INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE

O. Oksuz, Vol.11, No.1, pp.1-14

Preserving Identity Leakage, Data Integrity and

Data Privacy Using Blockchain in Education
System

Ozgur Oksuz 

Adiyaman University
Department of Computer Engineering
Adiyaman, TURKEY
[email protected]
Research Paper Received: 30.01.2022 Revised: 26.03.2022 Accepted: 03.04.2022

Abstract—Today, blockchain technology is evolving and has been used in many sectors such as healthcare, supply chain
management, internet of things (IoT) and cryptocurrency exchange. Using this technology in these areas provides very good
functionalities. A blockchain network is immutable, public, open, distributed, secure and reliable. This paper is about using
blockchain technology in education system. Applying blockchain technology to education system brings all those properties above.
However, user (student) data privacy and identity management of the entities in the system should be also considered. In this paper,
the proposed scheme not only satisfies all these properties but also protects student data privacy and identity management of the
entities when they communicate with each other. The proposed construction consists of encryption algorithms to protect students’
private data and provide secure communication between the entities. Moreover, the proposed scheme does not leak students’
identities to third parties in the blockchain.

Keywords—blockchain, data privacy, identity leakage, data integrity.

1. Introduction 51% honest nodes exists), and reliable (the network

is up all the time). It is used as a building block
Blockchain network was firstly introduced and in many systems such as healthcare [2], internet of
used as a building block for Bitcoin [1]. Then, the things [3], and supply chain management [4].
importance of it has been evolving since it has very
useful properties. A blockchain network is public In this paper, the blockchain technology is used
(all transactions are publicly available), open (any- in education system. With this technology many
one can participate in the network), decentralized (it disadvantages in education system are eliminated.
does not require a trusted party for authorization), One of the disadvantages is to generate fake degree
distributed (each transaction’s validity is performed certificates [5]. Moreover, providing false informa-
many other nodes in the network), secure (if at least tion about academic achievements/transcripts is also

1
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14
another problem when a student applies for an
internship/summer job. Furthermore, storing each
student’s academic information/records for a long
time can create another problem. These records
can be lost due to human mistake or to have
some natural disasters such as flooding. Putting all
students’ academic records into blockchain elimi-
nates these kinds of disadvantages. However, other
problems can arise. One of the problems is to
protect student’s data privacy. Data privacy says that
any unauthorized entity cannot read the student’s
sensitive information such as student’s real identity,
course grades, taken courses, enrolled program, and
owned certificates. Thus, data privacy should also
be addressed using blockchain. Another issue that
should also be considered is identity leakage. The
students’ identities should be hidden in the sys-
tem. Otherwise, any untrusted third party can map
transactions in blockchain to a student. Then, this
untrusted party can do some statistical analysis to
make a profile for the student. To address the above
problems, this paper introduces a system that has
the following properties:
• A brief mathematical formalization and con-
struction of the system is given to protect sensi-
tive data of the students, manage identity of the
parties, and process of adding student records
to the blockchain.
• The sensitive data (student’s real identity, grade,
course identity, program identity) of the stu-
dents is stored in the blockchain and is en-
crypted. The data is only seen in the clear
by the third parties when a student is trans-
ferred/enrolled to another university/program or
applies to an internship. In this case, the leakage
is only limited to the corresponding transactions
based on the requirements of the position that
the student applies to.
• The data of all transactions are immutable in
the blockchain. Student’s data integrity is pre-
served.
The organisation of the paper as follows: Section
2 presents related work. Section 3 introduces the
definitions that are going to be used throughout
the paper. In Section 4, the architecture and the
transaction types are introduced in the blockchain.
Then, the proposed scheme is presented in Section
5. In Section 6, security analysis of the scheme is
given. In Section 7, we give the conclusion.
2. Related Work
There have been some studies that use blockchain
technology in education system. These studies are
[6], [7], [8], [9], [10], [11]. In [6] students’ grades
are not in the blockchain. The completed courses
of the student are putting into the blockchain.
However, the courses are still disclosed. This may
rise a problem that student can be rule out if it
is overqualified. Our scheme does not leak any
sensitive information about student at the beginning.
Our scheme leaks only the required courses based
on the job title. The study in [8] uses two kinds
of blockchains: private and public. Moreover, it
focuses on privacy and integrity of the students’
data. [9], [10] focus on putting students’ certificates
into the blockchain not the courses and grades of the
students. In [11], the first university (the university
of Nicosia) issues the academic certificates for stu-
dents. The given certificate is verified using bitcoin
blockchain. In [7], Sony Global Education develops
a new blockchain for storing academic records. The
work in [12] presented a blockchain-based (permis-
sioned) repository for educational credentials but it
does not have privacy protection of the students’
private data. The work in [13] has the same problem
that it does not introduce any protection mechanism
for students’ private data. The studies in [14], [15],
[16], [17], [18] use permissionless blockchain in
2
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14

