1. Gabatarwa & Bayyani
Kalmomin sirri har yanzu su ne babbar hanyar tabbatar da kai, amma gudanar da su yana gabatar da ƙalubalen tsaro mai mahimmanci. Masu gudanar da kalmomin sirri na gargajiya suna haifar da wuraren gazawa na tsakiya, kamar yadda hare-haren kamar LastPass suka nuna. An gabatar da Masu Ƙirƙirar Kalmar Sirri na Ƙayyadaddun Maɓalli (DPGs) sama da shekaru ashirin a matsayin madadin, suna samar da kalmomin sirri na musamman a kowane rukunin yanar gizo daga babban sirri da sunan yanki, suna kawar da ajiya. Duk da haka, DPGs da ake da su suna fama da manyan kurakurai na tsaro, sirri, da amfani waɗanda suka hana yaduwa.
Wannan takarda ta gabatar da Mai Ƙirƙirar Kalmar Sirri na Ƙayyadaddun Maɓalli Mai Maɓalli Da Yawa (MFDPG), sabon ƙira wanda ke magance waɗannan gazawar. MFDPG tana amfani da haɗakar maɓalli mai maɓalli da yawa don ƙarfafa babban sirri, tana amfani da tace Cuckoo don soke kalmar sirri mai tsaro, kuma tana amfani da algorithm na ƙetare Deterministic Finite Automaton (DFA) don bin ƙa'idodin kalmar sirri masu rikitarwa—duk ba tare da ajiye kowane sirri a ɓangaren abokin ciniki ko uwar garken ba.
Gudummawar Asali
- Binciken DPGs 45 da ake da su don gano shingayen amfani.
- Ƙirar MFDPG ba tare da ajiyar sirri ba.
- Hanyar haɓaka a ɓangaren abokin ciniki don rukunin yanar gizo masu rauni kawai zuwa MFA mai ƙarfi.
- Tabbatar da dacewa tare da manyan aikace-aikacen yanar gizo 100.
2. Binciken DPGs Da Ake Da Su
Binciken tsare-tsaren DPG 45 (misali, PwdHash) ya bayyana kurakurai masu mahimmanci akai-akai.
2.1 Kurakurai na Tsaro & Sirri
- Bayyanar Babban Kalmar Sirri: Lalata kalmar sirri ɗaya da aka ƙirƙira na iya sauƙaƙe hare-hare kai tsaye akan babban kalmar sirri.
- Rashin Sirri na Gaba/Soke: Rashin iya jujjuya kalmomin sirri don takamaiman sabis ba tare da canza babban kalmar sirri don duk sabis ba.
- Zubar da Tsarin Amfani: Tsare-tsare masu sauƙi na iya bayyana waɗannan sabis ɗin da mai amfani yake da asusu tare da su.
2.2 Iyakokin Amfani
- Rashin Dacewa da Manufa: Ba za a iya samar da kalmomin sirri waɗanda suka cika takamaiman buƙatun gidan yanar gizo (tsawon lokaci, saitin haruffa) ba.
- Babu Haɗakar Maɓalli Da Yawa: Tushen kalmar sirri kawai, rashin juriya idan an lalata babban kalmar sirri.
3. Ƙirar MFDPG
Gine-ginen MFDPG an gina shi akan sabbin abubuwa guda uku na asali.
3.1 Haɗakar Maɓalli Mai Maɓalli Da Yawa
MFDPG tana amfani da aikin haɗakar maɓalli mai maɓalli da yawa (MFKDF) don haɗa sirri da yawa: kalmar sirri da aka ƙwaƙwalta ($P$), alamar kayan aiki ($T$), da maɓalli na ilimin halittu ($B$). Maɓallin da aka samo $K$ shine:
$K = \text{MFKDF}(P, T, B, \text{gishiri})$
Wannan yana tabbatar da cewa lalacewar kowane maɓalli ɗaya (misali, kalmar sirri da aka yi wa phishing) ba ya bayyana babban maɓalli, yana haɓaka rukunin yanar gizo na kalmar sirri kawai don tallafawa MFA mai ƙarfi a ɓangaren abokin ciniki.
3.2 Tace Cuckoo don Soke
Don warware jujjuyawar kalmar sirri don rukunin yanar gizo da aka lalata ba tare da canje-canje na duniya ba, MFDPG tana amfani da tace Cuckoo—tsarin bayanai mai yuwuwa. Tace yana adana alamun rukunin yanar gizo da aka soke (misali, yankin da aka yi wa hash + ƙididdiga). Yayin ƙirƙirar kalmar sirri, tsarin yana duba tace. Idan an jera rukunin yanar gizo, yana ƙara ƙididdiga na ciki, yana samar da sabon kalmar sirri: $Kalmar Sirri = \text{KDF}(K, \text{yanki} || \text{ƙididdiga})$. Wannan yana ba da damar soke kowane rukunin yanar gizo ba tare da ajiye jerin asusun mai amfani na rubutu bayyananne ba.
