author's personal copyatvs.ii.uam.es/fierrez/files/2008_prl_attackrecfps_published.pdf ·...

This article appeared in a journal published by Elsevier. The attachedcopy is furnished to the author for internal non-commercial researchand education use, including for instruction at the authors institution

and sharing with colleagues.

Other uses, including reproduction and distribution, or selling orlicensing copies, or posting to personal, institutional or third party

websites are prohibited.

In most cases authors are permitted to post their version of thearticle (e.g. in Word or Tex form) to their personal website orinstitutional repository. Authors requiring further information

regarding Elsevier’s archiving and manuscript policies areencouraged to visit:

http://www.elsevier.com/copyright

http://www.elsevier.com/copyright

Author's personal copy

An evaluation of direct attacks using fake fingers generated from ISO templates

Javier Galbally a, Raffaele Cappelli b, Alessandra Lumini b,*, Guillermo Gonzalez-de-Rivera a,Davide Maltoni b, Julian Fierrez a, Javier Ortega-Garcia a, Dario Maio b

a Biometric Recognition Group – ATVS, Escuela Politecnica Superior, Universidad Autonoma de Madrid, C/Francisco Tomas y Valiente, 11, 28049 Madrid, Spainb Biometric Systems Laboratory – DEIS, Scienze dell’Informazione, Universita di Bologna, Via Sacchi, 3, 47023 Cesena, Italy

a r t i c l e i n f o

Article history:Available online 4 October 2009

Keywords:Biometric systemsSecurityDirect attacksVulnerabilityFingerprint reconstruction

a b s t r a c t

This work reports a vulnerability evaluation of a highly competitive ISO matcher to direct attacks carriedout with fake fingers generated from ISO templates. Experiments are carried out on a fingerprint databaseacquired in a real-life scenario and show that the evaluated system is highly vulnerable to the proposedattack scheme, granting access in over 75% of the attempts (for a high-security operating point). Thus, thestudy disproves the popular belief of minutiae templates non-reversibility and raises a key vulnerabilityissue in the use of non-encrypted standard templates. (This article is an extended version of Galballyet al., 2008, which was awarded with the IBM Best Student Paper Award in the track of Biometrics at ICPR2008).

� 2009 Elsevier B.V. All rights reserved.

1. Introduction

Biometric systems present several advantages over classicalsecurity methods based on something that you know (PIN, Pass-word, etc.) or something that you have (key, card, etc.) (Jainet al., 2006; Wayman et al., 2005). Traditional authentication sys-tems cannot discriminate between impostors who have illegallyacquired the privileges to access a system and the genuine user.Furthermore, in biometric systems there is no need for the userto remember difficult PIN codes that could be easily forgotten orto carry a key that could be lost or stolen.

However, in spite of these advantages, biometric systems havesome drawbacks (Schneier, 1999), including: (i) the lack of secrecy(e.g. everybody knows our face or could get our fingerprints) and(ii) the fact that a biometric trait cannot be replaced. Furthermore,biometric systems are vulnerable to external attacks which coulddecrease their level of security.

These external threats can be broadly divided into direct(Galbally et al., 2006) and indirect attacks (Uludag and Jain,2004), being the first those carried out using a fake biometric trait,and the latter those directed to some of the system inner modules.The main difference between the two attack categories is that inthe direct approach no information about the internal functioningof the system is needed, the only requisite is to have access to thesensor. Thus, it would be desirable for a potential attacker to be

able to transform an indirect attack into a direct one as the require-ments to carry it out would be largely simplified.

The studies presented in (Cappelli et al., 2007b; Ross et al.,2007), showed that, contrary to a common belief, a minutiae-basedfingerprint template contains enough information to reconstruct adigital image similar to the original fingerprint, and such an imagemay be used to spoof a biometric system. In those studies thereconstructed digital images were compared to the original finger-prints, thus simulating indirect attacks carried out by injecting thereconstructed images into the feature extractor. In the present con-tribution we perform a systematic and replicable evaluation of amore dangerous security threat: transforming such an indirect at-tack into a direct attack executed with gummy fingers made fromthe reconstructed images. The success chances of such attack areevaluated on a standard and publicly available fingerprint database(Fierrez et al., 2007), using a competitive matching algorithmworking with ISO/IEC 19794-2 templates (ISO, 2005).

The vulnerability threats shown in this study are of special rel-evance for applications working with fingerprint template stan-dards such as the PIV program (NIST, 2005) (using ANSI-INCITS378-2004 templates without encryption on smart cards), or theILO Seafarers’ Identity Document (ILO, 2006) (using ISO/IEC19794-2 templates printed in clear on plastic cards as 2Dbarcodes).

