Teburin Abubuwan Ciki
1. Gabatarwa
Tsaron kwamfuta a al'adance ya kasance mai dogaro da fasaha ko tsarin, wanda ya haifar da mafita na fasaha don tabbatar da mai amfani, rarraba maɓallai, da kuma ƙarewar maɓallai. Duk da haka, waɗannan mafita galibi suna haifar da sababbin matsaloli ga masu amfani da masu gudanarwa. Ma'aunin halittu, yayin da suke samun shahara, suna gabatar da ƙalubalen tsaro masu mahimmanci—an tabbatar da sawun yatsa na wucin gadi ta amfani da kayan kamar gummy, putty, cyanoacrylate, da photo-lithography. Ma'aunin halittu masu laushi, kamar tsarin buga maɓalli, suna ba da sassauci amma suna buƙatar lokutan horo kuma suna samar da maɓallai iri ɗaya bayan sokewa. Wannan bincike yana ba da shawarar cewa kalmomin sirri da kalmomin sirri, idan aka haɗa su da ilimin halin ɗan adam na fahimi da zamantakewa da ilimin harshe, suna ba da tsarin tabbatarwa mai sokewa, mai ƙwaƙwalwa, kuma mai tsaro. Babban sabon abu shine haɗa ra'ayin mai amfani game da Kai cikin tsarin zaɓin kalmar sirri, yana haɓaka kwatancin sirrin da aka raba tsakanin mai amfani da na'ura.
2. Hanyoyin Bincike
Tabbatar da mai amfani a kan tsarin a al'adance ya kasance yanki mai wahala amma mai amfani na bincike. Da farko, tabbatar da mai amfani ya kare manyan na'urori masu tsada. A yau, manufar ta koma kare ƙananan tsarin da ba a haɗa su ba kamar kwamfutoci na sirri, kwamfutocin tafi-da-gidanka, PDAs, da wayoyin hannu. Haɓakar kwamfuta ta ko'ina da haɓakar haɗin kai ya faɗaɗa filin hari da yawa. Masu amfani, waɗanda ke sarrafa asusun ajiya da yawa, suna jin an mamaye su da manufofin kalmar sirri. Daga hangen nesa na ka'idar bayanai, tsarin da ya dogara da kalmar sirri yana rushewa a ƙarƙashin buƙatun fahimi. Dangantakar da yawa-zuwa-ɗaya tsakanin maƙasudai da masu amfani tana sanya babban maƙasudi a kan masu amfani, musamman idan aka yi la'akari da yawaitar kalmomin sirri 'da aka fi so'. Wannan bincike yana amfani da samfurin ka'idar bayanai don kallon tabbatarwa a matsayin sirrin da aka raba, wanda aka haɓaka ta hanyar tunanin mai amfani game da kansa.
3. Babban Fahimta: Tasirin Kai a Tabbatarwa
Babban fahimtar wannan takarda shine cewa tasirin kai—wani al'amari na fahimi da aka tabbatar da shi inda bayanan da suka shafi mutum suka fi sauƙin tunawa—za a iya amfani da shi don ƙirƙirar kalmomin sirri masu ƙarfi da ƙwaƙwalwa. Ta hanyar barin masu amfani su gina kalmomin sirri bisa ga labarai na sirri, abubuwan tunawa, ko tunanin kai, tsarin yana canza saƙon bazuwar zuwa sirrin 'da aka riƙe sosai'. Wannan saka hannun jari na tunani yana sa masu amfani su fi son kare kalmar sirri kuma ba za su rubuta ta ko raba ta ba. Takarda tana jayayya cewa wannan hanya 'mai wucewa' ce saboda ƙarfin kalmar sirri ba wai kawai a cikin haɗin haruffanta ba ne amma a cikin ma'anarta ta sirri, ta musamman ga mai amfani, wanda ke da wuya ga mai kai hari ya kwafi ko tsammani.
4. Tsarin Ma'ana: Daga Yawan Bayanai zuwa Tsaron Hankali
Tsarin ma'ana na takarda yana da jan hankali. Yana farawa da gano matsalar: yawan bayanai daga manufofin kalmar sirri masu rikitarwa da yawa yana haifar da munanan ayyukan tsaro (misali, sake amfani da kalmar sirri, rubuta kalmomin sirri). Sa'an nan ya soki mafita da ake da su: ma'aunin halittu masu wuya ana iya ƙirƙira su, ma'aunin halittu masu laushi suna buƙatar horo kuma suna lalata maɓallai na gaba. Takarda ta ba da shawarar mafita: tsarin kalmar sirri da ya dogara da ilimin halin ɗan adam na fahimi. Hujjar tana ci gaba ta hanyar nuna cewa kalmomin sirri masu dogaro da kai sun fi ƙwaƙwalwa (rage nauyin fahimi) kuma sun fi tsaro (saboda ba za a iya tsammanin su ga mutanen waje ba). Mataki na ƙarshe shine tsara wannan a cikin ka'idar bayanai, yana nuna cewa entropy na kalmar sirri mai dogaro da kai ba wai kawai aikin haruffanta ba ne amma na mahallin sirri na musamman, wanda wani nau'i ne na 'bayanin sirri' wanda mai kai hari ba zai iya samun sauƙi ba.
