Aadhar – A detailed view on its technology , privacy and security

Aadhaar is the world’s largest biometric ID System with over 1.154 billion enrolled members as of 11 June 2017 . Aadhar number is giving individuals a power to establish their identity to various public and private agencies.

Three key characteristics of Aadhaar Number are:

1. Permanency (Aadhaar number remains same during lifetime of the person)

2. Uniqueness (one Aadhaar holder has one ID and no two Aadhaar holders have same ID)

3. Global (same identifier can be used across applications and domains).

A Deep Research done by Abhishek Sinha who is a Founder and Security Researcher at Technotricky on How your personal Information Can Be Hacked And Used For Illegal Activities Or Make it scarier Like You Can Be A Murderer Or Even A Terrorist.

How Aadhar Authentication 1.0 Works 
(Current Scenario) ???

When An Aadhar User Do Verification (e-KYC) Or A Transaction They Provide Their Finger Print And Aadhar No. To A Public Host Machine And A Public Biometric Reader is used For Authentication Purposes. The Host Machine Takes Aadhar No. and That Fingerprint Photograph Captured By Optical Biometric Sensor. Then The Whole Data is Converted Into A Template, Which Is Then Converted To PID BLOCK Or Personal ID Block.
So, After The Whole Process, The PID Block is Sent To UIDAI Gateway Servers For Authentication. Then, The UIDAI (Unique Identification Authority of India) Servers responds Either a Successful or a Failed Authentication.

Let’s Explain the Vulnerability

So, let’s start With Step by step

Step -1 Host Machine Takes Fingerprint Aadhar. Now the Risk is that The Host Machine Can Store The User Adhar No. And Biometrics, Which Can Then Be Used later Without Individual’s Consent.

Step - 2: The whole biometrics data is converted into a template which is required to convert it into PID Block. Now again the risk is PID Block Is Not Encrypted and So It Is Vulnerable to Interception by Hackers or Criminals While Data Transmission.

In the Last Process,: The Host Computer Is Connected To Public Internet Servers (ISP) And Hence Is Vulnerable To Viruses And Malware That Can Also Steal The PID BLOCK.

How My Data Is Used For Illegal Activities?

Once your INFORMATION and BIOMETRIC are hacked they can be used against you. Biometrics can be used to make A 3D PRINTED FINGERPRINT clone that can be planted in A CRIME SCENE.

This Information can also be used in a bomb blast to identify a specific person. having this information in wrong hands can save a criminal and ruin your life.

IS THAT SCARY ENOUGH? Can it be more worst than this? (Imagine How??)

Now let me explain the steps taken by UID to secure aadhar information and save peoples life.

Unique Identification Authority of India (UIDAI) has said that all devices using Aadhaar authentication will have to adhere to its new encryption standards from June 1 to biometric devices. It is a move to add a extra security layer to Aadhar Card Data Security. But according to sources it will completely active after September 2017 because in manufacturing the new devices with new encryption policy needs some time to redesign the devices according to new security standard.

Sources: https://authportal.uidai.gov.in/web/uidai/developer

 https://uidai.gov.in/images/resource/aadhaar_registered_devices_2_0_09112016.pdf