Furthermore, the interest for the analysis of security vulnerabil-ities has surpassed the scientific and industry field and differentstandardization initiatives at international level have emerged inorder to deal with the problem of security evaluation in biometricsystems, such as the Common Criteria through different Supporting

0167-8655/$ - see front matter � 2009 Elsevier B.V. All rights reserved.doi:10.1016/j.patrec.2009.09.032

* Corresponding author. Fax: +39 0547 339208.E-mail address: [email protected] (A. Lumini).

Pattern Recognition Letters 31 (2010) 725–732

Contents lists available at ScienceDirect

Pattern Recognition Letters

journal homepage: www.elsevier .com/locate /patrec


Documents (CC, 2006), or the Biometric Evaluation Methodology(BEM, 2002). The vulnerability study carried out in the presentwork can be of great help to further develop these ongoing securityevaluation standardization efforts, and for independent institutionsin charge of objectively asserting the level of security offered to thefinal user by fingerprint recognition systems.

The paper is structured as follows. Related works are summa-rized in Section 2. The reconstruction process to go from the minu-tiae template to the final fake finger is described in Section 3. InSection 4 we describe and analyze the results obtained. Conclu-sions are finally drawn in Section 5.

2. Related works

In (Ratha et al., 2001) eight possible attack points to biometricrecognition systems were identified and classified. These vulnera-bility points, depicted in Fig. 1, can be broadly divided into directand indirect attacks.

� Direct attacks: In (Ratha et al., 2001) the possibility to generatefake biometric samples (for instance, speech, fingerprints or faceimages) in order to illegally access a system was discussed, anddefined as the first vulnerability point in a biometric securitysystem. These attacks at the sensor level are referred to as directattacks. It is worth noting that in this type of attacks no specificknowledge about the system is needed (matching algorithmused, feature extraction, feature vector format, etc.). Further-more, the attack is carried out in the analog domain, outsidethe digital limits of the system, so the usual digital protectionmechanisms (digital signature, watermarking, etc.) cannot beused.It has been already shown in some works the feasibilityof carrying out direct attacks against fingerprint verification sys-tems, however in previous contributions the number of fake fin-gerprints used was very limited, not permitting a statisticallysignificant evaluation of the attacked systems. In (der Putteand Keuning, 2000) the authors tested the vulnerability of sev-eral sensors to fake fingerprints made with plasticine and sili-cone. The authors classified the different methods to creategummy fingers in two main categories: with and without coop-eration of the legitimate user. One method of each class wasdescribed and the possibility of breaking different commercialsensors was explored on a yes or no basis.Matsumoto et al.(2002) carried out similar experiments to those reported in(der Putte and Keuning, 2000), this time with fake fingerprintsmade of gelatin. Again they distinguished between the case inwhich they had the cooperation of the fingerprint owner (fivedifferent fake fingerprints were generated this way) and the sit-uation in which the latent fingerprint had to be lifted from a sur-face (just one gummy finger of this type was used in theexperiments).More recently, in (Galbally et al., 2006) the firststatistically significant evaluation of two different fingerprintverification systems against direct attacks was presented (onlyfake fingerprints generated with the cooperation of the userwere considered). An optical and a thermal sweeping sensorswere used to capture the images and two different attack

scenarios were considered. Some interesting findings regardingthe samples quality were drawn from the experimentalresults.Similar experiments testing different sensors and usingseveral attacking methods can be found in (Thalheim and Kriss-ler, 2002; Kang et al., 2003).

� Indirect attacks: This group includes all the remaining sevenpoints of attack identified in Fig. 1. Attacks 3 and 5 might be car-ried out using a Trojan Horse that bypasses the feature extractorand the matcher, respectively. In attack 6 the system database ismanipulated (a template is changed, added or deleted) in orderto gain access to the application (Hill, 2001). The remainingpoints of attack (2, 4, 7 and 8) are thought to exploit possibleweak points in the communication channels of the system,extracting, adding or changing information from them (Soutaret al., 1999; Adler, 2003; Uludag and Jain, 2004; Martinez-Diazet al., 2006). In opposition to direct attacks, in this case theintruder needs to have some additional information about theinternal functioning of the recognition system and, in mostcases, direct access to some of the system components (featureextractor, matcher, database, etc.) is required.In (Cappelli et al.,2007b; Ross et al., 2007) the authors describe an algorithm toreconstruct images similar to the original fingerprint from itsISO minutia-based template. These techniques give the chanceof converting a type 4 attack (to the input of the matcher, seeFig. 1) using a legitimate user’s template which has been com-promised, to a type 2 attack (to the input of the feature extrac-tor) using the corresponding reconstructed fingerprint image.

