Change search
Link to record
Permanent link

Direct link
Publications (10 of 64) Show all publications
Mayer, P. & Volkamer, M. (2018). Addressing misconceptions about password security effectively. In: Proceedings of 7th Workshop on Socio-Technical Aspects in Security and Trust, Orlando, Florida, USA, December 2017 (STAST 2017): . Paper presented at 7th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2017 - Co-located with the 2017 Annual Computer Security Applications Conference, ACSAC 2017, 5 December 2017 (pp. 1-12). Association for Computing Machinery
Open this publication in new window or tab >>Addressing misconceptions about password security effectively
2018 (English)In: Proceedings of 7th Workshop on Socio-Technical Aspects in Security and Trust, Orlando, Florida, USA, December 2017 (STAST 2017), Association for Computing Machinery , 2018, p. 1-12Conference paper, Published paper (Refereed)
Abstract [en]

Nowadays, most users need more passwords than they can handle. Consequently, users have developed a multitude of strategies to cope with this situation. Some of these coping strategies are based on misconceptions about password security. In such cases, the users are unaware of their insecure password practices. Addressing the misconceptions is vital in order to decrease insecure coping strategies. We conducted a systematic literature review with the goal to provide an overview of the misconceptions about password security. Our literature review revealed that misconceptions exist in basically all aspects of password security. Furthermore, we developed interventions to address these misconceptions. Then, we evaluated the interventions’ effectiveness in decreasing the misconceptions at three small and medium sized enterprises (SME). Our results show that the interventions decrease the overall prevalence of misconceptions significantly in the participating employees.

Place, publisher, year, edition, pages
Association for Computing Machinery, 2018
Keywords
Literature review, Misconceptions, Password security, User study, Security systems, Coping strategies, Literature reviews, Small- and medium-sized enterprise, Systematic literature review, Authentication
National Category
Mathematics Computer and Information Sciences
Research subject
Computer Science; Mathematics
Identifiers
urn:nbn:se:kau:diva-71295 (URN)10.1145/3167996.3167998 (DOI)2-s2.0-85061043553 (Scopus ID)9781450363570 (ISBN)
Conference
7th Workshop on Socio-Technical Aspects in Security and Trust, STAST 2017 - Co-located with the 2017 Annual Computer Security Applications Conference, ACSAC 2017, 5 December 2017
Available from: 2019-02-21 Created: 2019-02-21 Last updated: 2019-05-16Bibliographically approved
Karegar, F., Gerber, N., Volkamer, M. & Fischer-Hübner, S. (2018). Helping John to Make Informed Decisions on Using Social Login. In: Proceedings of the 33th Symposium on Applied Computing (SAC 2018), Pau, F, April 9-13, 2018: . New York: ACM Publications
Open this publication in new window or tab >>Helping John to Make Informed Decisions on Using Social Login
2018 (English)In: Proceedings of the 33th Symposium on Applied Computing (SAC 2018), Pau, F, April 9-13, 2018, New York: ACM Publications, 2018Chapter in book (Other academic)
Place, publisher, year, edition, pages
New York: ACM Publications, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65743 (URN)10.1145/3167132.3167259 (DOI)000455180700169 ()
Projects
Credential (4896)
Funder
EU, Horizon 2020
Available from: 2018-01-19 Created: 2018-01-19 Last updated: 2020-11-05Bibliographically approved
Budurushi, J., Neumann, S., Renaud, K. & Volkamer, M. (2018). Introduction to special issue on e-voting. Journal of Information Security and Applications, 38, 122-123
Open this publication in new window or tab >>Introduction to special issue on e-voting
2018 (English)In: Journal of Information Security and Applications, ISSN 2214-2134, E-ISSN 2214-2126, Vol. 38, p. 122-123Article in journal (Refereed) Published
Place, publisher, year, edition, pages
Elsevier, 2018
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:kau:diva-66618 (URN)10.1016/j.jisa.2017.12.003 (DOI)000425280800011 ()
Available from: 2018-03-08 Created: 2018-03-08 Last updated: 2018-06-14Bibliographically approved
Mayer, P., Kirchner, J. & Volkamer, M. (2017). A second look at password composition policies in the wild: Comparing samples from 2010 and 2016. In: Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017): . Paper presented at SOUPS Thirteenth Symposium on Usable Privacy and Security, July 12–14, 2017, Santa Clara, CA, USA (pp. 13-28). USENIX - The Advanced Computing Systems Association
Open this publication in new window or tab >>A second look at password composition policies in the wild: Comparing samples from 2010 and 2016
2017 (English)In: Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), USENIX - The Advanced Computing Systems Association, 2017, p. 13-28Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we present a replication and extension of the study performed by Flor^encio and Herley published at SOUPS 2010. They investigated a sample of US websites, examining different website features' effects on the strength of the website's password composition policy (PCP). Using the same methodology as in the original study, we re-investigated the same US websites to identify differences over time. We then extended the initial study by investigating a corresponding sample of German websites in order to identify differences across countries. Our findings indicate that while the website features mostly retain their predicting power for the US sample, only one feature affecting PCP strength translates to the German sample: whether users can choose among multiple alternative websites providing the same service. Moreover, German websites generally use weaker PCPs and, in particular, PCPs of German banking websites stand out for having generally low strength PCPs

