Shesmu DBDsys: a Solution for Safer Data Sharing in the Case of Directed Blood Donation

Shesmu DBDsys
A Solu ion o Sa e Da a Sha ing in he Case o Di ec ed Blood
Dona ion
by
Roskó, Tibo
Facul y o In o ma ics o he Uni e si y o
Deb ecen
o cid.o g/0000-0002-6521-9447
This wo k was published on No embe 18, 2023, unde he doi numbe
h ps://doi.o g/10.5281/zenodo.10144520 and is licenced unde he C ea i e Commons A ibu ion-
NonComme cial-NoDe i a i es 4.0 In e na ional Licence (h ps://c ea i ecommons.o g/licenses/by-nc-
nd/4.0).
Roskó, Tibo
He is a sel -employed Compu e Science consul an , ansla o
and esea che .
His esea ch is ela ed o he Facul y o In o ma ics o he
Uni e si y o Deb ecen. He ocuses on he analysis o people's
p i acy awa eness and passwo d managemen , especially
globally cen alised use au hen ica ion solu ions and online
p i acy.
Fo mo e in o ma ion, please isi www. ibo .hu and he
Zenodo eposi o y.
2
Publicly sha ed nume ous ypes o pe sonal da a u he inc ease
he possibili ies o misuses, especially sensi i e da a, such as heal h
o biome ic da a. Ou ocus is on he phenomenon when people
publicly sha e hei o o he s' pe sonal da a ela ed o di ec ed
blood dona ion in o de o ind dono s on he In e ne wi hou any
p o ec ion, which can be he sou ce o iden i y he o ake
und aising c imes. To sol e his p oblem and help people o p o ec
hei da a in his ela ion, we designed and implemen ed a possible
solu ion called Shesmu DBDsys, which applies AES-256-GCM
enc yp ion o p o ec and QR code o sha e da a. Shesmu does no
s o e any pe sonal da a and ensu es ha po en ial dono s can only
access pe sonal in o ma ion ela ed o he ecipien i hey pe o m
a success ul dona ion. We also ca ied ou expe imen al so wa e
analyses o alida e he co ec ness o ou implemen a ion and o
gi e p oposals, such as he app op ia e size o he QR code.
Keywo ds:
•di ec ed blood dona ion
•p i acy p o ec ion
•enc yp ed da a in QR code
•p i acy awa eness
•cybe c imes ela ed o da a conce ning heal h
3
1. In oduc ion
"Dona e blood and sa e li es!" is he slogan o almos all blood se ices. The ole o blood dona ion is
indispu able all o e he wo ld o be able o ea medical cases ha cause blood loss, o example,
su ge ies, acciden s o se ious inju ies. In his pape , ou ocus is on he Hunga ian blood dona ion
sys em, especially di ec ed blood dona ion, whe e he dono (who gi es blood) designa es he ecipien
(who ecei es blood) o he dona ion [1]. When a pa ien wi h a a e blood ype, such as B-, AB+ o
AB- needs help, di ec ed o o ganized blood dona ion could be he bes – some imes he only one –
oppo uni y o collec enough blood o ea men . The p ocess o blood dona ion is based on he AB0
and RhD blood sys ems, so he blood ype can be one o he ollowing: 0+, 0-, A+, A-, B+, B-, AB+ o
AB-. In he case o blood dona ion, i is a e y impo an p ope y because he dono and he ecipien
ha e o ha e he same blood ype, bu na u ally, he e a e some excep ions when di e en blood ypes
can be used, such as 0- blood can sa ely be dona ed o e e yone o A+ o an AB+ ecipien as well, bu
in o he cases, di e en blood migh cause complica ions. All compa ible combina ions a e summa ised
in Table 1 [2].
