Privacy and Security of AadhaarA Computer Science Perspective
Shweta Agrawal, Subhashis Banerjee, Subodh Sharma
We thank Reetika Khera for the many discussions, and Ambuj Sagar,
Narayanan Kurur and the anonymous reviewer for suggestions on
improving the manuscript. The first author thanks Manoj Prabhakaran
for many helpful comments and Mihir Bellare for suggesting the use of
fuzzy extractors.
Shweta Agrawal (shweta.a@gmail.com) is with the Department of
Computer Science and Engineering, Indian Institute of Technology,
Madras.
Subhashis Banerjee (suban@cse.iitd.ac.in) and Subodh Sharma
(svs@cse.iitd.ac.in) are with the Department of Computer Science and
Engineering, Indian Institute of Technology, New Delhi.
The article investigates the privacy and security issues of
Aadhaar from a technology point of view. Specifically,
the possibilities of identification and authentication
without consent using the Aadhaar number or biometric
data, and unlawful access of Aadhaar data in the central
repository are examined.
The analysis suggests that
privacy protection in Aadhaar will require an
independent third party that can play the role of an
online auditor; study of several modern tools and
techniques from computer science; and strong legal and
policy frameworks that can address the specifics of
authentication and identification in a modern
digital setting.
1 Introduction
The Aadhaar project is the world’s largest national identity
scheme, launched by the Government of India,
which seeks to collect biometric and demographic data
of residents and store these in a centralised database. To date,
about 1.1 billion users have enrolled in the system. However,
serious concerns have been raised over the privacy and security
issues related to the Aadhaar project. In this article, we examine
some of these issues from a computer science perspective.
1.1 Background
Privacy concerns relating to the Aadhaar project have been the
subject of much heated debate recently (Express News Service
2016; NDTV 2016a). Positions taken by the government and
Unique Identifi cation Authority of India (UIDAI) on these issues
have been ambiguous. Arguing before a bench in the Supreme
Court, the Attorney General of India has claimed that Indian
citizens have no constitutional right to privacy (PTI 2015). This
is surprising not only because there are several interpretations
of constitutional provisions and judgments to the contrary
(Bhatia 2015; Kumar 2015) but also because it contravenes conventional
wisdom and best practices in digital authentication
and authorisation systems (Diffi e and Hellman 1979).
The finance minister, while getting the Aadhaar bill passed
as a money bill, announced that “the government presupposes
privacy as a fundamental right” and claimed that the bill has
tightened privacy provisions when compared to what was
there in the previous version (Scroll Staff 2016). However, neither
the government nor the UIDAI makes it clear what precisely
are the privacy concerns that are being addressed, what
precisely are the methods being deployed, and why the resulting
proposal is secure. The UIDAI (2014) does describe the security
measures it has put in place, but does not provide an
analysis of the measures with respect to perceived threat levels
and potential privacy breaches. This has resulted in an
overall confusion about the impact on privacy engendered by
the Aadhaar project.
On the other hand, several civil society activists and social
commentators (Arun 2016; Krishna 2017; Mehta 2017; Jayaram
2015; Ramanathan 2016; Vombatkere 2016; Makkar 2016; Duggal
2011; Dréze 2016) have expressed concerns about the weak
privacy provisions in the Aadhaar project and the bill. However,
while alerting to the possibilities of opening doors to
mass surveillance, we feel that some of the commentaries have
been unbounded in their criticisms and not entirely specific in
SPECIAL ARTICLE
94 september 16, 2017 vol liI no 37 EPW Economic & Political Weekly
their statements of concerns. The gist of most criticisms has
been that the use of biometrics and a unique identification
number (UIN), storage of biometric and demographic data, and
authentication trails in a central repository are necessarily
unsafe. However, whether breach of privacy is inevitable and
whether there may exist technological and legal provisions
which can make Aadhaar safe, are important questions that
have not been adequately addressed.
We note that some crucial lacunae in the identifi cation and
authentication processes of Aadhaar have been pointed out by
Centre for Internet & Society (CIS 2016), which also makes several
important suggestions, including implementation of recommendations
of Shah (Planning Commission 2012) and Sinha
(Lok Sabha Secretariat 2012) committees. Despite these, thorough
analyses of the possible ways in which privacy can be breached,
and possible countermeasures both from technological and
legal perspectives, remain missing. In this article, we endeavour
to fi ll in some of this gap from a technology point of view.
1.2 Perspectives on Aadhaar: Pros and Cons
At its core, the Aadhaar Act attempts to create a method for
identifi cation of individuals so as to provide services, subsidies
and other benefi ts to them. While the effectiveness of Aadhaar
to the extent claimed in preventing leakages in social welfare
schemes has been questioned (Khera 2011, 2015; Zhong 2016),
the advantages of computerisation and reliably maintaining
eligibility and distribution records in digital forms are well
accepted (Masiero 2015; Khera 2013). Any digitisation requires
indexes or unique IDs, and in social welfare schemes local
unique IDs like ration or job card numbers are typically used.
Standardising the digital record-keeping processes across
geo graphies and verticals and linking the local IDs with the
unique national identities provided by Aadhaar are tantamount
to virtually collating the different digital record tables
into one. Though the digital records may still be geographically
distributed, real-time access to the data, using the Aadhaar
IDs as handles, can then be provided to authorised central
and state agencies for audit, monitoring, analysis, and planning
purposes. Thus, the Aadhaar number provides a single index
across all services that may use Aadhaar.
Additionally, the Aadhaar project may provide the necessary
impetus to standardisation and digitisation of other domains as
well, many of which are long overdue. The Aadhaar IDs can be
used to create local IDs for digitisation of new verticals easily.
Even more importantly, Aadhaar can facilitate linking of local
IDs in currently isolated verticals like census, education, healthcare
and immunisation records, birth and death records, land
records, property registration, income tax, banking, loans and
defaults, police verifi cation and law enforcement, disaster
management, security and intelligence and such others.
Thus, Aadhaar may not only enable effi cient design, delivery,
monitoring, and evaluation of services in each domain
indi vidually but also offers the possibility of using modern data
analytics techniques for fi nding large-scale correlations in user
data that may facilitate improved design of social policy strategies
and early detection and warning systems for anomalies.
For example, it may be tremendously insightful to be able to
correlate education levels, family incomes, and nutrition
across the entire population; or disease spread with income
and education.
More generally, it may enable carrying out econometric
analysis, epidemiological studies, automatic discovery of latent
topics, and causal relationships across multiple domains of the
economy (UN Global Pulse 2012; McNabb et al 2009; Krishnamurthy
and Desouza 2014; Varian 2014; Einav and Levin 2014,
2013; Athey and Imbens 2015; Kleinberg et al 2015; McBride
and Nichols 2015). Indeed, extending the scope of Aadhaar
from just being an identification and authentication system for
social welfare schemes to a system which generates largescale
data and facilitates automated analysis and planning,
can potentially lead to far-reaching benefits.
