Nazarin Abubuwan Tsaron Kalmar Sirri a Shafukan Gwamnatin Bangladesh

1. Gabatarwa

Tare da saurin dijital na ayyukan jama'a a karkashin shirin 'Digital Bangladesh', Gwamnatin Bangladesh ta ƙaddamar da shafukan yanar gizo da yawa don samar da ayyukan kan layi. Duk da haka, tsaron waɗannan dandamali, musamman hanyoyin kalmar sirri, ya kasance babban abin damuwa. Wannan binciken yana nazarin shafukan gwamnatin Bangladesh 36 bisa ga matakan tsaron kalmar sirri guda shida don tantance shirye-shiryensu game da barazanar yanar gizo.

2. Teburin Abubuwan Ciki

• 1. Gabatarwa
• 3. Tarihi da Ayyukan da suka Gabata
• 4. Hanyoyin Bincike
• 5. Sakamako da Bincike
  • 5.1 Jagororin Gina Kalmar Sirri
  • 5.2 Hanyar Maido da Kalmar Sirri
  • 5.3 Amfani da CAPTCHA
  • 5.4 Tambayoyin Tsaro
  • 5.5 Amfani da HTTPS
  • 5.6 Ma'aunin Ƙarfin Kalmar Sirri
• 6. Bayanin Ƙididdiga
• 7. Mahimman Bayanai
• 8. Cikakkun Bayanai na Fasaha da Tsarin Lissafi
• 9. Sakamakon Gwaji da Bayanin Hoton
• 10. Misalin Tsarin Bincike
• 11. Bincike na Asali
• 12. Aikace-aikace da Hanyoyi na gaba
• 13. Manazarta
• 14. Sharhin Masana

3. Tarihi da Ayyukan da suka Gabata

Kalmar sirri ta kasance hanya mafi amfani da ita don tantancewa duk da rashin tsaro da aka sani. Binciken da ya gabata ya nuna cewa rashin ƙa'idodin kalmar sirri da rashin ɓoye bayanan HTTPS sune matsalolin gama gari a shafukan gwamnati a duniya. Wannan bincike shine na farko irinsa wanda ya mayar da hankali musamman kan shafukan gwamnatin Bangladesh.

4. Hanyoyin Bincike

Mun zaɓi shafukan gwamnatin Bangladesh 36 waɗanda ke ba da sabis na rajista da shiga. An tantance kowane shafi bisa ga matakai shida: jagororin gina kalmar sirri, hanyar maido da kalmar sirri, amfani da CAPTCHA, tambayoyin tsaro, amfani da HTTPS, da ma'aunin ƙarfin kalmar sirri. An tattara bayanai da hannu kuma an sake tabbatar da su.

5. Sakamako da Bincike

5.1 Jagororin Gina Kalmar Sirri

Shafuka 12 ne kawai daga cikin 36 (33.3%) suka ba da jagororin gina kalmar sirri a sarari. Sauran shafuka 24 (66.7%) ba su bayar da wata jagora ba, wanda ya haifar da zaɓin kalmar sirri mara ƙarfi.

5.2 Hanyar Maido da Kalmar Sirri

Shafuka 28 (77.8%) sun ba da damar maido da kalmar sirri ta hanyar imel, yayin da shafuka 8 (22.2%) ba su da hanyar maido da kalmar sirri ko kuma sun dogara da sa hannun mutum.

5.3 Amfani da CAPTCHA

An aiwatar da CAPTCHA a shafuka 20 (55.6%). Sauran shafuka 16 (44.4%) ba su da wata hanyar gano bot, wanda ke ƙara haɗarin hare-haren atomatik.

5.4 Tambayoyin Tsaro

Shafuka 9 ne kawai (25%) suka yi amfani da tambayoyin tsaro don maido da kalmar sirri. Yawancin tambayoyin sun kasance masu iya tsinkaya (misali, 'Menene sunan dabbar ku?'), suna ba da ƙaramin tsaro.

5.5 Amfani da HTTPS

Shafuka 30 (83.3%) sun yi amfani da HTTPS, amma shafuka 6 (16.7%) har yanzu suna aiki akan HTTP, suna watsa bayanan sirri a fili.

5.6 Ma'aunin Ƙarfin Kalmar Sirri

Shafuka 10 ne kawai (27.8%) suka samar da ma'aunin ƙarfin kalmar sirri na lokaci-lokaci. Rashin irin wannan ra'ayi yana taimakawa wajen zaɓin kalmar sirri mara ƙarfi.

6. Bayanin Ƙididdiga

7. Mahimman Bayanai

• Yawancin shafuka ba su da jagororin gina kalmar sirri, wanda ke haifar da kalmar sirri mara ƙarfi.
• Amfani da CAPTCHA bai isa ba, yana fallasa shafuka ga hare-haren ƙarfi da atomatik.
• Amfani da HTTPS yana da yawa amma ba duka ba, yana haifar da haɗarin satar bayanai.
• Ma'aunin ƙarfin kalmar sirri ba a yi amfani da su sosai ba, yana rasa damar jagorantar masu amfani.