0+ 0- A+ A- B+ B- AB+ AB-
0+ x x
0- x
A+ xxxx
A- x x
B+ x x x x
B- x x
AB+ xxxxxxxx
AB- x x x x
Table 1: Compa ible blood ypes (sou ce: h ps://www.blood.co.uk/why-gi e-blood/blood- ypes)
Dec ee 3/2005 (II. 10.) au ho ises he Hunga ian Na ional Blood T ans usion Se ice (Hunga ian
ac onym: OVSZ) o coo dina e he p ocess, collec blood and manage pe sonal da a ela ed o he
dona ion [3]. In he case o di ec ed dona ion, hese pe sonal da a, apa om he dono 's pe sonal da a,
a e he ecipien 's social secu i y numbe (SSN), name, bi h da e, blood ype and he ci y and name
wi h he depa men o he heal h ca e ins i u ion ea ing he ecipien . Sec ion 14 (3) o Dec ee 3/2005
(II. 10.) allows he dono o designa e a ecipien who can ge hei blood by gi ing he p e iously
lis ed ecipien 's da a ia a pape -based s a emen [3]. To do ha , he dono needs o know he
ecipien 's da a. In mos cases, ecipien s o hei close ela i es usually sha e he in o ma ion equi ed
by he di ec ed dona ion p ocess on he In e ne , such as Facebook o news si es. In some cases, hese
ha e been sha ed wi hou he clea consen o he ecipien . Nowadays, in he Co ona i us c isis he
numbe o hese sha es is s eadily inc easing because he numbe o dono s has signi ican ly dec eased,
in o he wo ds, he e a e no enough blood p oduc s o all ea men s. Al hough he numbe o di ec ed
dona ions was only abou 20 000 ou o he o al 380 000 blood dona ions in 2019, publicly a ailable
pe sonal da a, especially da a on heal h, which is one o he special ca ego ies o pe sonal da a s a ed in
A icle 9 o he Gene al Da a P o ec ion Regula ion (GDPR), can be he sou ce o a ious c imes [4].
4
The numbe o misused pe sonal da a was 1478 in 2019, and he numbe o misused social secu i y
numbe s was 55 in 2017 based on he Hunga ian police s a is ics (sou ce: bs .bm.hu). A ypical c ime
is using eal pe sonal da a o ake und aising ac i i ies o in ake news po als o ge clicks. Based on
he ENISA Th ea Landscape Repo 2018, he o e all end o iden i y he in 2018 inc eased, and i is
sa e o conclude ha he inc easing numbe o da a b eaches can be he eason o ha [5].
We ha e in es iga ed online si es and pos s in Facebook g oups o measu e how a big p oblem ha is,
and we ha e ound se e al pos s (a leas 77) con aining a ious pe sonal da a, such as name, social
secu i y numbe , blood ype, add ess, eligion and bi h da a ha ha e been a ailable o a leas one o
wo yea s, bu some ha e been a ailable o six yea s. Based on he pape [6], we can con i m ha
he e a e many da a le behind, o go en o igno ed in en ionally. Con iden ial pe sonal da a a e jus
lying a ound somewhe e un il someone makes an e o and akes he ime o sea ch o hem in he
igh place. Once ound o e ie ed om bad disposal me hods, hey can be used o illegal o
une hical ac i i ies. To ackle he p oblem, we designed and implemen ed a possible solu ion o he
ecipien s o sa ely sha e hei da a equi ed by he di ec ed dona ion online on he In e ne as well as
on pape . enc yp ionSe ice and dec yp ionSe ice a e he bases ha use he AES-256-GCM
(Ad anced Enc yp ion S anda d, Galois/Coun e Mode) enc yp ion algo i hm o enc yp and dec yp
he ecipien 's da a and ha gene a es a QR code o sha ing he enc yp ed da a se . I coope a es wi h
he Amazon Web Se ices Key Managemen Se ice CloudHSM (AWS KMS; HSM: Ha dwa e
Secu i y Module) se ice in o de ha he AES-256 key will be secu ely s o ed. We ocused on making
his solu ion o be as simple as possible o use and no o equi e a huge amoun o esou ces o be
in eg a ed in o he exis ing sys ems. And no does ou solu ion s o e any pe sonal da a.
The cu en pape p esen s ou esul s o ganised in o i e sec ions. The i s is he Me hodology
in oducing he me hod o da a collec ion, he p ocess o analysis, applied so wa es and esou ce
URLs. I is ollowed by he Reasons o he de elopmen , he Resul s in oducing he design and
de elopmen o Shesmu DBDsys componen s and he Valida ion p esen ing co ec ness in o ma ion
abou he algo i hms and pa ame e s used. In he subsec ions o he Resul s, we gi e a de ailed
desc ip ion o he enc yp ionSe ice, dec yp ionSe ice and he selec ion p ocess o he enc yp ion
algo i hm. Finally, he Conclusion e iews he key ea u es o Shesmu DBDsys and in oduces u u e
de elopmen oppo uni ies.