At the same time, apart from the concerns of loss of privacy
and civil liberties, the Aadhaar project has attracted considerable
criticism for causing signifi cant disruptions and exclusions
in social welfare schemes (Johari 2016; NDTV 2016a, b;
Dréze 2016; Yadav 2016a, b; Khera 2016; Somanchi et al 2017),
both due to careless deployment and uncertainties in biometric
matching.
We believe that all the above issues, both for and against,
require careful analysis and rigorous evaluation; and that the
technological, legal, and policy frameworks need to be considerably
strengthened through debates and informed choices to
evolve an effective national identity scheme.
1.3 Our Goal
In the modern digital era, privacy protection does not demand
that data should not be collected, stored, or used, but that
there should be provable guarantees that the data cannot be
used for any purpose other than those that have been approved.
Recent advances in the discipline of computer science
offer several novel and powerful solutions to address many of
the privacy and security challenges posed by the Aadhaar project.
Our goal is to carefully examine the security concerns,
survey the technological tools that may aid us, and provide a
fi rst order analysis of what might be feasible.
Our approach is as follows. We first capture the functionality
desired by the Aadhaar project. Next, we analyse the security
risks and vulnerabilities engendered by each entity and each
communication link in the Aadhaar model. We examine the
security measures proposed by UIDAI and discuss where these
may be lacking. We elucidate recent tools from computer science,
particularly from the fields of cryptography and security,
which may assist in providing safeguards: this puts some
stated concerns to rest while simultaneously raising multiple
unforeseen issues.
2 The Aadhaar Model
In this section, we describe the various entities involved in
Aadhaar and their interdependencies, which will enable us to
reason about its privacy and security requirements. The
Aadhaar authentication and identity verifi cation system comprises
the following entities (UIDAI 2016b):
SPECIAL ARTICLE
Economic & Political Weekly EPW september 16, 2017 vol liI no 37 95
Central Identities Data Repository: The UIDAI is responsible
for providing the basic identification and authentication services.
It provides a unique identifier (Aadhaar number) to each
resident and maintains their biometric and demographic data
in a Central Identities Data Repository (CIDR). The UIDAI manages
the CIDR and provides identifi cation and authentication
services with yes/no answers.
Authentication user agency: This agency provides services to
users that are successfully authenticated. Thus, an authentication
user agency (AUA) connects to the CIDR and uses aadhaar
authentication to validate a user and enable its services. Examples
of AUAs and services are banks, various state and central
government ministries providing services such as the public
distribution system (PDS), the Mahatma Gandhi National Rural
Employment Guarantee Scheme (MGNREGS), and even private
agencies like mobile phone operators. The responsibility of logistics
of service delivery rests with the AUAs.
In this federated
model, an AUA may choose to use only Aadhaar identifi cation,
or also authentication in conjunction with their own legacy
identification and authentication systems. An AUA is required
to enter into a formal contract with UIDAI to be able to use Aadhaar
authentication services.
Authentication service agency: This is an entity that has a
secure leased line connectivity with the CIDR. Authentication
service agencies (ASAs) transmit authentication requests to
CIDR on behalf of one or more AUAs. An ASA enters into a formal
contract with UIDAI.
Users: These comprise the residents of the country who enrol
themselves with UIDAI and are issued UINs (Aadhaar numbers).
A user has to present this number as the basic identifi cation
to an AUA for availing Aadhaar authentication services.
The Aadhaar number for a user is common across all AUAs and
service domains.
Point of sale: This device, also known as authentication device,
collects personal identity data from Aadhaar holders,
prepares the information for transmission, transmits the
auth entication packets for authentication, and receives the authentication
results.
Enrolment station: This is a collection of fi eld devices used by
enrolment agencies appointed by UIDAI to enrol people into
the Aadhaar database and capture their demographic and
biometric particulars.
The Aadhaar number is common across all AUAs and service
domains. The framework (without the enrolment station) is
captured in Figure 1.
3 Definitions, Assumptions and Requirements
In this section, we do a requirement analysis for privacy and
security. To begin with, we provide some definitions.
3.1 Identity Verification vs Authentication
Aadhaar is a national identity project, but we believe that the
subtle difference between identity verification and authentication
is itself not well understood, and this leads to confusions
in policymaking and deployment. Below, we attempt to fi rst
demarcate the two concepts.
According to standard notions of digital authentication, a
security principal (a user or a computer), while requesting
access to a service, must provide two independent pieces of
information—identity and authentication. Whereas identity
provides an answer to the question “who are you?,” authentication
is a challenge-response process that provides a “proof of
the claim of identity,” typically using an authentication credential.
Common examples of identity are user ID (login ID),
cryptographic public keys, email IDs, ATM, or smart cards;
some common authentication credentials are passwords (including,
one-time passwords [OTPs]), PINs and cryptographic
private keys.
Identity may be considered public information but an
authentication credential must necessarily be private—
a secret that is known only to the user. Moreover, authentication
must be a conscious process that requires active participation
by a user, but not necessarily so for identity verification.
For example, a bank may want an identity verification
while opening an account at which stage no secret like
a password is usually necessary, but a user needs to authenticate
with a PIN for transactions like ATM withdrawals. No
publicly known information should be used as an authentication
credential.
3.2 Privacy Protection: Fundamental Assumptions
To determine the extent to which security and privacy are
achieved, we must fi rst defi ne the desired expectations in this
context. Our analysis is based on certain assumptions, which
we believe are fundamental. Authentication without consent
should never be possible under any circumstances. Identifi cation
without consent should also not be possible except in
some special situations like disaster management, identifi cation
of accident victims, law enforcement and such others. It
should be noted that providing one’s identity for obtaining
services in any local context is always with consent.
Figure 1: The Aadhaar Authentication Framework
Aaadhar User
UIDAI’s CIDR
YES/NO Response
YES/NO Response
ASA Communication
AUA
2 6
3
5
4
1 7
ASA Repository
Authentication Devices
Updates and
Confirmations
AUA Specific Communication
Authenticated Request Service
Delivery
Source: Figure inspired from UIDAI 2016b.
SPECIAL ARTICLE
96 september 16, 2017 vol liI no 37 EPW Economic & Political Weekly
Unapproved profi ling, tracking, and surveillance of individuals
should not be possible. There should be suffi ciently strong
measures to prevent such breaches in privacy, with user-verifi -
able proof of the same.
The technical implementation of privacy
and security must be provably correct with respect to the
legal framework. The legal framework, in turn, needs to be
suitably enhanced with special provisions to protect the privacy
of individuals and society in an advanced information
technology setting.
3.3 Possible Ways of Breach of Privacy
In what follows, we briefly examine the various ways in which
the privacy of an individual can be compromised in a setting
such as in Aadhaar.
Correlation of identities across domains: It may become
possible to track an individual’s activities across multiple
domains of service (AUAs) using their global Aadhaar IDs
which are valid across these domains. This would lead to identifi
cation without consent.
Identity theft: This may happen through leakage of biometric
and demographic data, either from the central repository, or
from a POS or enrolment device.
Identifi cation without consent using Aadhaar data: There
may be unauthorised use of biometrics to illegally identify
people. Such violations may include identifying people by
inappropriate matching of fingerprint or iris scans or facial
photographs stored in the Aadhaar database, or using the
demographic data to identify people without their consent and
beyond legal provisions.
