$30 off During Our Annual Pro Sale. View Details »

疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026

疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026

JEITA (電子情報技術産業協会) 第4回 ハードウェアセキュリティ技術分科会 発表原稿

Kenji Rikitake

October 26, 2017
Tweet

More Decks by Kenji Rikitake

Other Decks in Technology

Transcript

  1. ٙࣅཚ਺ͷ࡞Γํɾ࢖͍ํ
    ήʔϜ͔Β৘ใηΩϡϦςΟ·Ͱ
    ྗ෢ ݈࣍
    ྗ෢݈ٕ࣍ज़࢜ࣄ຿ॴ
    2017೥10݄26೔ JEITA ୈ4ճϋʔυ΢ΣΞηΩϡϦςΟٕज़෼Պձ
    Kenji Rikitake / JEITA 26-OCT-2017 1

    View Slide

  2. ࣗݾ঺հ (1/2)
    1990೥ΑΓΠϯλʔωοτٕज़
    ͷݚڀ։ൃʹैࣄ
    2010೥ʙ2013೥: ژ౎େֶ ৘ใ
    ؀ڥػߏ ڭतͱͯ͠ಉେֶͷશ
    ֶ৘ใηΩϡϦςΟରࡦΛ୲౰
    2011೥/2012೥: ACM SIGPLAN
    Erlang Workshop ʹͯٙࣅཚ਺
    SFMTͱTinyMTͷErlang/OTPฒ
    ߦॲཧγεςϜ΁ͷ࣮૷Λൃද
    Kenji Rikitake / JEITA 26-OCT-2017 2

    View Slide

  3. ࣗݾ঺հ (2/2)
    2014೥4݄ΑΓྗ෢݈ٕ࣍ज़࢜
    ࣄ຿ॴॴ௕ͱͯ͠ಠཱ
    2015೥: Erlang/OTP ͷٙࣅཚ਺
    ϥΠϒϥϦ rand ϞδϡʔϧΛ։
    ൃ όʔδϣϯ18.0ΑΓ࠾༻
    2016೥: Arduino UnoͰ෺ཧཚ਺
    ʹجͮ͘ిࢠαΠίϩ avrdice
    ʢࣸਅʣΛ։ൃɺMaker Faire
    Tokyo 2016ʹͯలࣔ
    Kenji Rikitake / JEITA 26-OCT-2017 3

    View Slide

  4. ٙࣅཚ਺ͱ͸
    Kenji Rikitake / JEITA 26-OCT-2017 4

    View Slide

  5. ͦͷલʹ
    ཚ਺ͱ͸?
    Kenji Rikitake / JEITA 26-OCT-2017 5

    View Slide

  6. ཚ਺ྻͱ༧ଌෆೳੑ
    ݱࡏಘΒΕ͍ͯΔ਺ྻ͔Βະདྷ͕༧૝Ͱ͖ͳ͍਺ྻ 1
    ཚ਺ͱ͸ཚ਺ྻͷཁૉʢ͋Δ͍͸ཚ਺ྻࣗ਎ʣ
    ిࢠճ࿏ͷʮࡶԻʯʹ૬౰
    ༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏
    ϥϯμϜωε͸ʮ৘ใΤϯτϩϐʔʯͷҰཁૉ 2
    2 খ໦ીಓ෉ʮΘ͔Γ΍͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮ৘ใΤϯτϩϐʔʯ
    1 Wikipedia ʮཚ਺ྻʯΑΓൈਮ
    Kenji Rikitake / JEITA 26-OCT-2017 6

    View Slide

  7. ϥϯμϜωεΛࣔ͢෺ཧݱ৅
    ೤ࡶԻ → ఍߅ͷੜ੒͢ΔࡶԻ
    ΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻ
    ൒ಋମͷ஗Ԇ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗
    ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧ΢ϯλʔʣ
    ͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲ
    ʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣ
    Kenji Rikitake / JEITA 26-OCT-2017 7

    View Slide

  8. ෺ཧཚ਺
    ϥϯμϜωεΛࣔ͢෺ཧݱ৅ʹΑΔཚ਺ྻ
    ه࿥͸Ͱ͖Δ͕࠶ݱͰ͖ͳ͍
    ಘΒΕΔϥϯμϜωε͸༗ݶ
    →ޙड़͢Δٙࣅཚ਺ʹൺ΂ߴ଎Խ/େ༰ྔԽ͕ࠔ೉
    ੜ੒૷ஔ΁ͷ෺ཧత߈ܸ͕Մೳ
    →ੜ੒͞Εͨཚ਺͔Β߈ܸΛ࡯஌͢Δ͜ͱ͸ࠔ೉
    Kenji Rikitake / JEITA 26-OCT-2017 8

