Rage Rashin Daidaito a Cikin Ƙirar Ƙarfin Kalmar Sirri ta Ainihi ta Hanyar Koyon Zurfi da Ƙamus Mai Sauyi

Teburin Abubuwan Ciki

1. Gabatarwa
2. Bayanan Baya & Bayyana Matsala
- 2.1 Karkatar da Ma'auni a Tsaron Kalmar Sirri
- 2.2 Gazawar Hare-haren Ƙamus na Yanzu
3. Hanyar da aka Tsara
4. Sakamakon Gwaji
5. Misalin Tsarin Bincike
6. Aikace-aikace & Jagorori na Gaba
7. Nassoshi
8. Bincike na Asali & Sharhin Kwararru

1. Gabatarwa

Kalmomin sirri sun ci gaba da zama babbar hanyar tabbatar da ainihi duk da raunin tsaro da aka sani. Masu amfani suna yin kalmomin sirri bisa tsarin da ake iya tsinkaya, wanda ke sa su zama masu rauni ga hare-haren zato. Ba za a iya kimanta tsaron irin waɗannan tsare-tsaren ta hanyar sigogin sirri na al'ada ba amma yana buƙatar ingantaccen tsari na halayen abokan gaba na ainihi. Wannan takarda tana magance babbar karkatar da ma'auni da masu bincike ke haifarwa lokacin da suke amfani da hare-haren ƙamus marasa kyau, waɗanda suke ƙara ƙimar ƙarfin kalmar sirri da kuma ba da labarin barazanar ainihi ba daidai ba.

2. Bayanan Baya & Bayyana Matsala

2.1 Karkatar da Ma'auni a Tsaron Kalmar Sirri

Binciken tsaron kalmar sirri yana nufin ƙirar barazanar da masu kai hari na ainihi ke haifarwa. Duk da haka, akwai babban gibin tsakanin ƙirar kalmar sirri ta ilimi da dabarun aiki da masu fasa sirri na ainihi ke amfani da su. Masu kai hari na ainihi suna amfani da hare-haren ƙamus masu daidaitawa sosai tare da ƙa'idodin ɓarna, wani tsari da ke buƙatar cikakken ilimi da gogewa don saita shi yadda ya kamata.

2.2 Gazawar Hare-haren Ƙamus na Yanzu

Yawancin binciken tsaro sun dogara da tsayayyun saitunan tsoho don hare-haren ƙamus. Waɗannan saitunan ba su da daidaitawar sauyi da daidaitawar ƙwararru na hare-haren ainihi, wanda ke haifar da ƙima mai yawa na ƙarfin kalmar sirri. Wannan karkatar da ma'auni yana lalata sakamakon tsaro kuma yana hana haɓaka ingantattun hanyoyin kariya.

3. Hanyar da aka Tsara

3.1 Cibiyar Sadarwar Jijiyoyi Mai Zurfi don Ƙirar Ƙwarewar Abokin Gaba

Babban ƙirƙira shine amfani da cibiyar sadarwar jijiyoyi mai zurfi (DNN) don koyo da kuma kwafin ilimin ɓoye da ƙwararrun masu kai hari ke amfani da shi don gina ingantattun saitunan kai hari (ƙamus da ƙa'idodi biyu). An horar da DNN akan bayanan kai hari masu nasara don ƙirar yuwuwar $P(\text{saiti} | \text{manufa})$—yuwuwar cewa ƙwararren zai zaɓi takamaiman saiti don bayanan manufa da aka bayar.

3.2 Dabarun Zato Masu Sauyi

Bayan wucewa daga hare-haren tsayayyu, tsarin da aka tsara ya gabatar da dabarun zato masu sauyi. Waɗannan dabarun suna kwaikwayon ikon ƙwararren na daidaitawa yayin kai hari. Tsarin na iya sake ba da fifiko ga ƴan takara ko canza saitunan bisa sakamakon farko daga bayanan manufa, wani tsari mai kama da dabarun tambayoyi masu daidaitawa a cikin koyo mai aiki.

