Melanie Volkamer

Melanie Volkamer
Karlsruhe Institute of Technology | KIT · Institute of Applied Informatics and Formal Description Methods

Prof. Dr.

About

310
Publications
95,015
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,373
Citations
Introduction
Prof. Dr. Melanie Volkamer currently works at Institute of Applied Informatics and Formal Description Methods (AIFB), Karlsruhe Institute of Technology. Prof. Volkamer does research in Human Factors, Computer Security and Privacy as well as Electronic Voting.
Additional affiliations
January 2018 - present
Karlsruhe Institute of Technology
Position
  • Professor
August 2016 - present
Technische Universität Darmstadt
Position
  • Professor (Kooperationsprofessor)
December 2015 - December 2017
Karlstads Universitet
Position
  • Professor

Publications

Publications (310)
Chapter
Cookie disclaimers are omnipresent since the GDPR went into effect in 2018. By far not all disclaimers are designed in a way that they are aligned with the ideas of the GDPR, some are even clearly violating the regulation. We wanted to understand how websites justify the use of those cookie disclaimers and what needs to happen for them to change th...
Article
Full-text available
Zusammenfassung Eine Untersuchung der meist genutzten deutschen Websites zeigt, dass viele Cookie-Meldungen nicht Privatsphäre-freundlich gestaltet sind. Der Beitrag beleuchtet die Rechtslage zur Gestaltung von Cookie-Meldungen und entwickelt und diskutiert daran anknüpfend Handlungsempfehlungen, die die Situation für Verbraucherinnen und Verbrauch...
Chapter
Phishing over email continues to be a significant threat, as such messages still end up in users’ inboxes. Several studies showed that users rarely check the URL in the statusbar before clicking a link and that they have difficulties reading URLs. To support users, we propose SMILE (Smart eMaIl Link domain Extractor), a novel approach that provides...
Article
Full-text available
Zusammenfassung Phishing-Angriffe stellen nach wie vor eine große Bedrohung im privaten wie auch im Unternehmenskontext dar. Neben einer Verbesserung der technischen Schutzmaßnahmen setzen viele Unternehmen auch auf die Sensibilisierung der Mitarbeitenden für Phishing- Angriffe und deren Erkennung. Dabei stellt sich die Frage, wie man eine erste An...
Conference Paper
Full-text available
Cookie disclaimers are these days an indispensable part of surfing and working on the Internet. In this work, we report on examining and classifying the cookie disclaimers on the 500 most popular websites in Germany, based on the presented information about data collection via cookies and the provided choices at the cookie disclaimer. Our analysis...
Book
Full-text available
This volume contains papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5-8, 2021. Due to the extraordinary situation provoked by Covid-19 Pandemic, the conference is held online for second consecutive edition, instead of in the traditional venue in Bregenz, Austria. E-Vote-ID Conf...
Conference Paper
Full-text available
In this paper we propose the usage of QR-Codes to enable usable verifiable e-voting schemes based on code voting. The idea-from a voter's perspective-is to combine code voting proposed by Chaum with the cast-as-intended verification mechanism used e.g. in Switzerland (using a personal initialization code, return codes per option, a confirmation cod...
Article
Full-text available
Seit Beginn der Pandemie stehen viele Institutionen (inkl. Vereinen, Unternehmen und Behörden) vor der Frage, wie sie ihre Wahlen und geheimen Abstimmungen organisieren sollen – ohne die Gesundheit der Wähler*innen und Wahlhelfer*innen zu gefährden. Einige Wahlverantwortliche haben sich für die Durchführung von Online-Wahlen bzw. digitalen Abstimmu...
Conference Paper
As virtual reality (VR) sees an increase in use in several domains such as retail, education, military; a secure authentication scheme for VR devices is necessary to keep users' personal information safe. A smaller section of research focuses on the authentication schemes of VR devices. To further the understanding of this topic, we conducted a det...