education system. [15] does not have protection an output y is given, it is infeasible to compute x
mechanism against student private data. Studies from y. This property is called as ”One Way”. It
in [15], [16], [17], [18] use off-chain storage. It is infeasible to find another z that satisfies H(x) =
means that students’ credentials are not stored in H(z) = y. This is called as ”Collision Resistant”.
blockchain. They are stored in a file storage system. A secure hash function algorithm should satisfy the
Indy Hyperledger [19] is a public permissioned all above properties. SHA-256 can be used to have
blockchain system that allows users to share all these properties.
their identities (based on credentials) anonymously.
Moreover, this system is able to issue and revoke 3.2. Symmetric/Private Key Encryption
cryptographic credentials [20], [21]. Anyone with
read access to the ledger can verify signatures made A symmetric encryption key scheme consists of
by issuers on credentials. In order to use this system 3 algorithms: Key generation (KGen), Encryption
(hyperledger Indy), the credentials that students own (SEnc), and Decryption (SDec). KGen is the
need to be known in advance. Every user can have key generation algorithm takes a security param-
different credentials. However, it could be very eter and outputs a key for user u: Secret key
difficult to manage these credentials. In addition, (SSku ). Encryption algorithm takes a message m
it uses heavy cryptographic operations. Moreover, and the secret key (SSku ), outputs the ciphertext
in this work, these kind of heavy cryptographic C = SEncSSku (m). Decryption algorithm takes
tools are not used. The students do not participate the secret key SSku and C, outputs message m =
in the blockchain network and the blockchain does SDecSSku (SEncSSku (m)). A secure symmetric key
not contain the students’ identities in the clear. encryption scheme should be resilient at least to
This hides students’ identities in the blockchain. Chosen Plaintext Attack (CPA). It means that even
However, once the student applies/communicates to a message m is encrypted over and over again,
a company for an internship or a permanent job, the the resulting ciphertext should be different each
student’s real identity is disclosed to corresponding time. An example of CPA secure algorithm is AES
recruiter. The recruiter needs to know the student to (Advanced Encryption Standard) with CBC mode.
communicate with the institution for this student to
verify if the student has satisfied the internship/job 3.3. Asymmetric/Public Key Encryption
requirements.
An asymmetric encryption protocol consists of
3. Definitions 3 algorithms: Key generation (KGen), Encryption
(P Enc), and Decryption (P Dec). KGen is the key
3.1. Hash Function generation algorithm takes a security parameter and
outputs a key pair for user u: Public key P P ku
A hash function is a mathematical algorithm that and Secret key P Sku . Encryption algorithm takes
has the following properties: It maps an input x of a message m and public key P P ku , outputs a
any size to an output of fixed size y. This is shown ciphertext C = P EncP P ku (m). Decryption algo-
as H(x) = y. It is deterministic algorithm, which rithm takes the secret key P Sku and C, outputs
means that if the algorithm retakes x, the output is message m = P DecP Sku (P EncP P ku (m)). A secure
always y. The algorithm is efficiently computed. If asymmetric key encryption scheme also should be

3
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14
resilient at least to Chosen Plaintext Attack (CPA).
Examples of CPA secure schemes are RSA (not
the textbook) [22], and Paillier encryption schemes
[23].
3.4. Signature
A digital signature protocol consists of 3 al-
gorithms: Key generation (KGen), SIGN , and
V ERIF Y . KGen is the key generation algorithm
takes a security parameter, outputs a key pair
for user u: Signature public key/verification key
(SignP ku ) and Signature secret key (SignSku ).
SIGN algorithm takes a message m and signature
secret key (SignSku ), outputs a signature S =
SIGNSignSku (m). V ERIF Y algorithm takes sig-
nature public key SignP ku , signature S, and mes-
sage m, outputs 1 (V ERIF Y (m, S, SignP ku ) ==
1) if the signature is generated by user u under
message m. If V ERIF Y (m, S, SignP ku ) == 0,
then the signature under message m is not generated
by user u.
A secure signature scheme needs to satisfy two
properties: authenticity and integrity. Authenticity
says that the owner of the signature convinces a
verifier that the owner of the signature generates
the signature using the message. Integrity says that
signed data cannot be altered by any entity. An ex-
ample of secure signature algorithm can be Schnorr
signatures [24].
3.5. Blockchain
Blockchain is a technology that it has the fol-
lowing properties: It is a peer-to-peer decentralized
system that nobody controls the system. It has
the ledger technology that it keeps the information
(transaction) up to date and it is immutable. Each
node (computer) keeps a copy of this ledger. Since it
is decentralized, other nodes check each transaction.
Figure 1. Network architecture of the proposed
scheme.
If the transaction is intact, then it is added to the
ledger. In the ledger, transactions are kept as blocks.
It uses mathematical structures (hash functions and
signatures) to verify each transaction. The first block
is always named as genesis block. This is a special
block.
4. Architecture of the Proposed Scheme
The proposed scheme consists of 4 different ac-
tors: a Central Authority (CA), Institutions (Ins),
Students (Stu) and Recruiters (Rec). CA is re-
sponsible for setting up the system P KI (public
key infrastructure). Moreover, CA also authorizes
undergraduate courses and degrees. CA can be gov-
ernment that everyone can rely on. The institutions
are the places that students take courses and get
degrees. Institutions can be schools, universities.
Students take courses from schools/institutions. Re-
cruiters are the employers that wants to hire quali-
fied students. Moreover, the recruiters should also be
convienced that the students satisfy the requirements
of the positions.
The network architecture of the proposed scheme
is shown in Fig.1. In the system, there are two kinds
of nodes: trusted and untrusted. The trusted nodes
can only issue transactions into a ledger. After a
block is formed, the block is published and being
4
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14