In the present contribution we make an statistical evaluationof the robustness of an ISO minutiae-based system against at-tacks carried out with gummy fingers generated from the recon-structed fingerprint images. This way, a hypothetical indirectattack (type 2, to the input of the feature extractor) is trans-formed into a direct attack to the system sensor. Thus, the attackis simplified as the intruder does not need to have physical ac-cess to the system or any particular knowledge about its internalfunctioning.

3. The reconstruction process

The fake finger reconstruction approach comprises two phases:in the former, a fingerprint image is generated according to thetechnique proposed in (Cappelli et al., 2007a,b), in the latter, thefingerprint image is used to make a fake fingertip.

3.1. From the template to the image

The image reconstruction approach exploits the informationstored in the template to reconstruct a realistic image by estimat-ing several aspects of the original unknown fingerprint throughfour processing steps (Fig. 2). The attacking scenario consideredin this work supposes that only the mandatory information storedin a Fingerprint Minutiae Record of the ISO template (ISO, 2005) isavailable; hence, the reconstruction approach only makes use ofthe following data: the image size, its resolution, and the list ofminutiae, each defined as a quadruple ft; x; y; hg that indicates itstype ðt 2 ftermination;bifurcation;othergÞ, position ðx; yÞ, anddirection h.

The four reconstruction steps (Fig. 2) are here briefly summa-rized (the reader should refer to Cappelli et al. (2007b) for a moredetailed description)

1. The fingerprint area is estimated according to the ellipticalmodel proposed in (Cappelli, 2003), by minimizing the area thatencloses all the minutiae in the template.

2Identity claim

MatcherPre-Processing

Feature Extraction

Matching score

1

34

5 67

8

Fig. 1. Architecture of an automated biometric verification system. Possible attackpoints are numbered from 1 to 8.

726 J. Galbally et al. / Pattern Recognition Letters 31 (2010) 725–732


2. The orientation image is estimated, starting from the directionof each minutia, by optimizing the parameters of the orienta-tion model proposed in (Vizcaya and Gerhardt, 1996). Then alocal adjustment is performed to better approximate the orien-tations in the minutiae neighbourhoods.

3. The fingerprint pattern is generated by positioning minutiaeprototypes and iteratively growing the pattern, starting fromthe orientation image and the frequency image (denotingthe local ridge-line frequency). The local frequency is initiallyassumed constant over the whole fingerprint (according to aninput parameter t as in (Cappelli et al., 2006, 2007b)), andthen refined in step 4 for a further execution of step 3. Theminutiae prototype positioning consists in placing on anempty image a small prototype for each minutia, properlyscaled and rotated. The iterative pattern growing iterativelymodifies the image by applying at each pixel a Gabor filteradjusted according to the local frequency and orientationuntil the whole image has been covered (Cappelli et al.,2007b).

4. A more realistic frequency image (than the constant one) is esti-mated by comparing the minutiae in the image generated bythe first execution of step 3 with the original template. The fre-quency image is locally adjusted as follows: the frequency isdecreased in the neighborhood of any false minutia andincreased in the regions where true minutiae are not present.Then step 3 is repeated using the new frequency image as input,usually resulting in a generated image with a lower number ofnon-corresponding minutiae.

In (Cappelli et al., 2007b), the final rendering of the image in-cludes the addition of noise, to make it more realistic. In the pres-ent work, both fake fingerprints made from noisy images andfrom ‘‘perfect” ridge patterns have been evaluated (see Section4.1).

3.2. From the image to the fake finger

The technique used to go from the two dimensional recon-structed fingerprint image to the three dimensional fake finger issimilar to the non-cooperative method to generate gummy fingersdescribed in (der Putte and Keuning, 2000).

Once the fingerprint image has been reconstructed from the ISOtemplate, the colours are inverted (i.e. ridges are now valleys andviceversa) and the inverted image is printed on a slide which willserve as a mask to create a Printed Circuit Board (PCB) where thecircuit lines are the valleys of the original fingerprint. The PCB isthen covered with a mixture of modelling silicone and a catalystwhich reacts with the silicone turning it into a consistent stateafter a few minutes. When the mixture hardens, it is detached fromthe PCB and finally the fake fingerprint is cut out from the sparematerial. The steps followed to go from the reconstructed finger-print image to the final fake finger are depicted in Fig. 3.

