|
| Search for Cases |
|
Case Details |
|
Case Code: ITSY097
|
| Case Length: 10 Pages |
| Period: 2017-2018 |
| Pub Date: 2018 |
| Teaching Note: Available |
| Price:Rs.300 |
| Organization : Unique Identification Authority of India (UIDAI) |
Industry : -
|
| Countries : India |
| Themes: e-governance/ data security/cyber security |
|
|
|
|
Aadhaar Data Leaks: How Secure is the World`s Largest Biometric Database? |
|
|
|
|
| <<Previous Page |
EXCERPTS |
|
| |
|
UIDAI was accountable for providing the basic identification and authentication services of the user. It provided a unique identifier (Aadhaar number) to each resident and stored their biometric and demographic data in a CIDR (See Exhibit I). The UIDAI managed the CIDR and provided identification and authentication services with yes/no answers. An Authentication User Agency (AUA) provided services to users that were successfully authenticated. Thus, an AUA connected to the CIDR and used Aadhaar authentication to validate a user and support its services. The AUAs might be banks. |
| |
 |
| or |
 |
| or |
PayPal (7 USD)
|
|
|
| |
| |
| Some analysts raised concerns about the underlying vulnerability of Aadhaar data (See Exhibit II). According to them, the Aadhaar number by itself would not reveal any information. But when it was linked with the mobile number, bank account, driver’s license, and PAN, the combined information could reveal the profile of the individual. Analysts felt that security and privacy issues could occur at several stages in the Aadhaar lifecycle. For instance, these issues might happen during the collection, transmission, and storage of Aadhaar details in the centralized database. . |
| |
|
| There were several allegations about the breach of Aadhaar data. For instance, if an operator saved a copy of a user’s biometric fingerprints on his computer, he could transact on the user’s behalf by replaying the fingerprint stored on his computer. On February 11, 2017, a YouTube clip illustrating such a replay attack was leaked online. On February 24, 2017, UIDAI filed a criminal complaint, alleging that an employee of Suvidhaa Infoserve Pvt. Ltd had used Axis Bank’s gateway to UIDAI’s servers to conduct 397 biometric transactions between July 2016 and February 2017 using a stored fingerprint... |
| |
|
| Though there might be several prevailing concerns over data security, analysts felt that these could not offset the benefits Aadhaar had to offer. In addition, one could not completely overlook the GoI’s efforts to make Aadhaar more secure. All the technical anomalies that were exposed were being instantly taken care of by the UIDAI... |
| |
|
Exhibit I:Aadhaar Operation Model
Exhibit II: Possible Active and Passive Attacks on CIDR data base
Exhibit III: Penalties for Revealing Identity Information Breaching Aadhaar
Exhibit IV: Legislations for Ensuring Privacy and Security of Aadhaar Data
|
| |
|
|
|
