SlideShare a Scribd company logo

Aadhaar: Providing proof of identity to millions

H
Hp kushal

The document summarizes privacy and security risks associated with India's Aadhaar identification project. It identifies key risks such as unauthorized access and use of Aadhaar details, profiling of users across domains, and insider threats to the centralized identity database. Recommendations are provided to address shortcomings in measures by the Unique Identification Authority of India (UIDAI) such as strengthening legal frameworks, separating identity verification from authentication, and using cryptography to better protect sensitive biometric data. Overall, the author acknowledges benefits but argues more policy debates are needed to maximize potential while ensuring privacy and effectiveness.

Government & Nonprofit
1 of 8
Download to read offline
Aadhaar: Providing proof of identity to millions. From Privacy & security risks Perspective Kushal Horabylu Parameshwara Rowe School of Business, Dalhousie University. Abstract: This report deals primarily with risks revolving around Privacy & security concerns over Aadhaar Project. Specifically, we dig deeper to address & investigate the possibilities of using the Aadhaar details without consent or illegal access to the information. Through the analysis, We will also be identifying independent risk owner as well as suggest suitable recommendations. I. Introduction: Aadhaar is the worlds largest national identity project, launched by the government of India in the year 2009. Fundamentally this project involves collecting and storing biometric and demographic data in a centralized database. To date, 1.22 billion users have enrolled in the system, with a government expenditure of US$1.4 billion (Wikipedia,2018). However, there have been various news reports which suggest that fake and forged Aadhaar details have facilitated frauds and unscrupulous activities (The Wire,2018). In this report, we address the growing concern over privacy & security towards a suitable solution. II. Background Aadhaar is an ambitious project of the government of India and monitored closely by the Unique Identification Authority of India (UIDAI). On 3 March 2016, a money bill was introduced in the Parliament to give legislative backing to Aadhaar. On 11 March 2016, the Aadhaar act 2016 (Wikipedia, Aadaar) was passed in the parliament which helped in mitigating the frauds involved with the social benefit programs offered to the residents of India. The central government also claim that Aadhaar would prevent bank frauds blamed for the rising
non-performing assets in the public sector banking system and also would help the government shut down telecom connectivity to terrorists (EconomicTimes,2018). Along with the push towards e-governance, any digitization of residents record needs to have a unique Id’s. Standardizing the digital records through linking the Aadhars unique 12 digit Id across all the geographies verticals and local Id’s helps to collate virtually different digital records into one. Through the collated digital record, access to the real-time data using the Id’s as handles can be utilized by authorized agencies for audit, monitoring, analyzing and planning. It also has the potential to facilitate linking of currently isolated verticals, ie.education, census, healthcare and so forth. The growing concerns over the privacy issues have led social activists & commentators including Edward Snowden (The Quint,2018) to rise against Aadhaar & its objective as well as its implementation. There are many loopholes in the entire system that are flagged and dealt with by UIDAI. However, despite all these efforts possible countermeasures from both technological and legal perspective are missing. Leveraging the scope of Aadhaar from being just an identification and authorization measure for social benefit schemes that generate large-scale data facilitating analysis & planning can lead to far lead benefits and recognition worldwide. III. The Aadhaar Authentication Framework : The Aadhar authentication system comprises of the following entities (UIDAI,2018). 1. The Unique Identification Authority of India (UIDAI) is responsible for providing the primary identification and authentication services. It provides a unique identifier (Aadhaar number) to each resident and maintains their biometric and demographic data in a Central Identities Data Repository (CIDR). The UIDAI manages the CIDR and provides identification and authentication services with yes/no answers (Uidai | Kractivism). 2. An Authentication User Agency (AUA) who provides services to users that are successfully authenticated. Thus, an AUA connects to the CIDR and uses Aadhaar authentication to validate. 3. An Authentication Service Agency (ASA) is an entity that has secure leased line connectivity with the CIDR. ASAs transmit authentication requests to CIDR on behalf of one or more AUAs. An ASA enters into a formal contract with UIDAI (Railtel,2018).
4. The users, namely, the residents of the country who enrol themselves with UIDAI and are issued unique identification numbers (Aadhaar numbers). 5. The Point of Sale (POS) device, also known as authentication device which collects personal identity data from Aadhaar holders, prepares the information for transmission, transmits the authentication packets for authentication and receives the authentication results (Aadhar Blogs,2018). 6. An Enrolment Station, which is a collection of field devices used by enrolment agencies appointed by UIDAI to enrol people into the Aadhaar database and capture their demographic and biometric particulars (Aadhar Blogs,2018). Fig1: Aadhaar authentication framework.
