A blockchain-based Aadhar system: distributed authentication system

id


INTRODUCTION
A peer-to-peer, distributed ledger innovation is a blockchain. It establishes a confidence-less climate that can altogether eliminate the reliance on the central authority. The information put away in the blocks of blockchain may not be meddled with, regardless of whether the attacker comes from the interior framework. With the advancement of numerous computerized currencies like bitcoin and some more, ethereum is one such innovation that has the abilities of bitcoin and blockchain [1], [2].
Aadhar is another individual distinguishing proof framework created in India. It is the biggest computerized verification framework with more than billions of sections of residents of India. There has been an enormous proportion of doubt and conversation on the prosperity and security of the Aadhar database. There are worries that software engineers will hack into the data set. There are considerably bigger feelings of trepidation that any administration or authority with malicious goals will approach the individual data and area of each Indian resident and, accordingly, the capacity to incur outrageous reconnaissance and focused on harm [3]. The properties of blockchain may be mixed to make Aadhaar more direct and openly auditable. All the movements against each client record may be disseminated by the Aadhaar framework to the blockchain. To uncover the data or the Aadhaar number, no convincing motivation exists. Hashing may be used for both and record in the blockchain [4]. We have organized the proposed work as: we examine all the background-related work in section 2. In section 3, we examine existing related work that has been proposed by many researchers. In section 4, we propose our system with a design pattern. In section 5, we explain the implementation of our proposed system. In section 6, we conclude the work with some discussion about future work.

BACKGROUND 2.1. Blockchain overview
Blockchain is an open, decentralized, distributed framework. Blockchain implies the chain of blocks that are related to each other to give a decentralized course of action. At first, bitcoin is one of the fundamental uses of blockchain [1]. As depicted in Figure 1, the blocks are created through a technique: blockchain, where the new block is gathered, validated, and verified to form a chain of blocks. At first, blockchain consensus instrument utilizing bitcoin is depicted. Proof of work calculation (PoW) is the consensus component for blockchain. Each distributed node participates dependent on their processing power for tackling the secure hash algorithm 256-bit (SHA256) arithmetic issue. Note that this issue is confounded to tackle anyway easy to verify and validate. The initially distributed node that tackles this math issue will get the new block accounting right. Every node has blockchain information then this stored data is shared between one another. The complete blockchain information is kept up on every node. After verification and validation of shared transactions, the distributed node adds them for the new block [2].

Blockchain features
In the present time, where everybody is working together on an electronic platform and routinely different sites are interfacing with an outsider, trust is a fundamental piece of economic conduct. Ordinarily, there is a common non-trust between these two sites that have been communicated for quite some time. The trust between these sites has been ensured by the third site. In the delivery, transfer, security, and trust of the property, blockchain allows sharing of data records. Along these lines, the highlights of blockchain technology that helps challenge the premise of manual transactions that have been done for millennia should be noted. Utilizing blockchain, a data record framework is created that, as an exchange mediator, doesn't depend on a confided outsider and is uninhibitedly shared and secure simultaneously. Blockchain technology capacities are recorded in detail as [2], [5]. − Security and privacy. − Decentralization. − Untraceability. − Transparency. − Flexibility.

Bitcoin first version of blockchain
Blockchain's first version might be spoken to as bitcoin. Bitcoin is mainly used as a decentralized electronic cash method. The security worry with the computerized virtual cash might be settled by utilizing the blockchain consensus component. The consensus system on a blockchain is the proof-of-work (PoW) scheme. The PoW scheme does not need the agreement of all the distributed nodes. Just when the private key of the client is spilled or failed to remember, the client's advanced digital bitcoin cash will be lost. More than many applications, bitcoin is the primary reasonable illustration of a blockchain application with the following features [1], [6], [7].

