Subodh Sharma talks about the effectiveness of virtual IDs
Pratap Vikram Singh | January 16, 2018
The UIDAI has introduced two measures to strengthen the security of Aadhaar: a 16-digit virtual ID (VID) in place of Aadhaar number for authentication, and a ‘limited KYC’ feature in which agencies (other than those provided by the law) will receive a VID and not Aadhaar number of the user.
The move came after yet another expose of an unauthorised access to Aadhaar database in which demographic data of Aadhaar card holders were being sold on WhatsApp, as reported by The Tribune. Although a huge number of Aadhaar numbers have already been seeded with different databases, the virtual IDs, if applied carefully, will contain the damage. The VID is a kind of masking of the sensitive Aadhaar info. This solution, also called ‘tokenisation’, was discussed by three faculty members of the computer science department of IIT Delhi in a paper in the Economic and Political Weekly in September 2017. In an email interaction with Pratap Vikram Singh, Subodh Sharma, speaking on behalf of the trio of authors also including Shweta Agrawal and Subhashis Banerjee, talks about the effectiveness of virtual IDs, the key technological changes and safeguards necessary for secured use of Aadhaar. Edited excerpts:
Some experts call virtual ID and minimum KYC measures of the UIDAI as a ‘too little too late’ response.
The concept of virtual IDs, in our opinion, is a good idea. While it is hard to quantify statements such as “too little”, we feel that the other measures such as minimum KYC are necessary. Whether the measure is “too late” will depend on how effective and simple UIDAI’s migration plan is to replace the old Aadhaar numbers that have already been linked with the new virtual ones. The process can be problematic for the poor and the underprivileged if the migration is not executed with extreme care.
What are the fundamental technological weaknesses in Aadhaar system?
No public report is available presenting facts on the efficacy of biometric false ‘accept’ and false ‘reject’ rates; ditto for biometric deduplication.
In our opinion, it appears that the use cases for service delivery using Aadhaar are inadequately analysed (so it appears from the PDS exclusion reports).
Insofar as privacy and security are concerned:
(1) As we discuss in our paper, the model of using biometrics as a password (single factor) for authentication and authorisation is conceptually flawed. Biometrics should only be used for identity verification, that too under adversarial oversight.
(2) Using a single identifier (Aadhaar number) for all applications can create a vulnerability to orchestrate correlation attacks. This attack can possibly (if done well) be mitigated by virtual ids.
(3) The access control architecture appears vague. No clear and crisply defined online protocol for how data can be accessed and under what authorisation, how is it to be checked, and tamper-proof recording of access and authorisation trails and online audit. Hence, vulnerability to insider attacks.
(4) It appears that the peripheral services such as web-pages and mobile apps (m-Aadhaar) are poorly structured and poorly audited.
How does Aadhaar as a single digital identifier make individuals vulnerable? What is the solution you propose?
The digital identifier can be used to join databases, and mine personal information across multiple domains to profile individuals. Aadhaar is not the only global digital identifier with this vulnerability, mobile numbers and PAN also are. In fact, well before Aadhaar, the Indian private enterprises have started using mobile numbers as a unique id. Most databases, be it with banks and insurance, income tax, mutual funds, airlines, railways, hospitals and even small shops, have personal digital records indexed by mobile numbers. So, perhaps, mobile numbers require virtualisation more than Aadhaar does. Virtual ids, for all such unique identifiers, can be a solution. All you need is that if somebody, say an airline, calls your virtual mobile number, the real one should ring. Only a central authority needs to know the mapping. Ditto with Aadhaar.
Can you explain in plain language how cryptographically embedding Aadhaar ID into AUA-specific IDs makes the system safer from privacy and data protection perspective? Can you explain why it is needed and how it can be resolved?
In the current proposal there is no mention of cryptographic embedding. UIDAI will securely (hopefully) maintain a mapping between the global id and the various virtual ids. This way, if there is a need to join databases, say for some legitimate data analytics, then the UIDAI will have to facilitate it (there will have to be a mechanism for doing that). An alternative would have been to cryptographically hide the global id in the virtual ids, so that authorised entities with valid keys could link the virtual ids themselves (but still not be able to reconstruct the global id). That would have been another way to do the virtual ids.
