Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPSの基本から
NetworkSecurityConfigまで

Amane Nikaido
February 09, 2018
Technology
5
3.5k

 HTTPSの基本から
NetworkSecurityConfigまで

Amane Nikaido

February 09, 2018
Tweet

More Decks by Amane Nikaido

See All by Amane Nikaido
React with Kotlin
a2kaido
2
1k
Use Kotlin for build.gradle.
a2kaido
0
410
JavaからみたKotlin
a2kaido
0
84

Other Decks in Technology

See All in Technology
TryToUseCloudFlareTunnel_20230317.pdf
kenichirokimura
0
170
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
4
1.4k
IBM Cloud PLUS - #3 IBM PowerVS 入門と最新情報
6onoda
0
110
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
240
Webアプリケーション設計の第一歩は
ディレクトリの整理から / Encraft 1
okunokentaro
22
6.2k
Teamsコネクタについて(チーム、チャネル)
miyakemito
2
340
ZOZOTOWNの裏側に迫る! Javaで作られたBFFの開発事例を紹介
yutaro527
0
280
開発チーム内でのQAの役割
iseki
0
130
就活は相談したもの勝ち
carta_engineering
0
120
チーム開発における様々なボトルネックの整理 / Organization of bottlenecks in Team Development
stefafafan
0
540
計測できるレガシーさを捉え、 コード改善に対処する / phperkaigi2023
blue_goheimochi
0
140
学びが形になる!〜DeNAで6年間プロダクト開発に携わって学んだこと〜
dena_tech
PRO
0
350

Featured

See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
13
2k
5 minutes of I Can Smell Your CMS
philhawksworth
198
18k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.2k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
8
4.9k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
Art, The Web, and Tiny UX
lynnandtonic
284
18k
Reflections from 52 weeks, 52 projects
jeffersonlam
340
18k
Typedesign – Prime Four
hannesfritz
34
1.6k
Thoughts on Productivity
jonyablonski
50
2.8k
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Ruby is Unlike a Banana
tanoku
93
9.6k
Done Done
chrislema
178
15k

Transcript

  1. %SPJE,BJHJ
    )5514ͷجຊ͔Β

    /FUXPSL4FDVSJUZ$POpH·Ͱ
    ೋ֊ಊ ว (Amane Nikaido)
    @a2kaido

    View Slide

  2. ࣗݾ঺հ
    • ௨৴͕޷͖Ͱ͢

    • conbu͞Μͷ͓ख఻͍Λ

    ͠·ͨ͠

    View Slide

  3. ຊηογϣϯͷத਎
    • HTTPS௨৴ͷ໾ׂͱ࢓૊Έ

    • NetworkSecurityConfigʹ͍ͭͯ

    • NΑΓલͷPinning Certificates

    • Pinning Certificatesͷӡ༻

    View Slide

  4. എܠ
    • ެऺແઢLANʹ઀ଓ͢Δػձͷ૿Ճ

    • ௨৴಺༰ͷ౪ௌ΍վ᜵ͷՄೳੑ͕͋Δ

    View Slide

  5. 2014೥ SSLূ໌ॻݕূͷ஫ҙשى

    View Slide

  6. 2016೥ HTTPSͷεεϝ
    • Protecting against unintentional
    regressions to cleartext traffic in your
    Android apps

    https://android-developers.googleblog.com/2016/04/protecting-against-unintentional.html


    • Mythbusting HTTPS: Squashing
    security’s urban legends - Google I/O
    2016

    https://www.youtube.com/watch?v=YMfW1bfyGSY

    View Slide

  7. 2017೥ Android Developers Blog
    • 2018/11·ͰʹTarget API levelΛ26Ҏ্ʹ

    ͠·͠ΐ͏

    • Android N͔ΒϢʔβʔ͕Πϯετʔϧ

    ͨ͠ϧʔτূ໌ॻΛ৴པ͠ͳ͍Α͏ʹ
    https://android-developers.googleblog.com/2017/12/improving-app-security-and-
    performance.html

