Zaɓi Harshe

Trenchcoat: Algorithms na Hash da Mutum Zai Iya Lissafta don Samar da Kalmar Sirri

Bincike kan ayyukan hash da mutum zai iya lissafta don samar da kalmar sirri, yin amfani da kimiyyar fahimi da sirri don ƙirƙirar kalmomin sirri masu aminci da sauƙin tunawa ba tare da kayan aiki na waje ba.
computationalcoin.com | PDF Size: 0.9 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Trenchcoat: Algorithms na Hash da Mutum Zai Iya Lissafta don Samar da Kalmar Sirri
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Trenchcoat: Algorithms na Hash da Mutum Zai Iya Lissafta don Samar da Kalmar Sirri

Teburin Abubuwan Ciki

1. Gabatarwa

Yanayin dijital na zamani yana buƙatar mutane su sarrafa adadi mai yawa na asusun kan layi, kowanne yana da kariya ta hanyar kalmar sirri. Nauyin fahimi na ƙirƙira da tunawa da kalmomin sirri masu ƙarfi na musamman yana haifar da ayyukan da ba su da tsaro kamar sake amfani da kalmar sirri da bambance-bambancen sauki. Wannan takarda ta gabatar da "Trenchcoat," tsarin algorithms na hash da mutum zai iya lissafta wanda aka ƙera don samar da kalmomin sirri masu aminci, na musamman ga kowane rukunin yanar gizo ta amfani da sirrin babban maɓalli ɗaya kawai mai sauƙin tunawa da lissafin hankali.

2. Matsalar Ayyukan Kalmar Sirri na Yanzu

Masu amfani suna tsakanin umarnin tsaro (dokokin rikitarwa, sauye-sauye akai-akai) da iyakokin fahimi. Wannan yana haifar da:

  • Sake Amfani da Kalmar Sirri: Fiye da kashi 50% na kalmomin sirri ana sake amfani da su a cikin asusun da yawa.
  • Ginin Rauni: Dogaro ga tsarin da ake iya hasasawa, kalmomin ƙamus, da bayanan sirri.
  • Dogaro da Kayan Aiki & Haɗari: Manajoji na kalmomin sirri, duk da cewa suna taimako, suna haifar da maki guda na gazawa kuma sun kasance ƙarƙashin munanan raunuka.
  • Gibi na Samun Damar Shiga: Yawancin mafita ba a tsara su don masu amfani masu bambancin jijiyoyi ko masu nakasa ba.

Mahimman Ƙididdiga

90-130: Matsakaicin asusun kan layi ga kowane mai amfani.

3 × 1011: Kiyasin kalmomin sirri da ake amfani da su.

>50%: Yawan sake amfani da kalmar sirri tsakanin mutane.

3. Tsarin Trenchcoat

Trenchcoat yana sake tunanin samar da kalmar sirri a matsayin tsarin sirri wanda mutum zai iya aiwatarwa.

3.1. Babban Manufa: Ayyukan Hash da Mutum Zai Iya Lissafta

Babban ra'ayi shine aiki $F_R(s, w) \rightarrow y$. Yana ɗaukar babban sirrin mai amfani (s) da alamar gidan yanar gizo/asu (w) don samar da kalmar sirri (y) ta musamman. Muhimmin ma'auni $R$ yana wakiltar tsarin fahimi na musamman na mai amfani.

3.2. Yin Amfani da Ƙwaƙwalwar Haɗin Kai da Na Sirri (R)

Tsarin yana amfani da halayen fahimi na musamman ga mutum ($R$), kamar ƙwaƙwalwar sarari ko hanyoyin sadarwar haɗin kai na sirri. Wannan ya sa aikin ya zama kamar "Aikin Jiki na Fahimi da Ba za a iya Kwafawa (C-PUF)". Maƙiyi ba zai iya lissafta ko tabbatar da $F_R$ cikin inganci ba tare da sanin sirrin $R$ na ciki na mai amfani ba, yana ba da matakin tsaro mai kama da na PUFs na kayan aikin da ake amfani da su wajen tantance na'ura [37].

4. Shawararrun Algorithms & Cikakkun Bayanai na Fasaha

4.1. Rukunin Algorithms

Takardar ta ba da shawarar nau'ikan algorithms da yawa dangane da ayyukan asali:

  • Mai Tushen Lissafi: Yin amfani da ƙari na zamani, sarrafa lambobi akan babban sirri da sunan gidan yanar gizo.
  • Mai Tushen Sarari/Kewayawa: Taswirar haruffa zuwa maki akan grid ko hanya ta hankali.
  • Mai Tushen Ƙamus/Bincike: Yin amfani da ƙamus na hankali na sirri ko haɗin labari.

