Wissenschaftlicher Mitarbeiter / Doktorand
Technische Universität Darmstadt, Fachbereich Informatik,
Wissenschaft und Technik für Frieden und Sicherheit (PEASEC)
Pankratiusstraße 2, 64289 Darmstadt, Raum 115
demuth(at)peasec.tu-darmstadt.de
Online-Profile: ORCID | Google Scholar
DE
Kilian Demuth, M.Sc. ist wissenschaftlicher Mitarbeiter und Doktorand am Lehrstuhl Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) im Fachbereich Informatik der Technischen Universität Darmstadt. Seine Forschungsinteressen liegen im Bereich der IT-Sicherheit insbesondere auf den Themen „Privatsphäre“ und „Benutzbare Sicherheit und -Privatheit“, an denen er im Rahmen von CROSSING und ATHENE arbeitet. Hierbei beschäftigt er sich insbesondere damit, Nutzern mit unterschiedlichen Hintergründen die Nutzung von privatsphäreschützenden Technologien zu ermöglichen.
Er studierte Informatik (B.Sc.) und IT-Sicherheit (M.Sc.) an der Technischen Universität Darmstadt. In seiner Masterthesis im Projekt CROSSING erarbeitete er eine Methode, mit der sichere Anwendungen auch für unerfahrene Nutzer benutzbar entwickelt werden können. Während des Masterstudiums war er als Hilfswissenschaftler bei PEASEC und SEEMOO tätig.
EN
Kilian Demuth, M.Sc. is a research associate and doctoral student at the Chair of Science and Technology for Peace and Security (PEASEC) in the Department of Computer Science at Darmstadt University of Technology. His research interests lie in the area of IT security, especially on the topics of „privacy“ and „usable security and privacy“, on which he is working within CORSSING and ATHENE. In this context, he is particularly concerned with enabling users with different backgrounds to use privacy-enhancing technologies (PETs).
He studied computer science (B.Sc.) and IT security (M.Sc.) at the Technical University of Darmstadt. In his master thesis in the project CROSSING, he developed a method to make secure applications usable even for inexperienced users. During his master studies he worked as a research assistant at PEASEC and SEEMOO.
Publikationen
2024
[BibTeX] [Abstract]
In many applications and websites people use in their everyday life, their privacy and data is threatened, e.g., by script tracking during browsing. Although researchers and companies have developed privacy-enhancing technologies (PETs), they are often difficult to use for lay users. In this paper, we conducted a literature review to classify users into different support personas based on their privacy competence and privacy concern. With developers of PETs in mind, support personas were envisioned to facilitate the customization of software according to the support needs of different users. In order to demonstrate the usefulness of support personas and based on workshop sessions with 15 participants, we designed a browser extension which supports users with the issue of script tracking by providing different user interfaces for different support personas. The following qualitative evaluation with 31 participants showed that the developed UI elements worked as intended for the different support personas. Therefore, we conclude the concept of support personas is useful in the development process of usable applications that enhance the privacy of the users while also educating them and thus potentially increasing their privacy literacy.
@article{demuth_support_2024,
title = {Support {Personas}: {A} {Concept} for {Tailored} {Support} of {Users} of {Privacy}-{Enhancing} {Technologies}},
abstract = {In many applications and websites people use in their everyday life, their privacy and data is threatened, e.g., by script tracking during browsing. Although researchers and companies have developed privacy-enhancing technologies (PETs), they are often difficult to use for lay users. In this paper, we conducted a literature review to classify users into different support personas based on their privacy competence and privacy concern. With developers of PETs in mind, support personas were envisioned to facilitate the customization of software according to the support needs of different users. In order to demonstrate the usefulness of support personas and based on workshop sessions with 15 participants, we designed a browser extension which supports users with the issue of script tracking by providing different user interfaces for different support personas. The following qualitative evaluation with 31 participants showed that the developed UI elements worked as intended for the different support personas. Therefore, we conclude the concept of support personas is useful in the development process of usable applications that enhance the privacy of the users while also educating them and thus potentially increasing their privacy literacy.},
number = {4},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Demuth, Kilian and Linsner, Sebastian and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
year = {2024},
keywords = {HCI, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CROSSING, Projekt-ATHENE-PriVis},
}
[BibTeX] [Abstract] [Download PDF]
In many scenarios users have to communicate sensitive data with third parties such as doctors, lawyers, insurance companies, social workers or online shops. Handing over personal data is necessary to use those services but the delegation of tasks to increase efficiency still poses the risk that personal data might be leaked. To minimize this risk and further enhance the privacy of users, we propose an interaction concept that uses layered encryption of messages to provide a trade-off between privacy and usability. Users can choose which data is additionally encrypted in an inner layer, say, for the eyes of their doctor only, and which data is available in an outer (encrypted or unencrypted) layer for all staff members. Another benefit is the hiding of sensitive data from package inspection or crawling algorithms over emails, while less critical parts can still be processed by these systems via the partial access. To investigate this concept, we derive relevant use cases for form-based communication over email from a quantitative pre-study with 1011 participants, showing that general practitioners are the most suitable use case. We developed demonstrators for this use case and evaluated them in a qualitative study with 42 participants. Our results show that the possibility of minimizing the propagation of sensitive data through additional encryption is highly appreciated and the usage of form-based communication is a promising approach for the digital transformation.
