Zaɓi Harshe

Barazanar Boyayyen Sako (Steganography) a Cikin Kwamfyuta ta Girgije: Bincike da Tasirin Tsaro

Bincike kan dabarun boyayyen sako a matsayin sabon hanyar barazana a cikin kwamfyuta ta girgije, tare da bincika kalubalen tsaro, rarrabuwar yanayi, da dabarun hana su.
computingpowertoken.com | PDF Size: 0.1 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Barazanar Boyayyen Sako (Steganography) a Cikin Kwamfyuta ta Girgije: Bincike da Tasirin Tsaro
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Barazanar Boyayyen Sako (Steganography) a Cikin Kwamfyuta ta Girgije: Bincike da Tasirin Tsaro

1. Gabatarwa

Kwamfyuta ta girgije tana wakiltar sauyi mai mahimmanci a cikin kwamfyuta, tana ba da damar samun albarkatun raba tare da ƙaramin ƙoƙarin gudanarwa. Cibiyar Ƙididdiga da Fasaha ta Ƙasa (NIST) ta bayyana shi azaman tsari da ke ba da damar shiga cikin hanyoyin sadarwa a ko'ina zuwa tarin albarkatun kwamfyuta masu daidaitawa. Manyan halaye sun haɗa da sabis na kai tsaye, shafar hanyoyin sadarwa mai faɗi, tarin albarkatu, saurin sassauci, da auna sabis. Manyan hanyoyin sabis guda uku sune Software a matsayin Sabis (SaaS), Dandamali a matsayin Sabis (PaaS), da Kayayyakin More rayuwa a matsayin Sabis (IaaS).

2. Tsaron Kwamfyuta ta Girgije

Tsarin gine-ginen kwamfyuta ta girgije na musamman yana gabatar da sabbin kalubalen tsaro, sirri, da amana waɗanda suka bambanta da tsarin kwamfyuta na gargajiya.

2.1 Manyan Kalubalen Tsaro

  • Sarrafa Samun Bayanai: Tabbatar da cewa kawai waɗanda aka ba su izini, ciki har da mai ba da sabis, za su iya samun bayanan mai amfani.
  • Alhakin Raba: Ayyana da sarrafa alhakin tsaro tsakanin mai ba da sabis na girgije da abokin ciniki.
  • Tsaron Raba Masu Amfani Da Yawa: Samar da rarrabuwa mai tsari da inganci na kayayyakin more rayuwa na raba, wanda aka ƙirƙira tsakanin abokan ciniki daban-daban.

2.2 Barazanar Ƙungiyar Tsaron Girgije (CSA)

Ƙungiyar Tsaron Girgije (CSA) ta gano barazana guda bakwai masu mahimmanci ga kwamfyuta ta girgije:

  1. Zalunci da Amfani mara Kyau: Yin amfani da albarkatun girgije don ayyuka marasa kyau kamar aikawa da saƙon banza, rarraba malware, hare-haren DDoS, ko umarni da sarrafa botnet.
  2. Masu Cuta na Ciki: Barazanar da ta samo asali daga cikin ƙungiyar mai ba da sabis na girgije.
  3. Asarar Bayanai ko ɓarkewa: Samun damar bayanai ba tare da izini ba, sharewa, ko gyara bayanai.
  4. Ɗaukar Asusu ko Sabis: Lalata shaidar mai amfani ko hanyoyin sadarwa na sabis.
  5. Hanyoyin Sadarwa da API marasa Tsaro: Raunin da ke cikin hanyoyin sarrafa girgije.
  6. Matsalolin Fasaha na Raba: Abubuwan da ke ƙasa ba a tsara su don keɓancewa mai ƙarfi a cikin yanayin masu amfani da yawa ba, yana ba da damar masu kai hari su yi niyya ga bayanan wasu abokan ciniki.
  7. Matsayin Haɗari da ba a sani ba: Rashin bayyana game da waɗanda ke raba kayayyakin more rayuwa da ƙayyadaddun dama ga rajistan tsaro (misali, rajistan kutsawa).

An rarraba waɗannan barazanun zuwa: barazanun gargajiya da aka ƙara ƙarfi (1-5) da barazanun musamman na girgije (6-7) waɗanda ke amfani da halayen girgije na asali.

