Oksana Kulyk

A Socio-Technical Investigation into Smartphone Security

Many people do not deliberately act to protect the data on their Smartphones. The most obvious explanation for a failure to behave securely is that the appropriate mechanisms are unusable. Does this mean usable mechanisms will automatically be adopted? Probably not! Poor usability certainly plays a role, but other factors also contribute to non-adoption of precautionary mechanisms and behaviours. We carried out a series of interviews to determine justifications for non-adoption of security precautions, specifically in the smartphone context, and developed a model of Smartphone precaution non-adoption. We propose that future work should investigate the use of media campaigns in raising awareness of these issues.

Extending Helios Towards Private Eligibility Verifiability

We show how to extend the Helios voting system to provide eligibility verifiability without revealing who voted which we call private eligibility verifiability. The main idea is that real votes are hidden in a crowd of null votes that are cast by others but are indistinguishable from those of the eligible voter. This extended Helios scheme also improves Helios towards receipt-freeness.

Introducing Proxy Voting to Helios

Proxy voting is a form of voting, where the voters can either vote on an issue directly, or delegate their voting right to a proxy. This proxy might for instance be a trusted expert on the particular issue. In this work, we extend the widely studied end-to-end verifiable Helios Internet voting system towards the proxy voting approach. Therefore, we introduce a new type of credentials, so-called delegation credentials. The main purpose of these credentials is to ensure that the proxy has been authorised by an eligible voter to cast a delegated vote. If voters, after delegating, change their mind and want to vote directly, cancelling a delegation is possible throughout the entire voting phase. We show that the proposed extension preserves the security requirements of the original Helios system for the votes that are cast directly, as well as security requirements tailored toward proxy voting.

Coercion-Resistant Proxy Voting

In general, most elections follow the principle of equality, or as it came to be known, the principle of “one man – one vote”. However, this principle might pose difficulties for voters, who are not well informed regarding the particular matter that is voted on. In order to address this issue, a new form of voting has been proposed, namely proxy voting. In proxy voting, each voter has the possibility to delegate her voting right to another voter, so called proxy, that she considers a trusted expert on the matter. In this paper we propose an end-to-end verifiable Internet voting scheme, which to the best of our knowledge is the first scheme to address voter coercion in the proxy voting setting.

Electronic voting with fully distributed trust and maximized flexibility regarding ballot design

One common way to ensure the security in voting schemes is to distribute critical tasks between different entities - so called trustees. While in most election settings election authorities perform the task of trustees, elections in small groups such as board elections can be implemented in a way that all voters are also trustees. This is actually the ideal case for an election as trust is maximally distributed. A number of voting schemes have been proposed for facilitating such elections. Our focus is on a mix net based approach to maximize flexibility regarding ballot design. We proposed and implemented a corresponding voting scheme as an Android smartphone application. We believe smartphones are most likely to be used in the election settings that we consider in the paper. Our implementation also enables voters to remotely participate in the voting process. The implementation enables us to measure timings for the tallying phase for different settings in order to analyze whether the chosen mix net based scheme is suitable for the considered election settings.

A Usable Android Application Implementing Distributed Cryptography for Election Authorities

Although many electronic voting protocols have been proposed, their practical application faces various challenges. One of these challenges is, that these protocols require election authorities to perform complex tasks like generating keys in a distributed manner and decrypting votes in a distributed and verifiable manner. Although corresponding key generation and decryption protocols exist, they are not used in real-world elections for several reasons: The few existing implementations of these protocols and their corresponding interfaces are not designed for people with non technical background and thus not suitable for use by most election authorities. In addition, it is difficult to explain the security model of the protocols, but legal provisions generally require transparency. We implemented a smartphone application for election authorities featuring distributed key generation and verifiable distributed decryption of votes. In addition, we prepared education material throughout based on formulated metaphors for election authorities in order to explain the security of the application. We evaluated the usability of the application and understanding of the underlying security model, concluding that the application is usable for non-experts in computer science. While the participants were able to carry out the tasks, it became clear, that they did not have a clear understanding of the underlying security model, despite having viewed our educational material. We suggest improvements to this material as future work.

What Did I Really Vote For

E-voting has been embraced by a number of countries, delivering benefits in terms of efficiency and accessibility. End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes during the election process. In particular, methods for cast-as-intended verification enable voters to confirm that their cast votes have not been manipulated by the voting client. A well-known technique for effecting cast-as-intended verification is the Benaloh Challenge. The usability of this challenge is crucial because voters have to be actively engaged in the verification process. In this paper, we report on a usability evaluation of three different approaches of the Benaloh Challenge in the remote e-voting context. We performed a comparative user study with 95 participants. We conclude with a recommendation for which approaches should be provided to afford verification in real-world elections and suggest usability improvements.

Human Factors in Security

Das Kapitel gibt eine Einfuhrung in das Thema „Human Factors in Security“ mit Fokus auf den Endanwender. Dabei wird zunachst das Problem allgemein eingefuhrt und an den konkreten Beispielen „E-Mail-Verschlusselung“, „HTTPS-Verbindungen im Internet“ sowie „Passworter“ beschrieben und diskutiert. Anschliesend werden allgemeine Losungsansatze basierend auf „Human Centered Security by Design“ vorgestellt, sowie einige methodische Beispiele genannt. Besondere Herausforderungen im Vergleich zu „Human Centered Design“ werden vorgestellt und einige Beispiele aus der Praxis im Bereich „Human Centered Security by Design“ vorgestellt und diskutiert.

Advancing Trust Visualisations for Wider Applicability and User Acceptance

There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations—like, for example, the opinion triangle, the human trust interface, and T-Viz—the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors.

Sharing Information with Web Services – A Mental Model Approach in the Context of Optional Information

Web forms are a common way for web service providers to collect data from their users. Usually, the users are asked for a lot of information while some items are labeled as optional and others as mandatory. When filling in the web form, users have to decide, which data, often of personal and sensitive nature, they want to share. The factors that influence the decision whether or not to share some information has been studied in the literature in various contexts. However, it is unclear to which extent their results can be transferred to other contexts. In this work we conduct a qualitative user study to verify, whether the reasons for sharing optional information from previous studies [12] are relevant for the context of interacting with a commercial website. We found, that only a few of them were named by the participants of our study.