public.
The work flow of the system is the following:
0. Each node (trusted or untrusted) registers its
public key to CA. Then, CA authorizes each
node’s public key. Moreover, CA makes these
public keys public. Thus, everyone in the sys-
tem knows the identities of others.
1. After grading a student’s exam, an institution Figure 2. An illustration of storage, course
sends the student’s grade as a transaction to policy and program policy blocks/transactions.
other trusted nodes.
2. If most of the nodes (more than 50%) verify
that the transaction is correctly formed, it is put an internship. Students can present fake information
into the blockchain as a block by every trusted about their academic history when they apply a job
node. or an internship.
3. If a Stu is transferred to another institution or We assume that malicious adversaries can not
applying on a job, an Ins or a Rec asks the collude with each other. It means that they can
current institution to hand over some tokens not share specific information with each other. This
to retrieve the student information from the information can be their real identities, public keys
blockchain. (pseudonym identities) and their secret keys. More-
4. Once an Ins or a Rec gets corresponding over, any student can not collude with any recruiter.
tokens from the student’s current institution,
the Ins or the Rec retrieves the corresponding
4.2. Transactions
student’s information (as a transaction) from the
blockchain.
In this section, transactions (storage, course policy
and program policy) of the proposed scheme as
4.1. Threat Model
blocks are going to be presented. In other words,
each transaction is going to be a block. In Fig.2,
In this paper, CA and Institutions are trusted en- there are three types of transactions. Multiple trans-
tities. Recruiters and students are untrusted entities. action types in a blockchain are not new. These
Recruiters and students are malicious adversaries are used in other studies such as in [2]. While
that they can provide fake or altered information institutions issue storage transactions, course policy
to institutions. Recruiters try to learn private data transactions and program policy transactions are
of students in the blockchain. Recruiters can ask only issued by CA.
institutions for decryption keys to learn specific
A storage block consists of the following infor-
students’ private data in the blockchain. Moreover,
mation:
recruiters can change data that comes from student
A. Then, it asks institution for decryption keys to S1. Transaction Type (T T ): This is type 00 which
learn private data of student B. Student A can also is storage transaction.
pretend to be student B when applying a job or S2. Transaction Number (T N )

5
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14

S3. Student’s Real Identity (SRI): This identity CA.

consists of student’s national identity number, CP8. Time Stamp (T S): Time that the transaction
full name, date of birth, and gender. occurs. This is done by CA.
S4. Course ID Number (CID): This number is CP9. Data Hash (DH): Hash of all the data (step
going to be course number that a student takes. CP1-CP8). This is done by the CA.
S5. Program ID Number (P ID): The number of CP10. CA Signature for Data Hash (CASIGN ):
the program that the student enrols. This is for data integrity. CA signs the data in
S6. Grade (G): This is a number that is going to step CP9.
be between 0 and 100.
In step CP5, this structure is important when a
S7. Institution ID Number (IID): This is the sig-
student decides to enrol another program of the
nature public key of the institution.
same university or a different university. The graph
S8. Hash of the Previous Block (HP B): This is
shows if the course is offered by different programs.
for immutability for the blockchain. The hash
Thus, the student does not need to retake the course.
of the previous block is added. This is done by
This provides minimum of difficulty when student
an Ins.
change its major. As an example, introduction to
S9. Time Stamp (T S): Time that the transaction
computer programming course is offered to many
occurs. This is done by an Ins.
other programs such as Mathematics, Computer
S10. Data Hash (DH): Hash of all the data (step
Science, Civil Engineering and so on. If a student
S1-S9). This is done by an Ins.
decides to change its major from Mathematics to
S11. Institution Signature for Data Hash
Computer Science, the students only need to transfer
(InsSIGN ): This is for data integrity.
its grade. It does not need to retake the same
The institution signs the data in step S10.
course (introduction to computer programming). An
A course policy transaction/block consists of the illustration of a graph structure is shown in Fig.3. In
following information: the figure, Mathematics program is represented by
146729, Computer Science program is represented
CP1. Transaction Type (T T ): This is type 01 which by 190834, Environmental Engineering program is
is a course policy transaction. represented by 146892, Electric Engineering pro-
CP2. Transaction Number (T N ) gram is represented by 154266, and Introduction to
CP3. Course ID Number (CID): This number is the Programming course is represented by 034783.
going to be course number that a student takes.
A program policy transaction/block consists of the
CP4. Course Requirements (CR): It gives course
following information:
information such as number of credits, course
syllabus and minimum score to pass the course. PP1. Transaction Type (T T ): This is type 10 which
CP5. Graph Structure (GS): It shows which other is a program policy transaction.
programs offer this course. PP2. Transaction Number (T N )
CP6. CA ID Number (CAID): This is the signa- PP3. Program ID Number (P ID): This number is
ture public key of CA. going to be program number that a student
CP7. Hash of the Previous Block (HP B): This is enrols.
for immutability for the blockchain. The hash PP4. Program Requirements (P R): It includes total
of the previous block is added. This is done by credits that student needs to take to complete

