Where
Angels Fear to
Tread ?
Today’s Times of India carries following news :
Unique
Identification Authority of India (UIDAI) has launched the
much-awaited 'Virtual ID' which will be a
random 16-digit number mapped to a person's Aadhaar number.
The concept of Virtual ID was announced earlier this year to address privacy concerns. The new feature will allow Aadhaar holders to quote their Virtual ID (VID) number without actually disclosing the 12-digit Aadhaar number for authentication or verification purposes.
UIDAI had stated
that it will be compulsory for all agencies that undertake authentication to
accept the VID from their users from June 1, 2018.
According to UIDAI
in the beta form, users can generate their Virtual ID and use it to update address
in Aadhaar online for the time being.
..Soon, service providers will start accepting VID in place of Aadhaar
number.
For now, you can use this for online address update in your
Aadhaar," the UIDAI said in a tweet.
The tweet urges the users to generate their VIDs and gives a link of the
Aadhaar website for the same. The VID would give any authorised agency details
like name, address and photograph, which are enough for any verification.
After the concept of Virtual ID was announced , on 12
Jan 2018, I sent following questions ( as email ) to UIDAI , hoping that they
will come forward with clarifications :
AadharVirtual ID Compromised ? [ 12 Jan 2018
]
QUESTIONS :
Are VIRTUAL ID numbers generated using some Random Number Generator ( such as PRNG = Pseudo Random Number
Generator / TRNG = True Random
Number Generator ) ?
· Do both types of Generators depend upon some software algorithm ? ( - a somewhat
deterministic logic )
· Considering the Aadhar Virtual ID requirement ( viz : generation of data
encryption keys ) , is it more likely that
UIDAI is using TRNG ?
· If , given a starting number ( original / real Aadhar Number ) , TRNG generates a “ linked “ RANDOM NUMBER , is it possible to REVERSE this process ?
· Using BIG DATA / DATA ANALYTICS / Artificial Intelligence / MACHINE LEARNING etc , can one figure out the
ORIGINAL / REAL Aadhar Number , from its counter-part Virtual Number ?
Over a period of few months, it is
likely that the servers of those Agencies , may have billions of sets of linked “ Real Numbers / Virtual Numbers “
Could such a large enough database (
if some hacker can lay his hand on it ) , be enough for a software geek to
design a Neural Network ( backward propagation / forward propagation ) , to reverse the
process ?
I am tempted to believe that such a
scenario is entirely possible !
Since there is no reply from UIDAI , today’s Question ( to
the Users of
Aadhar ):
Is someone trying to pull the wool over our eyes ?
04 April 2018
www.hemenparekh.in
/ blogs
No comments:
Post a Comment