版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、论文读后感我读的论文题目是Progressive authentication: deciding when to authenticate on mobile phones,这是一篇由中国计算机学会推荐的国际学术会议和期刊论文,发表在USENIX会议上。该篇论文综合论述了近年来手机验证领域的一些新发展,并对当前手机认证方法的安全性和方便性问题提出了自己的看法和观点。论文中指出传统的验证方法并不符合大部分手机用户的需要,只用更加智能化的手段才是未来手机行业的发展趋势。该论文观点鲜明,论证清晰有力,论据充分可靠,数据准确,资料详实,文献综述丰富而规范,其中论文关于手机安全验证的方方面面都具有相当
2、高的新的见解。下面简单介绍如下:一、安全性和可用性论文对当前使用手机人群的满意度进行了详细的调查分析,发现有超过60%的手机用户不会再手机上使用PIN。这种现象一方面是由于用户觉得该验证方法过于麻烦,另一方面也说明用户对自身手机的安全性缺乏正确的认识。文中提到“All-or-nothing”的验证方式,即或者全部验证,或者全部不验证,这也正是当前大多数手机的验证方法,该方式也不能满足人们对安全性和可用性的需求。本文提到的验证技术对手机行业来说并不是一种新的验证方法,而是综合分析当前所有的验证方式后得到的一个结论:何时验证以及对何种应用进行验证。这正是该篇论文的意义所在,希望可以对手机验证技术有
3、一个很好的指导作用。在保证安全性的基础上,尽可能的使用户方便使用,这不仅是手机行业未来的发展方向,也应该是所有其他行业的发展趋势,因此也可以相应的借鉴该论文中的观点和理论。二、多层验证在文中,提到了多层验证的概念,即对于不同的手机应用,提供不同的验证级别。例如:对于游戏、天气等应用来说,可以对所有人进行开放,只要拿到手机就可以打开这些应用,也不会对手机所有者造成经济损失;对于短信、电话、邮件等这些涉及个人隐私的应用,则应该设为私有的,当需要使用时,需要进行一部分的验证;而对于银行账户等涉及安全和财产方面的应用时,则应该给予最大的保密权限。对于不同的验证级别,每一个使用该手机的用户的权限都是不太
4、相同的。手机所有者在被系统识别为可信之后,可以方便的使用系统中所有或者大部分的手机应用,而无需进行验证。对于那些初次使用手机的人来说,系统并不能识别他们的可信度,因此只能使用公开的手机应用,如果想要打开私有的或保密的应用,则需要其他的验证方法。该方案的提出在满足安全性的基础上,可以大幅度方便用户的操作,已经超越了原有的“All-or-nothing”验证方式。三、实验结果论文对提出的理论进行了相应的实验。该实验的基本原理是在手机上安装多种类型的传感器,用于采集可信用户的各种数据。例如:温度传感器可以采集用户的体温;声音传感器可以再用户打电话时逐步采集用户的声音特征;视频传感器可以采集到用户的生
5、理特征等等。另外,文中还提到了一种新型的验证方式,即设备间的验证。在用户的多个电子设备(如PC、Pad和手机)中通过蓝牙建立连接,当手机在使用时,可以自动的检测周围是否存在这些已经连接的设备。如果系统发现无法连接到其他设备时,将会提高手机的安全级别,用户需要使用涉及隐私的手机应用时,将会需要更多的身份验证。实验的目标有以下四点:1、减少验证开销2、寻找安全性和便利性的折中3、对模型的安全性进行高低不同的推理逻辑4、很少的能量消耗。在安全性和便利性方面,文中提到了FR(False Rejection)和FA(False Authentication)两个概念,即概率统计中“弃真”和“纳假”。FR
6、表示一个合法的用户被不正确的要求身份验证的概率,而FA表示一个不合法的用户没有被验证的概率。在实验中,作者自定义了一个变量R,当R越高时,表明用户需要更高的便利性,这也会导致更多的FA;当R越低时,表明用户需要更高的安全性,这也会导致更多的FR。论文通过实验最终证明该验证技术可以满足用户安全性和便利性的需求。对于银行账户等安全性级别要求高的应用来说,FA的比率一直为0,即绝不会出现非法用户不经过验证即使用这些应用的情况;而FR的比率一直在96%以上,即对于一个合法用户,随着R的升高,被错误的要求验证的概率并没有明显的降低。在论文最后,用实际的数据表明该技术消耗的能量很低,在可以接受的范围之内,
7、这也为该技术的可行性研究提供了良好的基础。读过该论文后,使我不仅了解了手机验证领域的一些知识,而且也学习到了一篇经典论文的脉络结构应该如何组织。这两篇论文的结构严谨,层次分明,采用了递进式的分析结构,逻辑性强,文笔流畅,表达清晰,重点突出。文章格式相当的符合学术规范,反映了作者很强的科研能力。另外,通过读这篇论文,也使我认识和体会到了以下几点:1、一切事物的发展都是循序渐进的,手机行业发展到今天已经相当的辉煌。但是伴随着事物的发展也会相应的提出一系列新的问题,我们要在遵循客观规律的基础上突出人的主观能动性,而不要想着一蹴而就。2、科研的道路是曲折的,但前途是光明的。3、任何技术都有其优点和缺点
8、。在论文中提到了很多新兴的手机验证技术,这些技术都各有所长,但却都不是完美的。我们只有正视这些缺点,取长补短,才能促进手机验证领域的更好更快发展。4、手机验证行业的价值。手机产业的高速发展,带来了验证技术的空前繁荣,但危害手机安全性的事件也在不断发送,手机安全验证的形势是严峻的。我们应该从人的角度出发,以人为本,只有如此才能设计出更好的产品供用户使用。总之,正如一句名言所说:读一本好书就像和一个高尚的人说话。我相信站在巨人的肩膀上才能有更高的成就,我以后要多读书,读好书,不断提高科研水平和自身修养,尽量为中国的科研事业做出自己力所能及的贡献。 The bookI read the title
9、of the paper is the progressive authentication: deciding when to authenticate on mobile phones , this is a recommended by the China Computer Federation International Academic Conference and journal papers, published in the USENIX conference.This paper comprehensively discusses some new developments
10、in the field of mobile phone authentication in recent years, and puts forward its own views and perspectives on the security and convenience of the current mobile phone authentication methods. The paper points out that the traditional verification methods are not in line with the needs of most mobil
11、e phone users, only a more intelligent means is the future development trend of the mobile phone industry. The viewpoint is bright, argument is clear and strong, argument is sufficient and reliable, data is accurate, detailed information, literature review rich and normative, which the party about c
12、ell phone safety verification has quite high new insights. The following brief introduction is as follows:First, security and availabilityIn this paper, the current use of mobile phone population satisfaction conducted a detailed investigation and analysis, found that more than 60% of the mobile pho
13、ne users will not use PIN. One aspect of this phenomenon is that users feel that the verification method is too cumbersome, on the other hand also shows that users of their mobile phone security is the lack of correct understanding. This paper referred to the All-or-nothing verification, namely all
14、validation, or are not verified, this also is is most of the current mobile phone verification method and the way it does not meet the peoples demand on security and usability.Verification techniques mentioned in this article for the mobile phone industry and not a new verification method, but a com
15、prehensive analysis of all current methods of verification of a conclusion: when the validation and on which application for verification. This is the significance of this paper, I hope you can have a good guide for mobile phone authentication technology. In order to ensure the safety based on, as f
