practical risks in aadhaar project and measures to overcome them


Published on

aadhaar is a project being dealt by UIDAI.This presentation emphasizes on technical risks in this project and how to overcome them.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

practical risks in aadhaar project and measures to overcome them

  2. 2. CONTENTSWhat is AADHAAR??Goals and missions of UIDAIProjected benefits of AADHAARPractical risks involved in this projectSOLUTIONS to overcome these threatsCONCLUSION
  3. 3. What is AADHAAR??Aadhaar is a 12-digit unique number which the Unique Identification Authority of India (UIDAI) will issue for all residents in India. The number will be stored in a centralized database and linked to the basic demographics and biometric informationUIDAI launched AADHAAR on 29 th September 2010.The first person to receive an AADHAAR was Rajana Sawane of Tembhli village.
  4. 4. Number schema of AADHAAR As shown in the picture above, the India Aadhaar number schema will actually have not even 12 digits but only 11 digits. The 1st number will be the Implicit Version Number while the second, be the Check digit. So, that means that the Aadhaar number will only have 11 digits which really matter. The numbers in UID will be non repeating and non traceable or predictable and will be generated
  5. 5. Collection ofBIOMETRICinformation
  6. 6. Pictorial perspective:
  7. 7. UIDAI will provide AADHAARto residentsand missions ofGoals of India that UIDAI can be verified easily,quickly and in cost effective way can eliminate duplicateand fake identitiesThe UIDAI intends to cover allresidents of the country, but thefocus will be on enrolling the Indias
  8. 8. Continued… .The UIDAI will offer a strong form ofauthentication where agencies can comparedemographic and biometric information of theresident with record stored in central data baseThis central data base is stored in a computerwhich will be linked to all government andprivate agencies like banks
  9. 9. Projected benefitsAadhaar will become the single source of identityverification. Residents would be spared the hassleof repeatedly providing supporting identitydocuments each time they wish to access servicessuch as obtaining a bank account, passport, drivinglicense and so on.Financial inclusion with deeper penetration ofbanks, insurance and easy distribution of benefitsof government schemes.
  10. 10. Continued…. By providing a clear proof of identity, Aadhaar will also facilitate entry for poor and underprivileged residents into the formal banking system and the opportunity to avail services provided by the government and the private sector. Giving migrants mobility of identity.
  12. 12. Practical risks of AADHAAR 1. India has been facing various hacking problems from inside and abroad. Many times our government sites were also being hacked by hackers .This is very clear that our cyber security is not safe.2. We are having a lot of corrupted people in India especially in government department. Everyone know that for money, maximum of government official leak any kind of information. Then what will be surely
  13. 13. Continued… 3.It is proposed that UIN will be used as PAN for income tax purpose. If this happen than PAN will be available easily to any body and one may use other UIN or say PAN for any transaction. Today at least one cant find easily others PAN no. 4.Village people will be offered Rs.100 for getting their Unique Identity Number. Every one know very well how
  14. 14. Proposed solutions Information classification: Information associated with the UID shall be classified in the minimum into two categories namely “Primary” and “Secondary”. Out of the “Primary” category a part would be considered “Public” information and other would be treated as “Private-Primary Information”  Public information may consist of name, sex, age, registered address. Private-Primary information would be available to the data holder for query on a synchronized data server to ensure that the information is accurate at all times.
  15. 15.  Secondary Information would be kept in paper format inmultiple locations. One copy would also be kept in digital formatwith strong encryption in an offline media with DRP support.This would be available to authorized UID employees only forgrievance redressal and under appropriate audit trail recordings. Within UIDAI no employee would be provided access to allaspects of the data base.The elements of the data base would be broken into multipleparts and scattered with an algorithm across the data base. Theywould be assembled only by authorized employees.
  16. 16. Information storage security:Information under storage is kept in encrypted.Access shall be backed up by data integrity control, audit trailmonitoring and archival.Information transmission security:Transmission of Information into and out of the systemswould be monitored by a suitable Firewall and appropriatepolices and procedures shall be implemented to ensure thatviruses and other malicious codes are filtered.Al l transmissions of data including confidential mails inthe name of UIDAI should be encrypted and digitally signed.
  17. 17. Logical access security:Policies and Procedures shall be implemented forensuring that access to any IT device is madeavailable only with appropriate access authenticationsuch as Passwords.Appropriate measures shall be initiated forensuring that a strong password policy is maintainedacross the organization.Use of hardware tokens with biometric and RFIDtags shall be used where considered necessary.
  18. 18. Employee consent: “ Agents” of UIDAI must be subjected to a very strict selection criteria including background checks, privacy declarations, indemnity etc should be obtained from every individual who is involved in this  activity. Any mistake observed and corrected will also be recorded as a “Security Breach” and the responsibility for the same would be fixed on the concerned person.Employee awareness
  19. 19. Employee cyber usage policy:• Employees would be subject to appropriate restrictions in use of Computers so that UID information is not subject to risk elements from Cyber space.•  All access would be based on multi factor authentication of the employee and with archival of audit trail with a trusted third party with adequate security.•  In particular, no computer which has access to secondary data will have access to Internet
  20. 20. Continued…In particular, no storage media (such as cellphones)would be allowed to be used by theemployees  in the ordinary course. All computerswould work on the network with dumb terminals. UIDAI shall retain all Policy documents related to information security for a period of a minimum of 3 years either in print or electronic form.    Data which is part of a security breach incident, is kept permanently.
  21. 21. CONCLUSION“… Theconscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our
  22. 22. THANK YOU
  23. 23. Print master QUERIES??• Your Text here• Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.• Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.