3. Boyayyen Sako (Steganography) a Cikin Kwamfyuta ta Girgije

Boyayyen sako (Steganography), fasahar ɓoye bayanai a cikin masu ɗaukar sako masu kama da mara laifi, yana gabatar da hanyar barazana mai ƙarfi a cikin girgije. Ana iya amfani da shi don fitar da bayanai, ba da damar kai hare-haren hanyar sadarwa, ko sauƙaƙe ɓoyayyen sadarwa tsakanin ƙungiyoyi marasa kyau. Mai ɗaukar sako na gaskiya shi ne sananne (amfani da shi ba shi da ban mamaki) kuma gyaran sa don saka boyayyen sako ba zai iya gane shi ga wasu mutane na uku ba.

3.1 Bukatun Mai ɗaukar Boyayyen Sako

Nemo mai ɗaukar sako mai dacewa a cikin mahallin girgije yana da mahimmanci. Faɗaɗa sabbin sabis na Intanet yana ba da masu ɗaukar sako masu yuwuwa da yawa, kamar fayilolin hoton na'ura mai kwakwalwa, tsarin zirga-zirgar hanyar sadarwa tsakanin misalan girgije, bayanan ajiya, ko lokutan kiran API. Dole ne mai ɗaukar sako ya haɗu cikin sauƙi cikin ayyukan girgije na yau da kullun.

3.2 Rarrabuwar Yanayi

Takardar ta gabatar da rarrabuwa bisa wurin mai karɓar boyayyen sako:

  • Daga Ciki zuwa Waje: Fitar da bayanai a ɓoye daga cikin girgije zuwa wani abu na waje.
  • Daga Ciki zuwa Ciki: ɓoyayyen sadarwa tsakanin abubuwa biyu (misali, na'urori masu kwakwalwa) a cikin mahallin girgije ɗaya.
  • Daga Waje zuwa Ciki: Umurni ko bayanai da aka aika a ɓoye daga waje zuwa cikin kayayyakin more rayuwa na girgije.

Waɗannan yanayin suna nuna cewa dole ne a yi la'akari da barazanun boyayyen sako a cikin ƙirar sabis na girgije masu tsaro.

4. Cikakken Fahimta & Bincike

Cikakken Fahimta

Babban bayanin da takardar ta gabatar shi ne cewa ainihin kyawawan halayen kwamfyuta ta girgije—tarin albarkatu, sassauci, da raba masu amfani da yawa—sune raunin sa ga boyayyen sako. Ainihin halayen da ke haifar da inganci suna haifar da cikakkiyar yanayi, mai yawa, mai hayaniya don ɓoye bayanai. Tsaron iyaka na gargajiya yana makantar da waɗannan tashoshi na ɓoye. Kamar yadda aka lura a cikin IEEE Transactions on Information Forensics and Security, ana iya gano boyayyen sako yana saba da ƙarfin ruɗi na matsakaicin mai ɗaukar sako; yanayin girgije mai ƙarfi yana ba da ƙarfin ruɗi mai yawa.

Tsarin Hankali

Marubutan sun bi daidai juyin halittar barazana: 1) Karɓar girgije yana haifar da sabbin fuskokin kai hari (API, kayan aiki na raba). 2) Barazanun daidaitattun (ɓarkewar bayanai) suna rikidewa zuwa nau'ikan ɓoye. 3) Boyayyen sako yana amfani da "al'ada" na zirga-zirgar girgije. Babban tsalle-tsalle na hankali da suka yi—kuma yana da mahimmanci—shine rarraba barazanun ba ta nau'in kai hari ba, amma ta wurin mai karɓa. Wannan yana canza hankali daga "abin da aka ɓoye" zuwa "inda yake tafiya", wanda ya fi dacewa ga masu tsaron da ke sa ido kan zirga-zirgar hanyar sadarwa.

Ƙarfi da Kurakurai

Ƙarfi: Rarrabuwar bisa yanayi yana da amfani kuma sabon abu ne. Ya wuce tunani na ka'ida don ba da tsarin da masu zanen tsaron girgije za su iya amfani da shi. Haɗa shi da tsarin barazanar CSA ya kafa shi a cikin aikin masana'antu.

Kurakurai: Takardar tana da haske sosai akan ƙididdigewa. Tana ɗaga ƙararrawa amma tana ba da ƙaramin bayanai game da yaduwa ko iyawar bandwidth na waɗannan tashoshi na ɓoye a cikin girgije na gaske. Da yawa bayanai za ku iya fitarwa ta hanyar boyayyen sako na hoton VM kafin a haifar da wani abu mai ban mamaki? Hakanan yana ƙaramin rawar da injin koyo ke takawa wajen gano, fagen da ayyuka kamar "Steganalysis Using Deep Learning" daga Taron ACM akan Tsaron Kwamfyuta da Sadarwa suka ci gaba, wanda za a iya juya shi don hana waɗannan barazanun.

