Aadhaar is the national identities project of Government of India. The main benefit of Aadhaar is expected to be better decision making using modern analytics as citizens use such an identity to avail services from various government as well as private service providers; this necessarily involves building a huge store with necessary information on citizens such as mapping of ids to biometrics. Such stores raise many security and privacy concerns and therefore should be designed and analyzed very carefully. The threat model for such systems should address both internal and external attackers. Previous writings and research work [12] in this area have discussed problems such as illegal profiling and tracking of individuals, authentication without consent, collusion of multiple service providers leading to correlation of user data, and use of fake biometrics. While some analyses have focussed on cryptography to provide a solution, a comprehensive and workable solution for, say, illegal profiling, is still lacking, and there are also many problems from a systems perspective that need to be addressed such as access control models to constrain the access to sensitive data as well as integrity of its metadata. In this paper, we discuss solutions to such problems, esp illegal profiling.
[1]
Edgar A. Whitley,et al.
The identity project: an assessment of the UK Identity Cards Bill and its implications
,
2005
.
[2]
Gian Luca Foresti,et al.
Biometric Liveness Detection: Challenges and Research Opportunities
,
2015,
IEEE Security & Privacy.
[3]
David Wolinsky,et al.
Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities
,
2016,
CODASPY.
[4]
Meriam Jemel,et al.
Towards a Dynamic Access Control Model for E-Government Web Services
,
2010,
2010 IEEE Asia-Pacific Services Computing Conference.