In your paper you point at the need for demarcation between identity verification and authentication. Giving an example of Aadhaar-enabled service delivery, can you explain the importance of their separation?
Ideally identity verification should happen at the service provider’s premise, where there is a genuine interest in verifying the identity and the service provider will not collude with the person whose identity is being verified (adversarial oversight necessary to ensure that the person does not present a false plastic finger with somebody else’s fingerprint embedded on it). Consider, for example, a bank. The bank should produce an authentic biometric device, the person’s biometrics should be encrypted by the device and sent to UIDAI for verification along with her virtual id, and both the bank and the person should receive independent acknowledgements, directly from the UIDAI, about the outcome of the verification. That would be a correct identity verification protocol. This should only be done once in a while.
An example of an incorrect protocol is: A person walks up to a mobile telephone service provider’s officer to procure a SIM card, she gives her fingerprints to a device; the operator tells her that the verification has failed and asks her to put her fingers on the device again, she receives no communication from UIDAI, the operator issues a SIM in her name and sells it to somebody else. In effect she would have signed a blank paper authorising the agent to issue a SIM in her name! Ditto with withdrawal of money, PDS, etc.
Can you explain the possibility of insider leak of information from within UIDAI? How can it be addressed?
Consider the following scenario: some powerful entity can suddenly decide that SSS [the authors, Shweta, Shubhshis and Subodh] are bad people and influence insiders in UIDAI to access our personal data illegally without warrants, or put a tab on us. One or more insiders may use their privileged access rights illegally. Most attacks on protected databases happen through insiders – remember Snowden! Insider leaks are not only a concern with UIDAI but also with other bureaucracies like airlines and banks.
The only way to ensure against insider leaks is to have strict access control protocols in place to make unauthorised accesses, even by insiders, impossible.
Aadhaar is often criticised for a possibility of its use as a surveillance tool. Do you agree?
[It] can certainly become one without checks and balances. But the criticism is perhaps too broad and vague.
On one hand, there are claims about Aadhaar leading to huge savings which run in several thousand crore rupees. On the other, it is criticised for violation of privacy and exclusion in service delivery. Does the benefit outweigh the risk?
We cannot comment on the “savings” – there’ve been many loose statements on this already and we will not add to the noise. Risks can be mitigated with a proper design, and intuitively a unique verifiable identity appears to be a very useful tool for governance. The real benefit may come in digitisation of health records and in data analytics – econometrics, epidemiology, etc.
What are the other reforms and redressals required to strengthen the unique digital identity system?
Careful analysis of the use cases and taking special care not to cause exclusion or distress. Keep in mind the huge deficit of cultural capital in the country.
(The interview appears in the January 31, 2018 issue)
Before the novel coronavirus hit it, Mumbai about 10-12 lakh labourers from elsewhere had made it their home. The figure for the state of Maharashtra was another 18-20 lakh. As the pandemic spread and the Maximum City emerged as the worst-hit place in India, all economic activities came to an end, and with
For the rest of the world, it is not easy to understand China when it comes to politics or economics. Under pressure from the international community, it has accepted to open the country for a “comprehensive” probe into the origin of the deadly coronavirus. But it is not clear whether the Asian
Even as humanitarian support is pouring in to help distressed migrants amid Covid-19 pandemic and the lockdown, civil society organizations and NGOs are working for sanitation of community toilets which have become breeding source of virus infection. Every community toilet has 20 seats. Each
India, completing about two months of lockdown to protect against the spread of the Novel Coronavirus, has made good use of the time to improve health infrastructure, the government has said. Countering media reports “about some decisions of the government regarding the lockdown implem
As India begins to learn to live with Covid-19 and come out of nearly two-month long lockdown, regular train services are set to resume from June 1 in a graded manner, even as more ‘shramik’ special trains are planned. The railway ministry, in consultation with the health ministr
In the battle against Covid-19, India has managed to keep the mortality rate low at 0.2 deaths per lakh population, compared to some 4.1 deaths for the same population worldwide. Moreover, a total of 39,174 patients have been cured, registering a recovery rate of 38.73% which is improving continuously.