    View Slide

  9. 9

    View Slide

  10. ૿෯લͷࡶԻ
    Kenji Rikitake / JEITA 26-OCT-2017 10

    View Slide

  11. ૿෯ޙͷϥϯμϜͳϏοτྻ
    Kenji Rikitake / JEITA 26-OCT-2017 11

    View Slide

  12. 2ͭͷಠཱͨ͠ճ࿏ͷग़ྗ
    Kenji Rikitake / JEITA 26-OCT-2017 12

    View Slide

  13. ϑΥϯɾϊΠϚϯɾϑΟϧλ
    ΑΓߴ͍඼࣭ͷ෺ཧཚ਺ΛಘΔͨΊͷํ๏
    1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ
    1ͭ໨ 2ͭ໨ ݁Ռ
    0 0 ແࢹʢ࠶ࢼߦʣ
    0 1 0
    1 0 1
    1 1 ແࢹʢ࠶ࢼߦʣ
    Kenji Rikitake / JEITA 26-OCT-2017 13

    View Slide

  14. ͋ΒͨΊͯ
    ٙࣅཚ਺ͱ͸?
    Kenji Rikitake / JEITA 26-OCT-2017 14

    View Slide

  15. ཚ਺͸ίϯϐϡʔλͰ͸࡞Εͳ͍
    ཚ਺͸༧ଌෆೳͰͳ͚Ε͹ͳΒͳ͍
    →ܾఆతΞϧΰϦζϜͰ͸ੜ੒Ͱ͖ͳ͍
    ܾఆతΞϧΰϦζϜ͸಺෦ঢ়ଶΛ࣋ͭ
    ಺෦ঢ়ଶͷऔΓಘΔ৔߹ͷ਺͸༗ݶ
    ৔߹ͷ਺͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δ
    पظ͕͋Ε͹ݪཧతʹ͸༧ଌͰ͖ͯ͠·͏
    Kenji Rikitake / JEITA 26-OCT-2017 15

    View Slide

  16. ͦΕͰ΋ٙࣅཚ਺Λܭࢉ͢Δҙຯ
    पظ͕े෼ʹେ͖͍਺ྻ͸ཚ਺ͱಉ༷ͷੑ࣭Λ࣋ͭ
    →ٙࣅతʹཚ਺ͱΈͳͤΔˠٙࣅཚ਺
    ݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚ਺ͷपظ͸े෼େ͖͍
    →ྫ: SFMTͷయܕత࣮૷:
    ֬཰෼෍Λ࠶ݱ͢Δ͚ͩͰ͋Ε͹༧ଌෆೳੑ͸ෆཁ
    →ٙࣅཚ਺ྻ͕ٻΊΔ֬཰෼෍Ͱ͋Ε͹Α͍
    Kenji Rikitake / JEITA 26-OCT-2017 16

    View Slide

  17. ٙࣅཚ਺ͷ෺ཧཚ਺ʹର͢Δར఺
    ಺෦ঢ়ଶͷॳظ஋͕ಉ͡Ͱ͋Ε͹࠶ݱͰ͖Δ
    →࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ΋࢖͑Δ
    ܭࢉೳྗΛ૿΍͢͜ͱͰߴ଎Խ/େ༰ྔԽ͕Ͱ͖Δ
    →େن໛ͳधཁʹ༰қʹԠ͑ΒΕΔ
    ΞϧΰϦζϜͷ޻෉Ͱ༧ଌෆೳੑΛߴΊΒΕΔ
    →෺ཧཚ਺Ͱͳͯ͘΋࣮༻্े෼ͳ৔߹΋ଟ͍
    Kenji Rikitake / JEITA 26-OCT-2017 17

    View Slide

  18. ٙࣅཚ਺ͷ༻్
    ҉߸伴ͷੜ੒ʢ҉߸࿦తڧ౓͕ඞཁɺޙड़ʣ
    γϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣ
    ιϑτ΢ΣΞςετʢ৚݅ΛϥϯμϜʹม͑Δʣ
    εϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣ
    ෛՙ෼ࢄʢϥϯμϜʹαʔόΛબ୒ʣ
    Kenji Rikitake / JEITA 26-OCT-2017 18

    View Slide

  19. γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 3
    3 By nicoguaro - Own work, CC BY 3.0, from Wikimedia Commons
    Kenji Rikitake / JEITA 26-OCT-2017 19

    View Slide

  20. ݹ͍ٙࣅཚ਺ͷੜ੒๏: ઢܗ߹ಉ๏
    ͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩ
    ܭࢉࣜͷྫ:
    →શͯͷ৔߹͕ܭࢉՄೳͳͨΊ҆શͰ͸ͳ͍
    →ଟ࣍ݩͰنଇతʹ෼෍ͯ͠͠·͏
    →ԼҐϏοτͷϥϯμϜωε͕௿͍
    Kenji Rikitake / JEITA 26-OCT-2017 20