    View Slide

  8. https://goo.gl/n4Aahh

    View Slide

  9. Androidͷ

    Ξοϓσʔτ

    View Slide

  10. Android M
    • usesCleartextTraffic

    • ฏจͰͷ௨৴Λېࢭ͢Δઃఆ
    …

    android:usesCleartextTraffic=“false”>

    …


    View Slide

  11. Android N
    • Ϣʔβ͕Πϯετʔϧͨ͠ϧʔτূ໌ॻ

    Λ৴པ͠ͳ͍

    • NetworkSecurityConfig

    • ฏจͰͷ௨৴ͷ཈ࢭ

    • CAͷΞϯΧʔ

    • Pinning Certificates(ϐϯཹΊ)

    View Slide

  12. ͦ΋ͦ΋HTTPSͱ͸

    View Slide

  13. ҉߸Խ௨৴ͷࡾཁૉ
    • ػີੑ

    • ϝοηʔδ׬શੑ

    • ΤϯυϙΠϯτਅਖ਼ੑ

    View Slide

  14. ҉߸Խ௨৴ͷࡾཁૉ
    • ػີੑ

    • ϝοηʔδ׬શੑ

    • ΤϯυϙΠϯτਅਖ਼ੑ
    ҉߸Խ͞Ε͍ͯͯ

    ౪ௌ͞Εͳ͍͜ͱ

    View Slide

  15. ҉߸Խ௨৴ͷࡾཁૉ
    • ػີੑ

    • ϝοηʔδ׬શੑ

    • ΤϯυϙΠϯτਅਖ਼ੑ
    վ͟Μ͕ͳ͘

    ׬શͰ͋Δ͜ͱ

    View Slide

  16. ҉߸Խ௨৴ͷࡾཁૉ
    • ػີੑ

    • ϝοηʔδ׬શੑ

    • ΤϯυϙΠϯτਅਖ਼ੑ
    ਖ਼͍͠௨৴ઌͱ

    ௨৴͍ͯ͠Δ͜ͱ

    View Slide

  17. ҉߸Խ௨৴ͷࡾཁૉ
    • ػີੑ

    • ϝοηʔδ׬શੑ

    • ΤϯυϙΠϯτਅਖ਼ੑ
    HTTPSͰ҆શੑ͕୲อ͞Ε͍ͯΔ͸ͣͰ͸ʁ

    View Slide

  18. HTTPS௨৴Λ͢ΔͨΊͷ

    ূ໌ॻͷ࿩

    View Slide

  19. Client Server

    View Slide

  20. Client Server
    ΄Μͱʹਖ਼͍͠௨৴૬खͳͷ͔ͳʁ

    View Slide

  21. Client Server
    ΄Μͱʹਖ਼͍͠௨৴૬खͳͷ͔ͳʁ
    Certification Authority(ೝূہ)

    View Slide

  22. Client Server
    Certification Authority(ೝূہ)
    ϧʔτূ໌ॻ

    View Slide

  23. Client Server
    Certification Authority(ೝূہ)
    ϧʔτূ໌ॻ
    ॺ໊෇͖

    SSLূ໌ॻൃߦ

    View Slide

  24. Client Server
    Certification Authority(ೝূہ)
    ϧʔτূ໌ॻ
    ॺ໊෇͖

    SSLূ໌ॻൃߦ
    SSLূ໌ॻ

    View Slide

  25. Client Server
    Certification Authority(ೝূہ)
    ϧʔτূ໌ॻ
    ॺ໊෇͖

    SSLূ໌ॻൃߦ
    SSLূ໌ॻ
    CAͷॺ໊͕͋Δ͔Β

    ؒҧ͍ͳ͍

    View Slide

  26. HTTPS௨৴ͷ

    ϋϯυγΣΠΫ

    View Slide

  27. HTTPS௨৴ͷྲྀΕ 1/4
    ClientHello
    Client Server

    View Slide

  28. HTTPS௨৴ͷྲྀΕ 2/4
    ClientHello
    Client Server
    ServerHello
    Certificate

    View Slide

  29. HTTPS௨৴ͷྲྀΕ 2/4
    ClientHello
    Client Server
    ServerHello
    Certificate
    ূ໌ॻΛνΣοΫ

    ৴པ͢ΔCAͷॺ໊͕͋Δ͔

    View Slide

  30. HTTPS௨৴ͷྲྀΕ 3/4
    ClientHello
    Client Server
    ServerHello
    Certificate
    Finish
    Finish

    View Slide

  31. HTTPS௨৴ͷྲྀΕ 4/4
    ClientHello
    Client Server
    ServerHello
    Certificate
    Finish
    Finish
    HTTPS

    View Slide

  32. தؒऀ߈ܸ
    Client Server

    View Slide

  33. தؒऀ߈ܸ
    ClientHello
    Client Server
    ClientHello
    ਖ਼͍͠ূ໌ॻ

    View Slide

  34. தؒऀ߈ܸ
    ClientHello
    Client Server
    ClientHello
    ਖ਼͍͠ূ໌ॻ