6
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14

need to be authorized to join the blockchain net-

work. Permissionless blockchain network is used in
Bitcoin [1] and Etherium [25]. In a permissioned
blockchain, not anyone can join the network. Per-
mission is provided to certain identifiable partici-
pants to join the network. This requirement adds an
additional level of security. Participants are known
to each other. The trusted parties only write to
Figure 3. An illustration of a course-program the ledger. Permissioned blockchain is also used
relation graph. in many protocols since permissioned blockchain
has an additional level of security. Moreover, per-
missioned blockchain is more efficient and more
the program, program information, program scalable. Since in our protocol, the entities are
courses and their numbers. known in advance we use permissioned blockchain
PP5. CA ID Number (CAID): This is the signa- network. CA and Ins are allowed to write data to
ture public key of CA. the ledger. The scheme enjoys with the following
PP6. Hash of the Previous Block (HP B): This is properties:
for immutability for the blockchain. The hash
• The sensitive data (student’s real identity, grade,
of the previous block is added. This is done
by CA. course identity, program identity) of the stu-
PP7. Time Stamp (T S): Time that the transaction dents are encrypted in the blockchain. More-
occurs. This is done by CA. over, there is no information about identitites of
PP8. Data Hash (DH): Hash of all the data (step the students in the clear. This information is hid-
PP1-PP7). This is done by the CA. den. The data is only seen by the third parties in
PP9. CA Signature for Data Hash (CASIGN ): the clear when a student is transferred/enrolled
This is for data integrity. CA signs the data to another university/program or or applying to
in step PP8. an internship. The only leakage is based on the
required job position when the student applies
for or courses that need to be transferred when
5. Construction the student is transferred to another institution.
• The data integrity is preserved and cannot be
The proposed protocol uses blockchain network. changed. The data of all transactions are im-
There are two kinds of blockchain network that are mutable in the blockchain ledger.
open to public: Permissionless and Permissioned. In
a permissionless blockchain, anyone can join and The proposed protocol consists of 4 algorithms:
leave the network. When a participant joins the Setup, Register, T ransaction, and Key T ransf er
network, it can have the copy of entire blockchain f or Decryption.
and operate as a full node. Anyone can validate Setup: In this phase, CA decides which signature
the transactions publicly. All data in the blockchain (SIGN ), public/symmetric key encryption algo-
is available to everyone. There is no trust between rithms (P Enc/SEnc) and their appropriate security
the participants. Moreover, a participant does not parameters will be used in the system. Once the

7
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14
algorithms are announced to the public, each node
(trusted and untrusted) and CA chooses their secret
key/public key pair for signature algorithm and
chose their secret/public key pair for public key
encryption algorithm. CA’s secret key and public
key pair for signature algorithm are represented as
SignSkCA and SignP kCA . A trusted node i’s secret
key and public key pair for signature algorithm
are represented as SignSki,t and SignP ki,t . An
untrusted node j’s secret key and public key pair for
signature algorithm are represented as SignSkj,ut
and SignP kj,ut .
Moreover, CA’s secret key and public key pair
for public key encryption algorithm are represented
as P SkCA and P P kCA . A trusted node i’s secret
key and public key pair for public key encryption
algorithm are represented as P Ski,t and P P ki,t . An
untrusted node j’s secret key and public key pair
for public key algorithm are represented as P Skj,ut
and P P kj,ut .
Furthermore, each student Stuq also chooses se-
cret key and public key pair for signature algo-
rithm as SignSkStuq , SignP kStuq and chooses pub-
lic/secret key as P SkStuq , P P kStuq for asymmetric
public key encryption algorithm. A note that all
secret keys are chosen randomly for security.
Register: In this phase, each node’s (trusted or un-
trusted) public encryption key P P ki and signature
public key SignP ki for node i are going to be
registered to the system by CA. In the system, each
public key (for signature and encryption) will be
identity of a party (trusted node, untrusted node,
CA). A standard Public Key Infrastructure (PKI)
scheme can be used to register entities public keys.
CA also acts as certificate authority that is respon-
sible for identities of the parties in the blockchain
network. After the parties’ identities have been
verified, CA generates digital certificate under the
parties’ public keys. When the entities communicate
with each other, they show their valid certificates –
that are digitally signed by CA’s private key- to each
other.
Moreover, each student Stuq registers its signature
public key SignP kstuq and public encryption key
P P kStuq to its corresponding institution Insj . This
can be done when student enrols a program in that
institution.
Transaction: Three cryptographic primitives are
used for storage transaction phase: Symmetric En-
cryption (SEnc), Hash (H) and Signature (SIGN ).
Once student’s exam is graded, institution j (Insj )
encrypts its grade G, corresponding real identity
(SRI) of the student, corresponding course identity
number CID and corresponding program identity
number P ID. We use the following notations: GStuq
as the grade of student q, SEnck (GStuq ) as the en-
cryption of the grade G of student q, SEnck′ (CID)
as the encryption of the course identity number
CID, SEnck′′ (P ID) as the encryption of the pro-
gram identity number P ID and SEnck′′′ (SRI)
as the encryption of the student’s real identity.
Here k, k ′ , k ′′ , k ′′′ are four different secret private
encryption keys chosen randomly by Insj for SEnc
algorithm. Moreover, Insj uses hash algorithm H
to hash the following data
DH = H(T T ||T N ||SEnck′′′ (SRI)||SEnck′ (CID)||
SEnck′′ (P ID)||SEnck (Gstuq )||SignP kj ||HP Bl ||T S),
where ∥ is the concatenation symbol.
In the hash data, institution signature public key
SignP kj is chosen as the institution identity num-
ber. Moreover, HP Bl is chosen as hash of the
previous block. We assume that current block is
l + 1. We also assume that SRI is only known to
student itself and the institution. This information
is never seen in public. Only authorized people
(old and new institution, recruiter when student
applies a job or an internship, and CA) can know
8
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14

