On the Design of a Blockchain-based Fraud-prevention Performance Appraisal System

The job recruitment process takes a lot of process and number of documents. It is very well known for applicants to exaggerated and falsify their work history data. It may put a company at legal risk and significant commercial losses. Generally, company use third-party to verify applicant’s work history data which is time-consuming and costly. It also makes companies relies on third-party which may not trustworthy and cause several other risks. Generally, experience letters is used as a proof of work history documents of employee. However, the process of publishing an experience letter may contain conflict of interest between company and employee. Yet, publishing an experience letter is not mandatory in several places. In this research


INTRODUCTION
Job recruitment is a collection of processes to find and select the potential resources for filling up the enable positions in company. Currently, it is very common for an applicant to exaggerate and falsify their work histories data. Risk Advisory Group analysed that 80% of 5,000 CVs in 2017 had at least one discrepancy [1]. When this happens and an applicant is selected, a company may have problem in legal risk and get significant commercial losses [2]. Thus, the foremost and most important process in job recruitment is to verify whether the work history data given by the applicant is true or not. Figure 1.1 shows common lies of an applicant during the job recruitment process [3].

Figure 1 Common Lies of Applicant
However, verify applicant's work history is time consuming and costly [4]. It could take some days to verify one applicant data in one previous company [4]. Time requierd could be more longer due to several circumstances happen such as close down periods, key person away, sick or on holiday, and time zone differences [4]. Key person may unwilling to verify validity of applicant data; or to give false confirmation/verification due to several personal reason. There is also possibility that some previous companies is no longer exist, so that there is no way to verify applicant data.
Some companies usually hired third party of HR agencies to verify applicant data. But it need additional cost [5]. Company also might get communication issues and lack of control over the applicant [5]. Thus, using third-party agencies might not solve trust issues either. Another cheapest solution is by using centralised solution (online recruitment) to verify applicant work history data. But these solution does not solve false information provided by an applicant. It still relies on one particular party and vulnerable to cyber-attack [6].
Another problem comes from work history data document itself. Many companies use experience letters as proof of work history documents of their employee. However, the process of publishing an experience letter may contain conflict of interest between company and employee. Yet, publishing an experience letter is not mandatory in several countries and regions.
Based on several things above, improvement of verifying process on recruitment process must be established by using a system and schema that can securely save applicant's past employment data history and then easily verified by recruiter or prospective companies. One of the ideas is by utilized and involved blockchain technology in this process.
Blockchain is a new and propitious area of knowledge discovery and technology. It is 139 an irreversible distributed ledger system deployed in a decentralized environment, without a centralized repository, and usually without a single authority [7]. Currently, there are three categories of blockchain that exist. These three categories are public blockchain, private blockchain, and consortium blockchain [8]. The main difference between these three categories is, public blockchain had a network open for all peers (permissionless) while consortium and private are restricted -means only permissioned blockchain allows to join the network [9]. Since public blockchain is open for all peers, thus transaction process of a public blockchain is slower compare to consortium and private blockchain [9]. The Energy demand of public blockchain is also higher compare to the other two due to limitless node/peer and number of transaction [9]. Blockchain has been applied and implemented in various field of a business area such as academic [10] [11] , finance [12] [13], vehicle sensor [14] [15], and supply chain [16] [17] . However, its application in human resource management is very rare, especially in hiring and recruitment process. Sarda et al. [4] conduct research to prevent fraud during verifying work history on hiring and recruitment process. Sarda et al. [4] use public blockchain to store encrypted records of work histories using RSA algorithm as a mechanism for verifying the information. Since they use public blockchain, hence they build centralized webpage maintained by "data producer" for storing list of valid addresses and ensuring address that was created the data associated with it. If data producer delete or remove some address, there will be no way for the system on recruiter side to compare and verify the sender's address/identity during inspecting process. For encryption process, Sarda et al. [4] utilized RSA(Rivest-Shamir-Adleman) key length of 1024 bits to encrypt the data. Thus for the implementation, the information stored cannot be longer than 87 characters as it mention on their paper [4]. In their research [4], they use experience letter form published by current companies as a work history data of employee. It means that current companies must create work history documents and deploy to smart contract right after current companies knows that their employees are going to (or already) dismiss/resign. This kind of scenario might involve personal preference and subjective judgement from employer since their employee is going to dismiss or resign. Another potential fraud on Sarda et al. [4] system comes from compiles a list of work history processes by applicants. Applicants are able to compile, fetch and customize which work histories that they want to send to recruiters. An applicant might only choose and sent work histories that are beneficial for them rather than sent all of work histories that some of work history files might contain bad reputation of applicant.
Following Sarda research, there are several studies propose blockchain-based system on HR Management area. Peisl and Shah [18] and Yi et al. [19] conduct research aims to identify the possibility of applying blockchain in employee lifecycle such as recruitment, on-boarding, employability and benefit, retention, and off-boarding. Nonetheless, there is no further implementation detail mention on both research. Another research conduct by Kersic et al. [20] and Lallai et al. [21] implement a blockchain-based system on hiring process using Ethereum public blockchain. However, data used in this research is a work experience provided by applicant themselves which might have a risk of falsifying information. A different approach has proposed by Dhanala et al. [22] whose implement recruitment management system using permissioned blockchain Hyperledger to secure data from an unwanted peer as well as enhance speed of transaction occur. Nonetheless, a centralized solution still uses in this research by utilizing centralized database manager MySQL to store and verify applicant's data which might have potential risk since it's reliant on some parties. Another research conduct by Pinna et al. [23] whose designed a blockchain-based system for building worker management including recruitment process. To verify whether an applicant gives a true resume of building worker past jobs, it employs labour inspectors to check and verify their data. Thus, it makes verification process also depend on one particular person which might involve personal preference.  Figure 1 shows a base architecture of blockchain verifying work-history based performance appraisal system. As it can be seen on Figure 4.1 above, the system of this research use 3 roles or entity as follows:

System Architecture
1. Employer: a company that publish a performance appraisal of an employee. 2. Employee/Applicant: An entity that evaluated by an employer through performance appraisal and sent their application as an applicant to be verified by a recruiter. 3. Recruiter: a company that received an application of an applicant, then verifying and screening applicant work-history based on their performance appraisal published by a former employer.

2 Consortium Blockchain
The system utilized Permissioned Consortium Blockchain "Quorum" as a Blockchain framework. The main idea to utilize consortium blockchain is to protect unwanted peers doing transactions in the network environment. It also has faster transactions and lowers energy demand compared to Public Blockchain. For the consensus mechanism, an algorithm of consensus that will be used is a RAFT (Reliable, Replicated, Redundant, And Fault-Tolerant) which is also much faster compared to public blockchain consensus such PoW (Proof of Work) due to simple and straightforward mechanism [24].
Another main component used in Blockchain is smart contract. All blockchains-based systems have smart contracts to implement their transaction logic. A smart contract is a piece of code that runs on its own in Blockchain network when certain circumstances are satisfied [25] [26].

3 Elliptic Curve Cryptography (ECC)
An ECC algorithm is used to encrypt and digitally sign the data. With the help of blockchain technology and ECC encryption algorithm, the system can securely store the data and easily verify by an authorized entity (recruiter) that has a decryption key. A digital signature using ECC algorithm (ECDSA) also utilized to validate the authenticity of data sender/creator. The main reason ECC algorithm being used is because it simply stronger and more efficient than RSA algorithm that used in Sarda et al. [4] to encrypt data.
Elliptic curve cryptography was introduced by Miller [27] and Koblitz [28] in the mid-1980s as an option for cryptographic protocols based on the discrete logarithm problem in the multiplicative group of a finite field. Instead of using the traditional method of generating keys as the product of very large prime numbers, ECC uses the features of the elliptic curve equation to produce keys. Thus, it makes ECC create faster, smaller, and efficient cryptographic keys by achieving the same level of security while using less computational energy resource [29].
For implementation, we use elliptic curve with mathematical equation: as an curves to calculate and generate public key and private key with prime field and base point . is a state-of-the-art Diffie-Hellman function suitable for a wide variety of applications [30]. It is one of the fastest ECC curves that offering 128 bits of security level with 256 bits key.