Chapter
As virtual reality (VR) sees an increase in use in several domains such as retail, education, military; a secure authentication scheme for VR devices is necessary to keep users’ personal information safe. A smaller section of research focuses on the authentication schemes of VR devices. To further the understanding of this topic, we conducted a det...
Chapter
Sicherheitskritische Mensch-Computer-Interaktion ist nicht nur derzeit ein hochaktuelles Thema, sondern wird dies auch in Zukunft bleiben. Insofern ist ein Lehr- und Fachbuch wie dieses immer nur eine Momentaufnahme, und kann immer nur einen punktuellen Stand abdecken. Dennoch kann der Versuch unternommen werden, aktuelle Trends zu identifizieren u...
Chapter
Das Kapitel1 gibt eine Einführung in das Thema „Human Factors in Security“ mit Fokus auf die Endanwendenden. Dabei wird zunächst erklärt, warum viele Security Maßnahmen nicht benutzbar sind. Veranschaulicht wird dies an den konkreten Beispielen „E-Mail- Ende-zu-Ende-Absicherung“, „HTTPS-Verbindungen“, „Phishing“ sowie „Passwörter“. Nachfolgend wird...
Article
Full-text available
For many years, cookies have been widely used by websites, storing information about users’ behaviour. While enabling additional functionality and potentially improving user experience, cookies can be a threat to users’ privacy, especially cookies used by third parties for data analysis. Websites providers are legally required to inform users about...
Article
Der Beschluss des OLG Düsseldorf v. 26.08.2019, Az.: VI Kart 1/19 (V) in dem Kartellrechtsverfahren gegen Facebook wurde jüngst von dem Bundesgerichtshof mit dem Beschluss vom 23.06.2020, Az.: KVR 69/19 aufgehoben. Damit ist das Verbot des Bundeskartellamtes vorläufig durchsetzbar, dass ohne Einwilligung die von Facebook unabhängige Internetnutzung...
Book
This book constitutes the proceedings of the 6th International Conference on Electronic Voting, E-Vote-ID 2021, held online -due to COVID -19- in Bregenz, Austria, in October 2021. The 14 full papers presented were carefully reviewed and selected from 55 submissions. The conference collected the most relevant debates on the development of Electroni...
Chapter
In an attempt to stop phishing attacks, an increasing number of organisations run Simulated Phishing Campaigns to train their staff not to click on suspicious links. Organisations can buy toolkits to craft and run their own campaigns, or hire a specialist company to provide such campaigns as a service. To what extent this activity reduces the vulne...
Chapter
Full-text available
The original version of the cover and book was revised. The seventh editor name has been updated.
Preprint
Full-text available
The obligation to wear masks in times of pandemics reduces the risk of spreading viruses. In case of the COVID-19 pandemic in 2020, many governments recommended or even obligated their citizens to wear masks as an effective countermeasure. In order to continuously monitor the compliance of this policy measure in public spaces like restaurants or tr...
Book
This volume contains papers presented at the 5th International Joint Conference on Electronic Voting (E-Vote-ID 2020), held during October 6–9, 2020. Due to the extraordinary situation provoked by the COVID-19 pandemic, the conference was held online during this edition, instead of at the traditional venue in Bregenz, Austria. The E-Vote-ID confere...
Book
Full-text available
This volume contains papers presented at the 5th InternationalJoint Conference on Electronic Voting (E-Vote-ID 2020), held during October 6-9, 2020. Due to the extraordinary situation provoked by the Covid-19 pandemic, the conference was held online during this edition, instead of at the traditional venue in Bregenz, Austria. The E-Vote-ID conferen...
Conference Paper
Security awareness and education programmes are rolled out in more and more organisations. However, their effectiveness over time and, correspondingly, appropriate intervals to remind users' awareness and knowledge are an open question. In an attempt to address this open question, we present a field investigation in a German organisation from the p...
Conference Paper
Full-text available
Immersive technologies, including augmented and virtual reality (AR & VR) devices, have enhanced digital communication along with a considerable increase in digital threats. Thus, authentication becomes critical in AR & VR technology , particularly in shared spaces. In this paper, we propose applying the ZeTA protocol that allows secure authentica-...