Fahimta Mai Aiki

Ga Masu Bayar da Sabis na Girgije: Aiwatar da tsarin aiki na yau da kullun. Ba kawai sa ido kan sanannen malware ba, amma kafa ka'idoji don tsarin sadarwar VM, jerin kiran API, da tsarin samun damar ajiya. Abubuwan ban mamaki a cikin waɗannan tsare-tsaren, ko da a cikin zirga-zirgar da "aka yarda", na iya nuna alamar boyayyen sako.

Ga Kamfanoni: Bukatar rajistan bayyanawa da suka wuce ƙoƙarin samun dama don haɗawa da bayanan lokaci da binciken zirga-zirgar tsakanin VM. Tsarin alhakin raba na CSP ɗinku dole ne ya magance haɗarin tashoshi na ɓoye a sarari.

Ga Masu Bincike: Gaba gaba shi ne tsaro mai aiki. Shin za mu iya shigar da hayaniya mai sarrafawa cikin yanayin girgije don rushe ma'aunin sigina zuwa hayaniya da boyayyen sako ya dogara da shi, kama da dabarun adawa da ake amfani da su a cikin boyayyen sako na hoto? Wasan ba game da ɓoyewa kawai ba ne; yana game da sarrafa mahallin mai ɗaukar sako da kansa.

5. Cikakkun Bayanai & Tsarin Lissafi

Yawanci ana auna ingancin dabarar boyayyen sako ta hanyar rashin iya gano shi da iyawarsa. Tsarin gama gari don nazarin tsarin tsaron tsarin boyayyen sako $S$ wanda ke saka saƙo $M$ cikin murfin $C$ don samar da abu na boye $S$ ya dogara ne akan bambancin Kullback-Leibler ($D_{KL}$) tsakanin rarraba yuwuwar murfi ($P_C$) da abubuwan boye ($P_S$).

$D_{KL}(P_S || P_C) = \sum_{x} P_S(x) \log \frac{P_S(x)}{P_C(x)}$

Don cikakkiyar tsaro (a ka'ida), $D_{KL}(P_S || P_C) = 0$, ma'ana abu na boye bai bambanta da ƙididdiga da murfin ba. A cikin yanayin girgije, murfin $C$ zai iya zama lokacin isowar fakitin hanyar sadarwa tsakanin VM, girman tubalan ajiya da aka keɓance, ko tsarin amfani da CPU na akwati. Manufar mai kai hari ita ce rage wannan bambance-bambance yayin saka bayanai.

Wani ma'auni mai mahimmanci shine ƙimar saka ko iyawa $\alpha$, galibi ana bayyana shi dangane da girman murfin: $\alpha = \frac{|M|}{|C|}$, inda $|M|$ shine tsawon saƙon ɓoyayye kuma $|C|$ shine girman ko girma na matsakaicin murfi.

6. Tsarin Bincike & Misalin Lamari

Yanayi: Fitar da Bayanai Daga Ciki zuwa Waje ta Hanyar Tashoshin Lokaci na Hanyar Sadarwa.

Aiwatar da Tsarin:

  1. Gano Mai ɗaukar Sako: Zirga-zirgar HTTPS na al'ada, wanda aka yarda dashi, daga VM na kamfani a cikin girgije zuwa gidan yanar gizo na waje mai kama da mara laifi (misali, shafin labarai).
  2. Tashoshi na ɓoye: Lokaci tsakanin fakitin buƙatun HTTPS masu biyo baya ana daidaita shi. ɗan gajeren tazara yana wakiltar binary '0', ɗan dogon tazara yana wakiltar binary '1'. Bambance-bambancen suna cikin kewayon girgizar hanyar sadarwa ta al'ada.
  3. Mai Karɓa: Uwar garken yanar gizon na waje, wanda mai kai hari ke sarrafa shi, yana adana lokutan isowar fakitin. Tsarin haɗin gwiwa yana ɗauke da jerin lokutan don sake gina bayanan da aka fitar (misali, shaidar sata).
  4. Kalubalen Gano: Daidaitattun bangon wuta da tsarin gano kutsawa (IDS) da ke bincika abubuwan da ke cikin fakitin ba za su sami wani abu mara kyau ba. Binciken zirga-zirgar zai iya nuna adadin zirga-zirgar al'ada zuwa wani shafi na halatta.

