries. Subsequently, the dissertation examines the design of a dual-use technology using an Open Source Intelligence System (OSINT) for cybersecurity. For this purpose, conceptual, empirical, and technical studies are conducted as part of the Value-Sensitive Design (VSD) framework. During the studies, implications for research on and design of OSINT were identified. For example, the representative survey of the German population has shown that transparency of use while reducing mistrust is associated with higher acceptance of such systems. Additionally, it has been shown that data sparsity through the use of expert networks has many positive effects, not only improving the performance of the system, but is also preferable for legal and social reasons. Thus, the work contributes to the understanding of specific dual-use risks of AI, the regulation of AWS and cryptography, and the design of OSINT in cybersecurity. By combining concepts from CSS and participatory design methods in HCI, this work provides an interdisciplinary and multi-method contribution.},
publisher = {Dissertation (Dr. rer. nat.), Department of Computer Science, Technische Universität Darmstadt},
author = {Riebe, Thea},
year = {2023},
doi = {10.26083/tuprints-00022849},
keywords = {Peace, HCI, Projekt-CYWARN, Projekt-DualUse, Projekt-KontiKat, Dissertation},
}

@book{riebe_technology_2023-1,
address = {Wiesbaden, Germany},
title = {Technology {Assessment} of {Dual}-{Use} {ICTs} – {How} to assess {Diffusion}, {Governance} and {Design}},
isbn = {978-3-658-41666-9},
url = {https://link.springer.com/book/10.1007/978-3-658-41667-6},
abstract = {Technologies that can be used in military and civilian applications are referred to as dual-use. The dual-use nature of many information and communications technologies (ICTs) raises new questions for research and development for national, international, and human security. Measures to deal with the risks associated with the various dual-use technologies, including proliferation control, design approaches, and policy measures, vary widely. For example, Autonomous Weapon Systems (AWS) have not yet been regulated, while cryptographic products are subject to export and import controls. Innovations in artificial intelligence (AI), robotics, cybersecurity, and automated analysis of publicly available data raise new questions about their respective dual-use risks.
Dual-use risks have been systematically discussed so far, especially in the life sciences, which have contributed to the development of methods for assessment and risk management. Dual-use risks arise, among other things, from the fact that safety-critical technologies can be easily disseminated or modified, as well as used as part of a weapon system. Therefore, the development and adaptation of robots and software requires an independent consideration that builds on the insights of related dual-use discourses. Therefore, this dissertation considers the management of such risks in terms of the proliferation, regulation, and design of individual dual-use information technologies. Technology Assessment (TA) is the epistemological framework for this work, bringing together the concepts and approaches of Critical Security Studies (CSS) and Human-Computer Interaction (HCI) to help evaluate and shape dual-use technologies.
In order to identify the diffusion of dual-use at an early stage, the dissertation first examines the diffusion of dual-use innovations between civilian and military research in expert networks on LinkedIn, as well as on the basis of AI patents in a patent network. The results show low diffusion and tend to confirm existing studies on diffusion in patent networks. In the following section, the regulation of dual-use technologies is examined in the paper through two case studies. The first study uses a discourse analysis to show the value conflicts with regard to the regulation of autonomous weapons systems using the concept of Meaningful Human Control (MHC), while a second study, as a long-term comparative case study, analyzes the change and consequences of the regulation of strong cryptography in the U.S. as well as the programs of intelligence agencies for mass surveillance. Both cases point to the central role of private companies, both in the production of AWS and as intermediaries for the dissemination of encryption, as well as surveillance intermediaries. Subsequently, the dissertation examines the design of a dual-use technology using an Open Source Intelligence System (OSINT) for cybersecurity. For this purpose, conceptual, empirical, and technical studies are conducted as part of the Value-Sensitive Design (VSD) framework. During the studies, implications for research on and design of OSINT were identified. For example, the representative survey of the German population has shown that transparency of use while reducing mistrust is associated with higher acceptance of such systems. Additionally, it has been shown that data sparsity through the use of expert networks has many positive effects, not only improving the performance of the system, but is also preferable for legal and social reasons. Thus, the work contributes to the understanding of specific dual-use risks of AI, the regulation of AWS and cryptography, and the design of OSINT in cybersecurity. By combining concepts from CSS and participatory design methods in HCI, this work provides an interdisciplinary and multi-method contribution.},
publisher = {Springer Vieweg},
author = {Riebe, Thea},
year = {2023},
doi = {10.1007/978-3-658-41667-6},
keywords = {Peace, HCI, Projekt-CYWARN, Projekt-DualUse, Projekt-KontiKat, DissPublisher},
}

@incollection{reuter_crisis_2023,
title = {Crisis {Informatics}},
isbn = {978-1-00-905708-0},
url = {https://peasec.de/paper/2023/2023_ReuterKaufhold_CrisisInformatics_CambridgeHandbookCyber.pdf},
abstract = {In summary, crisis informatics has established itself as an important research area in the ever-increasing complexity of the cyber world. Its importance is further amplified by the time-critical constraints of emergencies and disasters. However, crisis informatics will be challenged to evolve quickly to tackle global-scale emergencies, such as the ongoing COVID-19 pandemic and the increasing risks of natural hazards due to climate change. This chapter seeks to supplement this effort by analyzing interaction, role, information, and perception patterns, which were prevalent in the past 20 years of social media use in crises.},
booktitle = {Cambridge {Handbook} of {Cyber} {Behavior}},
publisher = {Cambridge University Press},
author = {Reuter, Christian and Kaufhold, Marc-André},
editor = {Yan, Zheng},
year = {2023},
keywords = {Peace, Crisis, HCI, Projekt-ATHENE-FANCY, Projekt-CYWARN, Projekt-emergenCITY},
}