4. Results

The described reconstruction process is used to carry out a vul-nerability evaluation of an ISO minutiae-based matcher against di-rect attacks executed with fake fingers generated from ISOtemplates. First, a development experiment is carried out on a to-tally different scenario (sensor, database, and systems tested), inorder to acquire some general information about the attack poten-tial and to adjust parameters. Then the evaluation of the system isperformed.

4.1. Development experiment

Three main objectives were pursued with this preliminary exper-iment, namely, (i) fix the parameters of the image reconstruction

STEP 2

STEP 1

STEP 3 (Executed twice)

Fingerprint Area

Orientation Ima e

Ridge Pattern

Minutiae Template

Prototypes

Prototype

Adjusted Frequency Image

1 exec.

Non-correspondingminutiae

STEP 4

Constant Frequency Image

2nd exec. 1 t exec.2nd exec.

Reconstructed Fingerprint

Fig. 2. Steps followed to reconstruct the fingerprint image from the ISO minutiae template.

J. Galbally et al. / Pattern Recognition Letters 31 (2010) 725–732 727


algorithm for the ISO matcher evaluation, (ii) verify the feasibility ofthe whole attacking approach, and (iii) decide which of the configu-rations, with or without noise, produces better results.

The evaluation of the ISO matcher is carried out over theFVC2006 DB2 database (FVC, 2006), captured with the optical Bio-metrika FX3000 sensor. Thus, in order to have an independenttraining scenario (for the tuning of the algorithm parameters,objective (i)) this preliminary experimentation was executed overthe FVC2002 DB1 (Maio et al., 2002) captured with the opticalCross Match sensor, also used in (Cappelli et al., 2007a,b). Thisway the final evaluation results are ensured to be totally unbiased,and at the same time there are previous experimental results(Cappelli et al., 2007b) with which to compare the performanceof the attack in these preliminary tests (objective (iii)).

The experiments are carried out on the eight fingerprint match-ers used in (Cappelli et al., 2007a,b). Ten different fingerprint ISOtemplates were selected from the original database (FVC2002DB1), and three images, each with a different ridge frequency (per-iod of 7, 8, and 9 pixels, respectively), were reconstructed fromeach of the templates. In addition, two scenarios (with and withoutrandom noise) were considered, so that in the end a total10� 3� 2 ¼ 60 fingerprint images were printed in the PCBs, andtherefore 60 silicone fingers were finally produced. One sampleof each of the 60 fake fingers is captured with the Cross Match sen-sor, thus resulting in a final database of 60 fake fingerprint images.In Fig. 4 we show for the configuration without noise (two toprows), and with noise (two bottom rows), an original fingerprint(left), together with the three reconstructed images at differentridge frequencies and their respective final impostor images.

Three different thresholds were computed for each of the eightmatchers tested as in (Cappelli et al., 2007b), corresponding to:FMR ¼ 1%, FMR ¼ 0:1%, and FMR ¼ 0%. For each of the thresholds,we consider that an attack has been successful if any of the threeimpostor images (corresponding to the three different ridge fre-quencies taken into account) produces a matching score higherthan the threshold.

All the attacks performed (to the ten real fingerprints selected)for the three operating points considered were able to spoof eachof the eight systems tested. Although all the attacks carried outin both scenarios (with and without noise) were successful, the re-sults show that the average matching score obtained in the noisy-images scenario is about 14% lower than that reached in the sce-nario without noise.

More details on one of these preliminary experiments can befound in (Galbally et al., 2008), where it is shown how the processof fake fingertip creation and its acquisition through a fingerprintscanner do not seem to noticeably affect the matching score of acommercial system, in the conversion from an indirect to a directattack.

Thus, although the number of fake fingers generated is not en-ough to obtain statistically significant results about the vulnerabil-ity of the different systems to the attack, this preliminaryexperimentation does match the three objectives proposed. Wecan conclude from the results that the configuration chosen forthe reconstruction algorithm (objective (i)) is very effective againstall the matchers tested, proving that the attacking approach is to-tally feasible (objective (ii)). Furthermore, as expected, the attackpresents a better performance when using the fake fingerprintscreated without noise (objective (iii)).