    View Slide

  21. ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 4
    4 CC BY-SA 3.0, from Wikimedia Commons
    Kenji Rikitake / JEITA 26-OCT-2017 21

    View Slide

  22. ݱ୅ͷੜ੒๏: LFSR
    LFSR: ઢܗϑΟʔυόοΫϨδελ 5
    ಛੑଟ߲ࣜͷྫ:
    5 By melan - ౤ߘऀࣗ਎͕࡞੒, ύϒϦοΫɾυϝΠϯ
    Kenji Rikitake / JEITA 26-OCT-2017 22

    View Slide

  23. LFSRͷಛ௃
    ಛੑଟ߲ࣜΛબͿͱ࠷௕पظʹͰ͖Δ
    ݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚ਺ੜ੒ํࣜͷجૅ
    ϋʔυ΢ΣΞԽ͕༰қ
    →GPSɺGSMܞଳɺΠʔαωοτͳͲ΁Ԡ༻
    ιϑτ΢ΣΞ࣮૷΋༰қ
    Kenji Rikitake / JEITA 26-OCT-2017 23

    View Slide

  24. ҉߸໨తҎ֎Ͱͷ͓קΊͷٙࣅཚ਺
    Mersenne Twister (MT): ௕͍पظ͕औΕΔ
    Xorshift+/*: ߴ଎
    SFMT: MTͷվྑ൛ɺ௕͍पظ͕औΕΔ
    TinyMT: ૊ΈࠐΈ໨తʹద͍ͯ͠Δ
    MTΛϥΠϒϥϦʹ࣋ͭݴޠ΋͋Δ(R, Python)
    ͨͩ͠҉߸໨తʹ࢖ͬͯ͸͍͚·ͤΜ
    Kenji Rikitake / JEITA 26-OCT-2017 24

    View Slide

  25. ҉߸࿦తʹΈͨ
    ٙࣅཚ਺ͷηΩϡϦςΟ
    Kenji Rikitake / JEITA 26-OCT-2017 25

    View Slide

  26. ٙࣅཚ਺ͷ҆શΛकΔʹ͸
    ಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍
    ৴པͰ͖Δ࣮૷Λมߋͤͣʹ࢖͏
    ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣ
    Kenji Rikitake / JEITA 26-OCT-2017 26

    View Slide

  27. JavaScriptॲཧܥV8Ͱ͋ͬͨόά
    Kenji Rikitake / JEITA 26-OCT-2017 27

    View Slide

  28. ౷ܭతͳཚ਺ͷݕఆ
    ஶ͘͠ภΓ͕͋Δ৔߹͸όά·ͨ͸ҟৗͷՄೳੑ
    ෼෍ɺฏۉ஋ɺϞϯςΧϧϩ๏ʢԁप཰ͳͲʣ
    ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6
    ֤छπʔϧ: Dieharder, TestU01, PractRand 7
    7 ৽෦༟ʮཚ਺ͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation
    6 ୮Ӌ࿕ਓɺಢۼ޹໵ʮٖࣅཚ਺ݕূπʔϧͷௐࠪ։ൃʯɺژ౎େֶ਺ཧղੳݚڀॴߨڀ࿥
    1351רɺ2004೥ɺpp. 80-93
    Kenji Rikitake / JEITA 26-OCT-2017 28

    View Slide

  29. ౷ܭతͳݕఆํ๏ͷݶք
    पظΛௐ΂Δ͜ͱ͕Ͱ͖ͳ͍
    ݕఆΛύεͯ͠΋༧ଌෆೳੑ͸ࣔͤͳ͍
    →҉߸࿦త҆શ͸ੜ੒ํ๏ͷݕূΛߦΘͳ͍͜ͱʹ
    ͸ࣔ͢͜ͱ͕Ͱ͖ͳ͍
    ୹ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍
    Kenji Rikitake / JEITA 26-OCT-2017 29

    View Slide

  30. ҉߸࿦త҆શͷ৚݅
    લఏ৚݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍
    ಺෦ঢ়ଶ͕൑໌ͯ͠΋༧ଌෆೳੑ͕อͨΕΔ
    →ΞϧΰϦζϜ/࡞੒ํ๏ͷެ։͕ݕূͷେલఏ
    →ʮൿີͷճ࿏/ΞϧΰϦζϜʯ͸৴༻͞Εͳ͍
    ҉߸࿦త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃ͸੝Μ
    →৘ใηΩϡϦςΟͷҰେݚڀ෼໺
    Kenji Rikitake / JEITA 26-OCT-2017 30

