疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026

疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026

JEITA (電子情報技術産業協会) 第4回 ハードウェアセキュリティ技術分科会 発表原稿

Fc3b290038a97f5df6fec7660c357ef4?s=128

Kenji Rikitake

October 26, 2017
Tweet

Transcript

  1. ٙࣅཚ਺ͷ࡞Γํɾ࢖͍ํ ήʔϜ͔Β৘ใηΩϡϦςΟ·Ͱ ྗ෢ ݈࣍ ྗ෢݈ٕ࣍ज़࢜ࣄ຿ॴ 2017೥10݄26೔ JEITA ୈ4ճϋʔυ΢ΣΞηΩϡϦςΟٕज़෼Պձ Kenji Rikitake

    / JEITA 26-OCT-2017 1
  2. ࣗݾ঺հ (1/2) 1990೥ΑΓΠϯλʔωοτٕज़ ͷݚڀ։ൃʹैࣄ 2010೥ʙ2013೥: ژ౎େֶ ৘ใ ؀ڥػߏ ڭतͱͯ͠ಉେֶͷશ ֶ৘ใηΩϡϦςΟରࡦΛ୲౰

    2011೥/2012೥: ACM SIGPLAN Erlang Workshop ʹͯٙࣅཚ਺ SFMTͱTinyMTͷErlang/OTPฒ ߦॲཧγεςϜ΁ͷ࣮૷Λൃද Kenji Rikitake / JEITA 26-OCT-2017 2
  3. ࣗݾ঺հ (2/2) 2014೥4݄ΑΓྗ෢݈ٕ࣍ज़࢜ ࣄ຿ॴॴ௕ͱͯ͠ಠཱ 2015೥: Erlang/OTP ͷٙࣅཚ਺ ϥΠϒϥϦ rand ϞδϡʔϧΛ։

    ൃ όʔδϣϯ18.0ΑΓ࠾༻ 2016೥: Arduino UnoͰ෺ཧཚ਺ ʹجͮ͘ిࢠαΠίϩ avrdice ʢࣸਅʣΛ։ൃɺMaker Faire Tokyo 2016ʹͯలࣔ Kenji Rikitake / JEITA 26-OCT-2017 3
  4. ٙࣅཚ਺ͱ͸ Kenji Rikitake / JEITA 26-OCT-2017 4

  5. ͦͷલʹ ཚ਺ͱ͸? Kenji Rikitake / JEITA 26-OCT-2017 5

  6. ཚ਺ྻͱ༧ଌෆೳੑ ݱࡏಘΒΕ͍ͯΔ਺ྻ͔Βະདྷ͕༧૝Ͱ͖ͳ͍਺ྻ 1 ཚ਺ͱ͸ཚ਺ྻͷཁૉʢ͋Δ͍͸ཚ਺ྻࣗ਎ʣ ిࢠճ࿏ͷʮࡶԻʯʹ૬౰ ༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏ ϥϯμϜωε͸ʮ৘ใΤϯτϩϐʔʯͷҰཁૉ 2 2 খ໦ીಓ෉ʮΘ͔Γ΍͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮ৘ใΤϯτϩϐʔʯ

    1 Wikipedia ʮཚ਺ྻʯΑΓൈਮ Kenji Rikitake / JEITA 26-OCT-2017 6
  7. ϥϯμϜωεΛࣔ͢෺ཧݱ৅ ೤ࡶԻ → ఍߅ͷੜ੒͢ΔࡶԻ ΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻ ൒ಋମͷ஗Ԇ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗

    ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧ΢ϯλʔʣ ͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲ ʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣ Kenji Rikitake / JEITA 26-OCT-2017 7
  8. ෺ཧཚ਺ ϥϯμϜωεΛࣔ͢෺ཧݱ৅ʹΑΔཚ਺ྻ ه࿥͸Ͱ͖Δ͕࠶ݱͰ͖ͳ͍ ಘΒΕΔϥϯμϜωε͸༗ݶ →ޙड़͢Δٙࣅཚ਺ʹൺ΂ߴ଎Խ/େ༰ྔԽ͕ࠔ೉ ੜ੒૷ஔ΁ͷ෺ཧత߈ܸ͕Մೳ →ੜ੒͞Εͨཚ਺͔Β߈ܸΛ࡯஌͢Δ͜ͱ͸ࠔ೉ Kenji Rikitake /