IV. Risk Assessment: Aadhar number is the core of the entire system to function. The 12 digit number is the single unique identifier for that must function across multiple domains, which is the most significant cause of concern. Aadhaar number necessarily needs to be disclosed in order to continue the verification process and obtaining services. This information is now publicly available, not just electronically but also in human-readable form. This loophole often criticized over profiling of users across multiple service domains by service providers or interested parties. Fig.2. A sample of data in human-readable form.[Img. Source: ZDNet] some information are redacted to protect the data. Apart from that few other risks involved with Project Aadhaar are, Risk Id. Risk Impact/Severity Likelihood Risk Rating R1 Unstable biometrics 2 3 6 R2 Inability to handle huge no. of transactions per second 3 3 9
R3 Errors in data recording and data compilation 3 4 12 R4 Sharing of personal data with a non- trustworthy party 3 5 15 R5 Intrusion into encryption algorithms for data security 4 1 4 We have used the Likert test in the above study. The scores on the above table have been arrived based on the literature review during the project course. Impact 5 R4 4 R5 3 R2 R3 2 R1 1 1 2 3 4 5 Probability of occurrence Fig.3: Risk severity matrix So from the risk assessment, we can infer that R4 & R5 are severe threats to the Aadhaar project. Throughout this report, we shall be discussing recommendations to mitigate the risks.
V. Recommendations: We will be first recommending based on the framework of authentication itself. In the diagram below, we have tried to identify the gaps at each phase & addressed the situation with the suitable recommendation. Fig.4: Gaps & recommendation in the authentication framework. It is essential for an independent third party to play the role of an auditor. Even though all the encrypted data are stored within the UIDAI specifications, an insider always can be a threat to privacy. Now referring back to our risk assessment, these are the following final recommendations to mitigate the risk. Issue 1: Authentication without consent. Shortcomings in UIDAI measures: • Biometric & demographic data are public, henceforth can be used without consent. Recommendation: 1. Demarcate identity verification & authentication. 2. Strengthen legal and policy framework. Issue 2: Identification without consent using the Aadhaar number. Shortcomings in UIDAI measures:
• Unidirectional linking from AUA- specific local ids to Aadhaar Id. • No guidelines on safe maintenance of Aadhaar numbers by AUAs. • Vulnerable to correlations of identity across domains. Recommendation: 1. Unidirectional linking from Aadhaar ids to AUA-specific ids. 2. Cryptographically embedded Aadhaar id (Whitebox Cryptography) into AUA- specific ids making correlations impossible. Issue 3: Unlawful access to CIDR data leading to profiling, tracking & surveillance. Shortcomings in UIDAI measures: • Inadequate protection against insider attack on CIDR data. • CIDR data is encrypted but, the decryption key resides within CIDR officials; increasing the stakes of an insider attack. • Managers in UIDAI have access to decryption skills. Recommendation: 1. Separate administrative control for online audit & key management. 2. Legal framework fo the above. 3. All the biometric data must be stored using Hash Cryptography format (Hash Cryptography). 4. Manual inspection of CIDR data must not be possible. 5. The only pre-approved & audited computer programs with tamper proof guarantees should access CIDR data. 6. Using modern tools from computer science to implement the recommendations mentioned above. VI. Conclusion Even though there are serious privacy concerns, it would be hard not to consider the benefits of the entire ambitious project. Technology can play a very crucial part in making the Aadhar safe if implemented with due diligence. Above all, the question that remains unanswered is “who should be given the rights to verify the identity of an individual & under what circumstances?”. This project still requires comprehensive policy debates on all angles to realize the maximum potential &its effectiveness.
References: Aadhaar - Wikipedia. (n.d.). Retrieved from https://en.wikipedia.org/wiki/Unique_Identification_Authority_of_India Aadhaar (targeted Delivery Of Financial And Other ... (n.d.). Retrieved from https://en.wikipedia.org/wiki/Aadhaar_(Targeted_Delivery_of_Financial_and_other_ Aadhaar: Aadhaar To Prevent Bank Frauds, Terror Attacks ... (n.d.). Retrieved from https://economictimes.indiatimes.com/news/politics-and-nation/page-3-aadhaar-to- Aadhaar A Mass Surveillance System In Today’s Time: Snowden. (n.d.). Retrieved from https://www.thequint.com/news/india/nsa-whistleblower-edward-snowden-on-aadhaar Aadhaar Based Services - Railtel. (n.d.). Retrieved from https://www.railtelindia.com/our-expertise/aadhaar-based-services.html Aadhaar Related Articles: 12086 - Privacy And Security Of ... (n.d.). Retrieved from http://aadhaar-articles.blogspot.com/2017/09/12086-privacy-and-security-of-aadha The Planning Commission: Government of India. 2011 (December). Report of the Group of Experts on Privacy chaired by Justice A P Shah. Retrieved from http://planningcommission:nic:in/reports/genrep/rep privacy UIDAI. 2016b. Operating Model Overview. Retrieved from https://uidai:gov:in/authentication-2/operation-model:html. Operation Model - Unique Identification Authority Of India ... (n.d.). Retrieved from https://www.uidai.gov.in/authentication/authentication-overview/operation-model. Uidai | Kractivism | Page 10. (n.d.). Retrieved from http://www.kractivist.org/tag/uidai/page/10/ A New Data Leak Hits Aadhaar, India's National Id Database ... (n.d.). Retrieved from https://www.zdnet.com/article/another-data-leak-hits-india-aadhaar-biometric-dat What Is White Box Cryptography - Rambus. (n.d.). Retrieved from https://www.rambus.com/blogs/what-is-white-box-cryptography/ The Wire,2018: retrieved from https://thewire.in/economy/aadhaar-fraud-uidai

