學(xué)術(shù)論文讀后感.docx

1、論文讀后感我讀的論文題目是Progressive authentication: deciding when to authenticate on mobile phones，這是一篇由中國(guó)計(jì)算機(jī)學(xué)會(huì)推薦的國(guó)際學(xué)術(shù)會(huì)議和期刊論文，發(fā)表在USENIX會(huì)議上。該篇論文綜合論述了近年來(lái)手機(jī)驗(yàn)證領(lǐng)域的一些新發(fā)展，并對(duì)當(dāng)前手機(jī)認(rèn)證方法的安全性和方便性問(wèn)題提出了自己的看法和觀點(diǎn)。論文中指出傳統(tǒng)的驗(yàn)證方法并不符合大部分手機(jī)用戶(hù)的需要，只用更加智能化的手段才是未來(lái)手機(jī)行業(yè)的發(fā)展趨勢(shì)。該論文觀點(diǎn)鮮明，論證清晰有力，論據(jù)充分可靠，數(shù)據(jù)準(zhǔn)確，資料詳實(shí)，文獻(xiàn)綜述豐富而規(guī)范，其中論文關(guān)于手機(jī)安全驗(yàn)證的方方面面都具有相當(dāng)

2、高的新的見(jiàn)解。下面簡(jiǎn)單介紹如下：一、安全性和可用性論文對(duì)當(dāng)前使用手機(jī)人群的滿(mǎn)意度進(jìn)行了詳細(xì)的調(diào)查分析，發(fā)現(xiàn)有超過(guò)60%的手機(jī)用戶(hù)不會(huì)再手機(jī)上使用PIN。這種現(xiàn)象一方面是由于用戶(hù)覺(jué)得該驗(yàn)證方法過(guò)于麻煩，另一方面也說(shuō)明用戶(hù)對(duì)自身手機(jī)的安全性缺乏正確的認(rèn)識(shí)。文中提到“All-or-nothing”的驗(yàn)證方式，即或者全部驗(yàn)證，或者全部不驗(yàn)證，這也正是當(dāng)前大多數(shù)手機(jī)的驗(yàn)證方法，該方式也不能滿(mǎn)足人們對(duì)安全性和可用性的需求。本文提到的驗(yàn)證技術(shù)對(duì)手機(jī)行業(yè)來(lái)說(shuō)并不是一種新的驗(yàn)證方法，而是綜合分析當(dāng)前所有的驗(yàn)證方式后得到的一個(gè)結(jié)論：何時(shí)驗(yàn)證以及對(duì)何種應(yīng)用進(jìn)行驗(yàn)證。這正是該篇論文的意義所在，希望可以對(duì)手機(jī)驗(yàn)證技術(shù)有

3、一個(gè)很好的指導(dǎo)作用。在保證安全性的基礎(chǔ)上，盡可能的使用戶(hù)方便使用，這不僅是手機(jī)行業(yè)未來(lái)的發(fā)展方向，也應(yīng)該是所有其他行業(yè)的發(fā)展趨勢(shì)，因此也可以相應(yīng)的借鑒該論文中的觀點(diǎn)和理論。二、多層驗(yàn)證在文中，提到了多層驗(yàn)證的概念，即對(duì)于不同的手機(jī)應(yīng)用，提供不同的驗(yàn)證級(jí)別。例如：對(duì)于游戲、天氣等應(yīng)用來(lái)說(shuō)，可以對(duì)所有人進(jìn)行開(kāi)放，只要拿到手機(jī)就可以打開(kāi)這些應(yīng)用，也不會(huì)對(duì)手機(jī)所有者造成經(jīng)濟(jì)損失；對(duì)于短信、電話(huà)、郵件等這些涉及個(gè)人隱私的應(yīng)用，則應(yīng)該設(shè)為私有的，當(dāng)需要使用時(shí)，需要進(jìn)行一部分的驗(yàn)證；而對(duì)于銀行賬戶(hù)等涉及安全和財(cái)產(chǎn)方面的應(yīng)用時(shí)，則應(yīng)該給予最大的保密權(quán)限。對(duì)于不同的驗(yàn)證級(jí)別，每一個(gè)使用該手機(jī)的用戶(hù)的權(quán)限都是不太

4、相同的。手機(jī)所有者在被系統(tǒng)識(shí)別為可信之后，可以方便的使用系統(tǒng)中所有或者大部分的手機(jī)應(yīng)用，而無(wú)需進(jìn)行驗(yàn)證。對(duì)于那些初次使用手機(jī)的人來(lái)說(shuō)，系統(tǒng)并不能識(shí)別他們的可信度，因此只能使用公開(kāi)的手機(jī)應(yīng)用，如果想要打開(kāi)私有的或保密的應(yīng)用，則需要其他的驗(yàn)證方法。該方案的提出在滿(mǎn)足安全性的基礎(chǔ)上，可以大幅度方便用戶(hù)的操作，已經(jīng)超越了原有的“All-or-nothing”驗(yàn)證方式。三、實(shí)驗(yàn)結(jié)果論文對(duì)提出的理論進(jìn)行了相應(yīng)的實(shí)驗(yàn)。該實(shí)驗(yàn)的基本原理是在手機(jī)上安裝多種類(lèi)型的傳感器，用于采集可信用戶(hù)的各種數(shù)據(jù)。例如：溫度傳感器可以采集用戶(hù)的體溫；聲音傳感器可以再用戶(hù)打電話(huà)時(shí)逐步采集用戶(hù)的聲音特征；視頻傳感器可以采集到用戶(hù)的生