8. Cikakkun Bayanai na Fasaha da Tsarin Lissafi

Entropy na kalmar sirri $H$ ana lissafta shi azaman $H = L \cdot \log_2(N)$, inda $L$ shine tsawon kalmar sirri kuma $N$ shine adadin haruffa masu yiwuwa. Ga kalmar sirri mai tsayi 8 tana amfani da haruffa 62 (a-z, A-Z, 0-9), entropy shine $H = 8 \cdot \log_2(62) \approx 47.6$ bits. Ana ba da shawarar mafi ƙarancin entropy na bits 30 don tsarin ƙananan haɗari, yayin da bits 50+ ana ba da shawarar don bayanai masu mahimmanci.

9. Sakamakon Gwaji da Bayanin Hoton

Hoto na 1: Yawan Amfani da Matakan Tsaro - Hoton gungu wanda ke nuna adadin shafukan da ke aiwatar da kowane mataki. Amfani da HTTPS ya jagoranci da kashi 83.3%, yayin da tambayoyin tsaro suka koma baya da kashi 25%. Hoton yana nuna bambancin ayyukan tsaro a sarari.

Hoto na 2: Rarraba Ƙarfin Kalmar Sirri - Hoton kek wanda ke nuna cewa kashi 60% na shafuka suna karɓar kalmar sirri mai ƙasa da haruffa 8, kashi 30% suna buƙatar haruffa 8-12, kuma kashi 10% ne kawai ke tilasta haruffa 12+.

10. Misalin Tsarin Bincike

Misali: Shafi X (Ba a bayyana sunansa ba)

• Jagororin Kalmar Sirri: Babu wanda aka bayar.
• Maido da Kalmar Sirri: Ta hanyar imel, babu tambayoyin tsaro.
• CAPTCHA: Ba a aiwatar da shi ba.
• HTTPS: Ee.
• Ma'aunin Ƙarfi: A'a.
• Matsayin Haɗari: Babba - yana da haɗari ga hare-haren ƙarfi da yaudarar kai.

11. Bincike na Asali

Wannan binciken ya bayyana wani gibi mai tayar da hankali tsakanin manufofi da ayyuka a tsaron e-Gwamnati na Bangladesh. Yayin da gwamnati ta sami ci gaba wajen dijital na ayyuka, rashin matakan tsaron kalmar sirri na asali—kamar jagorori, CAPTCHA, da ma'aunin ƙarfi—yana nuna rashin fahimtar haɗarin yanar gizo. Kashi 16.7% na shafukan da har yanzu suna amfani da HTTP yana da matukar damuwa, saboda yana fallasa bayanan masu amfani ga satar bayanai ta hanyar hare-haren mutum-tsakiya. Dangane da rahoton 2021 na Bankin Duniya, ƙasashe masu tasowa suna rasa kimanin kashi 0.5% na GDP a kowace shekara ga laifukan yanar gizo, adadin da zai iya ƙaruwa ba tare da shiga tsakani ba. Sakamakon ya yi daidai da babban bincike na Herley da van Oorschot (2012) kan tattalin arzikin tsaron kalmar sirri, wanda ke jayayya cewa halayen masu amfani suna tasiri sosai ta hanyar tsarin. Rashin ma'aunin ƙarfi da jagorori yana canza nauyin tsaro ga masu amfani, waɗanda galibi ba su da ƙwarewa. Kwatancen bincike tare da irin wannan nazarin a Indiya da Pakistan ya nuna cewa Bangladesh ta koma baya a amfani da CAPTCHA (55.6% vs. 70% a Indiya) amma ta yi gaba a amfani da HTTPS (83.3% vs. 65% a Pakistan). Wannan yana nuna cewa ana saka hannun jari a kayayyakin more rayuwa, amma ana watsi da fasalolin tsaro da ke fuskantar masu amfani. Don ingantawa, gwamnati ta kamata ta tilasta mafi ƙarancin ƙa'idodin kalmar sirri, ta tilasta HTTPS a duk yankuna, kuma ta haɗa CAPTCHA a matsayin abin buƙata na asali. Kudin aiwatarwa ba shi da muhimmanci idan aka kwatanta da asarar da za a iya fuskanta daga kutse.

12. Aikace-aikace da Hanyoyi na gaba

Ayyukan gaba ya kamata su faɗaɗa saitin matakan tsaro don haɗawa da amfani da tantancewa ta hanyoyi da yawa (MFA), algorithms na ɓoye kalmar sirri, da ayyukan gudanar da zaman. Nazarin dogon lokaci da ke bin sauye-sauye a kan lokaci zai taimaka auna tasirin shiga tsakani na manufofi. Bugu da ƙari, nazarin da ya mayar da hankali kan masu amfani game da halayen kalmar sirri tsakanin 'yan ƙasar Bangladesh na iya ba da jagororin ƙira mafi kyau. Haɗin gwiwar tantancewa ta hanyar halittar jiki da tsarin da ba na kalmar sirri ba (misali, WebAuthn) yana wakiltar hanya mai kyau don haɓaka tsaro ba tare da lalata amfani ba.

13. Manazarta

1. Herley, C., & van Oorschot, P. (2012). A research agenda acknowledging the persistence of passwords. IEEE Security & Privacy, 10(1), 28-36.
2. World Bank. (2021). Cybersecurity and Economic Development: A Global Perspective. Washington, DC.
3. Florencio, D., & Herley, C. (2007). A large-scale study of web password habits. Proceedings of the 16th International Conference on World Wide Web, 657-666.
4. Bonneau, J., et al. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. IEEE Symposium on Security and Privacy, 553-567.
5. Bangladesh Computer Council. (2020). National Cybersecurity Strategy 2020-2025. Dhaka.

14. Sharhin Masana