Image Quality and Minutiae Count Comparison for Genuine and Artificial Fingerprints


 


Abstract The vulnerabilities of a biometric sensor have been discussed extensively in the literature, and popularized on many films and television programs.  The focus of this research is to examine the image quality of an artificial print as compared to a genuine finger, and to examine the characteristics of the two including minutiae counts, image quality, as repeated samples are taken from the fingers.

Keywords-authentication, biometrics, fingerprint recognition, repeatability

INTRODUCTION AND MOTIVATION

Verifying the identity of an individual can be done through three main methods; what an individual has, what an individual knows or owns, and what an individual is. The first method is typically achieved through the use of a token, such as an identification card, badge, magnetic stripe, or Radio Frequency Identification (RFID) tag. The second method can be achieved through the use of a password, or personal identification number (PIN), and the third method can be accomplished through what an individual is, more formally known as biometric technologies.  Similar to the first two authentication methods, biometric systems too contain vulnerabilities and are susceptible to attack.  Some of these vulnerabilities are similar or even overlapping across all three authentication mechanisms.  However, attacks specific to biometric systems focus on liveness detection of a human i.e. is this finger from a live sample, or a gelatin sample. There have been various documented attacks in the literature which examine the attack on the sensor [1], [2]. While understanding and preventing attacks on the sensor are interesting research topics in need of investigation, this paper examines the  global and local features of a live sample compared to that of a gelatin finger from the same user after acquisition on a commercially available biometric fingerprint sensor. The following questions are posed; do the samples (live versus gelatin) exhibit the same minutiae counts, and do the acquired images possess the same image quality properties. That is, are the live and gelatin samples similar in their characteristics, and does this have an impact on matching performance?  

  

II.     Biometric System Vulnerabilities

All security measures, including mechanisms for authenticating identity, have ways of being circumvented.  Certainly the processes in working around these measures vary in difficulty based on effort and resources needed to carry out the deceptive act.  Authentication mechanisms based on secrets are particularly vulnerable to "guessing" attacks.  Token mechanisms that rely on the possession of an object, most notably a card or badge technology are most vulnerable to theft or falsified reproduction.  Biometric technologies closely tie the authenticator to individual identity of the user through the use of physiological or behavioral characteristics.  While this property is an added advantage over the previous two authentication mechanisms mentioned; it places a great emphasis on validating the integrity of the biometric sample acquired and transferred in the biometric system.  Ratha, N., et al. provided a model identifying vulnerabilities in biometric systems [3].  An example of the threat model is shown below in Figure 1, and builds on the general biometric model outlined in Mansfield and Wayman [4].

  

 

Figure 1: Biometric Threat Model

 

 

This model contains 11 individual areas at which vulnerabilities in biometric systems exist.  In addition to the five main internal modules that are characterized in the General Biometric Model (data collection, signal processing, matching, storage, and decision) [4], an additional component is added to represent the transfer of the authentication decision to the greater application that relies on the decision from the biometric system.  Such applications could be identity management systems (IDMS) or access control systems for logical and or physical access to resources.  These systems can vary in complexity and size ranging from a local computer log-in all the way to a wide scale distributed architecture seen in the cases of the Transportation Worker Identification Credential (TWIC) [5] or Personal Identity Verification (PIV) of Federal Employees and Contractors [6].  The remaining points of vulnerability are communication channels between these six modules.  It is worth noting that not all 11 vulnerability points are unique to the biometric system.  Many of the same points such as storage and communication channels are vulnerable in other authentication systems, and similar methods can be used to limit those particular vulnerabilities.

 

The most publicized vulnerability in biometric systems resides at the Data Collection module in the form of spoofing or presentation artificial representations of biometric samples (module #1 in Figure 1).  If an artificial or fake biometric sample is accepted by the biometric system at this initial stage, the entire biometric system is corrupted and the system has been compromised.  Attacks on the biometric system are not new, it is in popular culture to circumvent security systems and biometric systems are not immune to this. Several online resources are available that describe such attacks on the data collection module, and many movies and television programs highlight attacks on such systems. One such attack at this data collection module was outlined in the work of Matsumoto, T., et al. in 2002 using "Gummy Fingers" [1].  The biometric research community as well as industry has focused on research on preventing such attacks by using the concept of  "live-ness" detection techniques.  Today, the newer sensors are improving their resilience against a spoofing attack at this module.   Previously, an acetate spoofing attack where an image of a fingerprint placed on acetate was accepted as a genuine live finger,  were easy to do such attacks are providing increasingly difficult to do and hence the more complicated approaches in vulnerability attacks being waged on the sensor. And as such, techniques for live-ness detection within the fingerprint modality focus on moisture content, temperature, electrical conductivity, and challenge response. 

