SEMI FINAL | BUSINESS CASE - BCS 02
Head of Information Technology Department Submission BCS SF 02
NMO Season 1
Future of Aadhaar is "a secure and robust system ensuring complete security and privacy of the citizens"
Submission Date & Time : 2019-04-07 10:15:23
Submitted By: Yash Jain - Head of Information Technology Department From Team Kalam
BCS Solution SummaryFor an identification system like aadhaar, privacy is a very vital part of the system and UIDAI must make modifications in its current system using advanced technologies of cybersecurity to make the system more robust and secure. The system of aadhaar should be made more technology dependent rather than human intervention to prevent the system from fraudulent practices and eliminate the possibility of human error.
Solution1. EXECUTIVE SUMMARY This report reflects the investigations of the privacy and security issues of Aadhaar from a technology point of view. Specifically, this report deals with the possibilities of identification and authentication without consent using the Aadhaar number or biometric data, and unlawful access of Aadhaar data in the central repository. Our analysis suggests that privacy protection in Aadhaar will require: a) an independent third party that can play the role of an online auditor, b) using strong encryption techniques, and c) strong legal and policy frameworks that can address the specifics of authentication and identification in a modern digital setting. 2. INTRODUCTION The Adhaar project is the world’s largest national identity project, launched by the government of India, which seeks to collect biometric and demographic data of residents and store these in a centralized database. According to a survey conducted in 2015 about 89.6% of India’s population has been enrolled on Adhaar. The government has spent at least 890 million USD on the project (Wikipedia). However, recently there has been considerable deliberations over the privacy and security issues related to the Aadhaar project. The objective of the assessment is to pinpoint security weaknesses and vulnerabilities and to propose recommendations for their remediation. The identified issues are evaluated and prioritized according to their relative risk and measures for their remediation are proposed. The proposed countermeasures to reduce the risk for identified security issues are presented in this report. 6. CONCLUSION We have analyzed the Adhaar project from the points of view of privacy and security and have pointed out some technical weaknesses and possible remedies. Specifically, we have found that: 1) The Aadhaar number, which is a single global identifier that is supposed to work across application domains, makes individuals vulnerable to privacy breaches. A design alteration can, however, make it safe. 2) The slightly different concepts of authentication and identity verification need to be well demarcated, and careful use case analysis is required to determine precisely what is required for each application. The legal framework must also make note of these. 3) In an Aadhaar like setup, the biggest threat to privacy comes from potential insider leaks. The Aadhaar technology architecture does not seem to have been explicitly designed to have strong protections against such insider leaks. We believe that effective protection against insider leaks necessarily requires a third-party auditor under independent administrative control. With such a provision in place, there are several tools from computer science that can provide reasonable guarantees for security and privacy protection. Please refer to the attached report for a detailed solution. This report aims at using advanced cybersecurity practices to make the aadhaar system more secure!!
Attached File Details
Comments
Dr Saroj Kumar Dutta
well tried , the solution suggested have a new outlook towards problem and probable solutions from IT perspective.
Participant
Yash Jain
,
I am a Computer Engineering Student and currently I am in final year of my engineering. I believe in making software applications which is useful to the general public and bring about a positive change in the society. Along with technology I also study concepts of business and finance because that knowledge is absolutely necessary to take the engineering projects on a bigger level.