Illegal tracking of individuals: Individuals may be tracked or
put under surveillance without proper authorisation or legal
sanction using the authentication and identification records
and trails in the Aadhaar database, or in one or more AUA’s
databases. Such records will typically also contain information
on the precise location, time, and context of the authentication
or identifi cation and the services availed.
We wish to emphasise that “insider attacks” are the most
dangerous threats in this context. For instance, the last three
attacks above are much more likely if the attacker can collude
with an insider with access to various components of the
Aadhaar system.
3.4 Requirement Analysis for Privacy Protection
In view of the above, effective privacy protection not only
requires protecting the Aadhaar system from external attacks
but from internal attacks as well. This requires strong guarantees
on securing the data, logs and the transaction trails in the
Aadhaar and the AUA systems.
UIDAI cannot be trusted against possible system hacks, insider
leaks, and tampering of authentication records and audit
trails. Indeed, the identity verification and authentication
providing applications running on UIDAI computer systems
should be trustworthy even when the UIDAI systems and the
network cannot be trusted.
Manual inspection of user data, authentication records, and
audit trails should not be allowed. In special cases of properly
authorised investigations, such inspections may only be possible
through pre-approved, audited, and provably tamper-proof
computer programmes, and an accurate tamper-proof record
of the entire investigation and digitally signed authorisation
chain must be maintained at all times.
The enrolment agencies and the enrolment devices cannot
be trusted from data privacy and security points of view; neither
can the POS devices and various AUAs, whether government
or private, be trusted for data protection.
AUAs cannot be trusted with biometric and demographic
data; neither can they be trusted with sensitive user data of
private nature (for example, medical and immunisation records,
etc). All provisions of data privacy and security that
apply to UIDAI must also apply to the AUAs. Strong legal and
policy frameworks are required to ensure this.
It should not be possible to correlate identities across application
domains, except on suitably anonymised data through
pre-approved, audited, and provably tamper-proof computer
programs for carrying out data analysis.
In what follows, we discuss the various threats and vulnerabilities
that result from the Aadhaar project in more detail and
analyse the measures adopted by the UIDAI against these. We
also suggest a few possibilities of enhancing the privacy and
security protections.
4 Authentication without Consent
As we have already discussed, authentication without consent
should not be possible under any circumstances. Additionally,
it should be possible to revoke an authentication credential in case
it is compromised, with the identity of the individual remaining
intact. UIDAI defi nes Aadhaar authentication as follows:
Aadhaar authentication is the process wherein Aadhaar number,
along with other attributes (demographic/biometrics/OTP) is submitted
to UIDAI’s Central Identities Data Repository (CIDR) for verifi cation;
the CIDR verifi es whether the data submitted matches the data
available in CIDR and responds with a Yes/No. No personal identity
information is returned as part of the response. (UIDAI 2016a)
The UIDAI (2016a) goes on to define five types of Aadhaarbased
authentication:
Type 1 authentication: Through this offering, service delivery
agencies can use Aadhaar authentication system for matching
the Aadhaar number and demographic attributes (name, address,
date of birth, etc) of a resident.
Type 2 authentication: This offering allows service delivery
agencies to authenticate residents through OTP delivered to
their mobile number and/or email address present in CIDR.
Type 3 authentication: Through this offering, service delivery
agencies can authenticate residents using one of the biometric
modalities, either iris or fi ngerprint.
SPECIAL ARTICLE
Economic & Political Weekly EPW september 16, 2017 vol liI no 37 97
Type 4 authentication: This is a two-factor authentication offering
with OTP as one factor and biometrics (either iris or fi ngerprint)
as the second factor for authenticating residents.
Type 5 authentication: This offering allows service delivery
agencies to use OTP, fingerprint, and iris together for authenticating
residents.
Thus, we see that authentication is implemented in
Aadhaar via the mechanisms of passwords and biometric information.
However, in the usage of biometrics, we believe
there is an implicit confusion between the concepts of identity
verification and authentication. In the above usage, biometric
information is used for authentication relying on the unstated
assumption that this information is private. However, we argue
that biometric data is public: for instance, people’s fingerprints
can be lifted without their consent from a variety of
objects that they may touch and their iris data may be picked
up by high resolution, directional cameras from a distance.
Even DNA information can be obtained from the objects that
users may touch (Houck and Houck 2008). Hence, fraudulent
presentation of biometric data for authentication, without
conscious participation by a user, is a definite possibility
(Akhtar 2012).
Another difficulty with using biometrics as authentication
credentials is that revoking biometrics like fi ngerprints or iris
for a compromised user is problematic
1
The analysis in the prior section leads us to conclude that
the usage of only biometrics in the context of Aadhaar authentication
(Type 3 authentication above) has significant problems.
Type 1 authentication is susceptible to the same problem,
since it also uses public information for authentication. It will
be necessary to use other factors, like trustworthy manual
oversight, in conjunction with these modalities for authentication.
The other types use at least one private modality and are
hence safe.
We note that biometrics can certainly be very useful for identity
verification. A careful case analysis must be performed to
delineate whether identity verification or authentication is required
in any given context, and UIDAI should appropriately
change its authentication architecture to account for the above.
Also, the legal and policy frameworks must make a clear distinction
between authentication and identity verifi cation.
5 The Aadhaar Number and the Possibility
of Identification without Consent
The Aadhaar number is at the heart of the Aadhaar scheme
and is one of the biggest causes of concern. Recall that the
Aadhaar number is a single unique identifi er that must
function across multiple domains.
Given that the Aadhaar number must necessarily be disclosed
for obtaining services, it becomes publicly available, not
only electronically but also often in human readable forms as
well, thereby increasing the risk that service providers and
other interested parties may be able to profile users across
multiple service domains. Once the Aadhaar number of an individual
is (inevitably) known, that individual may be identified
without consent across domains, leading to multiple breaches
in privacy (Makkar 2016; CIS 2016; LSE 2005).
Another worrisome issue is that of identity theft, and its
potential for damage now increases manifold. As an illustrative
example, let us consider the United States (US) Social
Security Number (SSN) (SSA 2017). The primary difference
between Aadhaar and SSN is that the SSN does not have any
biometric identifier attached and it does not support authentication.
The SSN associated with a person provides a single
interface to the person’s dealings with a vast number of public
and private bodies, very similar to how the usage of the Aadhaar
number is being envisaged. While this facilitates use of
administrative data for useful data analytics (McNabb et al
2009), the ease of obtaining the SSN from across public and
private databases also results in extremely high number of
identity theft cases in the US (LSE 2005: 100).
The UIDAI does acknowledge the possibility of breach of privacy
that can arise due to the use of a single identifier across
multiple domains and recommends that the AUAs should use
only domain specific identifiers in their dealings with people
(UIDAI 2011:7). Examples of domain specific identifiers are
bank account numbers, passport numbers, driving licence
numbers, ration card numbers, etc. The UIDAI mandates that
the AUAs should maintain a mapping between their domain
specifi c identifi ers and the global Aadhaar numbers at their
back end. The UIDAI does not maintain any such mapping and
assumes that there cannot be any breach of privacy from the
UIDAI because the mappings are unidirectional.