Recommended

Future of Aadhaar is "a secure and robust system ensuring complete security a...
Future of Aadhaar is "a secure and robust system ensuring complete security a...Future of Aadhaar is "a secure and robust system ensuring complete security a...
Future of Aadhaar is "a secure and robust system ensuring complete security a...National Management Olympiad
 
EFFECTIVE IN-HOUSE VOTING AND VERIFICATION USING BLOCK CHAIN IMPLEMENTATION
EFFECTIVE IN-HOUSE VOTING AND VERIFICATION USING BLOCK CHAIN IMPLEMENTATIONEFFECTIVE IN-HOUSE VOTING AND VERIFICATION USING BLOCK CHAIN IMPLEMENTATION
EFFECTIVE IN-HOUSE VOTING AND VERIFICATION USING BLOCK CHAIN IMPLEMENTATIONIJTRET-International Journal of Trendy Research in Engineering and Technology
 
18 16108 paper 089 ijeecs(edit)
18 16108 paper 089 ijeecs(edit)18 16108 paper 089 ijeecs(edit)
18 16108 paper 089 ijeecs(edit)IAESIJEECS
 
IRJET- Document Digitization
IRJET- Document DigitizationIRJET- Document Digitization
IRJET- Document DigitizationIRJET Journal
 
CloudPass – a passport system based on Cloud Computing and Near Field Communi...
CloudPass – a passport system based on Cloud Computing and Near Field Communi...CloudPass – a passport system based on Cloud Computing and Near Field Communi...
CloudPass – a passport system based on Cloud Computing and Near Field Communi...cscpconf
 
CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102Jean-François LOMBARDO
 
IRJET - Health Record Transaction in Hospital Management using Blockchain
IRJET - Health Record Transaction in Hospital Management using BlockchainIRJET - Health Record Transaction in Hospital Management using Blockchain
IRJET - Health Record Transaction in Hospital Management using BlockchainIRJET Journal
 
IRJET - Android based Application – Missing Person
IRJET - Android based Application – Missing PersonIRJET - Android based Application – Missing Person
IRJET - Android based Application – Missing PersonIRJET Journal
 

Recommended

Future of Aadhaar is "a secure and robust system ensuring complete security a...
Future of Aadhaar is "a secure and robust system ensuring complete security a...Future of Aadhaar is "a secure and robust system ensuring complete security a...
Future of Aadhaar is "a secure and robust system ensuring complete security a...National Management Olympiad
 
EFFECTIVE IN-HOUSE VOTING AND VERIFICATION USING BLOCK CHAIN IMPLEMENTATION
EFFECTIVE IN-HOUSE VOTING AND VERIFICATION USING BLOCK CHAIN IMPLEMENTATIONEFFECTIVE IN-HOUSE VOTING AND VERIFICATION USING BLOCK CHAIN IMPLEMENTATION
EFFECTIVE IN-HOUSE VOTING AND VERIFICATION USING BLOCK CHAIN IMPLEMENTATIONIJTRET-International Journal of Trendy Research in Engineering and Technology
 
18 16108 paper 089 ijeecs(edit)
18 16108 paper 089 ijeecs(edit)18 16108 paper 089 ijeecs(edit)
18 16108 paper 089 ijeecs(edit)IAESIJEECS
 
IRJET- Document Digitization
IRJET- Document DigitizationIRJET- Document Digitization
IRJET- Document DigitizationIRJET Journal
 
CloudPass – a passport system based on Cloud Computing and Near Field Communi...
CloudPass – a passport system based on Cloud Computing and Near Field Communi...CloudPass – a passport system based on Cloud Computing and Near Field Communi...
CloudPass – a passport system based on Cloud Computing and Near Field Communi...cscpconf
 
CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102Jean-François LOMBARDO
 
IRJET - Health Record Transaction in Hospital Management using Blockchain
IRJET - Health Record Transaction in Hospital Management using BlockchainIRJET - Health Record Transaction in Hospital Management using Blockchain
IRJET - Health Record Transaction in Hospital Management using BlockchainIRJET Journal
 
IRJET - Android based Application – Missing Person
IRJET - Android based Application – Missing PersonIRJET - Android based Application – Missing Person
IRJET - Android based Application – Missing PersonIRJET Journal
 
IRJET - Digital KYC with Auto Form Filling
IRJET - Digital KYC with Auto Form FillingIRJET - Digital KYC with Auto Form Filling
IRJET - Digital KYC with Auto Form FillingIRJET Journal
 
IRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using BlockchainIRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using BlockchainIRJET Journal
 
Data Protection & Aadhaar Act
Data Protection & Aadhaar ActData Protection & Aadhaar Act
Data Protection & Aadhaar ActNanda Mohan Shenoy
 
Online Voting System using Aadhaar Card and Biometric
Online Voting System using Aadhaar Card and BiometricOnline Voting System using Aadhaar Card and Biometric
Online Voting System using Aadhaar Card and BiometricIRJET Journal
 
