Implementing a secure contact tracing system

Contact tracing means identifying people who have been in close proximity to each other for a certain duration of time. In recent days the COVID19 pandemic has brought this topic into the attention of governments trying to contain the outbreaks of the disease. However, there have been widespread concerns about the user’s data and privacy being compromised via the contact tracing app. The following report provides a useful database and analysis of the currently available apps that do contact tracing: As can be seen from the above report, a large chunk of those apps are considered invasive and do not clearly outline how they actually work, and what they do with the potentially sensitive data that they capture from the user’s device. A possible design for a transparent and secure contact tracing solution The Bluetooth and GPS enabled smartphones carried by the population are the most commonly used d

Opprtunities for improving security in GoI apps

Recent nationwide lock down due to COVID19 situation has forced me to try using some of the apps designed by various agencies of the central and state governments in India. It is heartening to see that we have done some serious work towards adoption of digitization of several services. The apps that I tried using included: BHIM by National Payments Corporation of India (NPCI) Aarogya Setu by NIC ( Interestingly, both of these apps came into being in response to a crisis situation. The BHIM system came into limelight after the November 2016 demonetization event. Aarogya Setu is believed to be an app for tracing COVOD-19 contacts of the people who may be infected by the virus. Lets talk about the BHIM app first. It seems to have matured today, and has a wide user base. The permissions required by BHIM app for its functioning are listed here unde

Remove paywalls hiding the outcomes of publicly funded research

During FY 2014-15 the extramural R&D support expenditure reported by DST's annual report[1] is about INR 20 billion (i.e. 2000 crore). The allocation[2] to DST for funding R&D in 2015-16 was at about INR 95 billion. This is all taxpayer's money. It is not necessarily a bad thing to spend on such R&D as long as the outcomes are useful and accessible to public whose tax rupees are used to fund such "research". One of the key outcomes (at least from the perspective of researchers and the organisations engaged in such "research") is the research articles that are published in various peer-reviewed journals and conferences etc. Examples  of such venues are Elsevier , Springer , IEEE , ACM and so on. If you try accessing a non-open-access article at any of such venues you will find that on an average onetime accessing of a single article can cost anywhere between 15 to 30 USD. Cost of annual subscriptions alone of these journals and digital lib

Data leakage possibilities with Aadhaar based e-KYC systems

A recent incident in July 2017  that involved alleged data theft through a KYC app has added to the confusion and concerns in the minds of users about security and confidentiality of their biometrics and other PII data that are maintained by UIDAI . I am a bit skeptical about how PII is handled by various agencies who collect and transact with such data in our country. The concern about having my biometrics and other data lifted was at back of my mind when I was giving my fingerprint at a mobile phone shop for taking a new data connection last week. It was not until a friend asked me for some clarifications about internals of biometrics based authentication systems that I paid close attention to various possible leakage points in Aadhaar based eKYC/authentication  applications.  The overall architecture and process steps involved when using Aadhaar APIs for performing, say, authentication of an Aadhaar card holder are explained in its API documentation . For the sake of und

University infrastructure building | Some experiences part 2

In one of my earlier posts I jotted down few of my thoughts based on personal experience regarding planning activities related to a university infrastructure creation project. Here I'm jotting down some of the low-level points which, though may seem quite "common-sense", often get ignored during the detailed design and planning. Utilisation of facilities : When identifying the requirements for various facilities (e.g. lecture/seminar/meeting rooms, certain type of labs and offices etc.) you should base the numbers on expected utilisation of these facilities. For instance, if your are creating a lecture hall complex building then you should consider the timetable and past course enrolment data (and future projection of it) that reflects your university's academic programs. Chances of creating a good academic infrastructure significantly improve if you decide the number and sizes of various lecture halls etc. based on such information. Similarly, the number of

Common agency for creating infrastructure of new IITs

In this post I'm putting forth a case for setting up a common agency for the sole purpose of setting up the infrastructure of new IITs (or similar institutions). Let me start by noting some key observations about the overall scenario that exists across the younger IITs: Considering the "core business" -- which is teaching and research -- of these institutes, all of them need more or less the same type of facilities. More than 80% (at least by built-up area) of the infrastructure comprises of: teaching labs, lecture halls, students' accommodation, teaching and non-teaching staff's accommodation, offices of teaching and non-teaching staff, recreational facilities. The only area where the infrastructure of any two IIT's may differ is: certain type of research facilities. This means that from functionality perspective the infrastructure requirements of all IITs is largely the same. Each one of IITs that were setup in 2008-2009 embarked on their individual i

Time behind the wheel

Yesterday I got a notification on my phone that my car is due for service. I checked the odometer and few other bits of information available on the digital console of my car. These days the on-board computers in cars capture useful data about the vehicle. My car has done about 70,000 km in last about 42 months, and I have been the sole driver on this one. What struck me more than the kilometres run was the time I have spent behind the wheel. Following are few other bits of information captured by car's system: Distance run is 69227 km at an average speed of 38.8 km/hour. Fuel economy has been 20 km/litre. This means that during last 42 months: I have burnt 69227÷20 = 3461.35 litres of diesel and burnt about 3461.35×50 = 173067.5 Rs. (Assuming average fuel cost to be 50/litre.) on fuel cost alone. I have been sitting behind the wheel for 69227÷38.8 = 1784.20 hours of my life with my attention intensely riveted on the road looking at tar and the poetry written