5. Ƙarfi da Rashi: Ƙimar Mahimmanci
Ƙarfi: Babban ƙarfin takarda shine tsarinta na tsaka-tsaki, wanda ya haɗa tsaron kwamfuta da ilimin halin ɗan adam na fahimi da zamantakewa. Yana ba da mafita mai dogaro da ɗan adam ga matsalar ɗan adam, yana wucewa gyarar fasaha kawai. Tunanin tsarin a matsayin 'amintaccen aboki' kwatanci ne mai ƙarfi wanda zai iya inganta yarda da mai amfani da matsayin tsaro. Samfurin ka'idar bayanai yana ba da tsari mai tsauri don nazarin tsarin da aka tsara.
Rashi: Takarda ta ɗan kasance mai ka'ida kuma ba ta da ingantaccen tabbaci na ƙwaƙƙwaran gwaji. 'Tasirin kai' an yi nazari sosai a cikin ƙwaƙwalwa, amma aikace-aikacensa ga tsaron kalmar sirri yana buƙatar ƙarin gwaji na ainihi. Akwai haɗarin cewa masu amfani za su iya zaɓar kalmomin sirri waɗanda suka fi iya tsammani bisa ga halayensu na jama'a (misali, bayanan martaba na kafofin sada zumunta). Takarda ba ta magance yanayin 'mai wucewa' na tunanin kai ba—menene zai faru idan labarin kai na mai amfani ya canza? Tsarin dole ne ya kasance mai ƙarfi ga canjin mutum. Bugu da ƙari, takarda ba ta ba da takamaiman algorithm ko cikakkun bayanai na aiwatarwa don ƙirƙira ko kimanta irin waɗannan kalmomin sirri ba.
6. Bayanan Aiki: Shawarwari Masu Amfani
Dangane da sakamakon binciken takarda, wasu bayanan aiki masu amfani sun fito ga masu aikin tsaro da masu tsara tsarin:
- Aiwatar da Faɗakarwar Kalmar Sirri Mai Dogaro da Kai: Maimakon buƙatun haruffa bazuwar, jagoranci masu amfani su ƙirƙiri kalmomin sirri bisa ga labarai na sirri, abubuwan tunawa, ko dabi'u. Misali, 'Menene abin tunawa na yara wanda ya tsara wanda kake a yau?'
- Haɗa da Kalmomin Sirri: Ƙarfafa masu amfani su ƙirƙiri kalmomin sirri waɗanda gajerun labarai ne, waɗanda suka fi sauƙin tunawa kuma sun fi wuya a karya su fiye da saƙon bazuwar.
- Amfani da Tabbatarwa Mai Daidaitawa: Don aikace-aikacen tsaro mai girma, haɗa kalmomin sirri masu dogaro da kai tare da wasu abubuwa (misali, ma'aunin halittu na hali) don ƙirƙirar tsarin abubuwa da yawa wanda yake da tsaro kuma mai sauƙin amfani.
- Ilimantar da Masu Amfani: Horar da masu amfani game da manufar 'tsaron fahimi'—bayyana dalilin da yasa kalmomin sirri masu dogaro da kai suka fi ƙarfi da yadda ake ƙirƙira su ba tare da bayyana bayanan sirri ba.
- Gudanar da Nazarin Gwaji: Kafin cikakken aiwatarwa, gudanar da gwaje-gwaje masu sarrafawa don auna ƙwaƙwalwa da tsaron kalmomin sirri masu dogaro da kai idan aka kwatanta da manufofin gargajiya.
