My thesis is entitled "Progressive Authentication: Deciding when to authenticate on a mobile phone", which is an international academic conference and periodical paper recommended by China Computer Federation and published at the USENIX conference.
This paper comprehensively discusses some new developments in the field of mobile phone authentication in recent years, and puts forward my own views and opinions on the security and convenience of the current mobile phone authentication methods. The article points out that the traditional verification method can not meet the needs of most mobile phone users, and only more intelligent means is the future development trend of the mobile phone industry. This paper has a clear point of view, clear and powerful arguments, sufficient and reliable arguments, accurate data, detailed information and rich and standardized literature review, among which the paper has quite high new views on all aspects of mobile phone security verification. Here is a brief introduction:
I. Security and availability
In this paper, the satisfaction of current mobile phone users is investigated and analyzed in detail, and it is found that more than 60% mobile phone users will not use PIN on their mobile phones. On the one hand, this phenomenon is because users think this verification method is too troublesome, on the other hand, it also shows that users lack a correct understanding of the security of their mobile phones. In this paper, the "all or nothing" verification method is mentioned, that is, all verification or no verification, which is also the verification method of most mobile phones at present, and this method can not meet people's needs for security and ease of use. The verification technology mentioned in this paper is not a new verification method for the mobile phone industry, but a conclusion drawn after comprehensive analysis of all the current verification methods: when to verify and what kind of application to verify. This is the significance of this paper, hoping to have a good guiding role in mobile phone verification technology. On the basis of ensuring security, it is not only the future development direction of the mobile phone industry, but also the development trend of all other industries, so we can also learn from the views and theories in this paper accordingly.
Second, multi-layer verification.
In this paper, the concept of multi-layer authentication is mentioned, which provides different authentication levels for different mobile phone applications. For example, for games, weather and other applications, it can be opened to everyone. As long as you get the mobile phone, you can open these applications without causing economic losses to the owner of the mobile phone; For applications involving personal privacy, such as SMS, telephone, email, etc. , they should be set as private, and when they need to be used, they need to be partially verified; Applications involving security and property, such as bank accounts, should be kept as confidential as possible.
For different authentication levels, the rights of each user who uses a mobile phone are different. After the mobile phone owner is recognized as trustworthy by the system, he can conveniently use all or most of the mobile phone applications in the system without verification. For the first-time users of mobile phones, the system can't identify their credibility and can only use public mobile phone applications. If they want to open private or confidential applications, they need other authentication methods.
On the basis of satisfying security, this scheme greatly facilitates the operation of users, and has surpassed the original "either-or" verification method.
Third, the experimental results
In this paper, the corresponding experiments are carried out on the proposed theory. The basic principle of this experiment is to install various types of sensors on mobile phones and collect various data of trusted users. For example, the temperature sensor can collect the user's body temperature; The sound sensor can gradually collect the user's voice characteristics when the user is talking; Video sensors can capture the physiological characteristics of users and so on. In addition, this paper also mentioned a new verification method, that is, verification between devices. Users' multiple electronic devices (such as PC, Pad and mobile phone) are connected through Bluetooth, and when the mobile phone is used, it can automatically detect whether there are these connected devices around. If the system finds that other devices cannot be connected, the security level of the mobile phone will be improved, and users will need more authentication when they need to use privacy-related mobile phone applications.
The goal of the experiment is: 1, to reduce the verification cost 2, to find a compromise point 3 between security and convenience, and to carry out different reasoning logic 4 on the security of the model, which consumes less energy. In terms of security and convenience, this paper mentioned two concepts: FR (false rejection) and FA (false authentication), namely "rejecting truth" and "accepting false" in probability statistics. FR represents the probability that legal users are wrongly required to be authenticated, while FA represents the probability that illegal users are not authenticated. In the experiment, the author defines a variable R. When R is higher, it indicates that users need more convenience, which will also lead to more FA. When r is low, it means that users need higher security, which will also lead to more FR.
Finally, the experiment proves that the verification technology can meet the needs of users' security and convenience. For applications with high security requirements, such as bank accounts, the ratio of FA is always 0, that is, illegal users will never use these applications without verification; However, the ratio of FR has been above 96%, that is to say, for a legitimate user, with the increase of R, the probability of being wrongly requested for verification has not decreased significantly.
At the end of the paper, the actual data show that the energy consumption of this technology is very low and within the acceptable range.
This also provides a good foundation for the feasibility study of this technology.
After reading this paper, I not only learned some knowledge in the field of mobile phone verification, but also learned how to organize the context structure of a classic paper. These two papers are rigorous in structure, distinct in hierarchy, progressive in analytical structure, logical, clear in organization and focused. The format of the article is quite in line with academic norms, which reflects the author's strong scientific research ability.
In addition, through reading this paper, I also realized the following points:
1, everything is developing step by step, and the mobile phone industry has developed quite brilliantly today. However, with the development of things, a series of new problems will be raised accordingly. We should highlight people's subjective initiative on the basis of following objective laws, not overnight.
The road of scientific research is tortuous, but the future is bright.
Any technology has its advantages and disadvantages. Many emerging mobile phone authentication technologies are mentioned in the paper, all of which have their own advantages, but they are not perfect. Only by facing up to these shortcomings and learning from each other's strengths can we promote the better and faster development of mobile phone verification.
4. The value of mobile phone verification industry. The rapid development of mobile phone industry has brought unprecedented prosperity of verification technology, but incidents that endanger the security of mobile phones are constantly being sent, and the situation of mobile phone security verification is grim. From the perspective of people, people-oriented. Only in this way can we design better products for users.
In short, as a famous saying goes: reading a good book is like talking to a noble person. I believe that standing on the shoulders of giants can achieve higher achievements. I will read more and better books in the future, constantly improve my scientific research level and self-cultivation, and strive to contribute to the scientific research in China.