This, however, does not fully mitigate the risks and, the
possibility of leakage of the Aadhaar number from an AUA—either
from the database, or during “know your customer” (KYC)
processes, or even during availing services—cannot be ruled
out. In particular, there appear to be no safeguards or even
guidelines, either technical or legal, on how the Aadhaar number
should be maintained and used by various AUAs in a cryptographically
secure way, and how to prevent the Aadhaar
number of an individual from becoming public. In fact, in
many of the schemes that require Aadhaar authentication, it is
necessary to provide the Aadhaar number as a public identifi er
which violates UIDAI’s own recommendations. With such weak
provisions, identifi cation without consent and correlation of
identities across application domains without approval remain
as real possibilities. Additionally, since the Aadhaar number is
supposed to be valid for life (UIDAI 2011), it cannot easily be
revoked in case of an identity theft or if the Aadhaar number is
compromised in any other way.
Thus, linking individuals across domains with a global identifi
er for legitimate data analysis and the possible loss of privacy
because of the correlation of identity across domains such
a global identifier facilitates are conflicting requirements. An
alternative and more principled strategy to resolve the conflict
would be for the UIDAI to issue different local identifi ers
(different Aadhaar numbers) for different domains, but to
cryptographically embed in to all local identifi ers a unique
“master identifier.” Several alternatives are possible. One may
design the identifiers so that no linking across domains is
SPECIAL ARTICLE
98 september 16, 2017 vol liI no 37 EPW Economic & amp; Political Weekly
possible at all and it is impossible to isolate the global signature
from any of the local identifiers. The linking then becomes
unidirectional, but in the reverse direction to what UIDAI has
currently suggested.
Alternatively, one may allow limited linking across domains,
either bidirectional or even unidirectional. The London
School of Economics and Political Science (LSE 2005) identity
report actually suggests such a scheme. Correlation across
multiple domains using the master identifier, through cryptographically
secure and pre-approved data analytics software,
will always be possible in such a scheme. Sufficiently strong
cryptographic measures should be used to embed the master
identifier in to the local ones to prevent against possible external
correlation attacks. Also, a major shift in the policy framework
is necessary to reverse the direction of linking.
6 Protection of User Data
In Section 2, we discussed that a major threat to privacy of users
arises from the possibility of insider attacks. In this section, we
discuss the possibilities of securing Aadhaar from such threats.
6.1 Threat Levels
In what follows, we outline the various levels of threat that are
possible and measures that can be taken in each case.
Among others, this scenario is common in internet banking,
where the application and authentication servers are usually
the same; in campus networks, where snooping and attacks
are fairly common; and in various internet and mobile application-based
services that use Google or Facebook for authentication.
The basic security requirements in such situations are
that the authentication servers and the application servers
must authenticate themselves to each other and to the clients,
to prevent against possible man-in-the-middle attacks (Wikipedia
2016f); and user credentials and other critical data must
never travel over the network in unencrypted form. The above
requirements can be met via a slew of known techniques,
almost all of which rely on public key cryptography (PKI)
(Wikipedia 2016h).
This is a more challenging security situation where, in addition
to the above, one also has to worry about data leaks from
the servers, either due to hacking or even due to insider leaks.
Some common countermeasures are:
(i) the authentication
servers must never store any user credentials and may only
store a Hash (Wikipedia 2016a), a value computed from user
credential(s) using a non-invertible function, and use it for
matching. Then, user credentials can never leak;
(ii) all critical
data, records and logs must be stored only in encrypted
forms on the servers. The decryption keys should not be easily
accessible;
and (iii) there must be provisions for tamper detection
for both data and programs.
Popular solutions to realise the above-mentioned countermeasures,
such as secure hash algorithms (SHA-n) (Wikipedia
2016i, a) and Kerberos authentication protocol (Wikipedia 2016d)
do exist and are frequently employed.
In even stricter situations, one may require in addition that
the authentication servers must never store any information
about user credentials, not even a hash. Also, no process at the
authentication servers should be able to glean any information
whatsoever about user credentials from the information exchange
during an authentication process.
Stronger guarantees
for tamper detection should be employed. In particular, the
authentication and other servers must be able to prove to any
designated auditor that they have not been tampered with and
are running only pre-approved and inspected computer programs.
The servers must also be able to prove that none of
their data, including records and log fi les, have been manually
inspected or modified.
In almost all internet applications, including banking, it is
tacitly assumed that the client access devices mobiles and
handhelds, laptops and desktop computers are trusted, and
the responsibility of data protection in these devices is passed
on to the users. However, in special situations where the access
devi ces are not owned by the users but are supplied by service
providers, the users may have a right to be assured that data
and credentials cannot be compromised from the access devices.
Examples of such access devices are ATMs, Aadhaar enrolment
stations, and other POS terminals. In all such cases,
one may require that a client terminal or a POS device must be
able to prove at all times to the server, and also to any approved
third party auditor, that it has not been tampered with
and does only what it is supposed to do. It should also be able
to provide such a proof to a discerning user.
6.2 Analysis of UIDAI Measures
The security and privacy infrastructure of UIDAI has the following
main features (UIDAI 2014):
(i) There is 2048 bit PKI (Wikipedia 2016h) encryption of biometric
data in transit and end-to-end encryption from enrolment/POS
to CIDR.
(ii) There are trusted network carriers (ASAs) between CIDR
and AUAs. Effective precaution has been taken against denial
of service (DOS) attacks.
(iii) HMAC (Wikipedia 2016c) based tamper detection of PID
(personal identity data) blocks, which encapsulate biometric
EPWRF India Time Series
Expansion of Banking Statistics Module
(State-wise Data)
The Economic and Political Weekly Research Foundation (EPWRF) has
added state-wise data to the existing Banking Statistics module of its online
India Time Series (ITS) database.
State-wise and region-wise (north, north-east, east, central, west and south)
time series data are provided for deposits, credit (sanction and utilisation),
credit-deposit (CD) ratio, and number of bank offi ces and employees.
Data on bank credit are given for a wide range of sectors and sub-sectors
(occupation) such as agriculture, industry, transport operators, professional
services, personal loans (housing, vehicle, education, etc), trade and fi nance.
These state-wise data are also presented by bank group and by population
group (rural, semi-urban, urban and metropolitan).
The data series are available from December 1972; half-yearly basis till June
1989 and annual basis thereafter. These data have been sourced from the
Reserve Bank of India’s publication, Basic Statistical Returns of Scheduled
Commercial Banks in India.
Including the Banking Statistics module, the EPWRF ITS has 16 modules
covering a range of macroeconomic and fi nancial data on the Indian economy.
For more details, visit www.epwrfi ts.in or e-mail to: its@epwrf.in
SPECIAL ARTICLE
Economic & Political Weekly EPW september 16, 2017 vol liI no 37 99
and other data at the fi eld devices, is one of the security
features of the UIDAI infrastructure.
(iv) There is registration and authentication of AUAs.
(v) Within CIDR, only a SHA-n Hash (Wikipedia 2016i) of Aadhaar
number is stored.
