Detecting Altered Fingerprints

What are the privacy implications of collecting this biometric information?

7 September 2012

Matching mug shots to sketch artist’s renderings isn’t the only forensic application that IEEE Fellow Anil Jain is working on. During an interview with him for my article, I was fascinated by his work creating a system to detect altered fingerprints. He’s written several articles on his research, which can be found in IEEE Xplore. But he also realizes that collecting biometric information such as fingerprints, faces, and DNA could lead to possible abuses.

Fingerprints are collected for any number of reasons: job applications, visas, international border crossings, access control to secure facilities, computer logins, as well as matching a suspect to a crime. Because fingerprints are left each time the finger touches a surface, their use in forensics work is extremely valuable. It is generally recognized that fingerprints satisfy, to a large degree, two important properties: permanence and individuality. Even if a finger has minor cuts or bruises, it still contains sufficient details for matching. It is, therefore, not surprising that fingerprints have been successfully used for over 100 years in law enforcement and forensics.

How does fingerprint matching work? The typical fingerprint can have as many as 150 ridge characteristics. These are formed where the epidermis (the outer portion of the skin) and dermis (the inner skin) meet and form smooth lines and curves. Today’s automated fingerprint identification systems (AFIS) use sensing devices that convert the fingerprint into a digital image. These images are then processed to extract minutia points (the ridge characteristics) that contain data showing ridges at their points of termination (ridge endings) and the branching of ridges into two ridges (bifurcations). In a fingerprint, there are typically 80 to 100 minutia points.  According to Jain, in matching two fingerprint images today’s AFIS primarily rely on matching the corresponding two sets of minutiae. If a sufficiently large number of points match, an AFIS declares it a successful match.  In fact, this procedure used by state-of-the-art AFIS is similar to what human experts use in fingerprint matching says Jain.

The largest fingerprint identification system in the United States is the FBI’s Integrated Automated Fingerprint Identification System (IAFIS). The bureau’s repository is the largest in the world (10 fingerprints each of about 70 million individuals) and is used by various U.S. and international law enforcement agencies such as police departments. Successful fingerprint matching by the FBI relies on clear, legible prints of all 10 fingers. But there’s one big problem with today’s fingerprint identification systems: the FBI’s IAFIS cannot identify altered prints. That’s where Jain's and his Ph.D. student Soweon Yoon's research comes in, which is being funded by the FBI.

“Determining whether it was a natural-looking fingerprint or an abnormal one is of great value to the U.S. Department of Homeland Security and border-crossing agencies,” Jain says. That’s because in the last few years, authorities around the world noticed a trend of criminals and illegal immigrants using various methods to obliterate their fingerprints. The reason why some individuals resort to fingerprint obliteration or alteration is to hide their past criminal history. An altered fingerprint will result in a low match score with the corresponding unaltered fingerprint in the database.

When people decide to mutilate their fingerprints by surgery, burning, or applying acid, they don’t change just one fingerprint, according to Jain. That’s because they can still be identified in the database by the other nine fingers. If you had a gash or scar, say, on the right index finger, it would be detected as being different but with the other nine fingerprints being normal, the match score will still be high enough to make the correct identification. A minimum of five or six altered fingerprints is what typically sets off an alarm by Jain’s algorithm, requiring the person to go through a secondary inspection.

To cut down on the number of false alarms, Jain and Yoon’s algorithm looks at the discontinuity in the ridge flow and the distribution of minutia points. If a fingerprint has been altered, there are many more discontinuities in the ridge flow. “One way we detect this is by developing a mathematical model of ridges and fitting that model to the input fingerprint. If the model and the image have a significant amount of difference, then it’s not a natural fingerprint,” Jain says.

The other feature the algorithm looks at is the spatial distribution of minutiae. According to Jain, “The minutiae are not randomly placed in a fingerprint; the ridges are smoothly flowing and there is some order to those 80 to 100 points. But when you alter a fingerprint, the distribution of these points changes so that’s another clue we look for,” he says. “Our method is extremely fast and has a very low false alarm rate,” Jain says.

Jain realizes there are privacy concerns surrounding the use of biometrics for personal recognition, and he’s written about them in “Biometric Recognition: Security and Privacy Concerns” (IEEE Security & Privacy, 2003).

He says collecting this information could potentially lead to abuses. Fingerprinting isn’t foolproof. After all, while fingerprints may all be different, sometimes their differences are subtle, and open to interpretation and error. For example, certain deformed fingers might be statistically correlated with certain genetic disorders such as Trisomy 21, Turner’s Syndrome, and Klinefelter’s Syndrome, and this medical information could lead to discrimination. Fingerprints could also allow for the possibility of unwanted identification; for example, people who are legally maintaining aliases for personal safety reasons. Also because it is possible to easily obtain someone’s fingerprints without their knowledge or consent, those who want to remain anonymous for whatever reason could be denied their privacy by biometric recognition.

Jain says the possible abuse of biometric information could be addressed in several ways, including legislation by governments against sharing biometric identifiers and personal information, assurances by biometric vendors to adhere to ethical guidelines in their product design, or enforcement by independent regulatory agencies.

“A sound tradeoff between security and privacy might be necessary but we can only enforce collective accountability and acceptability through common legislation,” he notes. “On the positive side of the privacy issue, biometrics provides tools to enforce accountable logs of system transactions and to protect individuals’ right to privacy.”

What are your thoughts on the collection of biometric information, such as fingerprints? Do you think it could lead to unintended consequences?

The views expressed in this blog are solely those of the bloggers and do not represent official positions of The Institute or IEEE.

Image: Jeff Metzger/iStockphoto

Learn More