7. Cikakkun Bayanai na Fasaha da Tsarin Lissafi
Takarda tana amfani da samfurin ka'idar bayanai don ƙididdige tsaron kalmomin sirri masu dogaro da kai. Entropy $H$ na kalmar sirri ana ƙididdige shi a al'adance kamar $H = L \cdot \log_2(N)$, inda $L$ shine tsayi kuma $N$ shine girman saitin haruffa. Duk da haka, takarda tana jayayya cewa ga kalmomin sirri masu dogaro da kai, ingantaccen entropy ya fi girma saboda 'haruffa' sun haɗa da mahallin sirri na musamman na mai amfani. Za a iya tsawaita samfurin kamar:
$$H_{total} = H_{char} + H_{self}$$
inda $H_{char}$ shine entropy na tushen haruffa kuma $H_{self}$ shine entropy da tasirin kai ya ba da gudummawa, wanda aiki ne na ilimin sirri na mai amfani. Takarda tana ba da shawarar cewa $H_{self}$ za a iya ƙididdige shi azaman bayanan juna tsakanin kalmar sirri da tunanin kai na mai amfani, $I(Password; Self)$. Wannan sabon abu ne wanda ke ƙididdige yanayin 'da aka riƙe sosai' na sirrin.
8. Sakamakon Gwaji da Bayanin Zane
Yayin da takarda ta fi ka'ida, tana yin nuni ga aikin da ya gabata game da tasirin kai a ƙwaƙwalwa. Bayanin zane na tsarin da aka tsara shine kamar haka:
Hoto 1: Tsarin Tabbatarwa Mai Dogaro da Kai
Shigar Mai Amfani: "Karen na farko shine golden retriever mai suna Sunny."
|
v
Aiwatar da Tsarin:
- Cire mahimman abubuwa: "kare na farko", "golden retriever", "Sunny"
- Aiwatar da canji: "SunnyGoldenRetriever2021!"
- Adana hash na kalmar sirri da aka canza
|
v
Tabbatarwa: Mai amfani ya sake shigar da jimlar, tsarin ya yi amfani da canji iri ɗaya, ya kwatanta hash.
Sakamakon da ake tsammani (daga wallafe-wallafen ilimin halin ɗan adam na fahimi): Nazarin kan tasirin kai (misali, Rogers, Kuiper, & Kirker, 1977) ya nuna cewa bayanan da suka shafi kai ana tunawa da su har zuwa 50% fiye da bayanan da aka sarrafa ta hanyar ma'ana. Idan aka yi amfani da su ga kalmomin sirri, wannan yana nuna cewa masu amfani za su sami ƙarancin buƙatun sake saitin kalmar sirri kuma ba za su iya rubuta kalmomin sirrinsu ba.
9. Misalin Tsarin Nazari
Yi la'akari da mai amfani, Alice, wanda ke buƙatar ƙirƙirar kalmar sirri don asusun imel ɗinta. Maimakon manufar bazuwar, tsarin ya tambaye ta ta bayyana wata darajar sirri. Alice ta rubuta: "Na daraja gaskiya fiye da komai." Tsarin ya canza wannan zuwa kalmar sirri: "GaskiyaFiyeDaKomai!" Wannan kalmar sirri tana da tsawon haruffa 20, ta haɗa da manyan haruffa, ƙananan haruffa, da harafi na musamman, yana ba ta entropy na haruffa na $H_{char} = 20 \cdot \log_2(72) \approx 20 \cdot 6.17 = 123.4$ bits. Duk da haka, entropy na kai $H_{self}$ ya ma fi girma saboda mai kai hari zai buƙaci sanin dabi'un sirri na Alice, waɗanda ba su samuwa a bainar jama'a. Jimlar entropy ta fi girma sosai fiye da kalmar sirri bazuwar mai haruffa 20, kuma Alice na iya tunawa da ita saboda tana da ma'ana a gare ta.
10. Aikace-aikace da Hanyoyi na Gaba
Ka'idodin da aka zayyana a cikin wannan takarda suna da aikace-aikace masu yawa fiye da tsarin kalmar sirri na gargajiya. Hanyoyi na gaba sun haɗa da:
- Haɗin kai da Hujjojin Sifili-Sani: Za a iya amfani da kalmomin sirri masu dogaro da kai a cikin ka'idodin tabbatarwa na sifili-sani, inda mai amfani ya tabbatar da sanin sirrin ba tare da bayyana shi ba.
- Tsarin Tsaro Mai Daidaitawa: Tsarin da ke daidaita buƙatun tabbatarwa bisa ga yanayin fahimi na mai amfani ko mahimman bayanan da ake samun dama.
- Tambayoyin Tsaro na Musamman: Wucewa fiye da tambayoyin tsaro na gama gari (misali, 'Menene sunan mahaifiyar mahaifiyarka?') zuwa tambayoyin da suke da sirri sosai kuma ba za a iya tsammanin su daga bayanan jama'a ba.
- Shiga Guda ɗaya na Dandamali (SSO): Amfani da kalmar sirri guda ɗaya, mai ƙwaƙwalwa sosai mai dogaro da kai a matsayin maɓallin master don ayyuka da yawa, yana rage gajiyar kalmar sirri.