5

2. Me hodology
In p e ious obse a ions, we ound ha people sha e hei pe sonal da a equi ed by di ec ed blood
dona ion on Facebook and a ious websi es o ge dono s. Based on his expe ience, we ha e analysed
wo g oups on Facebook o iden i y wha ypes o in o ma ion a e included in hese pos s. The
"Deb ecenben hallo am" is a p i a e g oup, which means ha pos s can only be seen by he membe s.
I was ounded in Feb ua y 2014. On 23 d Decembe 2020, i had 102825 membe s. In his g oup, we
could ind 25 pos s ela ed o di ec ed blood dona ion using " é adás" keywo d in he sea ch. The
"VÉRPLAZMA DONOROK MINDENHONNAN" is he second g oup we in es iga ed, which is a
public g oup, so anyone can see he pos s. I was ounded in Oc obe 2017. On 23 d Decembe 2020, i
had 3287 membe s. In his g oup, we could ind 55 pos s ela ed o di ec ed blood dona ion using
"i ányí o " keywo d in he sea ch. Fo he analyses, eco ds om he wo g oups ha e been me ged
and duplica ions ha e been elimina ed. The esul is 77 pos s con aining a ious pe sonal in o ma ion,
such as name, mo he 's name, eligion o social secu i y numbe (SSN). Table 2 summa ises he esul ,
whe e "included" means he numbe o pos s ha he pa icula a ibu e is included in and he
"pe cen age" is he pe cen age o i s dis ibu ion o he speci ic a ibu e, while non-included indica es
he numbe o pos s ha he speci ic a ibu e does no appea in. The da a se is a ailable in ou
Zenodo eposi o y [7].
included non-included pe cen age o included
name 77 0 100.00%
bi h_da e 76 1 98.70%
blood_g oup 70 7 90.90%
ssn 75 2 97.40%
ea emen _place 69 8 89.60%
bi h_place 38 39 49.40%
eason 31 46 40.30%
exchange_blood_s a emen 22 55 28.60%
pho o 12 65 15.60%
ea men _da e 16 61 20.80%
add ess 4 73 5.20%
mo he s_name 19 58 24.70%
doc o s 18 59 23.40%
eligion 1 76 1.30%
occupa ion 2 75 2.60%
id_documen _numbe 1 76 1.30%
iden i ie _numbe 1 76 1.30%
dead_in o 1 76 1.30%
Table 2: Desc ip i e s a is ics o he da a se o wo Facebook g oups in he case o di ec ed blood dona ion
6
To design and de elop an app op ia e solu ion o ecipien s o sa ely sha e hei pe sonal da a equi ed
by di ec ed blood dona ion, we in e iewed some specialis s o he OVSZ o unde s and and analyse
he p ocess o di ec ed blood dona ion. We ound ha an enc yp ion solu ion can elimina e he
ulne abili ies caused by publicly sha ed ecipien 's pe sonal da a. This assump ion has al eady been
con i med in [8]: by enc yp ing he con en o QR codes, he da a can s ill be con iden ial, and his
enc yp ion can also p o ec agains he dec yp ion o in o ma ion wi hou knowing he enc yp ion key.
We analysed he ecommenda ions o he Na ional Ins i u e o S anda ds and Technology (NIST) in he
documen [9] o ind he app op ia e enc yp ion algo i hm. AES-256-GCM was chosen since GCM
mode p o ides bo h con iden iali y and in eg i y o enc yp ed da a, and i p o ides he addi ional
ea u e o making dec yp ion ail in case o a o ging a ack [8]. In ou solu ion ollowing he
ecommenda ions o he NIST Fede al In o ma ion P ocessing S anda ds (FIPS) 140-2 documen [10],
we applied a HSM sys em o secu ely s o e AES keys. A de ailed discussion is p o ided in Sec ion 4.1.
To alida e ou implemen a ion, we ca ied ou expe imen al so wa e analyses o in o mally e i y he
co ec ness o openssl_enc yp and openssl_dec yp unc ions o PHP OpenSSL ex ension in he case
o AES-256-GCM block ciphe mode based on NIST C yp og aphic Algo i hm Valida ion P og am
(CAVP), and o de e mine he maximum numbe o cha ac e s om which we gene a e a QR code ha
can be p ocessed by o dina y ools, such as an online QR code eade se ice o a mobile applica ion.