 

Place, publisher, year, edition, pages
USENIX - The Advanced Computing Systems Association, 2017
National Category
Information Systems Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65615 (URN)978-1-931971-39-3 (ISBN)
Conference
SOUPS Thirteenth Symposium on Usable Privacy and Security, July 12–14, 2017, Santa Clara, CA, USA
Available from: 2018-01-16 Created: 2018-01-16 Last updated: 2022-01-25Bibliographically approved
Kulyk, O., Reinheimer, B. M., Gerber, P., Volk, F., Volkamer, M. & Mühlhäuser, M. (2017). Advancing Trust Visualisations for Wider Applicability and User Acceptance. In: Trustcom/BigDataSE/ICESS, 2017 IEEE: . Paper presented at IEEE Trustcom/BigDataSE/ICESS 1-4 Augusti 2017, Sydney, NSW, Australia (pp. 562-569). Piscataway: IEEE
Open this publication in new window or tab >>Advancing Trust Visualisations for Wider Applicability and User Acceptance
Show others...
2017 (English)In: Trustcom/BigDataSE/ICESS, 2017 IEEE, Piscataway: IEEE, 2017, p. 562-569Conference paper, Published paper (Refereed)
Abstract [en]

There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations-like, for example, the opinion triangle, the human trust interface, and T-Viz-the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors

Place, publisher, year, edition, pages
Piscataway: IEEE, 2017
Keywords
data visualisation, decision making, trusted computing
National Category
Computer Sciences Human Computer Interaction Interaction Technologies
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65610 (URN)10.1109/Trustcom/BigDataSE/ICESS.2017.285 (DOI)000428367500073 ()978-1-5090-4906-6 (ISBN)978-1-5090-4907-3 (ISBN)
Conference
IEEE Trustcom/BigDataSE/ICESS 1-4 Augusti 2017, Sydney, NSW, Australia
Available from: 2018-01-15 Created: 2018-01-15 Last updated: 2020-12-10Bibliographically approved
Kulyk, O., Neumann, S., Marley, K., Budurushi, J. & Volkamer, M. (2017). Coercion-resistant proxy voting. Paper presented at 13th International Conference on Security and Cryptography (SECRYPT), JUL 26-28, 2016, Lisbon, PORTUGAL. Computers & security (Print), 71, 88-99
Open this publication in new window or tab >>Coercion-resistant proxy voting
Show others...
2017 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 71, p. 88-99Article in journal (Refereed) Published
Abstract [en]

In general, most elections follow the principle of equality, or as it came to be known, the principle of "one person-one vote". However, this principle might pose difficulties for voters, who are not well informed regarding the particular matter that is voted on. In order to address this issue, a new form of voting has been proposed, namely proxy voting. In proxy voting, each voter has the possibility to delegate her voting right to another voter, so called proxy, that she considers a trusted expert on the matter. In this paper we propose an end-to-end verifiable Internet voting scheme, which to the best of our knowledge is the first scheme to address voter coercion in the proxy voting setting. (C) 2017 Elsevier Ltd. All rights reserved.

