Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 42) Show all publications
Karegar, F., Gerber, N., Volkamer, M. & Fischer-Hübner, S. (2018). Helping John to Make Informed Decisions on Using Social Login. In: Proceedings of the 33th Symposium on Applied Computing (SAC 2018), Pau, F, April 9-13, 2018: . New York: ACM Publications
Open this publication in new window or tab >>Helping John to Make Informed Decisions on Using Social Login
2018 (English)In: Proceedings of the 33th Symposium on Applied Computing (SAC 2018), Pau, F, April 9-13, 2018, New York: ACM Publications, 2018Chapter in book (Other academic)
Place, publisher, year, edition, pages
New York: ACM Publications, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65743 (URN)10.1145/3167132.3167259 (DOI)
Projects
Credential (4896)
Funder
EU, Horizon 2020
Available from: 2018-01-19 Created: 2018-01-19 Last updated: 2018-09-05Bibliographically approved
Budurushi, J., Neumann, S., Renaud, K. & Volkamer, M. (2018). Introduction to special issue on e-voting. Journal of Information Security and Applications, 38, 122-123
Open this publication in new window or tab >>Introduction to special issue on e-voting
2018 (English)In: Journal of Information Security and Applications, ISSN 2214-2134, E-ISSN 2214-2126, Vol. 38, p. 122-123Article in journal (Refereed) Published
Place, publisher, year, edition, pages
Elsevier, 2018
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:kau:diva-66618 (URN)10.1016/j.jisa.2017.12.003 (DOI)000425280800011 ()
Available from: 2018-03-08 Created: 2018-03-08 Last updated: 2018-06-14Bibliographically approved
Mayer, P., Kirchner, J. & Volkamer, M. (2017). A second look at password composition policies in the wild: Comparing samples from 2010 and 2016. In: Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017): . Paper presented at SOUPS Thirteenth Symposium on Usable Privacy and Security, July 12–14, 2017, Santa Clara, CA, USA (pp. 13-28). Usenix, The advanced computer systems associaton
Open this publication in new window or tab >>A second look at password composition policies in the wild: Comparing samples from 2010 and 2016
2017 (English)In: Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), Usenix, The advanced computer systems associaton , 2017, p. 13-28Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we present a replication and extension of the study performed by Flor^encio and Herley published at SOUPS 2010. They investigated a sample of US websites, examining different website features' effects on the strength of the website's password composition policy (PCP). Using the same methodology as in the original study, we re-investigated the same US websites to identify differences over time. We then extended the initial study by investigating a corresponding sample of German websites in order to identify differences across countries. Our findings indicate that while the website features mostly retain their predicting power for the US sample, only one feature affecting PCP strength translates to the German sample: whether users can choose among multiple alternative websites providing the same service. Moreover, German websites generally use weaker PCPs and, in particular, PCPs of German banking websites stand out for having generally low strength PCPs

 

Place, publisher, year, edition, pages
Usenix, The advanced computer systems associaton, 2017
National Category
Information Systems Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65615 (URN)978-1-931971-39-3 (ISBN)
Conference
SOUPS Thirteenth Symposium on Usable Privacy and Security, July 12–14, 2017, Santa Clara, CA, USA
Available from: 2018-01-16 Created: 2018-01-16 Last updated: 2018-07-03Bibliographically approved
Kulyk, O., Reinheimer, B. M., Gerber, P., Volk, F., Volkamer, M. & Mühlhäuser, M. (2017). Advancing Trust Visualisations for Wider Applicability and User Acceptance. In: Trustcom/BigDataSE/ICESS, 2017 IEEE: . Paper presented at IEEE Trustcom/BigDataSE/ICESS 1-4 Augusti 2017, Sydney, NSW, Australia (pp. 562-569). Piscataway: IEEE
Open this publication in new window or tab >>Advancing Trust Visualisations for Wider Applicability and User Acceptance
Show others...
2017 (English)In: Trustcom/BigDataSE/ICESS, 2017 IEEE, Piscataway: IEEE, 2017, p. 562-569Conference paper, Published paper (Refereed)
Abstract [en]

There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations-like, for example, the opinion triangle, the human trust interface, and T-Viz-the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors

Place, publisher, year, edition, pages
Piscataway: IEEE, 2017
Keywords
data visualisation, decision making, trusted computing
National Category
Computer Sciences Human Computer Interaction Interaction Technologies
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65610 (URN)10.1109/Trustcom/BigDataSE/ICESS.2017.285 (DOI)978-1-5090-4906-6 (ISBN)978-1-5090-4907-3 (ISBN)
Conference
IEEE Trustcom/BigDataSE/ICESS 1-4 Augusti 2017, Sydney, NSW, Australia
Available from: 2018-01-15 Created: 2018-01-15 Last updated: 2018-07-05Bibliographically approved
Kulyk, O., Neumann, S., Marley, K., Budurushi, J. & Volkamer, M. (2017). Coercion-resistant proxy voting. Paper presented at 13th International Conference on Security and Cryptography (SECRYPT), JUL 26-28, 2016, Lisbon, PORTUGAL. Computers & security (Print), 71, 88-99
Open this publication in new window or tab >>Coercion-resistant proxy voting
Show others...
2017 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 71, p. 88-99Article in journal (Refereed) Published
Abstract [en]

