Zaɓi Harshe

Trenchcoat: Algorithms na Hash da Mutum Zai Iya Lissafta don Samar da Kalmar Sirri

Bincike kan ayyukan hash da mutum zai iya lissafta don samar da kalmar sirri, ta yin amfani da ƙwaƙwalwar ajiya mai haɗawa don tsaro ba tare da manajoji na kalmomin sirri ba.
computationalcoin.com | PDF Size: 0.9 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Trenchcoat: Algorithms na Hash da Mutum Zai Iya Lissafta don Samar da Kalmar Sirri
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Trenchcoat: Algorithms na Hash da Mutum Zai Iya Lissafta don Samar da Kalmar Sirri

1. Gabatarwa

Yanayin dijital na zamani yana buƙatar mutane su sarrafa adadi mai yawa na asusun kan layi (90-130 a matsakaita), wanda ke haifar da ayyukan kalmar sirri marasa tsaro kamar sake amfani da su da kuma tsarin da ake iya hasashewa. Magungunan al'ada—ƙa'idodin kalmar sirri masu sarkakiya da manajoji na kalmomin sirri—sau da yawa suna kasawa saboda nauyin fahimi ko raunin tsaro. Wannan takarda ta gabatar da Trenchcoat, wani sabon tsari na ayyukan hash da mutum zai iya lissafta wanda aka tsara don samar da kalmomin sirri na musamman, masu tsaro ga kowane gidan yanar gizo daga wani babban sirri ɗaya, wanda mai amfani zai yi ta hanyar tunani.

2. Matsalar Ayyukan Kalmar Sirri na Yanzu

Masu amfani suna fuskantar buƙatun da suka saba wa juna: ƙirƙirar kalmomin sirri bazuwar, na musamman ga ɗaruruwan gidajen yanar gizo yayin da suke tunawa da su duka. Wannan yana haifar da:

  • Sake Amfani da Kalmar Sirri: Fiye da kashi 50% na kalmomin sirri ana sake amfani da su a cikin asusun da yawa.
  • Tsarin da Ake Iya Hasashewa: Amfani da kalmomin gama gari, sunaye, da sauƙaƙan musanya.
  • Raunin Manaja: Manajoji na kalmomin sirri sune abubuwan da aka fi kai hari don amfani da raunin sifili.
  • Cikakken Nauyin Fahimi: Ana yin watsi da ƙa'idodi masu sarkakiya don jin daɗi, wanda ke lalata tsaro.

Yin sulhu tsakanin abin da ake iya tunawa da tsaro ya kasance babbar matsalar da ba a warware ba a cikin tantancewa.

3. Tsarin Trenchcoat

Trenchcoat yana ba da shawarar canza lissafin daga na'urar zuwa tunanin mai amfani, ta yin amfani da ayyukan da suka dace da fahimtar ɗan adam.

3.1. Babban Manufa: Ayyukan Hash da Mutum Zai Iya Lissafta

Babban aikin an ayyana shi azaman $F_R(s, w) \rightarrow y$, inda:

  • $s$: Babban sirrin mai amfani (ba lallai ba ne zai zama jeri).
  • $w$: Mai gano gidan yanar gizo/asu (misali, "google.com").
  • $R$: Tsarin mai amfani na musamman na ƙwaƙwalwar ajiya mai haɗawa da kuma a ɓoye.
  • $y$: Kalmar sirri da aka samar (ƙaramin sirri).

Aikin $F$ yana da sigogi ta $R$, wanda ya sa ya zama na musamman ga kowane mutum kuma yana da wahala ga abokin gaba ya kwafi ko tabbatarwa.

3.2. Yin Amfani da Ƙwaƙwalwar Ajiya Mai Haɗawa da Kuma A Ɓoye (R)

Babban ƙirƙira shine haɗa $R$—tsarin ƙwaƙwalwar ajiya na mai amfani na musamman, gami da haɗin kai na sirri, tunawa da sarari, da ilimin a ɓoye. Wannan yana aiki azaman fim na Jiki da Ba za a iya Kwafawa (PUF) na Fahimi. Abokin gaba wanda ba shi da ilimin $R$ ba zai iya lissafta $F_R$ yadda ya kamata, ko da an san $s$ da $w$.