this information. Finally, Insj signs DH value P R, P P 5 = CAID, P P 6 = HP Bf , P P 7 = T S,

as SIGNSignSkj (DH) and generate the transaction P P 8 = DH, P P 9 = SIGNSignSkCA (DH).
that consists of the followings:
In the transaction, T T is set to 10 since it is
S1 = T T , S2 = T N , S3 = SEnck′′′ (SRI), a program policy transaction. We assume that the
S4 = SEnck′ (CID), S5 = SEnck′′ (P ID), S6 = current (this case) block is f + 1. This case DH is
SEnck (Gstuq ), S7 = SignP kj , S8 = HP Bl ,
DH = H(T T ||T N ||P ID||P R||CAID||HP Bf ||T S).
S9 = T S, S10 = DH, S11 = SIGNSignSkj (DH).
T T is set to 00 since it is a storage transaction. As a note that course policy transactions and
Once the transaction is generated by Insj , Insj program policy transactions are done by CA so
sends this transaction to the other trusted nodes. these transactions can be done before any storage
Other trusted nodes check the signature and data transactions.
if they pass from verification of the signature. If Key Transfer for Decryption: In this phase hap-
more than 50% of the trusted nodes respond that pens when a student is transferred to another insti-
the signature is valid, this transaction is added to tution or student applies a job or an internship. An
the ledger. illustration of the message flow diagram is given
As a note that noone can see the student’s real in Fig. 4. The student sends a message tuple to its
identity, grade of the student, the student’s course current institution when it applies to an internship or
information and program information in the clear in a job (S3). Assuming that Stuq ’s current institution
the transactions since these are all encrypted. Thus is Insj and applying for an internship in Recm .
any unauthorized party cannot see the plaintexts of The student sends the same message tuple to the
them. Since SRI is encrypted so any unauthorized recruiter by mentioning its current institution and
entity cannot map this encrypted identity to a real its identities (S4).
person. Furthermore, there is no information about Since the blockchain is public, recruiter Recm can
student in the clear in the blockchain. So the iden- see all the transactions but cannot see the private
tities of the students are hidden. student information. This is because all sensitive
A course policy transaction phase consists of information about the student is encrypted. In order
CP 1 = T T , CP 2 = T N , CP 3 = CID, to see sensitive student information, Recm needs
CP 4 = CR, CP 5 = GS, CP 6 = CAID, to know the encryption keys to decrypt the corre-
CP 7 = HP Bt , CP 8 = T S, CP 9 = DH, sponding ciphertexts. Moreover, the corresponding
CP 10 = SIGNSignSkCA (DH). transaction numbers needs to be known by Recm
In the transaction, T T is set to 01 since it is since the blockchain data does not contain any
a course policy transaction. We assume that the student identity in the clear. Thus Recm asks the
current (this case) block is t + 1. This case DH student’s institution Insj to send the corresponding
is transaction keys and the corresponding transaction
numbers (R2). These keys are needed for decrypt-
DH = H(T T ||T N ||CID||CR||GS||CAID||HP Bt
ing the student’s sensitive information (student’s
||T S). real identity, grades, course identities and program
A program policy transaction phase consists of identity) that they are required for the position
P P 1 = T T , P P 2 = T N , P P 3 = P ID, P P 4 = that student applies. For example, if the student