3.3 Ƙirƙirar Kalmar Sirri Ta Tushen DFA
Don bin ƙa'idodin kalmar sirri na maganganun yau da kullun na yau da kullun (misali, ^(?=.*[A-Z])(?=.*\d).{12,}$), MFDPG tana ƙirƙira manufar a matsayin Deterministic Finite Automaton (DFA). Mai ƙirƙira yana ƙetare DFA, yana amfani da zaɓin bazuwar mai tsaro na sirri a kowane canjin yanayi don samar da kalmar sirri wacce ke bin manufa kuma ta ƙayyade bisa ga maɓallin shigarwa da yanki.
4. Ƙima & Sakamako
An kimanta samfurin MFDPG don dacewa da manyan gidajen yanar gizo 100 (bisa ga matsayi na Alexa).
Sakamakon Dacewa
- Yawan Nasara: Kashi 100% na rukunin yanar gizo da aka gwada sun karɓi kalmomin sirri da algorithm ɗin MFDPG ya ƙirƙira.
- Gudanar da Manufa: Mai ƙirƙira na tushen DFA ya yi nasara ya gamsar da duk ƙa'idodin kalmar sirri da aka ci karo da su, gami da ƙa'idodi masu rikitarwa don haruffa na musamman, tsawon lokaci, da jerin abubuwan da aka haramta.
- Aiki: Lokacin ƙirƙirar kalmar sirri ya kasance ƙasa da daƙiƙa, ya dace don hulɗar mai amfani na ainihi.
Bayanin Chati: Chati na sandar zai nuna rarraba nau'ikan manufofin kalmar sirri da aka ci karo da su (misali, "Tsawon Tsawon Kawai," "Yana Bukatar Babba & Lamba," "Regex Mai Rikitarwa") da sandar nasara 100% don bin MFDPG a cikin duk nau'ikan, yana bambanta da ƙananan sandar don tushen DPG mai sauƙi.
5. Zurfin Fasaha
Haɗakar Maɓalli: Tsaron asali ya dogara da saitin MFKDF mai ƙarfi, kamar wanda ya dogara da OPAQUE ko wasu ƙa'idodin PAKE marasa daidaituwa, don hana hare-haren kashe layi ko da an ɓoye kalmar sirri ta musamman ta rukunin yanar gizo.
Algorithm na Ƙetare DFA (Ra'ayi):
- Ƙirƙiri manufar kalmar sirri ta gidan yanar gizo a matsayin DFA $A$.
- Kiɗa CSPRNG tare da $\text{HMAC}(K, \text{yanki})$.
- Farawa daga yanayin farko, yi amfani da CSPRNG don zaɓar canjin da ya dace (yana fitar da harafi) zuwa yanayi na gaba.
- Maimaita har sai an kai ga yanayin karɓa, yana tabbatar da cewa jerin ƙarshe kalma ce mai inganci a cikin harshen $A$.
6. Ra'ayin Mai Bincike: Fahimtar Asali, Kwararar Hankali, Ƙarfi & Kurakurai, Fahimta Mai Aiki
Fahimtar Asali: MFDPG ba kawai wani mai gudanar da kalmar sirri ba ne; yana da dabara don kewaye saurin jinkirin juyin halitta na tabbatar da kai na yanar gizo. Hazakar takardar ta ta'allaka ne a sake tsara matsalar: maimakon jira rukunin yanar gizo su karɓi FIDO2 ko maɓallin wucewa, MFDPG tana ba mai amfani ikon tilasta tsaro mai maɓalli da yawa a ɓangaren abokin ciniki ga kowane tsohon sabis na tushen kalmar sirri. Wannan yana mai da mafi rauni—kalmar sirri mai sake amfani—zuwa alamar amfani ɗaya da aka samo wacce ke kariya ta hanyar kayan aiki da maɓalli na ilimin halittu. Yana da fahimtar cewa kalmar sirri ba za ta mutu nan da nan ba, don haka dole ne mu sanya ta da sirri.
Kwararar Hankali: Hujja tana da ban sha'awa. 1) DPGs na yanzu sun lalace gaba ɗaya (bayyanar babban maɓalli, babu jujjuyawa). 2) Don haka, muna buƙatar tushe mai ƙarfi na sirri (MFKDF). 3) Amma ƙarfafawa bai isa ba; muna buƙatar amfani na ainihi (bin manufa, soke). 4) Maganganun da aka gabatar (tace Cuckoo, ƙetare DFA) suna kai hari kai tsaye ga waɗannan gibin amfani. 5) Sakamakon shine tsarin wanda ba kawai yake gyara DPGs ba har ma yana haɓaka duk yanayin tabbatar da kai daga ƙasa zuwa sama. Hankali yana da tsabta, kuma kowane zaɓin ƙira shine bugun kai tsaye ga kurakurai da aka rubuta.
