Securing the identity
How dependable and accurate is the UID authentication scheme?
Biometric identification has become a core part of national security in many nations around the world,and is expected to be the standard for the foreseeable future. The trust placed by governments in biometric schemes stems from the notion that every human being has unique physical characteristics, such as fingerprints or iris signature. The idea is to capture these unique physical features and encode them in a format that can be processed by computers. The Unique Identity or UID project’s main goal is to identify every Indian’s biometrics with a unique number assigned to each citizen by the Unique Identity Authority of India or UIDAI—the UID number.
When a citizen registers with one of many registrars partnering with the UIDAI,the citizen’s biometrics, signature, and other information is collected and a temporary number is assigned, along with receipt acknowledging submission of the information to the UIDAI. The entire process is detailed in the UIDAI web page. At the time of registration, a temporary UID number is provided to the citizen, with a permanent number later mailed in to the applicant once appropriate verification and uniqueness of biometric data has been determined. How do we know that best effort has been made to ensure that data in the UID database is correct and not falsified? This question is especially important, given that preventing fraud is one of the stated goals of the UID project. It is important to note that an enormous number of Indians simply do not have any form of identification that can be presented to registrars. This is clearly a loophole that can be exploited by those who want to cheat the system by registering the same person multiple times with different registrars. This raises the importance of the issue of detecting and eliminating fraudulent use of the system.
When a Registrar inputs a UID user data to UID’s Central ID Repository (CIDR) servers, the user’s biometrics are compared with existing biometrics in the UID database to ensure that the biometric data does not already exist — a process that has been referred to as de-duplication. This is handled by the Fraud Detection Application (FDA) that takes care of the following types of fraudulent usage: misrepresentation of information, multiple registrations by same person, registration for non-existent residents, or impersonation, as specified on the UIDAI web page. All of these problems boil down to identifying more than one applicant in the UID database with matching fingerprints and matching iris image biometrics, at a minimum. That is, both these biometrics need to match with a high degree of accuracy in order for an entry to be flagged as a match with an existing entry in the UID database. Note that the iris prints are from both eyes, and in every human, these prints are completely different for the two eyes. Note that the registrars operate independently scanning this biometric information, and then enter the data into the CIDR from a remote terminal, and this is why temporary numbers are assigned at the point of registration.
In an analysis of UID registration process, it is noted that the UIDAI’s official statistics show that they registered (at the time of the analysis) 25,900,000 individuals of which 20,050 were determined to be duplicate registrations. These duplicate registrations were determined by a “multi-modal de-duplication scheme”. The scheme is “multi- modal” because it takes into account multiple bio-metric modes: fingerprints and iris scan. However, a look at the open complaints page in the UIDAI web page, show only a handful of complaints, and none of them major in terms of denied identity, as would have to be the case for one of the 20,050. A testament to the fact that the de-duplication scheme of the UIDAI is doing the job it is intended to do. Specifically, these UIDAI registrations were flagged as duplicate registrations and rejected because the FDA determined a match in multiple biometric modes, to a high degree of certainty. In this case, the newly input user data matched another entry in the UID database with a high degree of certainty, both fingerprints and iris-scan. Once the UIDAI has processed an entry through the FDA, and it is determined as a unique print as per a online multi-modal search and/or offline search, then the process of de-duplication is essentially complete and a permanent UID number is assigned to the resident. Note that the UID is 12 digits and this can identify about 1000 times as many Indians as currently exist today. It should be noted that the UIDAI has meticulously noted the process for processing UID deliveries to applicants.
As mentioned earlier, biometrics are unique, and secondly, both fingerprint and iris signatures do not change with age and are constant throughout a person’s life. This is the reason why biometrics can be taken for very small children for a UID number, because the UID technology can adjust for the physical size of the fingers by normalising the image before comparison. In the case of the eyeballs, it is a fact of human physiology that the eyeballs of an individual remain the same size throughout their lives.
The only way for a person to fool the UID system into accepting more than one entry in the UID database is by presenting multiple biometrics that do not match in all modes, one for each fraudulent UID number. Biometric attributes cannot be faked any more than a person can change their own DNA, as a person’s DNA determines the ridges in their iris and the prints on their extremities. Biometric matches can be used as evidence in court in most countries with such forensic technologies at their disposal. Fingerprint matching is done by examining the spatial separation of various unique characteristics of the ridges, loops and whirls on every human’s fingers. Similarly the 360 degree 3D maps of the irises in both eyes, which are both unique. The probability of the biometrics of all fingerprints and both irises matching for two humans due to the limitations of the biometric system is so small that it may be assumed to be zero.
An explanation of the calculation of the cumulative error rate is in order here. Ideally, a biometric machine could yield correct answers all the time, but in practice all schemes have a non-zero error rate, also called the Error Crossover Rate (ECR). Essentially, a fingerprint scanner has an Error Crossover Rate (ECR), which means that one false positive (or false negative) can be expected when a single biometric, such as a print from one finger or one iris scan, is used to uniquely identify an individual out of a group. ECR for fingerprinting and iris scans are 1 in 500 and 1 in 131000, respectively. What happens when more than one biometrics is used for identification, as in multi-modal de-duplication? If multiple features are used for identification, the cumulative error error rate is the product of individual error rates. This is because comparison of each individual feature is an independent event in the probabilistic sense, in terms of elementary probability.
Using the ECR numbers as a error estimate for the comparison of one feature, and applying the above notion of multiplying the individual error rates for each fingerprint (or iris) matched. If we assume that the UIDAI compares all the prints on one hand, and both irises for identification, then the overall error rate is approximately 1 in 10^30 (10^30 or 1 followed by 30 zeros). Comparatively, the entire population of the world right now is around 6*10^9 (600 Crore or 6 followed by 9 zeroes). This low cumulative error-rate in the de-duplication process means that all the 20,050 applicants flagged as duplicates were fraudulent UID applications, thus demonstrating the effectiveness of the UID system as a robust authentication mechanism. Because error rates for multi- modal reduplication are essentially constant and can be assumed to be zero, the chance of newly introduced biometrics of some individual will match some other existing UID in the database is zero, in other words, impossible.
Another legitimate concern is that ofa citizen being locked out of the UID databases. In the case, the UIDAI details a process where the affected citizen can contact the UIDAI and regain access to UID verification. This is done by simply assigning a new UID number and disable the old UID number, so that it no longer exists in the UID database. None of this means that the UIDAI or the system is infallible. Citizens groups should question the precautions taken for physical safety of the UID servers, both from criminals and from even the employees of UIDAI themselves. Keeping the UIDAI functioning effectively and efficiently is a continuous process that will need to be corrected as new issues arise.This requires constant vigilance on the independent functioning of the UIDAI, without interference from either bureaucrats or politicians. Such independence is essential and of utmost importance in retaining the trust of the citizen in the UID system.
Srikanth R is a senior research associate in cyber strategy studies at the Takshashila Institution