    ূ໌ॻΛࠩ͠ସ͑

    View Slide

  35. தؒऀ߈ܸ
    ClientHello
    Client Server
    ClientHello
    ਖ਼͍͠ূ໌ॻ
    ِ෺ͷূ໌ॻ

    View Slide

  36. தؒऀ߈ܸ
    ClientHello
    Client Server
    ClientHello
    ਖ਼͍͠ূ໌ॻ
    ِ෺ͷূ໌ॻ
    Finish Finish
    Finish
    Finish
    HTTPS HTTPS

    View Slide

  37. தؒऀ߈ܸ
    ClientHello
    Client Server
    ClientHello
    ਖ਼͍͠ূ໌ॻ
    ِ෺ͷূ໌ॻ
    Finish Finish
    Finish
    Finish
    HTTPS HTTPS
    ͜͜Ͱূ໌ॻͷݕূΛ

    ͍ͯ͠ΔͷͰ͸ʁ

    View Slide

  38. ِ෺ͷূ໌ॻΛ৴པʁ
    • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ

    (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ)
    Մೳੑ

    • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ

    औಘͨ͠Մೳੑ

    View Slide

  39. ِ෺ͷূ໌ॻΛ৴པʁ
    • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ

    (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ)
    Մೳੑ

    • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ

    औಘͨ͠Մೳੑ
    ৴པ͢ΔCAΛ੍ݶ͢Ε͹๷͛Δ

    View Slide

  40. ِ෺ͷূ໌ॻΛ৴པʁ
    • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ

    (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ)
    Մೳੑ

    • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ

    औಘͨ͠Մೳੑ
    αʔό͕ฦ٫͢Δਖ਼͍͠ূ໌ॻΛ

    ͋Β͔͡Ί஌͍ͬͯΕ͹๷͛Δ

    View Slide

  41. Android N
    • Ϣʔβ͕Πϯετʔϧͨ͠ϧʔτূ໌ॻ

    Λ৴པ͠ͳ͍

    • NetworkSecurityConfig

    • ฏจͰͷ௨৴ͷ཈ࢭ

    • CAͷΞϯΧʔ

    • Pinning Certificates(ϐϯཹΊ)

    View Slide

  42. NetworkSecurityConfig

    (Android NҎ߱)

    View Slide

  43. NetworkSecurityConfig
    • ฏจͰͷ௨৴ͷ཈ࢭ

    • CAͷΞϯΧʔ

    • Pinning Certificates(ϐϯཹΊ)

    View Slide

  44. ઃఆํ๏
    • res/xml/network_security_config.xml

    • ઃఆ಺༰Λهड़

    • AndroidManifest.xml
    …

    android:networkSecurityConfig="@xml/network_security_config">

    …


    View Slide

  45. ฏจͰͷ௨৴ͷ཈ࢭ


    secure.example.com


    View Slide

  46. CAͷΞϯΧʔ


    secure.example.com
    cdn.example.com





    View Slide

  47. Pinning Certificates (ϐϯཹΊ)


    example.com

    { hash value }

    { hash value }



    View Slide

  48. Pinning Certificates


    example.com

    { hash value }

    { hash value }



    PinningͷظݶΛઃఆՄೳ

    ୺຤ͷγεςϜ࣌ؒͱͷൺֱ

    View Slide

  49. Pinning Certificates


    example.com

    { hash value }

    { hash value }



    αʔόʔͷSSLূ໌ॻͷϋογϡ஋Λઃఆ

    View Slide

  50. Pinning Certificates


    example.com

    { hash value }

    { hash value }



    base64 encoded digest of

    X.509 SubjectPublicKeyInfo (SPKI)