Duk an tsara su don ƙarancin nauyin fahimi da samun damar shiga.

4.2. Tsarin Lissafi

Misali mai sauƙi mai tushen lissafi: Bari $s$ ya zama babban sirri na lambobi (misali, wanda aka samo daga ranar da za a iya tunawa). Bari $H(w)$ ya zama hash mai sauƙi (misali, jimlar lambobin haruffa mod 10) na sunan gidan yanar gizo. Za a iya samar da lambar kalmar sirri $y_i$ kamar haka:
$y_i = (s_i + H(w)_i + c_i) \mod 10$
inda $c_i$ ke ɗaukar abu daga aikin da ya gabata ko matakin musanya na musamman ga mai amfani wanda $R$ ya ayyana. Cikakken kalmar sirri shine haɗa $y_i$.

5. Binciken Tsaro & Kimanta Entropy

Binciken sirri na al'ada yana da wahala a yi amfani da shi kai tsaye. Takardar tana amfani da ma'auni na tushen entropy:

  • Ingantaccen Sararin Maɓalli: Kimanta sararin bincike ga maharin da ke hasashen $s$ da $R$.
  • Juriya ga Hare-haren da aka Sani: Bincike akan hare-haren ƙamus, satar bayanai (kalmar sirri da aka samar ta keɓance ga rukunin yanar gizo), da hare-haren lura (leƙen kafada).
  • Keɓancewar R: Tsaron ya dogara sosai akan rashin hasashe da keɓancewar ma'aunin fahimi $R$.

Ƙarshe shi ne, duk da cewa ƙarfin bit na gaskiya na iya zama ƙasa da na hash na algorithm, haɗaɗɗun ɓangaren ɗan adam ($R$) da buƙatar maharin yin samfurinsa yana haifar da babban shinge na aiki.

6. Sakamakon Gwaji & Binciken Masu Amfani

Binciken ya haɗa da binciken mutane 134, kowanne yana gwada tsare-tsare guda biyu da aka ba da shawara, da nazarin manufofin kalmar sirri akan gidajen yanar gizo 400.

Mahimman Binciken:

  • Amfani: Mahalarta za su iya samar da kalmomin sirri cikin aminci bayan ɗan gajeren lokacin horo. Hanyoyin sarari da na tushen labari sun nuna yawan adadin tunawa.
  • Karɓuwa: Masu amfani sun fi son hanyoyin da suka ji "na sirri" ko "kamar labari" fiye da na lissafi kawai.
  • Nazarin Manufa: Bukatun kalmar sirri na gidan yanar gizo ba su da daidaituwa sosai, suna dagula ƙirar aikin samarwa na duniya.

Hankalin Ginshiƙi (Ra'ayi): Taswirar ginshiƙi na hasashe zai nuna "Daidaitaccen Tunawa da Kalmar Sirri" akan Y-axis da "Nau'in Algorithm" akan X-axis. Algorithms na "Sarari/Labari" za su yi nuni da babban mashigin daidaito (~90%) idan aka kwatanta da algorithms na "Lissafi Zalla" (~70%), suna nuna fa'idar yin amfani da ƙarfin fahimi na ɗan adam.

7. Tsarin Bincike & Misalin Lamari

Tsarin Kimanta Tsarin Hash da Mutum Zai Iya Lissafta:

  1. Ma'anar Shigarwa: Bayyana tsarin $s$ (misali, lamba mai lamba 6, jumla) da $w$ (misali, cikakken sunan yanki, alamar da mai amfani ya zaɓa) a sarari.
  2. Taswirar Aiki: Ayyana jerin ayyukan hankali (misali, "ɗauki harafi na 3 da na 5 na w, canza su zuwa lambobi, ƙara su zuwa lamba ta 2 na s...").
  3. Haɗaɗɗun R: Ƙayyade yadda ake haɗa $R$ (misali, "yi amfani da lambar yanki na lambar wayar ku na ƙuruciya don shuka tsarin motsi na harafi").
  4. Tsarin Fitowa: Bayyana yadda ake cika ka'idojin kalmar sirri na gama gari (misali, "idan lambar fitowa ta uku tana da madaidaiciya, manyanta harafin farko na sunan gidan yanar gizo kuma haɗa shi").