9
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14
Figure 4. Message Flow Diagram between Par-
ties.
wants to be an intern in a software company. The
requirements of the internship for the student are
to take some programming language courses. Thus,
the student needs to prove that it has taken some
programming language courses. Some projects can
also be given related to software used by the student
during the projects. This information is all encrypted
so Insj needs to send all decryption keys with the
transaction numbers to Recm (I3).
Student
S1. Stuq generates a tuple,
(App||InstitutionInf o||RecruiterInf o||
StudentInf o1||StudentInf o2||Reqs), where
App ∈ {Job, Internship, T ransf er}
shows the purpose of the application.
InstitutionInf o is the current institution
information which is SignP kInsj (signature
verification key of the institution),
RecruiterInf o is the recruiter information
which is SignP kRecm (signature verification
key of the recruiter), StudentInf o1 is
the student’s pseudonym identity which is
SID = SignP kStuq (signature verification key
of the student), StudentInf o2 is the student’s
real identity which is SRI, and Reqs is
the requirements of the position of a job/an
internship. Reqs consists of the requirements
of the position, deadline of the application and
the signature of Reqs that it is signed by Recm .
RecruiterInf o can be the new institution
information that student is transferred to. We
assume that student applies to an internship
position. The student prepares the tuple M =
(Internship||SignP kInsj ||SignP kRecm ||
SignP kStuq ||SRI||Reqs).
S2. Stuq computes P EncP P kInsj (M ) and
signs it with its signature secret key
SIGNSignSkStuq (P EncP P kInsj (M )),
S3. Stuq sends P EncP P kInsj (M ) and
SIGNSignSkStuq (P EncP P kInsj (M )) to Insj .
This is for letting Insj know that Stuq wants
to apply an internship. Moreover, the recruiter
is Recm .
S4. Stuq also computes P EncP P kRecm (M )
and SIGNSignSkStuq (P EncP P kRecm (M )).
Then Stuq sends them to Recm . With this
information, Stuq applies to the internship
position.
Recruiter
R1. Recm first decrypts P EncP P kRecm (M ) in step-
S4 as DecP SkRecm (P EncP P kRecm (M )) and gets
the tuple (M ). Thus, Recm knows Stuq ’s real
identity SRI, pseudonym identity SignP kStuq
and student’s current institution information.
Recm also checks if the signature is a valid
signature.
R2. Recm knows who is applying to the po-
sition. If the signature is valid from step-
R1, Recm computes P EncP P kInsj (M ) and
SIGNSignSkRecm (P EncP P kInsj (M )). Then it
sends them to Insj .
Institution
I1. Insj firstly decrypts the ciphertext in step-S3
and gets M . Then, it checks/verifies the sig-
nature using SignP kStuq that if the encrypted
message (in step-S3) is generated by Stuq .
10
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14

If the signature is valid, Insj learns what course. In the block, the recruiter simply retrieves
Stuq wants to do (internship/job application or CP4 (course requirements). This allows the recruiter
transfer to another university) and where Stuq to see what topics have been covered in this course.
wants to apply (who is the recruiter) and what
the requirements are for the position that Stuq 5.1. Discussions
applies (Reqs). These are all learned from M .
Insj also checks if SRI and SID belong to When a student wants to be transferred another
same student. institution and wants to study the same program, the
I2. Next, Insj decrypts the ciphertext in step- new institution requires all the course history of the
R2 and gets M . Then, it checks/verifies the student. This case old university needs to send all
signature that if the encrypted message (in step- the secret keys of the corresponding ciphertexts with
R2) is generated by Recm . all the corresponding transaction numbers. When a
I3. If the tuples from step-I1 and step-I2 are the student applies for a job that it requires completing
same and all the checking/verification steps in the program of study, the recruiter (employer) also
I1 and I2 are successfully completed, Insj needs to have all course history of the student with
sends transaction numbers (T N ) and the se- the transaction numbers. This is because whether
cret keys to decrypt ciphertexts (encrypted stu- the student has completed the all the requirements of
dent’s private information) in the transactions the program for a degree. For this case, the recruiter
to Recm . needs to retrieve program policy transaction in the
blockchain for verification.
Once Recm has the secret keys, it can decrypt the
sensitive data required for the position. For example, A student can provide fake academic history via
if Insj sends its CV/Resume to the recruiter when the student
applies for the position. This can be done by the
P EncP P kRecm (IID||T N ||k ′′′ ||k ′ ||k ′′ ||k) and
student updating the message tuple as follows:
SIGNSignSkInsj (P EncP P kRecm (IID||T N ||k ′′′ ||k ′ ||k ′′
(Internship||SignP kInsj ||SignP kRecm ||SignP kStuq
||k)) to Recm . Recm decrypts the ciphertext as
||SRI||CV /Resume||Reqs). Since all the academic
P DecP SkRecm (P EncP P kRecm (IID||T N ||k ′′′ ||k ′ || history of the student is stored in the blockchain
′′ ′′′ ′ ′′
k ||k)) = IID||T N ||k ||k ||k ||k. It gets tuple and it is immutable, student does not get any
(IID||T N ||k ′′′ ||k ′ ||k ′′ ||k). Then, it checks if the advantage by presenting fake results (CV ) to the
signature is valid using verification key IID = recruiter. The recruiter needs to communicate with
SignP kInsj . If the signature is valid, it decrypts the institution for the student’s real academic history
the ciphertexts in the transaction using the keys for the requirements (Reqs) of the position. Thus,
k, k ′ , k ′′ , k ′′′ to retrieve the student’s information. the recruiter can easily verify student’s CV this
After decrypting all the sensitive information, the case. Since the student can not get any advantage
recruiter sees the student’s grades, course identities, by faking its academic history, we don’t add the
program identity, real identity. Moreover, once the student’s CV to the tuple in the real protocol.
recruiter gets course identity, it can look for the As a note that students can study multiple pro-
course identity in the course policy transaction block grams, masters and PhDs. Moreover, students can
in the blockchain for getting information about the enroll multiple programs and have multiple degrees,

