Oksana Kulyk

Oksana Kulyk
IT University of Copenhagen · Center for Information Security and Trust

Dr. rer. nat.

About

55
Publications
21,765
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
299
Citations
Citations since 2017
46 Research Items
287 Citations
2017201820192020202120222023020406080
2017201820192020202120222023020406080
2017201820192020202120222023020406080
2017201820192020202120222023020406080
Introduction
Research interests: - General human and societal factors of security and privacy - Privacy-related decision making and decision support - Mental models of security and privacy in IoT - Security and privacy practices and challenges in organisations - Security and privacy in election technologies
Additional affiliations
March 2019 - present
IT University of Copenhagen
Position
  • Professor (Assistant)
April 2018 - March 2019
Karlsruhe Institute of Technology
Position
  • PostDoc Position
October 2013 - April 2018
Technische Universität Darmstadt
Position
  • Research Assistant

Publications

Publications (55)
Conference Paper
Full-text available
With the wide spread of IoT devices, smart systems gain more and more control over personal data and daily lives of their users. This control, however, can easily be misused, either by system providers themselves acting in bad faith, or by external attackers. Implementing proper measures towards security and privacy protection of smart systems, the...
Conference Paper
Full-text available
While Internet voting has a potential of improving the democratic processes, it introduces new challenges to the security of the election, such as the possibility of voter coercion due to voting in uncontrolled environments. Cryptographic research has resulted in a number of proposals for protecting against such coercion with the help of counter-st...
Chapter
Full-text available
End-to-end verifiable Internet voting enables a high level of election integrity. Cast-as-intended verification, in particular, allows voters to verify that their vote has been correctly cast, even in the presence of malicious voting devices. One cast-as-intended verification approach is code-based verification, used since 2015 in legally-binding S...
Article
Full-text available
For many years, cookies have been widely used by websites, storing information about users’ behaviour. While enabling additional functionality and potentially improving user experience, cookies can be a threat to users’ privacy, especially cookies used by third parties for data analysis. Websites providers are legally required to inform users about...
Conference Paper
Full-text available
Trust in an election system has been commonly recognized as a crucial factor in the adoption of the system and in ensuring that voters as well as participating parties accept the election outcome as legitimate. Ensuring and maintaining such trust, however, can be challenging , particularly in systems that involve advanced technologies-thus, technol...
Article
Through the past two and a half years, COVID-19 has swept through the world and new technologies for mitigating spread, such as exposure notification applications and contact tracing, have been implemented in many countries. However, the uptake has differed from country to country and it has not been clear if culture, death rates or information dis...
Chapter
Full-text available
Researchers advocate for end-to-end verifiable voting schemes to maximise election integrity. At E-Vote-ID 2021, Kulyk et al. proposed to extend the verifiable scheme used in Switzerland (called original scheme) by voting codes to improve it with respect to vote secrecy. While the authors evaluated the general usability of their proposal, they did...
Conference Paper
Full-text available
Cookies are widely acknowledged as a potential privacy issue, due to their prevalence and use for tracking users across the web. To address this issue, multiple regulations have been enacted which mandate informing users about data collection via. so-called cookie notices. Unfortunately, these notices have been shown to be ineffective; they are lar...
Conference Paper
Full-text available
Increased levels of digitalization in society expose companies to new security threats, requiring them to establish adequate security and privacy measures. Additionally, the presence of exogenous forces like new regulations, e.g., GDPR and the global COVID-19 pandemic, pose new challenges for companies that should preserve an adequate level of secu...
Article
Full-text available
The outbreak of the COVID-19 pandemic brought renewed attention to electronic voting—this time as a potential option to contain the spread during elections. One of the long unresolved topics with remote voting is the risk of voter’s coercion due to the uncontrolled environment in which it takes place, indicating the importance of the coercion resis...
Conference Paper
Full-text available
Cookie disclaimers are these days an indispensable part of surfing and working on the Internet. In this work, we report on examining and classifying the cookie disclaimers on the 500 most popular websites in Germany, based on the presented information about data collection via cookies and the provided choices at the cookie disclaimer. Our analysis...
Book
Full-text available
This volume contains papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5-8, 2021. Due to the extraordinary situation provoked by Covid-19 Pandemic, the conference is held online for second consecutive edition, instead of in the traditional venue in Bregenz, Austria. E-Vote-ID Conf...
Conference Paper
Full-text available
In this paper we propose the usage of QR-Codes to enable usable verifiable e-voting schemes based on code voting. The idea-from a voter's perspective-is to combine code voting proposed by Chaum with the cast-as-intended verification mechanism used e.g. in Switzerland (using a personal initialization code, return codes per option, a confirmation cod...
Preprint
Full-text available