Misalin Lamari (Babu Lamba): Alice ta zaɓi babban sirrinta $s$ a matsayin lambobi "1984". $R$ dinta ya haɗa da tunanin haruffa a cikin jeri na baya koyaushe (Z=1, Y=2...). Don gidan yanar gizo "bank.com", ta ɗauki harafin farko da na ƙarshe (B, K), ta taswira su ta hanyar haruffanta na baya (B->25, K->16), ta ƙara su zuwa lambobin sirrinta (25+1=26, 16+9=25), ta yi amfani da mod 26, sannan ta mayar da su zuwa haruffa (26->A, 25->B). Sannan ta yi amfani da ka'idar sirri ($R$) don shigar da alama bayan wasali. Kalmar sirrinta ta ƙarshe don bank.com na iya zama "A!B".

8. Ayyukan Gaba & Hanyoyin Bincike

  • Tsarin Haɗaɗɗu: Haɗa ainihin abin da mutum ya lissafta tare da mafi ƙarancin na'ura mai tsaro (misali, zobe mai wayo) don mataki na ƙarshe na canji, ƙara entropy.
  • Daidaituwa & Samun Damar Shiga: Haɓaka jerin algorithms masu izini don nau'ikan fahimi da iyawa daban-daban, mai yuwuwa a haɗa su cikin tsarin shiga tsarin aiki.
  • Ci gaba da Tantancewa: Yin amfani da bambance-bambancen sirri na ainihin aikin don samar da lambobi ɗaya ko iri na halayen halayen ɗan adam.
  • La'akari da Bayan Quantum: Bincika ko za a iya ƙirƙira ayyukan da mutum zai iya lissafta dangane da matsalolin lattice ko wasu matsalolin PQ masu wuya, kamar yadda bincike kan "hujjojin aikin ɗan adam" ya nuna.

9. Nassoshi

  1. [3] Binciken Tsaro na Shahararrun Manajoji na Kalmar Sirri. USENIX Security.
  2. [4] B. Ross, et al. "Ƙarfafa Tantance Kalmar Sirri ta Amfani da Ƙari na Mai Bincike." USENIX Security 2005.
  3. [10] Rahoton Binciken Kutsawa Bayanai na Verizon. 2023.
  4. [15] "Raunuka na Sifili a cikin Manajoji na Kalmar Sirri." Hukumar Tsaro ta Cyber & Tsarin Kayayyaki (CISA).
  5. [16] Google / Harris Poll. "Binciken Tsaro akan Layi." 2022.
  6. [17] Trends na Asalin Dijital. Dashlane. 2023.
  7. [30] "Kalmomin Sirri na Gama Gari a Duniya." NordPass. 2023.
  8. [34] S. Gaw da E. W. Felten. "Dabarun Gudanar da Kalmar Sirri don Asusun Kan Layi." SOUPS 2006.
  9. [37] B. Gassend, et al. "Ayyukan Bazuwar Jiki na Silicon." CCS 2002. (Takarda ta farko ta PUF)
  10. [43] FTC. "Littafin Bayanan Tsaro na Masu Amfani." 2022.
  11. NIST Special Publication 800-63B: Jagororin Asalin Dijital.
  12. Isola, P., et al. "Fassara Hoto zuwa Hoto tare da Cibiyoyin Adawa na Sharadi." CVPR 2017. (Don kwatanta akan koyon taswirori masu rikitarwa).

10. Binciken Kwararru & Nazari Mai Ma'ana

Babban Hankali

Trenchcoat ba wani tsari ne kawai na kalmar sirri ba; juyawa ce mai tsauri daga tsarin tsaro na sirri na tushen ajiya zuwa na tushen lissafi. Babban fahimtarsa shine cewa kwakwalwar ɗan adam, tare da tsarinta na musamman, wanda ba za a iya kwafawa ba ($R$), na iya zama "jakar kuɗin hardware" mafi tsaro don samun sirri—idan muka ƙera software ɗin da ya dace. Wannan yana ƙalubalantar akidar masana'antu da ke cewa masu amfani sune mafi rauni kuma dole ne a kawar da su daga tsarin tsaro ta hanyar manajoji na kalmar sirri. A maimakon haka, yana jayayya don ba da ƙarfi ga mai amfani a matsayin mai taimakawa na sirri.