16、ar as possible to make it easier for users to use. This is not only mobile phone industry in the future direction of development, should also be the development trend of all other industries, could therefore be the corresponding reference to the ideas and theories.Two, multilayer verificationIn this
17、 paper, the concept of multi tier verification is mentioned, that is, to provide different authentication level for different mobile applications. For example: for applications such as games and weather can be open to everyone, as long as you get the phone can open these applications, not on the pho
18、ne owner caused economic losses; for text messages, phone, mail, etc. These involves the application of personal privacy, should be set as part of the validation for private, when need to use and need, and for bank accounts and relates to the application of security and property, should give the utm
19、ost confidentiality permissions.For different authentication levels, each users permission to use the phone is not the same. When the mobile phone owner is trusted by the system, it is easy to use all or most of the mobile phone applications in the system. For the first time using a cell phone, the
20、system can not identify their credibility, so only use public mobile application, if you want to open a private or confidential application, you need to other verification methods.On the basis of the security of the proposed scheme, it can greatly facilitate the users operation, has gone beyond the
21、original All-or-nothing verification method.Three, the results of the experimentIn this paper, the corresponding experiments are carried out. The basic principle of the experiment is to install a variety of types of sensors on the phone, used to collect a variety of data trusted users. For example:
22、the temperature sensor can collect the users temperature; the sound sensor can be used to collect the users voice gradually when the user calls, the video sensor can collect the users physiological characteristics and so on. In addition, the paper also mentions a new type of verification, which is t
23、he verification of equipment. In the users multiple electronic devices (such as PC, Pad and mobile phones) in the establishment of a Bluetooth connection, when the phone is in use, you can automatically detect the presence of these are connected to the surrounding equipment. If the system finds that
24、 it is unable to connect to other devices, it will improve the security level of the phone, users need to use mobile applications involving privacy, you will need more authentication.The goal of the experiment is the following four points: 1, reduce the verification cost 2, find the security and con
25、venience of the compromise 3, the security of the model to the level of different reasoning logic 4, little energy consumption. In terms of safety and convenience, the article referred to the FR (Rejection False) and FA (Authentication False) two concepts, that is, the probability of Statistics aban
26、don true and false. FR indicates that a legitimate user is not required to verify the identity of the probability, while FA indicates that an illegal user does not have the probability of being verified. In the experiment, the author defines a variable R, when R is higher, indicating that the user n
27、eeds more high convenience, this will also lead to more FA; when R is low, indicating that users need higher security, which will lead to more fr.The experiment proves that the verification technology can meet the needs of users safety and convenience. For the high level of bank accounts and securit
28、y requirements of application, ratio of FA always 0 that will never come illegal users not validated using these applications; and fr ratio has been in more than 96%, namely for a legitimate user, with the increase of R, the wrong of the requirements validation probability did not significantly reduced.【此课件下载可自行编辑修改,供参考,感谢你的支持!】11 / 11实用精品文档
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 《纤维肌理在装饰艺术中的应用研究》
- 《高敏C反应蛋白、碱性磷酸酶与冠心病患者病情严重程度的相关性分析》
- 电力自动化相关行业投资方案范本
- 郑州大学《新媒体研究》2022-2023学年第一学期期末试卷
- 郑州大学《物联网工程导论》2023-2024学年期末试卷
- 郑州大学《隧道工程课程设计》2022-2023学年第一学期期末试卷
- 乡镇农村土地承包合同范本
- 初中班主任开学培训
- 郑州大学《结构分析程序应用课程设计》2021-2022学年期末试卷
- 钢筋合同范本
- 体检中心护理课件培训
- 大学生职业生涯发展展示 (修改版)
- 2024-2024英语全国卷一完形填空整合
- 手机测试流程课件
- 灭火器的规格与使用培训
- 《麦肯锡沟通》课件
- 建筑专题摄影培训课件
- 急诊科的工作风险与安全防范措施
- 《家禽用药特点》课件
- 《行政许可法培训》课件
- 武汉理工大学操作系统期末复习题
评论
0/150
提交评论