學(xué)術(shù)論文讀后感

1、.論文讀后感我讀的論文題目是Progressive authentication: deciding when to authenticate on mobile phones，這是一篇由中國計算機學(xué)會推薦的國際學(xué)術(shù)會議和期刊論文，發(fā)表在USENIX會議上。該篇論文綜合論述了近年來手機驗證領(lǐng)域的一些新發(fā)展，并對當(dāng)前手機認證方法的安全性和方便性問題提出了自己的看法和觀點。論文中指出傳統(tǒng)的驗證方法并不符合大部分手機用戶的需要，只用更加智能化的手段才是未來手機行業(yè)的發(fā)展趨勢。該論文觀點鮮明，論證清晰有力，論據(jù)充分可靠，數(shù)據(jù)準確，資料詳實，文獻綜述豐富而規(guī)范，其中論文關(guān)于手機安全驗證的方方面面都具有相

2、當(dāng)高的新的見解。下面簡單介紹如下：一、安全性和可用性論文對當(dāng)前使用手機人群的滿意度進行了詳細的調(diào)查分析，發(fā)現(xiàn)有超過60%的手機用戶不會再手機上使用PIN。這種現(xiàn)象一方面是由于用戶覺得該驗證方法過于麻煩，另一方面也說明用戶對自身手機的安全性缺乏正確的認識。文中提到“All-or-nothing”的驗證方式，即或者全部驗證，或者全部不驗證，這也正是當(dāng)前大多數(shù)手機的驗證方法，該方式也不能滿足人們對安全性和可用性的需求。本文提到的驗證技術(shù)對手機行業(yè)來說并不是一種新的驗證方法，而是綜合分析當(dāng)前所有的驗證方式后得到的一個結(jié)論：何時驗證以及對何種應(yīng)用進行驗證。這正是該篇論文的意義所在，希望可以對手機驗證技術(shù)

3、有一個很好的指導(dǎo)作用。在保證安全性的基礎(chǔ)上，盡可能的使用戶方便使用，這不僅是手機行業(yè)未來的發(fā)展方向，也應(yīng)該是所有其他行業(yè)的發(fā)展趨勢，因此也可以相應(yīng)的借鑒該論文中的觀點和理論。二、多層驗證在文中，提到了多層驗證的概念，即對于不同的手機應(yīng)用，提供不同的驗證級別。例如：對于游戲、天氣等應(yīng)用來說，可以對所有人進行開放，只要拿到手機就可以打開這些應(yīng)用，也不會對手機所有者造成經(jīng)濟損失；對于短信、郵件等這些涉及個人隱私的應(yīng)用，則應(yīng)該設(shè)為私有的，當(dāng)需要使用時，需要進行一部分的驗證；而對于銀行賬戶等涉及安全和財產(chǎn)方面的應(yīng)用時，則應(yīng)該給予最大的保密權(quán)限。對于不同的驗證級別，每一個使用該手機的用戶的權(quán)限都是不太相同

4、的。手機所有者在被系統(tǒng)識別為可信之后，可以方便的使用系統(tǒng)中所有或者大部分的手機應(yīng)用，而無需進行驗證。對于那些初次使用手機的人來說，系統(tǒng)并不能識別他們的可信度，因此只能使用公開的手機應(yīng)用，如果想要打開私有的或保密的應(yīng)用，則需要其他的驗證方法。該方案的提出在滿足安全性的基礎(chǔ)上，可以大幅度方便用戶的操作，已經(jīng)超越了原有的“All-or-nothing”驗證方式。三、實驗結(jié)果論文對提出的理論進行了相應(yīng)的實驗。該實驗的基本原理是在手機上安裝多種類型的傳感器，用于采集可信用戶的各種數(shù)據(jù)。例如：溫度傳感器可以采集用戶的體溫；聲音傳感器可以再用戶打電話時逐步采集用戶的聲音特征；視頻傳感器可以采集到用戶的生理特