5、理特征等等。另外，文中還提到了一種新型的驗(yàn)證方式，即設(shè)備間的驗(yàn)證。在用戶(hù)的多個(gè)電子設(shè)備（如PC、Pad和手機(jī)）中通過(guò)藍(lán)牙建立連接，當(dāng)手機(jī)在使用時(shí)，可以自動(dòng)的檢測(cè)周?chē)欠翊嬖谶@些已經(jīng)連接的設(shè)備。如果系統(tǒng)發(fā)現(xiàn)無(wú)法連接到其他設(shè)備時(shí)，將會(huì)提高手機(jī)的安全級(jí)別，用戶(hù)需要使用涉及隱私的手機(jī)應(yīng)用時(shí)，將會(huì)需要更多的身份驗(yàn)證。實(shí)驗(yàn)的目標(biāo)有以下四點(diǎn)：1、減少驗(yàn)證開(kāi)銷(xiāo)2、尋找安全性和便利性的折中3、對(duì)模型的安全性進(jìn)行高低不同的推理邏輯4、很少的能量消耗。在安全性和便利性方面，文中提到了FR（False Rejection）和FA（False Authentication）兩個(gè)概念，即概率統(tǒng)計(jì)中“棄真”和“納假”。FR

6、表示一個(gè)合法的用戶(hù)被不正確的要求身份驗(yàn)證的概率，而FA表示一個(gè)不合法的用戶(hù)沒(méi)有被驗(yàn)證的概率。在實(shí)驗(yàn)中，作者自定義了一個(gè)變量R，當(dāng)R越高時(shí)，表明用戶(hù)需要更高的便利性，這也會(huì)導(dǎo)致更多的FA；當(dāng)R越低時(shí)，表明用戶(hù)需要更高的安全性，這也會(huì)導(dǎo)致更多的FR。論文通過(guò)實(shí)驗(yàn)最終證明該驗(yàn)證技術(shù)可以滿(mǎn)足用戶(hù)安全性和便利性的需求。對(duì)于銀行賬戶(hù)等安全性級(jí)別要求高的應(yīng)用來(lái)說(shuō)，F(xiàn)A的比率一直為0，即絕不會(huì)出現(xiàn)非法用戶(hù)不經(jīng)過(guò)驗(yàn)證即使用這些應(yīng)用的情況；而FR的比率一直在96%以上，即對(duì)于一個(gè)合法用戶(hù)，隨著R的升高，被錯(cuò)誤的要求驗(yàn)證的概率并沒(méi)有明顯的降低。在論文最后，用實(shí)際的數(shù)據(jù)表明該技術(shù)消耗的能量很低，在可以接受的范圍之內(nèi)，

7、這也為該技術(shù)的可行性研究提供了良好的基礎(chǔ)。讀過(guò)該論文后，使我不僅了解了手機(jī)驗(yàn)證領(lǐng)域的一些知識(shí)，而且也學(xué)習(xí)到了一篇經(jīng)典論文的脈絡(luò)結(jié)構(gòu)應(yīng)該如何組織。這兩篇論文的結(jié)構(gòu)嚴(yán)謹(jǐn)，層次分明，采用了遞進(jìn)式的分析結(jié)構(gòu)，邏輯性強(qiáng)，文筆流暢，表達(dá)清晰，重點(diǎn)突出。文章格式相當(dāng)?shù)姆蠈W(xué)術(shù)規(guī)范，反映了作者很強(qiáng)的科研能力。另外，通過(guò)讀這篇論文，也使我認(rèn)識(shí)和體會(huì)到了以下幾點(diǎn)：1、一切事物的發(fā)展都是循序漸進(jìn)的，手機(jī)行業(yè)發(fā)展到今天已經(jīng)相當(dāng)?shù)妮x煌。但是伴隨著事物的發(fā)展也會(huì)相應(yīng)的提出一系列新的問(wèn)題，我們要在遵循客觀規(guī)律的基礎(chǔ)上突出人的主觀能動(dòng)性，而不要想著一蹴而就。2、科研的道路是曲折的，但前途是光明的。3、任何技術(shù)都有其優(yōu)點(diǎn)和缺點(diǎn)