III.     Fingerprint Image Quality Analysis 

The purpose of this research paper was not to prove the vulnerability of the biometric system, but to examine the repeatability of the features of the gelatin finger print vis-à-vis the live genuine sample once the image has been acquired. The research question is whether an artificial print captured on an optical sensor exhibit any of the same characteristics that to a genuine finger from the same individual captured on the same sensor that might enable it to be excluded later on in the process, if the initial data collection module accepts it? Furthermore, over time, are the features of the two fingerprints consistent? Repeatability of the extracted features is important for the matching process in any type of biometric technologies [7],.  The features to be examined include: minutiae points, and image quality. One of the associated challenges is to ensure the image is of sufficient quality. A wide variety of factors can influence the quality of fingerprint samples. Non uniform contact, inconsistent contact, or irreproducible contact with the fingerprint sensor can result in images with a low signal to noise ratio, which is not desirable for feature extraction and matching purposes [9]. Wear and tear of skin, and ageing effects can alter the ridge characteristics on a semi permanent basis. These also affect acquisition of fingerprints by the fingerprint sensor. The importance of quality is widely acknowledged, but there is no standard means of assessing quality. The current standardization effort for assessing quality for biometric samples refers to three different connotations of quality:

·         Character

·         Fidelity

·         Utility

These three connotations of biometric sample quality can be directly applied to fingerprint sample quality.  Character is a description of quality based on inherent features from source of fingerprint. Individuals who have scarred fingerprints, or dry or cracked skin on fingertips will provide samples with poor character.  Fidelity is a description of quality based on degree of similarity between the actual fingerprint and the fingerprint image acquired by the sensor. Inconsistent contact with the fingerprint sensor can lead to fingerprint samples with poor fidelity.  Utility is a description of quality based on observed or predicted contribution of the fingerprint sample to the overall performance of the fingerprint recognition system. Utility of a fingerprint sample is directly affected by the character and fidelity of the fingerprint sample, and should be the closely related to performance of the recognition system.  A substantial amount of research has been conducted in area of quality assessment, all of which give varying levels of importance to character, fidelity and utility.  Previous research in the field of fingerprint image quality assessment can be generalized into three categories: local features analysis, global features analysis, and quality analysis as a classification problem [10]. Features of the fingerprint image like minutiae count, fidelity of minutiae, contrast ratio between ridges and valleys, capture area of fingerprint, determination of dominant direction etc. are used by quality algorithms in varying capacities to make quality determination. For the purpose of this research the live fingers and the gelatin fingers were examined by two different image quality algorithms, one provided by Aware, Inc. and the other provided as a part of NIST Fingerprint Imaging Software (NFIS).  

    

IV.     Methodology 

The methodology for this experiment calls for two stages.  Stage 1 was to create a set of images from an artificial gelatin finger from the same subject as the genuine finger. The procedures to accomplish this adapted several different methodologies outlined in the literature for creating an artificial fingerprint, including the work done by Matsumoto [1]. Prior to creating the mold, the following ingredients and utensils were required: plastic clay, hot water, and a plastic tong. To create the mold, enough plastic clay was required to cover the genuine finger.  In order to make the plastic clay malleable, it was placed into boiling water.  The plastic clay had the consistency to enable a mold to be created by placing the finger with only light pressure. When the plastic clay has reached this constituency, the clay should be cooled. Once the clay had cooled enough to touch; the finger was placed into the clay with the resulting indentation providing the mold to be used.. The finger was kept in the plastic clay until a sufficiently deep mold had been created. After the finger was removed, the mold was allowed to cure for an additional 10 minutes.  The resulting mold for this study is shown below in Figure 2

 

 

Figure 2 - Mold formed to create gelatin finger 

 

The next phase was to create a gelatin mixture that was able to produce artificial fingerprints recognizable to the sensor from the mold.  Two sheets of gelatin weighing 3.5g were soaked in cold water for five minutes. In order to remove the excess water, the gelatin sheets were dried until the gelatin weighed between 14-16g. Next, a bowl was immersed into extremely hot water, and the gelatin was placed into the bowl to loosen the consistency of the gelatin.  Once the gelatin had melted, it was poured into the clay mold.  Immediately after placing the gel in the mold, it was placed in a refrigerator to cool for 10 minutes at a temperature of 1oC.  The purpose of the cooling procedure is to transform the gelatin to a state that is resistant to change in formation when touched.  As a guide, in this experiment, the room temperature was 22oC. After the gelatin finger had a chance to cure in the refrigerator for a period of approximately one hour, it was removed from the clay mold and placed on the sensor to determine whether or not it was actually able to produce images.  10 attempts to acquire an image were made; in all 10 instances, an image was produced. The software verified the mold. If the mold was not verified by the software, then the mold would be destroyed and the process started again. The artificial finger was placed back in the refrigerator in simple plastic container (which was airtight, but not vacuumed) for 48 hours at a temperature of 2oC.  This procedure allowed the gelatin finger to completely solidify to its permanent state.   