3.3 Tsarin Lissafi

Ƙarfin kalmar sirri $\pi$ a kan tsarin abokin gaba mai daidaitawa $\mathcal{A}$ an bayyana shi ta lambar zato $G_{\mathcal{A}}(\pi)$. Manufar ita ce rage karkatar da ma'auni $\Delta$ tsakanin ƙimar lambar zato daga daidaitaccen tsari $\mathcal{S}$ da tsarin sauyi da aka tsara $\mathcal{D}$ don rarraba kalmar sirri $\mathcal{P}$: $$\Delta = \mathbb{E}_{\pi \sim \mathcal{P}}[|G_{\mathcal{S}}(\pi) - G_{\mathcal{D}}(\pi)|]$$ DNN tana inganta aikin asara $\mathcal{L}$ wanda ke hukunta saitunan da ke haifar da babban $\Delta$.

4. Sakamakon Gwaji

4.1 Bayanan Gwaji da Saitin Gwaji

An gudanar da gwaje-gwaje akan manyan bayanan kalmar sirri na ainihi da yawa (misali, RockYou, LinkedIn). An kwatanta tsarin da aka tsara da ingantattun kayan aikin kai ta atomatik (kamar John the Ripper tare da tsarin ƙa'idodi na gama-gari) da ƙirar nahawu mai mahimmanci mai yuwuwa (PCFG).

4.2 Kwatancen Aiki

Bayanin Jadawali: Jadawali mai layi wanda ke nuna jimillar kaso na kalmomin sirri da aka fasa (a kan ginshiƙin y, 0 zuwa 1) da adadin zato (a kan ginshiƙin x, ma'auni na log). Layin Ƙamus Mai Sauyi + DNN da aka tsara yana nuna haɓaka farko mai tsayi da babban matakin gabaɗaya idan aka kwatanta da layukan "John the Ripper (Ƙa'idodin Tsoho)" da "PCFG na Al'ada," yana nuna yana fasa ƙarin kalmomin sirri da sauri.

Sakamakon ya nuna cewa hare-haren sauyi mai jagorancin DNN yana ci gaba da fasa mafi girman kaso na kalmomin sirri a cikin takamaiman kasafin zato fiye da tsayayyun saitunan tsoho. Misali, ya sami nasarar kashi 15-25% mafi girma a cikin farkon zato $10^9$ a cikin bayanan da aka gwada.

4.3 Binciken Rage Rashin Daidaito

Mahimmin ma'auni shine rage karkatar da ƙima mai yawa. Binciken ya auna bambanci tsakanin lambar zato da daidaitaccen tsari ya ƙiyasta da lambar zato ta ainihi da tsarin sauyi ya buƙata. Hanyar da aka tsara ta rage wannan karkatar da ma'auni da fiye da kashi 60% a matsakaita, yana ba da ƙima mafi gaskiya da rashin bege (watau mafi aminci) na ƙarfin kalmar sirri.

5. Misalin Tsarin Bincike

Yanayi: Mai binciken tsaro yana buƙatar kimanta juriyar sabuwar manufar kalmar sirri ta kamfani a kan hare-haren kashe wuta.

Hanyar Al'ada (Mai Karkata): Mai binciken yana gudanar da sanannen kayan aikin fasa sirri (misali, Hashcat) tare da tsarin ƙa'idodinsa na tsoho "best64" a kan samfurin kalmomin sirri da aka ɓoye. Kayan aikin sun fasa kashi 40% na kalmomin sirri bayan zato biliyan 1. Mai binciken ya yanke shawarar cewa manufar tana da "ƙarfi matsakaici."

