Passlab: Kayan Aiki na Hanyoyi Na Yau Da Kullun Don Binciken Tsarin Tsaro na Kalmar Sirri na Ƙungiyar Blue

Jerin Abubuwan Ciki

1. Gabatarwa & Bayyani
2. Bita na Adabi & Tushe
3. Ci Gaba Har Yanzu: Abubuwan Gini na Tsakiya
4. Cikakkun Bayanai na Fasaha & Tsarin Lissafi
5. Sakamakon Gwaji & Nunin UI
6. Tsarin Bincike: Misalin Nazarin Harka
7. Bincike Mai Zurfi & Fahimtar Kwararru
8. Aikace-aikace na Gaba & Taswirar Ci Gaba
9. Nassoshi

1. Gabatarwa & Bayyani

Yanayin tsaron yanar gizo yana nuna rashin daidaito a tsakanin kayan aikin masu kai hari (Ƙungiyar Ja) da masu tsaron gida (Ƙungiyar Blue), musamman game da tsarin da ke da kariya ta kalmar sirri. Yayin da maharan ke da cikakkiyar tsarin kayan aiki don fasa kalmar sirri, zato kan layi, da leƙen asiri, masu tsaron gida ba su da kwatankwacin kayan aiki masu zurfi don yanke shawara kan tsarin tsaro bisa shaida. Passlab yana magance wannan gibi kai tsaye. Wani yanayi ne da aka haɗa wanda aka ƙera don ba wa masu gudanar da tsarin iko—ba tare da buƙatar ilimin hanyoyi na yau da kullun ba—don yin tunani bisa ka'ida game da tsare-tsaren ƙirƙirar kalmar sirri, ƙirƙirar barazanar, da samar da lambar tilastawa daidai ta hanyar gini. Kayan aikin suna amsa buƙatar masana'antu don yanke shawara na tsaro da ke dogara da bayanai, musamman dangane da ƙarfafa dokokin kariyar bayanai kamar GDPR.

2. Bita na Adabi & Tushe

An gina Passlab bisa haɗaɗɗun bincike da aka kafa:

Samfurin Rarraba Kalmar Sirri: Yana amfani da aikin Malone & Maher da Wang et al., wanda ya tabbatar cewa kalmar sirrin da masu amfani suka zaɓa gabaɗaya suna bin dokar Zipf. Wannan yana ba da damar yuwuwar kalmar sirri $P(w)$ a zana samfurin a matsayin saba'in da matsayinta $r$: $P(w) \propto \frac{1}{r^s}$, inda $s$ ke da ƙima ta dindindin.
Wakilcin Tsarin Tsaro: Yana amfani da samfurin ƙa'idar ƙirƙirar kalmar sirri da Blocki et al. suka gabatar, yana ba da ƙaramin matsayi, wakilci na gabaɗaya don ɓoye tsare-tsare.
Ƙirƙirar Barazana: Ya haɗa da Bishiyoyin Kai Hari-Kariya (ADTrees) daga Kordy et al., yana ba da tsari mai sauƙin fahimta, na gani don masu gudanarwa su ƙirƙiri samfurin hare-haren zato na kalmar sirri da tsare-tsaren rage tasiri masu dacewa.
Tabbatarwa Na Yau Da Kullun: Ya dogara da Coq mai taimaka wa ka'idar lissafi da iyawarsa na cire lamba don samar da software da aka tabbatar bisa ƙa'ida don tilasta bin tsarin tsaro.

3. Ci Gaba Har Yanzu: Abubuwan Gini na Tsakiya

3.1. Tsare-tsaren Kullewa Masu Dogaro da Bayanai

Kalubale na tsakiya shine daidaita tsaro tare da amfani a cikin tsare-tsaren kulle asusu. Passlab yana ba da hanyoyi na yau da kullun don lissafin matsakaicin adadin yunƙurin shiga da ba daidai ba da aka yarda wanda ke kiyaye yuwuwar nasarar harin zato kan layi ƙasa da ƙayyadadden bakin kofa. Wannan yana magance matsalar hana sabis da cinikin tsaro da ke cikin hanyoyin kullewa kai tsaye.