Ethereum second version of blockchain
Blockchain's second version might be spoken to as ethereum. Vitalik Buterin suggested ethereum [8] at the end of 2013. In July 2015, the ethereum advanced framework was dispatched and has kept on being created right until today. Clients can set admittance consents, designs for transactions, state transformation conditions, and make any standards they like. Flexibility is far greater than the first version of blockchain [9].
Ethereum is a decentralized blockchain that offers ether (ETH) digital money. In July 2017, a fork happened and after that, there is a variation of ethereum named ethereum classic that utilizes an (ethereum cash) ETC cash [10]. It is utilized for the installment of monetary transactions just as the preparation of uses. In the blockchain network, miners reproduce, validate, and store data. Also, they measure programs called smart contracts, making ethereum a decentralized application stage. Nodes utilize a working framework called the ethereum virtual machine (EVM) [11] to execute smart contracts.
The mining cycle comprises of generation, verification, and validation of blocks. The size of the block is more obliged and in contrast with bitcoin, which requires 10 minutes, the endorsement time frame requires only 14 seconds. Ethereum, without a doubt, uses the ethereum greedy heaviest observed subtree (GHOST) scheme to achieve consensus and reward miners. A miner who validates a block that is added to the main blockchain earns 5 ETH. Likewise, as demonstrated by the refinement of the smart arrangement directed, the sender of every exchange gets an extra gas measure 6. At this point, after creating a block miner sends it through the network with its PoW [8], [12].

Aadhar
Aadhaar number is a 12-digit irregular number given by the unique identification authority of India (UIDAI) (authority) to the inhabitants of India. It is validated in the wake of satisfying the confirmation methodology laid down by the authority. Aadhar has some natural features like uniqueness, authentication, financial address, and electronic know your customer (e-KYC). Due to these features, the Aadhaar identification platform helps the government of India to identify and authenticate residents of India and deliver different subsidies, benefits directly [3], [4]. The architecture of the Aadhar card system is depicted in Figure 2. In the Aadhaar validation component, the Aadhaar number is submitted online to the central identities data repository (CIDR) for checking, alongside different ascribes, including biometrics, based on data or information or reports accessible with it. Aadhaar authentication provides many ways that a resident can use the device to authenticate themselves. This authentication is called demographic authentication and/or biometric authentication at a high level. The resident's record is first chosen to utilize the Aadhaar number during the authentication transaction, and afterward, the demographic/biometric inputs are coordinated against the stored information which was given by the inhabitant during enrolment/update measure. In the input, fingerprints are matched against all 10 fingerprints stored. The authentication application programming interface (API) for Aadhaar is not available to anyone. First, with the Aadhaar, a person needs to register, and then keys will be given to his machine. These keys must sign each authentication request, so Aadhaar knows where the requests are produced from [3], [4].
The protection and confidentiality of one's data is the basis of the Aadhaar scheme. The device employs 2048-bit public key infrastructure (PKI) encryption and hash-based message authentication code (HMAC) tamper protection to ensure that no one can decode and misuse the data. Resident data and raw biometrics, also within UIDAI data centers, are kept encrypted. However, the machine does not keep track of any transactional data [13].

Blockchain validation
After the users have agreed upon the transaction, it must be authorized before it can be included in a block of the chain. The choice to include a transaction in a public blockchain is made by consensus. This implies that for a transaction to be legitimate, most "nodes" (or computers) in the network must concur. There are several methods for proving the blocks are correct. Proof of work (PoW) and proof of stake (PoS) are two widely used mechanisms [14], [15].

PoW
A miner must solve a logical puzzle or challenge that is difficult to compute but easy to validate in proof of a PoW consensus method and reward incentive engineering can be used to maintain a decentralised ledger. Nodes must mine to report validated blocks according to PoW. This mining method uses resources such as energy, time, and money, but it forbids harmful reporting without consequences.

Proof of stake
Proof of stake (PoS) was proposed as a solution to the proof of work's shortcomings. There is no mining of PoS, where strength and time are spent for solving mathematical puzzles. The forgers are the ones who perform the validation. Based on how much money he owns; a forger verifies blocks. That means that the more coins he has, the more mining power he has [15].