Tsarin da aka Tsara (Mai Daidaito):
1. Bayanan Bayanai: An fara fallasa samfurin kalmar sirri na manufa (ko samfurin al'umma mai kama) ga tsarin DNN don gano yiwuwar tsarin abubuwan da mai amfani ya haɗa.
2. Saitin Sauyi: Maimakon tsayayyen tsarin ƙa'ida, tsarin yana samarwa da kuma haɓaka jeri na ƙamus da ƙa'ida na al'ada da aka keɓance ga tsarin da aka lura (misali, yawan amfani da takamaiman gajarta kamfani + lambobi 4).
3. Kimantawa: Hare-haren sauyi ya fasa kashi 65% na kalmomin sirri a cikin kasafin zato iri ɗaya. Mai binciken yanzu ya gano manufar a matsayin mai rauni, saboda tana da rauni ga hare-haren da aka daidaita, na ainihi. Wannan yana sa a sake duba manufar kafin a fara amfani da ita.

6. Aikace-aikace & Jagorori na Gaba

Masu Duba Kalmar Sirri na Gaggawa: Haɗa wannan tsarin cikin musanya ƙirƙirar kalmar sirri don ba masu amfani amsa na ainihi na lokaci-lokaci game da ƙarfi a kan hare-haren ci-gaba.
Daidaituwar Tsaro: Sanar da NIST ko ƙungiyoyi makamantansu don sabunta jagororin ma'aunin ƙarfin kalmar sirri da hanyoyin kimantawa.
Dandamali na Kwaikwayon Abokan Gaba: Gina kayan aikin ƙungiyar ja masu sarrafa kansa waɗanda za su iya kwaikwayon ainihin hare-haren shaidar ƙwararru don gwajin shiga.
Daidaitawar Yankuna Daban-daban: Binciken koyon canja wuri don amfani da tsarin zuwa sabbin bayanan kalmar sirri da ba a gani ba ko wasu harsuna daban-daban tare da ƙaramin horo.
Haɗin AI Mai Bayyanawa (XAI): Haɓaka hanyoyin bayyana dalilin da yasa DNN ke zaɓar wasu ƙa'idodi, yana sa "ilimin ƙwararru" ya zama bayyananne kuma ana iya duba shi.

7. Nassoshi

Weir, M., Aggarwal, S., Medeiros, B., & Glodek, B. (2009). Fasa Kalmar Sirri ta Amfani da Nahawu Mai Mahimmanci Mai Yuwuwa. A cikin IEEE Symposium on Security and Privacy.
Ur, B., et al. (2015). Kalmar Sirrinka Ta Auna Yaya? Tasirin Ma'auni na Ƙarfi akan Ƙirƙirar Kalmar Sirri. A cikin USENIX Security Symposium.
Melicher, W., et al. (2016) M, Mai Sauƙi, da Daidai: Ƙirar Yiwuwar Zato Kalmar Sirri ta Amfani da Cibiyoyin Sadarwar Jijiyoyi. A cikin USENIX Security Symposium.
Cibiyar Ƙididdiga da Fasaha ta Ƙasa (NIST). (2017). Jagororin Ainihi na Digital (SP 800-63B).
Wang, D., et al. (2016). Garkuwar Yanar Gizo na Sake Amfani da Kalmar Sirri. A cikin NDSS.
Goodfellow, I., et al. (2014). Cibiyoyin Sadarwar Jijiyoyi Masu Gaba. A cikin Ci gaba a cikin Tsarin Sarrafa Bayanai na Jijiyoyi (NeurIPS). (An ambata don wahayi na hanyoyin ƙirar abokan gaba).

8. Bincike na Asali & Sharhin Kwararru

Babban Fahimta: Wannan takarda tana ba da gaskiya mai mahimmanci, wacce ake yawan yin watsi da ita: mafi ƙwararrun ƙirar kalmar sirri ba ta da amfani idan ta kasa ɗaukar hankalin aiki na masu kai hari na ainihi. Marubutan sun gano daidai cewa tushen karkatar da ma'auni ba rashin sarƙaƙƙiyar algorithm ba ne, amma rashin tausayin abokin gaba. Yawancin bincike, kamar aikin PCFG na farko na Weir et al., suna mai da hankali kan ƙirar halayen mai amfani. Pasquini et al. sun canza rubutun ta hanyar mai da hankali kan ƙirar halayen mai kai hari—wani canji mai zurfi amma mai zurfi. Wannan ya yi daidai da babban yanayin tsaro zuwa ƙirar abokin gaba mai dogaro da bayanai, mai kama da yadda Cibiyoyin Sadarwar Jijiyoyi Masu Gaba (GANs) suka sanya cibiyoyin sadarwa biyu a kan juna don cimma gaskiya.