To ca y ou ou expe imen al so wa e analyses, we used he XAMPP 7.4.8 (PHP-7.4.8, OpenSSL
1.1.1) pla o m as a es en i onmen o build up and un ou sc ip s. A de ailed discussion o hese
esul s is p esen ed in Sec ion 5; sc ip s and da a se s a e a ailable in he Zenodo eposi o y [11].
In he case o OpenSSL 1.1.1 PHP lib a y, we implemen ed a alida o sc ip and selec ed he ele an
es ec o s om he NIST GCM es ec o s package; he sc ip sou ce code and es ec o s a e
a ailable in he Zenodo eposi o y [12]. In ou analysis, we es ed he openssl_enc yp and
openssl_dec yp unc ions wi h ze o and 408 bi s plain ex leng hs – IV leng h 96 bi s and TAG leng h
128 bi s –, and could e i y hei co ec ness. We also es ed he buil -in ailu e o es ec o s in he
case o openssl_dec yp unc ion and ound ha he unc ion had co ec ly wo ked and esul ed in
ailu e on he speci ic inpu s.
On he o he hand, o alida e ou implemen a ion and de e mine maximum how many inpu cha ac e s
can be used o he QR code o be eadable, we made an au oma ic es wi h ou sc ip using he
goQR.me API and manual scans using a sma phone wi h a 13MP came a and scanne applica ions,
such as Kaspe sky QR Scanne ( 1.7.4.232) and Flado QR scanne ( 1.1.0.8). Ou au oma ic sc ip
gene a ed andom da a and es ed he c ea ion and eading p ocesses, and du ing his, i gene a ed 400
pieces o QR code in PNG o ma and a log ile wi h he ollowing in o ma ion.
cha _numbe
q _size
 ound
 andom_da a_leng h
enc yp ed_ emp_leng h
i _leng h
 ag_leng h
da a_key_enc yp ed_leng h
b64_enc yp ed_ emp_leng h
b64_i _leng h
b64_ ag_leng h
b64_da a_key_enc yp ed_leng h
b64_q _ alue_leng h
 ead_ ail
7
Because Shesmu is an open-sou ce p ojec unde e sion 3 o he GNU Gene al Public License
(GPL 3) licence, i s sou ce code is a ailable on Gi Hub, some p omo ideos on YouTube and he
ela ed esea ch da a se s on Zenodo.
Sou ce code on Gi Hub
h ps://gi hub.com/s 2015/Shesmu_DBDsys
YouTube ideos
enc yp ionSe ice demo
h ps://you u.be/siew1M58aKI
dec yp ionSe ice demo
h ps://you u.be/q3D7CMa-Mjo
da a se s on Zenodo
NIST CAVP analyses o PHP OpenSSL enc yp /dec yp unc ions [12]
h ps://doi.o g/10.5281/ZENODO.3978386
QR-code gene a ion and scanning expe imen al analyses [11]
h ps://doi.o g/10.5281/ZENODO.3978427
Facebook g oup pos s ela ed o di ec ed blood dona ion [7]
h ps://doi.o g/10.5281/ZENODO.4411040
NIST CAVP – Na ional Ins i u e o S anda ds and Technology C yp og aphic Algo i hm Valida ion
P og am
h ps://cs c.nis .go /P ojec s/c yp og aphic-algo i hm- alida ion-p og am/ca p- es ing-block-
ciphe -modes
Facebook g oups
"Deb ecenben hallo am" – (in o ma ion sha ing in Deb ecen, Hunga y)
h ps://www. acebook.com/g oups/279288692229091
"VÉRPLAZMA DONOROK MINDENHONNAN" – (blood plasma dono s om e e ywhe e)
h ps://www. acebook.com/g oups/707317849478617
p i acy policy o goQR.me APIs
h ps://goq .me/de/ ech liches/da enschu z-api.h ml
XAMPP 7.4.8
h ps://sou ce o ge.ne /p ojec s/xampp/ iles/XAMPP%20Windows/7.4.8/xampp-po able-
windows-x64-7.4.8-0-VC15.zip/download
Kaspe sky QR Scanne ( 1.7.4.232)
h ps://play.google.com/s o e/apps/de ails?id=com.kaspe sky.q scanne
Flado QR scanne ( 1.1.0.8)
h ps://play.google.com/s o e/apps/de ails?id=com. lado.q _scanne
8
3. The de ailed eason ha mo i a ed us o design Shesmu DBDsys
As we p e iously in oduced, nowadays, he online p esence is s eadily g owing, mo e han six y-se en
pe cen o he esponden s daily use he In e ne [13]. This endency has become a sou ce o many
dange s, such as compu e i uses, iden i y he c imes o ake in o ma ion. Publicly sha ing se e al
ypes o pe sonal da a, especially sensi i e heal h o biome ic in o ma ion u he inc eases he
possibili ies o misuse. In his sec ion, we highligh why i is so impo an o deal wi h he
phenomenon when people publicly sha e hei o o he s' pe sonal da a ela ed o di ec ed blood
dona ion. Which has become e y common on Facebook and a ious news websi es. In mos cases,
hese a e no hei own da a bu belong o o he ecipien s, such as amily membe s, iends o
s ange s.