Chapter
Smart environments are becoming ubiquitous despite many potential security and privacy issues. But, do people understand what consequences could arise from using smart environments? To answer this research question, we conducted a survey with 575 participants from three different countries (Germany, Spain, Romania) considering smart home and health...
Chapter
Full-text available
End-to-end verifiable Internet voting enables a high level of election integrity. Cast-as-intended verification, in particular, allows voters to verify that their vote has been correctly cast, even in the presence of malicious voting devices. One cast-as-intended verification approach is code-based verification, used since 2015 in legally-binding S...
Article
Full-text available
Zusammenfassung Die Verwendung sicherer Passwörter ist ein wichtiges Element jedes Informationssicherheitskonzepts. Daher hat eine effektive Sensibilisierung von Mitarbeitern für mögliche Angriffe auf Passwörter und die Vermittlung des für eine geeignete Passwortwahl erforderlichen Wissens eine große Bedeutung für Unternehmen. Der vorliegende Beitr...
Article
Full-text available
Zusammenfassung Phishing-Angriffe sind kein neues Phänomen, aber nach wie vor eine große Gefahr für jede Institution. Um die Resistenz der Angestellten gegen Phishing-Angriffe zu erheben oder zu verbessern, führen zahlreiche Einrichtungen Phishing-Kampagnen durch, bei denen (simulierte) Phishing-Nachrichten an die Angestellten verschickt werden. De...
Preprint
Full-text available
Immersive technologies, including augmented and virtual reality (AR & VR) devices, have enhanced digital communication along with a considerable increase in digital threats. Thus, authentication becomes critical in AR & VR technology, particularly in shared spaces. In this paper, we propose applying the ZeTA protocol that allows secure authenticati...
Conference Paper
Full-text available
Smart environments are becoming ubiquitous despite many potential security and privacy issues. But, do people understand what consequences could arise from using smart environments? To answer this research question, we conducted a survey with 575 participants from three different countries (Germany, Spain, Romania) considering smart home and health...
Article
Full-text available
Zusammenfassung Betrügerische Nachrichten wie Phishing-E-Mails stellen kein neues Phänomen dar. Dennoch ist diese Angriffsform immer noch sehr erfolgreich. Der Beitrag untersucht, ob und wie gut im Internet frei verfügbare Informationsangebote bei der Erkennung betrügerischer Nachrichten helfen können.
Book
Full-text available
This volume contains papers presented at E-Vote-ID 2019, the Fourth International Joint Conference on Electronic Voting, held during October 1-4, 2019, in Bregenz, Austria. It resulted from the merging of EVOTE and Vote-ID and counting up to 15 years since the �rst E-Vote conference in Austria. Since the �rst conference in 2004, over 1000 experts h...
Chapter
Full-text available
This opening article introduces the Fourth International Joint Conference on Electronic Voting and, on the occasion of the 15 years since the first E-Vote conference in Austria, presents an analysis of the network of co-authorships based on the books published by the Electronic Voting Conference Series. The goal of the analysis is to provide an ove...
Chapter
Full-text available
Internet-enabled voting introduces an element of invisibility and unfamiliarity into the voting process, which makes it very different from traditional voting. Voters might be concerned about their vote being recorded correctly and included in the final tally. To mitigate mistrust, many Internet-enabled voting systems build verifiability into their...
Article
Full-text available
Although media reports often warn about risks associated with using privacy-threatening technologies, most lay users lack awareness of particular adverse consequences that could result from this usage. Since this might lead them to underestimate the risks of data collection, we investigate how lay users perceive different abstract and specific priv...
Conference Paper
Albeit people worldwide cry out for the protection of their privacy, they often fail to successfully protect their private data. Possible reasons for this failure that have been identified in previous research include a lack of knowledge about possible privacy consequences, the negative outcome of a rational cost-benefit analysis, and insufficient...
Conference Paper
Although media reports often warn about risks associated with using privacy-threatening technologies , most lay users lack awareness of particular adverse consequences that could result from this usage. Since this might lead them to underestimate the risks of data collection, we investigate how lay users perceive different abstract and specific pri...