Risk-limiting audits (RLAs) are expected to strengthen the public confidence in the correctness of an election outcome. We hypothesize that this is not always the case, in part because for large margins between the winner and the runner-up, the number of ballots to be drawn can be so small that voters lose confidence. We conduct a user study with 1...
Article
Full-text available
Seit Beginn der Pandemie stehen viele Institutionen (inkl. Vereinen, Unternehmen und Behörden) vor der Frage, wie sie ihre Wahlen und geheimen Abstimmungen organisieren sollen – ohne die Gesundheit der Wähler*innen und Wahlhelfer*innen zu gefährden. Einige Wahlverantwortliche haben sich für die Durchführung von Online-Wahlen bzw. digitalen Abstimmu...
Chapter
Das Kapitel1 gibt eine Einführung in das Thema „Human Factors in Security“ mit Fokus auf die Endanwendenden. Dabei wird zunächst erklärt, warum viele Security Maßnahmen nicht benutzbar sind. Veranschaulicht wird dies an den konkreten Beispielen „E-Mail- Ende-zu-Ende-Absicherung“, „HTTPS-Verbindungen“, „Phishing“ sowie „Passwörter“. Nachfolgend wird...
Preprint
Full-text available
Increased levels of digitalization in society expose companies to new security threats, requiring them to establish adequate security and privacy measures. Additionally, the presence of exogenous forces like new regulations, e.g., GDPR and the global COVID-19 pandemic, pose new challenges for companies that should preserve an adequate level of secu...
Book
This book constitutes the proceedings of the 6th International Conference on Electronic Voting, E-Vote-ID 2021, held online -due to COVID -19- in Bregenz, Austria, in October 2021. The 14 full papers presented were carefully reviewed and selected from 55 submissions. The conference collected the most relevant debates on the development of Electroni...
Chapter
Full-text available
The original version of the cover and book was revised. The seventh editor name has been updated.
Book
This volume contains papers presented at the 5th International Joint Conference on Electronic Voting (E-Vote-ID 2020), held during October 6–9, 2020. Due to the extraordinary situation provoked by the COVID-19 pandemic, the conference was held online during this edition, instead of at the traditional venue in Bregenz, Austria. The E-Vote-ID confere...
Book
Full-text available
This volume contains papers presented at the 5th InternationalJoint Conference on Electronic Voting (E-Vote-ID 2020), held during October 6-9, 2020. Due to the extraordinary situation provoked by the Covid-19 pandemic, the conference was held online during this edition, instead of at the traditional venue in Bregenz, Austria. The E-Vote-ID conferen...
Chapter
Smart environments are becoming ubiquitous despite many potential security and privacy issues. But, do people understand what consequences could arise from using smart environments? To answer this research question, we conducted a survey with 575 participants from three different countries (Germany, Spain, Romania) considering smart home and health...
Preprint
Full-text available
Although Denmark is reportedly one of the most digitised countries in Europe, IT security in Danish companies has not followed along. To shed light into the challenges that companies experience with implementing IT security, we conducted a preliminary study running semi-structured interviews with four employees from four different companies, asking...
Preprint
Full-text available
The global SARS-CoV-2 pandemic is currently putting a massive strain on the world's critical infrastructures. With healthcare systems and internet service providers already struggling to provide reliable service, some operators may, intentionally or unintentionally, lever out privacy-protecting measures to increase their system's efficiency in figh...
Conference Paper
Full-text available
Smart environments are becoming ubiquitous despite many potential security and privacy issues. But, do people understand what consequences could arise from using smart environments? To answer this research question, we conducted a survey with 575 participants from three different countries (Germany, Spain, Romania) considering smart home and health...
Chapter
Full-text available
Internet-enabled voting introduces an element of invisibility and unfamiliarity into the voting process, which makes it very different from traditional voting. Voters might be concerned about their vote being recorded correctly and included in the final tally. To mitigate mistrust, many Internet-enabled voting systems build verifiability into their...
Article
Full-text available
Zusammenfassung Im Jahr 1994 entwickelt, um das Surferlebnis für den Endanwender angenehmer zu gestalten, werden Cookies zunehmend auch für andere Zwecke eingesetzt – oft ohne dass der Nutzer etwas davon mitbekommt. Seit dem 25. Mai 2011 schreibt die Europäische Union mit der Richtlinie 2009/136/ EG vor, dass die Nutzer über den Einsatz von Cookies...
Conference Paper
Full-text available
A well-known issue in electronic voting is the risk of manipulation of the cast vote. For countering this risk, a number of methods have been proposed that enable the voter to verify that their cast vote actually represents their intention, the so-called cast-as-intended verification. Yet, the empirical studies on the voter's behaviour towards usin...
Conference Paper
Full-text available
E-voting has been embraced by a number of countries, delivering benefits in terms of efficiency and accessibility. End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes during the election process. In particular, methods for cast-as-intended verification enable voters to confirm that their cast votes ha...
Conference Paper
For many years, cookies have been widely used by websites, storing information about users' behaviour. While enabling additional functionality and potentially improving user experience, cookies, especially cookies used by third parties for data analysis, can be a threat to users' privacy. The EU data protection directive, among other prescriptions,...