8、。在論文中提到了很多新興的手機(jī)驗(yàn)證技術(shù)，這些技術(shù)都各有所長(zhǎng)，但卻都不是完美的。我們只有正視這些缺點(diǎn)，取長(zhǎng)補(bǔ)短，才能促進(jìn)手機(jī)驗(yàn)證領(lǐng)域的更好更快發(fā)展。4、手機(jī)驗(yàn)證行業(yè)的價(jià)值。手機(jī)產(chǎn)業(yè)的高速發(fā)展，帶來(lái)了驗(yàn)證技術(shù)的空前繁榮，但危害手機(jī)安全性的事件也在不斷發(fā)送，手機(jī)安全驗(yàn)證的形勢(shì)是嚴(yán)峻的。我們應(yīng)該從人的角度出發(fā)，以人為本，只有如此才能設(shè)計(jì)出更好的產(chǎn)品供用戶(hù)使用?？傊缫痪涿运f(shuō)：讀一本好書(shū)就像和一個(gè)高尚的人說(shuō)話(huà)。我相信站在巨人的肩膀上才能有更高的成就，我以后要多讀書(shū)，讀好書(shū)，不斷提高科研水平和自身修養(yǎng)，盡量為中國(guó)的科研事業(yè)做出自己力所能及的貢獻(xiàn)。 The bookI read the title

9、of the paper is the progressive authentication: deciding when to authenticate on mobile phones , this is a recommended by the China Computer Federation International Academic Conference and journal papers, published in the USENIX conference.This paper comprehensively discusses some new developments

10、in the field of mobile phone authentication in recent years, and puts forward its own views and perspectives on the security and convenience of the current mobile phone authentication methods. The paper points out that the traditional verification methods are not in line with the needs of most mobil

11、e phone users, only a more intelligent means is the future development trend of the mobile phone industry. The viewpoint is bright, argument is clear and strong, argument is sufficient and reliable, data is accurate, detailed information, literature review rich and normative, which the party about c

12、ell phone safety verification has quite high new insights. The following brief introduction is as follows:First, security and availabilityIn this paper, the current use of mobile phone population satisfaction conducted a detailed investigation and analysis, found that more than 60% of the mobile pho

13、ne users will not use PIN. One aspect of this phenomenon is that users feel that the verification method is too cumbersome, on the other hand also shows that users of their mobile phone security is the lack of correct understanding. This paper referred to the All-or-nothing verification, namely all

14、validation, or are not verified, this also is is most of the current mobile phone verification method and the way it does not meet the peoples demand on security and usability.Verification techniques mentioned in this article for the mobile phone industry and not a new verification method, but a com

15、prehensive analysis of all current methods of verification of a conclusion: when the validation and on which application for verification. This is the significance of this paper, I hope you can have a good guide for mobile phone authentication technology. In order to ensure the safety based on, as f

16、ar as possible to make it easier for users to use. This is not only mobile phone industry in the future direction of development, should also be the development trend of all other industries, could therefore be the corresponding reference to the ideas and theories.Two, multilayer verificationIn this

17、 paper, the concept of multi tier verification is mentioned, that is, to provide different authentication level for different mobile applications. For example: for applications such as games and weather can be open to everyone, as long as you get the phone can open these applications, not on the pho

18、ne owner caused economic losses; for text messages, phone, mail, etc. These involves the application of personal privacy, should be set as part of the validation for private, when need to use and need, and for bank accounts and relates to the application of security and property, should give the utm

19、ost confidentiality permissions.For different authentication levels, each users permission to use the phone is not the same. When the mobile phone owner is trusted by the system, it is easy to use all or most of the mobile phone applications in the system. For the first time using a cell phone, the

20、system can not identify their credibility, so only use public mobile application, if you want to open a private or confidential application, you need to other verification methods.On the basis of the security of the proposed scheme, it can greatly facilitate the users operation, has gone beyond the

21、original All-or-nothing verification method.Three, the results of the experimentIn this paper, the corresponding experiments are carried out. The basic principle of the experiment is to install a variety of types of sensors on the phone, used to collect a variety of data trusted users. For example:

22、the temperature sensor can collect the users temperature; the sound sensor can be used to collect the users voice gradually when the user calls, the video sensor can collect the users physiological characteristics and so on. In addition, the paper also mentions a new type of verification, which is t

23、he verification of equipment. In the users multiple electronic devices (such as PC, Pad and mobile phones) in the establishment of a Bluetooth connection, when the phone is in use, you can automatically detect the presence of these are connected to the surrounding equipment. If the system finds that

24、 it is unable to connect to other devices, it will improve the security level of the phone, users need to use mobile applications involving privacy, you will need more authentication.The goal of the experiment is the following four points: 1, reduce the verification cost 2, find the security and con

25、venience of the compromise 3, the security of the model to the level of different reasoning logic 4, little energy consumption. In terms of safety and convenience, the article referred to the FR (Rejection False) and FA (Authentication False) two concepts, that is, the probability of Statistics abandon true and false. FR indicates that a legitimate user is not r