(vi) Audit trails are stored SHA-n encrypted (Wikipedia 2016o),
possibly also with HMAC (Wikipedia 2016c) based tamper
detection.
(vii) Only hashes of passwords and PINs are stored. Biometric
data are stored in original form though.
(viii) Authentication requests have unique session keys and
HMAC (Wikipedia 2016c). There is protection against replay
attacks.
(ix) Resident data is stored using 100-way sharding (vertical
partitioning) (Wikipedia 2016j). First two digits of Aadhaar
number are used as shard keys.
(x) All enrolment and update requests link to partitioned databases
using RefIDs (coded indices).
(xi) All system accesses, including administration, through a
hardware security module (HSM) (Wikipedia 2016b) which
maintains an audit trail.
(xii) All analytics are carried out only on anonymised data.
While these measures appear to be quite reasonable against
external attacks, they may not be enough to forestall insider
attacks. Though the safeguards adequately address the threat
scenario, they are not adequate for the threat levels described
in Section 6.1. For something as important as the national
identity project, one will have to assume that the biggest security
and privacy threats come from insider leaks. These include
possible unauthorised and surreptitious examination of data,
transaction records, logs and audit trails by personnel with
access, leading to profi ling and surveillance of targeted groups
and individuals, perhaps at the behest of interested and infl uential
parties in the state machinery itself. Hence, one would
ideally like to have provisions to guard against the threat levels
described in Section 6.1.
There are a number of apparent weaknesses in the system.
Most of the security measures are based on cryptographic
encryption techniques that require cryptographic keys to
decode. Protection of these keys is of great importance, and it
is necessary to have suitable measures to do so. Currently, we
do not fi nd mention of any such measures, and we believe that
assuming trust in this context is a signifi cant vulnerability.
We do not believe that HSMs (Wikipedia 2016b), which are
also under the administrative control of the same organisation,
offer adequate protection against insider attacks for
something as crucial as the national identity verifi cation and
authentication system.
There appears to be no well-defi ned and cryptographically
sound approval procedure for data inspection, whether for investigation
or for analytics. This makes the system extremely
open to abuse. There appears to be no well-defi ned procedure
for audit and approval of various UIDAI programs and software.
In particular, one would like to be able to establish that the
programs have not been tampered with and are doing precisely
what they are supposed to do.
There appears to be no proper tamper detection and runtime
audit of the fi eld devices, including enrolment stations, to
ensure that they are functioning true to specifi cations, and
that there is no possibility of data leakage from the fi eld
devices. Without such measures it will have to be assumed that
leakage of data is always possible.
Finally, we note that user biometric data are stored in the
central repository, perhaps encrypted, but this still violates an
important safeguard that we mentioned in Section 6.1 that user
credentials should never be stored on the server. Unless there
are some specifi c reasons to store the original biometric data,
it may be safer to store only non-invertible intermediate representations
which are suffi cient for matching (Tulyakov et al
2005; Dodis et al 2004).
6.3 Possible Measures against Insider Attacks
Our starting point is that the environment in which the CIDR
programs (code) are executed cannot be assumed to be trusted.
One must address the possibility that the attacker has full
access to the computer programmes that may be running on
the UIDAI database. This may include both the source code and
the runtime environment.
How can one hope to secure such a system against insider
attacks? We believe that two independent lines of defence are
required: First, there has to be an independent third party that
can play the roles of an online auditor and keeper of cryptographic
keys; and second, several modern tools and techniques from
computer science offer (partial) solutions to these problems.
These need to be studied, evaluated and appropriately deployed.
In what follows, we briefl y describe each of these.
Note that although critical data and transaction logs are
maintained encrypted within the UIDAI, the decryption keys
are also stored in the UIDAI systems. Since the decryption must
happen routinely, the computer programs running in the UIDAI
systems must be able to access these keys. There is no reason
to believe that these keys cannot be retrieved with the collusion
of multiple parties within the UIDAI in which case the data
may be illegally accessed.
Distributed key management: At least a part of every crucial
decryption key must remain with the third party, and a distributed
key management protocol (Wikipedia 2016e) must
be put in place. The third party must share the portion(s) of
the key(s) it holds with a corresponding computer program in
the CIDR at run-time, through a secure channel, only after
authenticating the genuineness of the program using a secure
certifi cate and verifying that the program has not been
tampered with.
Audit and approval of UIDAI programs: To enable the above,
it will be necessary for the auditor to examine, approve and
cryptographically sign every program that may run in the
CIDR. Thereafter, these programs should periodically during
run-time and on demand cryptographically prove to the
auditor’s programs that they are genuine and have not been
tampered with.
SPECIAL ARTICLE
100 september 16, 2017 vol liI no 37 EPW Economic & Political Weekly
Audit of data inspection: All data inspection, including those
through special purpose programs for data analytics, should
be digitally approved by the auditor.
There has to be proper legal provisions for setting up such
online third-party audit and key-management systems.
Even with the above measures in place, the complete decryption
keys will have to reside in the memory of the UIDAI
computer systems at some point during the execution. A welltrained
system administrator, with access to the hardware
and the operating system, may still be able to access the decryption
keys from the system’s memory. There are a variety
of tools in computer science that may provide a defence
against such attacks at the time of execution. We describe
some of them below.
Storing hash of biometric data: Since the Aadhaar database
stores sensitive biometric data of individuals, a useful strategy
to protect this data is to store only a non-invertible hash of biometric
data, which converts a string representing biometric
data to a nearly uniform random string which does not leak
any information about the individual. Some techniques to
achieve these are fuzzy extractor (Dodis et al 2004) and symmetric
hashing (Tulyakov et al 2005).
Tamper-proof code: A signifi cant cause of concern is that a
malicious insider may be able to modify the code so that it behaves
arbitrarily. Such attacks are dangerous not just in terms
of denial of service but also because arbitrary behaviour may
lead to leakage of secrets embedded in the code.
Third-party audit will be required to set up the processes
to ensure that the code is tamper free. The third-party
auditors can rely on known practices in the formal verifi cation
and validation literature (such as CFI, model checking,
static code analysis, etc (Wikipedia 2016k) to realise sought
countermeasures.
Tamper-proof hardware: In addition to software solutions,
tamper-resistant hardware may also be leveraged for protection
of cryptographic keys or data. Trusted hardware may be leveraged
to provide sought integrity and confi dentiality. Here
again, setting up and the safe-keeping of the trusted hardware
has to be entrusted to a third party organisation different from
the UIDAI. For instance, Intel’s Software Guard Extensions
(Costan and Devadas 2016) and its forerunners provide handy
off-the-shelf solutions for trusted hardware.
Secure multiparty computation: Another method to secure
keys or other private inputs is offered by the fi eld of
secure multiparty computation. Secure multiparty computation
(Wikipedia 2016g) is a fi eld of cryptography that allows
several mutually distrustful parties, each wishing to maintain
privacy of their input data, to perform some computation
on their joint data. This ensures that even if one server is
hacked into, the data remains protected. Secure multiparty
computation can be used to answer queries on the data distributed
across servers.