@incollection{haunschild_dual-use_2023,
title = {Dual-use in volunteer operations? {Attitudes} of computer science students regarding the establishment of a cyber security volunteer force},
isbn = {978-83-66675-89-6},
url = {https://sciendo.com/chapter/9788366675896/10.2478/9788366675896-006},
abstract = {The digitalisation of critical infrastructure has increased the risk of large-scale cyber incidents. In contrast to the management of conventional emergencies by established civil protection organisations involving volunteers in Germany, few response capacities exist for these events. The concept of a volunteer force for cyber security could close this protection gap. However, such involvement also poses practical and ethical challenges. By conducting interviews with computer science students (N = 11), this paper analyses potential volunteers’ attitudes towards ethical implications of a cyber volunteer force, as well as practical aspects that might motivate or hinder their participation. A qualitative
content analysis reveals that students are largely unaware of potential dilemmas connected to vulnerabilities handling and national cybersecurity interests. Ethical guidelines and means of motivating and encouraging potential volunteers
are discussed.},
booktitle = {International {Symposium} on {Technikpsychologie} ({TecPsy})},
publisher = {Sciendo},
author = {Haunschild, Jasmin and Jung, Leon and Reuter, Christian},
editor = {Nina, Gerber and Zimmermann, Verena},
year = {2023},
keywords = {Student, Security, UsableSec, Crisis, Projekt-emergenCITY, Projekt-ATHENE-SecUrban},
pages = {66--81},
}

@incollection{orlov_optimierte_2023,
title = {Optimierte {Messenger}-{Applikation} zur {Notfallkommunikation} via {LoRaWAN}-{DTN}},
url = {https://peasec.de/paper/2023/2023_OrlovKuntkeReuter_OptimierteMessengerApplikation_GI.pdf},
abstract = {Die vorliegende Arbeit präsentiert die Entwicklung einer Messenger-App mit Schwerpunkt auf Benutzerfreundlichkeit, für die Nutzung mit einem bestehenden LoRaWAN-DTN-Backend. Die App ermöglicht den Austausch von Nachrichten mit anderen Personen über ein vorhandenes Kommunikationssystem auf LoRaWAN-Basis. Das grundlegende Softwaregerüst wurde mithilfe agiler Softwareentwicklungsmethoden als Progressive-Web-App entwickelt und iterativ verbessert. Das Ergebnis ist eine plattformübergreifende App für Desktop-PCs und Android-Smartphones. Die App bietet grundlegende Messenger-Funktionen wie Kontaktverwaltung, Chatverlauf-Speicher und Benachrichtigungen. Zusätzlich enthält die App erweiterte Funktionen wie einen leicht zugänglichen SOS-Button, um Notfallnachrichten schnell absetzen zu können. Ziel der Entwicklung war es, die Gebrauchstauglichkeit gegenüber einem ersten Prototyp zu verbessern. Die App soll effektive Kommunikation zwischen Helfern und Betroffenen ermöglichen, während und nach Krisenereignissen wie beispielsweise der europäischen Flutkatastrophe 2021. In folgenden Arbeiten soll das System unter Nutzung dieser App im Einsatz getestet werden.},
booktitle = {{INFORMATIK} 2023 - {Designing} {Futures}: {Zukünfte} gestalten},
publisher = {Gesellschaft für Informatik e. V.},
author = {Orlov, Denis and Kuntke, Franz and Reuter, Christian},
year = {2023},
doi = {10.18420/inf2023_160},
keywords = {Student, Projekt-AgriRegio, RSF, Crisis},
pages = {1--6},
}

@incollection{franken_netz_2023,
address = {Bonn},
title = {Das {Netz} hat {Geschichte}: {Historisch}-technische {Analyse} der kritischen {Infrastrukturen} in der {Region} {Rhein}/{Main}},
url = {https://peasec.de/paper/2023/2023_FrankenZivkovicThiessenEngelsReuter_NetzGeschichte_GI.pdf},
abstract = {Kritische Infrastrukturen sind häufig über Jahrzehnte gewachsene, komplexe Netze. Dennoch fehlt derzeit die historische Perspektive auf die Aufschichtungstendenzen von Technologien in den Sektoren, die für die Gesellschaft essenzielle Dienste bereitstellen. Ein besseres Verständnis von Ausbreitungs-, Ausbau-, Ersatz- und Ausmusterungsprozessen kann Entscheidungshilfe und Orientierung für resilientere Versorgungsnetzarchitekturen in der Zukunft geben. Kompatibilitätsprobleme mit Legacy-Soft- und Hardware sind bekannte Phänomene in vielen KRITIS-Einrichtungen. Entsprechend gewinnen Wissens- und Erfahrungstransfers bei zunehmend komplexen, dennoch über Jahrzehnte verwendete Technologien in landwirtschaftlichen Betrieben enorm an Bedeutung. Der Beitrag vollzieht die Konzeption und Fragestellungen eines interdisziplinären Forschungsprojekts nach, in welchem die Verwundbarkeit der kritischen Infrastruktursektoren Verkehr und Kommunikation im Rhein-Main-Gebiet analysiert wird. Von den Leistungen beider Sektoren hängt die digitale Landwirtschaft stark ab. Insbesondere rurale, beim digitalen und Schienennetzausbau häufig vernachlässigte Gebiete werden dabei mittels explorativer Interviewstudie und anschließender archivbasierter, quantitativer Überprüfung der zuvor generierten Hypothesen aus einer raum-zeitlichen und technischen Perspektive untersucht.},
booktitle = {{INFORMATIK} 2023 - {Designing} {Futures}: {Zukünfte} gestalten},
publisher = {Gesellschaft für Informatik e. V.},
author = {Franken, Jonas and Zivkovic, Marco and Thiessen, Nadja and Engels, Jens Ivo and Reuter, Christian},
year = {2023},
doi = {10.18420/inf2023_159},
keywords = {Projekt-AgriRegio, Security, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, Infrastructure},
pages = {1--6},
}