    JEITA 26-OCT-2017 8
  9. 9

  10. ૿෯લͷࡶԻ Kenji Rikitake / JEITA 26-OCT-2017 10

  11. ૿෯ޙͷϥϯμϜͳϏοτྻ Kenji Rikitake / JEITA 26-OCT-2017 11

  12. 2ͭͷಠཱͨ͠ճ࿏ͷग़ྗ Kenji Rikitake / JEITA 26-OCT-2017 12

  13. ϑΥϯɾϊΠϚϯɾϑΟϧλ ΑΓߴ͍඼࣭ͷ෺ཧཚ਺ΛಘΔͨΊͷํ๏ 1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ 1ͭ໨ 2ͭ໨ ݁Ռ 0 0 ແࢹʢ࠶ࢼߦʣ 0

    1 0 1 0 1 1 1 ແࢹʢ࠶ࢼߦʣ Kenji Rikitake / JEITA 26-OCT-2017 13
  14. ͋ΒͨΊͯ ٙࣅཚ਺ͱ͸? Kenji Rikitake / JEITA 26-OCT-2017 14

  15. ཚ਺͸ίϯϐϡʔλͰ͸࡞Εͳ͍ ཚ਺͸༧ଌෆೳͰͳ͚Ε͹ͳΒͳ͍ →ܾఆతΞϧΰϦζϜͰ͸ੜ੒Ͱ͖ͳ͍ ܾఆతΞϧΰϦζϜ͸಺෦ঢ়ଶΛ࣋ͭ ಺෦ঢ়ଶͷऔΓಘΔ৔߹ͷ਺͸༗ݶ ৔߹ͷ਺͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δ पظ͕͋Ε͹ݪཧతʹ͸༧ଌͰ͖ͯ͠·͏ Kenji Rikitake /

    JEITA 26-OCT-2017 15
  16. ͦΕͰ΋ٙࣅཚ਺Λܭࢉ͢Δҙຯ पظ͕े෼ʹେ͖͍਺ྻ͸ཚ਺ͱಉ༷ͷੑ࣭Λ࣋ͭ →ٙࣅతʹཚ਺ͱΈͳͤΔˠٙࣅཚ਺ ݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚ਺ͷपظ͸े෼େ͖͍ →ྫ: SFMTͷయܕత࣮૷: ֬཰෼෍Λ࠶ݱ͢Δ͚ͩͰ͋Ε͹༧ଌෆೳੑ͸ෆཁ →ٙࣅཚ਺ྻ͕ٻΊΔ֬཰෼෍Ͱ͋Ε͹Α͍ Kenji Rikitake

    / JEITA 26-OCT-2017 16
  17. ٙࣅཚ਺ͷ෺ཧཚ਺ʹର͢Δར఺ ಺෦ঢ়ଶͷॳظ஋͕ಉ͡Ͱ͋Ε͹࠶ݱͰ͖Δ →࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ΋࢖͑Δ ܭࢉೳྗΛ૿΍͢͜ͱͰߴ଎Խ/େ༰ྔԽ͕Ͱ͖Δ →େن໛ͳधཁʹ༰қʹԠ͑ΒΕΔ ΞϧΰϦζϜͷ޻෉Ͱ༧ଌෆೳੑΛߴΊΒΕΔ →෺ཧཚ਺Ͱͳͯ͘΋࣮༻্े෼ͳ৔߹΋ଟ͍ Kenji Rikitake /

    JEITA 26-OCT-2017 17
  18. ٙࣅཚ਺ͷ༻్ ҉߸伴ͷੜ੒ʢ҉߸࿦తڧ౓͕ඞཁɺޙड़ʣ γϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣ ιϑτ΢ΣΞςετʢ৚݅ΛϥϯμϜʹม͑Δʣ εϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣ ෛՙ෼ࢄʢϥϯμϜʹαʔόΛબ୒ʣ Kenji Rikitake / JEITA

    26-OCT-2017 18
  19. γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 3 3 By nicoguaro - Own work, CC

    BY 3.0, from Wikimedia Commons Kenji Rikitake / JEITA 26-OCT-2017 19
  20. ݹ͍ٙࣅཚ਺ͷੜ੒๏: ઢܗ߹ಉ๏ ͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩ ܭࢉࣜͷྫ: →શͯͷ৔߹͕ܭࢉՄೳͳͨΊ҆શͰ͸ͳ͍ →ଟ࣍ݩͰنଇతʹ෼෍ͯ͠͠·͏ →ԼҐϏοτͷϥϯμϜωε͕௿͍ Kenji Rikitake /

