Auflistung nach Autor:in "Volkamer, Melanie"
1 - 10 von 58
Treffer pro Seite
Sortieroptionen
- Editiertes Buch
- KonferenzbeitragA supervised verifiable voting protocol for the victorian electoral commission(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Burton, Craig; Culane, Chris; Heather, James; Peacock, Thea; Ryan, Peter Y. A.; Schneider, Steve; Srinivasan, Sriramkrishnan; Teague, Vanessa; Wen, Roland; Xia, ZheThis paper describes the design of a supervised, verifiable voting protocol suitable for use for elections in the state of Victoria, Australia. We provide a brief overview of the style and nature of the elections held in Victoria and associated challenges. Our protocol, based on Prêt à Voter, presents a new ballot overprinting front-end design, which assists the voter in completing the potentially complex ballot. We also present and analyze a series of modifications to the backend that will enable it to handle the large number of candidates, 35 +, with ranking single transferable vote (STV), which some Victorian elections require. We conclude with a threat analysis of the scheme and a discussion on the impact of the modifications on the integrity and privacy assumptions of Prêt à Voter.
- KonferenzbeitragA user-centred approach to facilitate locating company security policies; Nutzerzentrierter Ansatz zur Vereinfachung des Auffindens von Security Policies(Mensch und Computer 2023 - Tagungsband, 2023) Aldag, Lukas; Ballreich, Fabian; Berens, Benjamin; Volkamer, MelanieEnglish: An important factor for the effectiveness of security awareness measures in companies is awareness and consistency of security policies. As part of a case study, a document was created using a user-centred approach that gives an overview of all relevant individual documents (so-called overview document). In addition, a process for publication was developed and evaluated iteratively. The case study took place at a medium-sized energy company in Germany. General lessons learned are derived from the case study. For example, distributing important documents via e-mail carries the risk that this is perceived as less important or is not perceived at all. Deutsch: Ein wichtiger Faktor für die Effektivität von Security Awareness-Maßnahmen in Unternehmen sind die Bekanntheit und Konsistenz von Security Policies. Im Rahmen einer Case Study wurde mit einem nutzerzentrierten Ansatz ein Dokument, das den Nutzenden eine Übersicht über alle relevanten Einzeldokumente (sog. Übersichtsdokument) gibt und ein Prozess zur Bekanntmachung iterativ entwickelt und evaluiert. Die Case Study fand bei einem mittelgroßen Energieversorgungsunternehmen in Deutschland statt. Aus der Case Study werden allgemeine Lessons Learned abgeleitet. Beispielsweise birgt eine Verteilung von wichtigen Dokumenten über E-Mail die Gefahr, dass diese gar nicht oder als weniger wichtig wahrgenommen wird.
- KonferenzbeitragAchieving meaningful efficiency in coercion-resistant, verifiable Internet voting(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Spycher, Oliver; Koenig, Reto; Haenni, Rolf; Schläpfer, MichaelIn traditional voting schemes with paper, pens, and ballot-boxes, appropriate procedures are put in place to reassure voters that the result of the tally is correct. Considering that in Internet voting errors or fraud will generally scale over a much greater fraction of votes, the demand to get strong reassurances as well, seems more than justified. With the ambition of offering a maximum degree of transparency, so-called verifiable schemes have been proposed. By publishing the relevant information, each voter may verify that her vote is included in the final tally and that accepted votes have been cast using proper voting material. Remarkably, this can be done while guaranteeing the secrecy of the ballot at the same time. On the negative side, high transparency will generally make it easier for voters to reveal how they voted, e.g., to a coercer. In this paper we propose an Internet voting protocol that is verifiable and simultateously makes it practically impossible for vote buyers or coercers to elicit the voters' behaviour. We compare its efficiency with existing work under equal degrees of coercion-resistance using an appropriate measure (δ). The contribution of our scheme lies in its efficiency during the most critical phases of the voting procedure, i.e., vote casting and tallying. Moreover, during these phases, efficiency is insensitive to the desired degree of coercion-resistance.
- KonferenzbeitragCast-as-intended verification in Norway(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Puigallí Allepuz, Jordi; Guasch Castelló, SandraThe Norwegian Ministry started an initiative to implement Internetvoting trials during the municipal elections in 2011. One of the security requirements of the chosen e-voting system to not to put any trust in the voting client: a malicious application controlling the voting client should not be able to modify the voting options selected by the voter without being detected. This paper describes the voter verification return-code scheme that was implemented for this project. Furthermore, this paper explains the implementation details of the final solution and the workflow of the system during the different election phases. The aim of this paper is to provide a general overview of the cast-as-intended scheme implemented in eValg2011.