@incollection{reuter_science_2023,
address = {Darmstadt, Germany},
title = {Science {Peace} {Security} ’23: {Editorial} of the {Proceedings} of the {Interdisciplinary} {Conference} on {Technical} {Peace} and {Security} {Research}},
url = {https://tuprints.ulb.tu-darmstadt.de/id/eprint/24777},
abstract = {The conference Science · Peace · Security '23 took place from September 20 to 22, 2023, at the Georg-Christoph-Lichtenberg-Haus of the Technical University of Darmstadt. It focused on the transformation of technologies, their role in wars and conflicts, and issues related to arms control. The three-day scientific conference welcomed over 110 participants from Germany and speakers from the United Kingdom, Sweden, the USA, Colombia, India, Italy, Switzerland, Norway, the Czech Republic, Iraq, Austria, and the Netherlands. More than 50 different organizations were represented, ensuring interdisciplinary exchange. The program covered a wide range of topics reflecting societal discourses in light of a changing global security landscape. In total, the conference featured 40 presentations, workshops, discussions, and panels that discussed current and future challenges in the field of technical peace and conflict research. Particularly relevant topics included: Artificial Intelligence, Unmanned Weapons Systems, Rocket and Space Technologies (Nuclear) Arms Control, Regulation of Biological and Chemical Weapons, Information Technologies for Surveillance and Oppression of Civilians, (Civilian) Critical Infrastructures, Digital Peacebuilding, Human-Machine Interaction, Dual-Used, Cyber Attacks and Relevant Technology and Security Policies.},
booktitle = {Science {Peace} {Security} ’23: {Proceedings} of the {Interdisciplinary} {Conference} on {Technical} {Peace} and {Security} {Research}},
publisher = {TUprints},
author = {Reuter, Christian and Riebe, Thea and Guntrum, Laura},
editor = {Reuter, Christian and Riebe, Thea and Guntrum, Laura},
year = {2023},
doi = {10.26083/tuprints-00024777},
keywords = {Peace, Projekt-TraCe, Security, Projekt-CROSSING},
pages = {9--13},
}

@incollection{ozalp_trends_2023,
address = {Bielefeld},
title = {Trends in {Explainable} {Artificial} {Intelligence} for {Non}-{Experts}},
url = {https://www.transcript-verlag.de/978-3-8376-5732-6/ai-limits-and-prospects-of-artificial-intelligence/?c=313000019},
abstract = {In this paper we provide an overview of XAI by introducing fundamental terminology and the goals of XAI, as well as recent research findings. Whilst doing this, we pay special attention to strategies for non-expert stakeholders. This leads us to our first research question: “What are the trends in explainable AI strategies for non-experts?”. In order to illustrate the current state of these trends, we further want to study an exemplary and very relevant application domain. According to Abdul et al. (2018), one of the first domains where researchers pursued XAI is the medical domain. This leads to our second research question: “What are the approaches of XAI in the medical domain for non-expert stakeholders?” These research questions will provide an overview of current topics in XAI and show possible research extensions for specific domains.},
booktitle = {{AI} - {Limits} and {Prospects} of {Artificial} {Intelligence}},
publisher = {Transcript Verlag},
author = {Özalp, Elise and Hartwig, Katrin and Reuter, Christian},
editor = {Klimczak, Peter and Petersen, Christer},
year = {2023},
keywords = {Student, UsableSec, HCI, Projekt-CYWARN, Projekt-ATHENE-SecUrban, Projekt-CROSSING},
pages = {223--243},
}

@incollection{kaufhold_big_2023,
address = {Singapore},
title = {Big {Data} and {Multi}-platform {Social} {Media} {Services} in {Disaster} {Management}},
isbn = {978-981-16-8800-3},
url = {https://peasec.de/paper/2023/2023_KaufholdReuterLudwig_BigDataMultiPlatformSocialMediaDisaster_HandbookDisaster.pdf},
abstract = {The use of social media today is not only ubiquitous and an integral part of everyday life but is also increasingly relevant before, during, or after emergencies. Data produced in these contexts, such as situational updates and multimedia content, is disseminated across different social media platforms and can be leveraged by various actors, including emergency services or volunteer communities. However, the dissemination of several thousand or even millions of messages during large-scale emergencies confronts analysts with challenges of information quality and overload. Hence, crisis informatics as a research domain seeks to explore and develop systems that support the collection, analysis, and dissemination of valuable social media information in emergencies. This chapter presents the social media API (SMA), which is a multi-platform service for gathering big social data across different social media channels and analyzing the credibility and relevance of collected data by the means of machine learning models. Based on the lessons learned from both the implementation process and user-centered evaluations in multiple emergency settings, this chapter discusses core challenges and potentials of the SMA and similar services, focusing on (1) the multi-platform gathering and management of data, (2) the mitigation of information overload by relevance assessment and message grouping, (3) the assessment of credibility and information quality, and (4) user-centered tailorability and adjustable data operations.},
booktitle = {International {Handbook} of {Disaster} {Research}},
publisher = {Springer Nature Singapore},
author = {Kaufhold, Marc-André and Reuter, Christian and Ludwig, Thomas},
editor = {Singh, Amita},
year = {2023},
keywords = {Crisis, HCI, Projekt-CYWARN, Projekt-emergenCITY, Projekt-KOKOS},
pages = {1--21},
}