We inspec ed 77 pos s con aining mo e addi ional in o ma ion han he name, blood ype, bi h da a
and place o ea men ha a e eally needed o he di ec ed blood dona ion. The pos s we e publicly
a ailable o a leas one o wo yea s bu he oldes one was a ailable o six yea s. As can be seen in
Table 2, se e al ypes o unnecessa y a ibu es a e p esen in he pos s, while, in o ma ion equi ed by
di ec ed dona ion is no comple e, because he in o ma ion on he place o ea men is missing in 10.40
pe cen o he cases and blood ype is also missing in 9.10 pe cen , he name is he only one, which is
p esen in all cases. Ano he big p oblem is ha he so-called ou na u al pe sonal iden i ie a ibu es,
such as name, mo he 's name, da e and place o bi h appea in 24.70 pe cen . Wi h he SSN, i can be
an easy way o a acke s o success ully pe pe a e iden i y he c imes, such as ga he ing mo e
in o ma ion abou he ic im using hese a ibu es o ac as an au ho i y. Fo example, he a acke
sends a speci ic spam email o he ic im on behal o a heal h insu ance o ganiza ion o ga he mo e
in o ma ion, such as phone numbe , bank accoun o bank ca d in o ma ion. In his co ona i us c isis,
his is mo e se e e because e e yone p e e s online adminis a ion. This wo ying phenomenon was
also highligh ed in [6]. I many da a a e le behind, o go en o igno ed in en ionally, once ound o
e ie ed om bad disposal me hods, hey can be used o illegal o une hical ac i i ies.
On he one hand, sha ing pe sonal da a wi hou he indi idual's clea consen does no comply wi h
A icle 6. 1/a o he GDPR, which equi es p e ious consen o be gi en by he subjec o da a excep
when he p ocessing o pe sonal da a is done by a na u al pe son in he cou se o a pu ely pe sonal o
household ac i i y [4]. On he o he hand, i is ex emely i esponsible, e en i done wi h good
in en ions because c iminals migh misuse hese da a. Fo example, pe pe a ing iden i y he o
ga he ing mo e in o ma ion using he pos ed a ibu es. Sha ing o he s' pe sonal da a widely on he
In e ne canno be in he cou se o a pu ely pe sonal o household ac i i y. Based on his, we migh
suppose ha people do ha because hey do no ha e enough o deep knowledge o da a p o ec ion
egula ions and abou wha c imes migh be pe pe a ed wi h hei publicly sha ed da a. In ou p e ious
pape s [14], [15], we demons a e ha people's p i acy awa eness is eally low, and hey do no end o
wan o change i . Namely, only 25.75 pe cen o hem always o usually ead p i acy policies and
e ms, and a dominan pa (48.31 pe cen ) a e no in e es ed in i . Besides ha , people who a e mo e
educa ed and ha e b oad and deep knowledge abou possible he s o p i acy egula ions end o be
mo e awa e o hei online beha iou , such as con olling he in o ma ion hey sha e online o eading
policies and e ms.
9
5. Valida ion
The da a se equi ed by di ec ed blood dona ion con ains se e al a ibu es conside ed a special
ca ego y o pe sonal da a by he GDPR, such as SSN, blood ype, hospi al, ea men o diagnosis [4].
Based on he NIST SP. 800-63, in he case o managing heal h in o ma ion, i is ecommended o
conside he use o Au hen ica o Assu ance Le el 3 (NIST AAL3) o educe he isk o da a misuse o
any ype o cybe c imes. Shesmu, o comply wi h NIST AAL3 in he case o enc yp ion, uses he
se ices o FIPS 140-2 alida ed AWS KMS HSM [24].