4 SHA-3-256 (Keccak)
SHA3 is the newest member of Secure Hash Algorithm (SHA) group of standards. It is a cryptographic algorithm for enhancing information security and to assure data integrity [31]. Our system used SHA3-Keccak256 to act as integrity checks for checking if a file is tampered. SHA3-Keccak256 ensure that data has not been modified by comparing the file's hash value to a previously calculated value. By using several mechanisms above, we attempt to improve confidentiality and integrity of the system.

5 Performance Appraisal
Our research utilize performance appraisal data as a work history document of the applicant. Since performance appraisal published and deployed quarterly, thus it can minimize personal preference and subjective judgment of companies toward employee compare to experience letter use in previous research. It is also contains a lot of information compare to experience letter. According to Gary, performance appraisal also can be used for recruitment and selection purposes [32].
Performance appraisal or employee evaluation data consist of several evaluation indicator (trait) and rating level. Evaluation indicator used in this research is several indicators which mostly use on many organization [33] [34]. These main indicators are:  (2) -Unsatisfactory (1) These 5 point system ranging has a value or score of each ranging respectively from 5 to 1. The overall performance score is also being added to summarize overall score of employee performance on each quarter report. The overall performance score is determined by mode value because it is the "measure of central tendency"and most commonly used for easy interpretation [36][37] [38]. Notes field also being added to make additional information regarding employee performance.

Publishing Evaluation Data
Publishing evaluation data is a process to publish or create a quarter report of employee performance appraisal. Figure 3 shows publishing evaluation data diagram. Specified details of publishing evaluation data process can be explained as follows: 1. The current employer creates or publishes employee performance appraisal quarter report of year for employee → , which includes employee key details (identity number, name, company name, position, and evaluation time on quarterly). 2. Encrypt the quarter report with elliptic curve encryption group Public Key → .

Digitally sign the Encrypted quarter report
with elliptic curve digital signature algorithm (ECDSA) using employer/companies Private Key → . 4. Sent employee key details, encrypted quarter report and signedencrypted-quarter-report into smart contract.
5. In smart contract, verify correctness of employee key details data. If employee identity number and employee name are matched with the previous record; or if there is no previous record found then continue the process. 6. Hash the signed-encrypted-quarter-report using SHA3-256 (Keccak) → in smart contract. 7. Deploy smart contract to store encrypted quarter report and hashedsigned-encrypted-quarter-report into blockchain.
8. After smart contract is deployed, the last step is to sent file of signed-encrypted-quarterreport from employer to employee in any communication channel preferred (email, IP message, etc).

7 Checking Evaluation Data
Our proposed mechanism must provide an employee to ensure and check whether their evaluation data is being tampered or not. Checking evaluation data is a process to check the authenticity and integrity of evaluation process conduct by employer. It is done by checking the hashed value of data. Hashed value act as integrity checks for checking if a file is being tampered or not. Figure 4 shows checking evaluation data diagram. The specified details of checking evaluation data process can be explained as follow: 1. After employee received file contain of their signed-encrypted evaluation data , the file then uploaded into employee DAPP interface to verify embedded signature of data.
2. Employee DAPP will verify signature of data to ensure file is sent by proper employer using employer sender public key . This verification signature process is done by generating hash value from decrypted signature using employer sender public key , then compare with generated hash from an encrypted data file. If hashed value is equal then file is sent by proper employer, otherwise is not. The use of using digital signature scheme is to avoid risk of employee being spammed and breached by any irresponsible parties.
4. After verifying signature, next step is to fetch their hashed-signed-encrypted-quarterreport from Blockchain. integrity and tampered proof of their evaluation data. If hashed value is equal then file is not modified, otherwise the data is being tampered or modified.
6. After comparing the hashed value of their evaluation data, the last step is to sent recruiter/next companies job application of applicant. Figure 4 Checking evaluation data diagram

8 Screening Evaluation Data
Screening applicant data is a process on recruiter/next companies to fetch and screen data of applicant stored in blockchain. In this process, it will tell the recruiter all work histories and past employment of applicant by showing all evaluation performance histories of an applicant in all companies on each quarter. It is done by fetch encrypted data of applicant from blockchain then decrypt it using group private key . Figure 5 shows screening applicant data diagram . The specified details of screen applicant data process can be explained as follow: 1. After recruiter receive job application of applicant, recruiter type id number of applicant on DAPP interface. 2. DAPP connect to smart contact and request to fetch data of encrypted applicant evaluation performance data stored in Blockchain.