Conference Paper
Using gamepad-driven devices like games consoles is an activity frequently shared with others. Thus, shoulder-surfing is a serious threat. To address this threat, we present the first investigation of shoulder-surfing resistant text password entry on gamepads by (1) identifying the requirements of this context; (2) assessing whether shoulder-surfin...
Article
Full-text available
Zusammenfassung Im Jahr 1994 entwickelt, um das Surferlebnis für den Endanwender angenehmer zu gestalten, werden Cookies zunehmend auch für andere Zwecke eingesetzt – oft ohne dass der Nutzer etwas davon mitbekommt. Seit dem 25. Mai 2011 schreibt die Europäische Union mit der Richtlinie 2009/136/ EG vor, dass die Nutzer über den Einsatz von Cookies...
Book
Full-text available
This book constitutes the proceedings of the 4th International Conference on Electronic Voting, E-Vote-ID 2019, held in Bregenz, Austria, in October 2019. The 13 revised full papers presented were carefully reviewed and selected from 45 submissions. The conference was organized in tracks on security, usability and technical issues, administrative,...
Conference Paper
Text passwords play an important role in protecting the assets of organisations. Thus, it is of the essence, that employees are well aware of possible attacks and defences. To that end, we developed a password security awareness-raising material in a systematic iterative process: The material is based on the literature on password security, feedbac...
Article
Full-text available
Zusammenfassung Die Einführung einer Ende-zu-Ende-Verschlüsselung in WhatsApp im Jahr 2016 hat eine wichtige Kritik an dem verbreiteten Instant-Messaging-Dienst entkräftet. Wie aber bewerten Benutzer die Verschlüsselung? Hat sich dadurch das Vertrauen der Nutzer in den Dienst geändert? Diesen Fragen ging die im Folgenden vorgestellte Untersuchung n...
Book
Full-text available
This volume contains papers presented at E-Vote-ID 2018, the Third International Joint Conference on Electronic Voting, held during October 2–5, 2018, in Bregenz, Austria. It resulted from the merging of EVOTE and Vote-ID. In total, more than 800 experts from over 35 countries have attended the conference series over the last 14 years. This shows t...
Book
Full-text available
This volume contains papers presented at E-Vote-ID 2018. The Third International Joint Conference on Electronic Voting, held during October 2 - 5, 2018, in Bregenz, Austria. It resulted from the merging of EVOTE and Vote-ID. More than 800 experts from over 35 countries have attended the conference series over the last 14 years. This shows that the...
Conference Paper
Full-text available
A well-known issue in electronic voting is the risk of manipulation of the cast vote. For countering this risk, a number of methods have been proposed that enable the voter to verify that their cast vote actually represents their intention, the so-called cast-as-intended verification. Yet, the empirical studies on the voter's behaviour towards usin...
Conference Paper
Full-text available
Postal voting was established in Germany in 1956. Based on the legal latitude of the national legislator, the Federal Constitutional Court confirmed the constitutionality of postal voting several times. In contrast, the constitutionality of electronic voting machines, which were used for federal elections from 2002 to 2005, was rejected as the poss...
Conference Paper
Full-text available
The RIES-KOA evoting system was used in the Netherlands as an additional system for the elections by expatriates for the Tweede Kamer (roughly: the Dutch House of Commons) elections in 2006. Although the system has been used in other elections in the Netherlands as well, there have been few independent evaluations of the system. In this paper, we a...
Conference Paper
Full-text available
The VALG project is introducing evoting for municipal and county elections to Norway. Part of the evoting system is a mix net along the lines of Puiggalí et al.-a mix net which can be efficiently verified by combining the benefits of optimistic mixing and randomized partial checking. This paper investigates their mix net and proposes a verification...
Conference Paper
Full-text available
End-to-end (E2E) encryption is an effective measure against privacy infringement. In 2016, it was introduced by WhatsApp for all users (of the latest app version) quasi overnight. However, it is unclear how non-expert users perceived this change, whether they trust WhatsApp as a provider of E2E encryption, and how their communication behavior chang...
