学术论文读后感

《学术论文读后感》由会员分享，可在线阅读，更多相关《学术论文读后感（5页珍藏版）》请在装配图网上搜索。

1、论文读后感我读的论文题目是Progressive authentication: deciding when to authenticate on mobile phones，这是一篇由中国计算机学会推荐的国际学术会议和期刊论文，发表 在USENIX会议上该篇论文综合论述了近年来手机验证领域的一些新发展，并对当前手机认证方法的安全 性和方便性问题提出了自己的看法和观点。论文中指出传统的验证方法并不符合大部分手机 用户的需要，只用更加智能化的手段才是未来手机行业的发展趋势。该论文观点鲜明，论证 清晰有力，论据充分可靠，数据准确，资料详实，文献综述丰富而规，其中论文关于手机安 全验证的方方面面都具

2、有相当高的新的见解。下面简单介绍如下：一、安全性和可用性论文对当前使用手机人群的满意度进行了详细的调查分析，发现有超过60%的手机用 户不会再手机上使用PIN。这种现象一方面是由于用户觉得该验证方法过于麻烦，另一方面 也说明用户对自身手机的安全性缺乏正确的认识。文中提到“All-or-nothing”的验证方式， 即或者全部验证，或者全部不验证，这也正是当前大多数手机的验证方法，该方式也不能满 足人们对安全性和可用性的需求。本文提到的验证技术对手机行业来说并不是一种新的验证方法，而是综合分析当前所有 的验证方式后得到的一个结论：何时验证以及对何种应用进行验证。这正是该篇论文的意义 所在，希望可

3、以对手机验证技术有一个很好的指导作用。在保证安全性的基础上，尽可能的 使用户方便使用，这不仅是手机行业未来的发展方向，也应该是所有其他行业的发展趋势， 因此也可以相应的借鉴该论文中的观点和理论。二、多层验证在文中，提到了多层验证的概念，即对于不同的手机应用，提供不同的验证级别。例如： 对于游戏、天气等应用来说，可以对所有人进行开放，只要拿到手机就可以打开这些应用， 也不会对手机所有者造成经济损失；对于短信、等这些涉及个人隐私的应用，则应该设为 私有的，当需要使用时，需要进行一部分的验证；而对于银行账户等涉及安全和财产方面的 应用时，则应该给予最大的权限。对于不同的验证级别，每一个使用该手机的用

4、户的权限都是不太相同的。手机所有者在 被系统识别为可信之后，可以方便的使用系统中所有或者大部分的手机应用，而无需进行验 证。对于那些初次使用手机的人来说，系统并不能识别他们的可信度，因此只能使用公开的 手机应用，如果想要打开私有的或的应用，则需要其他的验证方法。该方案的提出在满足安全性的基础上，可以大幅度方便用户的操作，已经超越了原有的 “All-or-nothing” 验证方式。三、实验结果论文对提出的理论进行了相应的实验。该实验的基本原理是在手机上安装多种类型的传 感器，用于采集可信用户的各种数据。例如：温度传感器可以采集用户的体温；声音传感器 可以再用户打时逐步采集用户的声音特征；视频传

5、感器可以采集到用户的生理特征等等。另 外，文中还提到了一种新型的验证方式，即设备间的验证。在用户的多个电子设备(如PC、 Pad和手机)过蓝牙建立连接，当手机在使用时，可以自动的检测周围是否存在这些已经 连接的设备。如果系统发现无法连接到其他设备时，将会提高手机的安全级别，用户需要使 用涉及隐私的手机应用时，将会需要更多的身份验证。实验的目标有以下四点：1、减少验证开销2、寻找安全性和便利性的折中3、对模型 的安全性进行高低不同的推理逻辑4、很少的能量消耗。在安全性和便利性方面，文中提到 了 FR(False Rejection)和 FA(False Authentication)两个概念，即

6、概率统计中“弃真” 和“纳假”。FR表示一个合法的用户被不正确的要求身份验证的概率，而FA表示一个不合 法的用户没有被验证的概率。在实验中，作者自定义了一个变量R，当R越高时，表明用户 需要更高的便利性，这也会导致更多的FA；当R越低时，表明用户需要更高的安全性，这 也会导致更多的FR。论文通过实验最终证明该验证技术可以满足用户安全性和便利性的需求。对于银行账户 等安全性级别要求高的应用来说，FA的比率一直为0，即绝不会出现非法用户不经过验证 即使用这些应用的情况；而FR的比率一直在96%以上，即对于一个合法用户，随着R的升 高，被错误的要求验证的概率并没有明显的降低。在论文最后，用实际的数据

7、表明该技术消耗的能量很低，在可以接受的围之，这也为该 技术的可行性研究提供了良好的基础。读过该论文后，使我不仅了解了手机验证领域的一些知识，而且也学习到了一篇经典论 文的脉络结构应该如何组织。这两篇论文的结构严谨，层次分明，采用了递进式的分析结构， 逻辑性强，文笔流畅，表达清晰，重点突出。文章格式相当的符合学术规，反映了作者很强 的科研能力。另外，通过读这篇论文，也使我认识和体会到了以下几点：1、一切事物的发展都是循序渐进的，手机行业发展到今天已经相当的辉煌。但是伴随 着事物的发展也会相应的提出一系列新的问题，我们要在遵循客观规律的基础上突出人的主 观能动性，而不要想着一蹴而就。2、科研的道路