IJCCS
3. The data of encrypted applicant performance appraisal histories then decrypted using group private key .
4. Decrypted data of applicant performance appraisal data then showed to recruiter. 5. Recruiter screening all work histories of applicant performance appraisal / evaluation data and send result of screening to applicant.  Table 1 shows overall comparison analysis between our proposed blockchain-based system for work historyperformance appraisal verification with blockchain-based system for work history verification on Sarda et al. [4]. Our proposed system uses Consortium blockhain with consensus algorithm RAFT. It makes our system is faster in transaction process and lowers energy demand compare to Public blockchain used by Sarda et al. [4]. RAFT consensus ensures that the node does not get fork. It also does not mint an empty block. Thus, it makes transaction finality become faster as well as saving storage space. For encryption process, our proposed system uses a newer cryptography algorithm than Sarda et al. [4] used. While RSA key is based on the difficulty of factoring big prime number, ECC is based on mathematical equation of Elliptic Curve Discrete Logarithm Problem. Thus, it makes our system has smaller keys with larger employee information stored compared to Sarda et al. [4]. Using encryption scheme using group keys pair also make our proposed system remove implementation of partial centralized solution and prevent fraud of hiding information in Sarda et al. [4] system. The encryption and hashing scheme is used to maintain confidentiality and verifiability of employee work history data. By publishing performance appraisal quarterly as a work history data, our proposed system can minimize conflict of interest and personal preference judgment happen compared to Sarda et al. [4] that publishing work history data in experience letter form right after an employee is going to dismiss/resign. Since we make it our smart contract effective and efficient in procedural use, thus our system has a low-cost gas fee in implementation. Another advantage of utilizing Consortium blockhain over Public blockchain is that the cost of gas and mining process can be customized at the agreed price level.

CONCLUSIONS
This research outlines the adoption of blockchain technology to perform work history verification based on performance appraisal data. This work shown that with the help of consortium blockchain, ECC encryption, and SHA3 hash function to store employee work histories based on performance appraisal data, the proposed system able to maintain confidentiality and verifiability of work histories data.
By using performance appraisal data, it can minimize personal preference evaluation of companies toward employee compare to experience letter or statement of service that might involve a lot of personal preference since employee will dismiss from their company.
Based on an experiment using consortium Blockchain and RAFT consensus, it is shown that the transaction time for publishing work histories becomes faster and low energy resources. Based on the implementation, using consortium blockchain also provide low-cost implementation of gas used since it can customize the cost of mining process at the agreed price level.
By utilized ECC algorithm for encryption scheme, it is also shown that our system has better security with lower resource key size compare to RSA algorithm. Thus, it makes our system provide more information regarding job, skill, and other information of employee/applicant as well as provide confidentiality and security of work histories data. By using encryption schema using group public key owned by companies, it also makes the system able to prevent fraud of hiding information that possibly done by applicant. Applicants can not customize and sent their work histories they preferred to recruiter. The system ensures recruiter that the data shown in system is all applicant data with no single data is hidden.
Based on experiment, by using SHA3-Keccak256 as an integrity check, it is. shown that system has capability to check whether data is being tampered by other parties or not. Thus, it improves confidentiality and integrity of work histories data as well as adding verifiability of the system.
If proposed system is adopted, then it strongly believes that the system is able to securely store employment data histories of employee, easily verified by prospective employers, enhance transaction process speed on blockchain, minimize conflict of interest happen, and reduce another fraud and risk occur during data verification process.
Despite all benefit and advantages mention, developing Blockchain-based system need a well capacity of RAM. During development process, 1 out of 6 nodes on Blockchain is down frequently due to limited RAM space available. Thus, for future work, it highly recommended to allocate bigger RAM space and adjust the number of node according to RAM space available. Another suggestion for future work is to add a decision support algorithm to help decisionmaker to decide the best candidate among all applicants based on performance appraisal data.