    View Slide

  31. OSͰͷ҉߸࿦త҆શͳཚ਺ੜ੒ख๏
    Kenji Rikitake / JEITA 26-OCT-2017 31

    View Slide

  32. ΑΓ҆શͳٙࣅཚ਺ΛಘΔʹ͸
    ίϯϐϡʔλ಺෦ͰͷΤϯτϩϐʔͰ͸ෆे෼
    →ಛʹԾ૝ϚγϯͰ͸Τϯτϩϐʔ͕ෆ଍
    →֎෦ʹ෺ཧཚ਺ͷڙڅݯΛઃ͚Δ
    ෺ཧཚ਺ʹ͸ϑΥϯɾϊΠϚϯɾϑΟϧλΛ࢖͏
    ෺ཧཚ਺ʹ͸ϋογϡؔ਺Λซ༻
    →֎෦ͷ৙ཚ΍߈ܸͷӨڹΛ؇࿨Ͱ͖Δ
    Kenji Rikitake / JEITA 26-OCT-2017 32

    View Slide

  33. ෺ཧཚ਺ͱϋογϡؔ਺ͷซ༻
    Kenji Rikitake / JEITA 26-OCT-2017 33

    View Slide

  34. ҉߸໨తͰٙࣅཚ਺Λ࢖͏ʹ͸
    ՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ࢖͏
    →Linux/macOS/BSD: /dev/urandom
    →Windows: CryptGenRandom
    →Android: SecureRandom
    ͦͷଞOpenSSL, LibreSSLͳͲ
    ݪଇࣗ෼ͰϓϩάϥϜ͸ॻ͍ͯ͸͍͚ͳ͍
    Kenji Rikitake / JEITA 26-OCT-2017 34

    View Slide

  35. MCU΍CPUͷ෺ཧཚ਺ͷ৴པੑ
    Intel x86_64: RDRAND/RDSEED ໋ྩ
    →౰ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ
    →ͦͷ··࢖ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔ
    ARM Cortex-M4౳Ͱ΋ࣄ৘͸ಉ͡
    →࠷௿ݶϋογϡؔ਺ͱซ༻͕ඞཁ
    Kenji Rikitake / JEITA 26-OCT-2017 35

    View Slide

  36. ݕূෆे෼ͳٙࣅཚ਺ʹΑΔ੬ऑੑ
    ݕূෆे෼ͳٙࣅཚ਺ͷੜ੒৘ใ͸੬ऑੑͱͳΔ
    IEEE 802.11Ͱͷ伴ੜ੒ʹ܎Δཚ਺ੜ੒૷ஔͷ੬ऑੑ
    ˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8
    InfineonࣾͷRSA҉߸伴ੜ੒࣌ͷݕূෆ଍Ͱ੬ऑͳ҉
    ߸伴͕ੜ੒ˠTPM΍ICΧʔυೝূʹӨڹ9
    9 ROCA: Vulnerable RSA generation (CVE-2017-15361)
    8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11
    Group Keys, 25th USENIX Security Symposium
    Kenji Rikitake / JEITA 26-OCT-2017 36

    View Slide

  37. ·ͱΊ
    ෺ཧཚ਺૷ஔ͸੡଄աఔ͕͔֬ͳ΋ͷΛ࢖͏
    ෺ཧཚ਺૷ஔͷੜ੒݁ՌΛͦͷ··৴༻͠ͳ͍
    ٙࣅཚ਺͸৽͘͠ධՁ͕࣮֬ͳ΋ͷΛ࢖͏
    ҉߸ϓϩτίϧʹ͸OSͷϥΠϒϥϦΛ࢖͏
    ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυ͸ϦεΫ
    Kenji Rikitake / JEITA 26-OCT-2017 37

    View Slide

  38. ͋Γ͕ͱ͏͍͟͝·ͨ͠
    ࣭͝໰ΛͲ͏ͧ
    Kenji Rikitake / JEITA 26-OCT-2017 38

    View Slide

  39. ຊจதͷURLʹ͍ͭͯ͸ https://speakerdeck.com/
    jj1bdx/jeita-20171026 Λࢀর
    ը૾ΫϨδοτ:
    ग़యΛ໌ه͍ͯ͠ͳ͍΋ͷ͸ྗ෢ ݈͕࣍ࡱӨ
    λΠτϧεϥΠυͷഎܠ: TV Noise, Theodore Pulser,
    PublicDomainPictures.net (public domain)
    ֤ηΫγϣϯͷഎܠʢ਺ࣈͷฒΜͰ͍Δ΋ͷʣ: Tyler
    Easton, Unsplash.com (public domain)
    Kenji Rikitake / JEITA 26-OCT-2017 39

    View Slide