After removing the artificial gelatin finger from the refrigerator, tests were conducted on the finger to estimate the optimal load required for acquiring images.  In general terms, it is best to use the least weight possible to produce a scan in order to minimize the spreading and mixture of the gelatin finger’s valleys and ridges.  Testing of loads ranging from 200g to 1000g, as measured by a Tanita digital scale, was performed. Approximately 200g was determined as the lower limit to produce an image, with 550g being the upper limit before distortion and inability to match occurred. The next stage of the experiment is to acquire a series of images from the artificial gelatin finger. All of the images were acquired from the optical sensor using the gelatin finger over a 15 minute period of time.  After 15 minutes of acquiring images, the gelatin finger had degraded to the point in which it was no longer able to be accepted by the optical sensor.  In all, 163 images were produced over the 15 minute time period.  A detailed description of the 160 images is provided in the results section.  

Stage 2 of the experiment called for the collection of a series of live samples. 160 live samples were acquired from the same finger over an eight minute time period on a commercially available optical sensor. 160 was chosen as this was the same number of artificial prints collected.  These 160 images were all stored in order of time collected, and are used to provide a baseline quality assessment that will be compared against the artificial gelatin samples.  

 

  After data collection, both sets of images (live and gelatin) were run through the NIST Fingerprint Image Software (NFIS) package. The MINDTCT function was used to count the number of minutiae present in each individual image.  The NFIQ function was used to evaluate image quality, which is determined on a rating scale of 1 to 5; with 1 being the best and 5 being the worst.  The results of MINDTCT and NFIQ were then compared between the two groups (live and gelatin) by the means of statistical t-tests (using an α level of 0.05) to determine if any statistical difference existed across the groups.  Aware, Inc. has a commercially available image quality and minutiae count software which was also used to extract image quality scores and minutiae counts for fingerprints from the live finger and gelatin finger groups.

V.     Results 

The generation and image acquisition of gelatin fingers can be problematic as previous research has shown that gelatin fingers do not have consistent repeatability. However, this study provides anecdotal evidence suggesting that better preparation and storage of the artificial finger can aid in the repeatability of the images produced. The first 39 samples provided continuous successful spoofing results; on the 40th presentation a failure-to-acquire (FTA) resulted.  Overall, 163 images were acquired, but only 160 images were used for the final study. The acquisition rate for this particular gelatin fingerprint was 90.7%, producing a FTA rate of 9.3%. Figure 3  below shows the gelatin print (left) a live print (right).  The FTA rate for the live finger was 0.0%.

 

 

Figure 3 - Gelatin finger (left) and live finger (right)

 

 

The minutiae count analysis on both the fingerprint groups was performed first. Figure 4 and Figure 6 shows a box plot of the minutiae count from generated from Aware, Inc. image quality tools (commercially available) and Figures 5 & 7 shoes the image quality from NIST MINDTCT (NFIS) of the live finger and gelatin finger prints respectively.

 

 

 

Figure 4 Box - Plot of Live and Gelatin Finger Minutiae Count using Aware

 

 

Figure 5 Box - Plot of Live and Gelatin Finger Minutiae Count using MINDTCT (NFIS)

 

The results from both the box-plot graphs shows that the live fingerprints have a lower minutiae count than the gelatin fingerprints, which is most likely a result of indirect and inconsistent contact with the optical sensor.

 

In order to study the deterioration of the gelatin fingerprints the first 16 and last 16 samples from the live and gelatin fingerprint groups were used. Figure 6 shows a box plot of the live and gelatin fingerprint minutiae count for first 16 prints, and Figure 7 shows a box plot of live and gelatin fingerprint minutiae count for last 16 prints. An interesting observation is that the minutiae count increases for the gelatin fingerprint group, but stabilizes for live fingerprints.  The stabilization of minutiae count for the live fingerprints can probably be attributed to habituation or acclimation to the device. The subject has been acclimated to placing their finger on the optical sensor which reduces the inconsistent contact of finger surface with the platen of the sensor. Another interesting observation is the increase in minutiae count between the gelatin fingerprints. This suggests degradation of the mold because of repetitive use and introduction of cracks in the mold.  Evidence suggests that overtime, the number of minutiae for the gelatin fingerprint increases over time, and for a live finger print stabilizes over time.