Chapter
Das Kapitel gibt eine Einführung in das Thema „Human Factors in Security“ mit Fokus auf den Endanwender. Dabei wird zunächst das Problem allgemein eingeführt und an den konkreten Beispielen „E-Mail-Verschlüsselung“, „HTTPS-Verbindungen im Internet“ sowie „Passwörter“ beschrieben und diskutiert. Anschließend werden allgemeine Lösungsansätze basieren...
Conference Paper
Full-text available
The Helios voting scheme is well studied including formal proofs for verifiability and ballot privacy. However, depending on its version, the scheme provides either participation privacy (hiding who participated in the election) or verifiability against malicious bulletin board (preventing election manipulation by ballot stuffing), but not both at...
Article
Full-text available
A widely discussed issue in Internet voting is the secure platform problem: ensuring vote secrecy and/or vote integrity in the presence of compromised voting devices. A well-known approach to address this issue is code voting. Code voting systems differ regarding their security level: some ensure either vote secrecy or vote integrity, while others...
Article
Full-text available
In general, most elections follow the principle of equality, or as it came to be known, the principle of “one person – one vote”. However, this principle might pose difficulties for voters, who are not well informed regarding the particular matter that is voted on. In order to address this issue, a new form of voting has been proposed, namely proxy...
Conference Paper
Full-text available
Web forms are a common way for web service providers to collect data from their users. Usually, the users are asked for a lot of information while some items are labeled as optional and others as mandatory. When filling in the web form, users have to decide, which data, often of personal and sensitive nature, they want to share. The factors that in...
Conference Paper
Full-text available
A lot of decisions are made during boardroom meetings. Af- ter a discussion, the head of the board often asks for a quick poll. But what if you cannot join the meeting? So called boardroom voting schemes have been proposed to conduct the poll over the Internet and thereby enabling also those who are not present but available online to partici- pant...
Article
Code voting systems differ in security: some ensure either vote secrecy or vote integrity, while others ensure both. However, these systems potentially impair usability, which might negatively affect voters' attitude toward Internet voting. To determine the tradeoff between usability and security in these systems, the authors conduct a pilot user s...
Conference Paper
Full-text available
Proxy voting is a form of voting, where the voters can either vote on an issue directly, or delegate their voting right to a proxy. This proxy might for instance be a trusted expert on the particular issue. In this work, we extend the widely studied end-to-end verifiable Helios Internet voting system towards the proxy voting approach. Therefore, w...
Conference Paper
Full-text available
In general, most elections follow the principle of equality, or as it came to be known, the principle of ``one man -- one vote''. However, this principle might pose difficulties for voters, who are not well informed regarding the particular matter that is voted on. In order to address this issue, a new form of voting has been proposed, namely proxy...
Conference Paper
Full-text available
Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of know-how: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with install...
Conference Paper
Full-text available
In order to ensure the security of remote Internet voting, the systems that are currently proposed make use of complex cryptographic techniques. Since these techniques are often computationally extensive, efficiency becomes an issue. Identifying the most efficient Internet voting system is a non-trivial task -- in particular for someone who does no...
Conference Paper
Full-text available
We show how to extend the Helios voting system to provide eligibility verifiability without revealing who voted which we call private eligibility verifiability. The main idea is that real votes are hidden in a crowd of null votes that are cast by others but are indistinguishable from those of the eligible voter. This extended Helios scheme also imp...
Conference Paper
Full-text available
Many people do not deliberately act to protect the data on their Smartphones.The most obvious explanation for a failure to behave securely is that the appro-priate mechanisms are unusable. Does this mean usable mechanisms will auto-matically be adopted? Probably not! Poor usability certainly plays a role, butother factors also contribute to non-ado...
Conference Paper
Full-text available
Efficiency is the bottleneck of many cryptographic protocols towards their practical application in different contexts. This holds true also in the context of electronic voting, where cryptographic protocols are used to ensure a diversity of security requirements, e.g. secrecy and integrity of cast votes. A new and promising application area of ele...
Conference Paper
Full-text available
Although many electronic voting protocols have been proposed, their practical application faces various challenges. One of these challenges is, that these protocols require election authorities to perform complex tasks like generating keys in a distributed manner and decrypting votes in a distributed and verifiable manner. Although corresponding ke...
Conference Paper
Full-text available
One common way to ensure the security in voting schemes is to distribute critical tasks between different entities - so called trustees. While in most election settings election authorities perform the task of trustees, elections in small groups such as board elections can be implemented in a way that all voters are also trustees. This is actually...

