Zaɓi Harshe

Kalmomin Sirri Mai Tsayi: Yuwuwa da Iyakoki - Bincike da Tsari

Cikakken bincike kan amfani da tsaro na kalmomin sirri masu tsayi, tare da bincika manufofi, halayen mai amfani, da yanayin tabbatar da asali na gaba.
computationalcoin.com | PDF Size: 0.1 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Kalmomin Sirri Mai Tsayi: Yuwuwa da Iyakoki - Bincike da Tsari
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Kalmomin Sirri Mai Tsayi: Yuwuwa da Iyakoki - Bincike da Tsari

Teburin Abubuwan Ciki

1. Gabatarwa & Bayyani

Wannan binciken ya bincika takardar bincike "Kalmomin Sirri Mai Tsayi: Yuwuwa da Iyakoki" na Bonk da sauransu, wanda ke bincika yuwuwar kalmomin sirri masu tsayi a matsayin madadin tsaro da amfani fiye da kalmomin sirri na gargajiya. Binciken ya magance matsalar mahimmanci a cikin tsarin tabbatar da asali: ciniki tsakanin ƙarfin tsaro da iyawar tunawa da mai amfani. Yayin da kalmomin sirri a ka'ida ke ba da sararin bincike mafi girma ($\mathcal{O}(W^L)$ inda $W$ girman jerin kalmomi kuma $L$ tsayin jumla), halayen mai amfani sau da yawa suna lalata wannan yuwuwar ta hanyar zaɓar jumloli masu iyaka, gajere.

Marubutan sun gudanar da binciken mai amfani na tsawon kwanaki 39 don kimanta sabon tsarin manufofi da jagororin ƙirƙirar kalmar sirri da aka tsara don magance waɗannan halaye. Ayyukansu sun ba da gudummawa ga fannin tsaro mai amfani ta hanyar samar da bayanan gwaji kan yadda masu amfani ke hulɗa da buƙatun kalmar sirri mai tsayi da kuma gano kura-kuran ƙirƙira na gama-gari.

Tsawon Bincike

39 Kwanaki

Binciken mai amfani na dogon lokaci

Babban Binciken

1%

Adadin zato don kalmomin sirri na haruffa 16 (Komanduri da sauransu)

Babbar Matsala

Tsarin Da Ake Iya Hasashewa

Masu amfani suna zaɓar jumloli gajere, masu iyaka

2. Ayyukan Da Suka Gabata & Bayanan Baya

Binciken ya ginu bisa aikin ginshiƙi na tsaron kalmar sirri da hulɗar mutum da kwamfuta. Manyan nassoshi sun haɗa da:

  • Komanduri da sauransu (2011): Sun nuna cewa buƙatun kalmar sirri mai tsayi (haruffa 16) na iya samar da tsaro mai yawa, tare da kashi 1% kawai na irin waɗannan kalmomin sirri ana iya zato a cikin bincikensu.
  • Ciniki Tsakanin Amfani da Tsaro: Yawancin wallafe-wallafen sun nuna cewa manufofin kalmar sirri masu rikitarwa sau da yawa suna haifar da halayen mai amfani mara kyau kamar sake amfani da rikodin.
  • Binciken Kalmar Sirri: Binciken da ya gabata ya lura cewa yayin da ya kamata kalmomin sirri su kasance masu sauƙin tunawa, masu amfani sau da yawa suna zaɓar jumloli masu kama da harshe na halitta, suna rage entropy.

Takardar ta tsara kanta ta hanyar mai da hankali musamman akan kalmomin sirri masu tsayi da kuma tsara hanyoyin shiga tsakani (manufofi/jagorori) don jagorantar ƙirƙirar mai amfani zuwa ga tsaro da amfani.

3. Hanyoyin Bincike & Tsarin Nazari

Jigon binciken shine binciken mai amfani na kwanaki 39. An nemi mahalarta su ƙirƙiri kalmomin sirri a ƙarƙashin takamaiman tsarin manufofi da jagororin da aka tsara. Binciken mai yiwuwa ya ƙunshi zaman gwaji da yawa don gwada iyawar tunawa a tsawon lokaci (ko da yake ba a ƙayyade ainihin n a cikin abin da aka fitar ba). Hanyar tana nufin ɗaukar ma'auni na amfani na ainihi (lokacin ƙirƙira, ƙimar nasarar tunawa) yayin kuma ba da damar yin binciken tsaro na kalmomin sirri da aka samar.

