India’s Aadhaar is the largest biometric identity system in history, designed to help deliver subsidies, benefits, and services to India’s 1.4 billion residents. The Unique Identification Authority of India (UIDAI) is responsible for providing each resident (not each citizen) with a distinct identity—a 12-digit Aadhaar number—using their biometric and demographic details. We provide the first comprehensive description of the Aadhaar infrastructure, collating information across thousands of pages of public documents and releases, as well as direct discussions with Aadhaar developers. Critically, we describe the first known cryptographic issue within the system, and discuss how a workaround prevents it from being exploitable at scale. Further, we categorize and rate various security and privacy limitations and the corresponding threat actors, examine the legitimacy of alleged security breaches, and discuss improvements and mitigation strategies.
CITATION STYLE
Tiwari, P. R., Agarwal, D., Jain, P., Dasgupta, S., Datta, P., Reddy, V., & Gupta, D. (2022). India’s “Aadhaar” Biometric ID: Structure, Security, and Vulnerabilities. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 13411 LNCS, pp. 672–693). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-18283-9_34
Mendeley helps you to discover research relevant for your work.