Network

Cited By

Projects

Projects (7)
Project
Trust in the security of election systems, particularly in their ability to prevent vote manipulation, is crucial for elections in a democratic society. Such trust can be fragile, especially in presence of deliberate disinformation efforts, and is particularly hard to ensure for systems that rely on technologies that are difficult to understand for lay people. There is therefore a need for methods for effective trust communication, aimed at different stakeholders involved in elections and taking into account their mental models of election security risks. In this project, we aim to develop such methods using human-centered security by design approach, integrating quantitative and qualitative empirical studies together with technical security analysis of election systems. We propose ways to build systems so that their trust can be effectively communicated, and furthermore take into account the social aspect of elections.
Project
Trust in the security of election systems, in particular in their ability to prevent vote manipulation, is crucial for conducting elections in democratic society. Such trust can be fragile, especially in presence of deliberate disinformation efforts, and is particularly hard to ensure for systems that rely on technologies that are difficult to understand for lay people. There is therefore a need for methods for effective trust communication, aimed at different stakeholders involved in elections and taking into account their mental models of election security risks. In this project, we aim to develop such methods using human-centred security by design approach, integrating quantitative and qualitative empirical studies together with technical security analysis of election systems. We propose ways to build systems in such way that their trust can be effectively communicated, and furthermore take into the account the social aspect of elections.