4.2. ISO matcher evaluation

The knowledge acquired in the previous experiment is used tocarry out a vulnerability evaluation of a very competitive ISOmatcher (working only with minutiae information) against the di-rect attacks described in this work. The experiments are carried outon the FVC2006 DB2 database (FVC, 2006), captured with the Bio-metrika FX3000 optical sensor and comprising 12 samples from140 different fingers (a total of 1680 images).

In order to choose different operating points in which to evalu-ate the system robustness, the genuine and impostor sets of scoresare computed following the FVC2006 protocol, i.e.: (i) for genuinetests all the 12 samples of each user are compared with each otheravoiding symmetric comparisons (ð12� 11Þ=2 ¼ 66 scores peruser), this results in 66� 140 ¼ 9240 genuine scores and (ii) forimpostor tests the first sample of every user is compared with thefirst sample of the remaining users in the database (again avoidingsymmetric comparisons), resulting in ð140� 139Þ=2 ¼ 9730impostor scores. The genuine and impostor score distributions aredepicted in Fig. 5 (crosses and circles, respectively).

These sets of matching scores are used to compute the systemthreshold ðlÞ for: FMR ¼ 1% ðl ¼ 0:19Þ, FMR ¼ 0:1% ðl ¼ 0:21Þ,and FMR ¼ 0% ðl ¼ 0:25Þ. The last two thresholds correspond tothe typical operating points of a medium/high-security application(see ANSI, 2001); however, in order to evaluate the matcherrobustness for higher levels of security, the operating points

Fig. 3. Process followed to generate the fake fingerprint: reconstructed image (a), negative of the reconstructed image (b), fingerprint on the PCB (c), pour the silicone andcatalyst mixture on the PCB (d), spread the mixture over the PCB (e), detach when it hardens (f), cut out each fake finger (g), and final fake fingerprint acquired (h).



l ¼ 0:30, l ¼ 0:35, and l ¼ 0:40 (all with zero FMR) have beenalso considered. All the six operating points are shown with a ver-tical dotted line in Fig. 5, while the performance of the matcher (interms of FMR and FNMR) in each of the thresholds considered is re-corded in Table 1 (columns 2–4). With these performance results,the matcher would have ranked among the top five algorithmscompeting in FVC2006 (out of 42 that entered the open category).The fact that FVC2006 algorithms typically exploit minutiae infor-mation complemented with other ridge pattern data while the

evaluated matcher works only on pure ISO minutiae templates,proves it to be highly competitive.

In order to carry out the vulnerability evaluation, three images(each with a different ridge frequency, as in the preliminary exper-iment) are reconstructed from the ISO templates corresponding tothe first fingerprint of each of the first 50 users in FVC2006 DB2database. Each of the three reconstructed images were matchedwith the respective genuine fingerprint. In Table 1 (column five)we show, for each considered operating point, the percentage oftimes (out of the total 50) any of the three frequency images pro-duced a score higher than the fixed threshold. The matching scoredistribution for the best performing frequency images is depictedin Fig. 5 (dashed line).

Due to practical restrictions concerning the PCBs manufacture,only one of the reconstructed images (corresponding to the bestperforming frequency) from each ISO template has been convertedinto a gummy finger. In spite of this strategy, the results obtainedin the evaluation are in no case optimistically biased, as they arealways lower bound to those that would be achieved in a real at-tack scenario (where the intruder would try to access the systemwith the fake fingers corresponding to the three ridge frequencies).One sample of each of the 50 fake fingers is acquired with the Bio-metrika FX3000 sensor and matched to its corresponding genuinefingerprint, resulting in a score distribution which is depicted in

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9

Score Distributions

Threshold

GenuineImpostorRecImagesFakes

Fig. 5. Matching score distributions and selected thresholds (dotted lines).

Table 1Results of the ISO matcher evaluation. RIASR stands for Reconstructed Images AttackSuccess Rate and DASR for Direct Attack Success Rate.

Threshold FMR (%) FNMR (%) 1-FNMR (%) RIASR (%) DASR (%)

l ¼ 0:19 1 0.08 99.92 100 98l ¼ 0:21 0.1 0.12 99.88 100 96l ¼ 0:25 0 0.17 99.83 100 90l ¼ 0:30 0 0.41 99.59 98 78l ¼ 0:35 0 1.03 98.97 92 68l ¼ 0:40 0 2.06 97.94 82 50

Fig. 4. Original fingerprints (left). Reconstructed images without noise (row 1) and with noise (row 3) for decreasing ridge frequencies. The respective final fake fingerprintswithout noise (row 2), and with noise (row 4).