8、是曲折的，但前途是光明的。3、任何技术都有其优点和缺点。在论文中提到了很多新兴的手机验证技术，这些技术 都各有所长，但却都不是完美的。我们只有正视这些缺点，取长补短，才能促进手机验证领 域的更好更快发展。4、手机验证行业的价值。手机产业的高速发展，带来了验证技术的空前繁荣，但危害 手机安全性的事件也在不断发送，手机安全验证的形势是严峻的。我们应该从人的角度出发， 以人为本，只有如此才能设计出更好的产品供用户使用。总之，正如一句名言所说：读一本好书就像和一个高尚的人说话。我相信站在巨人的肩 膀上才能有更高的成就，我以后要多读书，读好书，不断提高科研水平和自身修养，尽量为 中国的科研事业做出自己力

9、所能及的贡献。The bookI read the title of the paper is the progressive authentication: deciding when to authenticate on mobile phones , this is a recommended by the China Computer Federation International Academic Conference and journal papers, published in the USENIX conference.This paper comprehensively

10、discusses some new developments in the field of mobile phone authentication in recent years, and puts forward its own views and perspectives on the security and convenience of the current mobile phone authentication methods. The paper points out that the traditional verification methods are not in l

11、ine with the needs of most mobile phone users, only a more intelligent means is the future development trend of the mobile phone industry. The viewpoint is bright, argument is clear and strong, argument is sufficient and reliable, data is accurate, detailed information, literature review rich and no

12、rmative, which the party about cell phone safety verification has quite high new insights. The following brief introduction is as follows:First, security and availabilityIn this paper, the current use of mobile phone population satisfaction conducted a detailed investigation and analysis, found that

13、 more than 60% of the mobile phone users will not use PIN. One aspect of this phenomenon is that users feel that the verification method is too cumbersome, on the other hand also shows that users of their mobile phone security is the lack of correct understanding. This paper referred to the All-or-n

14、othing verification, namely all validation, or are not verified, this also is is most of the current mobile phone verification method and the way it does not meet the peoples demand on security and usability.Verification techniques mentioned in this article for the mobile phone industry and not a ne

15、w verification method, but a comprehensive analysis of all current methods of verification of a conclusion: when the validation and on which application for verification. This is the significance of this paper, I hope you can have a good guide for mobile phone authentication technology. In order to

16、ensure the safety based on, as far as possible to make it easier for users to use. This is not only mobile phone industry in the future direction of development, should also be the development trend of all other industries, could therefore be the corresponding reference to the ideas and theories.Two

17、, multilayer verificationIn this paper, the concept of multi tier verification is mentioned, that is, to provide different authentication level for different mobile applications. For example: for applications such as games and weather can be open to everyone, as long as you get the phone can open th

18、ese applications, not on the phone owner caused economic losses; for text messages, phone, mail, etc. These involves the application of personal privacy, should be set as part of the validation for private, when need to use and need, and for bank accounts and relates to the application of security a

19、nd property, should give the utmost confidentiality permissions.For different authentication levels, each users permission to use the phone is not the same. When the mobile phone owner is trusted by the system, it is easy to use all or most of the mobile phone applications in the system. For the fir

20、st time using a cell phone, the system can not identify their credibility, so only use public mobile application, if you want to open a private or confidential application, you need to other verification methods.On the basis of the security of the proposed scheme, it can greatly facilitate the users

21、 operation, has gone beyond the original All-or-nothing verification method.Three, the results of the experimentIn this paper, the corresponding experiments are carried out. The basic principle of the experiment is to install a variety of types of sensors on the phone, used to collect a variety of d

22、ata trusted users. For example: the temperature sensor can collect the users temperature; the sound sensor can be used to collect the users voice gradually when the user calls, the video sensor can collect the users physiological characteristics and so on. In addition, the paper also mentions a new

23、type of verification, which is the verification of equipment. In the users multiple electronic devices (such as PC, Pad and mobile phones) in the establishment of a Bluetooth connection, when the phone is in use, you can automatically detect the presence of these are connected to the surrounding equ

24、ipment. If the system finds that it is unable to connect to other devices, it will improve the security level of the phone, users need to use mobile applications involving privacy, you will need more authentication.The goal of the experiment is the following four points: 1, reduce the verification c

25、ost 2, find the security and convenience of the compromise 3, the security of the model to the level of different reasoning logic 4, little energy consumption. In terms of safety and convenience, the article referred to the FR (Rejection False) and FA (Authentication False) two concepts, that is, th

26、e probability of Statistics abandon true and false. FR indicates that a legitimate user is not required to verify the identity of the probability, while FA indicates that an illegal user does not have the probability of being verified. In the experiment, the author defines a variable R, when R is hi

27、gher, indicating that the user needs more high convenience, this will also lead to more FA; when R is low, indicating that users need higher security, which will lead to more fr.The experiment proves that the verification technology can meet the needs of users safety and convenience. For the high le

28、vel of bank accounts and security requirements of application, ratio of FA always 0 that will never come illegal users not validated using these applications; and fr ratio has been in more than 96%, namely for a legitimate user, with the increase of R, the wrong of the requirements validation probability did not significantly reduced.