Shortcomings of Aadhaar
Aadhaar is the only concentrated database that holds the information of all the Indian residents, including biometrics that can be utilized to follow anybody with an Aadhaar identity whenever anyplace. There has been an enormous measure of doubt and discussion on the wellbeing and security of the Aadhar database. Some fears exist that programmers will hack into the database. There are significantly bigger feelings of trepidation that any administration or authority with pernicious aim will approach the individual information and area of each Indian resident. Subsequently, the capacity to perpetrate outrageous observation and focused on harm. The government claims that the UIDAI database is kept in a central location with extremely tight encryption, that is assured by top-tier cryptography. What can be gotten to and from whom is regulated by strict regulations. For example, biometric information is often anonymized. These concerns are genuine. Surprisingly, programmers still seem to be on top of things. They also hacked into super-secure systems such as the national security agency (NSA) in the United States and the national health service (NHS) in the United Kingdom NHS. Also, what is to keep an administration from altering the laws and pursuing its residents, utilizing this focused on information [4], [13], [16], [17].

RELATED WORK
Aadhaar is a centralized strategy to provide the people of India with identification and benefits. It is plagued by some issues characteristic of a centralized structure, such as central control, and protection of data. In this work, the researchers explore the technology of blockchain to improvise Aadhaar, a centralized decentralized model. In this work, Aadhar system with blockchain, the researchers have explored how the current welfare services could be built [4].
Even though bitcoin was brought into the world with the blockchain, its applications went a long way past bitcoin or advanced cash. Numerous zones, for example, banking, bookkeeping, the board, and law, can be reformed by blockchain [6]. Blockchain and its executions are being explored and specialists around the planet are proposing elective models for validation, approval, and security wellbeing.
The authors use blockchain technology as a stable distributed ledger for internet of things (IoT) devices that is tamper-proof. The authors suggested a mechanism for assigning each computer a unique identification (ID) and storing it in the blockchain and they may authenticate one another without the need for a central authority. The authors build a computer protection scheme in which any state changes in the data can be instantly detected by hashing critical data (i.e. firmware) into the blockchain [14].
It is practically difficult to build up a powerful brought together confirmation conspire because of the size and different highlights of the IoT. In this paper, the researchers propose a unique decentralized framework considered air pockets of trust to cure this cap, which guarantees strong gadget recognizable proof and confirmation. What is more, it protects the uprightness and accessibility of data. To achieve this goal, the proposed solution relies on the security advantages provided by blockchains and serves to create protected virtual areas (bubbles) where things can perceive and confide in one another [18].
The cryptographic money bitcoin, which has not just viably addressed the twofold spending issue, is notable blockchain technology, yet can likewise validate the legitimacy of value-based records without depending on a unified framework to do as such. The decentralized blockchain technology approach is utilized in this paper to guarantee that clients do not rely totally upon retailers to choose if products are authentic. A decentralized blockchain framework against counterfeiting items is characterized, so makers can utilize this framework to supply genuine items without taking care of direct-worked stores, which can significantly decrease the expense of item quality assurance [19].
The authors of this study presented the block-supply chain, a novel decentralized supply chain that uses blockchain and near field communication (NFC) technology to identify counterfeiting assaults. Block-supply chain substitutes centralized supply chains with a new suggested consensus protocol that is totally decentralized and balances efficiency and security, unlike existing protocols. The block-supply chain was able to track and trace items and identify assaults using tag reapplication, cloning, and modification [20]. Now a days, many researchers are focusing on next level of security in ethereum. Vivar et al. [21], proposed a framework for secured ethereum that analysis of smart contracts with aims to standardize and simplify the task of analyzing smart contract vulnerabilities. That can be used for a variety of purposes, including vulnerability analysis and persistent security monitoring for a set of target contracts. A permissioned blockchain with secure smart contracts based on the ethereum request for comments 20 (ERC20) interface are suggested Kumar et al. [22] to create a comprehensive framework for protecting cloud-based manufacturing activities.

