Rosalia D'Alessandro

User Authentication based on Face Recognition with Support Vector Machines

The present paper proposes an authentication scheme which relies on face biometrics and one-class Support Vector Machines. The proposed recognition procedures are based on both a global approach and on a combination of a global and a component-based approaches. Two different features extraction methods and three light compensation algorithms are tested. The combined system outperforms the global system and yields a significant performance enhancement with respect to the prior results obtained with the one-class Support Vector Machines approach for face recognition.

SC@CCO: a Graphic-Based Authentication System

At the present time, phishing attacks are more and more sophisticated and they continue to be an issue, especially for financial institutes. The most common defense mechanisms used today are effective if the phishing attack is passive, while completely useless in the case of active phishing attacks. To face both threats, we propose SC@CCO, an innovative system combining the security of challenge-response and two factor authentication mechanisms. SC@CCO uses an untrustworthy terminal, such as a shared computer, and an insecure channel, such as the Internet, to carry a graphic challenge from which a trusted mobile terminal computes the expected authentication response. The latter is shown to the user and subsequently submitted to the server, along with a personal identification number, in order to complete the authentication. The graphic challenge is obtained by encoding a challenge into a bi-dimensional barcode image. The trusted mobile terminal of the user must be equipped with a common digital camera and an appropriate client application. In the present approach, the personal mobile device plays the role of a security token able to authenticate, on one hand, who is issuing a transaction, and, on the other hand, the transaction data, with the advantage that the user does not have to install devices and/or software on an untrustworthy computer.