JEITA (電子情報技術産業協会) 第4回 ハードウェアセキュリティ技術分科会 発表原稿
ٙࣅཚͷ࡞Γํɾ͍ํήʔϜ͔ΒใηΩϡϦςΟ·Ͱྗ ݈࣍ྗ݈ٕ࣍ज़࢜ࣄॴ201710݄26 JEITA ୈ4ճϋʔυΣΞηΩϡϦςΟٕज़ՊձKenji Rikitake / JEITA 26-OCT-2017 1
View Slide
ࣗݾհ (1/2)1990ΑΓΠϯλʔωοτٕज़ͷݚڀ։ൃʹैࣄ2010ʙ2013: ژେֶ ใڥػߏ ڭतͱͯ͠ಉେֶͷશֶใηΩϡϦςΟରࡦΛ୲2011/2012: ACM SIGPLANErlang Workshop ʹͯٙࣅཚSFMTͱTinyMTͷErlang/OTPฒߦॲཧγεςϜͷ࣮ΛൃදKenji Rikitake / JEITA 26-OCT-2017 2
ࣗݾհ (2/2)20144݄ΑΓྗ݈ٕ࣍ज़࢜ࣄॴॴͱͯ͠ಠཱ2015: Erlang/OTP ͷٙࣅཚϥΠϒϥϦ rand ϞδϡʔϧΛ։ൃ όʔδϣϯ18.0ΑΓ࠾༻2016: Arduino UnoͰཧཚʹجͮ͘ిࢠαΠίϩ avrdiceʢࣸਅʣΛ։ൃɺMaker FaireTokyo 2016ʹͯలࣔKenji Rikitake / JEITA 26-OCT-2017 3
ٙࣅཚͱKenji Rikitake / JEITA 26-OCT-2017 4
ͦͷલʹཚͱ?Kenji Rikitake / JEITA 26-OCT-2017 5
ཚྻͱ༧ଌෆೳੑݱࡏಘΒΕ͍ͯΔྻ͔Βະདྷ͕༧Ͱ͖ͳ͍ྻ 1ཚͱཚྻͷཁૉʢ͋Δ͍ཚྻࣗʣిࢠճ࿏ͷʮࡶԻʯʹ૬༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏ϥϯμϜωεʮใΤϯτϩϐʔʯͷҰཁૉ 22 খીಓʮΘ͔Γ͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮใΤϯτϩϐʔʯ1 Wikipedia ʮཚྻʯΑΓൈਮKenji Rikitake / JEITA 26-OCT-2017 6
ϥϯμϜωεΛࣔ͢ཧݱࡶԻ → ߅ͷੜ͢ΔࡶԻΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻಋମͷԆ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧϯλʔʣͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣKenji Rikitake / JEITA 26-OCT-2017 7
ཧཚϥϯμϜωεΛࣔ͢ཧݱʹΑΔཚྻهͰ͖Δ͕࠶ݱͰ͖ͳ͍ಘΒΕΔϥϯμϜωε༗ݶ→ޙड़͢ΔٙࣅཚʹൺߴԽ/େ༰ྔԽ͕ࠔੜஔͷཧత߈ܸ͕Մೳ→ੜ͞Εͨཚ͔Β߈ܸΛ͢Δ͜ͱࠔKenji Rikitake / JEITA 26-OCT-2017 8
9
૿෯લͷࡶԻKenji Rikitake / JEITA 26-OCT-2017 10
૿෯ޙͷϥϯμϜͳϏοτྻKenji Rikitake / JEITA 26-OCT-2017 11
2ͭͷಠཱͨ͠ճ࿏ͷग़ྗKenji Rikitake / JEITA 26-OCT-2017 12
ϑΥϯɾϊΠϚϯɾϑΟϧλΑΓߴ͍࣭ͷཧཚΛಘΔͨΊͷํ๏1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ1ͭ 2ͭ ݁Ռ0 0 ແࢹʢ࠶ࢼߦʣ0 1 01 0 11 1 ແࢹʢ࠶ࢼߦʣKenji Rikitake / JEITA 26-OCT-2017 13
͋ΒͨΊͯٙࣅཚͱ?Kenji Rikitake / JEITA 26-OCT-2017 14
ཚίϯϐϡʔλͰ࡞Εͳ͍ཚ༧ଌෆೳͰͳ͚ΕͳΒͳ͍→ܾఆతΞϧΰϦζϜͰੜͰ͖ͳ͍ܾఆతΞϧΰϦζϜ෦ঢ়ଶΛ࣋ͭ෦ঢ়ଶͷऔΓಘΔ߹ͷ༗ݶ߹ͷ͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δपظ͕͋Εݪཧతʹ༧ଌͰ͖ͯ͠·͏Kenji Rikitake / JEITA 26-OCT-2017 15
ͦΕͰٙࣅཚΛܭࢉ͢Δҙຯपظ͕ेʹେ͖͍ྻཚͱಉ༷ͷੑ࣭Λ࣋ͭ→ٙࣅతʹཚͱΈͳͤΔˠٙࣅཚݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚͷपظेେ͖͍→ྫ: SFMTͷయܕత࣮:֬Λ࠶ݱ͢Δ͚ͩͰ͋Ε༧ଌෆೳੑෆཁ→ٙࣅཚྻ͕ٻΊΔ֬Ͱ͋ΕΑ͍Kenji Rikitake / JEITA 26-OCT-2017 16
