Article Preview
Top1. Introduction
Today, the biometric based systems are used everywhere for individual recognition. The biometric systems overcome the limitation of traditional identification systems which are based on password, token, and identity card (Jain and Kumar, 2002). The biometric modalities can be physical or behavioral which includes face, fingerprint, iris, speech and signature etc. The drawback of this system is that it is possible that the biometric image or template can be modified by imposter at system database or while sharing (Ratha et al., 2001; Jain and Uludag, 2003a, 2003b; Jain et al., 2004; Jain and Uludag, 2002; Jain et al., 2002; Rege, 2012). Many information hiding approaches such as cryptography, steganography, and watermarking are used for protection of biometric images against such spoof attacks (Ratha et al., 2001).
In biometric as a service (BAAS), biometric databases are stored on servers, and are capable of authentication and identification of biometrics on request demand. This has similar setup as any traditional web service; however, at the client level, biometric scanners are used for acquisition of biometric data. There are two types of services: enrolment and identification. In case of enrolment of a user, his or her biometrics is scanned and is associated with the unique identity number before storing in server. For identification, a user is scanned again for his or her biometrics. The system sends identification requests to server, which would return a match or no-match, based on which, a user is allowed to access or deny the application. The security of biometrics is vulnerable at system database due to spoof attacks (Jain and Kumar, 2002; Ratha et al., 2001; Jain and Uludag, 2003a; Jain et al., 2004).
With the rapid growth in the technology, more than 60 countries worldwide are acquiring, storing and using the biometric data of their citizens, for various purposes. “Aadhaar”, the name used to represent “The Unique Identification Authority of India (UIDAI)”, is the world's biggest biometric database (over 1.1 billion users face, fingerprint and iris images), and is now facing a serious problem of unauthorized access to its database. Aadhaar started out as a voluntary programme to help tackle benefit fraud, but recently it has been made mandatory for access to welfare schemes, pensions and rural employment schemes, tax filing and is linked to bank accounts and mobile phone numbers. The Aadhar identity number has cut wastage, removed fakes, curbed corruption and made substantial savings for the government.
The government of India hired service providers for grievance redress, whose agents are allowed to enter any Aadhaar number into the UIDAI website and get access and rectifies user information including name, address, photo, biometrics, phone number and email address. It was reported recently that the citizen's personal data was sold online by the agents. Poor security at four government portals revealed personal and bank account details of around 13 Crore people. The government itself has admitted that it has blacklisted or suspended some 34,000 service providers for helping create “fake” identification numbers or not following proper processes. The theft of such personal details has become very common due to lack of privacy laws, architectures and lack of information security practices. It is also reported in news, that the biometrics databases around the world, are stolen and are or misused (BBC News Article, 2016; BBC News Article, 2015). This is due to the fact that the biometrics, when linked to bank accounts and financial services leads to rise in committing the frauds, as it is possible for the biometrics such as fingerprints to be stolen and collected and copied from the public places (The Hindu Business Line Article, 2017; Unique Identification Authority of India, 2016). [https://www.uidai.gov.in/authentication/authentication-overview/operation-model.html]. In such scenario, it is the need of the hour, securing the biometrics and personal data, stored in and shared by the servers.