@incollection{hochst_mobile_2023,
address = {Cham},
title = {Mobile {Device}-to-{Device} {Communication} for {Crisis} {Scenarios} {Using} {Low}-{Cost} {LoRa} {Modems}},
isbn = {978-3-031-20939-0},
url = {https://peasec.de/paper/2023/2023_HoechstBaumgaertnerKuntkePenningSterzSommerFreisleben_MobileD2DCommunication_DMaIT.pdf},
abstract = {We present an approach to enable long-range device-to-device communication between smartphones in crisis situations. Our approach is based on inexpensive and readily available microcontrollers with integrated LoRa hardware that we empower to receive and forward messages via Bluetooth, Wi-Fi, or a serial connection by means of a dedicated firmware, called rf95modem. The developed firmware cannot only be used in crisis scenarios but also in a variety of other applications, such as providing a communication fallback during outdoor activities, geolocation-based games or broadcasting of local information. We present two applications to show the benefits of our approach. First, we introduce a novel device-to-device LoRa chat application that works on both Android and iOS as well as on traditional computers like notebooks using a console-based interface. Second, we demonstrate how other infrastructure-less technology can benefit from our approach by integrating it into the DTN7 delay-tolerant networking software. Furthermore, we present the results of an in-depth experimental evaluation of approach consisting of (i) real-world device-to-device LoRa transmissions in urban and rural areas and (ii) scalability tests based on simulations of LoRa device-to-device usage in a medium-sized city with up to 1000 active users. The firmware, our device-to-device chat application, our integration into DTN7, as well as our code fragments of the experimental evaluation and the experimental results are available under permissive open-source licenses.},
booktitle = {Disaster {Management} and {Information} {Technology}: {Professional} {Response} and {Recovery} {Management} in the {Age} of {Disasters}},
publisher = {Springer International Publishing},
author = {Höchst, Jonas and Baumgärtner, Lars and Kuntke, Franz and Penning, Alvar and Sterz, Artur and Sommer, Markus and Freisleben, Bernd},
editor = {Scholl, Hans Jochen and Holdeman, Eric E. and Boersma, F. Kees},
year = {2023},
doi = {10.1007/978-3-031-20939-0_12},
keywords = {RSF, Security, Crisis, Projekt-emergenCITY, Projekt-ATHENE},
pages = {235--268},
}

@incollection{hartwig_countering_2023,
address = {Wiesbaden},
title = {Countering {Fake} {News} {Technically} – {Detection} and {Countermeasure} {Approaches} to {Support} {Users}},
isbn = {978-3-658-40406-2},
url = {https://peasec.de/paper/2023/2023_HartwigReuter_CounteringFakeNews_TruthFakePostTruth.pdf},
abstract = {The importance of dealing with fake newsfake news has increased in both political and social contexts: While existing studies mainly focus on how to detect and label fake news, approaches to help users make their own assessments are largely lacking. This article presents existing black-boxblack box and white-boxwhite box approaches and compares advantages and disadvantages. In particular, white-box approaches show promise in counteracting reactance, while black-box approaches detect fake news with much greater accuracy. We also present the browser plugin TrustyTweetTrustyTweet, which we developed to help users evaluate tweets on Twitter by displaying politically neutral and intuitive warnings without generating reactance.},
booktitle = {Truth and {Fake} in the {Post}-{Factual} {Digital} {Age}: {Distinctions} in the {Humanities} and {IT} {Sciences}},
publisher = {Springer Fachmedien Wiesbaden},
author = {Hartwig, Katrin and Reuter, Christian},
editor = {Klimczak, Peter and Zoglauer, Thomas},
year = {2023},
doi = {10.1007/978-3-658-40406-2_7},
keywords = {Crisis, HCI, Projekt-CROSSING, Projekt-ATHENE, SocialMedia},
pages = {131--147},
}

@incollection{kuntke_rsf-lab23_2023,
address = {Bonn},
title = {{RSF}-{Lab}'23: {Konzepte} und {Anwendungen} zur resilienten digitalen {Landwirtschaft}},
isbn = {978-3-88579-731-9},
url = {https://peasec.de/paper/2023/2023_KuntkeEberzEderTrappReuter_KonzepteAnwendungen_GI.pdf},
abstract = {Neben positiven Aspekten wie der Produktivitätssteigerung bringt die Digitalisierung auch neue Gefahren mit sich. Entsprechend muss der Prozess gerade in Bereichen von gesellschaftlich enormer Bedeutung kritisch begleitet werden, um eine fundierte Entscheidung bei Auswahl und Entwicklung neuer Technologien zu treffen. Die Vision ist hierbei ein resilientes Smart Farming (RSF), bei dem die Fortschritte der Digitalisierung in der Landwirtschaft genutzt werden, ohne dabei die Ausfallsicherheit der landwirtschaftlichen Primärproduktion und somit die Lebensmittelversorgung der Verbraucher zu gefährden. Dieser Workshop konzentriert sich auf die Bewältigung dieser Forschungsherausforderungen und liefert Beiträge zu verschiedenen Themenbereichen. Dazu gehören (1) ein Hofbox-Ansatz basierend auf etablierten Open-Source Werkzeugen, (2) ein mobiles Assistenzsystem für den Transport von künstlichen Besamungsportionen, (3) die historische Perspektive auf kritische Infrastrukturen in der Region Rhein/Main, und (4) eine Messenger-Applikation zur Notfallkommunikation mittels LoRaWAN-basierten IoT-Setups.},
booktitle = {{INFORMATIK} 2023 - {Designing} {Futures}: {Zukünfte} gestalten},
publisher = {Gesellschaft für Informatik e. V.},
author = {Kuntke, Franz and Eberz-Eder, Daniel and Trapp, Matthias and Reuter, Christian},
year = {2023},
doi = {10.18420/inf2023_156},
keywords = {Projekt-AgriRegio, RSF, Security},
pages = {1529--1533},
}