3.2. Ƙirƙirar Tsarin Tsaro Na Yau Da Kullun & Bishiyoyin Kai Hari-Kariya

Kayan aikin sun haɗa ADTrees, yana ba wa masu gudanarwa damar gina yanayin kai hari ta hanyar gani (misali, "Zato Kalmar Sirri ta Hanyar Harin Ƙamus") kuma su haɗa su da nodes na tsarin tsaro na kariya (misali, "Tilasta Mafi ƙarancin Tsawon 12"). Wannan yana haɗa gibin tsakanin samfuran barazana na zahiri da ƙa'idodi na zahiri, waɗanda za a iya tilastawa.

3.3. Cire Lamba & Tabbatar da Tilastawa

Na baya na Passlab yana amfani da Coq don ƙayyadad da tsare-tsaren kalmar sirri bisa ƙa'ida. Fitowa mai mahimmanci ita ce cirewar lambar aiki ta atomatik, lambar da aka tabbatar bisa ƙa'ida (misali, a cikin OCaml ko Haskell) wanda za'a iya haɗawa cikin tsarin tantancewa don tilasta tsarin da aka ayyana, yana ba da garantin daidaito ta hanyar gini.

4. Cikakkun Bayanai na Fasaha & Tsarin Lissafi

Za a iya taƙaita ainihin lissafin Passlab don tsare-tsaren kullewa. Idan aka ba da rarraba kalmar sirri da ke bin dokar iko (dokar Zipf), jimlar yuwuwar maharin yin zato daidai a cikin yunƙurin $k$ daga jerin kalmar sirri $N$ da aka jera shi ne: $$P_{success}(k) = \sum_{i=1}^{k} \frac{C}{i^s}$$ inda $C$ ke da ƙima ta dindindin na daidaitawa kuma $s$ shine ma'auni mai ma'ana wanda ya dace da bayanan ainihi (misali, bayanan RockYou). Passlab yana warware matsakaicin $k$ kamar yadda $P_{success}(k) < \tau$, inda $\tau$ shine bakin kofa na haɗarin da mai gudanarwa ya ayyana (misali, 0.001).

5. Sakamakon Gwaji & Nunin UI

Taƙaitaccen binciken yana nuni da wani muhimmin ɓangaren UI (Hoto na 1 a cikin PDF). Tsarin yana nuna daidaitawar lissafin dokar iko zuwa bayanan kalmar sirri, yana zana yuwuwar zato daidai ($x$) zuwa matsayinta ($y$) a cikin babban bayanai kamar RockYou. Wannan yana ba masu amfani damar haɗa ayyukan bincike na bayanai ta hanyar gani, lura da rarraba ainihin duniya wanda ke ƙarfafa samfurin ƙa'ida. Daidaitawar yana tabbatar da zato na Zipf akan bayanan ainihi, yana ba da tushe na zahiri don lissafin tsarin tsaro na gaba.

6. Tsarin Bincike: Misalin Nazarin Harka

Yanayi: Dole ne mai gudanarwa ya saita tsarin kullewa don tsarin imel na kamfani wanda ke kare IP mai mahimmanci. Aikin Passlab: 1. Shigo da Bayanai & Ƙirƙirar Samfuri: Loda bayanan mitar kalmar sirri masu dacewa (misali, tarin kalmar sirri na kamfani idan akwai, ko zubar da jama'a kamar RockYou). Kayan aikin sun dace da samfurin dokar iko, suna tabbatar da rarraba. 2. Ƙayyadaddun Haɗari: Mai gudanarwa ya saita bakin kofa na yuwuwar nasara da aka yarda $\tau$ zuwa 0.1% (0.001) don ci gaba da harin kan layi. 3. Lissafi Na Yau Da Kullun: Passlab yana lissafin, ta amfani da lissafin da aka samo, cewa ƙyale matsakaicin yunƙurin $k=5$ da ba daidai ba yana kiyaye yuwuwar nasarar maharin ƙasa da 0.001, bisa ga samfurin rarraba. 4. Haɗa Tsarin Tsaro & Samar da Lamba: An ƙirƙira tsarin "kullewa na yunƙuri 5" a cikin Coq. Daga nan Passlab ya cire kayan aikin tantancewa da aka tabbatar wanda ke aiwatar da wannan ƙa'ida ta zahiri, a shirye don turawa. 5. Binciken Ciniki: Mai gudanarwa zai iya daidaita $\tau$ ko kwatanta samfuran tsarin tsaro daban-daban (misali, ƙara mafi ƙarancin tsawon kalmar sirri) don ganin tasirin akan $k$ da aka lissafa da matsayin tsaro gabaɗaya.

