How Secure is World's Largest Biometric Database Aadhaar?

Largest in world. How secure is the Indian Aadhar biometrics project?

India has been implementing a biometrics project called Aadhar since 2009. In recent years, it has implemented biometric data collection (including photos, ten-finger fingerprints and iris scans) for approximately 1.2 billion people across India, Provided a unique 12-digit identification number for each resident. As a result, the government can provide subsidies, medical care, social security, training, employment and other services directly to each citizen.

However, as one of the largest biometrics projects of its kind in the world, the disputes over privacy, security and other aspects of the project can be described as one after another.

 

Can such a huge project really guarantee safety?

Prior to this, Edward Snowden, a former employee of the US Security Agency, and Troy Hunt, an Australian security expert, had questioned the security of Indian databases. A 2017 study conducted by PricewaterhouseCoopers and Assocham showed that the number of attacks on Indian websites has increased fivefold over the past four years, and cybercrime occurs every 10 minutes in the Indian capital. This also shows that the Digital India program actually costs very little in terms of security.


Printing various databases at risk 

The implementation of the "Digital India" program has spawned many important databases covering a large amount of sensitive personal information for each resident, including bank transaction records, tax files, passport details, property ownership, birth certificates, photos, etc.

Data across systems and institutions continues to grow rapidly in this form. Every month, hundreds of thousands of people in India apply for Aadhaar accounts or update and correct personal information.

While the amount of data has exploded, the security of the database has obviously become a hot topic.

Simply put, if there are not enough protective measures, the connection with the Aadhaar system will inevitably pose a risk to the security of the data.


Who uses the data and who keeps it? How do these organizations use the data?

The use of data is mixed, but we find it difficult to find malicious users.

After the Indian government implemented the Aadhaar project, it gained a lot of convenience. The identification number provided by the Aadhaar project is bound to a mobile phone number and a bank account. Indian citizens can access the database online for identification and mobile phone "real-time" verification, while also enjoying medical, social security, training, driver's license, employment and other services.

World's Largest Biometric Database Aadhaar in India

Government departments can also provide subsidies and benefits to residents in a targeted manner, monitor the health status of residents, effectively provide public services such as medical and epidemic prevention, and achieve real-time improvement of administrative processes.


However, because India's network infrastructure is not stable, the issue of security risks is still relatively acute. In addition, many related databases are updated in real time, and there are various access users, which also increases the challenges in this regard.


It is difficult to regulate the use of data

The Indian Identity Card Authority (abbreviated UIDAI, the executive arm of the Aadhaar project) has recently provided all users with the option of masking the true identification number by creating a virtual identity. A bank ’s chief technology officer, who asked not to be named, believes that although the measure is very important to protect identity, users must understand how to use this function reasonably. Otherwise only ulterior motivated people will take advantage of the opportunity. Such as human factors will also affect the database Security has an impact, and perhaps disgruntled employees have decided to abuse their authority to steal sensitive information.

 

The Aadhaar project has now been widely entered into the daily lives of Indian citizens, but not all institutions are using data with strict control standards. For example, users read their own information under public WiFi, but the WiFi environment here has been hacked in advance by hackers, and related information is easily obtained by hackers.


There is a gap in investment in security

Most companies still do not spend enough funds to protect network assets. For example, JPMorgan Chase’s IT budget and security spending ratio is 10:

1. The Indian Ministry of Electronics Industry and Information Technology authorized all government departments in September 2017 to use 10% of the technology budget for security.

 

After an attack like WannaCry, India ranked 23rd in the United Nations in the 2017 Global Cybersecurity Index. Although India's performance in security is better than in the past, it does not completely eliminate risks.

 

Network security needs to keep pace with the times

The field of cybersecurity is a never-ending game of cats and mice. Hackers constantly try to attack and destroy the network. The biggest threat to the "Digital India" program may come from hackers anywhere in the world. Twenty years ago, 40-bit encryption was considered a high-tech encryption method, but this encryption can be cracked within a few minutes today.

Many companies have already switched to 128-bit and 256-bit encryption technologies. Aadhaar's database uses 2048-bit encryption protection.

Even so, with the rapid development of network technology, only by constantly adjusting and improving the protection methods can we adapt to the objective needs of the network era.


Cyber ​​security talent gap is difficult to fill

In fact, India does not have enough cyber security talents to protect its own cyber assets. The "Digital India" plan puts a lot of demand on top professionals, hoping to establish an anti-hacking system mechanism, using technologies such as blockchain and quantum computing, to ensure that it is not affected by cyber threats with a 24 hour × 7 day defense posture.

According to the National Association of Software and Service Companies (Nasscom) in India, India is working to reduce the gap between the demand for cybersecurity professionals and the available talent pool, but the gap is still huge. The lack of relevant professionals is also a global problem. Even by 2021, there will be 500,000 or more vacancies in cyber security in the United States.

 


 


Post a comment

0 Comments