PROPOSED MODEL
The proposed model considers the unique Aadhar ID and the smart contract from ethereum. Aadhar is the unique identification for each citizen of India. The basic building block of the ethereum applications are smart contacts. The objectives designed solutions for the limitations of Aadhaar are: 1) to develop a system that uses the decentralized feature of blockchain to authenticate the personal identification: Aadhaar record; and 2) to create a function that allows others to access the records for verification purposes.
Initially, blockchain was developed to solve the bitcoin peer-to-peer payment system's dual spending issue. However, its implementations have worked out positively past its underlying planned use from that point forward. A portion of the significant properties of a public blockchain is described [23]: 1) decentralized, 2) no trusted authority, 3) immutable records, and 4) auditability.
For making Aadhaar more open and publicly auditable, we can integrate the above blockchain properties. The Aadhaar scheme will publish all the modifications to the blockchain against each user record. No need to disclose the data or the number of the Aadhaar. Hashing of both may be used and record in the blockchain by us. Now, the hash of that data against the hash stored in the blockchain may be validated by anyone receiving data from the CIDR. If that suits, we know that the data is not treated internally. If not, there was someone who played with it. In this way, each person may be able to track the changes occurring against their Aadhaar record and query the authorities immediately. This would make Aadhaar more transparent, as all client data are stored centrally. Presently, if Aadhaar was based on a blockchain, it may alleviate most of the worries we talked about above. It would be extraordinarily difficult to hack the database: not withstanding moving beyond cutting-edge cryptographic security, programmers would need to hack into a few nodes or 38 servers, as opposed to just one. Until 51 percent of the nodes are undermined, the distributed consensus nature of the blockchain can stay away from malicious attacks.
Similarly, the surveillance fear may theoretically be alleviated by a properly built Aadhaar with blockchain: think about the blockchain having a few hubs the UIDAI, a court, a couple of services, parliament, or some other such body. Numerous organizations will again need to assent and validate it, instead of one central power, all together for any data to be undermined or any malignant endeavor to happen. Once more, however, all records would be lasting in their actual presence, and for a record to be changed, it is critical to negotiate the whole blockchain, which is hard to do. The framework may abuse different preferences of blockchains, for example, smart agreements, to consequently execute certain occasions, for instance.
We are certain that for this to occur, possibly there are enormous mechanical issues to be tackled, however, these will be settled. For example, if a group of participants is granted the sole authority to accept blocks of transactions in the blockchain network, one might create a huge private or endorsed blockchain that was handcrafted to requirements. Although blockchain is modern technology, it is nearly tailored for large-scale implementations like this one, and many countries have benefited from it by placing their money and identities on blockchains. Blockchain will adapt flexibly to complex and evolving network environments because it is a transparent, stable, and distributed transaction ledger technology. The system's stable operation is unaffected by the loss of some nodes. Malicious nodes cannot infiltrate the network because of distributed authentication between nodes and if a limited number of nodes are hacked, the ledger cannot be tampered with.
The method of the system is divided mainly into three stages depicted in Figure 3. Before the authentication method, all devices must register with the blockchain. The computer is authenticated using the registration method in the blockchain when a device must access the information of some Aadhar. The computer can check the integrity of the hash of the sensitive data after the authentication process to detect possible intrusion actions. In the following Figure 4, the mechanism of our proposed system can be seen.
In the context of a transaction, interaction is carried out between devices and the blockchain. Three different kinds of transactions have been identified by smart contracts. Smart contracts receive requests from devices and, in turn, execute various operations in the blockchain, such as writing and reading. Figure 5 demonstrates the relationship between devices and blockchains.