Fig. 5 with a thick solid line. The percentage of successful attacks(out of the total 50) for each of the thresholds considered is re-corded in the last column of Table 1.

In Fig. 5 we can observe that both score distributions (recon-structed images and fake fingerprints) are clearly tilted towardsthe genuine score distribution, which results in the high attack suc-cess rates shown in the last two columns of Table 1. Fig. 5 also high-lights a difference between the matching scores achieved with thereconstructed images and those obtained with the fake fingerprints(whose distribution is centered more to the left). This decrease inthe value of the matching scores results in a reduction in the num-ber of successful attacks for all the operating points considered (seeTable 1). This loss of efficiency of the attack will be further dis-cussed in Section 4.3 based on different quality measures.

From the results shown in Table 1 we can conclude that,although a top performing algorithm has been tested, the systemis highly vulnerable to the attack approach presented in the paper,and even for a very high-security configuration (with over 2% ofFNMR) an eventual attacker would be able to enter the system inhalf of the attempts. This rate increases to over 75% for more real-istic operating points ðFNMR < 0:5%Þ.

4.3. Quality analysis

Different quality measures were computed on the three data-sets used in the matcher evaluation (original, reconstructed, andfake fingerprint images) in order to find an explanation to the de-crease in the mean value of the scores observed in Fig. 5 of the

QE

GenuineRecImagesFakes

QLCS1


QLCS2


htgnertS-egdiRRidge-Clarity

Fig. 6. Distributions corresponding to the original (solid with crosses), reconstructed (dashed), and fake (thick solid) datasets, for the three quality measures computed.

Fig. 7. Typical examples of images that can be found in each of the datasets (real, reconstructed, and fake) used in the evaluation. The quality level corresponding to each ofthe datasets is also shown.



images acquired from the fake gummy fingers compared to thereconstructed fingerprint images.

Image quality can be assessed by measuring one or more of thefollowing properties (Alonso-Fernandez et al., 2007): ridge-strength or directionality, ridge-clarity, ridge-continuity, integrityof the ridge–valley structure, and estimated verification perfor-mance when using the image at hand. Three quality measures(computing different of the previous fingerprint properties) havebeen implemented to estimate the quality of the images comprisedin each of the datasets:

� Ridge-strength measures: Energy concentration in the powerspectrum ðQ EÞ (Chen et al., 2005, 2006). It is computed using aset of bandpass filters in order to extract the energy in each fre-quency band.

� Ridge-clarity measures: Local Clarity Score (Q LCS1 and Q LCS2)(Chen et al., 2004). The sinusoidal-shaped wave that modelsridges and valleys (Hong et al., 1998) is used to segment ridgeand valley regions. The clarity is then defined as the overlappingarea of the gray level distributions of segmented ridges and val-leys. The sinusoidal-shaped wave cannot be extracted reliably,specially in bad quality regions of the image. The quality mea-sure Q LCS1 discards these regions, therefore being an optimisticmeasure of quality. This is compensated with Q LCS2, which doesnot discard these regions.

In Fig. 6 we show the quality distributions of the images belong-ing to each of the three datasets (original genuine fingerprintimages, reconstructed, and fake), for the three quality measurescomputed. We can observe that, regardless of the image propertymeasured (ridge-strength or ridge-clarity), the lowest quality cor-responds to the original fingerprint images, the highest to thereconstructed images, and an intermediate quality level is pre-sented by the fake fingerprint samples.

This is an expected result as the reconstructed images representperfectly clean fingerprints (with no noise or distortions), while themanufacturing process introduces some noise in the gummy fin-gers generated from these images (which entails a slight decreaseof the images quality). On the other hand, real fingerprints presenta high degree of degradation (dry or wet fingers, marks or scars,dirt, etc.) which produces lower quality levels. These three qualitylevels can be observed in Fig. 7 where four real fingerprints used inthe experiments (top row), together with their associated recon-structed images (middle row), and the fake samples (bottomrow) are shown.

It has already been proven in several works that lower qualitysamples imply lower performance (Alonso-Fernandez et al.,2007; Fierrez et al., 2006), so the decrease in the quality level be-tween the reconstructed images and the fake samples (observedin Fig. 6), explains that the scores reached by the latter are in gen-eral lower than those produced by the clean reconstructed images.Hence, this quality decrease is directly linked to the loss of effi-ciency of the attack presented in Table 1 (between the case inwhich it is carried out with the clean reconstructed images, andthe case in which the gummy fingers are used).