PATIENT DRIVEN ELECTRONIC HEALTH RECORD USING BLOCK CHAIN
PATIENT DRIVEN ELECTRONIC HEALTH RECORD USING BLOCK CHAINPATIENT DRIVEN ELECTRONIC HEALTH RECORD USING BLOCK CHAIN
PATIENT DRIVEN ELECTRONIC HEALTH RECORD USING BLOCK CHAINIJTRET-International Journal of Trendy Research in Engineering and Technology
 
The Aadhaar Act, 2016
The Aadhaar Act, 2016The Aadhaar Act, 2016
The Aadhaar Act, 2016Dr. Gagandeep Kaur
 
Artificially Intelligent Investment Risk Calculation system based on Distribu...
Artificially Intelligent Investment Risk Calculation system based on Distribu...Artificially Intelligent Investment Risk Calculation system based on Distribu...
Artificially Intelligent Investment Risk Calculation system based on Distribu...iosrjce
 
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure FaxingHIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure FaxingeFax Corporate®
 
User-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management PlatformUser-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management PlatformDomenico Catalano
 
Cyber law final
Cyber law finalCyber law final
Cyber law finalMahesh Athani
 
A DISTRIBUTED MACHINE LEARNING BASED IDS FOR CLOUD COMPUTING
A DISTRIBUTED MACHINE LEARNING BASED IDS FOR CLOUD COMPUTINGA DISTRIBUTED MACHINE LEARNING BASED IDS FOR CLOUD COMPUTING
A DISTRIBUTED MACHINE LEARNING BASED IDS FOR CLOUD COMPUTINGIJTRET-International Journal of Trendy Research in Engineering and Technology
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
AUTHENTICATED MEDICAL DOCUMENTS RELEASING WITH PRIVACY PROTECTION AND RELEAS...
AUTHENTICATED MEDICAL DOCUMENTS RELEASING WITH PRIVACY PROTECTION AND RELEAS...AUTHENTICATED MEDICAL DOCUMENTS RELEASING WITH PRIVACY PROTECTION AND RELEAS...
AUTHENTICATED MEDICAL DOCUMENTS RELEASING WITH PRIVACY PROTECTION AND RELEAS...IJTRET-International Journal of Trendy Research in Engineering and Technology
 
cyber law analyst certification
cyber law analyst certificationcyber law analyst certification
cyber law analyst certificationVskills
 
IoT healthcare monitoring using blockchain
IoT healthcare monitoring using blockchainIoT healthcare monitoring using blockchain
IoT healthcare monitoring using blockchainKamran Gholizadeh HamlAbadi
 
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...IJNSA Journal
 
Security Analysis in Digital India
Security Analysis in Digital IndiaSecurity Analysis in Digital India
Security Analysis in Digital Indiajournal ijrtem
 
GDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationGDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationSteven Meister
 
Credit Card Fraud Detection
Credit Card Fraud DetectionCredit Card Fraud Detection
Credit Card Fraud Detectionijtsrd
 
Open ID Explained
Open ID ExplainedOpen ID Explained
Open ID ExplainedKarthik Ethirajan
 
practical risks in aadhaar project and measures to overcome them
practical risks in aadhaar project and measures to overcome thempractical risks in aadhaar project and measures to overcome them
practical risks in aadhaar project and measures to overcome themsaipriyadonthula
 
GHC-2014-Lavanya
GHC-2014-LavanyaGHC-2014-Lavanya
GHC-2014-LavanyaLavanya Lakshman
 

More Related Content

What's hot

IRJET - Digital KYC with Auto Form Filling
IRJET - Digital KYC with Auto Form FillingIRJET - Digital KYC with Auto Form Filling
IRJET - Digital KYC with Auto Form FillingIRJET Journal
 
IRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using BlockchainIRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using BlockchainIRJET Journal
 
Online Voting System using Aadhaar Card and Biometric
Online Voting System using Aadhaar Card and BiometricOnline Voting System using Aadhaar Card and Biometric
Online Voting System using Aadhaar Card and BiometricIRJET Journal
 
Artificially Intelligent Investment Risk Calculation system based on Distribu...
Artificially Intelligent Investment Risk Calculation system based on Distribu...Artificially Intelligent Investment Risk Calculation system based on Distribu...
Artificially Intelligent Investment Risk Calculation system based on Distribu...iosrjce
 
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure FaxingHIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure FaxingeFax Corporate®
 
User-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management PlatformUser-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management PlatformDomenico Catalano
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
cyber law analyst certification
cyber law analyst certificationcyber law analyst certification
cyber law analyst certificationVskills
 
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...IJNSA Journal
 
Security Analysis in Digital India
Security Analysis in Digital IndiaSecurity Analysis in Digital India
Security Analysis in Digital Indiajournal ijrtem
 
GDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationGDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationSteven Meister
 
Credit Card Fraud Detection
Credit Card Fraud DetectionCredit Card Fraud Detection
Credit Card Fraud Detectionijtsrd
 

What's hot (20)

IRJET - Digital KYC with Auto Form Filling
IRJET - Digital KYC with Auto Form FillingIRJET - Digital KYC with Auto Form Filling
IRJET - Digital KYC with Auto Form Filling
 
IRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using BlockchainIRJET-Securing Electronic Health Records using Blockchain
IRJET-Securing Electronic Health Records using Blockchain
 
Data Protection & Aadhaar Act
Data Protection & Aadhaar ActData Protection & Aadhaar Act
Data Protection & Aadhaar Act
 
Online Voting System using Aadhaar Card and Biometric
Online Voting System using Aadhaar Card and BiometricOnline Voting System using Aadhaar Card and Biometric
Online Voting System using Aadhaar Card and Biometric
 
PATIENT DRIVEN ELECTRONIC HEALTH RECORD USING BLOCK CHAIN
PATIENT DRIVEN ELECTRONIC HEALTH RECORD USING BLOCK CHAINPATIENT DRIVEN ELECTRONIC HEALTH RECORD USING BLOCK CHAIN
PATIENT DRIVEN ELECTRONIC HEALTH RECORD USING BLOCK CHAIN
 
The Aadhaar Act, 2016
The Aadhaar Act, 2016The Aadhaar Act, 2016
The Aadhaar Act, 2016
 
Artificially Intelligent Investment Risk Calculation system based on Distribu...
Artificially Intelligent Investment Risk Calculation system based on Distribu...Artificially Intelligent Investment Risk Calculation system based on Distribu...
Artificially Intelligent Investment Risk Calculation system based on Distribu...
 
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure FaxingHIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
 
User-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management PlatformUser-Access Manager: Key to Life Management Platform
User-Access Manager: Key to Life Management Platform
 
Cyber law final
Cyber law finalCyber law final
Cyber law final
 
A DISTRIBUTED MACHINE LEARNING BASED IDS FOR CLOUD COMPUTING
A DISTRIBUTED MACHINE LEARNING BASED IDS FOR CLOUD COMPUTINGA DISTRIBUTED MACHINE LEARNING BASED IDS FOR CLOUD COMPUTING
A DISTRIBUTED MACHINE LEARNING BASED IDS FOR CLOUD COMPUTING
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenario
 
AUTHENTICATED MEDICAL DOCUMENTS RELEASING WITH PRIVACY PROTECTION AND RELEAS...
AUTHENTICATED MEDICAL DOCUMENTS RELEASING WITH PRIVACY PROTECTION AND RELEAS...AUTHENTICATED MEDICAL DOCUMENTS RELEASING WITH PRIVACY PROTECTION AND RELEAS...
AUTHENTICATED MEDICAL DOCUMENTS RELEASING WITH PRIVACY PROTECTION AND RELEAS...
 
cyber law analyst certification
cyber law analyst certificationcyber law analyst certification
cyber law analyst certification
 
IoT healthcare monitoring using blockchain
IoT healthcare monitoring using blockchainIoT healthcare monitoring using blockchain
IoT healthcare monitoring using blockchain
 
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...
 
Security Analysis in Digital India
Security Analysis in Digital IndiaSecurity Analysis in Digital India
Security Analysis in Digital India
 
GDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationGDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and Evaluation
 
Credit Card Fraud Detection
Credit Card Fraud DetectionCredit Card Fraud Detection
Credit Card Fraud Detection
 
Open ID Explained
Open ID ExplainedOpen ID Explained
Open ID Explained
 

Similar to Aadhaar: Providing proof of identity to millions

practical risks in aadhaar project and measures to overcome them
practical risks in aadhaar project and measures to overcome thempractical risks in aadhaar project and measures to overcome them
practical risks in aadhaar project and measures to overcome themsaipriyadonthula
 
PIVault - A secure way to manage your employee data
PIVault - A secure way to manage your employee dataPIVault - A secure way to manage your employee data
PIVault - A secure way to manage your employee dataGreytip Software
 
Unlocking the Power of Identity Verification in India A Step Towards a Safer ...
Unlocking the Power of Identity Verification in India A Step Towards a Safer ...Unlocking the Power of Identity Verification in India A Step Towards a Safer ...
Unlocking the Power of Identity Verification in India A Step Towards a Safer ...rpacpc
 
IRJET- Securing E-Medical Documents using QR Code
IRJET- Securing E-Medical Documents using QR CodeIRJET- Securing E-Medical Documents using QR Code
IRJET- Securing E-Medical Documents using QR CodeIRJET Journal
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Unique Identification Number database simulation project report
Unique Identification Number database simulation project reportUnique Identification Number database simulation project report
Unique Identification Number database simulation project reportRachit Mishra
 
UIDAI:use of technology in increasing efficiency,delivery and transparency ppt
UIDAI:use of technology in increasing efficiency,delivery and transparency pptUIDAI:use of technology in increasing efficiency,delivery and transparency ppt
UIDAI:use of technology in increasing efficiency,delivery and transparency pptMOHD AQUIB
 
Cloud computing
Cloud computingCloud computing
Cloud computingAli Raza
 
Cloud computing
Cloud computingCloud computing
Cloud computingAli Raza
 
Detection of Attacker using Honeywords
Detection of Attacker using HoneywordsDetection of Attacker using Honeywords
Detection of Attacker using Honeywordsijtsrd
 
