Thoughtful Biometrics for Fingerprints — Part 3
From Anthropometry to Fingerprint Systems
This article is the third in an introductory series leading up to the Thoughtful Biometrics Workshop 8,10,12 March 2021.
In the nineteenth century, Alphonse Bertillon, a French policeman, was the first to introduce the science of identifying a person based on his/her anatomical features. To identify repeat offenders, Alphonse built a set of tools known today as the Bertillon System. These tools were used to measure certain anatomical traits of a person, including eleven different body measurements such as the height, length, and breadth of the head, the width of cheeks, the length of different fingers, the length of forearms, etc.
The image above shows an illustration of the process for acquiring the forearm measurements. These measurements were then recorded on an identity card and/or manually compared to a record database to check if the same person was convicted. The system was used until 1903 when fingerprint records replaced it. Still, a few elements of the Bertillon System exist even today in the criminal police identification process, such as the combination of profile and frontal shots (mug shots) when photographing offenders.
Fingerprints as a Biometric
The Bertillon System's complexity was the reason for providing criminal identification systems with accurate and reliable data, but it was also the reason for the system’s downfall. Therefore, the Bertillon System's supremacy began to fade in the face of a new (at that time) identification technique — fingerprint identification, which was simpler to administer than the Bertillon anthropometry system. The use of fingerprints for establishing identity was started in the 16th century and thereafter replaced the Bertillon System as the worldwide standard for criminal identification.
A fingerprint refers to the flow of ridge patterns in the tip of the finger. The ridge flow exhibits irregularities in local regions of the fingertip termed as minutiae points. In 1892, Sir Francis Galton introduced the minutiae features for fingerprint matching. Since then, the distribution of these minutiae points along with the associated ridge structure has been believed to be distinctive to each fingerprint and has been used in individual identification records in police offices.
Fingerprints recognition systems are considered reliable methods to recognize individuals and are used in different biometric applications, such as physical access control, border security, watch list, background check, and national ID systems.
Representation and Matching
The uniqueness of a fingerprint is predominantly determined by the local ridge characteristics and their relationships, and matching fingerprints manually to claim that two impressions belong to the same person, requires complex protocols that have been used by examiners. Over the last three decades, research in fingerprint recognition has seen tremendous growth. However, most automatic fingerprint matchers follow similar protocols as human examiners and depend on fingerprints' ridge characteristics. These characteristics (fingerprint features) can be organized in a hierarchical order at three different levels.
Level 1 features include the ridge flow, pattern type, external fingerprint shape, orientation image, and frequency image. Level 2 features consist of minutiae location and orientation. Level 3 features consist of information available at higher resolution images, such as local shape of ridges, dots, pores, and incipient ridges. On the basis of the described hierarchical order, fingerprint matching can be accomplished using three classes of matchers.
Fingerprint Level 1 Features Matchers
The matchers of this class compare the global pattern of ridges or correlation-based matchers. During the matching procedures, the fingerprint or the global ridge orientation images are superimposed on each other. The correlation between the corresponding pixel intensities is computed for different alignments (various displacements and rotations). In general, it has been reported that the Level 1 features are useful for fingerprint classification and indexing, but not sufficient for fingerprint matching.
Fingerprint Level 2 Features Matchers
These are the most popular matchers whereby minutiae points are extracted from the fingerprint to be matched. Their location and ridge orientations are stored as a fingerprint template in a central database. The matching process determines the alignment between two minutiae sets that results in the maximum number of minutiae pairings. Some matchers utilize the Level 1 features, such as texture information, local orientation, frequency and/or ridge pattern, along with the extracted minutiae, to match two fingerprints.
Fingerprint Level 3 Features Matchers
This class of matchers is the least explored by researchers, compared to Level 2 features matchers. This is due to two major reasons; (1) robust extraction of level 3 features (ridge shapes, sweat pores) requires high-resolution images (> 1,000 ppi — number of pixels per inch in the image) compared to 500 ppi (the current FBI standard), and (2) even with the availability of good quality images, these matchers require high computational complexity. These reasons have made the practicality of using these matchers for some commercial applications debatable. However, Level 3 features play a significant role in latent fingerprint matching, where fingerprints are lifted from a surface prior to digitizing them.
Can my fingerprint be stolen?
People have grown accustomed to hearing how threat actors use stolen passwords to access a person’s other accounts. However, likening a fingerprint to a password is a false comparison. Inputting a password is simple and involves entering the characters through a keyboard. A biometric, in concept, needs to be entered through a biometric capture device, a process that isn’t as straightforward as typing on a keyboard.
Unlike passwords, biometric images are not entered directly. Instead, the stolen images would need to be converted into a spoof artifact that can be used with the specific image capture module. For instance, to pull off an attack using stolen fingerprints, an attacker would have to make molds of a person’s fingers. In other words, while using a stolen fingerprint to access an account is possible, this type of attack is not as simple to mount as ones that entail entering a stolen password.
Before implementing biometric recognition, organizations should determine if the risks associated with a presentation attack and determine if the effort involved in carrying out an attack is worth the “effort” and the “consequences” to the attacker.
“Effort” refers to the time, knowledge, and resources it takes to perform a presentation attack on a biometric system. The level of effort required to carry out this type of attack depends on the targeted biometric trait and is tied to the potential “consequences” of attacking the authentication system.
Can Fingerprint be spoofed? Yes, but this is not easy
Lifting an impression of a fingerprint from a surface requires more effort and skill than finding an image of a person’s face. Getting fingerprints requires being in close proximity to a person. But getting an image of a person’s face just requires using Google.
Meanwhile, the cost of launching a face spoof attack, which involves either using a printed photo, displayed photo or replayed video, is relatively low compared to manufacturing spoof fingers using molds or putty. There is also the risk of having an evil twin, but this is considered as a zero-effort attack, not a presentation attack.
People can aid or hinder a presentation attack’s success
In some cases, people cooperate with the attacker if they benefit from the consequence of the activity. For example, a Brazilian doctor used fake fingers made of silicone to sign in absent colleagues. Although fingerprints are harder to spoof than a face, having the people whose biometrics were spoofed cooperate with the perpetrator reduced the effort needed to fool the system.
On the other hand, if an attack will negatively impact a person, such as having money stolen, users will not cooperate with the threat actor and do their best to protect their biometric by not sharing them and securely storing this data. With the user and attacker on opposite sides, the threat actors will need to invest a substantial amount of effort to pull off a presentation attack.
So before likening a biometric to a password, remember the amount of work required to use each one in an attack. To use a stolen password, threat actors just need a keyboard. To use a biometric, they need to first acquire the data, spoof it and then fool the biometric capture device, a process that isn’t as easy as typing a birthday or your pet’s name on a keyboard.
Presentation Attacks Detection (PAD)
PAD becomes of paramount importance because it minimizes the threats posed by stolen biometrics. PAD or Liveness measures require some sort of active interaction from the user or passive tests to ensure that a person, not a biometric spoofed by a threat actor, is authenticating. PAD makes using a mold of a fingerprint or a mask of a person’s face much more difficult.
This article is the third in an introductory series leading up to the Thoughtful Biometrics Workshop 8,10,12 March 2021. Additional articles can be found as follows:
- A gentle introduction to Thoughtful Biometrics — Part 1
- Thoughtful Biometrics for Facial Recognition — Part 2
- Thoughtful Biometrics for Fingerprints — Part 3 (this article)
- Thoughtful Biometrics for Iris — Part 4
- Thoughtful Biometrics for Voice — Part 5
- Thoughtful Biometrics for DNA — Part 6
- Thoughtful Biometrics Overview — Part 7
- What is Identity Management — Part 8