National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65907 (URN)10.1016/j.cose.2017.06.007 (DOI)000414817800008 ()
Conference
13th International Conference on Security and Cryptography (SECRYPT), JUL 26-28, 2016, Lisbon, PORTUGAL
Available from: 2018-01-25 Created: 2018-01-25 Last updated: 2018-06-29Bibliographically approved
Neumann, S., Reinheimer, B. M. & Volkamer, M. (2017). Don’t Be Deceived: The Message Might Be Fake. In: Javier Lopez; Simone Fischer-Hübner; Costas Lambrinoudaki (Ed.), Lopez J., Fischer-Hübner S., Lambrinoudakis C (Ed.), Trust, Privacy and Security in Digital Business, Trustbus 2017: . Paper presented at International Conference on Trust and Privacy in Digital Business, 28-31 August, Lyon, France (pp. 199-214). Cham: Springer, 10442
Open this publication in new window or tab >>Don’t Be Deceived: The Message Might Be Fake
2017 (English)In: Trust, Privacy and Security in Digital Business, Trustbus 2017 / [ed] Lopez J., Fischer-Hübner S., Lambrinoudakis C, Cham: Springer, 2017, Vol. 10442, p. 199-214Conference paper, Published paper (Refereed)
Abstract [en]

In an increasingly digital world, fraudsters, too, exploit this new environment and distribute fraudulent messages that trick victims into taking particular actions. There is no substitute for making users aware of scammers’ favoured techniques and giving them the ability to detect fraudulent messages. We developed an awareness-raising programme, specifically focusing on the needs of small and medium-sized enterprises (SMEs). The programme was evaluated in the field. The participating employees demonstrated significantly improved skills in terms of ability to classify messages as fraudulent or genuine. Particularly with regard to one of the most widespread attack types, namely fraudulent messages with links that contain well-known domains as sub-domains of generic domains, recipients of the programme improved their recognition rates from \(56.6\%\) to \(88\%\). Thus, the developed security awareness-raising programme contributes to improving the security in SMEs.

Place, publisher, year, edition, pages
Cham: Springer, 2017
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10442
Keywords
Usable security, Education concept, User studies, SME, Awareness
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65619 (URN)10.1007/978-3-319-64483-7_13 (DOI)000457332100013 ()978-3-319-64482-0 (ISBN)978-3-319-64483-7 (ISBN)
Conference
International Conference on Trust and Privacy in Digital Business, 28-31 August, Lyon, France
Available from: 2018-01-17 Created: 2018-01-17 Last updated: 2019-11-11Bibliographically approved
Neumann, S., Noll, M. & Volkamer, M. (2017). Election-Dependent Security Evaluation of Internet Voting Schemes. In: De Capitani di Vimercati S., Martinelli F. (Ed.), ICT Systems Security and Privacy Protection: SEC 2017. IFIP Advances in Information and Communication Technology. Paper presented at 32nd International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2017 May 29 - 31, 2017, Rome, Italy (pp. 371-382). Springer, 502
Open this publication in new window or tab >>Election-Dependent Security Evaluation of Internet Voting Schemes
2017 (English)In: ICT Systems Security and Privacy Protection: SEC 2017. IFIP Advances in Information and Communication Technology / [ed] De Capitani di Vimercati S., Martinelli F., Springer, 2017, Vol. 502, p. 371-382Conference paper, Published paper (Refereed)
Abstract [en]

The variety of Internet voting schemes proposed in the literature build their security upon a number of trust assumptions. The criticality of these assumptions depends on the target election setting, particularly the adversary expected within that setting. Given the potential complexity of the assumptions, identifying the most appropriate Internet voting schemes for a specific election setting poses a significant burden to election officials. We address this shortcoming by the construction of an election-dependent security evaluation framework for Internet voting schemes. On the basis of two specification languages, the core of the framework essentially evaluates election-independent security models with regard to expected adversaries and returns satisfaction degrees for security requirements. These satisfaction degrees serve election officials as basis for their decision-making. The framework is evaluated against requirements stemming from measure theory.