5. Conclusions

In the present work we have performed a consistent and sys-tematic evaluation of a fingerprint based recognition systemusing fake fingers generated from the compromised template ofa genuine user. The vulnerability evaluation was carried out ona highly competitive ISO minutiae-based matcher using a stan-dard and publicly available fingerprint database (Fierrez et al.,2007).

The results obtained, supported on a quality analysis of the fin-gerprint images, prove the suitability of the technique and the lackof robustness of automated minutiae-based recognition systemsagainst this type of attack. The fact that these direct attacks are car-ried out starting from the compromised minutiae template of auser and not from a recovered latent fingerprint, reinforces theidea that such a reverse engineering process (i.e. recovering the fin-gerprint from its minutiae information) is completely feasible, thusdisproving the widespread belief of non-reversibility of fingerprinttemplates.

Furthermore, the study raises a key vulnerability issue aboutthe usage of standards. It is unquestionable the convenience ofstandards in terms of the systems interoperability and the devel-opment of the biometric technology. However, we cannot forgetthat standards also provide very valuable information about thesystem functioning (e.g. format in which the templates are stored)which can be used to carry out attacks such as the one evaluated inthe present contribution if a user’s template is compromised.

When designing a system this fact should be taken into accountin order to include countermeasures (e.g. specific protection fortemplates (Ratha et al., 2007; Clancy et al., 2003), or liveness detec-tion approaches (Antonelli et al., 2006; Tan and Schuckers, 2006))which enable the use of available standards while reducing thesystem’s vulnerabilities.

Acknowledgments

This work was supported by the TEC2006-13141-C03-03 pro-ject of the Spanish National Plan for Research, Development andInnovation. J.G. is supported by a FPU Fellowship from the SpanishMEC. J.F. postdoctoral research is supported by a Marie Curie Fel-lowship from the European Commission. J.G. would also like tothank the Biometric Systems Laboratory – DEIS for hosting himduring the development of the present research work.

References

Adler, A., 2003. Sample images can be independently restored from face recognitiontemplates. In: Proc. CCECE, vol. 2, pp. 1163–1166.

Alonso-Fernandez, F., Fierrez, J., Ortega-Garcia, J., Gonzalez-Rodriguez, J., Fronthaler,H., Kollreider, K., Bigun, J., 2007. A comparative study of fingerprint imagequality estimation methods. IEEE Trans. Inform. Forensics Security 2, 734–743.

ANSI X9.84, 2001. Biometric Information Management and Security.Antonelli, A., Cappelli, R., Maio, D., Maltoni, D., 2006. Fake finger detection by skin

distortion analysis. IEEE Trans. IFS 1, 360–373.BEM, 2002. Biometric Evaluation Methodology, V1.0.Cappelli, R., 2003. Handbook of Fingerprint Recognition. Synthetic Fingerprint

Generation. Springer. pp. 203–231.Cappelli, R., Lumini, A., Maio, D., Maltoni, D., 2006. Can fingerprints be reconstructed

from iso templates? In: Proc. ICARCV, pp. 191–196.Cappelli, R., Lumin, A., Maio, D., Maltoni, D., 2007a. Evaluating minutiae template

vulnerability to masquerade attack. In: Proc. IEEE AutoID, pp. 174–179.Cappelli, R., Lumini, A., Maio, D., Maltoni, D., 2007b. Fingerprint image

reconstruction from standard templates. IEEE Trans. PAMI 29, 1489–1503.CC, 2006. Common Criteria for Information Technology Security Evaluation, V3.1.Chen, T.P., Jiang, X., Yau, W.Y., 2004. Fingerprint image quality analysis. In: Proc.

Internat. Conf. on Image Processing, ICIP, vol. 2, pp. 1253–1256.Chen, Y., Dass, S., Jain, A.K., 2005. Fingerprint quality indices for predicting

authentication performance. In: Proc. Internat. Conf. on Audio- and Video-Based Biometric Person Authentication, AVBPA. LNCS, vol. 3546. Springer, pp.160–170.

Clancy, T.C., Kiyavash, N., Lin, D.J., 2003. Secure smartcard-based fingerprintauthentication. In: Proc. ACMSIGMM, pp. 45–52.

Fierrez, J., Chen, Y., Ortega-Garcia, J., Jain, A.K., 2006. Incorporating image quality inmulti-algorithm fingerprint verification. In: Proc. IAPR Internat. Conf. onBiometrics, ICB. LNCS, vol. 383. Springer, pp. 213–220.