Conference Paper
Full-text available
In addition to the ubiquitous text password a great variety of other authentication schemes have been proposed. Yet, only very few of the alternatives find their way to practical application. It has been proposed to support decision makers when choosing the most suitable scheme for their application scenario, thereby fostering the adoption of alter...
Conference Paper
Albeit providing many benefits, smart homes collect and process large amounts of sensitive data. In order to successfully cope with the resulting risks for their privacy, users have to be aware of potential privacy threats and consequences in the first place. Since research in other contexts has shown that users often lack this awareness even when...
Chapter
Full-text available
We present the European research project GHOST, (Safe-guarding home IoT environments with personalised real-time risk control), which challenges the traditional cyber security solutions for the IoT by proposing a novel reference architecture that is embedded in an adequately adapted smart home network gateway, and designed to be vendor-independent....
Article
Full-text available
Zusammenfassung Das Wählen und Merken angemessen sicherer Passwörter stellt für viele Benutzer ein Problem dar. Die Passwortkarte der Initiative „Deutschland sicher im Netz“ wurde vorgeschlagen, um Benutzern bei der Bewältigung dieses Problems zu helfen. Sie besteht aus einem Raster mit zufällig angeordneten Buchstaben, Zahlen und Symbolen. Aus die...
Article
Full-text available
Zusammenfassung In einer zunehmend digitalisierten Welt wird auch Betrug digital. Trotz einer Vielzahl technischer Hilfsmittel bleiben Fähigkeiten zur Erkennung betrügerischer E-Mail-Nachrichten von grundlegender Bedeutung für einen effektiven Schutz. Der vorliegende Beitrag stellt ein Schulungsprogramm zur Erkennung von betrügerischen E-Mails vor,...
Conference Paper
Full-text available
E-voting has been embraced by a number of countries, delivering benefits in terms of efficiency and accessibility. End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes during the election process. In particular, methods for cast-as-intended verification enable voters to confirm that their cast votes ha...
Article
Although survey results show that the privacy of their personal data is an important issue for online users worldwide, most users rarely make an effort to protect this data actively and often even give it away voluntarily. Privacy researchers have made several attempts to explain this dichotomy between privacy attitude and behavior, usually referre...
Conference Paper
Full-text available
Users make two privacy-related decisions when signing up for a new Service Provider (SP): (1) whether to use an existing Single Sign-On (SSO) account of an Identity Provider (IdP), or not, and (2) the information the IdP is allowed to share with the SP under specific conditions. From a privacy point of view, the use of existing social network-based...
Conference Paper
For many years, cookies have been widely used by websites, storing information about users' behaviour. While enabling additional functionality and potentially improving user experience, cookies, especially cookies used by third parties for data analysis, can be a threat to users' privacy. The EU data protection directive, among other prescriptions,...
Preprint
Full-text available
In this paper, we introduce the European research project GHOST, (Safe-guarding home IoT environments with personalised real-time risk control). The GHOST project aims to challenge the concept of traditional cyber security solutions by proposing a novel reference architecture. GHOST is embedded in an adequately adapted smart home network gateway an...
Chapter
Sicherheitskritische Mensch-Computer-Interaktion ist nicht nur derzeit, sondern auch zukünftig ein äußerst relevantes Thema. Hierbei kann ein Lehr- und Fachbuch, wie dieses, immer nur einen punktuellen Stand abdecken. Dennoch kann der Versuch unternommen werden, aktuelle Trends zu identifizieren und einen Ausblick in die Zukunft zu wagen. Genau das...
Chapter
Das Kapitel gibt eine Einführung in das Thema „Human Factors in Security“ mit Fokus auf den Endanwender. Dabei wird zunächst das Problem allgemein eingeführt und an den konkreten Beispielen „E-Mail-Verschlüsselung“, „HTTPS-Verbindungen im Internet“ sowie „Passwörter“ beschrieben und diskutiert. Anschließend werden allgemeine Lösungsansätze basieren...