Optimizing agency efficiency for Aadhaar enrolments
Optimizing agency efficiency for Aadhaar enrolmentsOptimizing agency efficiency for Aadhaar enrolments
Optimizing agency efficiency for Aadhaar enrolmentsVinay Kumar
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Ravinder (Ravi) Singh
 
IRJET - Securing Aadhaar Details using Blockchain
IRJET - Securing Aadhaar Details using BlockchainIRJET - Securing Aadhaar Details using Blockchain
IRJET - Securing Aadhaar Details using BlockchainIRJET Journal
 
5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internetsuperintendingengine17
 

Similar to Aadhaar: Providing proof of identity to millions (20)

practical risks in aadhaar project and measures to overcome them
practical risks in aadhaar project and measures to overcome thempractical risks in aadhaar project and measures to overcome them
practical risks in aadhaar project and measures to overcome them
 
GHC-2014-Lavanya
GHC-2014-LavanyaGHC-2014-Lavanya
GHC-2014-Lavanya
 
General manager | NMO 2019
General manager | NMO 2019General manager | NMO 2019
General manager | NMO 2019
 
PIVault - A secure way to manage your employee data
PIVault - A secure way to manage your employee dataPIVault - A secure way to manage your employee data
PIVault - A secure way to manage your employee data
 
Aadhaar
AadhaarAadhaar
Aadhaar
 
Unlocking the Power of Identity Verification in India A Step Towards a Safer ...
Unlocking the Power of Identity Verification in India A Step Towards a Safer ...Unlocking the Power of Identity Verification in India A Step Towards a Safer ...
Unlocking the Power of Identity Verification in India A Step Towards a Safer ...
 
A dilemma in aadhar
A dilemma in aadharA dilemma in aadhar
A dilemma in aadhar
 
A dilemma in aadhar | NMO 2019
A dilemma in aadhar | NMO 2019A dilemma in aadhar | NMO 2019
A dilemma in aadhar | NMO 2019
 
IRJET- Securing E-Medical Documents using QR Code
IRJET- Securing E-Medical Documents using QR CodeIRJET- Securing E-Medical Documents using QR Code
IRJET- Securing E-Medical Documents using QR Code
 
Uid
UidUid
Uid
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Unique Identification Number database simulation project report
Unique Identification Number database simulation project reportUnique Identification Number database simulation project report
Unique Identification Number database simulation project report
 
UIDAI:use of technology in increasing efficiency,delivery and transparency ppt
UIDAI:use of technology in increasing efficiency,delivery and transparency pptUIDAI:use of technology in increasing efficiency,delivery and transparency ppt
UIDAI:use of technology in increasing efficiency,delivery and transparency ppt
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Detection of Attacker using Honeywords
Detection of Attacker using HoneywordsDetection of Attacker using Honeywords
Detection of Attacker using Honeywords
 
Optimizing agency efficiency for Aadhaar enrolments
Optimizing agency efficiency for Aadhaar enrolmentsOptimizing agency efficiency for Aadhaar enrolments
Optimizing agency efficiency for Aadhaar enrolments
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...
 
IRJET - Securing Aadhaar Details using Blockchain
IRJET - Securing Aadhaar Details using BlockchainIRJET - Securing Aadhaar Details using Blockchain
IRJET - Securing Aadhaar Details using Blockchain
 
5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet
 

Recently uploaded

Call Girls In Le Meridien hotel New Delhi 9873777170
Call Girls In Le Meridien hotel New Delhi 9873777170Call Girls In Le Meridien hotel New Delhi 9873777170
Call Girls In Le Meridien hotel New Delhi 9873777170avaniranaescorts
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012rehmti665
 
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...narwatsonia7
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...yalehistoricalreview
 
Club of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationClub of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationEnergy for One World
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证mbetknu
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhellokittymaearciaga
 
call girls in Vasant Kunj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vasant Kunj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Vasant Kunj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vasant Kunj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service MumbaiHigh Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbaisonalikaur4
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.Christina Parmionova
 
Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Christina Parmionova
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...Christina Parmionova
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxTechSoupConnectLondo
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...narwatsonia7
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolSERUDS INDIA
 
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILChristina Parmionova
 

Recently uploaded (20)

Call Girls In Le Meridien hotel New Delhi 9873777170
Call Girls In Le Meridien hotel New Delhi 9873777170Call Girls In Le Meridien hotel New Delhi 9873777170
Call Girls In Le Meridien hotel New Delhi 9873777170
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
 
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Tilak Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
 
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...Jewish Efforts to Influence American Immigration Policy in the Years Before t...
Jewish Efforts to Influence American Immigration Policy in the Years Before t...
 
Club of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationClub of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological Civilization
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptx
 
The Federal Budget and Health Care Policy
The Federal Budget and Health Care PolicyThe Federal Budget and Health Care Policy
The Federal Budget and Health Care Policy
 
call girls in Vasant Kunj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vasant Kunj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Vasant Kunj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vasant Kunj DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service MumbaiHigh Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
High Class Call Girls Mumbai Tanvi 9910780858 Independent Escort Service Mumbai
 
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Palam Vihar🔝 9953056974 🔝 escort Service
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.
 
Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
 
How to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptxHow to design healthy team dynamics to deliver successful digital projects.pptx
How to design healthy team dynamics to deliver successful digital projects.pptx
 
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls ServicesModel Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
 
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
Call Girls Service Race Course Road Just Call 7001305949 Enjoy College Girls ...
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnool
 
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
 

Aadhaar: Providing proof of identity to millions

  • 1. Aadhaar: Providing proof of identity to millions. From Privacy & security risks Perspective Kushal Horabylu Parameshwara Rowe School of Business, Dalhousie University. Abstract: This report deals primarily with risks revolving around Privacy & security concerns over Aadhaar Project. Specifically, we dig deeper to address & investigate the possibilities of using the Aadhaar details without consent or illegal access to the information. Through the analysis, We will also be identifying independent risk owner as well as suggest suitable recommendations. I. Introduction: Aadhaar is the worlds largest national identity project, launched by the government of India in the year 2009. Fundamentally this project involves collecting and storing biometric and demographic data in a centralized database. To date, 1.22 billion users have enrolled in the system, with a government expenditure of US$1.4 billion (Wikipedia,2018). However, there have been various news reports which suggest that fake and forged Aadhaar details have facilitated frauds and unscrupulous activities (The Wire,2018). In this report, we address the growing concern over privacy & security towards a suitable solution. II. Background Aadhaar is an ambitious project of the government of India and monitored closely by the Unique Identification Authority of India (UIDAI). On 3 March 2016, a money bill was introduced in the Parliament to give legislative backing to Aadhaar. On 11 March 2016, the Aadhaar act 2016 (Wikipedia, Aadaar) was passed in the parliament which helped in mitigating the frauds involved with the social benefit programs offered to the residents of India. The central government also claim that Aadhaar would prevent bank frauds blamed for the rising
  • 2. non-performing assets in the public sector banking system and also would help the government shut down telecom connectivity to terrorists (EconomicTimes,2018). Along with the push towards e-governance, any digitization of residents record needs to have a unique Id’s. Standardizing the digital records through linking the Aadhars unique 12 digit Id across all the geographies verticals and local Id’s helps to collate virtually different digital records into one. Through the collated digital record, access to the real-time data using the Id’s as handles can be utilized by authorized agencies for audit, monitoring, analyzing and planning. It also has the potential to facilitate linking of currently isolated verticals, ie.education, census, healthcare and so forth. The growing concerns over the privacy issues have led social activists & commentators including Edward Snowden (The Quint,2018) to rise against Aadhaar & its objective as well as its implementation. There are many loopholes in the entire system that are flagged and dealt with by UIDAI. However, despite all these efforts possible countermeasures from both technological and legal perspective are missing. Leveraging the scope of Aadhaar from being just an identification and authorization measure for social benefit schemes that generate large-scale data facilitating analysis & planning can lead to far lead benefits and recognition worldwide. III. The Aadhaar Authentication Framework : The Aadhar authentication system comprises of the following entities (UIDAI,2018). 1. The Unique Identification Authority of India (UIDAI) is responsible for providing the primary identification and authentication services. It provides a unique identifier (Aadhaar number) to each resident and maintains their biometric and demographic data in a Central Identities Data Repository (CIDR). The UIDAI manages the CIDR and provides identification and authentication services with yes/no answers (Uidai | Kractivism). 2. An Authentication User Agency (AUA) who provides services to users that are successfully authenticated. Thus, an AUA connects to the CIDR and uses Aadhaar authentication to validate. 3. An Authentication Service Agency (ASA) is an entity that has secure leased line connectivity with the CIDR. ASAs transmit authentication requests to CIDR on behalf of one or more AUAs. An ASA enters into a formal contract with UIDAI (Railtel,2018).
  • 3. 4. The users, namely, the residents of the country who enrol themselves with UIDAI and are issued unique identification numbers (Aadhaar numbers). 5. The Point of Sale (POS) device, also known as authentication device which collects personal identity data from Aadhaar holders, prepares the information for transmission, transmits the authentication packets for authentication and receives the authentication results (Aadhar Blogs,2018). 6. An Enrolment Station, which is a collection of field devices used by enrolment agencies appointed by UIDAI to enrol people into the Aadhaar database and capture their demographic and biometric particulars (Aadhar Blogs,2018). Fig1: Aadhaar authentication framework.
