Zaɓi Harshe

Zuwa Tabbatar da Hanyoyin Ƙirƙirar Kalmar Sirri a cikin Manajoji na Kalmar Sirri

Bincike kan tabbatar da hanyoyin ƙirƙirar kalmar sirri a cikin manajoji na kalmar sirri, ya ƙunshi kaddarorin tsaro, daidaiton aiwatarwa, da hanyoyin gaba.
computationalcoin.com | PDF Size: 0.1 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Zuwa Tabbatar da Hanyoyin Ƙirƙirar Kalmar Sirri a cikin Manajoji na Kalmar Sirri
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Zuwa Tabbatar da Hanyoyin Ƙirƙirar Kalmar Sirri a cikin Manajoji na Kalmar Sirri

1. Gabatarwa

Manajoji na kalmar sirri (PMs) muhimman kayan aiki ne don tsaron dijital na zamani, suna ba masu amfani damar kiyaye kalmar sirri mai ƙarfi, ta musamman ba tare da nauyin tunawa ba. Duk da muhimmancinsu, amfani da su ya kasance mai iyaka saboda matsalolin amana. Wannan takarda ta magance wani muhimmin bangare na amana: hanyar ƙirƙirar kalmar sirri bazuwar (RPG). Muna ba da shawarar aiwatar da misali da aka tabbatar bisa ƙa'ida ta amfani da tsarin EasyCrypt, inda muka tabbatar da daidaiton aiki da kaddarorin tsaro ta hanyar hujjojin sirri na tushen wasa.

2. Hanyoyin Ƙirƙirar Kalmar Sirri na Yanzu

Binciken ya binciki manajoji na kalmar sirri 15, yana mai da hankali kan aiwatarwa uku na buɗaɗɗen tushe: Google Chrome (v89.0.4364.1), Bitwarden (v1.47.1), da KeePass (v2.46). An zaɓi waɗannan saboda yawan amfani da su da kuma samun tushen lambar su.

2.1 Dokokin Tsarin Kalmar Sirri

Manajoji na kalmar sirri suna ba masu amfani damar ayyana dokokin tsarin da kalmar sirri da aka ƙirƙira dole ta bi. Waɗannan dokokin suna sarrafa tsawon kalmar sirri, nau'ikan haruffa, da takamaiman ƙayyadaddun kamar mafi ƙarancin/matsakaicin faruwa a kowane aji da kuma keɓance haruffa masu kama da juna (misali, 'l', 'I', 'O', '0').

Kwatanta Dokoki

  • Chrome: Tsawon: 1-200, Rukunoni: Ƙananan Haruffa, Manyan Haruffa, Haruffa, Lambobi, Haruffa na Musamman
  • Bitwarden: Tsawon: 5-128, Rukunoni: Ƙananan Haruffa, Manyan Haruffa, Lambobi, Haruffa na Musamman
  • KeePass: Tsawon: 1-30000, Rukunoni: Ƙananan Haruffa, Manyan Haruffa, Lambobi, Haruffa na Musamman, Maƙallai, Sarari, Ragewa, Ƙarƙashin Layi

2.2 Ƙirƙirar Kalmar Sirri Bazuwar

Hanyoyin da aka bincika suna bin tsari iri ɗaya: ƙirƙiri haruffa bazuwar daga nau'ikan haruffa daban-daban har sai an cika buƙatun tsawon kalmar sirri, yayin da ake mutunta ƙayyadaddun mafi ƙarancin da matsakaicin faruwa. Hanyar Chrome musamman: 1) tana ƙirƙirar haruffa daga rukunoni tare da ƙayyadaddun mafi ƙarancin faruwa, 2) tana ƙirƙirar daga haɗin rukunoni waɗanda ba su kai matsakaicin ba, 3) tana amfani da sauye-sauye na ƙarshe.

3. Tsarin Tabbatarwa na Ƙa'ida

Muna amfani da EasyCrypt, mataimakin hujja don ƙa'idodin sirri, don ƙayyadad da tabbatar da aiwatar da misalin RPG ɗinmu bisa ƙa'ida. Tabbatarwar tana bin hanyar tushen wasa don hujjojin tsaron sirri, tana kafa kaddarorin kamar rarraba iri ɗaya da juriya ga hare-haren hasashe.