@article{linsner_decision-based_2024,
title = {Decision-based {Data} {Distribution} ({D}³): {Enabling} {Users} to {Minimize} {Data} {Propagation} in {Privacy}-sensitive {Scenarios}},
issn = {2299-0984},
url = {https://petsymposium.org/popets/2024/popets-2024-0113.php},
doi = {https://doi.org/10.56553/popets-2024-0113},
abstract = {In many scenarios users have to communicate sensitive data with third parties such as doctors, lawyers, insurance companies, social workers or online shops. Handing over personal data is necessary to use those services but the delegation of tasks to increase efficiency still poses the risk that personal data might be leaked. To minimize this risk and further enhance the privacy of users, we propose an interaction concept that uses layered encryption of messages to provide a trade-off between privacy and usability. Users can choose which data is additionally encrypted in an inner layer, say, for the eyes of their doctor only, and which data is available in an outer (encrypted or unencrypted) layer for all staff members. Another benefit is the hiding of sensitive data from package inspection or crawling algorithms over emails, while less critical parts can still be processed by these systems via the partial access. To investigate this concept, we derive relevant use cases for form-based communication over email from a quantitative pre-study with 1011 participants, showing that general practitioners are the most suitable use case. We developed demonstrators for this use case and evaluated them in a qualitative study with 42 participants. Our results show that the possibility of minimizing the propagation of sensitive data through additional encryption is highly appreciated and the usage of form-based communication is a promising approach for the digital transformation.},
number = {4},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Linsner, Sebastian and Demuth, Kilian and Fischlin, Marc and Reuter, Christian},
year = {2024},
keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CROSSING, Projekt-ATHENE-PriVis},
}
[BibTeX] [Abstract] [Download PDF]
Internet of Things (IoT) devices have become increasingly important within the smart home domain, making the security of the devices a critical aspect. The majority of IoT devices are black-box systems running closed and pre-installed firmware. This raises concerns about the trustworthiness of these devices, especially considering that some of them are shipped with a microphone or a camera. Remote attestation aims at validating the trustworthiness of these devices by verifying the integrity of the software. However, users cannot validate whether the attestation has actually taken place and has not been manipulated by an attacker, raising the need for HCI research on trust and understandability. We conducted a qualitative study with 35 participants, investigating trust in the attestation process and whether this trust can be improved by additional explanations in the application. We developed an application that allows users to attest a smart speaker using their smartphone over an audio channel to identify the attested device and observe the attestation process. In order to observe the differences between the applications with and without explanations, we performed A/B testing. We discovered that trust increases when additional explanations of the technical process are provided, improving the understanding of the attestation process.
@article{linsner_building_2024,
title = {Building {Trust} in {Remote} {Attestation} {Through} {Transparency} – {A} {Qualitative} {User} {Study} on {Observable} {Attestation}},
issn = {0144-929X},
url = {https://doi.org/10.1080/0144929X.2024.2374889},
doi = {10.1080/0144929X.2024.2374889},
abstract = {Internet of Things (IoT) devices have become increasingly important within the smart home domain, making the security of the devices a critical aspect. The majority of IoT devices are black-box systems running closed and pre-installed firmware. This raises concerns about the trustworthiness of these devices, especially considering that some of them are shipped with a microphone or a camera. Remote attestation aims at validating the trustworthiness of these devices by verifying the integrity of the software. However, users cannot validate whether the attestation has actually taken place and has not been manipulated by an attacker, raising the need for HCI research on trust and understandability. We conducted a qualitative study with 35 participants, investigating trust in the attestation process and whether this trust can be improved by additional explanations in the application. We developed an application that allows users to attest a smart speaker using their smartphone over an audio channel to identify the attested device and observe the attestation process. In order to observe the differences between the applications with and without explanations, we performed A/B testing. We discovered that trust increases when additional explanations of the technical process are provided, improving the understanding of the attestation process.},