5、征等等。另外，文中還提到了一種新型的驗證方式，即設(shè)備間的驗證。在用戶的多個電子設(shè)備（如PC、Pad和手機）中通過藍牙建立連接，當(dāng)手機在使用時，可以自動的檢測周圍是否存在這些已經(jīng)連接的設(shè)備。如果系統(tǒng)發(fā)現(xiàn)無法連接到其他設(shè)備時，將會提高手機的安全級別，用戶需要使用涉及隱私的手機應(yīng)用時，將會需要更多的身份驗證。實驗的目標(biāo)有以下四點：1、減少驗證開銷2、尋找安全性和便利性的折中3、對模型的安全性進行高低不同的推理邏輯4、很少的能量消耗。在安全性和便利性方面，文中提到了FR（False Rejection）和FA（False Authentication）兩個概念，即概率統(tǒng)計中“棄真”和“納假”。FR表示

6、一個合法的用戶被不正確的要求身份驗證的概率，而FA表示一個不合法的用戶沒有被驗證的概率。在實驗中，作者自定義了一個變量R，當(dāng)R越高時，表明用戶需要更高的便利性，這也會導(dǎo)致更多的FA；當(dāng)R越低時，表明用戶需要更高的安全性，這也會導(dǎo)致更多的FR。論文通過實驗最終證明該驗證技術(shù)可以滿足用戶安全性和便利性的需求。對于銀行賬戶等安全性級別要求高的應(yīng)用來說，F(xiàn)A的比率一直為0，即絕不會出現(xiàn)非法用戶不經(jīng)過驗證即使用這些應(yīng)用的情況；而FR的比率一直在96%以上，即對于一個合法用戶，隨著R的升高，被錯誤的要求驗證的概率并沒有明顯的降低。在論文最后，用實際的數(shù)據(jù)表明該技術(shù)消耗的能量很低，在可以接受的范圍之內(nèi)，這也

7、為該技術(shù)的可行性研究提供了良好的基礎(chǔ)。讀過該論文后，使我不僅了解了手機驗證領(lǐng)域的一些知識，而且也學(xué)習(xí)到了一篇經(jīng)典論文的脈絡(luò)結(jié)構(gòu)應(yīng)該如何組織。這兩篇論文的結(jié)構(gòu)嚴謹，層次分明，采用了遞進式的分析結(jié)構(gòu)，邏輯性強，文筆流暢，表達清晰，重點突出。文章格式相當(dāng)?shù)姆蠈W(xué)術(shù)規(guī)范，反映了作者很強的科研能力。另外，通過讀這篇論文，也使我認識和體會到了以下幾點：1、一切事物的發(fā)展都是循序漸進的，手機行業(yè)發(fā)展到今天已經(jīng)相當(dāng)?shù)妮x煌。但是伴隨著事物的發(fā)展也會相應(yīng)的提出一系列新的問題，我們要在遵循客觀規(guī)律的基礎(chǔ)上突出人的主觀能動性，而不要想著一蹴而就。2、科研的道路是曲折的，但前途是光明的。3、任何技術(shù)都有其優(yōu)點和缺點。在

8、論文中提到了很多新興的手機驗證技術(shù)，這些技術(shù)都各有所長，但卻都不是完美的。我們只有正視這些缺點，取長補短，才能促進手機驗證領(lǐng)域的更好更快發(fā)展。4、手機驗證行業(yè)的價值。手機產(chǎn)業(yè)的高速發(fā)展，帶來了驗證技術(shù)的空前繁榮，但危害手機安全性的事件也在不斷發(fā)送，手機安全驗證的形勢是嚴峻的。我們應(yīng)該從人的角度出發(fā)，以人為本，只有如此才能設(shè)計出更好的產(chǎn)品供用戶使用?？傊?，正如一句名言所說：讀一本好書就像和一個高尚的人說話。我相信站在巨人的肩膀上才能有更高的成就，我以后要多讀書，讀好書，不斷提高科研水平和自身修養(yǎng)，盡量為中國的科研事業(yè)做出自己力所能及的貢獻。 The bookI read the title of