In he case o p i acy, we analysed he p i acy policy o goQR.me APIs. We ound ha goQR.me, in
he case o he c ea e-q -code se ice, does no sa e o a chi e he con en o he gene a ed QR code,
and he gene a ed g aphic ile is dele ed om he cache wi hin i e minu es a e deli e y. In he case
o he ead-q -code se ice, he g aphic ile sen o ead is dele ed immedia ely a e he eques has
been p ocessed and is no a chi ed. The se ice se e applies HTTPS in communica ion o p o ec
ans e ed in o ma ion. Finally, we will discuss ou expe imen al so wa e analyses o alida e he QR
code gene a ion and ead, and d aw up p oposals o se ings o he gene a ion. We expec ed ha
inc easing he numbe o inpu cha ac e s equi es a bigge QR code size, and we ound ha i can be
ue, pa icula ly, in he case o p in ed QR scanning. Ou sc ip ound ha 200px size can be ead by
he goQR.me API un il 700 inpu cha ac e s and o e 700 cha ac e s, 300px can wo k p ope ly bu he
sma phone-based scan is only s able wi h 400px o mo e. Pape [8] also con i med ha he a e o
success ul eadings dec eases when he da a size inc eases. Resul s o QR code scanning wi h
sma phone applica ions on bo h sc een and pape a e summa ised in Table 3.
QR code size (px) maximum inpu cha ac e s could be scanned
200x200 400
300x300 700
400x400 900
500x500 1000
Table 3: Resul s o QR code scanning wi h sma phone applica ions on bo h sc een and pape
These esul s sugges ha i is ecommended o conside he op imiza ion o QR code size conce ning
he numbe o inpu cha ac e s, because, based on ou example ecipien 's QR code gene a ion, 400
inpu cha ac e s can be mo e han enough; and 200px is an easily usable size o gene al pu poses. To
sa e cha ac e s, we applied p ede ined scheme-based conca ena ion using hash ags as sepa a o s on he
inpu da a se . goQR.me se ice could gene a e QR codes om a maximum o 1900 inpu cha ac e s,
which means he o al numbe o cha ac e s is 2827 (close o he maximum o QR code capaci y).
Whe e he numbe o inpu cha ac e s only e e s o he in o ma ion we wan o sha e, such as he
ecipien 's a ibu es and he o al numbe o cha ac e s e e s o all he in o ma ion s o ed in he QR
code including such enc yp ion a ibu es as TAG, IV o enc yp ed da a key.
16

6. Conclusion
In his pape , we in oduced a solu ion called Shesmu DBDsys designed and de eloped o p o ec
publicly sha ed pe sonal da a equi ed by di ec ed blood dona ion.
One p ope y o Shesmu is ha i does no s o e any pe sonal in o ma ion o pe o m he da a p o ision
se ice. In he i s design, we wan ed o s o e he ecipien 's da a equi ed by di ec ed blood dona ion
wi h a alidi y ime in e al o ensu e he e asu e o unnecessa y da a, bu we iden i ied some esou ce-
in ensi e implemen a ion, such as au hen ica ion and au ho isa ion o ecipien s and eaching
in o ma ion o ecipien s' ea men , especially he end da e o he ea men . A e discussing hese
p oblems wi h he OVSZ specialis s, we ound ha building a da abase is unnecessa y because gi ing
di ec ed blood o a ecipien who is no unde ea men does no cause p oblems o ge los as, a e 14
days, he dona ed blood p oduc will be used in a no mal dona ion [1]. Knowing his ac , we
implemen ed he in oduced QR code-based se ice ins ead o building a da abase. O which key is he
applica ion o AES-256-GCM enc yp ion in coope a ion wi h FIPS 140-2 alida ed AWS CloudHSM
and KMS se ices.
