Published November 18, 2023 | Version v1
Publication Open

Shesmu DBDsys: a Solution for Safer Data Sharing in the Case of Directed Blood Donation

Authors/Creators

  • 1. Faculty of Informatics of the University of Debrecen

Description

Publicly shared numerous types of personal data further increase the possibilities for misuses, especially sensitive data, such as health or biometric data. Our focus is on the phenomenon when people publicly share their or others' personal data related to directed blood donation in order to find donors on the Internet without any protection, which can be the source of identity theft or fake fundraising crimes. To solve this problem and help people to protect their data in this relation, we designed and implemented a possible solution called Shesmu DBDsys, which applies AES-256-GCM encryption to protect and QR code to share data. Shesmu does not store any personal data and ensures that potential donors can only access personal information related to the recipient if they perform a successful donation. We also carried out experimental software analyses to validate the correctness of our implementation and to give proposals, such as the appropriate size of the QR code.

Files

manuscript.pdf

Files (848.8 kB)

Name Size Download all
md5:8ec9c591f77e163da7b704a7945c311e
848.8 kB Preview Download

Additional details

Is described by
Video/Audio: 10.5281/zenodo.17697787 (DOI)
Video/Audio: 10.5281/zenodo.17698115 (DOI)
Is part of
Software: 10.5281/zenodo.17697313 (DOI)
Requires
Dataset: 10.5281/ZENODO.3978386 (DOI)
Dataset: 10.5281/ZENODO.3978427 (DOI)
Dataset: 10.5281/ZENODO.4411040 (DOI)
Computational notebook: https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cavp-testing-block-cipher-modes (URL)
Other: https://goqr.me/de/rechtliches/datenschutz-api.html (URL)
Software: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/7.4.8/xampp-portable-windows-x64-7.4.8-0-VC15.zip/download (URL)
Software: https://play.google.com/store/apps/details?id=com.kaspersky.qrscanner (URL)
Software: https://play.google.com/store/apps/details?id=com.flado.qr_scanner (URL)
Other: https://www.facebook.com/groups/279288692229091 (URL)
Other: https://www.facebook.com/groups/707317849478617 (URL)

Dates

Available
2023-11-18
Publication date
Copyrighted
2019-11-12

References

  • K. Baróti-Tóth, Z. Csernus, I. Hoffer, B. Jenei, V. Szekeres, and K. Vörös, Transzfúziós Szabályzat. Országos Vérellátó Szolgálat, 2016.
  • L. Dean, Blood Groups and Red Cell Antigens [Internet]. Bethesda (MD): National Center for Biotechnology Information (US), 2005. [Online]. Available: https://www.ncbi.nlm.nih.gov/books/NBK2261/
  • Decree 3/2005 (II. 10.). [Online]. Available: http://njt.hu/cgi_bin/njt_doc.cgi?docid=92691.363968
  • Regulation (EU) No 2016/679 of The European Parliament and of The Council. 2016. [Online]. Available: https://eur-lex.europa.eu/legal-content/HU/TXT/ELI/?eliuri=eli:reg:2016:679:oj
  • "ENISA Threat Landscape Report 2018," 2019. doi: https://doi.org/10.2824/622757.
  • S. B. Alkhadhr, M. A. Alkandari, and T. Song, "Cryptography and randomization to dispose of data and boost system security," Cogent Eng., vol. 4, no. 1, p. 1300049, Jan. 2017, doi: 10.1080/23311916.2017.1300049.
  • T. Roskó, "Shesmu DBDsys: Facebook group posts related to directed blood donation," Jan. 2021, doi: 10.5281/ZENODO.4411040.
  • R. Focardi, F. L. Luccio, and H. A. M. Wahsheh, "Usable security for QR code," J. Inf. Secur. Appl., vol. 48, p. 102369, Oct. 2019, doi: 10.1016/j.jisa.2019.102369.
  • E. Barker, "Guideline for using cryptographic standards in the federal government: SP.800-175B," National Institute of Standards and Technology, Gaithersburg, MD, Mar. 2020. doi: 10.6028/NIST.SP.800-175Br1.
  • "Security requirements for cryptographic modules: FIPS 140-2," National Institute of Standards and Technology, Gaithersburg, MD, May 2001. doi: 10.6028/NIST.FIPS.140-2.
  • T. Roskó, "Shesmu DBDsys: QR-code generation and scanning experimental analyses," Zenodo Repos., Aug. 2020, doi: 10.5281/ZENODO.3978427.
  • T. Roskó, "Shesmu DBDsys: NIST CAVP analyses of PHP OpenSSL encrypt/decrypt functions," Zenodo Repos., Aug. 2020, doi: 10.5281/ZENODO.3978386.
  • A. B. Jibril, M. A. Kwarteng, R. K. Botchway, J. Bode, and M. Chovancova, "The impact of online identity theft on customers' willingness to engage in e-banking transaction in Ghana: A technology threat avoidance theory," Cogent Bus. Manag., vol. 7, no. 1, p. 1832825, Jan. 2020, doi: 10.1080/23311975.2020.1832825.
  • T. Roskó and G. J. Szőllősi, "Behind passwords: An analysis of preliminary results in order to understand how users protect their privacy," First Monday, Jul. 2021, doi: 10.5210/fm.v26i8.10616.
  • T. Roskó and G. J. Szőllősi, "An in-depth analysis of People's online privacy awareness," Nov. 2023, doi: 10.5281/ZENODO.10070172.
  • E. B. Kim, "Information Security Awareness Status of Business College: Undergraduate Students," Inf. Secur. J. Glob. Perspect., vol. 22, no. 4, pp. 171–179, Jul. 2013, doi: 10.1080/19393555.2013.828803.
  • R. Fatima, A. Yasin, L. Liu, J. Wang, W. Afzal, and A. Yasin, "Sharing information online rationally: An observation of user privacy concerns and awareness using serious game," J. Inf. Secur. Appl., vol. 48, p. 102351, Oct. 2019, doi: 10.1016/j.jisa.2019.06.007.
  • E. Barker, "Recommendation for key management (SP 800-57)," National Institute of Standards and Technology, Gaithersburg, MD, May 2020. doi: 10.6028/NIST.SP.800-57pt1r5.
  • E. Barker and A. Roginsky, "Transitioning the use of cryptographic algorithms and key lengths: SP.800-131A," National Institute of Standards and Technology, Gaithersburg, MD, Mar. 2019. doi: 10.6028/NIST.SP.800-131Ar2.
  • D. A. McGrew and J. Viega, "The Galois/Counter Mode of Operation (GCM)," May 2005. [Online]. Available: https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
  • D. A. McGrew and J. Viega, "The Security and Performance of the Galois/Counter Mode of Operation (Full Version)." 2004. [Cryptology ePrint Archive, Report 2004/193]. Available: https://eprint.iacr.org/2004/193
  • M. J. Dworkin, "Recommendation for block cipher modes of operation: SP.800-38D," National Institute of Standards and Technology, Gaithersburg, MD, 2007. doi: 10.6028/NIST.SP.800-38d.
  • "Protecting data with envelope encryption," IBM Cloud Docs. [Online]. Available: https://cloud.ibm.com/docs/key-protect?topic=key-protect-envelope-encryption
  • P. A. Grassi, M. E. Garcia, and J. L. Fenton, "NIST Special Publication 800-63-3 Digital Identity Guidelines," National Institute of Standards and Technology, Gaithersburg, MD, Jun. 2017. doi: 10.6028/NIST.SP.800-63-3.