UIDAI database can’t be hacked, claim experts

UIDAI database can’t be hacked, claim experts

Courtesy : Agencies17/09/2018 20:52

New Delhi: The Unique Identification Authority of India (UIDAI) has cited experts working closely with it to claim its database was not vulnerable and put an end to the controversy over the possibility of the alleged hacking of the Aadhaar database through a patch.

The claims of hacking made in a media report are ill-informed, said Professor Rajat Moona, Director, IIT Bhilai, and member of the Security Review Committee of the UIDAI.

The experts quoted in the report had given their opinion based on incomplete information, he asserted. 

“It is prudent to know how the Aadhaar system works. Several service providers (or Aadhaar enrollment centres) take requests from various Aadhaar holders on behalf of the UIDAI for legitimate changes. These requests are validated by the operator by putting his/her signature and then sent to the UIDAI for its action. Along with the requests, the identity establishment parameters, like biometric or OTP, etc…, for the requestor are also carried,” said Professor Moona.

“The server would and also should not take and honour the request only on the basis of the operator. Further, in order to ensure that unnecessary request traffic is not built up and any errors are conveyed with preliminary checks to the requestor even before sending it to the UIDAI, the programmes for the enrollment centres will need to build such quick and preliminary checks,” he added.

Professor Moona said it being wrongly assumed that such preliminary checks were the only checks, and therefore, if such checks were bypassed, the system was hacked or if such a request was conveyed to the UIDAI, the system was hacked.

“Clearly it failed to recognise that the real checks are to be performed by the UIDAI servers before the requests are acted upon by the UIDAI. Merely acceptances of the requests or the preliminary checks do not suffice to act upon the requests at the end of the UIDAI,” he pointed. 

Professor Jaideep Srivastava, a Ph.D. in Electrical Engineering and Computer Science from the University of California, Berkeley, and who advises the UIDAI on security and tech matters, said as per his understanding, the ability to register a person for Aadhaar from anywhere in the world was currently not permitted under the Aadhaar system because it had many checks such as GPS, operators biometrics, etc…, which prevent enrollment from outside India.

“Even if, say, some hacking patch is able to bypass or manipulate some of the front end checks, because these checks along with many more ones are also done again at the backend by the UIDAI, such fraudulent attempts from abroad can be easily thwarted. Therefore, to say that such unauthorised patch can disarm the Aadhaar security is completely incorrect,” stressed Professor Srivastava.

If you have any comments, please click here

Post a comment

Submit Comment