3.3. Misalan Aiki & Ayyukan Asali

Algorithms da aka ba da shawarar suna buƙatar ayyukan asali kawai, masu isa ga kowa:

  • Lissafi: Ƙari mai sauƙi, ayyukan modulo akan lambobi da aka samo daga $s$ da $w$.
  • Kewayawa ta Sarari: Ziyartar fadar tunawa ta sirri ko grid a cikin tunani.
  • Neman Tsari: Nemo jerin abubuwa a cikin rubutu ko hoto na tunani na sirri.

Waɗannan suna sa tsarin ya zama mai isa ga mutane masu bambancin jijiyoyi da waɗanda ke da nakasu daban-daban.

4. Binciken Tsaro & Hanyar Aiki

Binciken rubutun sirri na al'ada bai isa ba. Trenchcoat yana amfani da hanya mai fuskoki da yawa:

4.1. Kimantawa Dangane da Entropy

Ana auna tsaro ta hanyar ingantaccen entropy da aikin $F_R$ da babban sirrin $s$ suka gabatar. Manufar ita ce tabbatar da sararin fitarwa don $y$ ya isa ya ƙi hare-haren ƙarfi da na ƙamus, la'akari da ƙayyadaddun lissafin ɗan adam.

4.2. Kwatanta da Rubutun Sirri na Al'ada & PUFs

Tsarin yana kama da PUF [37], inda $R$ shine "jiki" na musamman da ba za a iya kwafawa ba. Ba kamar PUFs na dijital ba, $R$ wani abu ne na fahimi. Wannan yana ba da tsaro ta hanyar ɓoyayyen tsari maimakon sirrin algorithm, wani tsari mai kawo rigima amma mai yuwuwar yin aiki don wannan takamaiman samfurin barazanar (masu kai hari daga nesa).

5. Sakamakon Gwaji & Nazarin Mai Amfani

5.1. Hanyar Bincike (n=134)

An gudanar da nazarin mai amfani inda mahalarta 134 kowannensu ya gwada tsare-tsaren Trenchcoat guda biyu da aka zaɓa. Binciken ya kimanta abin da ake iya tunawa na babban sirri, lokacin samar da kalmomin sirri, ƙimar kuskure, da amfanin mai amfani na zahiri.

5.2. Sakamako na Aiki da Amfanin Mai Amfani

Sakamakon farko ya nuna cewa masu amfani za su iya samar da kalmomin sirri da aminci bayan ɗan gajeren lokacin horo. Tsare-tsaren da suka dogara da ƙwaƙwalwar ajiya ta sarari sun nuna ƙananan ƙimar kuskure ga wasu masu amfani. An ba da rahoton nauyin fahimi a matsayin ƙasa sosai fiye da sarrafa kalmomin sirri na musamman da yawa, amma ya fi girma fiye da sauƙaƙan sake amfani da kalmar sirri.

Hankali na Ginshiƙi (Ra'ayi): Zanen ginshiƙi na hasashe zai nuna "Lokacin Samar da Kalmar Sirri" yana raguwa tare da atisaye a cikin gwaji 5 don hanyoyin Trenchcoat, yayin da "Daidaiton Tunawa" ya kasance mai girma (>90%). Layin kwatancin "Tunawa da Kalmar Sirri Bazuwar ta Al'ada" zai nuna raguwa mai zurfi a cikin tsawon kwanaki 7.

5.3. Binciken Ka'idojin Kalmar Sirri na Yanar Gizo (n=400)

Binciken gidajen yanar gizo 400 ya bayyana ka'idojin kalmar sirri masu sabani kuma sau da yawa masu saba wa juna, wanda ke ƙarfafa wahalar mai amfani don bin doka da kuma tabbatar da buƙatar haɗin kai, hanyar samarwa mai mayar da hankali ga mai amfani kamar Trenchcoat.