11
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14
and have their certificates. Putting these certifi-
cates as pictures and all other information to the
blockchain can be problematic. This is because each
node in the blockchain network has limited source
capabilities such as storage. This case the values
should be stored in other sources (off-chain) such
as in a cloud [2] or in a central database [26].
For these cases, the encrypted private data of the
students are stored in a database, the addresses
of these data are stored in the blockchain. After
the student applies for an internship, the institution
not only sends the decryption keys but also sends
the transaction numbers to the recruiter. Once the
recruiter gets the transaction numbers, it looks for
the transaction numbers in the blockchain to get
the addresses of the encrypted student’s data. Then,
the recruiter retrieves the encrypted student’s data
from the database using the addresses. Using the
decryption keys, the recruiter gets the plaintexts of
the data.
6. Security Analysis
User/student Data Privacy: User/student’s sensi-
tive data consists of Student’s grade, Student’s real
identity, Course identity number and Program iden-
tity number. These data are very sensitive. Leaking
this information in the clear results breaching of
student’s data privacy. However, any unauthorized
entity cannot see these data in the clear. This in-
formation is encrypted using secure symmetric key
encryption scheme such as AES with CBC mode.
AES − CBC mode consists of an initialization
vector (IV ) as a random number in the algorithm
that even the same message is encrypted more than
once, the resulting ciphertext is going to be different
each time. Thus the proposed scheme provides data
privacy of the student. In the case when the student
is transferred to another institution to study different
program or when the student wants to do internship
in a company (recruiter), the leakage is limited that
only the required decryption keys of the transac-
tions and corresponding secret keys are sent to the
recruiter. Moreover, the decryption keys are not sent
in the clear, they are sent in the encrypted form.
Thus, only the authorized recruiter can recover the
keys by decryption. Then, the recruiter can recover
the student’s real identity, grade, program identity
and course identity by using those keys.
Data Integrity and Data Immutability: Data in-
tegrity is observed by using signature algorithm
in the proposed scheme. With this algorithm the
data cannot be altered by any entity. The data
immutability is preserved in the construction by
using blockchain technology. With this technology
each block (transaction) is tied each other with the
help of signature and hash algorithms. Thus, no one
can break this chain to change data. Moreover, a
malicious recruiter can not gain any useful infor-
mation by changing student A’s message to student
B’s message. The malicious recruiter can do this
to get decryption keys to learn student B’s private
data. This is because institution needs to have the
appropriate message from student B too. In other
words, steps S3 and R2 should be consistent. A
student can not pretend being another student when
it generates a message since the student needs to
know another student’s real identity and pseudonym
identity and signature secret key. The student can
not provide false information about its academic
history since all the academic history is stored in
the blockchain by the trusted parties (institutions).
7. Conclusion
In this paper, a protocol is introduced for an
education system using blockchain technology that
provides student data privacy, data integrity, and
immutability of the data. The proposed construction
12
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14
uses encryption algorithms (symmetric and asym-
metric) to protect data privacy, uses signatures for
data integrity and uses blockchain for immutabil-
ity. Moreover, the proposed scheme does not leak
students’ real identities in the blockchain since the
students do not need to participate in the blockchain
network. In addition, all the sensitive data is en-
crypted. The proposed protocol models commu-
nication between the parties and proposes iden-
tity management. This paper also proposes course-
program graph for the scheme to provide minimum
of difficulty when the student change its major.
Acknowledgments
The author thanks the anonymous reviewers for
their useful comments and suggestions.
References
[1] S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system.
Accessed April 4, 2022. [Online]. Available: http://bitcoin.org/
bitcoin.pdf
[2] L. Hirtan, P. Krawiec, C. Dobre, and J. M. Batalla, “Blockchain-
based approach for e-health data access management with
privacy protection,” in 2019 IEEE 24th International Workshop
on Computer Aided Modeling and Design of Communication
Links and Networks (CAMAD). Limassol, Cyprus: IEEE, 11-
13 September 2019, pp. 1–7.
[3] K. Christidis and M. Devetsikiotis, “Blockchains and smart
contracts for the internet of things,” IEEE Access, vol. 4, pp.
2292–2303, 2016.
[4] D. Salah, M. H. Ahmed, and K. ElDahshan, “Blockchain ap-
plications in human resources management: Opportunities and
challenges,” in Proceedings of the Evaluation and Assessment
in Software Engineering. Trondheim, Norway: Association
for Computing Machinery, New York NY, United States, 15-17
April 2020, pp. 383–389.
[5] M. C. H. Clifton and S. Cox. (2018, January) ’staggering’ trade
in fake degrees revealed. Accessed April 4, 2022. BBC News.
[Online]. Available: https://www.bbc.com/news/uk-42579634
[6] L. M. Palma, M. A. Vigil, F. L. Pereira, and J. E. Martina,
“Blockchain and smart contracts for higher education registry in
brazil,” International Journal of Network Management, vol. 29,
no. 3, p. e2061, May 2019.
[7] S. G. Education, “Sony global education develops technology
using blockchain for open sharing of academic proficiency and
progress records,” Tech. Rep., 2016.
[8] K. Kuvshinov, I. Nikiforov, J. Mostovoy, D. Mukhutdinov,
K. Andreev, and V. Podtelkin, “Disciplina: Blockchain for
education,” Yellow Paper, Tech. Rep., 2018.
[9] R. Arenas and P. Fernandez, “Credenceledger: A permissioned
blockchain for verifiable academic credentials,” in 2018 IEEE
International Conference on Engineering, Technology and In-
novation (ICE/ITMC), Stuttgart, Germany, 17-20 June 2018, pp.
1–6.
[10] Blockcerts, the open standard for blockchain certificates.
http://www.blockcerts.org/. Accessed April 5, 2022. [Online].
Available: http://www.blockcerts.org/
[11] University of nicosia. blockchain certificates (academic
and others). https://www.unic.ac.cy/iff/blockchain-certificates.
Accessed April 5, 2022. [Online]. Available: https:
//www.unic.ac.cy/iff/blockchain-certificates
[12] E. E. Bessa and J. S. Martins, “A blockchain-based educational
record repository,” 2019, arXiv preprint arXiv:1904.00315.
[13] M. Sharples and J. Domingue, “The blockchain and kudos:
A distributed system for educational record, reputation and
reward,” in Adaptive and Adaptable Learning, K. Verbert,
M. Sharples, and T. Klobučar, Eds. Cham: Springer Inter-
national Publishing, 2016, pp. 490–496.
[14] M. Han, Z. Li, J. S. He, D. Wu, Y. Xie, and A. Baba, “A novel
blockchain-based education records verification solution,” in
Proceedings of the 19th Annual SIG Conference on Information
Technology Education, ser. SIGITE ’18. New York, NY, USA:
Association for Computing Machinery, 2018, pp. 178–183.
[Online]. Available: https://doi.org/10.1145/3241815.3241870
[15] M. Turkanović, M. Hölbl, K. Košič, M. Heričko, and
A. Kamišalić, “Eductx: A blockchain-based higher education
credit platform,” IEEE Access, vol. 6, pp. 5112–5127, 2018.
[16] W. Gräther, S. Kolvenbach, R. Ruland, J. Schütte, C. Torres,
and F. Wendland, “Blockchain for education: lifelong learning
passport,” in Proceedings of 1st ERCIM Blockchain workshop
2018, 2018: European Society for Socially Embedded Technolo-
gies (EUSSET). Amsterdam, Netherlands: European Society
for Socially Embedded Technologies (EUSSET), 2-8 May 2018,
pp. 1–8.
[17] P. Ocheja, B. Flanagan, H. Ueda, and H. Ogata, “Managing
lifelong learning records through blockchain,” Research
and Practice in Technology Enhanced Learning, vol. 14,
no. 1, p. 4, 2019. [Online]. Available: https://doi.org/10.1186/
s41039-019-0097-0
[18] R. A. Mishra, A. Kalla, A. Braeken, and M. Liyanage, “Privacy
protected blockchain based architecture and implementation for
sharing of students’ credentials,” Information Processing and
Management, vol. 58, no. 3, p. 102512, 2021.
[19] M. Lodder and B. Zundel. Hyperledger indy
hipe. Accessed April 4, 2022. [Online]. Avail-
13
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
O. Oksuz, Vol.11, No.1, pp.1-14