@incollection{steinbrink_privacy_2023,
address = {Cham},
title = {Privacy {Perception} and {Behaviour} in {Safety}-{Critical} {Environments}},
isbn = {978-3-031-28643-8},
url = {https://doi.org/10.1007/978-3-031-28643-8_12},
abstract = {When considering privacy, context, and environmental circumstances can have a strong influence on individual decisions and user behavior. Especially in crises or threatening situations, privacy may conflict with other values, such as personal safety and health. In other cases, personal or public safety can also be dependent on privacy: the context of flight shows how, for those affected, the value of data protection can increase as a result of an increased threat situation. Thus, when individual sovereignty—the autonomous development of one’s own will—or safety is highly dependent on information flows, people tend to be more protective of their privacy in order to maintain their information sovereignty. But also, the context of agriculture, as part of the critical infrastructure, shows how privacy concerns can affect the adoption of digital tools. With these two examples, flight and migration as well as agriculture, this chapter presents some exemplary results that illustrate the importance of the influence of situational factors on perceived information sovereignty and the evaluation of privacy.},
booktitle = {Human {Factors} in {Privacy} {Research}},
publisher = {Springer International Publishing},
author = {Steinbrink, Enno and Biselli, Tom and Linsner, Sebastian and Herbert, Franziska and Reuter, Christian},
editor = {Gerber, Nina and Stöver, Alina and Marky, Karola},
year = {2023},
keywords = {Security, UsableSec, HCI, Projekt-ATHENE-FANCY, Projekt-CROSSING, Projekt-GRKPrivacy},
pages = {237--251},
}

@inproceedings{wursching_fido2_2023,
address = {New York, NY, USA},
series = {{CHI} '23},
title = {{FIDO2} the {Rescue}? {Platform} vs. {Roaming} {Authentication} on {Smartphones}},
url = {https://peasec.de/paper/2023/2023_WuerschingPutzHaeslerHollick_PlatformvsRoamingAuthenticationonSmartphones_CHI.pdf},
doi = {10.1145/3544548.3580993},
abstract = {Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.},
booktitle = {Proceedings of the {Conference} on {Human} {Factors} in {Computing} {Systems} ({CHI}) ({Best} {Paper} {Award})},
publisher = {Association for Computing Machinery},
author = {Würsching, Leon and Putz, Florentin and Haesler, Steffen and Hollick, Matthias},
year = {2023},
note = {event-place: Hamburg, HH, Germany},
keywords = {Security, UsableSec, HCI, Projekt-emergenCITY, A-Paper, AuswahlUsableSec, Ranking-CORE-A*},
}

@inproceedings{haesler_getting_2023,
address = {New York, NY, USA},
series = {{DIS} '23},
title = {Getting the {Residents}' {Attention}: {The} {Perception} of {Warning} {Channels} in {Smart} {Home} {Warning} {Systems}},
isbn = {978-1-4503-9893-0},
url = {https://peasec.de/paper/2023/2023_HaeslerWendelbornReuter_SmartHomeWarningSystems_DIS},
doi = {10.1145/3563657.3596076},
abstract = {About half a billion households are expected to use smart home systems by 2025. Although many IoT sensors, such as smoke detectors or security cameras, are available and governmental crisis warning systems are in place, little is known about how to warn appropriately in smart home environments. We created a Raspberry Pi based prototype with a speaker, a display, and a connected smart light bulb. Together with a focus group, we developed a taxonomy for warning messages in smart home environments, dividing them into five classes with different stimuli. We evaluated the taxonomy using the Experience Sampling Method (ESM) in a field study at participants' (N = 13) homes testing 331 warnings. The results show that taxonomy-based warning stimuli are perceived to be appropriate and participants could imagine using such a warning system. We propose a deeper integration of warning capabilities into smart home environments to enhance the safety of citizens.},
booktitle = {Proceedings of the {ACM} {Designing} {Interactive} {Systems} {Conference} ({DIS})},
publisher = {Association for Computing Machinery},
author = {Haesler, Steffen and Wendelborn, Marc and Reuter, Christian},
year = {2023},
note = {event-place: Pittsburgh, PA, USA},
keywords = {Student, Crisis, HCI, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, A-Paper, Ranking-CORE-A},
pages = {1114--1127},
}

@inproceedings{schmidt_bpol_2023,
title = {{BPoL}: {A} {Disruption}-{Tolerant} {LoRa} {Network} for {Disaster} {Communication}},
url = {https://peasec.de/paper/2023/2023_SchmidtKuntkeBauerBaumgaertner_BPOL_GHTC.pdf},
doi = {10.1109/GHTC56179.2023.10354717},
abstract = {Information and Communication Technology (ICT) is vital for everyday life and especially during times of disaster.Relying on existing infrastructure is problematic as maintenance is expensive, and they can be disrupted in emergency scenarios. Cost is a major factor which limits the technologies that can be used in rural areas or for emergency response, as satellite uplinks or private cellular networks are very expensive and complex. LoRa is commonly used for IoT infrastructure worldwide in the form of LoRaWAN to cover larger distances with low costs. But it can also be used in a Device-to-Device (D2D) mode for direct communication. By combining LoRa with Disruption-tolerant Networking (DTN), we present an affordable and practical solution that can cope with challenging conditions and be used for a large variety of applications. In our evaluation, we show how adaptable our solution is and how it outperforms similar mesh-based applications for disaster communication.},
booktitle = {{IEEE} {Global} {Humanitarian} {Technology} {Conference} ({GHTC})},
author = {Schmidt, Daniel and Kuntke, Franz and Bauer, Maximilian and Baumgärtner, Lars},
year = {2023},
keywords = {Projekt-AgriRegio, Projekt-GeoBox, Security, UsableSec},
pages = {440--447},
}