Dabarun Hana Cikin Tsarin: Kayan aikin tsaron girgije da ke aiwatar da wannan tunanin na takarda ba zai kalli inda ake nufi da adadin kawai ba. Zai ƙirƙiri bayanin martaba na VM, gami da rarraba lokutan zirga-zirgar sa na yau da kullun. Sa'an nan zai yi amfani da gwaje-gwajen ƙididdiga (kamar gwajin Kolmogorov-Smirnov) don bincika ko jerin lokutan da aka lura na wannan kwarara na musamman ya bambanta sosai daga tarihin VM ɗin da kansa ko daga tsarin VM ɗin makamancinsa a cikin tafki, yana alamar abubuwan ban mamaki don bincike mai zurfi.

7. Aikace-aikace na Gaba & Jagorori

Haɗuwar boyayyen sako da kwamfyuta ta girgije yana shirye don babban juyin halitta, wanda sabbin fasahohi suka motsa:

  • Kwamfyuta mara Uwar garken (FaaS): Yanayin aikin mara uwar garken na ɗan lokaci, mai motsa abubuwan da abubuwan da suka faru na iya amfani da su don ƙirƙirar tashoshi na ɓoye masu wucewa da wahalar gano su ta amfani da lokacin kiran aiki ko jinkirin farawa a matsayin masu ɗaukar sako.
  • Boyayyen Sako da Bincike Mai Ƙarfin AI/ML: Cibiyoyin Sadarwa na Adawa (GANs), kamar waɗanda aka bayyana a cikin takardar CycleGAN ("Unpaired Image-to-Image Translation using Cycle-Consistent Adversarial Networks"), ana iya daidaita su. Cibiyar sadarwa ɗaya tana koyon ɓoye bayanai a cikin alamun aikin girgije, yayin da abokin gaba yake ƙoƙarin gano shi, yana haifar da dabarun ɓoyewa masu ƙarfi. Akasin haka, samfuran koyo mai zurfi za su zama mahimmanci don gano waɗannan hanyoyin ci gaba.
  • Kwamfyuta ta Girgije ta Quantum: Ci gaban girgije na quantum zai iya gabatar da ka'idojin boyayyen sako na quantum, ɓoye bayanai a cikin yanayin quantum na albarkatun girgije da aka raba, yana gabatar da sabon kalubale na asali.
  • Software-Defined Everything (SDx): Za a iya karkatar da shirye-shiryen hanyoyin sadarwa da aka tsara ta software (SDN), ajiya, da kayan aikin more rayuwa a cikin girgije don ƙirƙirar tashoshi na ɓoye a cikin saƙon sarrafa jirgin sama ko sabuntawa na tsari.
  • Mai da hankali kan Dokoki da Bin Ka'ida: Dokoki na gaba (kamar juyin halittar GDPR ko dokoki na musamman na sashe) na iya tilasta wa masu ba da sabis na girgije su nuna iyawar gano da hana fitar da bayanai a ɓoye, wanda hakan ya sa wannan ya zama buƙatar bin ka'ida.

Tsaro zai iya canzawa daga gano kawai zuwa yanayin aiwatar da amintacce (TEEs) kamar Intel SGX ko AMD SEV, da amfani da tsarin gine-ginen rashin amana waɗanda ke ɗaukan karya kuma suna tabbatar da duk hanyoyin sadarwa, ko da menene asalinsu.

8. Nassoshi

  1. Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing. National Institute of Standards and Technology.
  2. Cloud Security Alliance. (2011). Security Guidance for Critical Areas of Focus in Cloud Computing V3.0.
  3. Zhu, J., Park, T., Isola, P., & Efros, A. A. (2017). Unpaired Image-to-Image Translation using Cycle-Consistent Adversarial Networks. In Proceedings of the IEEE International Conference on Computer Vision (ICCV).
  4. Fridrich, J., & Kodovsky, J. (2012). Rich Models for Steganalysis of Digital Images. IEEE Transactions on Information Forensics and Security.
  5. Wang, Z., & Bovik, A. C. (2009). Mean squared error: Love it or leave it? A new look at Signal Fidelity Measures. IEEE Signal Processing Magazine.
  6. Anderson, R., & Petitcolas, F. A. P. (1998). On the limits of steganography. IEEE Journal of Selected Areas in Communications.
  7. Subramanian, N., & Jeyaraj, A. (2018). Recent security challenges in cloud computing. Computers & Electrical Engineering.