IMPLEMENTATION
Smart contracts are software that is implemented as part of transaction validation on the blockchain ledger and run autonomously. A special development transaction, which adds a contract to the blockchain, is performed to enforce a smart contract in ethereum. Smart contracts are usually written in higher-level languages such as solidity in ethereum and then converted into EVM bytecode [11], [12].
Solidity is a turing-complete high-level programming language with a syntax close to java script. It is statically typed and supports inheritance, polymorphism, libraries, and user-defined complex types. When using solidity to create contracts, they are arranged similarly to classes in object-oriented programming languages. Variables and functions that decode and alter them make up the contract language, much as in traditional imperative programming [24].
First, the users use solidity language to write a smart contract for ethereum. Second, they may turn their solidity smart contract code into an ethereal bytecode. Thirdly, in a smart contract, they add the bytecode and deploy the transaction into the network. These steps are depicted in Figure 6. Once ethereum miners have the transaction, they will record it in a block and run the bytecode on the ethereum virtual machine any time an exchange from this smart agreement is named [25], [26]. The client sends the data packaged in exchange to speak with the smart agreement. Also, the client communicates with the smart agreement to collaborate with a smart agreement on ethereum by keeping the principles set out in the smart agreement. On the off chance that fruitful, the smart contract would then change the status of the nearby record of every miner. The coding parts of these steps are: a) Step  Aadhaar is a new contract that is made here. This contract governs all processes and data related to the uploading of fresh Aadhaar data to the blockchain. To describe an individual's Aadhaar information, a struct is generated. The struct Aadhaar detail contains the individual's name, birth date, address, and phone number. b) Step 2. Set up ethereum nodes We have to setup an instance of web3.0 with java script whenever the application starts. This is shown:

TELKOMNIKA Telecommun Comput El Control
window. Add Event Listener ("load", function ()) {if (typeof web3! = = "undefined") {console. warn ("Using web3 detected from external source like Metamask") window. Web 3 = new Web3(web3.currentProvider)} window. App. Start ()} c) Step 3. Create distributed application The application's interface is connected to the back-end. The interface is used to gather the individual's name, address, phone number, and date of birth. The smart contract is linked to a java script file that interacts with the user interface and pushes the user's data to the blockchain. The app.js file may be found here.

RESULTS AND DISCUSSION
The proposed system is implemented by solidity language and executed in ethereum virtual machine (EVM). The proposed system took the advantage of blockchain by using ethereum. Ethereum is a decentralized programming stage that enables smart contracts and distributed applications (DApps) to be created. In ethereum, the smart contract is used to develop the proposed system.
The proposed system is the aadhar authentication system that is distributed in nature. As in current Aadhar system, all the data is stored on the centralized system of UIDAI. Because of this centralized database, all the requests for authenticating must be through this. This may bottleneck the complete system and dependent on a single centralized authority. Further, internal attacks can tamper with the sensitive data of authenticated devices without being detected. Fear of hacking the secure data of Aadhar user may not be ignored.
The proposed system is implemented by the smart contract technique of ethereum that is very fast in transaction settlement only 120 sec is required by ethereum as compared to 3600 sec by bitcoin. Further, for securing the data, the proposed framework uses hashing technique algorithm ethash: proof of work and Keccak: a hash function standardized to SHA-3. The blockchain based proposed system protects the identity of its users. The consumer may grant access to only a portion of the data required by the third party using smart contract. The proposed system also avoids the misuse of Aadhaar numbers that is secured by using a hash code instead.

CONCLUSION
The proposed system may make Aadhaar more open and secure, as all user documents are managed in a distributed manner. The proposed framework may exploit other advantages of blockchains, such as smart contracts, to automatically execute certain events in a distributed way. The Aadhaar initiative is very significant and critical. It must not be harmed by the privacy issues that accompany it, or by the fear that it will be compromised. We must take the initiative that the supreme court has given us. The proposed system registered the unique Aadhar ID in the blockchain using smart contacts of ethereum so that this unique ID may be authenticated in a peer-to-peer network without a central authority. For securing the unique Aadhar ID, the proposed framework uses hashing technique. The hashed data stored into the second version blockchain i.e. ethereum where any change in the state of the data may be possible to detect instantly.