@inproceedings{zivkovic_infrastrukturen_2023,
address = {Leoben},
title = {Infrastrukturen und historisches {Wissen}: {Eine} interdisziplinäre {Analyse} der {Resilienz} von {Schienen}- und {Kabelnetzen}},
isbn = {978-3-900397-11-1},
url = {https://peasec.de/paper/2023/2023_ZivkovicFrankenThiessenEngelsReuter_InfrastrukturenHistorischesWissen_FKF23.pdf},
abstract = {Im Forschungsprojekt " Das Netz hat Geschichte: Netzwerk- und Vulnerabilitätsanalyse Kritischer Infrastrukturen am Beispiel IKT und Verkehr in Rhein/Main”" wird das historische Wachstum von IKT- und Schieneninfrastrukturnetzen, sowie daraus erwachsene Konsequenzen für deren Vulnerabilitäten am Beispiel der Rhein-Main-Region interdisziplinär untersucht. Beide Infrastrukturnetze entstanden über Jahrzehnte hinweg und sind das Ergebnis verschiedener Interessen und technischer Entwicklungen aus unterschiedlichen Zeitschichten. Dies beeinflusst die Widerstandsfähigkeit der Netze und birgt potenzielle Risiken. Anhand von ca. 20 Expert:inneninterviews soll das Wissen von Praktiker:innen über das Alter, die Ausbreitung, technische Neuerungen und deren Auswirkungen analysiert werden. Die Forschung basiert auf dem Zeitschichtenmodell von Koselleck, das es ermöglicht, die verschiedenen zeitlichen Ebenen der Infrastrukturentwicklung zu analysieren. Die Ergebnisse der semi-strukturierten Interviewstudie zum impliziten Wissen der Befragten werden genutzt, um Hypothesen zu generieren, die später mittels Archivstudien und Netzwerkanalysen überprüft werden. Die gewonnenen Erkenntnisse können zur Stärkung der Resilienz von Infrastrukturen, insbesondere bei Katastrophenszenarien regionalen Ausmaßes, und zukünftigen Investitionsentscheidungen beitragen.},
booktitle = {Tagungsband {Fachtagung} {Katastrophenforschung} 2023},
publisher = {Disaster Competence Network Austria},
author = {Zivkovic, Marco and Franken, Jonas and Thiessen, Nadja and Engels, Jens Ivo and Reuter, Christian},
year = {2023},
keywords = {Security, Crisis, Projekt-emergenCITY, Projekt-ATHENE-SecUrban, Infrastructure, Projekt-NetzGeschichte},
}

@inproceedings{franken_internets_2023,
address = {Kiel},
title = {The {Internet}’s {Plumbing} {Consists} of {Garden} {Hoses}: {A} {Critical} {Analysis} of the {Advantages} and {Pitfalls} of {Metaphors} {Use} for {Critical} {Maritime} {Infrastructures}},
url = {https://peasec.de/paper/2023/2023_FrankenSchneiderReuter_MetaphernMarKRITIS_Dreizack23.pdf},
booktitle = {Dreizack 23},
publisher = {The Kiel Seapower Series},
author = {Franken, Jonas and Schneider, Franziska and Reuter, Christian},
editor = {Schilling, Henrik},
year = {2023},
keywords = {Peace, Projekt-AgriRegio, Security, Projekt-ATHENE-SecUrban, Projekt-NetzGeschichte},
pages = {1--8},
}

@inproceedings{eberz-eder_prototypische_2023,
title = {Prototypische {Entwicklungen} zur {Umsetzung} des {Resilient} {Smart} {Farming} ({RSF}) mittels {Edge} {Computing}},
url = {https://dl.gi.de/handle/20.500.12116/40264},
abstract = {Landwirtschaft als essenzieller Teil der Nahrungsmittelproduktion gehört zu den kritischen Infrastrukturen (KRITIS). Dementsprechend müssen die eingesetzten Systeme für einen widerstandsfähigen Betrieb ausgelegt sein. Dies gilt auch für die auf landwirtschaftlichen Betrieben eingesetzte Software, die Sicherheits- und Resilienzkriterien genügen muss. Jedoch ist die Zunahme an Software zu beobachten, welche eine permanente Internetkonnektivität erfordert, d. h. eine stabile Verbindung zu Servern oder Cloud-Applikationen ist für deren Funktionsweise erforderlich. Dies stellt eine erhebliche Schwachstelle hinsichtlich der Resilienz dar und kann bei Ausfällen der Telekommunikationsinfrastruktur zu großen Problemen führen. Mit Entwicklungen aus dem Bereich Resilient Smart Farming (RSF) zeigen wir, wie Datenhaltung nach dem Offline-First-Prinzip gestaltet werden kann. Ein zentraler Bestandteil hierbei ist das Resilient Edge Computing (REC) und die entwickelte HofBox: ein Mini-Server, der das Datenmanagement im Betrieb übernimmt und mittels innovativer Open-Source basierender Container-Technologie (Open Horizon) umsetzt. Dadurch werden in Zukunft weitere Anwendungsfälle innerhalb der landwirtschaftlichen Produktions- und Wertschöpfungskette durch Public-Private-Partnership-Modelle realistisch und realisierbar.},
booktitle = {43. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft}},
publisher = {Gesellschaft für Informatik},
author = {Eberz-Eder, Daniel and Kuntke, Franz and Brill, Gerwin and Bernardi, Ansgar and Wied, Christian and Nuderscher, Philippe and Reuter, Christian},
year = {2023},
keywords = {Projekt-AgriRegio, Projekt-GeoBox, RSF, Security, UsableSec},
pages = {309--314},
}