Fierrez, J., Ortega-Garcia, J., Torre-Toledano, D., Gonzalez-Rodriguez, J., 2007. Biosecbaseline corpus: A multimodal biometric database. Pattern Recognition 40,1389–1392.

FVC, 2006. Fingerprint Verification Competition. <http://bias.csr.unibo.it/fvc2006>.Galbally, J., Fierrez, J., Rodriguez-Gonzalez, J.D., Alonso-Fernandez, F., Ortega-Garcia,

J., Tapiador, M., 2006. On the vulnerability of fingerprint verification systems tofake fingerprint attacks. In: Proc. IEEE ICCST, vol. 1, pp. 130–136.

Galbally, J., Cappelli, R., Lumini, A., Maltoni, D., Fierrez, J., 2008. Fake fingertipgeneration from a minutiae template. In: Proc. ICPR. IEEE Press, pp. 1–4.



Hill, C.J., 2001. Risk of Masquerade Arising from the Storage of Biometrics, B.S.Thesis. Autralian National University.

Hong, L., Wan, Y., Jain, A.K., 1998. Fingerprint imagen enhancement: Algorithm andperformance evaluation. IEEE Trans. Pattern Anal. Machine Intell. 20, 777–789.

ILO SID-0002, 2006. Finger Minutiae-Based Biometric Profile for Seafarers IdentityDocuments. Intl Labour Organization.

ISO/IEC 19794-2, 2005. Information Technology – Biometric Data InterchangeFormats – Part 2: Finger Minutiae Data.

Jain, A.K., Ross, A., Pankanti, S., 2006. Biometrics: A tool for information security.IEEE Trans. IFS 1 (2), 125–143.

Kang, H., Lee, B., Kim, H., Shin, D., Kim, J., 2003. A study on performance evaluationof the liveness detection for various fingerprint sensor modules. In: Proc. KES.LNAI, vol. 2774. Springer, pp. 1245–1253.

Maio, D., Maltoni, D., Cappelli, R., Wayman, J.L., Jain, A.K., 2002. FVC2002: Secondfingerprint verification competition. In: Proc. ICPR. IEEE Press, pp. 811–814.

Martinez-Diaz, M., Fierrez, J., Alonso-Fernandez, F., Ortega-Garcia, J., Siguenza, J.A.,2006. Hill-climbing and brute force attacks on biometric systems: A case studyin match-on-card fingerprint verification. In: Proc. IEEE ICCST, vol. 1, pp. 151–159.

Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, H., 2002. Impact of artificialgummy fingers on fingerprint systems. In: Proc. SPIE, vol. 4677, pp. 275–289.

NIST Special Publication 800-76, 2005. Biometric Data Specification for PersonalIdentity Verification, February 2005.

Ratha, N., Connell, J., Bolle, R., 2001. An analysis of minutiae matching strength. In:Proc. AVBPA. LNCS, vol. 2091. Springer, pp. 223–228.

Ratha, N.K., Chikkerur, S., Connell, J.H., Bolle, R.M., 2007. Generating cancelablefingerprint templates. IEEE Trans. PAMI 29, 561–572.

Ross, A., Shah, J., Jain, A.K., 2007. From template to image: Reconstructingfingerprints from minutiae points. IEEE Trans. PAMI 29, 544–560.

Schneier, B., 1999. The uses and abuses of biometrics. Comm. ACM 48, 136.Soutar, C., Gilroy, R., Stoianov, A., 1999. Biometric system performance and security.

In: Proc. IEEE AIAT.Tan, B., Schuckers, S., 2006. Comparison of ridge- and intensity-based perspiration

liveness detection methods in fingerprint scanners. In: Proc. SPIE, vol. 6202(Sect. 62020A).

Thalheim, L., Krissler, J., 2002. Body Check: Biometric Access Protection Devices andtheir Programs Put to the Test. ct Magazine, pp. 114–121.

Uludag, U., Jain, A.K., 2004. Attacks on biometric systems: A case study infingerprints. In: Proc. SPIE, vol. 5306, pp. 622–633.

van der Putte, T., Keuning, J., 2000. Biometrical fingerprint recognition: Don’t getyour fingers burned. In: Proc. IFIP, pp. 289–303.

Vizcaya, P., Gerhardt, L., 1996. A nonlinear orientation model for global descriptionof fingerprints. Pattern Recognition 29, 1221–1231.

Wayman, J., Jain, A.K., Maltoni, D., Maio, D., 2005. Biometric Systems. Technology,Design and Performance Evaluation. Springer.