 

Figure 6 Box - Plot of Live and Gelatin Finger Minutiae Count using AWARE - first 16 prints

 

Figure 7 Box - Plot of Live and Gelatin Finger Minutiae Count using AWARE  last 16 prints

 

  

Figures 8 and Figure 9 shows a scatter-plot for minutiae count vs. sample number of live and gelatin fingerprint groups. Both of these graphs give credence to the observations made from the box-plots. 

Figure 8 Scatter-plot Minutiae count vs. sample number MINDTCT


 

 

Figure 9 Scatter-plot Minutiae count vs. sample number AWARE

 

 

Image quality is another metric that was considered important for this research. Figure 10 shows the scatter plot of image quality scores obtained using Aware Inc. quality algorithm for live and gelatin fingerprints. The graph of image quality scores clearly shows that there is degradation of the gelatin fingerprint. T-tests of image quality scores between the live and gelatin fingerprints showed that there is a statistically significant difference in quality scores between them. The severe decrease in image quality noticed in the repeated use of gelatin fingerprint indicates that it would be of practical use only for the first 10 or so attempts. Table 1 shows the results from the t-tests.

 

 

 

Figure 10 Scatter-plot Aware Image Quality Scores

 

Table 1.  t-test Results

 

Groups

N

Mean

p-value

Aware_Live_IQ

160

79.22

<.05

Aware_Gelatin_IQ

160

61.0

 

 

 

 

NFIS_Live_IQ

160

1.88

<.05

NFIS_Gelatin_IQ

160

2.21

 

Interestingly, however, image quality scores might not provide a clear indication of a spoofing attempt, because in the initial 9 samples, there was no statistically significant differences between the image quality score means of the two groups. .

VI.     Conclusion 

The danger with providing a recipe for spoofing is that an attack methodology to a biometric sensor is revealed. However, in this case the attack is analogous to an individual revealing a PIN number to a fraudster, and going to the ATM to watch them take out the money. The test was not designed as a spoofing enquiry to evaluate the security of the system, rather to understand the characteristics of the gelatin finger compared to its live counterpart. Interesting results were obtained; the first is that the gelatin sample was able to provide 163 samples with an acquisition rate of 90.7%. Further analysis of fingerprints from the live and gelatin fingers showed a considerable difference in the basic characteristics between the two groups. Repeated use of the gelatin finger resulted in a rapid degradation of the quality of prints provided which was reinforced by an increase in minutiae count with repeated use. Expecting a gelatin mold to survive over a 100 attempts would be unreasonable, but our analysis showed that even after 10 uses of the mold there is a severe degradation in quality of the gelatin finger, even though the system matched the spoof. Stabilization of the minutiae count for the live fingerprint was an unexpected result of the experiment, but it reaffirms the notion of habituation and how it can be used to acquire fingerprint samples representative of its owner.

 

VII.     References 

 

 

1.             Matsumoto, T., et al. Impact of Artificial Gummy Fingers on Fingerprint Systems. in SPIE. 2002. 

2.             Rowe, R.K., A Multispectral Sensor for Fingerprint Spoof Detection, in Sensors Magazine. 2005: Santa Ana, CA 92707. p. 4. 

3.             Ratha, N.K., J.H. Connell, and R.M. Bolle, Enhancing security and privacy in biometrics-based authentication systems. IBM SYSTEMS JOURNAL,, 2001. 40(3). 

4.             Mansfield, A. and J. Wayman, Best Practices in Testing and Reporting Performances of Biometric Devices. 2002, Biometric Working Group. p. 1-32. 

5.             DHS; Transportation Worker Identification Credential (TWIC) Program.  https://www.twicprogram.com/ 

6.             NIST; Personal Identity Verification of Federal Employees and Contractors.  http://csrc.nist.gov/piv-program/ 

7.             Elliott, S., N. Sickler, and E. Kukula, Automatic Identification and Data Capture. 3 ed. 2005, West Lafayette: Copymat. 314. 

8.             Jain, A. and N. Duta. Deformable matching of hand shapes for user verification. in 1999 International Conference on Image Processing. 1999. Kobe, Japan: IEEE. 

9.             Haas, N., S. Pankanti, and M. Yao, Fingerprint Quality Assessment. In Automatic Fingerprint Recognition Systems. 2004, NY: Springer-Verlag. 55-66. 

10.           Fernandez, F., J. Aguilar, and J. Garcia. A Review of Schemes for Fingerprint Image Quality Computation. in 3rd COST 275 Workshop Biometrics on the Internet. 2005.