Kwararar Hankali

Hankalin takardar yana da gamsarwa amma yana bayyana tashin hankalinsa. Ya fara daga gazawar da ba za a iya musantawa ba na ayyukan yanzu (sake amfani, raunin kalmomin sirri). Ya gano nauyin fahimi a matsayin tushen dalili daidai. Maganinsa—ayyukan da mutum zai iya lissafta—yana da kyau a ka'idar: rage nauyin tunawa zuwa sirri ɗaya, sauke keɓancewa zuwa lissafi. Duk da haka, kwararar tana tuntuɓe lokacin da ta fuskanci kimantawa na maƙiya. Marubutan sun yarda binciken sirri na al'ada ya gaza, suna ja da baya zuwa ƙididdiga na entropy. Wannan ba ƙaramin aibi ba ne; shine babban ƙalubale. Tsaron gabaɗayan tsarin ya dogara ne akan rashin iya yin samfurin $R$ na mutum, da'awar da ta fi tushe a kimiyyar fahimi fiye da sirri da za a iya tabbatarwa. Yana tunawa da hujjojin farko na ilimin halittu—keɓancewa ba ya daidaita da ƙarfi, tsaro mai bincike a ƙarƙashin hari.

Ƙarfi & Aibobi

Ƙarfi: Mayar da hankali kan samun damar shiga da bambancin jijiyoyi babbar gudummawa ce, wacce galibi ake yin watsi da ita. Ta hanyar ƙira don ayyukan asali, yana yuwuwa ya haɗa da masu amfani da ba a haɗa su da manyan rubutu ko madaidaitan hanyoyin sadarwa ba. Ra'ayin PUF na Fahimi (C-PUF) yana da haihuwa ta hankali, yana ba da sabon ruwan tabarau don tantance ɗan adam. Binciken mai amfani, duk da cewa girma matsakaici ne, yana ba da tabbacin gaske na duniya da ya ɓace daga yawancin shawarwari na ka'idar zalla.

Aibobi: "Akwatin baƙi" na R takobi ne mai kaifi biyu. Idan $R$ yana da sauƙi ko ana iya hasashensa (misali, "Koyaushe ina amfani da ranar haihuwata"), tsaro ya rushe. Idan ya yi rikitarwa sosai, tunawa ya gaza. Babu jagora ga masu amfani don zaɓar "ƙarfi" $R$. Rashin dacewa da manufa shine mai kashe aiki. Idan gidan yanar gizo ya buƙaci kalmar sirri mai haruffa 16 tare da alamomi biyu, shin algorithm ɗin hankali na mai amfani zai iya daidaitawa cikin aminci? Takardar ta yi watsi da wannan. A ƙarshe, juriya ga kuskure ba ta wanzu. Kuskure a mataki ɗaya na hankali mai yiwuwa yana haifar da kalmar sirri mara daidaituwa, ba kamar na manajan kwafi da manna ba.

Hankali Mai Aiki

Ga Masu Zane na Tsaro: Kada ku yi watsi da wannan a matsayin ilimi. Gwada hanyar da aka yi wahayi daga Trenchcoat don asusun gwaji na ciki inda aka haramta manajoji na kalmar sirri. Yi amfani da shi don gwada ra'ayin ƙarfin "sirrin fahimi". Ga Masu Bincike na UX: Algorithms a nan ma'adanin zinari ne don nazarin yadda nau'ikan fahimi daban-daban suke tunkarar warware matsala. Haɗin kai don gina rarrabuwar nau'ikan $R$. Ga Ƙungiyoyin Ma'auni (NIST, FIDO): Ku kalli wannan sarari. Juzu'i na gaba na jagororin tantancewa dole ne ya yi la'akari da samfuran haɗaɗɗu. Ƙaddamar da ƙungiyar aiki akan "Abubuwan Sirri na Taimakon ɗan Adam" don kafa tsarin kimantawa, matsawa sama da entropy zuwa samfuran barazana masu ƙarfi waɗanda suka haɗa da injiniyanci na zamantakewa da ɓarkewar ɓangaren $R$. Abin da za a iya cim ma na ƙarshe: Trenchcoat bazai zama amsar ƙarshe ba, amma yana sake tsara tambayar cikin hazaka. Makomar tantance sirri na mutum ba ta cire ɗan adam ba ce, amma a sake ƙirar hanyar sadarwa tsakanin sirri da fahimi.