BEEF UP AAD­HAAR SE­CU­RITY

UIDAI must take steps to have mul­ti­ple key hold­ers

The Asian Age - - 360° - Dr G. V. K. Reddy

Right from its in­cep­tion, the Aad­haar project has been and con­tin­ues to be ques­tioned as it vi­o­lates pri­vacy and data se­cu­rity is­sues. The is­sue has taken the cen­trestage like never be­fore af­ter an ex­pose by a jour­nal­ist. Though UIDAI has de­nied any such breach, its de­fence has been at best am­bigu­ous. The core of Aad­haar is Cen­tral Iden­ti­ties Data­base Repos­i­tory ( CIDR) may be strong by de­sign. How­ever, its sup­port sys­tems, pro­cesses, and wider ecosys­tems are ex­posed with open ac­cess to any gov­ern­ment au­tho­rised or pri­vate en­ti­ties.

Some cru­cial la­cu­nae in the iden­ti­fi­ca­tion and au­then­ti­ca­tion pro­cesses of Aad­haar have been pointed out by Cen­ter for In­ter­net and So­ci­ety. Some pos­si­ble ways of breach are cor­re­la­tion of iden­ti­ties across do­mains, iden­ti­fi­ca­tion without con­sent us­ing Aad­haar data, and il­le­gal track­ing of in­di­vid­u­als.

The pos­si­bil­ity of in­sider at­tacks could be the most dan­ger­ous threat to the Aad­haar ecosys­tem. It could also come un­der at­tack if the at­tacker can col­lude with an in­sider with ac­cess to var­i­ous com­po­nents of the Aad­haar sys­tem - some­thing akin to the re­cent breach aided by the in­volve­ment of an in­sider. Though an FIR has been filed with the po­lice, there is no in­for­ma­tion UIDAI tak­ing any ac­tion against ei­ther gov­ern­ment or pri­vate em­ploy­ees. Ac­cord­ing to var­i­ous stud­ies on Aad­haar ecosys­tem, there are no safe­guards or guide­lines - ei­ther tech­ni­cal or le­gal - on how the Aad­haar num­ber should be main­tained and how it should be used by Au­then­ti­ca­tion User Agen­cies ( AUA) in a cryp­to­graph­i­cally se­cure way, and how to pre­vent the Aad­haar num­ber of an in­di­vid­ual from be­com­ing pub­lic.

( The writer is a pro­fes­sor at Vard­haman

Col­lege of En­gi­neer­ing)

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.