- KonferenzbeitragClassifying privacy and verifiability requirements for electronic voting(Informatik 2009 – Im Focus das Leben, 2009) Langer, Lucie; Schmidt, Axel; Volkamer, Melanie; Buchmann, Johannes
- KonferenzbeitragCoercion-freeness in e-voting via multi-party designated verifier schemes(5th International Conference on Electronic Voting 2012 (EVOTE2012), 2012) Dossogne, Jérôme; Lafitte, Frédéric; Markowitch, OlivierIn this paper we present how multi-party designated verifier signatures can be used as generic solution to provide coercion-freeness in electronic voting schemes. We illustrate the concept of multi-party designated verifier signatures with an enhanced version of Ghodosi and Pieprzyk [GP06]'s threshold signature scheme. The proposed scheme is efficient, secure, allows distributed computations of the signature on the ballot receipt, and can be parameterized to set a threshold on the number of required signers. The security of the designated verifier property is evaluated using the simulation paradigm [Gol00] based on the security analysis of [GHKR08]. Unlike previously provable schemes, ours is ideal, i.e. the bit-length of each secret key share is bounded by the bit-length of the RSA modulus.
- KonferenzbeitragCoercion-Resistant Internet Voting in Practice(Informatik 2014, 2014) Feier, Christian; Neumann, Stephan; Volkamer, MelanieInternet voting continues to raise interest both among research and society. Throughout the last decades, many Internet voting schemes have been developed, each one providing particular properties such as receipt-freeness or end-to-end verifiability. One attractive scheme is the JCJ / Civitas scheme due to its property of making coercion attacks ineffective. Neumann and Volkamer [NV12] analyzed the scheme and identified significant usability issues. To overcome these drawbacks, the authors extended the original work by integrating smart cards. In a follow-up work, Neumann et al. [NFVK13] conducted a theoretical performance analysis for this extension and improved the extension towards its applicability in real-world elections. Their analysis left several real-world considerations open for future work. The present work addresses these gaps: We present a prototype implementation of the revised extension and assess its real-world performance. Based on this contribution, we are able to conclude that the revised extension is feasible to be used in real-world elections.
- KonferenzbeitragComparative Usability Evaluation of Cast-as-Intended Verification Approaches in Internet Voting(SICHERHEIT 2018, 2018) Marky, Karola; Kulyk, Oksana; Volkamer, MelanieInternet Voting promises benefits like the support for voters from abroad and an overall improved accessibility. But it is accompanied by security risks like the manipulation of votes by malware. Enabling the voters to verify that their voting device casts their intended votes is a possible solution to address such a manipulation - the so-called cast-as-intended verifiability. Several different approaches for providing cast-as-intended verifiability have been proposed or put into practice. Each approach makes various assumptions about the voters' capabilities that are required in order to provide cast-as-intended verifiability. In this paper we investigate these assumptions of four chosen cast-as-intended approaches and report the impact if those are violated. Our findings indicate that the assumptions of cast-as-intended approaches (e.g. voters being capable of comparing long strings) have an impact on the security the Internet Voting systems. We discuss this impact and provide recommendations how to address the identified assumptions and give important directions in future research on usable and verifiable Internet Voting systems.
- Workshopbeitrag“Data Protection Can Sometimes Be a Nuisance” A Notification Study on Data Sharing Practices in City Apps(Mensch und Computer 2024 - Workshopband, 2024) Drescher, Jan Niklas; Moser, Jakob; Strangmann, Nicolas; Spinner, Jonas; Herrmann, Dominik; Volkamer, MelanieDespite the strict requirements regarding the justification of data sharing imposed by the General Data Protection Regulation (GDPR), many mobile apps, even those provided by European states, share user data with third parties without justification or consent. To assess data sharing of city apps, we analyzed 138 apps from German cities for non-compliance with the GDPR. We found that 70 of these apps contacted third-party services outside the European Union without user consent, making them potentially non-compliant with current European privacy regulations. To investigate what information helps app vendors to remediate the issue, we sent three types of notifications to potentially non-compliant vendors: A generic one, one with detailed technical guidance to achieve compliance, and one with a detailed legal explanation. We observed a response rate of 37% and fix rates of approximately 17% for the two groups that received detailed notifications. Thereby, we found that both technical guidance and legal explanations significantly increase the number of fixed apps, compared to just sending generic notifications. While the response rate was higher than during comparable studies, we observed high distrust in our messages, similar to related work. Surprisingly, we found that many of the app vendors who promised to remediate the issue, did not do so successfully, while others silently patched their app.