    JEITA 26-OCT-2017 20
  21. ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 4 4 CC BY-SA 3.0, from Wikimedia Commons Kenji

    Rikitake / JEITA 26-OCT-2017 21
  22. ݱ୅ͷੜ੒๏: LFSR LFSR: ઢܗϑΟʔυόοΫϨδελ 5 ಛੑଟ߲ࣜͷྫ: 5 By melan -

    ౤ߘऀࣗ਎͕࡞੒, ύϒϦοΫɾυϝΠϯ Kenji Rikitake / JEITA 26-OCT-2017 22
  23. LFSRͷಛ௃ ಛੑଟ߲ࣜΛબͿͱ࠷௕पظʹͰ͖Δ ݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚ਺ੜ੒ํࣜͷجૅ ϋʔυ΢ΣΞԽ͕༰қ →GPSɺGSMܞଳɺΠʔαωοτͳͲ΁Ԡ༻ ιϑτ΢ΣΞ࣮૷΋༰қ Kenji Rikitake / JEITA

    26-OCT-2017 23
  24. ҉߸໨తҎ֎Ͱͷ͓קΊͷٙࣅཚ਺ Mersenne Twister (MT): ௕͍पظ͕औΕΔ Xorshift+/*: ߴ଎ SFMT: MTͷվྑ൛ɺ௕͍पظ͕औΕΔ TinyMT:

    ૊ΈࠐΈ໨తʹద͍ͯ͠Δ MTΛϥΠϒϥϦʹ࣋ͭݴޠ΋͋Δ(R, Python) ͨͩ͠҉߸໨తʹ࢖ͬͯ͸͍͚·ͤΜ Kenji Rikitake / JEITA 26-OCT-2017 24
  25. ҉߸࿦తʹΈͨ ٙࣅཚ਺ͷηΩϡϦςΟ Kenji Rikitake / JEITA 26-OCT-2017 25

  26. ٙࣅཚ਺ͷ҆શΛकΔʹ͸ ಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍ ৴པͰ͖Δ࣮૷Λมߋͤͣʹ࢖͏ ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣ Kenji Rikitake / JEITA 26-OCT-2017 26

  27. JavaScriptॲཧܥV8Ͱ͋ͬͨόά Kenji Rikitake / JEITA 26-OCT-2017 27

  28. ౷ܭతͳཚ਺ͷݕఆ ஶ͘͠ภΓ͕͋Δ৔߹͸όά·ͨ͸ҟৗͷՄೳੑ ෼෍ɺฏۉ஋ɺϞϯςΧϧϩ๏ʢԁप཰ͳͲʣ ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6 ֤छπʔϧ: Dieharder, TestU01, PractRand

    7 7 ৽෦༟ʮཚ਺ͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation 6 ୮Ӌ࿕ਓɺಢۼ޹໵ʮٖࣅཚ਺ݕূπʔϧͷௐࠪ։ൃʯɺژ౎େֶ਺ཧղੳݚڀॴߨڀ࿥ 1351רɺ2004೥ɺpp. 80-93 Kenji Rikitake / JEITA 26-OCT-2017 28
  29. ౷ܭతͳݕఆํ๏ͷݶք पظΛௐ΂Δ͜ͱ͕Ͱ͖ͳ͍ ݕఆΛύεͯ͠΋༧ଌෆೳੑ͸ࣔͤͳ͍ →҉߸࿦త҆શ͸ੜ੒ํ๏ͷݕূΛߦΘͳ͍͜ͱʹ ͸ࣔ͢͜ͱ͕Ͱ͖ͳ͍ ୹ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍ Kenji Rikitake / JEITA

    26-OCT-2017 29
  30. ҉߸࿦త҆શͷ৚݅ લఏ৚݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍ ಺෦ঢ়ଶ͕൑໌ͯ͠΋༧ଌෆೳੑ͕อͨΕΔ →ΞϧΰϦζϜ/࡞੒ํ๏ͷެ։͕ݕূͷେલఏ →ʮൿີͷճ࿏/ΞϧΰϦζϜʯ͸৴༻͞Εͳ͍ ҉߸࿦త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃ͸੝Μ →৘ใηΩϡϦςΟͷҰେݚڀ෼໺ Kenji Rikitake