Homomorphic and functional encryption: Another security
threat is the possibility of server breaches, whether the
attack is launched from inside or outside the organisation. To
prevent a server breach from leaking valuable user data, critical
data needs to be stored on the server in an encrypted
form. In order to perform analytics directly over encrypted
data, one could resort to homomorphic and functional encryption
techniques (Sahai and Waters 2005; Gentry 2009)
or symmetric searchable encryption (Bellare et al 2007;
Curtmola et al 2011).
White-boxing and code obfuscation: Another useful class of
defences against insider attacks comes from techniques developed
in the area of white-box cryptography. Typically, one
ass umes that attacks are black box, that is an attacker has access
to the input and the output of a program, but not to the
internal workings of the program. However, an insider may
have full access to the source code and the binary fi le running
on the system, and also the corresponding memory pages during
execution. Additionally, the attacker can also possibly
make use for debuggers and emulators, intercept system calls
and, tamper with the binary and its execution. Such attacks
are called white-box attacks, and white-box cryptography
(Wyseur 2008) aims to implement cryptographic procedures
in software that transform and obfuscate code and data in
such a way so that the cryptographic assets remain secure
even when subject to white-box attacks.
6.4 Securing Field Devices
Finally, client access devices (or POS devices) can broadly be
understood to have the same critical components that CIDR
servers have: hardware (the device itself) and the application(s)
running on the device. Solutions to secure client devices are
no different than the solutions for servers that we discussed
above.
7 Conclusions
We have analysed the Aadhaar project from the points of view
of privacy and security, and have pointed out some technical
weaknesses and possible remedies. We summarise our analysis
and key fi ndings in Table 1 (p 101).
Thus, though there are serious privacy concerns at present,
we believe that Aadhaar can be made safe from a technology
perspective with due diligence. The legal framework, however,
needs to be more specifi c and requires signifi cant
strengthening. Perhaps the single-most important specifi c
question that begs answering is who should have the right to
verify the identity of an individual, and under what circumstances?
Above all, we believe that the Aadhaar project
requires informed and comprehensive policy debates, covering
all angles, to realise its full effectiveness without causing
the kind of privacy concerns and disruptions that have been
reported.
The effectiveness of biometric identifi cation and to what
extent are the biometric features required are remaining important
questions that require further study.
SPECIAL ARTICLE
Economic & Political Weekly EPW september 16, 2017 vol liI no 37 101
Table 1: Summary of Our Analysis and Recommendations
Issue Shortcoming in UIDAI Measures Key Recommendations
Authentication without consent • Biometric and demographic data are public; • Demarcate identity verification and authentication.
hence, can be used without consent • Strengthen legal and policy frameworks
See Sections 3 and 4 for details.
Identification without consent • Unidirectional linking from AUA-specific • Unidirectional linking from Aadhaar id to AUA-specific IDs
using Aadhaar number local IDs to Aadhaar ID
• No guidelines on safe maintenance of • Cryptographically embed Aadhaar id into AUA-specific IDs
Aadhaar numbers by AUAs. making correlation impossible
• Vulnerable to correlation of identity across domains. See Section 5 for details.
Unlawful access of CIDR data leading • Inadequate protection against insider • Separate administrative control for online audit and key management
to profiling, tracking and surveillance attacks on CIDR data • Legal framework for the above
• CIDR data encrypted but the decryption • Only hashes of biometric data must be stored on servers
keys reside in CIDR • Manual inspection of CIDR data must not be possible
• UIDAI human managers can have access • Only pre-approved and audited computer programs
to decryption keys with tamper-proof guarantees should access CIDR data
• All investigations and analyses only with prior audit
and approval through pre-approved computer programs
• Tamper-proof guarantees for field devices
• Adopt modern tools from computer science to implement the above
protections
See Section 6 for details.
Note
1 We note that there is a notion of cancellable
biometrics, but this is still in the research
domain (Patel et al 2015; Tulyakov et al 2005)
and may not yet integrate well with commercial
matching software.
References
Akhtar, Zahid (2012): “Security of Multimodal Biometric
Systems against Spoof Attacks,” PhD Diss,
Department of Electrical and Electronic Engineering,
University of Cagliari, https://pralab.diee.
unica.it/sites/default/fi les/Akhtar_PhD2012.pdf.
Arun, Chinmayi (2016): “Privacy Is a Fundamental
Right,” Hindu, 18 March, http://www.thehindu.
com/opinion/lead/lead-article-on-aadhaar-billby-chinmayi-arun-privacy-is-a-fundamentalright/article8366413.ece.
Athey, Susan and Guido W Imbens (2015): “Machine
Learning for Estimating Heretogeneous Casual
Effects,” Working Paper No 3350, Stanford University,
https://www.gsb.stanford.edu/facultyresearch/working-papers/machine-learningestimating-heretogeneous-casual-effects.
Bellare, Mihir, Alexandra Boldyreva and Adam
ONeill (2007): “Deterministic and Effi ciently
Searchable Encryption,” Advances in Crypto logy–
CRYPTO 2007, pp 535–52.
Bhatia, Gautam (2015): “Sorry, Mr Attorney-General,
We Do Actually Have a Constitutional Right to
Privacy,” Wire, 28 July, https://thewire.in/
7398/sorry-mr-attorney-general-we-do-actually-have-a-constitutional-right-to-privacy/.
CIS (2016): “List of Recommendations on the
Aadhaar Bill, 2016: Letter Submitted to the
Members of Parliament,” Centre for Internet &
Society, https://cis-india.org/internet-governance/blog/list-of-recommendations-on-theaadhaar-bill-2016.
Costan, Victor and Srinivas Devadas (2016): “Intel
SGX Explained,” IACR Cryptology ePrint Arc
hive, 86, https://eprint.iacr.org/2016/086.pdf.
Curtmola, Reza, Juan Garay, Seny Kamara and
Rafail Ostrovsky (2011): “Searchable Symmetric
Encryption: Improved Defi nitions and Effi cient
Constructions,” Journal of Computer Security,
Vol 19, No 5, pp 895–934.
Diffi e, Whitfi eld and Martin E Hellman (1979):
“Privacy and Authentication: An Introduction
to Cryptography,” Proceedings of the IEEE, Vol 67,
No 3, pp 397–427, http://ieeexplore.ieee.org/
stamp/stamp.jsp?arnumber=1455525.
Dodis, Yevgeniy, Leonid Reyzin and Adam Smith
(2004): “Fuzzy Extractors: How to Generate
Strong Keys from Biometrics and Other Noisy
Data,” International Conference on the Theory
and Applications of Cryptographic Techniques,
Switzerland, Conference proceedings EUROCRYPT
2004, pp 523–40.
Drèze, Jean (2016): “The Aadhaar Coup,” http://
www.thehindu.com/opinion/lead/jean-drezeon-aadhaar-mass-surveillance-data-collection
/article8352912.ece.
Duggal, Pavan (2011): “Does the UID Project Infringe
on Privacy?,” http://www.business-stan dard.
com/article/opinion/does-the-uid-project-infringe-on-privacy-111080300006_1.html.
Einav, Liran and Jonathan D Levin (2013): “The Data
Revolution and Economic Analysis,” Working
Paper 19035, National Bureau of Economic Research,
http://www.nber.org/papers /w19035.