7. Bincike Mai Zurfi & Fahimtar Kwararru

Fahimta ta Tsakiya: Passlab ba wani mai samar da tsarin tsaro kawai bane; yana da matakin fassara tsakanin shekarun da suka gabata na binciken kalmar sirri na ilimi da gaskiyar aiki na masu gudanar da tsarin. Ainihin sabon abunsa shine yaɗa hanyoyi na yau da kullun, fanni da yawa ana keɓe su a cikin ilimi, kamar yadda kayan aikin AutoML ke yaɗa koyon inji. Hujjar kayan aikin a ɓoye tana da ƙarfi: a cikin zamanin binciken ƙa'ida (GDPR, CCPA), tsaro na "hankali na gama-gari" abin alhaki ne na doka da fasaha. Tsarin tsaro da ya dogara da shaida yana zama dole.

Kwararar Hankali & Ƙarfafawa: Tsarin gine-ginen kayan aikin yana da hankali sosai. Ya fara da bayanan gwaji (zubar da kalmar sirri), ya gina samfurin ƙididdiga (dokar Zipf), ya yi amfani da dabaru na yau da kullun (Coq, ADTrees), kuma ya ƙare da lambar aiki. Wannan bututun rufaffiyar, daga bayanai zuwa turawa shine babban ƙarfinsa. Yana magance binciken da aka ambata daga [7] kai tsaye cewa tsananin tsarin tsaro sau da yawa baya da alaƙa da ƙimar kadarorin. Ta hanyar ƙididdige haɗari, Passlab yana ba da damar tsaro mai daidaito. Amfani da ADTrees don nunin gani babban fasaha ne a cikin amfani, kamar yadda MITRE ATT&CK ya sa ƙirƙirar barazana ta zama mai sauƙi.

Kurakurai & Giba Masu Muhimmanci: Hangen nesa na yanzu, kamar yadda aka gabatar, yana da manyan wuraren makanta. Na farko, yana dogaro sosai akan samfurin Zipf. Duk da yake yana da ƙarfi ga manyan bayanai na gabaɗaya, wannan samfurin zai iya rushewa ga ƙananan yawan masu amfani na musamman (misali, kamfani mai ƙwarewar fasaha) ko kuma a fuskar ƙwararrun hare-haren zato masu fahimtar yanayi kamar waɗanda ke amfani da samfuran Markov ko hanyoyin sadarwar jijiyoyi (kamar yadda aka bincika a cikin kayan aiki kamar PassGAN, wanda ke amfani da Hanyoyin Sadarwar Jijiyoyi Masu Adawa don fasa kalmar sirri). Na biyu, lambar "daidai-ta-hanyar-gini" tana tabbatar da bin tsarin ƙirƙirar kawai—ba ta yin komai don tabbatar da tsaron tsarin tantancewa da ke kewaye (aikin hash, ajiya, sarrafa zaman) ba, waɗanda su ne mafi yawan hanyoyin keta. Na uku, kayan aikin da alama suna mai da hankali kan ƙirƙirar tsarin tsaro mai tsayayye. Gaba shine tantancewa mai daidaitawa, wanda ya dogara da haɗari. Ina haɗin kai tare da siginoni kamar wurin shiga, sa hannun na'ura, ko nazarin hali don daidaita matakan ƙalubale a hankali?