  • 4. IV. Risk Assessment: Aadhar number is the core of the entire system to function. The 12 digit number is the single unique identifier for that must function across multiple domains, which is the most significant cause of concern. Aadhaar number necessarily needs to be disclosed in order to continue the verification process and obtaining services. This information is now publicly available, not just electronically but also in human-readable form. This loophole often criticized over profiling of users across multiple service domains by service providers or interested parties. Fig.2. A sample of data in human-readable form.[Img. Source: ZDNet] some information are redacted to protect the data. Apart from that few other risks involved with Project Aadhaar are, Risk Id. Risk Impact/Severity Likelihood Risk Rating R1 Unstable biometrics 2 3 6 R2 Inability to handle huge no. of transactions per second 3 3 9
  • 5. R3 Errors in data recording and data compilation 3 4 12 R4 Sharing of personal data with a non- trustworthy party 3 5 15 R5 Intrusion into encryption algorithms for data security 4 1 4 We have used the Likert test in the above study. The scores on the above table have been arrived based on the literature review during the project course. Impact 5 R4 4 R5 3 R2 R3 2 R1 1 1 2 3 4 5 Probability of occurrence Fig.3: Risk severity matrix So from the risk assessment, we can infer that R4 & R5 are severe threats to the Aadhaar project. Throughout this report, we shall be discussing recommendations to mitigate the risks.
  • 6. V. Recommendations: We will be first recommending based on the framework of authentication itself. In the diagram below, we have tried to identify the gaps at each phase & addressed the situation with the suitable recommendation. Fig.4: Gaps & recommendation in the authentication framework. It is essential for an independent third party to play the role of an auditor. Even though all the encrypted data are stored within the UIDAI specifications, an insider always can be a threat to privacy. Now referring back to our risk assessment, these are the following final recommendations to mitigate the risk. Issue 1: Authentication without consent. Shortcomings in UIDAI measures: • Biometric & demographic data are public, henceforth can be used without consent. Recommendation: 1. Demarcate identity verification & authentication. 2. Strengthen legal and policy framework. Issue 2: Identification without consent using the Aadhaar number. Shortcomings in UIDAI measures:
  • 7. • Unidirectional linking from AUA- specific local ids to Aadhaar Id. • No guidelines on safe maintenance of Aadhaar numbers by AUAs. • Vulnerable to correlations of identity across domains. Recommendation: 1. Unidirectional linking from Aadhaar ids to AUA-specific ids. 2. Cryptographically embedded Aadhaar id (Whitebox Cryptography) into AUA- specific ids making correlations impossible. Issue 3: Unlawful access to CIDR data leading to profiling, tracking & surveillance. Shortcomings in UIDAI measures: • Inadequate protection against insider attack on CIDR data. • CIDR data is encrypted but, the decryption key resides within CIDR officials; increasing the stakes of an insider attack. • Managers in UIDAI have access to decryption skills. Recommendation: 1. Separate administrative control for online audit & key management. 2. Legal framework fo the above. 3. All the biometric data must be stored using Hash Cryptography format (Hash Cryptography). 4. Manual inspection of CIDR data must not be possible. 5. The only pre-approved & audited computer programs with tamper proof guarantees should access CIDR data. 6. Using modern tools from computer science to implement the recommendations mentioned above. VI. Conclusion Even though there are serious privacy concerns, it would be hard not to consider the benefits of the entire ambitious project. Technology can play a very crucial part in making the Aadhar safe if implemented with due diligence. Above all, the question that remains unanswered is “who should be given the rights to verify the identity of an individual & under what circumstances?”. This project still requires comprehensive policy debates on all angles to realize the maximum potential &its effectiveness.
  • 8. References: Aadhaar - Wikipedia. (n.d.). Retrieved from https://en.wikipedia.org/wiki/Unique_Identification_Authority_of_India Aadhaar (targeted Delivery Of Financial And Other ... (n.d.). Retrieved from https://en.wikipedia.org/wiki/Aadhaar_(Targeted_Delivery_of_Financial_and_other_ Aadhaar: Aadhaar To Prevent Bank Frauds, Terror Attacks ... (n.d.). Retrieved from https://economictimes.indiatimes.com/news/politics-and-nation/page-3-aadhaar-to- Aadhaar A Mass Surveillance System In Today’s Time: Snowden. (n.d.). Retrieved from https://www.thequint.com/news/india/nsa-whistleblower-edward-snowden-on-aadhaar Aadhaar Based Services - Railtel. (n.d.). Retrieved from https://www.railtelindia.com/our-expertise/aadhaar-based-services.html Aadhaar Related Articles: 12086 - Privacy And Security Of ... (n.d.). Retrieved from http://aadhaar-articles.blogspot.com/2017/09/12086-privacy-and-security-of-aadha The Planning Commission: Government of India. 2011 (December). Report of the Group of Experts on Privacy chaired by Justice A P Shah. Retrieved from http://planningcommission:nic:in/reports/genrep/rep privacy UIDAI. 2016b. Operating Model Overview. Retrieved from https://uidai:gov:in/authentication-2/operation-model:html. Operation Model - Unique Identification Authority Of India ... (n.d.). Retrieved from https://www.uidai.gov.in/authentication/authentication-overview/operation-model. Uidai | Kractivism | Page 10. (n.d.). Retrieved from http://www.kractivist.org/tag/uidai/page/10/ A New Data Leak Hits Aadhaar, India's National Id Database ... (n.d.). Retrieved from https://www.zdnet.com/article/another-data-leak-hits-india-aadhaar-biometric-dat What Is White Box Cryptography - Rambus. (n.d.). Retrieved from https://www.rambus.com/blogs/what-is-white-box-cryptography/ The Wire,2018: retrieved from https://thewire.in/economy/aadhaar-fraud-uidai