4. Sakamako & Bincike

Marubutan sun ruwaito cewa manufofinsu da aka tsara sun haifar da "amfani mai ma'ana da tsaro mai ban sha'awa ga wasu amfani." Wannan yana nuna nasara mai ma'ana: manufofin sun inganta sakamako amma ba su warware matsalar amfani da tsaro gaba ɗaya ba.

4.1. Ma'aunin Amfani

Yayin da ba a cika ƙididdiga a cikin abin da aka fitar ba, kalmar "amfani mai ma'ana" tana nufin ma'auni kamar ƙimar nasarar tunawa da gamsuwar mai amfani sun kasance masu karɓuwa, ko da yake ba cikakke ba. Tsawon kwanaki 39 yana da mahimmanci don tantance ainihin iyawar tunawa fiye da tunawa na ɗan gajeren lokaci.

4.2. Binciken Tsaro

Binciken tsaro na kalmomin sirri da aka ƙirƙira ya nuna cewa kalmomin sirri na 'yanci da mai amfani ya zaɓa har yanzu suna fama da kura-kuran gama-gari. Ko da tare da jagorori, masu amfani suna karkata zuwa ga tsarin da ke rage entropy. Takardar ta tabbatar da cewa shiga tsakani na manufa yana da mahimmanci amma bai isa ba; ilimin mai amfani da tsarin tsarin dole ne su yi aiki tare.

5. Tsarin Fasaha & Manufofi

Babban gudummawar takardar shine tsarin manufofi da jagororin ƙirƙirar kalmar sirri mai tsayi. Waɗannan an san su da ka'idojin ƙwaƙwalwar ajiyar mutum don taimakawa wajen tunawa.

5.1. Ka'idojin Tsara Manufofi

Manufofi mai yiwuwa sun haɗa da mafi ƙarancin tsayi (a cikin kalmomi, ba kawai haruffa ba), buƙatun rashin iya hasashe na ma'ana (hana jumloli ko ambato na gama-gari), da yuwuwar jagora kan ƙirƙirar labari ko hoto mai sauƙin tunawa. Manufar ita ce karkatar da masu amfani daga zaɓin ƙarancin entropy kamar "iloveyou123" ko "thequickbrownfox."

5.2. Tsarin Tsaro na Lissafi

Ana iya ƙirƙira tsaron ka'idar kalmar sirri ta hanyar entropy, wanda aka auna a cikin ragi. Don jerin kalmomi $L$ da aka zaɓa bazuwar daga jerin kalmomi $W$, entropy shine $E = L \cdot \log_2(W)$. Duk da haka, zaɓin mai amfani yana gabatar da son zuciya, yana rage ingantaccen entropy. Manufofin binciken suna nufin rage wannan son zuciya, suna kawo entropy da mai amfani ya zaɓa kusa da iyakar ka'idar. Misali, tare da jerin kalmomi 2000 da jumlar kalmomi 4, matsakaicin entropy shine $4 \cdot \log_2(2000) \approx 44$ ragi. Tsarin mai amfani na iya rage wannan sosai.

6. Cikakkun Fahimta & Ra'ayi na Manazarta

Cikakkiyar Fahimta: Babban alkawarin kalmomin sirri - sirrin sauƙin tunawa, mai wuyar fashe - ba ta fasaha ba ce ta karye, amma ta ilimin halin ɗan adam. Aikin Bonk da sauransu shine tunatarwa mai ƙarfi cewa a cikin tsaro mai amfani, mai amfani ba wakili ne mai ma'ana mai haɓaka entropy ba amma mai son ƙwaƙwalwa yana neman hanyar mafi ƙarancin juriya. Bincikensu na kwanaki 39 ya bayyana cewa "lanƙwanin mantuwa" yana da barazana kamar kowane harin ƙarfi.