6. Cikakkun Bayanai na Fasaha & Tsarin Lissafi

Yi la'akari da aikin Trenchcoat mai sauƙi wanda ya dogara da lissafi:

  1. Yi taswirar babban sirri $s$ da gidan yanar gizo $w$ zuwa jerin lambobi (misali, ta yin amfani da sirrin sirri na sirri).
  2. Yi jerin ayyukan da aka ƙaddara, waɗanda suka dogara da $R$. Misali: $y_i = (s_i + w_i + k_i) \mod 10$, inda $k_i$ lamba ce da aka samo daga matsayi na $i^{th}$ na abin da ke tayar da ƙwaƙwalwar ajiya na sirri (wani ɓangare na $R$).
  3. Haɗa sakamakon $y_i$ kuma a yi amfani da ƙa'idar sirri ta ƙarshe (misali, manyan harafin da ya dace da jimillar dukkan lambobi).

Tsaron ya dogara da entropy na $s$ da haɗuwar da ba ta layi ba, ta musamman ga mai amfani wanda $R$ ya gabatar.

7. Tsarin Bincike & Misalin Hali

Nazarin Hali: Kimanta Aikin Trenchcoat na Kewayawa ta Sarari

Tsari: Yi amfani da jagororin NIST SP 800-63B don sirrin da aka tuna a matsayin tushe, amma a ƙara da ma'aunin ilimin halayyar ɗan adam.

  1. Samfurin Barazana: Mai kai hari daga nesa tare da babban tarin karya. Ba zai iya lura da tsarin tunanin mai amfani ($R$) ba.
  2. Ƙididdigar Entropy: Lissafta entropy na Shannon na fitarwa $y$ ba daga algorithm kaɗai ba, amma daga mahangar mai kai hari, wanda dole ne ya yi hasashen $R$. Yi samfurin $R$ a matsayin zaɓi daga sarari mai yawa na tsarin fahimi.
  3. Gwajin Amfanin Mai Amfani: Auna ƙimar nasara bayan mako 1 ba tare da atisaye ba. Kwatanta da tunawa da manajan kalmar sirri da kuma tunawa da kalmar sirri mai sauƙi.
  4. Binciken Ƙarfin Juriya: Gwada ko yin sulhu na $y$ don wani gidan yanar gizo $w_1$ yana fitar da bayanai game da $s$ ko $R$ waɗanda ke raunana $y$ don wani gidan yanar gizo $w_2$. Wannan shine ainihin buƙatun rubutun sirri na aikin hash.

Babu buƙatar lamba don wannan binciken; hanya ce ta kimantawa mai tsari.

8. Bincike Mai Zurfi & Ra'ayi na Masana'antu

Babban Hankali: Trenchcoat ba wani tsari ne kawai na kalmar sirri ba; yana cikin babbar caca cewa bambancin fahimi zai iya zama abu na asali na rubutun sirri. Yana ƙoƙarin tsara "algorithm na sirri" da yawancin masu amfani masu wayar da kan tsaro suka riga sun yi amfani da shi a ɓoye, suna mai da rauni (hasashen ɗan adam) zuwa ƙarfi (na musamman na ɗan adam).

Kwararar Hankali: Hankali yana da ban sha'awa amma ya dogara ne akan sarkar mai rauni. 1) Dole ne masu amfani su ƙirƙiri $s$ mai ƙarfi, mai iya tunawa—tsohuwar matsalar da ba a warware ba. 2) Tsarin $R$ dole ne ya tsaya tsayin daka a kan lokaci kuma a cikin mahallin daban-daban (damuwa, gajiya). Kimiyyar kwakwalwa ta nuna cewa tunawa ba aikin ƙaddara ba ne [kamar amsa ƙalubalen PUF na dijital]; yana da hayaniya kuma ya dogara da mahallin. 3) Hujjar tsaro ta dogara ne akan rashin yuwuwar yin samfurin $R$. Duk da haka, nazarin ɗabi'a da AI suna ƙara ƙwarewa wajen yin samfurin tsarin fahimi na mutum ɗaya daga sawun dijital.