— (2014): “Econo mics in the Age of Big Data,”
Science, Vol 346, No 6210, http://science.sciencemag.org/content/
346/6210/1243089.
Express News Service (2016): “Aadhar Bill Passed in
Lok Sabha, Opposition Fears Surveillance,”
Indian Express, 12 March, http://indianexpress.
com/article/india/india-news-india/aadharcard-uid-bill-lok-sabha-arun-jaitley/.
Gentry, Craig (2009): “Fully Homomorphic Encryption
Using Ideal Lattices,” Proceedings of the
Forty-fi rst Annual ACM Symposium on Theory
of Computing (STOC 2009), pp 169–78.
Houck, Max and Lucy Houck (2008): “What Is Touch
DNA?,” Scientifi c American, http://www.scientifi
camerican.com/article/experts-touch-dnajonbenet-ramsey/.
Jayaram, Malavika (2015): “Aadhaar Debate: Privacy
Is Not an Elitist Concern It’s the Only Way to
Secure Equality,” Scroll.in, 15 August, http://
scroll.in/article/748043/aadhaar-debate-privacy-is-not-anelitist-concern-its-the-only-wayto-secure-equality.
Jennifer McNabb, David Timmons, Jae Song and
Carolyn Puckett (2009): “Uses of Administrative
Data at the Social Security Administration,”
Social Security Bulletin, Vol 69, No 1, https://www.
ssa.gov/policy/docs/ssb/v69n1/v69 n1p75.html.
Johari, Aarefa (2016): “In Drought-hit Saurashtra,
Poor Internet Network Can Often Mean No
Food Rations,” Scroll.in, 29 June, http://scroll.
in/article/810683/in-drought-hit-saurashtrano-internetcan-often-mean-no-food-rations.
Khera, Reetika (2011): “The UID Project and Welfare
Schemes,” Economic & Political Weekly, Vol 46,
No 9.
— (2013): “Lessons from the East Godavari Pilot,”
Hindu, 11 April, http://www.thehindu.com/
opinion/lead/lessons-from-the-east-godavaripilot/article4603273.ece.
— (2015): “Five Myths about Aadhaar,” Outlook,
18 September, http://www.outlookindia.com/
website/story/fi ve-myths-about-aadhar/295364.
— (2016): “Aadhaar-enabled Exclusion and Corruption,”
Deccan Herald, 27 November, http://
www.deccanherald.com/content/583315/aadhaar-enabled-exclusion-corruption.html.
Kleinberg, Jon, Jens Ludwig, Sendhil Mullainathan
and Ziad Obermeyer (2015): “Prediction Policy
Problems,” American Economic Review, Vol 105,
No 5, pp 491–95, http://www.aeaweb.org/
articles?id=10.1257/aer.p20151023.
Krishna, Gopal (2017): “Will Aadhaar Cause Death of
Civil Rights?,” Business Today, 23 March, http://
www.businesstoday.in/magazine/columns/willaadhaar-cause-death-of-civil-rights/story/248331.
html.
Krishnamurthy, Rashmi and Kevin C Desouza (2014):
“Big Data Analytics: The Case of Social Security
Administration,” Information Policy, Vol 19,
pp 165–78, http://ssrn.com/abstract =2757871.
Kumar, Ashwani (2015): “Privacy, a Non-negotiable
Right,” Hindu, 10 August, http://www.thehindu.
com/opinion/lead/privacy-a-nonnegotiableright/article7519148.ece.
Lok Sabha Secretariat (2011): “The National Identi-
fi cation Authority of India Bill, 2010,” Standing
Committee on Finance (2011–12), 42nd Report,
Ministry of Planning, www.prsindia.org/uploads/media/UID/uid%20report.pdf.
LSE (2005): “The Identity Project: An Assessment
of the UK Identity Cards Bill and Its implications,”
The London School of Economics and
Political Science, http://eprints.lse.ac.uk/684/.
Makkar, Sahil (2016): “Aadhaar Is Actually Surveillance
Tech: Sunil Abraham,” Business Standard,
available at
Gyan Deep
Near Firayalal, H. B. Road
Ranchi 834 001
Jharkhand
Ph: 0651-2205640
SPECIAL ARTICLE
102 september 16, 2017 vol liI no 37 EPW Economic & Political Weekly
12 March, http://www.business-standard.com/
article/opinion/aadhaar-is-actually-surveillancetech-sunil-abraham-116031200790_
1.html.
McNabb, Jennifer, David Timmons, Jae Song and
Carolyn Puckett (2009): “Uses of Administrative
Data at the Social Security Administration,”
Social Security Bulletin, Vol 69, No 1, https://
www.ssa.gov/policy/docs/ssb/v69n1/v69n1p75.
html.
Masiero, Silvia (2015): “PDS Computerisation: What
Other States Can Learn from Kerala,” Ideas for
India, 6 July, http://www.ideasforindia.in/article.aspx?article_id=1474.
McBride, Linden and Austin Nichols (2015): “Improved
Poverty Targeting through Machine Learning:
An Application to the USAID Poverty Assessment
Tools,” Economics That Really Matters, http://
www.econthatmatters.com/wp-content/uploads/
2015/01/improvedtargeting_21jan2015.pdf.
Mehta, Pratap Bhanu (2017): “Big Brother Is Winning,”
Indian Express, 8 February, http://indianexpress.
com/article/opinion/columns/digitisationpower-of-state-surveillance-transparency-
4513022/.
NDTV (2016a): “Truth v Hype: Aadhaar’s One Billion
Challenge,” NDTV, 9 April, http://www.ndtv.
com/video/news/truth-vs-hype/truth-vshype-aadhaar-s-one-billion-challenge-411279.
— (2016b): “िजÛहɅराशन नहीं िमल रहा वो क्या करɅ,”
NDTV, 16 July http://khabar.ndtv.com/video/
show/ndtv-special-ndtv-india/what-should-theydo-who-dont-get-ration-423998.
Patel, V M, N K Ratha and R Chellappa (2015):
“Cancelable Biometrics: A Review,” IEEE Signal
Processing Magazine, Vol 32, No 5, pp 54–65.
Planning Commission (2012): “Report of the Group
of Experts on Privacy, Chaired by Justice A P
Shah,” http://planningcommission.nic.in/reports/genrep/repprivacy.pdf.
PTI (2015): “Right to Privacy Not a Fundamental
Right, Cannot be Invoked to Scrap Aadhaar:
Centre Tells Supreme Court,” Economic Times,
23 July, http://articleshttp://economictimes.
indiatimes.com/news/politics-and-nation/
right-to-privacy-not-a-fundamental-right-cannot-be-invoked-to-scrap-aadhar-centre-tellssupreme-court/article
show/48178526.cms.
Ramanathan, Usha (2016): “Opinion: Data Is the
New Gold and Aadhaar Is the Tool to Get It,”
Scroll.in, 30 December, https://scroll.in/article
/825049/data-is-the-new-gold-and-aadhaar-isthe-tool-to-get-it.