Tsarin Hankali: Takardar ta gano jerin gazawar daidai: 1) Tsarin yana buƙatar sirri mafi ƙarfi, 2) Masu amfani suna komawa ga tsarin da ake iya hasashewa don tunawa, 3) Wannan iyaka ta rushe fa'idar sararin bincike na ka'idar. Shiga tsakani - manufofi masu tsari - suna ƙoƙarin karya wannan kwarara ta hanyar samar da ginshiƙi don ƙirƙira. Duk da haka, dagewar "kura-kuran gama-gari" ko da ƙarƙashin jagora yana nuna muna magance alamun, ba cutar ba. Ainihin matsala na iya zama cewa sirrin tushen rubutu wani yanayi ne na kuskure ga ƙwaƙwalwar ajiyar ɗan adam, ra'ayin da NIST ta goyi bayan ta hanyar haɓaka manajoji na kalmomin sirri da tabbatar da asali mai juriya ga satar bayanai.

Ƙarfi & Kurakurai: Ƙarfin binciken shine tsarinsa na dogon lokaci; yawancin binciken kalmar sirri na ɗaya ne, suna yin watsi da mahimmin abin tunawa a tsawon lokaci. Manufofin da aka ƙera suna wakiltar aikace-aikace masu hankali na binciken ƙwaƙwalwar ajiya. Babban aibi, wanda aka nuna ta hanyar sakamako masu ma'ana, shine iyakar hanyoyin manufa kawai. Kamar yadda Cibiyar Ƙididdiga da Fasaha ta Ƙasa (NIST) Jagororin Asalin Dijital (SP 800-63B) ke jaddawa yanzu, buƙatun rikitarwa sun fita, kuma barin manna da ƙarfafa manajoji na kalmomin sirri suna ciki. Wannan binciken, yayin da yake da daraja, yana yaƙin yaƙin ƙarshe. Gaba ba ya cikin yin kalmomin sirri mafi kyau, amma a cikin sauran kalmomin sirri marasa amfani ga yawancin amfani.

Fahimta Mai Aiki: Ga masu gine-ginen tsaro, abin da za a ɗauka biyu ne: 1) Idan dole ne ka yi amfani da kalmomin sirri, aiwatar da manufofi kamar waɗanda ke cikin wannan takarda - mafi ƙarancin ƙididdigar kalmomi, jerin jumlolin gama-gari, da jagora a cikin ƙirƙira. Amma mafi mahimmanci, 2) Zuba jari a cikin duniyar bayan kalmar sirri. Ba da fifiko ga turawa na WebAuthn/FIDO2 don juriya ga satar bayanai, da haɗa manajoji na kalmomin sirri cikin sauƙi. Farashin horar da masu amfani don ƙirƙirar kalmomin sirri "masu kyau" na iya wuce fa'ida. An fi kyau a yi amfani da makamashi don kawar da buƙatar su gaba ɗaya, sai dai watakila a matsayin babban sirri ga manajan kalmar sirri - lamarin guda ɗaya inda ainihin kalmar sirri mai tsayi, da aka tuna, wanda aka ƙirƙira ƙarƙashin jagorori masu tsauri, har yanzu yana da rawar.

7. Nazarin Lamari: Kura-kuran Ƙirƙirar Kalmar Sirri

Yanayi: Ana buƙatar mai amfani ya ƙirƙiri kalmar sirri tare da mafi ƙarancin kalmomi 4.

Misalin Kura (Ba tare da Manufa ba): Mai amfani ya zaɓi: "kare na yana da kyau". Wannan gajere ne, daidai a nahawu, kuma yana amfani da kalmomi na gama-gari. Mai kai hari ta amfani da ƙamus na kalmomi da jumloli na gama-gari zai yi zato da sauri.

Ingantaccen Misali (Tare da Manufa/Jagora): Manufar ta tilasta mafi ƙarancin kalmomi 5 kuma tana ba da shawarar guje wa jumlolin nahawu. Mai amfani ya ƙirƙira: "shuɗi piano gudu faɗuwar rana quantum". Wannan jumlar ba ta da ma'anar nahawu, ta haɗa da kalmar da ba ta da yawa ("quantum"), kuma tana da tsayi. Yana amfani da tasirin "bambanci" a cikin ƙwaƙwalwar ajiya (haɗin kai mai ban mamaki ko sabon abu yana da sauƙin tunawa) yayin da yake ƙara entropy sosai. Manufar ta jagoranci mai amfani daga ramin harshe na halitta.