@inproceedings{kuntke_rural_2023,
title = {Rural {Communication} in {Outage} {Scenarios}: {Disruption}-{Tolerant} {Networking} via {LoRaWAN} {Setups}},
url = {https://idl.iscram.org/files/kuntke/2023/2581_Kuntke_etal2023.pdf},
abstract = {Since communications infrastructure is subject to many impacts, e.g., destructive natural events, they can potentially collapse at any time. Especially in rural areas, the recovery of public network infrastructure can take some time, so a dedicated communication channel would be advantageous. We explore the possibility of transforming commodity LoRaWAN gateways into meshed network nodes for a digital emergency communication channel. In order to obtain the required parameters, we collected farm locations in Germany with OpenStreetMap. Based on the assumptions of LoRa communication range and considering our use case requirements, connecting farm communities seems theoretically feasible in many areas of our data set. To further analyze our idea, we ran simulations of two common DTN routing protocols with different scenarios. A proof-of-concept implementation allows smaller messages to be transmitted using real hardware and demonstrates that a decentralized communications infrastructure based on commodity hardware is possible.},
booktitle = {Proceedings of {Information} {Systems} for {Crisis} {Response} and {Management} ({ISCRAM})},
author = {Kuntke, Franz and Baumgärtner, Lars and Reuter, Christian},
year = {2023},
keywords = {Projekt-AgriRegio, Projekt-GeoBox, RSF, Security, Crisis, Projekt-emergenCITY, Projekt-MAKI},
pages = {1--13},
}

@inproceedings{kuntke_how_2023,
title = {How {Would} {Emergency} {Communication} {Based} on {LoRaWAN} {Perform}? {Empirical} {Findings} of {Signal} {Propagation} in {Rural} {Areas}},
url = {https://idl.iscram.org/files/kuntke/2023/2586_Kuntke_etal2023.pdf},
abstract = {Low Power Wide Area Network (LPWAN) technologies are typically promoted for Internet-of-Things (IoT) applications, but are also of interest for emergency communications systems when regular fixed and mobile networks break down. Although LoRaWAN is a frequently used representative here, there are sometimes large differences between the proposed range and the results of some practical evaluations. Since previous work has focused on urban environments or has conducted simulations, this work aims to gather concrete knowledge on the transmission characteristics in rural environments. Extensive field studies with varying geographic conditions and comparative tests in urban environments were performed using two different hardware implementations. Overall, it was found that the collected values in rural areas are significantly lower than the theoretical values. Nevertheless, the results certify that LoRaWAN technology has a high range that cannot be achieved with other common technologies for emergency communications.},
booktitle = {Proceedings of {Information} {Systems} for {Crisis} {Response} and {Management} ({ISCRAM})},
author = {Kuntke, Franz and Bektas, Merve and Buhleier, Laura and Pohl, Ella and Schiller, Rebekka and Reuter, Christian},
year = {2023},
keywords = {Student, Projekt-AgriRegio, Projekt-GeoBox, RSF, Crisis},
pages = {1--8},
}

@inproceedings{surminski_scatt-man_2023,
address = {New York, NY, USA},
series = {{CODASPY} '23},
title = {{SCAtt}-man: {Side}-{Channel}-{Based} {Remote} {Attestation} for {Embedded} {Devices} that {Users} {Understand}},
isbn = {9798400700675},
url = {https://doi.org/10.1145/3577923.3583652},
doi = {10.1145/3577923.3583652},
abstract = {From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of toolname against a variety of attacks and its usability based on a user study with 20 participants.},
booktitle = {Proceedings of the {Thirteenth} {ACM} {Conference} on {Data} and {Application} {Security} and {Privacy}},
publisher = {Association for Computing Machinery},
author = {Surminski, Sebastian and Niesler, Christian and Linsner, Sebastian and Davi, Lucas and Reuter, Christian},
year = {2023},
keywords = {Security, UsableSec, HCI, Projekt-CROSSING, Ranking-CORE-B},
pages = {225--236},
}

@inproceedings{schmid_safe_2023,
address = {Rapperswil, Switzerland},
title = {Safe and {Secure}? {Visions} of {Military} {Human}-{Computer} {Interaction}},
url = {https://dl.gi.de/items/841cc5bd-8e25-40de-804f-8fb4fedddf11},
doi = {10.18420/muc2023-mci-ws01-365},
abstract = {Safety-critical human-computer interaction has focused on technology use in life-critical situations, including military operations. Due to the practical relevance of HCI and disciplinary debates about human-centered design, this literature review studies HCI scholarships’ visions of military human-computer interaction. Through text analysis and categorization of publications, it is found that interaction is envisioned to take place in the context of both missionoriented operational (e.g., target detection) as well as organizational tasks (e.g., military training). While artificial intelligence, virtual/augmented reality, and robots are most frequently defined as technological environments, goals, such as situation awareness, enjoyment, and trust are predominantly associated with them. Considering scholarly references to application contexts and different factors of the context of use allows to systematically approach how military human-computer interaction is imagined. Offering insight into research trends in HCI, this first overview of research endeavors also contributes to interdisciplinary debates, such as Security Studies and technology assessment.},
language = {de},
booktitle = {Mensch und {Computer} 2023 - {Workshopband}},
publisher = {Gesellschaft für Informatik e.V.},
author = {Schmid, Stefka},
year = {2023},
keywords = {Peace, Projekt-TraCe, Projekt-ATHENE-SecUrban},
}

@inproceedings{zimmermann_safe_2023,
address = {Rapperswil, Switzerland},
title = {Safe {AND} {Secure} {Infrastructures}? – {Studying} {Human} {Aspects} of {Safety} and {Security} {Incidents} with {Experts} from both {Domains}},
url = {https://dl.gi.de/items/9c1d2bd5-229f-4db0-a764-6126cf92ef5f},
doi = {10.18420/muc2023-mci-ws01-225},
abstract = {In today’s digitalized and interconnected world, the traditionally distinct concepts security and safety are increasingly intertwined. For example, a cyber attack on a hospital can negatively impact the patients’ physical safety. Thus, security research and practice should consider these interactions. To explore human-related challenges at the intersection of safety and security, we conducted three focus group workshops with N= 16 experts from both domains. We introduced two scenarios leading to a power outage, one with a safety-related cause (snow storm) and one with a security-related cause (cyber attack). The experts discussed interactions, differences and parallels in coping with the scenarios. Additionally, potential solutions for building response capacity by including volunteers were explored. The findings indicate similar consequences resulting from the safety- vs. security-related incidents. However, the experts identified relevant differences in the challenges preparing for and coping with the scenarios. While security-related challenges included the incalculable time horizon, impact and cascading effects as well as lack of emergency plans and training, safety challengesmainly concerned accessibility of the affected area. The implications for future work are discussed.},
language = {de},
booktitle = {Mensch und {Computer} 2023 - {Workshopband}},
publisher = {Gesellschaft für Informatik e.V.},
author = {Zimmermann, Verena and Haunschild, Jasmin and Stöver, Alina and Gerber, Nina},
year = {2023},
keywords = {Peace, Security, Projekt-ATHENE-SecUrban, Projekt-GRKPrivacy},
}