Ƙarfi & Kurakurai: Ƙarfinsa shine kyakkyawan gine-gine, maras ajiya da ikon haɓakawa. Yana koyo daga gazawar magabata kamar PwdHash. Duk da haka, kurakurai suna cikin tsarin turawa. Kurakurai Mai Mahimmanci: Maido da mai amfani mafarki ne mai ban tsoro. Ka rasa alamar kayan aikin ku? An kulle ku daga komai nan take—babban wurin gazawa mai ban tsoro wanda ke sa haɗarin ajiyar girgije ya zama mai sauƙi. Takardar ta yi watsi da wannan. Bugu da ƙari, tsaronta ya dogara sosai akan aiwatar da MFKDF, wanda shine ƙa'idodin sirri mai rikitarwa wanda ke da saurin kurakurai na aiwatarwa. Kamar yadda binciken USENIX Security 2023 na tsare-tsaren MFA ya nuna, tsarin MFA na ainihi sau da yawa suna da raunuka masu zurfi. Yaduwa mai yawa zai buƙaci ingantaccen tsarin dawowa, mai dacewa da mai amfani, wanda da alama ya saba wa falsafarsa ta "ba ajiye sirri".
Fahimta Mai Aiki: Ga ƙungiyoyin tsaro, ra'ayoyin asali na MFDPG suna da daraja nan take. Ƙirƙirar da ta dace da manufa ta tushen DFA za a iya gwada shi a ciki don kalmomin sirri na asusun sabis. Amfani da tace Cuckoo don soke dabara ce ta kiyaye sirri wacce za a iya amfani da ita bayan kalmomin sirri (misali, gudanar da jerin toshe alamar). Babban darasi shine raba ajiyar sirri daga samo sirri. Maimakon rumbunan ajiya, yi tunani game da ɗaure maɓalli da yawa cikin maɓalli ɗaya na ɗan lokaci. Kamfanoni yakamata su saka hannun jari a cikin R&D don tushen amincewa mai maɓalli da yawa da mai amfani ke riƙe, wanda MFDPG ta nuna amma bai warware ba. Gaba ba ya cikin mafi kyawun rumbunan ajiya ba; yana cikin sa rumbun ajiya ya zama maras amfani, kuma MFDPG tana nuna kai tsaye zuwa wannan hanyar.
7. Aikace-aikace na Gaba & Hanyoyi
- Haɗakar Ba Kalmar Sirri: Kalmomin sirri na musamman na rukunin yanar gizo na MFDPG na iya zama "abin da kuke da shi" a cikin kwararar kamar FIDO2, yana haɗa kalmar sirri da duniyar marasa kalmar sirri.
- Asalin Bayanin Kai Tsakanin Kai: Tsarin maras ajiya, mai da hankali kan mai amfani ya yi daidai da ka'idojin Web3 da rarraba asali (misali, GNAP na IETF). Babban maɓalli mai maɓalli da yawa zai iya samar da alamun rarraba (DIDs) da hujjoji.
- Gudanar da Sirrin Kasuwanci: An daidaita shi don asalin na'ura, samar da maɓallin API/sirri na musamman don sabis daban-daban daga tushen tsakiya, tare da jujjuyawar ta atomatik ta hanyar tace soke.
- Hanyar Bincike: Haɓaka hujjojin tsaro na yau da kullun don tsarin MFKDF+DFA+Filter haɗe. Bincika gine-ginen MFKDF bayan-quantum. Ƙirƙirar ƙa'idodin dawowa masu tsaro, masu ɗanɗano waɗanda ba sa lalata ƙirar sirri sifili.
8. Nassoshi
- Nair, V., & Song, D. (Shekara). MFDPG: Gudanar da Kalmar Sirri Mai Tabbatar da Maɓalli Da Yawa Ba tare da Ajiye Sirri Ba. Sunan Taro.
- Ross, B., Jackson, C., Miyake, N., Boneh, D., & Mitchell, J. C. (2005). Ƙarfafa Tabbatar da Kalmar Sirri Ta Amfani da Ƙari na Buɗaɗɗen Yanar Gizo. Taron Tsaro na USENIX. (PwdHash)
- Ghalwash, H., et al. (2023). SoK: Tabbatar da Maɓalli Da Yawa. Taron Tsaro na USENIX.
- Jarecki, S., Krawczyk, H., & Xu, J. (2018). OPAQUE: Ƙa'idar PAKE Maras Daidaituwa Mai Tsaro Daga Hare-haren Ƙididdiga Kafin. EUROCRYPT.
- Fan, B., Andersen, D. G., Kaminsky, M., & Mitzenmacher, M. (2014). Tace Cuckoo: Aiki Mafi Kyau Fiye da Bloom. CoNEXT.
- Ƙungiyar FIDO. (2023). FIDO2: Bayanan WebAuthn & CTAP. https://fidoalliance.org/fido2/