Tsarin Bincike: Ana iya kimanta wannan ta amfani da ƙirar ƙima mai sauƙi. Sanya hukunci don: amfani da manyan kalmomi 100 na gama-gari (-2 pts kowanne), samar da jumla ta nahawu (-5 pts), amfani da ambato ko waƙa da aka sani (-10 pts). Sanya kyaututtuka don: ƙididdigar kalmomi sama da mafi ƙarancin (+1 pt kowace kalma), haɗa kalma mai matsakaicin mitar (+3 pts), rashin haɗin ma'ana tsakanin kalmomi (+5 pts). Misalin farko ya yi maki ƙasa sosai, na biyu ya fi girma, yana nuna mafi kyawun bin manufa da yuwuwar tsaro mafi girma.

8. Aikace-aikace na Gaba & Jagorori

Binciken ya nuna zuwa ga jagorori da yawa na gaba:

  1. Manufofi Masu Dacewa & Masu Fahimtar Mahalli: Maimakon ƙa'idodi masu tsayi, tsarin zai iya bincika kalmar sirri a ainihin lokaci, yana ba da ra'ayi akan ƙimar ƙarfinta da iyawar tunawa bisa tsarin harshe da ƙididdigar mai amfani.
  2. Haɗawa da Manajoji na Kalmomin Sirri: Mafi kyawun kalmar sirri mai tsayi na iya zama "babban" sirri guda ɗaya ga manajan kalmar sirri. Bincike na gaba zai iya mai da hankali kan inganta manufofi musamman don wannan babban daraja, amfani guda ɗaya.
  3. Tsarin Tabbatar da Asali na Garke: Kalmomin sirri masu tsayi na iya zama ɗayan abubuwan da ke cikin tsarin abubuwa da yawa, watakila haɗe da ƙididdigar halitta ko alamar kayan aiki. Ana buƙatar bincike kan hulɗar mai amfani da irin waɗannan tsarin garke.
  4. Samarwa Tare da Taimakon AI: Yin amfani da AI mai samarwa don taimaka wa masu amfani su ƙirƙiri kalmomin sirri masu sauƙin tunawa amma masu babban entropy ta hanyar ba da shawarwarin haɗin kalmomi marasa gama-gari ko ƙananan labarai, sannan gwada tunawar mai amfani da su.
  5. Matsawa Bayan Rubutu: Babban jagora, kamar yadda yanayin masana'antu ya nuna, shine rage dogaro da kowane sirrin da aka tuna. Abubuwan da aka gano a cikin wannan takarda za su fi amfani a cikin tsarin gado ko takamaiman mahallin tsaro inda kalmomin sirri suka kasance masu mahimmanci, suna jagorantar aiwatar da su don zama mai ƙarfi kamar yadda zai yiwu a lokacin canji.

9. Nassoshi

  1. Bonk, C., Parish, Z., Thorpe, J., & Salehi-Abari, A. (Shekara). Kalmomin Sirri Mai Tsayi: Yuwuwa da Iyakoki. [Sunan Taro ko Jarida].
  2. Komanduri, S., da sauransu. (2011). Game da Kalmomin Sirri da Mutane: Auna Tasirin Manufofin Ƙirƙirar Kalmar Sirri. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '11).
  3. Cibiyar Ƙididdiga da Fasaha ta Ƙasa (NIST). (2017). Jagororin Asalin Dijital: Tabbatar da Asali da Gudanar da Rayuwa (SP 800-63B).
  4. Bonneau, J., da sauransu. (2012). Neman Maye Gurbin Kalmomin Sirri: Tsarin Don Kimanta Tsarin Tabbatar da Asali na Yanar Gizo. IEEE Symposium on Security and Privacy.
  5. Florencio, D., & Herley, C. (2007). Babban Nazarin Halayen Kalmar Sirri na Yanar Gizo. Proceedings of the 16th International Conference on World Wide Web (WWW '07).
  6. Forget, A., da sauransu. (2016). Lallashin Masu Amfani da Nauyin Hankali da Tsara Don Ƙirƙirar Kalmomin Sirri Mafi Kyau. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '16).