9、 the paper is the progressive authentication: deciding when to authenticate on mobile phones , this is a recommended by the China Computer Federation International Academic Conference and journal papers, published in the USENIX conference.This paper comprehensively discusses some new developments in

10、 the field of mobile phone authentication in recent years, and puts forward its own views and perspectives on the security and convenience of the current mobile phone authentication methods. The paper points out that the traditional verification methods are not in line with the needs of most mobile

11、phone users, only a more intelligent means is the future development trend of the mobile phone industry. The viewpoint is bright, argument is clear and strong, argument is sufficient and reliable, data is accurate, detailed information, literature review rich and normative, which the party about cel

12、l phone safety verification has quite high new insights. The following brief introduction is as follows:First, security and availabilityIn this paper, the current use of mobile phone population satisfaction conducted a detailed investigation and analysis, found that more than 60% of the mobile phone

13、 users will not use PIN. One aspect of this phenomenon is that users feel that the verification method is too cumbersome, on the other hand also shows that users of their mobile phone security is the lack of correct understanding. This paper referred to the All-or-nothing verification, namely all va

14、lidation, or are not verified, this also is is most of the current mobile phone verification method and the way it does not meet the peoples demand on security and usability.Verification techniques mentioned in this article for the mobile phone industry and not a new verification method, but a compr

15、ehensive analysis of all current methods of verification of a conclusion: when the validation and on which application for verification. This is the significance of this paper, I hope you can have a good guide for mobile phone authentication technology. In order to ensure the safety based on, as far

16、 as possible to make it easier for users to use. This is not only mobile phone industry in the future direction of development, should also be the development trend of all other industries, could therefore be the corresponding reference to the ideas and theories.Two, multilayer verificationIn this p

17、aper, the concept of multi tier verification is mentioned, that is, to provide different authentication level for different mobile applications. For example: for applications such as games and weather can be open to everyone, as long as you get the phone can open these applications, not on the phone

18、 owner caused economic losses; for text messages, phone, mail, etc. These involves the application of personal privacy, should be set as part of the validation for private, when need to use and need, and for bank accounts and relates to the application of security and property, should give the utmos

19、t confidentiality permissions.For different authentication levels, each users permission to use the phone is not the same. When the mobile phone owner is trusted by the system, it is easy to use all or most of the mobile phone applications in the system. For the first time using a cell phone, the sy

20、stem can not identify their credibility, so only use public mobile application, if you want to open a private or confidential application, you need to other verification methods.On the basis of the security of the proposed scheme, it can greatly facilitate the users operation, has gone beyond the or

21、iginal All-or-nothing verification method.Three, the results of the experimentIn this paper, the corresponding experiments are carried out. The basic principle of the experiment is to install a variety of types of sensors on the phone, used to collect a variety of data trusted users. For example: th

22、e temperature sensor can collect the users temperature; the sound sensor can be used to collect the users voice gradually when the user calls, the video sensor can collect the users physiological characteristics and so on. In addition, the paper also mentions a new type of verification, which is the

23、 verification of equipment. In the users multiple electronic devices (such as PC, Pad and mobile phones) in the establishment of a Bluetooth connection, when the phone is in use, you can automatically detect the presence of these are connected to the surrounding equipment. If the system finds that i

24、t is unable to connect to other devices, it will improve the security level of the phone, users need to use mobile applications involving privacy, you will need more authentication.The goal of the experiment is the following four points: 1, reduce the verification cost 2, find the security and conve

25、nience of the compromise 3, the security of the model to the level of different reasoning logic 4, little energy consumption. In terms of safety and convenience, the article referred to the FR (Rejection False) and FA (Authentication False) two concepts, that is, the probability of Statistics abandon true and false. FR indicates that a legitimate user is not req