Sahai, Amit and Brent Waters (2005): “Fuzzy Identity-Based
Encryption,” Advances in Cryptology
– EUROCRYPT 2005, pp 457–73.
Somanchi, Anmol, Srujana Bej and Mrityunjay
Pandey (2017): “Well done ABBA?,” Economic &
Political Weekly, Vol 52, No 7.
Scroll Staff (2016): “Jaitley Admits Right to Privacy
but Brazens It Out on Money Bill Manoeuvre
for Aadhaar,” Scroll.in, 16 March, http://scroll.
in/article/805236/jaitley-admits-right-to-privacy-butbrazens-it-out-on-money-bill-manoeuvre-for-aadhar.
SSA (2017): “New or Replacement Social Security
Number and Card,” Social Security, Social Security
Administration, https://www.ssa.gov/ssnumber/
Tulyakov, Sergey, Faisal Farooq and Venu Govindaraju
(2005): “Symmetric Hash Functions for
Fingerprint Minutiae,” Pattern Recognition and
Image Analysis, pp 30–38.
UIDAI (2011): “Aadhaar Security Policy & Framework
for UIDAI Authentication,” (Version 1.0), http://
uidai.gov.in/images/authDoc/d34securitypolicyframeworkv1.pdf,
accessed on 31 July 2016.
— (2014): “Aadhaar Technology and Architecture:
Principles, Design, Best Practices, & Key Lessons,”
http://www.cse.iitd.ac.in/~suban/reports/UIDAI_REPORTS/AadhaarTechnologyArchitecture_
March2014.pdf, accessed on 31 July 2016.
— (2016a): “Aadhaar Authentication Overview,”
http://www.cse.iitd.ac.in/~suban/reports/
UIDAI_REPORTS/auth.pdf.
— (2016b): “Operation Model,” https://authportal.
uidai.gov.in/web/uidai/home-articles?url Title
=operation-model&pageType=authentication,
accessed on 2 August 2017.
— (2017): “AUA Audit Compliance Checklist,” https:
//authportal.uidai.gov.in/static/AUA%20Compliance%20Checklist.pdf,
accessed on 2 August
2017.
UN Global Pulse (2012): “Big Data for Development:
Challenges and Opportunities,” http://www.
unglobalpulse.org/sites/default/fi les/BigDataforDevelopment-UNGlobalPulseJune2012.pdf.
Varian, Hal R (2014): “Big Data: New Tricks for
Econo metrics,” Journal of Economic Perspectives,
Vol 28, No 2, pp 3–28, http://www.aeaweb.
org/articles?id=10.1257/jep.28.2.3.
Vombatkere, Sudhir (2016): “How Aadhaar Negl ects
Personal Privacy and National Security,” Mainstream,
Vol LIV, No 13, http:// www.main
streamweekly.net/article6283.html.
Wikipedia (2016a): “Cryptographic Hash Function,”
https://en.wikipedia.org/wiki/Cryptographic_
hash_function, accessed on 30 July 2016.
—2016b): “Hardware Security Module,” https://
en.wikipedia.org/wiki/Hardware_security_
module, accessed on 30 July 2016.
—(2016c): “Hash-based Message Authentication
Code,” https://en.wikipedia.org/wiki/Hashbased_message_authentication_code,
accessed
on 30 July 2016.
— (2016d): “Kerberos (Protocol),” https://en.wikipedia.org/wiki/Kerberos_(protocol),
accessed
on 30 July 2016.
—(2016e): “Key Management,” https://en.wikipedia.
org/wiki/Key_management, accessed on 30
July 2016.
— (2016f): “Man-in-the-middle Attack,” https://
en.wikipedia.org/wiki/Man-in-the-middle_attack,
accessed on 30 July 2016.
— (2016g): “Secure Multi-party Computation,”
https://en.wikipedia.org/wiki/Secure_multiparty_computation,
accessed on 30 July 2016.
— (2016h): “Public Key Infrastructure,” https://
en.wikipedia.org/wiki/Public_key_infrastructure,
accessed on 30 July 2016.
— (2016i): “Secure Hash Algorithm,” https://
en.wikipedia.org/wiki/Secure_Hash_Algorithms,
accessed on 30 July 2016.
— (2016j): “Shard (Database Architecture),” https://
en.wikipedia.org/wiki/Shard_(database_architecture),
accessed on 30 July 2016.
— (2016k): “Static Programme Analysis,” https://
en.wikipedia.Org/wiki/Static_program_analysis,
accessed on 30 July 2016.
— (2016o)” “Secure Hash Algorithms,” https://
en.wikipedia.org/wiki/Secure_Hash_Algorithms,
accessed on 30 July 2016.
Yadav, Anumeha (2016a): “Rajasthan Presses on
with Aadhaar After Fingerprint Readers Fail:
Well Buy Iris Scanners,” Scroll.in, 10 April,
http://scroll.in/article/806243/rajasthan-presses-on-with-aadhaarafter-fi
ngerprint-readersfail
-well-buy-iris-scanners.
— (2016b): “Rajasthan’s Living Dead: Thousands
of Pensioners without Aadhaar or Bank Accounts
Struck Off Lists,” 6 August, Scroll.in,
http://scro ll.in/article/813132/rajasthans-living-dead-thousandsof-pensioners-withoutaadhaar-or-bank-accounts-struck-off-lists.
Wyseur, Brecht (2009): “White-Box Cryptography,”
Diss, Katholieke Universiteit Leuven, https://
www.esat.kuleuven.be/cosic/publications/
thesis-152.pdf.
Zhong, Raymond (2016): “Is the Indian Government
Saving as Much as It Says on Gas Subsidies?,”
21 March, https://blogs.wsj.com/indiarealtime/2016/03/21/is-the-indian-governmentsaving-as-much-as-it-says-on-gas-subsidies/.
Journal Rank of EPW
Economic and Political Weekly is indexed on Scopus, “the largest abstract and citation
database of peer-reviewed literature,” which is prepared by Elsevier N V (bit.ly/2dxMFOh).
Scopus has indexed research papers that have been published in EPW from 2008 onwards.
The Scopus database journal ranks country-wise and journal-wise. It provides three broad sets
of rankings: (i) Number of Citations, (ii) H-Index, and (iii) Scimago Journal and Country Rank.
Presented below are EPW’s ranks in 2015 in India, Asia and globally, according to the total cites
(3 years) indicator.
● Highest among 37 Indian social science journals and second highest among 187 social
science journals ranked in Asia.
● Highest among 38 journals in the category, “Economics, Econometrics, and Finance” in the
Asia region, and 37th among 881 journals globally.
● Highest among 23 journals in the category, “Sociology and Political Science” in the Asia
region, and 17th among 951 journals globally.
● Between 2009 and 2015, EPW’s citations in three categories (“Economics, Econometrics,
and Finance;” “Political Science and International Relations;” and “Sociology and Political
Science”) were always in the second quartile of all citations recorded globally in the Scopus
database.
For a summary of statistics on EPW on Scopus, including of the other journal rank indicators
please see (bit.ly/2dDDZmG).
EPW consults referees from a database of 200+ academicians in different fields of the social
sciences on papers that are published in the Special Article and Notes sections