Ƙarfi & Kurakurai: Babban ƙarfinsa shine keta saman harin manajan kalmar sirri. Babu bayanai da za a sace, babu babban kalmar sirri da za a yi safarar sirri. Kurakuransa shine rashin ƙin yarda da kuma dawo da su. Idan mai amfani ya manta da tsarin $R$ bayan rauni a kai ko kuma kawai a kan lokaci, duk kalmomin sirri da aka samo sun ɓace ba za a iya dawowa ba—wani bala'i idan aka kwatanta da zaɓuɓɓukan dawowar manajan kalmar sirri. Bugu da ƙari, kamar yadda aka lura a cikin bincike kan abubuwan asali na tsaro na fahimi, "ma'aunin aiki" ga mutum an ƙaddara kuma yana da ƙasa, yana iyakance ma'aunin entropy idan aka kwatanta da rubutun sirri na tushen silicon.

Hankali Mai Aiki: Ga masu zanen tsaro na kamfani, Trenchcoat ba magani ba ne da za a iya turawa amma wani muhimmin hanyar bincike. Yi gwajinsa a cikin mahalli na ciki masu ƙarancin haɗari don tattara bayanai na tsawon lokaci akan daidaiton fahimi. Ga masu bincike, fifiko shine ƙididdige entropy na $R$ da ƙarfi. Yi haɗin gwiwa tare da masana kimiyyar kwakwalwa don ƙirƙirar gwaje-gwaje waɗanda ke auna kwanciyar hankali da na musamman na ayyukan da suka dogara da ƙwaƙwalwar ajiya. Dole ne fannin ya wuce binciken mai amfani mai sauƙi zuwa gwaje-gwaje masu sarrafawa waɗanda ke yin taswirar ainihin saman harin, watakila ta yin amfani da tsarin daga koyon injin abokin gaba don yin kwaikwayon mai kai hari yana ƙoƙarin gano $R$.

9. Ayyukan Gaba & Hanyoyin Bincike

  • Tsarin Haɗin kai: Haɗa fitarwa na Trenchcoat mai ƙarancin entropy tare da maɓalli mai girma na entropy da aka riƙe ta na'ura don maganin abubuwa da yawa.
  • Biyometrik na Fahimi: Yi amfani da tsarin aiwatar da $F_R$ a matsayin abin tantancewa mai ci gaba, gano abubuwan da ba su dace ba idan "sa hannun" fahimi ya canza.
  • Shirye-shiryen Bayan Quantum: Bincika ko ayyukan da mutum zai iya lissafta waɗanda suka dogara da matsalolin da suke da wahala ga AI amma sauƙi ga mutane (wasu ayyukan tunani na sarari) za su iya ba da tsaro na dogon lokaci.
  • Zane na Farko na Samun dama: Haɓaka ayyuka na musamman ga masu amfani tare da takamaiman bayanan fahimi ko na jiki, suna mai da buƙatun samun dama zuwa fasalulluka na tsaro.
  • Ƙoƙarin Daidaitawa: Fara aiki akan tsari don bayyana da kuma kimanta ayyukan da mutum zai iya lissafta, kama da rawar NIST a cikin rubutun sirri na al'ada.

10. Nassoshi

  1. Rooparaghunath, R. H., Harikrishnan, T. S., & Gupta, D. (2023). Trenchcoat: Human-Computable Hashing Algorithms for Password Generation. arXiv preprint arXiv:2310.12706.
  2. Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. IEEE Symposium on Security and Privacy.
  3. NIST. (2017). Digital Identity Guidelines: Authentication and Lifecycle Management (SP 800-63B).
  4. Ur, B., et al. (2016). Design and evaluation of a data-driven password meter. CHI.
  5. Pearman, S., et al. (2017). Let's go in for a closer look: Observing passwords in their natural habitat. CCS.
  6. Garfinkel, S. (2005). Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable. PhD Thesis.
  7. M'Raihi, D., et al. (2011). TOTP: Time-Based One-Time Password Algorithm (RFC 6238).
  8. Neuroscience of Memory Review. (2022). Annual Review of Psychology.
  9. Pappas, C., et al. (2022). On the Stability of Behavioral Biometrics. IEEE Transactions on Biometrics, Behavior, and Identity Science.