journal = {Behaviour \& Information Technology},
author = {Linsner, Sebastian and Demuth, Kilian and Surminski, Sebastian and Davi, Lucas and Reuter, Christian},
year = {2024},
note = {Publisher: Taylor \& Francis},
keywords = {Security, A-Paper, Ranking-ImpactFactor, Projekt-CROSSING, Projekt-ATHENE-PriVis, Usable security},
pages = {1--21},
}
2021
[BibTeX] [Abstract] [Download PDF]
Digitalisierung ist ein präsenter Faktor in vielen Städten. So existieren bereits viele Smart-City-Initiativen, bei denen Städte versuchen, ihre Prozesse durch Erfassung und Verknüpfung von Daten, oft unter Zuhilfenahme von Datenplattformen, zu optimieren. In Anbetracht der damit einhergehenden großen Investitionen und Veränderungen wird Bürgerbeteiligung als zentraler Faktor für den Erfolg solcher Initiativen betrachtet. Bisher ist allerdings nicht klar, was typische Beteiligungsformate von Smart-City-Initiativen sind und welche Rolle(n) BürgerInnen dabei einnehmen. Dieser Beitrag leitet mittels einer Literaturanalyse zu Smart Cities ein Kategorienschema zu typischen Bürgerbeteiligungsarten ab. Die Analyse ergab, dass sich Einbindung von BürgerInnen in politische Entscheidungen und bei der Entwicklung technischer Artefakte maßgeblich auf e‑Government oder Participatory Design bezieht. Im Hinblick auf die Beteiligungsarten zeigt sich, dass Makrofabriken, Living Labs und Open-Data-Plattformen häufige Ansätze sind, um BürgerInnen als Co-Creators einzubinden. Zudem werden BürgerInnen mit Citizen Sensing zur Erfassung von Daten oder Missständen einbezogen. Dabei zeigen sich sowohl aktivere, als auch eher passive Beteiligungsarten. Die Analyse zeigt, dass die Einbindung von BürgerInnen häufig entweder auf eine Beteiligung an politischen Entscheidungen oder an der Entwicklung technischer Artefakte abzielt. Auch wenn keine klare Abgrenzung möglich ist, sind diese Ansätze dann eher durch e‑Government oder Participatory Design inspiriert.
@article{haunschild_nutzer_2021,
title = {Nutzer, {Sammler}, {Entscheidungsträger}? {Arten} der {Bürgerbeteiligung} in {Smart} {Cities}},
volume = {58},
url = {https://peasec.de/paper/2021/2021_HaunschildDemuthGeissRichterReuter_NutzerSammlerEntscheidungstragerBuergerbeteiligungSmartCities_HMD.pdf},
doi = {10.1365/s40702-021-00770-8},
abstract = {Digitalisierung ist ein präsenter Faktor in vielen Städten. So existieren bereits viele Smart-City-Initiativen, bei denen Städte versuchen, ihre Prozesse durch Erfassung und Verknüpfung von Daten, oft unter Zuhilfenahme von Datenplattformen, zu optimieren. In Anbetracht der damit einhergehenden großen Investitionen und Veränderungen wird Bürgerbeteiligung als zentraler Faktor für den Erfolg solcher Initiativen betrachtet. Bisher ist allerdings nicht klar, was typische Beteiligungsformate von Smart-City-Initiativen sind und welche Rolle(n) BürgerInnen dabei einnehmen. Dieser Beitrag leitet mittels einer Literaturanalyse zu Smart Cities ein Kategorienschema zu typischen Bürgerbeteiligungsarten ab. Die Analyse ergab, dass sich Einbindung von BürgerInnen in politische Entscheidungen und bei der Entwicklung technischer Artefakte maßgeblich auf e‑Government oder Participatory Design bezieht. Im Hinblick auf die Beteiligungsarten zeigt sich, dass Makrofabriken, Living Labs und Open-Data-Plattformen häufige Ansätze sind, um BürgerInnen als Co-Creators einzubinden. Zudem werden BürgerInnen mit Citizen Sensing zur Erfassung von Daten oder Missständen einbezogen. Dabei zeigen sich sowohl aktivere, als auch eher passive Beteiligungsarten. Die Analyse zeigt, dass die Einbindung von BürgerInnen häufig entweder auf eine Beteiligung an politischen Entscheidungen oder an der Entwicklung technischer Artefakte abzielt. Auch wenn keine klare Abgrenzung möglich ist, sind diese Ansätze dann eher durch e‑Government oder Participatory Design inspiriert.},
journal = {HMD Praxis der Wirtschaftsinformatik},
author = {Haunschild, Jasmin and Demuth, Kilian and Geiß, Henri-Jacques and Richter, Christian and Reuter, Christian},
year = {2021},
keywords = {HCI, Student, Projekt-ATHENE-SecUrban, Projekt-emergenCITY},
}