    View Slide

  51. digestͷ࡞Γํ (खݩͷূ໌ॻͰ)
    ιʔε:
    https://github.com/datatheorem/TrustKit/blob/master/
    get_pin_from_certificate.py
    $ python get_pin_from_certificate.py ca.pem

    View Slide

  52. digestͷ࡞Γํ (αʔόʔ͔Β)
    $ openssl s_client \
    -connect : \
    | openssl x509 -pubkey -noout \
    | openssl rsa -pubin -outform der \
    | openssl dgst -sha256 -binary \
    | openssl enc -base64

    View Slide

  53. NetworkSecurityConfig
    ͷιʔείʔυ΁ͷ༠͍

    View Slide

  54. ؾ࣋ͪ
    • ͳʹ͔͋ͬͨ࣌ʹௐࠪ͠΍͍͢

    • ؾʹͳΔڍಈΛ֬ೝͰ͖ΔΑ͏ʹͳΔ

    View Slide

  55. ؔ࿈Ϋϥε
    • ManifestConfigSourceΫϥε

    • ઃఆͷಡΈࠐΈ

    • XmlConfigSourceΫϥε

    • network_security_config.xmlΛύʔε

    View Slide

  56. ؔ࿈Ϋϥε
    • NetworkSecurityConfigΫϥε

    • XmlConfigSourceͰΠϯελϯεԽ͞ΕΔ

    • NetworkSecurityTrustManagerΫϥε

    • ূ໌ॻνΣοΫͱPinningνΣοΫΛ࣮ࢪ

    • ূ໌ॻνΣοΫ࣮ॲཧ͸delegateͷ
    TrustManagerImplʹ೚ͤΔ

    View Slide

  57. ؔ࿈Ϋϥε
    • TrustManagerImplΫϥε

    • ূ໌ॻνΣοΫͷ࣮૷

    • https://github.com/google/conscrypt/blob/master/platform/
    src/main/java/org/conscrypt/TrustManagerImpl.java

    • ߹ΘͤͯಡΉͱྑ͍

    https://developer.android.com/training/
    articles/security-ssl.html

    View Slide

  58. Pinning Certificates


    example.com

    { hash value }

    { hash value }



    PinningͷظݶΛઃఆՄೳ

    ୺຤ͷγεςϜ࣌ؒͱͷൺֱ


    ׃

    View Slide

  59. NetworkSecurityTrustManager
    private void checkPins(List chain) throws CertificateException
    {
    PinSet pinSet = mNetworkSecurityConfig.getPins();
    if (pinSet.pins.isEmpty()
    || System.currentTimeMillis() > pinSet.expirationTime
    || !isPinningEnforced(chain)) {
    return;
    }

