India’s “Aadhaar” Biometric ID: Structure, Security, and Vulnerabilities

Tiwari, Pratyush Ranjan; Agarwal, D. K.; Jain, Parag; Dasgupta, Swagam; Datta, Preetha; Reddy, Vineet; Gupta, Debayan

doi:10.1007/978-3-031-18283-9_34

Cited by 7 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This breach is categorized as in the medical sector by Neto et al [14], possibly due to its relation to health services [56], including vaccines [57], despite Aadhaar being a biometric database also used for demographic, financial, and welfare policy entitlement data [58]. According to the reference linked to the incident in the dataset, Aadhaar actually suffered multiple breaches between 2017 and 2018, which may be due to known vulnerabilities, such as cryptographic issues observed in the system [59]. As countermeasures, besides a stronger encryption scheme, Tyagi et al [60] also suggest the adoption of security testing, the creation of a Computer Emergency Response Team (CERT), and a more effective integration with the private sector and their standards.…”

Section: Study Cases and Possible Mitigationmentioning

confidence: 99%

Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review

Pimenta Rodrigues,

Marques Serrano,

Lopes Espiñeira Lemos

et al. 2024

Data

View full text Add to dashboard Cite

Data breaches result in data loss, including personal, health, and financial information that are crucial, sensitive, and private. The breach is a security incident in which personal and sensitive data are exposed to unauthorized individuals, with the potential to incur several privacy concerns. As an example, the French newspaper Le Figaro breached approximately 7.4 billion records that included full names, passwords, and e-mail and physical addresses. To reduce the likelihood and impact of such breaches, it is fundamental to strengthen the security efforts against this type of incident and, for that, it is first necessary to identify patterns of its occurrence, primarily related to the number of data records leaked, the affected geographical region, and its regulatory aspects. To advance the discussion in this regard, we study a dataset comprising 428 worldwide data breaches between 2018 and 2019, providing a visualization of the related statistics, such as the most affected countries, the predominant economic sector targeted in different countries, and the median number of records leaked per incident in different countries, regions, and sectors. We then discuss the data protection regulation in effect in each country comprised in the dataset, correlating key elements of the legislation with the statistical findings. As a result, we have identified an extensive disclosure of medical records in India and government data in Brazil in the time range. Based on the analysis and visualization, we find some interesting insights that researchers seldom focus on before, and it is apparent that the real dangers of data leaks are beyond the ordinary imagination. Finally, this paper contributes to the discussion regarding data protection laws and compliance regarding data breaches, supporting, for example, the decision process of data storage location in the cloud.

show abstract

Section: Study Cases and Possible Mitigationmentioning

confidence: 99%

Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review

Pimenta Rodrigues,

Marques Serrano,

Lopes Espiñeira Lemos

et al. 2024

Data

View full text Add to dashboard Cite

show abstract

“…Several incidents related to NeIDS have already been reported, such as the Bangladesh data leak, where personal information (names, phone numbers, birth certificates, and national identification numbers) of millions of Bangladeshi citizens was exposed (Antoniuk, 2023). There was the Aadhaar case where more than 200 government websites exposed data from Indian citizens (Pratyush et al, 2022) and the Philippines election hack, in which biometric data from more than 70 million registered voters were stolen (Chi, 2016).…”

Section: Introductionmentioning

confidence: 99%

Moving Beyond Frameworks: Stakeholders' Perceptions of Risk Assessment in National Electronic Identity System

Edu,

Hooper,

Maple

et al. 2023

Preprint

View full text Add to dashboard Cite

National Electronic Identity System (NeIDS) has become crucial for verifying the identities of citizens and granting access to digital services in public and private domains. However, implementing NeIDS has raised concerns about security, privacy, and exclusion. Furthermore, conducting a comprehensive risk assessment for NeIDS is challenging, as it is interconnected, multifaceted, and relational. To understand the challenges faced by stakeholders during the risk assessment process and explore the reality of conducting a risk assessment for NeIDS, we conducted a qualitative study based on semi-structured interviews with 17 stakeholders. Following a thematic analysis of the interview transcript data, we found that i) stakeholders are concerned with assessment bias, political influences, lack of transparency, inclusion issues, and inadequate communication about the assessment process, and ii) there are key issues around framework considerations, implementation, regulation, and funding of risk assessments. Finally, we offer recommendations to ensure a fair, transparent, and inclusive assessment process.

show abstract