Identity Management Using Blockchain: Why Is It The Need Of The Hour?
Before understanding why blockchain is important, let’s understand some major challenges that traditional Identity Management processes pose.
1. Violation of identities
Folks casually share their private details online through various unknown sources. Many avail services that can easily cause unwanted people to access their identification documents. Online applications operated via centralized serves. Hackers can easily hack into these servers and steal sensitive data.
2. Passwords are a passé
It’s a child play for expert hackers to crack passwords. Moreover, it’s difficult for one to remember different username and password credentials everytime she logs into multiple online channels.
3. KYC process
The existing authentication process is expensive and tedious for stakeholders as they have to comply with rules of different entities like banks and healthcare institutions. As a result, KYC companies charge high fees for verification process which is then passed on to citizens as hidden processing fees.
4. PII theft
It’s not possible for users to control the flow of their personally identifiable information (PII). They won’t know how many times PII gets shared or utilized without their permission.
What’s the solution to all these challenges? Blockchain on identity management. It even prevents sharing of PII without the consent of the respective owners. Blockchain can be used to protect individual identities from potential breaches and thefts. It can pave the way for creation of self-sovereign identity models without having to generate multiple username and password credentials.
Why encryption is not enough?
There have been real-life situations across industries which prove that even the most robust encryption models are vulnerable.
IBM’s research survey showed that more than 30% of firms (which were a part of their research process) had opted for encryption model as a precautionary tool over a decade which rose to more than 40% after a data theft episode. However, many of those models lack adequate levels of protection as they don’t factor in threats from within the company. Be it intended or accidental.
Most encryption models only address data thefts from outside the organisation’s periphery. There have been many incidences where more than 40% of data theft incidents were managed by infiltrators from within the organisation. It can be intentional or accidental. Nevertheless, it happens. And encryption, while it is an efficient means to prevent data loss, it is not truly effective and secure. For protection and security levels to be intact within an organisation, its encryption protocols must constantly change and be frequently attended to; posing yet another challenge in identity management using encryption.
A blockchain on identity management is the ideal way to restore security of data from within and outside the organisation. It is nothing but a distributed ledger that consists of blocks. Each of these blocks holds numerous verified transactions. This block encloses a secured hash. Such a carefully secure design makes the blockchain model auditable. If there is any alteration into the blocks, a verified block will be added to the blockchain. This generates a new hash, one that’s completely different from the preceding hashes. Thus, rendering breach and theft attempts useless.
How Aadhaar can be improved using blockchain?
Aadhaar is inarguably a big repository of sensitive information of billions of Indians. It’s the world’s biggest unique identification system. Aadhaar acquires and stores important details like name, date of birth, gender, address, mobile number and email Indian citizens against their corresponding biometric information. Aadhaar holds colossal amount of private data in a centralised database. This is a matter of concern and significant talks and debates have been revolving around improving Aadhaar’s security.
The primary concern is that Aadhar is operated through a centralised identity database. It contains sensitive demographic and biometric information of billions of people. This makes it an easy target for hackers.
A blockchain-esque Aadhaar system will help UIDAI to strengthen its data protection and privacy measures articulated in the Right to Privacy document. It will allow the Government to collect, store and use information transparently with the respective owner’s consent.
With blockchain, the Aadhaar system can be loaded with multiple UIDAI trusted nodes. This means individual state governments can also become one of the nodes. These nodes will be equipped to not only validate a transaction but also add blocks in the blockchain. No one apart from these trusted nodes will have access to information stored inside the blocks. What if one or more nodes get compromised? Since this system will involve multiple nodes, each node containing a full copy of the entire blockchain, a few rotten apples won’t jeopardise the blockchain in any way.
In order to carry out a malicious transaction or decrypt information, the hacker will have to take charge of minimum 51% of the nodes. Nodes apart from UIDAI trusted nodes like non-profit organisations can also download the complete blockchain to authenticate the hashes. This means that anybody can verify the integrity and authenticity of the blockchain without having to peek into the data.