Mahimman Fahimta

  • Tabbatarwa bisa ƙa'ida tana ba da tabbacin lissafi game da halayyar hanyar
  • Hujjojin tushen wasa suna ƙirƙira iyawar maƙiyi da gaske
  • Aiwatar da misali yana aiki azaman ma'auni na zinare ga masu haɓaka PM

4. Cikakkun Bayanai na Aiwatar Fasaha

4.1 Tushen Lissafi

Hanyar ƙirƙirar kalmar sirri dole ta tabbatar da rarraba iri ɗaya a cikin sararin kalmar sirri da aka ayyana. Don dokar da ke ba da izinin haruffa daga saitin $C$ tare da girman $|C|$, kuma tana buƙatar tsawon $L$, girman sararin kalmar sirri gabaɗaya shine $|C|^L$. Hanyar dole ta tabbatar cewa kowane yuwuwar kalmar sirri $p \in C^L$ tana da daidaiton yuwuwar:

$$\Pr[\text{Ƙirƙira}(L, C) = p] = \frac{1}{|C|^L}$$

Lokacin da aka ƙara ƙayyadaddun kamar mafi ƙarancin faruwa, rarraba ya zama na sharadi amma dole ya kasance iri ɗaya a cikin sararin da aka ƙayyade.

4.2 Kaddarorin Tsaro

Kaddarorin da aka tabbatar bisa ƙa'ida sun haɗa da:

  1. Daidaiton Aiki: Sakamakon ya bi duk ƙayyadaddun dokoki
  2. Rarraba Iri ɗaya: Babu nuna son kai a zaɓin kalmar sirri
  3. Juriya ga Hasashe: Sakamakon da ya gabata ba ya bayyana na gaba
  4. Kiyaye Ƙarfin Bazuwar: Yana kiyaye bazuwar sirri

5. Sakamakon Gwaji

An gwada aiwatar da tabbatarwa bisa ƙa'ida a kan manajoji uku na kalmar sirri da aka bincika. Muhimman binciken:

  • Duk aiwatarwar kasuwanci sun nuna ƙananan son kai na ƙididdiga a cikin yanayi na gefe
  • KeePass ya nuna mafi tsarin dokoki mai sassauƙa amma rikitattun abubuwa sun gabatar da ƙalubalen tabbatarwa
  • Aiwatarwar Bitwarden ita ce mafi kusanci da rarraba iri ɗaya mai kyau
  • Hanyar Chrome tana da mafi tsabtar rabuwa na damuwa don tabbatarwa

Binciken Rarraba Ƙididdiga

Gwajin ya ƙunshi ƙirƙirar kalmar sirri 1,000,000 a kowane saitin kuma yana amfani da gwaje-gwajen χ² don daidaito. Aiwatar da tabbatarwa ya ci duk gwaje-gwajen ƙididdiga (p > 0.05), yayin da aiwatarwar kasuwanci suka nuna ƙimar p har zuwa 0.001 a cikin takamaiman saitin dokoki, yana nuna son kai da za a iya gano.

6. Misalin Tsarin Bincike

Mahimman Fahimta: Babban nasarar takarda ba wai kawai wani mai ƙirƙirar kalmar sirri ba ne—yana kafa hanyar tabbatarwa wanda ke canza tsaro daga da'awar gwaji zuwa hujjar lissafi. Wannan yana canza tsarin daga "muna tunanin yana da tsaro" zuwa "za mu iya tabbatar yana da tsaro."

Tsarin Ma'ana: Binciken yana bin hujja mai tsauri mai matakai uku: 1) Gano amana a matsayin toshewar amfani ta hanyar nazarin masu amfani, 2) Rarraba aiwatarwa na yanzu don nemo tsarin gama-gari masu cancantar tabbatarwa, 3) Gina da tabbatar da aiwatar da misali wanda ke aiki azaman anka na amana. Wannan yayi daidai da hanyar a cikin ayyukan tushe kamar Ƙaddamarwar Software da aka Tabbatar, yana amfani da hanyoyin ƙa'ida ga matsalolin tsaro na aiki.

Ƙarfi & Kurakurai: Ƙarfin yana cikin tunkarar matsalar tabbatarwa a matakin da ya dace na taƙaitawa—mai da hankali kan hanyar ƙirƙira maimakon dukan manajan kalmar sirri. Duk da haka, iyakacin takarda shine kula da mai ƙirƙira shi kaɗai. Kamar yadda aka lura a cikin Jagororin Shaidar Dijital na NIST , tsaron kalmar sirri ya dogara da dukan yanayin muhalli: ajiya, watsawa, da UI/UX. Mai ƙirƙira da aka tabbatar bisa ƙa'ida ba shi da amfani idan kalmar sirri ta ɓace ta hanyar tashoshi na gefe ko ƙirar UI mara kyau.