    }
    PinningͷظݶΛઃఆՄೳ

    ୺຤ͷγεςϜ࣌ؒͱͷൺֱ

    View Slide

  60. ஫ҙ
    • ʮશͯཧղͨ͠ʯͱ͍ͬͯࣗ෼Ͱ

    ࣮૷͠ͳ͍͜ͱ

    View Slide

  61. Android NΑΓલͰ΋

    Pinning Certificates͢Δ

    View Slide

  62. Pinning Certificates (ϐϯཹΊ)
    ɹ TrustKit-AndroidΛར༻

    ɹ OkHttpClientͷcertificatePinnerΛར༻

    View Slide

  63. Pinning Certificates (ϐϯཹΊ)
    → TrustKit-AndroidΛར༻

    ɹ OkHttpClientͷcertificatePinnerΛར༻

    View Slide

  64. TrustKit-AndroidΛར༻
    • API 15+

    • MIT License

    • NetworkSecurityConfigͷઃఆΛ

    ಡΈࠐΜͰূ໌ॻͷݕূΛ͢Δ

    View Slide

  65. TrustKit-AndroidΛར༻
    TrustKit.initializeWithNetworkSecurityConfiguration(this);
    URL url = new URL("https://www.datatheorem.com");
    String serverHostname = url.getHost();
    // HttpsUrlConnection
    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
    connection.setSSLSocketFactory(
    TrustKit.getInstance().getSSLSocketFactory(serverHostname)
    );
    // OkHttp 3.3.x and higher
    OkHttpClient client =
    new OkHttpClient().newBuilder()
    .sslSocketFactory(
    TrustKit.getInstance().getSSLSocketFactory(serverHostname),
    TrustKit.getInstance().getTrustManager(serverHostname)
    )
    .build();
    }

    View Slide

  66. TrustKit-AndroidΛར༻
    TrustKit.initializeWithNetworkSecurityConfiguration(this);
    URL url = new URL("https://www.datatheorem.com");
    String serverHostname = url.getHost();
    // HttpsUrlConnection
    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
    connection.setSSLSocketFactory(
    TrustKit.getInstance().getSSLSocketFactory(serverHostname)
    );
    // OkHttp 3.3.x and higher
    OkHttpClient client =
    new OkHttpClient().newBuilder()
    .sslSocketFactory(
    TrustKit.getInstance().getSSLSocketFactory(serverHostname),
    TrustKit.getInstance().getTrustManager(serverHostname)
    )
    .build();
    }

    View Slide

  67. TrustKit-AndroidΛར༻
    TrustKit.initializeWithNetworkSecurityConfiguration(this);
    URL url = new URL("https://www.datatheorem.com");
    String serverHostname = url.getHost();
    // HttpsUrlConnection
    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
    connection.setSSLSocketFactory(
    TrustKit.getInstance().getSSLSocketFactory(serverHostname)
    );
    // OkHttp 3.3.x and higher
    OkHttpClient client =
    new OkHttpClient().newBuilder()
    .sslSocketFactory(
    TrustKit.getInstance().getSSLSocketFactory(serverHostname),
    TrustKit.getInstance().getTrustManager(serverHostname)
    )
    .build();
    }

    View Slide

  68. Pinning Certificates
    ɹ TrustKit-AndroidΛར༻

    → OkHttpClientͷcertificatePinnerΛར༻

    View Slide

  69. OkHttpClientͷcertificatePinnerΛར༻
    public void run() throws Exception {
    OkHttpClient client = new OkHttpClient.Builder()
    .certificatePinner(new CertificatePinner.Builder()
    .add("publicobject.com", “sha256/{ hash value }”)
    .build())
    .build();
    Request request = new Request.Builder()
    .url("https://publicobject.com/robots.txt")
    .build();
    Response response = client.newCall(request).execute();
    }

    View Slide

  70. OkHttpClientͷcertificatePinnerΛར༻
    public void run() throws Exception {
    OkHttpClient client = new OkHttpClient.Builder()
    .certificatePinner(new CertificatePinner.Builder()
    .add("publicobject.com", “sha256/{ hash value }”)
    .build())
    .build();
    Request request = new Request.Builder()
    .url("https://publicobject.com/robots.txt")
    .build();
    Response response = client.newCall(request).execute();
    }
    PinningͷظݶΛઃఆ͸ෆՄ

    View Slide

  71. Pinning Certificatesͷ

    ӡ༻

    View Slide

  72. ӡ༻࣌ͷϙΠϯτ
    • αʔόʔαΠυͱͷௐ੔

    • SSLূ໌ॻΛม͑ΒΕΔͱ௨৴Ͱ͖ͳ͘ͳΔ

    • SSLূ໌ॻߋ৽࣌ͷϧʔϧ੍ఆ

    • Pinning CerficatesͷexpireઃఆͳͲ

    View Slide

  73. ཧ૝తͳӡ༻
    Server
    ূ໌ॻAظݶ
    ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠
    Client

    View Slide

  74. ཧ૝తͳӡ༻
    Server
    ূ໌ॻAظݶ
    Client
    ূ໌ॻBൃߦ
    ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