Ano he alue o ea u e o Shesmu is ha he dono will only know he ecipien 's pe sonal da a i hey
apply o di ec ed blood dona ion and hey can pe o m i , in o he wo ds, hei blood is app op ia e o
he ecipien . Al e na i ely, publicly sha ing he ecipien 's pe sonal da a on he In e ne o sha ing da a
on demand in a closed Facebook g oup causes anyone can know he ecipien 's pe sonal da a. An
addi ional p oposal o he u u e o imp o e pe sonal da a p o ec ion migh be ha dono s should no
know, exac ly ead he ecipien 's SSN in he p ocess, only he OVSZ sys em, which migh pe o m
da a alida ion agains he gi en SSN and he ecipien 's o he da a, such as name and bi h da e belong
oge he . To pe o m his, he OVSZ sys em migh use a web se ice o he Na ional Heal h Insu ance
Fund o Hunga y (Hunga ian ac onym: NEAK).
Besides secu i y, easy usabili y was also essen ial because i use s ind i uncom o able o di icul o
use, hey will no use i . To a oid his si ua ion, Shesmu has a simple online o m o use s o easily
gene a e a QR code om he ecipien 's equi ed pe sonal da a. The gene a ed PNG image ile can
easily be downloaded and sha ed on he In e ne o on pape a e p in ing.
In addi ion, we in es iga ed he phenomenon when people publicly sha e hei pe sonal da a on he
In e ne , especially on Facebook o news po als, p ima ily in he case o di ec ed blood dona ion. The
ulne able issue ha esul s highligh is no only limi ed o his opic bu o o he cases when people
publicly sha e hei pe sonal da a, o example, sha ing images publicly o documen s (e.g. ID ca d,
d i ing licence o o mal le e ) on Facebook wi hou co e ing sensi i e in o ma ion o pos ing pho os
abou hei ce i ica es wi hou co e ing pe sonal da a.
17
7. Acknowledgemen
We would like o hank hem o hei suppo :
•Hunga ian Na ional Blood T ans usion Se ice o sugges ions and commen s
•Hunga ian Na ional Police Headqua e s o c ime s a is ics
•The Documen Founda ion o Lib eO ice so wa e
•Co po a ion o Digi al Schola ship o Zo e o so wa e
•CERN, he Eu opean O ganiza ion o Nuclea Resea ch o Zenodo si e
•Nyilas Is ánné (Uni e si y o Deb ecen) o g amma e iew
EFOP-3.6.3-VEKOP-16-2017-00002 o he Uni e si y o Deb ecen pa ially suppo ed his esea ch.
We wish o con i m ha he e a e no known con lic s o in e es associa ed wi h his publica ion, and
he e has been no signi ican inancial suppo o his wo k ha could ha e in luenced i s ou come.
18
8. Re e ences
[1] K. Ba ó i-Tó h, Z. Cse nus, I. Ho e , B. Jenei, V. Szeke es, and K. Vö ös, T ansz úziós
Szabályza . O szágos Vé ellá ó Szolgála , 2016.
[2] L. Dean, Blood G oups and Red Cell An igens [In e ne ]. Be hesda (MD): Na ional Cen e o
Bio echnology In o ma ion (US), 2005. [Online]. A ailable:
h ps://www.ncbi.nlm.nih.go /books/NBK2261/
[3] Dec ee 3/2005 (II. 10.). [Online]. A ailable: h p://nj .hu/cgi_bin/nj _doc.cgi?
docid=92691.363968
[4] Regula ion (EU) No 2016/679 o The Eu opean Pa liamen and o The Council. 2016. [Online].
A ailable: h ps://eu -lex.eu opa.eu/legal-con en /HU/TXT/ELI/?eliu i=eli: eg:2016:679:oj
[5] “ENISA Th ea Landscape Repo 2018,” 2019. doi: h ps://doi.o g/10.2824/622757.
[6] S. B. Alkhadh , M. A. Alkanda i, and T. Song, “C yp og aphy and andomiza ion o dispose o
da a and boos sys em secu i y,” Cogen Eng., ol. 4, no. 1, p. 1300049, Jan. 2017, doi:
10.1080/23311916.2017.1300049.
[7] T. Roskó, “Shesmu DBDsys: Facebook g oup pos s ela ed o di ec ed blood dona ion,” Jan.
2021, doi: 10.5281/ZENODO.4411040.
[8] R. Foca di, F. L. Luccio, and H. A. M. Wahsheh, “Usable secu i y o QR code,” J. In . Secu .
Appl., ol. 48, p. 102369, Oc . 2019, doi: 10.1016/j.jisa.2019.102369.
[9] E. Ba ke , “Guideline o using c yp og aphic s anda ds in he ede al go e nmen : SP.800-
175B,” Na ional Ins i u e o S anda ds and Technology, Gai he sbu g, MD, Ma . 2020. doi:
10.6028/NIST.SP.800-175B 1.