@inproceedings{kaufhold_cylence_2023,
address = {Rapperswil, Switzerland},
title = {{CYLENCE}: {Strategies} and {Tools} for {Cross}-{Media} {Reporting}, {Detection}, and {Treatment} of {Cyberbullying} and {Hatespeech} in {Law} {Enforcement} {Agencies}},
url = {https://dl.gi.de/items/0e0efe8f-64bf-400c-85f7-02b65f83189d},
doi = {10.18420/muc2023-mci-ws01-211},
abstract = {Despite the merits of public and social media in private and professional spaces, citizens and professionals are increasingly exposed to cyberabuse, such as cyberbullying and hate speech. Thus, Law Enforcement Agencies (LEA) are deployed in many countries and organisations to enhance the preventive and reactive capabilities against cyberabuse. However, their tasks are getting more complex by the increasing amount and varying quality of information disseminated into public channels. Adopting the perspectives of Crisis Informatics and safety-critical Human-Computer Interaction (HCI) and based on both a narrative literature review and group discussions, this paper first outlines the research agenda of the CYLENCE project, which seeks to design strategies and tools for cross-media reporting, detection, and treatment of cyberbullying and hatespeech in investigative and law enforcement agencies. Second, it identifies and elaborates seven research challenges with regard to the monitoring, analysis and communication of cyberabuse in LEAs, which serve as a starting point for in-depth research within the project.},
language = {de},
booktitle = {Mensch und {Computer} 2023 - {Workshopband}},
publisher = {Gesellschaft für Informatik e.V.},
author = {Kaufhold, Marc-André and Bayer, Markus and Bäumler, Julian and Reuter, Christian and Stieglitz, Stefan and Basyurt, Ali Sercan and Mirabaie, Milad and Fuchß, Christoph and Eyilmez, Kaan},
year = {2023},
keywords = {UsableSec, HCI, Projekt-CYLENCE},
}

@inproceedings{kaufhold_10_2023,
address = {Rapperswil, Switzerland},
title = {10. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen}},
url = {https://dl.gi.de/items/d907ac5d-4c73-467d-adfc-4bafdb8b4cf0},
doi = {10.18420/muc2023-mci-ws01-102},
abstract = {Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Bereiche, die bereits seit Jahrzehnten Gegenstand der Forschung sind (z.B. Prozessführung in Leitwarten), aber auch aktuelle Herausforderungen (z.B. Social Media im Katastrophenschutz). In diesen und vielen weiteren Bereichen gilt, dass sichere Systemzustände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicherheitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet.},
language = {de},
booktitle = {Mensch und {Computer} 2023 - {Workshopband}},
publisher = {Gesellschaft für Informatik e.V.},
author = {Kaufhold, Marc-André and Mentler, Tilo and Nestler, Simon and Reuter, Christian},
year = {2023},
keywords = {Security, UsableSec, HCI},
}

@techreport{kuehn_threatcrawl_2023,
title = {{ThreatCrawl}: {A} {BERT}-based {Focused} {Crawler} for the {Cybersecurity} {Domain}},
shorttitle = {{ThreatCrawl}},
url = {http://arxiv.org/abs/2304.11960},
abstract = {Publicly available information contains valuable information for Cyber Threat Intelligence (CTI). This can be used to prevent attacks that have already taken place on other systems. Ideally, only the initial attack succeeds and all subsequent ones are detected and stopped. But while there are different standards to exchange this information, a lot of it is shared in articles or blog posts in non-standardized ways. Manually scanning through multiple online portals and news pages to discover new threats and extracting them is a time-consuming task. To automize parts of this scanning process, multiple papers propose extractors that use Natural Language Processing (NLP) to extract Indicators of Compromise (IOCs) from documents. However, while this already solves the problem of extracting the information out of documents, the search for these documents is rarely considered. In this paper, a new focused crawler is proposed called ThreatCrawl, which uses Bidirectional Encoder Representations from Transformers (BERT)-based models to classify documents and adapt its crawling path dynamically. While ThreatCrawl has difficulties to classify the specific type of Open Source Intelligence (OSINT) named in texts, e.g., IOC content, it can successfully find relevant documents and modify its path accordingly. It yields harvest rates of up to 52\%, which are, to the best of our knowledge, better than the current state of the art.},
number = {arXiv:2304.11960},
urldate = {2023-04-27},
institution = {arXiv},
author = {Kuehn, Philipp and Schmidt, Mike and Bayer, Markus and Reuter, Christian},
month = apr,
year = {2023},
note = {arXiv:2304.11960 [cs]},
keywords = {Student, Security, Projekt-CYWARN, Projekt-ATHENE-SecUrban},
}

@techreport{gonsior_friedensinformatik_2023,
title = {Friedensinformatik: heute und morgen},
url = {https://peasec.de/paper/2023/2023_GonsiorRiebeSchmidReinholdReuter_FriedensinformatikHeuteMorgen_WundF.pdf},
author = {Gonsior, Anja-Liisa and Riebe, Thea and Schmid, Stefka and Reinhold, Thomas and Reuter, Christian},
year = {2023},
keywords = {Peace},
pages = {34--37},
}