In general, most elections follow the principle of equality, or as it came to be known, the principle of "one person-one vote". However, this principle might pose difficulties for voters, who are not well informed regarding the particular matter that is voted on. In order to address this issue, a new form of voting has been proposed, namely proxy voting. In proxy voting, each voter has the possibility to delegate her voting right to another voter, so called proxy, that she considers a trusted expert on the matter. In this paper we propose an end-to-end verifiable Internet voting scheme, which to the best of our knowledge is the first scheme to address voter coercion in the proxy voting setting. (C) 2017 Elsevier Ltd. All rights reserved.

National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65907 (URN)10.1016/j.cose.2017.06.007 (DOI)000414817800008 ()
Conference
13th International Conference on Security and Cryptography (SECRYPT), JUL 26-28, 2016, Lisbon, PORTUGAL
Available from: 2018-01-25 Created: 2018-01-25 Last updated: 2018-06-29Bibliographically approved
Neumann, S., Reinheimer, B. M. & Volkamer, M. (2017). Don’t Be Deceived: The Message Might Be Fake. In: Javier Lopez; Simone Fischer-Hübner; Costas Lambrinoudaki (Ed.), Lopez J., Fischer-Hübner S., Lambrinoudakis C (Ed.), Trust, Privacy and Security in Digital Business: . Paper presented at International Conference on Trust and Privacy in Digital Business, 28-31 August, Lyon, France (pp. 199-214). Paper presented at International Conference on Trust and Privacy in Digital Business, 28-31 August, Lyon, France. Cham: Springer, 10442
Open this publication in new window or tab >>Don’t Be Deceived: The Message Might Be Fake
2017 (English)In: Trust, Privacy and Security in Digital Business / [ed] Javier Lopez; Simone Fischer-Hübner; Costas Lambrinoudaki, Cham: Springer, 2017, Vol. 10442, p. 199-214Chapter in book (Refereed)
Abstract [en]

In an increasingly digital world, fraudsters, too, exploit this new environment and distribute fraudulent messages that trick victims into taking particular actions. There is no substitute for making users aware of scammers’ favoured techniques and giving them the ability to detect fraudulent messages. We developed an awareness-raising programme, specifically focusing on the needs of small and medium-sized enterprises (SMEs). The programme was evaluated in the field. The participating employees demonstrated significantly improved skills in terms of ability to classify messages as fraudulent or genuine. Particularly with regard to one of the most widespread attack types, namely fraudulent messages with links that contain well-known domains as sub-domains of generic domains, recipients of the programme improved their recognition rates from \(56.6\%\) to \(88\%\). Thus, the developed security awareness-raising programme contributes to improving the security in SMEs.

Place, publisher, year, edition, pages
Cham: Springer, 2017
Series
Lecture Notes in Computer Science
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65619 (URN)10.1007/978-3-319-64483-7_13 (DOI)978-3-319-64482-0 (ISBN)978-3-319-64483-7 (ISBN)
Conference
International Conference on Trust and Privacy in Digital Business, 28-31 August, Lyon, France
Available from: 2018-01-17 Created: 2018-01-17 Last updated: 2018-06-26Bibliographically approved
Neumann, S., Noll, M. & Volkamer, M. (2017). Election-Dependent Security Evaluation of Internet Voting Schemes. In: De Capitani di Vimercati S., Martinelli F. (Ed.), ICT Systems Security and Privacy Protection: SEC 2017. IFIP Advances in Information and Communication Technology. Paper presented at 32nd International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2017 May 29 - 31, 2017, Rome, Italy (pp. 371-382). Springer, 502
Open this publication in new window or tab >>Election-Dependent Security Evaluation of Internet Voting Schemes
2017 (English)In: ICT Systems Security and Privacy Protection: SEC 2017. IFIP Advances in Information and Communication Technology / [ed] De Capitani di Vimercati S., Martinelli F., Springer, 2017, Vol. 502, p. 371-382Conference paper, Published paper (Refereed)
Abstract [en]

The variety of Internet voting schemes proposed in the literature build their security upon a number of trust assumptions. The criticality of these assumptions depends on the target election setting, particularly the adversary expected within that setting. Given the potential complexity of the assumptions, identifying the most appropriate Internet voting schemes for a specific election setting poses a significant burden to election officials. We address this shortcoming by the construction of an election-dependent security evaluation framework for Internet voting schemes. On the basis of two specification languages, the core of the framework essentially evaluates election-independent security models with regard to expected adversaries and returns satisfaction degrees for security requirements. These satisfaction degrees serve election officials as basis for their decision-making. The framework is evaluated against requirements stemming from measure theory.