ٙࣅཚͷཧཚʹର͢Δར෦ঢ়ଶͷॳظ͕ಉ͡Ͱ͋Ε࠶ݱͰ͖Δ→࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ͑ΔܭࢉೳྗΛ૿͢͜ͱͰߴԽ/େ༰ྔԽ͕Ͱ͖Δ→େنͳधཁʹ༰қʹԠ͑ΒΕΔΞϧΰϦζϜͷͰ༧ଌෆೳੑΛߴΊΒΕΔ→ཧཚͰͳ࣮ͯ͘༻্ेͳ߹ଟ͍Kenji Rikitake / JEITA 26-OCT-2017 17
ٙࣅཚͷ༻్҉߸伴ͷੜʢ҉߸తڧ͕ඞཁɺޙड़ʣγϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣιϑτΣΞςετʢ݅ΛϥϯμϜʹม͑ΔʣεϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣෛՙࢄʢϥϯμϜʹαʔόΛબʣKenji Rikitake / JEITA 26-OCT-2017 18
γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 33 By nicoguaro - Own work, CC BY 3.0, from Wikimedia CommonsKenji Rikitake / JEITA 26-OCT-2017 19
ݹ͍ٙࣅཚͷੜ๏: ઢܗ߹ಉ๏͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩܭࢉࣜͷྫ:→શͯͷ߹͕ܭࢉՄೳͳͨΊ҆શͰͳ͍→ଟ࣍ݩͰنଇతʹͯ͠͠·͏→ԼҐϏοτͷϥϯμϜωε͕͍Kenji Rikitake / JEITA 26-OCT-2017 20
ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 44 CC BY-SA 3.0, from Wikimedia CommonsKenji Rikitake / JEITA 26-OCT-2017 21
ݱͷੜ๏: LFSRLFSR: ઢܗϑΟʔυόοΫϨδελ 5ಛੑଟ߲ࣜͷྫ:5 By melan - ߘऀ͕ࣗ࡞, ύϒϦοΫɾυϝΠϯKenji Rikitake / JEITA 26-OCT-2017 22
LFSRͷಛಛੑଟ߲ࣜΛબͿͱ࠷पظʹͰ͖Δݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚੜํࣜͷجૅϋʔυΣΞԽ͕༰қ→GPSɺGSMܞଳɺΠʔαωοτͳͲԠ༻ιϑτΣΞ࣮༰қKenji Rikitake / JEITA 26-OCT-2017 23
҉߸తҎ֎Ͱͷ͓קΊͷٙࣅཚMersenne Twister (MT): ͍पظ͕औΕΔXorshift+/*: ߴSFMT: MTͷվྑ൛ɺ͍पظ͕औΕΔTinyMT: ΈࠐΈతʹద͍ͯ͠ΔMTΛϥΠϒϥϦʹ࣋ͭݴޠ͋Δ(R, Python)ͨͩ͠҉߸తʹ͍͚ͬͯ·ͤΜKenji Rikitake / JEITA 26-OCT-2017 24
҉߸తʹΈͨٙࣅཚͷηΩϡϦςΟKenji Rikitake / JEITA 26-OCT-2017 25
ٙࣅཚͷ҆શΛकΔʹಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍৴པͰ͖Δ࣮Λมߋͤͣʹ͏ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣKenji Rikitake / JEITA 26-OCT-2017 26
JavaScriptॲཧܥV8Ͱ͋ͬͨόάKenji Rikitake / JEITA 26-OCT-2017 27
౷ܭతͳཚͷݕఆஶ͘͠ภΓ͕͋Δ߹όά·ͨҟৗͷՄೳੑɺฏۉɺϞϯςΧϧϩ๏ʢԁपͳͲʣ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6֤छπʔϧ: Dieharder, TestU01, PractRand 77 ৽෦༟ʮཚͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation6 ୮Ӌ࿕ਓɺಢۼʮٖࣅཚݕূπʔϧͷௐࠪ։ൃʯɺژେֶཧղੳݚڀॴߨڀ1351רɺ2004ɺpp. 80-93Kenji Rikitake / JEITA 26-OCT-2017 28
