UIDAI must take steps to have multiple key holders.
Right from its inception, the Aadhaar project has been and continues to be questioned as it violates privacy and data security issues. The issue has taken the centrestage like never before after an expose by a journalist. Though UIDAI has denied any such breach, its defence has been at best ambiguous. The core of Aadhaar is Central Identities Database Repository (CIDR) may be strong by design. However, its support systems, processes, and wider ecosystems are exposed with open access to any government authorised or private entities.
Some crucial lacunae in the identification and authentication processes of Aadhaar have been pointed out by Center for Internet and Society. Some possible ways of breach are correlation of identities across domains, identification without consent using Aadhaar data, and illegal tracking of individuals.
The possibility of insider attacks could be the most dangerous threat to the Aadhaar ecosystem. It could also come under attack if the attacker can collude with an insider with access to various components of the Aadhaar system - something akin to the recent breach aided by the involvement of an insider. Though an FIR has been filed with the police, there is no information UIDAI taking any action against either government or private employees. According to various studies on Aadhaar ecosystem, there are no safeguards or guidelines - either technical or legal - on how the Aadhaar number should be maintained and how it should be used by Authentication User Agencies (AUA) in a cryptographically secure way, and how to prevent the Aadhaar number of an individual from becoming public.
MEASURES AGAINST INSIDER ATTACKS
Apart from the implementation of recommendations of Shah and Sinha committees, UIDAI could appoint independent third-parties who can individually perform the roles of an auditor and a keeper of Cryptographic keys. The separation of administrative control can strengthen security of the overall system.
Other techniques that can be used are: 1) To store only hash of biometric data, 2) Tamper-resistant code to avoid arbitrary behaviour, 3) Tamper- resistant hardware may be leveraged for protection of cryptographic keys, and 4) Whiteboxing and encryption methods.
UIDAI has introduced a system of virtual authentication for citizens enrolled on its database and limited the access available to service providers in a move aimed at allaying widespread concern over security breaches that have dogged the UIDAI central repository. Significant security upgrades announced by UIDAI is to create a "virtual ID" which can be used in lieu of 12-digit aadhaar number. Some database with Aadhaar numbers will still float around unless there is complete revocation of the number. For trust to prevail tokenisation should be implemented across all data controllers including Authentication User Agencies. This concept will also prevent combining and correlating of databases across domains that are linked to Aadhaar number.
One of the vulnerability is making copies of fingerprints, By law, one should not store copies of fingerprints. However, it is hard to spot vulnerabilities embedded in thousands of lines of code. Though biometric sensors "are increasingly implementing liveness detection to ensure any attempt at making fake fingers and iris are prevented." It is not clear if biometric readers certified by UIDAI have been tested for liveness detection.
(The writer is a professor at Vardhaman College of Engineering)