[10] “Secu i y equi emen s o c yp og aphic modules: FIPS 140-2,” Na ional Ins i u e o S anda ds
and Technology, Gai he sbu g, MD, May 2001. doi: 10.6028/NIST.FIPS.140-2.
[11] T. Roskó, “Shesmu DBDsys: QR-code gene a ion and scanning expe imen al analyses,” Zenodo
Repos., Aug. 2020, doi: 10.5281/ZENODO.3978427.
[12] T. Roskó, “Shesmu DBDsys: NIST CAVP analyses o PHP OpenSSL enc yp /dec yp unc ions,”
Zenodo Repos., Aug. 2020, doi: 10.5281/ZENODO.3978386.
[13] A. B. Jib il, M. A. Kwa eng, R. K. Bo chway, J. Bode, and M. Cho anco a, “The impac o
online iden i y he on cus ome s’ willingness o engage in e-banking ansac ion in Ghana: A
echnology h ea a oidance heo y,” Cogen Bus. Manag., ol. 7, no. 1, p. 1832825, Jan. 2020,
doi: 10.1080/23311975.2020.1832825.
[14] T. Roskó and G. J. Szőllősi, “Behind passwo ds: An analysis o p elimina y esul s in o de o
unde s and how use s p o ec hei p i acy,” Fi s Monday, Jul. 2021, doi:
10.5210/ m. 26i8.10616.
[15] T. Roskó and G. J. Szőllősi, “An in-dep h analysis o People’s online p i acy awa eness,” No .
2023, doi: 10.5281/ZENODO.10070172.
[16] E. B. Kim, “In o ma ion Secu i y Awa eness S a us o Business College: Unde g adua e
S uden s,” In . Secu . J. Glob. Pe spec ., ol. 22, no. 4, pp. 171–179, Jul. 2013, doi:
10.1080/19393555.2013.828803.
[17] R. Fa ima, A. Yasin, L. Liu, J. Wang, W. A zal, and A. Yasin, “Sha ing in o ma ion online
a ionally: An obse a ion o use p i acy conce ns and awa eness using se ious game,” J. In .
Secu . Appl., ol. 48, p. 102351, Oc . 2019, doi: 10.1016/j.jisa.2019.06.007.
[18] E. Ba ke , “Recommenda ion o key managemen (SP 800-57),” Na ional Ins i u e o S anda ds
and Technology, Gai he sbu g, MD, May 2020. doi: 10.6028/NIST.SP.800-57p 1 5.
19
[19] E. Ba ke and A. Roginsky, “T ansi ioning he use o c yp og aphic algo i hms and key leng hs:
SP.800-131A,” Na ional Ins i u e o S anda ds and Technology, Gai he sbu g, MD, Ma . 2019.
doi: 10.6028/NIST.SP.800-131A 2.
[20] D. A. McG ew and J. Viega, “The Galois/Coun e Mode o Ope a ion (GCM),” May 2005.
[Online]. A ailable: h ps://cs c.nis . ip/g oups/ST/ oolki /BCM/documen s/p oposedmodes/
gcm/gcm- e ised-spec.pd
[21] D. A. McG ew and J. Viega, “The Secu i y and Pe o mance o he Galois/Coun e Mode o
Ope a ion (Full Ve sion).” 2004. [C yp ology eP in A chi e, Repo 2004/193]. A ailable:
h ps://ep in .iac .o g/2004/193
[22] M. J. Dwo kin, “Recommenda ion o block ciphe modes o ope a ion: SP.800-38D,” Na ional
Ins i u e o S anda ds and Technology, Gai he sbu g, MD, 2007. doi: 10.6028/NIST.SP.800-38d.
[23] “P o ec ing da a wi h en elope enc yp ion,” IBM Cloud Docs. [Online]. A ailable:
h ps://cloud.ibm.com/docs/key-p o ec ? opic=key-p o ec -en elope-enc yp ion
[24] P. A. G assi, M. E. Ga cia, and J. L. Fen on, “NIST Special Publica ion 800-63-3 Digi al Iden i y
Guidelines,” Na ional Ins i u e o S anda ds and Technology, Gai he sbu g, MD, Jun. 2017. doi:
10.6028/NIST.SP.800-63-3.
20