Vyuha | How Dependable and Accurate is the UID Authentication Scheme?

Biometric identification has become a core part of national security in many nations around the world, and is expected to be the standard for the foreseeable future. The trust placed by governments on biometric schemes stems from the notion that every human being has unique physical characteristics, such as fingerprints or iris recognition. The idea is to capture these unique physical features and encode them in a format that can be processed by computers. The UID project’s main goal is to identify every Indian’s biometrics with a unique number assigned to each citizen by the UIDAI — the UID number.

When a Citizen registers with only of many registrars partnering with the UIDAI, and the Citizen’s biometrics, signature are collected and a temporary number is assigned. The entire process is detailed in the UIDAI web page. At the time of registration, a temporary UID number is provided to the Citizen, with a permanent number later mailed in to the applicant once appropriate verification and uniqueness of biometric data has been determined. How do we know that best effort has been made to ensure that data in the UID database is correct and not falsified? This question is especially important given that preventing fraud is one of the stated goals of the UID project. It is important to note that an enormous number of Indians simply do not have any form of identification that can be presented to registrars. This is clearly a loophole that can be exploited by those who want to cheat the system by registering the same person multiple times with different registrars. This raises the importance of the issue of detecting and eliminating fraudulent use of the system

The Registration Process: When a registrar inputs a UID user data to UID’s Central ID Repository (CIDR) servers, and the biometrics are compared with existing biometrics in the UID DB to ensure that the data entered is not a duplicate. This is handled by the Fraud Detection Application (FDA) that takes care of the following types of fraudulent usage: misrepresentation of information, multiple registrations by same person, registration for non-existent residents, or impersonation, as specified on the UIDAI web page. All of these problems boil down to identifying more than one applicant to the UIDAI with matching in two or more biometric schemes for identification: fingerprints and matching iris image, at a minimum. That is, both these biometrics need to match with a high degree of accuracy in order for an entry to be flagged as a match with an existing entry in the UID database. Note that the iris prints are from both eyes, and in every human, these prints are completely different for the two eyes. So if the iris patterns of two entries in the data bas Note that the registrars operate independently scanning this biometric information, and then enter the data into the CIDR form a remote terminal. Note that this is why temporary numbers are assigned at the point of registration by a registrar.

Analysis of probability of a duplicate entry in the UID database: In an analysis of UID registration process, it is noted that the UIDAI’s official statistics show that they registered (at the time of the analysis) 25900000 individuals of which 20050 were determined to be duplicate registrations. These duplicate registrations were determined by a “multi-modal de-duplication scheme”. The scheme is “multi-modal” because it takes this into account multiple bio-metric modes: fingerprints and iris scan. In an analysis of error rates by CIS, it is noted that the UIDAU registered 25900000 individuals of which 20050 were determined to be duplicate registrations. However, a look at the open complaints page in the UIDAI web page, show only a handful of complaints, and none of them major in terms of denied identity, as would have to be the case for one of the 20050. A testament to the fact that de-duplication scheme of the UIDAI is doing the job it is intended to do. Specifically,these UIDAI registrations were flagged as duplicate registrations and rejected because it was determined matches in multiple biometric modes to a high degree of certainty. In this case, the data matched an entry in the UID database with a high degree of certainty, both fingerprints and iris-scan. Once the UIDAI has processed an entry through the FDA, and it is determined as a unique print as per a online multi-modal search and/or offline search, then the process of de-duplication is essentially complete and a permanent UID number is assigned to the resident. Note that the UID is 12 digits and this can identify about 1000 times as many Indians as currently exist today. It should be noted that the UIDAI has meticulously noted the process for processing UID deliveries to applicants for whatever reason.

As mentioned earlier, biometrics are unique, and secondly, both fingerprint and iris signatures do not change with age and are constant throughout a person’s life. This is the reason why biometrics can be taken for very small children for a UID number, because the UID technology can adjust for the physical size of the fingers by normalizing the image before comparison. The only way for a person to fool the UID system into accepting more than one entry in the UID database not having biometrics match in all modes. Biometric attributes cannot be faked any more than a person can change their own DNA, as a person’s DNA determines the ridges in their iris and the prints on their extremities. Biometric matches can be used as evidence in court in most countries with such forensic technologies at their disposal. Finger print matching is done by examining the spatial separation of various unique characteristics of the ridges, loops and whirls on every human’s fingers. Similarly the 360 degree 3D maps of the irises in both eyes, which are both unique. The probability of the biometrics of all fingerprints and the iris data matching for two humans is so small as to be considered close to zero.

To see why this is the case, assume the the prints on any finger is independent of the print on any other finger thus making their matches independent events, in the probabilistic sense. Now, the probability of a finger print match giving a false positive could be some number say p (which is a percentage of times on the average a finger match is positive when it should not have been. Now, similarly, let ii be the probability of false positive match in one eye. Now, the cumulative error rate for the de-duplication system employed by the UIDAI, is the product of the error rate for fingerprinting (denoted by p) and the error rate per iris (denoted by ii), i.e., p^5*ii^2, where ^ is the exponent symbol. The error rate, also known as the error crossover rate (ERR) for iris scan is in 131,000 and 1 in 500 for finger printing. False acceptance rates are very low for iris scans and both false positives and false negatives are difficult to produce, both for fingerprint and iris recognition. Now, substituting 1/500 and 1/130000 for p and ii we can see the probability for an error in the multi-modal duplication, where the fingerprint and iris biometrics are compared to create a score between 1 and 100 as to the closeness of the match. Note that the cumulative error rate is (0.002^5)*(7*10^-7^2) equals approximately 10^-30 (or 1 in 10^30). The entire population of the world right now is around 6*10^6. The implication of this low cumulative error rate in the de-duplication process which detected 20050 people as duplicates or fakes were in fact all fakes, or people trying to scam the system. In a way, it proves the effectiveness of the UID system as a robust authentication mechanism.

At this point, I would like to briefly point out that the analysis of the error rare in the CIS paper, the random variable Y can be considered a constant given the really low false positive and false negative rates for biometric schemes, implying a very stringent de-duplication algorithm and a guarantee that every biometric in the UID database is uniquely mapped to a 12-digit UID number,
Also, the variable X is redundant, since we do not expect the biometrics of any two entries match. Further, let us recall that in the registration process, the Fraud Detection Application detects and rejects applications where there is a match in the biometrics. I believe these and other safeguards employed by the UIDAI guarantees unique biometrics in the UID database.

What happens if a Citizen is locked out of the UID database? The Citizen must first contact the UIDAI on the website and explain they have been locked out. And when that is done, they can be assigned a new UID number and disable the old UID number, so that it no longer exists in the UID database. None of this means that the UIDAI or the system is infallible. Citizens groups and NGOs such as CIS should question the precautions taken for physical safety of the UID servers, both from criminals and from even the employees of UIDAI themselves. It is a continuous process and nothing short of vigilance on how the UIDAI’s independence to function freely without interference from government or bureaucrats or politicians is essential.

Recently, parliamentary committee has castigated the UID as being poorly designed and ill planned, and with a very high error rate and as being completely impractical. As the above analysis indicates, the UID is in fact quite robust and is guaranteed to provide true positives and true negatives all the time in practice. Even if the technology fails, the UIDAI has drafted processes to ensure that a citizen is not left in the lurch and locked out of the system.

Related Posts

  1. Book review – “Inside Cyber Warfare: Mapping the Cyber Underworld”
  2. UID and Information Security

DISCLAIMER: This is an archived post from the Indian National Interest blogroll. Views expressed are those of the blogger's and do not represent The Takshashila Institution’s view.