- Taimakon AI don Ƙirƙirar Kalmar Sirri: Amfani da sarrafa harshe na halitta don taimaka wa masu amfani su ƙirƙiri kalmomin sirri masu dogaro da kai waɗanda suke da ƙwaƙwalwa kuma masu tsaro, yayin guje wa matsalolin gama gari.
11. Bincike na Asali
Wannan takarda ta Pilson tana da ban tsoro kuma tana da mahimmanci a matsayin tashi daga tattaunawar da ta gaji, mai dogaro da fasaha game da tsaron kalmar sirri. Babban hujjar—cewa ya kamata mu yi amfani da tasirin kai don ƙirƙirar sirrin 'da aka riƙe sosai'—yana da kyau kuma yana da inganci a ilimin halin ɗan adam. Tasirin kai yana ɗaya daga cikin mafi ƙarfin binciken a ilimin halin ɗan adam na fahimi (Symons & Johnson, 1997), kuma aikace-aikacensa ga tabbatarwa wani abu ne na hazaka. Duk da haka, ƙarfin takarda shi ma rauninta ne. Tsarin ra'ayi ne, ba cikakkiyar mafita ta injiniya ba. Takarda ba ta da takamaiman algorithm don ƙirƙira da tabbatar da kalmomin sirri masu dogaro da kai, kuma ba ta magance muhimmin batun haɓaka ba. Ta yaya tsarin zai tabbatar da cewa kalmar sirri 'mai dogaro da kai' ce ba tare da adana labarin sirri na mai amfani ba? Wannan ƙalubale ne mai wuyar gaske na sirri da tsaro.
Bugu da ƙari, dogaron takarda ga ka'idar bayanai, yayin da yake da tsauri, na iya zama mai kyautata zato. Zaton cewa $H_{self}$ ba ya dogara da $H_{char}$ yana da shakku. A aikace, masu amfani na iya zaɓar kalmomin sirri masu dogaro da kai waɗanda har yanzu ana iya tsammanin su (misali, amfani da abubuwan rayuwa na gama gari kamar 'kammala karatu' ko 'bikin aure'). Takarda za ta amfana daga tattaunawa mai zurfi game da yanayin 'mai wucewa' na tunanin kai. Kamar yadda Markus da Wurf (1987) suka lura, tunanin kai yana da ƙarfi kuma ya dogara da mahalli. Kalmar sirri da ta dogara da 'darajar asali' na iya zama tsayayye, amma wadda ta dogara da 'manufar yanzu' na iya canzawa akai-akai, yana haifar da sake saitin kalmar sirri.
Duk da waɗannan rashi, gudummawar takarda tana da mahimmanci. Yana buɗe sabon alkiblar bincike: 'tsaron fahimi.' Wannan ya yi daidai da manyan abubuwan da ke faruwa a hulɗar ɗan adam da kwamfuta da tsaro mai amfani. Kiran takarda na kallon tsarin a matsayin 'amintaccen aboki' ƙa'idar ƙira ce mai ƙarfi wacce za ta iya canza halayen masu amfani game da tsaro. A wannan zamanin na ƙara yawan barazanar yanar gizo, wannan hanya mai dogaro da ɗan adam ba wai kawai sabon abu ba ce—tana da mahimmanci. Mataki na gaba shine masu bincike su gina kan wannan tsarin, su gudanar da manyan nazarin masu amfani, kuma su haɓaka aiwatarwa masu amfani waɗanda ke daidaita tsaro, ƙwaƙwalwa, da sirri.
12. Manazarta
- Pilson, C. S. (2021). Tightly-Held and Ephemeral Psychometrics: Password and Passphrase Authentication Utilizing User-Supplied Constructs of Self. arXiv preprint arXiv:1509.01662v1.
- Rogers, T. B., Kuiper, N. A., & Kirker, W. S. (1977). Self-reference and the encoding of personal information. Journal of Personality and Social Psychology, 35(9), 677–688.
- Symons, C. S., & Johnson, B. T. (1997). The self-reference effect in memory: A meta-analysis. Psychological Bulletin, 121(3), 371–394.
- Markus, H., & Wurf, E. (1987). The dynamic self-concept: A social psychological perspective. Annual Review of Psychology, 38, 299–337.
- Shannon, C. E. (1948). A mathematical theory of communication. The Bell System Technical Journal, 27(3), 379–423.
- Adams, A., & Sasse, M. A. (1999). Users are not the enemy. Communications of the ACM, 42(12), 40–46.
- Yan, J., Blackwell, A., Anderson, R., & Grant, A. (2004). Password memorability and security: Empirical results. IEEE Security & Privacy, 2(5), 25–31.