Kwararar Hankali: Hujjar tana da ƙarfi. Sun fara da gano karkatar da ma'auni (Sashe na 2), matsala da aka nuna ta hanyar aiki a baya kamar na Ur et al. akan rashin daidaiton ma'auni na ƙarfi. Maganinsu yana da kyau sosai gaba biyu: (1) Sarrafa Ƙwarewa ta amfani da DNN—zaɓi mai ma'ana idan aka yi la'akari da nasararsa ta ɗaukar rikitattun tsarin ɓoye a yankuna kamar samarwa hoto (CycleGAN) da harshe na halitta. (2) Gabatar da Sauyi, matsawa daga hare-haren tsayayyu, mai dacewa da kowa zuwa wanda ke daidaitawa, mai sanin manufa. Wannan yana kwaikwayon ci gaba da amsa na mai kai hari na ainihi, ra'ayi da jagororin NIST masu ci gaba ke goyan baya waɗanda ke jaddada tabbatar da ainihi mai sanin yanayi.

Ƙarfi & Kurakurai: Babban ƙarfi shine tasirin aikace-aikace. Ta hanyar rage karkatar da ƙima mai yawa da kusan kashi 60%, sun ba da kayan aikin da zai iya hana amincewa mai haɗari a cikin manufofin kalmar sirri. Amfani da DNN don tace "ilimin ƙwararru na ɓoye" yana da sabon salo. Duk da haka, hanyar tana da kurakurai. Na farko, ta kasance tunani na baya; DNN tana koyo daga bayanan kai hari na baya, yana iya rasa sabbin tsarin mai amfani ko ƙirƙira masu kai hari. Na biyu, ko da yake ba ta da karkata sosai, akwatin baƙi ne. Mai binciken ba zai iya fahimtar dalilin da ya sa aka ba da fifiko ga takamaiman ƙa'ida ba, wanda ke da mahimmanci don ƙirƙirar manufofin tsaro. Wannan rashin bayyanawa shine suka na gama-gari na DNN a cikin mahallin tsaro. A ƙarshe, farashin lissafi na horarwa da gudanar da tsarin sauyi ba ƙaramin abu bane idan aka kwatanta da gudanar da tsarin ƙa'ida mai sauƙi.

Fahimta Mai Aiki: Ga masu aikin tsaro da masu bincike, wannan takarda umarni ce don canji. Daina amfani da saitunan fasa sirri na tsoho a cikin kimantawarku. Yi la'akari da su a matsayin tushe mai aibi, ba ma'auni na zinariya ba. Tsarin da aka gabatar anan ya kamata a haɗa shi cikin hanyoyin kimanta manufar kalmar sirri. Ga masu haɓaka kayan aiki, kiran shine gina madaidaicin, ɓangarorin fasa sirri masu dogaro da koyo cikin manyan kayan aiki kamar Hashcat ko John the Ripper. Ga ilimi, mataki na gaba a bayyane yake: haɗa wannan hanyar ƙirar mai kai hari tare da ingantaccen tsarin mai amfani (kamar aikin cibiyar sadarwar jijiyoyi na Melicher et al.) da kuma shigar da bayyanawa (dabarun XAI) don ƙirƙirar tsarin kimanta ƙarfin kalmar sirri mai bayyanawa, cikakke, da kuma ainihin gaskiya. Makomar tsaron kalmar sirri ba ta cikin ƙirƙirar kalmomin sirri masu ƙarfi har abada ba, amma a cikin ƙirƙirar hanyoyi masu wayo—kuma mafi gaskiya—don karya su.