Place, publisher, year, edition, pages
Springer, 2017
National Category
Computer Sciences Information Systems Other Computer and Information Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65617 (URN)10.1007/978-3-319-58469-0_25 (DOI)978-3-319-58469-0 (ISBN)978-3-319-58468-3 (ISBN)
Conference
32nd International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2017 May 29 - 31, 2017, Rome, Italy
Available from: 2018-01-17 Created: 2018-01-17 Last updated: 2018-07-03Bibliographically approved
Krimmer, R., Volkamer, M., Barrat, J., Benaloh, J., Goodman, N., Ryan, P. Y. . & Teague, V. (Eds.). (2017). Electronic Voting: First International Joint Conference, E-Vote-ID 2016, Bregenz, Austria, October 18-21, 2016, Proceedings. Paper presented at First International Joint Conference, E-Vote-ID 2016, Bregenz, Austria, October 18-21, 2016. Schweiz: Springer
Open this publication in new window or tab >>Electronic Voting: First International Joint Conference, E-Vote-ID 2016, Bregenz, Austria, October 18-21, 2016, Proceedings
Show others...
2017 (English)Conference proceedings (editor) (Refereed)
Place, publisher, year, edition, pages
Schweiz: Springer, 2017. p. 233
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10141
Keywords
document image analysis formal methods internet voting private and secure message transmission ballot secrecy cast-as-intended verifiability combinatorics computer system diversity computer vision e-voting electronic voting protocols electronic voting systems information theoretic anonymity malicious voting client optical scan paper ballots paper based elections remote voting voting systems
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65604 (URN)10.1007/978-3-319-52240-1 (DOI)978-3-319-52239-5 (ISBN)978-3-319-52240-1 (ISBN)
Conference
First International Joint Conference, E-Vote-ID 2016, Bregenz, Austria, October 18-21, 2016
Available from: 2018-01-15 Created: 2018-01-15 Last updated: 2018-07-02Bibliographically approved
Mayer, P., Gerber, N., McDermott, R., Volkamer, M. & Vogt, J. (2017). Productivity vs security: mitigating conflicting goals in organizations. Information and Computer Security, 25(2), 137-151
Open this publication in new window or tab >>Productivity vs security: mitigating conflicting goals in organizations
Show others...
2017 (English)In: Information and Computer Security, ISSN 1434-5250, E-ISSN 2220-3796, Vol. 25, no 2, p. 137-151Article in journal (Refereed) Published
Abstract [en]

Purpose

This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals.

Design/methodology/approach

This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small- to medium-sized organizations (SMEs) with overall 90 employees.

Findings

The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees.

Research limitations/implications

Both studies rely on self-reported data and are, therefore, likely to contain some kind of bias.

Practical implications

Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations.

Originality/value

This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.

Place, publisher, year, edition, pages
Bingley: Emerald Group Publishing Limited, 2017
Keywords
Organizational context, Goal setting, Information security compliance
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65599 (URN)10.1108/ICS-03-2017-0014 (DOI)
Available from: 2018-01-15 Created: 2018-01-15 Last updated: 2018-07-02Bibliographically approved
Mayer, P., Kunz, A. & Volkamer, M. (2017). Reliable behavioural factors in the information security context. In: ARES '17 Proceedings of the 12th International Conference on Availability, Reliability and Security: . Paper presented at ARES 17 - International Conference on Availability, Reliability and Security, Reggio Calabria, Italy, August 29 - September 01, 2017. New York: Association for Computing Machinery (ACM), Article ID UNSP 9.
Open this publication in new window or tab >>Reliable behavioural factors in the information security context
2017 (English)In: ARES '17 Proceedings of the 12th International Conference on Availability, Reliability and Security, New York: Association for Computing Machinery (ACM), 2017, article id UNSP 9Conference paper, Published paper (Refereed)
Abstract [en]

Users do often not behave securely when using information technology. Many studies have tried to identify the factors of behavioural theories which can increase secure behaviour. The goal of this work is to identify which of the factors are reliably associated with secure behaviour across multiple studies. Those factors are of interest to information security professionals since addressing them in security awareness and education campaigns can help improving security related processes of users. To attain our goal, we conducted a systematic literature review and assessed the reliability of the factors based on the effect sizes reported in the literature. Our results indicate that 11 out of the 14 factors from well established behavioural theories can be associated with reliable effects in the information security context. These factors cover very different aspects: influence of the users skills, whether the environment makes it possible to exhibit secure behaviour, the influence of friends or co-workers, and the perceived properties of the secure behaviour (e.g. response cost). Also, we identify areas, where more studies are needed to increase the confidence of the factors' reliability assessment.

Place, publisher, year, edition, pages
New York: Association for Computing Machinery (ACM), 2017
Series
ACM International Conference Proceeding Series
Keywords
Behavioural Theories; Behavioural Factors; Information Security
National Category
Computer Sciences Information Systems Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65616 (URN)10.1145/3098954.3098986 (DOI)00426964900009 ()978-1-4503-5257-4 (ISBN)
Conference
ARES 17 - International Conference on Availability, Reliability and Security, Reggio Calabria, Italy, August 29 - September 01, 2017
Available from: 2018-01-16 Created: 2018-01-16 Last updated: 2018-10-05Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2674-4043

Search in DiVA

Show all publications