Place, publisher, year, edition, pages
Springer, 2017
National Category
Computer Sciences Information Systems Other Computer and Information Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65617 (URN)10.1007/978-3-319-58469-0_25 (DOI)978-3-319-58469-0 (ISBN)978-3-319-58468-3 (ISBN)
Conference
32nd International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2017 May 29 - 31, 2017, Rome, Italy
Available from: 2018-01-17 Created: 2018-01-17 Last updated: 2018-07-03Bibliographically approved
Krimmer, R., Volkamer, M., Barrat, J., Benaloh, J., Goodman, N., Ryan, P. Y. . & Teague, V. (Eds.). (2017). Electronic Voting: First International Joint Conference, E-Vote-ID 2016, Bregenz, Austria, October 18-21, 2016, Proceedings. Paper presented at First International Joint Conference, E-Vote-ID 2016, Bregenz, Austria, October 18-21, 2016. Cham: Springer
Open this publication in new window or tab >>Electronic Voting: First International Joint Conference, E-Vote-ID 2016, Bregenz, Austria, October 18-21, 2016, Proceedings
Show others...
2017 (English)Conference proceedings (editor) (Refereed)
Place, publisher, year, edition, pages
Cham: Springer, 2017. p. 233
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10141
Keywords
document image analysis formal methods internet voting private and secure message transmission ballot secrecy cast-as-intended verifiability combinatorics computer system diversity computer vision e-voting electronic voting protocols electronic voting systems information theoretic anonymity malicious voting client optical scan paper ballots paper based elections remote voting voting systems
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65604 (URN)10.1007/978-3-319-52240-1 (DOI)978-3-319-52239-5 (ISBN)978-3-319-52240-1 (ISBN)
Conference
First International Joint Conference, E-Vote-ID 2016, Bregenz, Austria, October 18-21, 2016
Available from: 2018-01-15 Created: 2018-01-15 Last updated: 2019-11-11Bibliographically approved
Ghiglieri, M., Volkamer, M. & Renaud, K. (2017). Exploring Consumers' Attitudes of Smart TV Related Privacy Risks. In: Human Aspects of Information Security, Privacy and Trust: 5th International Conference, HAS 2017, Held as Part of HCI International 2017, Vancouver, BC, Canada, July 9-14, 2017, Proceedings. Paper presented at HAS 2017: 5th International Conference on Human Aspects of Information Security, Privacy, and Trust, Vancouver, Canada, 9 - 14 July 2017 (pp. 656-674). Cham: Springer, 10292
Open this publication in new window or tab >>Exploring Consumers' Attitudes of Smart TV Related Privacy Risks
2017 (English)In: Human Aspects of Information Security, Privacy and Trust: 5th International Conference, HAS 2017, Held as Part of HCI International 2017, Vancouver, BC, Canada, July 9-14, 2017, Proceedings, Cham: Springer, 2017, Vol. 10292, p. 656-674Conference paper, Published paper (Refereed)
Place, publisher, year, edition, pages
Cham: Springer, 2017
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 10292
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kau:diva-48086 (URN)10.1007/978-3-319-58460-7_45 (DOI)00043184680004 ()
Conference
HAS 2017: 5th International Conference on Human Aspects of Information Security, Privacy, and Trust, Vancouver, Canada, 9 - 14 July 2017
Available from: 2017-03-06 Created: 2017-03-06 Last updated: 2020-09-01Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2674-4043

Search in DiVA

Show all publications