౷ܭతͳݕఆํ๏ͷݶքपظΛௐΔ͜ͱ͕Ͱ͖ͳ͍ݕఆΛύεͯ͠༧ଌෆೳੑࣔͤͳ͍→҉߸త҆શੜํ๏ͷݕূΛߦΘͳ͍͜ͱʹࣔ͢͜ͱ͕Ͱ͖ͳ͍ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍Kenji Rikitake / JEITA 26-OCT-2017 29
҉߸త҆શͷ݅લఏ݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍෦ঢ়ଶ͕໌ͯ͠༧ଌෆೳੑ͕อͨΕΔ→ΞϧΰϦζϜ/࡞ํ๏ͷެ։͕ݕূͷେલఏ→ʮൿີͷճ࿏/ΞϧΰϦζϜʯ৴༻͞Εͳ͍҉߸త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃΜ→ใηΩϡϦςΟͷҰେݚڀKenji Rikitake / JEITA 26-OCT-2017 30
OSͰͷ҉߸త҆શͳཚੜख๏Kenji Rikitake / JEITA 26-OCT-2017 31
ΑΓ҆શͳٙࣅཚΛಘΔʹίϯϐϡʔλ෦ͰͷΤϯτϩϐʔͰෆे→ಛʹԾϚγϯͰΤϯτϩϐʔ͕ෆ→֎෦ʹཧཚͷڙڅݯΛઃ͚ΔཧཚʹϑΥϯɾϊΠϚϯɾϑΟϧλΛ͏ཧཚʹϋογϡؔΛซ༻→֎෦ͷཚ߈ܸͷӨڹΛ؇Ͱ͖ΔKenji Rikitake / JEITA 26-OCT-2017 32
ཧཚͱϋογϡؔͷซ༻Kenji Rikitake / JEITA 26-OCT-2017 33
҉߸తͰٙࣅཚΛ͏ʹՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ͏→Linux/macOS/BSD: /dev/urandom→Windows: CryptGenRandom→Android: SecureRandomͦͷଞOpenSSL, LibreSSLͳͲݪଇࣗͰϓϩάϥϜॻ͍͍͚ͯͳ͍Kenji Rikitake / JEITA 26-OCT-2017 34
MCUCPUͷཧཚͷ৴པੑIntel x86_64: RDRAND/RDSEED ໋ྩ→ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ→ͦͷ··ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔARM Cortex-M4Ͱࣄಉ͡→࠷ݶϋογϡؔͱซ༻͕ඞཁKenji Rikitake / JEITA 26-OCT-2017 35
ݕূෆेͳٙࣅཚʹΑΔ੬ऑੑݕূෆेͳٙࣅཚͷੜใ੬ऑੑͱͳΔIEEE 802.11Ͱͷ伴ੜʹΔཚੜஔͷ੬ऑੑˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8InfineonࣾͷRSA҉߸伴ੜ࣌ͷݕূෆͰ੬ऑͳ҉߸伴͕ੜˠTPMICΧʔυೝূʹӨڹ99 ROCA: Vulnerable RSA generation (CVE-2017-15361)8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11Group Keys, 25th USENIX Security SymposiumKenji Rikitake / JEITA 26-OCT-2017 36
·ͱΊཧཚஔաఔ͕͔֬ͳͷΛ͏ཧཚஔͷੜ݁ՌΛͦͷ··৴༻͠ͳ͍ٙࣅཚ৽͘͠ධՁ͕࣮֬ͳͷΛ͏҉߸ϓϩτίϧʹOSͷϥΠϒϥϦΛ͏ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυϦεΫKenji Rikitake / JEITA 26-OCT-2017 37
͋Γ͕ͱ͏͍͟͝·࣭ͨ͠͝ΛͲ͏ͧKenji Rikitake / JEITA 26-OCT-2017 38
ຊจதͷURLʹ͍ͭͯ https://speakerdeck.com/jj1bdx/jeita-20171026 Λࢀরը૾ΫϨδοτ:ग़యΛ໌ه͍ͯ͠ͳ͍ͷྗ ݈͕࣍ࡱӨλΠτϧεϥΠυͷഎܠ: TV Noise, Theodore Pulser,PublicDomainPictures.net (public domain)֤ηΫγϣϯͷഎܠʢࣈͷฒΜͰ͍Δͷʣ: TylerEaston, Unsplash.com (public domain)Kenji Rikitake / JEITA 26-OCT-2017 39