Fahimta Mai Aiki: Don wannan kayan aiki ya canza daga ƙaƙƙarfan samfuri na bincike zuwa ma'auni na masana'antu, ƙungiyar ci gaba dole:
1. Haɗa Samfuran Harin na Zamani: Haɗa tallafi ga masu ƙididdige yuwuwar da suka dogara da sarkar Markov da hanyar sadarwar jijiyoyi don magance kayan aikin fashewa na zamani. Yi la'akari da hanyar daga "PassGAN: Hanyar Koyon Zurfi don Zato Kalmar Sirri" don fahimtar yanayin barazana mai tasowa.
2. Faɗaɗa Iyaka Fiye da Ƙirƙira: Haɗin gwiwa tare da ayyuka kamar Mozilla SOPS (Ayyukan Sirri) ko amfani da tsarin daga Ƙa'idodin Shaidar Lambobi na NIST (SP 800-63B) don ƙirƙira da tabbatar da haɗarin tsawon rayuwar tantancewa.
3. Gina Madauki na Amsa: Ya kamata a ƙera kayan aikin don shigar da bayanai daga rajistan tantancewa na ainihin duniya (wanda ba a san sunansa ba) don ci gaba da inganta samfuran yuwuwar da shawarwarin tsarin sa, yana matsawa zuwa tsarin mai inganta kansa. Manufa ta ƙarshe ya kamata ta zama Tsarin Tallafawa Shawarar Tsaron Kalmar Sirri wanda ke ba da labari ba kawai tsarin tsaro mai tsayayye ba, amma dabaru na injin tantancewa na ainihin lokaci.

8. Aikace-aikace na Gaba & Taswirar Ci Gaba

Yiwuwar aikace-aikacen hanyar Passlab ta tsakiya ya wuce tsarin kalmar sirri na al'ada:

Ƙirƙirar Tsarin Tsaro Ba tare da Kalmar Sirri & MFA ba: Za a iya daidaita tsarin ƙirƙira na yau da kullun (ADTrees, Coq) don yin tunani game da tsare-tsare don masu tantancewa na FIDO2/WebAuthn ko saitin ƙa'idodin haɓaka mataki na tantancewa mai yawa.
Yin Biyayya a matsayin Lamba: Sarrafa samar da shaida don binciken ƙa'ida (GDPR, ISO 27001, SOC 2) ta hanyar ba da hanyar da za a iya tabbatarwa daga tantance haɗari zuwa sarrafa da aka aiwatar.
Na'urar Koyarwa & Horarwa: Zama dandamali mai ma'amala don horar da ƙungiyoyin blue akan tasirin ƙididdiga na tsare-tsaren tsaro daban-daban a kan hare-haren da aka kwaikwayi.
Haɗin kai tare da Dandamali na IAM: Hanyar ƙarshe ita ce Passlab ya zama injin binciken tsarin tsaro da aka saka a cikin manyan mafita na Sarrafa Shaidu da Samun dama (IAM) kamar Okta ko Azure AD, yana ba da shawara da tabbatar da tsarin tsaro na ainihin lokaci.
Matsawa Zuwa Tsare-tsare Masu Daidaitawa: Siffofi na gaba za su iya amfani da samfurin ƙa'ida a matsayin tushe don tsarin da ke tafiyar da koyon inji waɗanda ke daidaita tsananin tsarin tsaro bisa ga bayanan barazana na ainihin lokaci da maki haɗarin halayen mai amfani.

9. Nassoshi

Mataimakin Tabbatar da Coq. https://coq.inria.fr
Blocki, J., et al. (2013). Maimaita Kalmar Sirri ta Halitta.
Zubar da Bayanan Kalmar Sirri na RockYou (2009).
Dokar (EU) 2016/679 (GDPR).
Hitaj, B., et al. (2017). PassGAN: Hanyar Koyon Zurfi don Zato Kalmar Sirri. arXiv:1709.00440.
Malone, D., & Maher, K. (2012). Binciken Rarraba Zaɓin Kalmar Sirri.
Veras, R., et al. (2014). A kan Tsarin Ma'ana na Kalmar Sirri da Tasirin Tsaronsu.
Wang, D., et al. (2017). Kimiyyar Zato: Binciken Ma'ajin Bayanan Kalmar Sirri na Kamfani da ba a san sunansa ba.
Kordy, B., et al. (2014). Bishiyoyin Kai Hari-Kariya.
Letouzey, P. (2008). Sabon Cirewa don Coq.
NIST. (2017). Ƙa'idodin Shaidar Lambobi (SP 800-63B).
MITRE. Tsarin ATT&CK. https://attack.mitre.org