    / JEITA 26-OCT-2017 30
  31. OSͰͷ҉߸࿦త҆શͳཚ਺ੜ੒ख๏ Kenji Rikitake / JEITA 26-OCT-2017 31

  32. ΑΓ҆શͳٙࣅཚ਺ΛಘΔʹ͸ ίϯϐϡʔλ಺෦ͰͷΤϯτϩϐʔͰ͸ෆे෼ →ಛʹԾ૝ϚγϯͰ͸Τϯτϩϐʔ͕ෆ଍ →֎෦ʹ෺ཧཚ਺ͷڙڅݯΛઃ͚Δ ෺ཧཚ਺ʹ͸ϑΥϯɾϊΠϚϯɾϑΟϧλΛ࢖͏ ෺ཧཚ਺ʹ͸ϋογϡؔ਺Λซ༻ →֎෦ͷ৙ཚ΍߈ܸͷӨڹΛ؇࿨Ͱ͖Δ Kenji Rikitake /

    JEITA 26-OCT-2017 32
  33. ෺ཧཚ਺ͱϋογϡؔ਺ͷซ༻ Kenji Rikitake / JEITA 26-OCT-2017 33

  34. ҉߸໨తͰٙࣅཚ਺Λ࢖͏ʹ͸ ՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ࢖͏ →Linux/macOS/BSD: /dev/urandom →Windows: CryptGenRandom →Android: SecureRandom ͦͷଞOpenSSL, LibreSSLͳͲ

    ݪଇࣗ෼ͰϓϩάϥϜ͸ॻ͍ͯ͸͍͚ͳ͍ Kenji Rikitake / JEITA 26-OCT-2017 34
  35. MCU΍CPUͷ෺ཧཚ਺ͷ৴པੑ Intel x86_64: RDRAND/RDSEED ໋ྩ →౰ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ →ͦͷ··࢖ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔ ARM Cortex-M4౳Ͱ΋ࣄ৘͸ಉ͡ →࠷௿ݶϋογϡؔ਺ͱซ༻͕ඞཁ

    Kenji Rikitake / JEITA 26-OCT-2017 35
  36. ݕূෆे෼ͳٙࣅཚ਺ʹΑΔ੬ऑੑ ݕূෆे෼ͳٙࣅཚ਺ͷੜ੒৘ใ͸੬ऑੑͱͳΔ IEEE 802.11Ͱͷ伴ੜ੒ʹ܎Δཚ਺ੜ੒૷ஔͷ੬ऑੑ ˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8 InfineonࣾͷRSA҉߸伴ੜ੒࣌ͷݕূෆ଍Ͱ੬ऑͳ҉ ߸伴͕ੜ੒ˠTPM΍ICΧʔυೝূʹӨڹ9 9 ROCA:

    Vulnerable RSA generation (CVE-2017-15361) 8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys, 25th USENIX Security Symposium Kenji Rikitake / JEITA 26-OCT-2017 36
  37. ·ͱΊ ෺ཧཚ਺૷ஔ͸੡଄աఔ͕͔֬ͳ΋ͷΛ࢖͏ ෺ཧཚ਺૷ஔͷੜ੒݁ՌΛͦͷ··৴༻͠ͳ͍ ٙࣅཚ਺͸৽͘͠ධՁ͕࣮֬ͳ΋ͷΛ࢖͏ ҉߸ϓϩτίϧʹ͸OSͷϥΠϒϥϦΛ࢖͏ ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυ͸ϦεΫ Kenji Rikitake / JEITA

    26-OCT-2017 37
  38. ͋Γ͕ͱ͏͍͟͝·ͨ͠ ࣭͝໰ΛͲ͏ͧ Kenji Rikitake / JEITA 26-OCT-2017 38

  39. ຊจதͷURLʹ͍ͭͯ͸ https://speakerdeck.com/ jj1bdx/jeita-20171026 Λࢀর ը૾ΫϨδοτ: ग़యΛ໌ه͍ͯ͠ͳ͍΋ͷ͸ྗ෢ ݈͕࣍ࡱӨ λΠτϧεϥΠυͷഎܠ: TV Noise,

    Theodore Pulser, PublicDomainPictures.net (public domain) ֤ηΫγϣϯͷഎܠʢ਺ࣈͷฒΜͰ͍Δ΋ͷʣ: Tyler Easton, Unsplash.com (public domain) Kenji Rikitake / JEITA 26-OCT-2017 39