    View Slide

  75. ཧ૝తͳӡ༻
    Server
    ূ໌ॻAظݶ
    Client
    ূ໌ॻBൃߦ
    ূ໌ॻA + BϐϯཹΊͷΞϓϦϦϦʔε

    ڧ੍Ξοϓσʔτ
    ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

    View Slide

  76. ཧ૝తͳӡ༻
    Server
    ূ໌ॻAظݶ
    Client
    ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑
    ূ໌ॻA + BϐϯཹΊͷΞϓϦϦϦʔε

    ڧ੍Ξοϓσʔτ
    ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

    View Slide

  77. ཧ૝తͳӡ༻ͷؾ࣋ͪ
    • ৗʹPinning Certificates͕༗ޮ

    • ূ໌ॻͷೖΕସ͑ͷλΠϛϯάͰ΋༗ޮ

    • expireͷઃఆΛ͍Ε͍ͯͳ͍ͷͰ

    γεςϜ͕࣌ؒͣΕ͍ͯͯ΋༗ޮ

    View Slide

  78. ཧ૝తͳӡ༻ͷؾ࣋ͪ
    • ৗʹPinning Certificates͕༗ޮ

    • ূ໌ॻͷೖΕସ͑ͷλΠϛϯάͰ΋༗ޮ

    • expireͷઃఆΛ͍Ε͍ͯͳ͍ͷͰ

    γεςϜ͕࣌ؒͣΕ͍ͯͯ΋༗ޮ
    ⚠ ΞϓϦͷߋ৽Λ๨ΕΔͱ௨৴Ͱ͖ͳ͘ͳΔ

    ⚠ ڧ੍Ξοϓσʔτ͕ඞཁ

    View Slide

  79. expireઃఆʹΑΔଥڠҊ
    Server
    ূ໌ॻAظݶ
    Client
    ূ໌ॻAϐϯཹΊظݶ

    View Slide

  80. expireઃఆʹΑΔଥڠҊ
    Server
    ূ໌ॻAظݶ
    Client
    ূ໌ॻAϐϯཹΊظݶ
    ূ໌ॻBൃߦ

    View Slide

  81. expireઃఆʹΑΔଥڠҊ
    Server
    ূ໌ॻAظݶ
    Client
    ূ໌ॻAϐϯཹΊظݶ
    ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑

    View Slide

  82. expireઃఆʹΑΔଥڠҊ
    Server
    ূ໌ॻAظݶ
    Client
    ূ໌ॻAϐϯཹΊظݶ
    ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑
    ূ໌ॻBϐϯཹΊ൛ϦϦʔε

    View Slide

  83. ଥڠҊͷؾ࣋ͪ
    • ΞϓϦͷߋ৽Λ๨Εͯ΋௨৴Ͱ͖Δ

    • ڧ੍Ξοϓσʔτ͕ඞཁͳ͍

    • ূ໌ॻ੾Γସ͑࣌ʹPinning͕ޮ͔ͳ͍
    ࣌ظ͕͋Δ

    View Slide

  84. ·ͱΊ

    View Slide

  85. ·ͱΊ
    • HTTP͸΍Ί·͠ΐ͏

    • NetworkSecurityConfigʹΑͬͯɺѱҙ
    ͷ͋Δ߈ܸऀ͔ΒϢʔβʔΛकΔઃఆ͕
    ؆୯ʹͰ͖ΔΑ͏ʹͳΓ·ͨ͠

    • ӡ༻࣌͸ؾΛ͚ͭ·͠ΐ͏

    View Slide

  86. ͝੩ௌ͋Γ͕ͱ͏

    ͍͟͝·ͨ͠

    View Slide

  87. Appendix
    • GMailͷϝοηʔδݟΒΕͨ࿩

    https://www.computerworld.com/article/2510951/cybercrime-hacking/
    hackers-spied-on-300-000-iranians-using-fake-google-certificate.html

    • ෆਖ਼ͳূ໌ॻ͕ൃߦ͞Εͨ࿩

    http://www.atmarkit.co.jp/news/201109/08/diginotar.html

    View Slide