able: https://hyperledger-indy.readthedocs.io/projects/hipe/en/
latest/text/0109-anoncreds-protocol/README.html
[20] J. Camenisch and A. Lysyanskaya, “An efficient system for non-
transferable anonymous credentials with optional anonymity
revocation,” in Advances in Cryptology — EUROCRYPT 2001,
B. Pfitzmann, Ed. Berlin, Heidelberg: Springer Berlin Heidel-
berg, 2001, pp. 93–118.
[21] J. Camenisch and A. Lysyanskaya, “A signature scheme with
efficient protocols,” in Security in Communication Networks,
S. Cimato, G. Persiano, and C. Galdi, Eds. Berlin, Heidelberg:
Springer Berlin Heidelberg, 2003, pp. 268–289.
[22] R. L. Rivest, A. Shamir, and L. Adleman, “A method for
obtaining digital signatures and public-key cryptosystems,”
Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978.
[23] P. Paillier, “Public-key cryptosystems based on composite de-
gree residuosity classes,” in International conference on the
theory and applications of cryptographic techniques, J. Stern,
Ed. Prague, Czech Republic: Springer Berlin Heidelberg, 2-6
May 1999, pp. 223–238.
[24] C.-P. Schnorr, “Efficient signature generation by smart cards,”
Journal of cryptology, vol. 4, no. 3, pp. 161–174, 1991.
[25] Ethereum. https://www.ethereum.org. Accessed April 5, 2022.
[Online]. Available: https://www.ethereum.org
[26] M. Hanley and H. Tewari, “Managing lifetime healthcare
data on the blockchain,” in IEEE SmartWorld, Ubiquitous
Intell. Comput., Adv. Trusted Comput., Scalable Comput. Com-
mun., Cloud Big Data Comput., Internet People Smart City
Innov. (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI),
Guangzhou, China, 8-12 October 2018, pp. 246–251.

14