Fahimta Mai Aiki: Masu haɓaka manajan kalmar sirri yakamata: 1) Karɓi wannan aiwatar da misali a matsayin farkon farawa, 2) Ƙara tabbatarwa zuwa ajiyar kalmar sirri da abubuwan cika ta atomatik, 3) Ba da umarnin binciken ɓangare na uku ta amfani da wannan hanyar. Hanyar za ta iya ƙaruwa zuwa wasu masu ƙirƙira masu mahimmanci na tsaro (makullin sirri, alamun zaman) bin tsarin da ɗakunan karatu na sirri da aka tabbatar kamar HACL* suka kafa.

Binciken kalmomi 300-600 yana nuna yadda tabbatarwa bisa ƙa'ida ke magance ainihin rashi amana a cikin manajoji na kalmar sirri. Ta hanyar ba da hujjojin lissafi na kaddarorin tsaro, wannan aikin ya wuce tsaro na gwaji zuwa garanti da za a iya tabbatarwa. Ƙimar gaske ta hanyar ita ce canja wurinta—irinsu hanyoyin za su iya tabbatar da wasu sassan tsaro, ƙirƙirar sarkar amana daga ƙirƙirar kalmar sirri ta hanyar ajiya zuwa amfani. Wannan ya yi daidai da ƙarin yanayin a cikin tsarin da aka tabbatar, kamar yadda aka gani a cikin ayyuka kamar tabbatar da seL4 microkernel, yana tabbatar da cewa hanyoyin ƙa'ida suna zama masu amfani ga tsarin tsaro na duniyar gaske.

7. Aikace-aikace & Hanyoyin Gaba

Hanyar tabbatarwa bisa ƙa'ida da aka kafa anan tana da aikace-aikace masu ban sha'awa da yawa:

  1. Daidaituwa: Zai iya zama tushen ƙa'idodin takaddun shaida na mai ƙirƙirar kalmar sirri
  2. Haɗin Buɗaɗɗen Yanar Gizo: An gina cikin masu ƙirƙirar kalmar sirri da aka tabbatar a cikin duk manyan buɗaɗɗen yanar gizo
  3. Tsaron IoT: Masu ƙirƙira masu sauƙi da aka tabbatar don na'urori da aka haɗa
  4. Shaidar Ba tare da Kalmar Sirri ba: Tabbatar da masu ƙirƙirar alamar FIDO2/WebAuthn
  5. Kayan Aikin Ilimi: Koyar da hanyoyin ƙa'ida ta hanyar misalan tsaro na aiki

Bincike na gaba yakamata ya mai da hankali kan: 1) Ƙara tabbatarwa zuwa kimanta dokokin kalmar sirri, 2) Haɗawa da na'urori na tsaro na kayan aiki, 3) Haɓaka kayan aikin tabbatarwa ta atomatik ga masu haɓaka PM, 4) Nazarin tasirin amfani da tsarin da aka tabbatar bisa ƙa'ida.

8. Nassoshi

  1. Grilo, M., Ferreira, J. F., & Almeida, J. B. (2021). Zuwa Tabbatar da Hanyoyin Ƙirƙirar Kalmar Sirri da ake amfani da su a cikin Manajoji na Kalmar Sirri. arXiv:2106.03626
  2. EasyCrypt: Taimakon Hujja ta Kwamfuta don Hujjojin Sirri. (2021). https://easycrypt.info/
  3. NIST. (2020). Jagororin Shaidar Dijital: Tabbatar da Gaskiya da Gudanar da Rayuwa. SP 800-63B
  4. Klein, G., et al. (2009). seL4: Tabbatar da ƙa'ida na kernel na OS. SOSP '09
  5. Zinzindohoué, J. K., et al. (2017). HACL*: Ƙa'idar Sirri ta Zamani da aka Tabbatar. CCS '17
  6. Bonneau, J., et al. (2012). Neman maye gurbin kalmar sirri: Tsarin don kimanta kwatankwacin tsarin tabbatar da gaskiya na yanar gizo. IEEE S&P
  7. Ur, B., et al. (2016). "Na ƙara '!' a ƙarshen don sanya shi cikin tsaro": Lura da ƙirƙirar kalmar sirri a cikin dakin gwaje-gwaje. SOUPS '16