Upgrade to Pro — share decks privately, control downloads, hide ads and more …

疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026

Kenji Rikitake
October 26, 2017
Technology
1
520

疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026

JEITA (電子情報技術産業協会) 第4回 ハードウェアセキュリティ技術分科会 発表原稿

Kenji Rikitake

October 26, 2017
Tweet

More Decks by Kenji Rikitake

See All by Kenji Rikitake
SDR Implementation of Analog FM Broadcast Multipath Filter
jj1bdx
0
440
インターネットとオープンな無線技術の今後 / Future of Internet and Open Radio Engineering
jj1bdx
0
950
FM放送とマルチパスを適応フィルタで極めてみた / Solving multipath distortion of FM broadcast by adaptive filters
jj1bdx
1
2.7k
ソフトウェアラジオとC++ そしてFMエアチェックのための信号解析と数値計算にまつわるよもやま話 / Software radio and C++
jj1bdx
0
640
SDR時代のFM受信 マルチパスモニタとマルチパスフィルタ / FM broadcast reception with SDR - multipath monitor and multipath filter
jj1bdx
0
260
How I discover a working implementation of clock_nanosleep() for macOS in CPAN Time::Hires
jj1bdx
1
720
Sleeping pays / 1000eng-74th-jj1bdx
jj1bdx
1
28
The BEAM Programming Paradigm
jj1bdx
1
630
Safe randomness: theory and practice
jj1bdx
1
1k

Other Decks in Technology

See All in Technology
Win Testing Trophy Easily / テスティングトロフィーを獲得する / PHPerKaigi 2023
k1low
1
120
技育祭2023春 ちゅらデータ講演資料
foursue
1
620
[k8sjp #56] Kustomize v5 を含む最新機能とテクニックの紹介
koba1t
0
350
エンジニアのためのマネジメント入門/Introduction to Management for Software Engineers
dskst
1
290
PHP で学ぶ Cache の距離の話 / study_cache_with_php
hanhan1978
3
590
Swift 開発が楽になる道具たち
megabitsenmzq
1
300
Webアプリケーション設計の第一歩は
ディレクトリの整理から / Encraft 1
okunokentaro
10
4.2k
学びが形になる!〜DeNAで6年間プロダクト開発に携わって学んだこと〜
dena_tech
PRO
0
340
Teamsコネクタについて(チーム、チャネル)
miyakemito
1
150
AWS CDKで作るCloudWatch Dashboard
harukasakihara
3
500
Bluesky と Android / Bluesky and Android
akiomik
0
110
『登記所備付地図XMLデータ』に触れてみよう〜法務省が公開した大規模オープンデータとは一体何なのか〜 / What is moj map xml
sakaik
0
110

Featured

See All Featured
The Art of Programming - Codeland 2020
erikaheidi
36
11k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
19k
Stop Working from a Prison Cell
hatefulcrawdad
264
18k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
31
8.9k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
7
4.9k
A designer walks into a library…
pauljervisheath
199
16k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.7k
A better future with KSS
kneath
230
16k
The Cult of Friendly URLs
andyhume
70
5.2k
The Mythical Team-Month
searls
210
40k
Writing Fast Ruby
sferik
613
58k

Transcript

  1. ٙࣅཚ਺ͷ࡞Γํɾ࢖͍ํ
    ήʔϜ͔Β৘ใηΩϡϦςΟ·Ͱ
    ྗ෢ ݈࣍
    ྗ෢݈ٕ࣍ज़࢜ࣄ຿ॴ
    2017೥10݄26೔ JEITA ୈ4ճϋʔυ΢ΣΞηΩϡϦςΟٕज़෼Պձ
    Kenji Rikitake / JEITA 26-OCT-2017 1

    View Slide

  2. ࣗݾ঺հ (1/2)
    1990೥ΑΓΠϯλʔωοτٕज़
    ͷݚڀ։ൃʹैࣄ
    2010೥ʙ2013೥: ژ౎େֶ ৘ใ
    ؀ڥػߏ ڭतͱͯ͠ಉେֶͷશ
    ֶ৘ใηΩϡϦςΟରࡦΛ୲౰
    2011೥/2012೥: ACM SIGPLAN
    Erlang Workshop ʹͯٙࣅཚ਺
    SFMTͱTinyMTͷErlang/OTPฒ
    ߦॲཧγεςϜ΁ͷ࣮૷Λൃද
    Kenji Rikitake / JEITA 26-OCT-2017 2

    View Slide

  3. ࣗݾ঺հ (2/2)
    2014೥4݄ΑΓྗ෢݈ٕ࣍ज़࢜
    ࣄ຿ॴॴ௕ͱͯ͠ಠཱ
    2015೥: Erlang/OTP ͷٙࣅཚ਺
    ϥΠϒϥϦ rand ϞδϡʔϧΛ։
    ൃ όʔδϣϯ18.0ΑΓ࠾༻
    2016೥: Arduino UnoͰ෺ཧཚ਺
    ʹجͮ͘ిࢠαΠίϩ avrdice
    ʢࣸਅʣΛ։ൃɺMaker Faire
    Tokyo 2016ʹͯలࣔ
    Kenji Rikitake / JEITA 26-OCT-2017 3

    View Slide

  4. ٙࣅཚ਺ͱ͸
    Kenji Rikitake / JEITA 26-OCT-2017 4

    View Slide

  5. ͦͷલʹ
    ཚ਺ͱ͸?
    Kenji Rikitake / JEITA 26-OCT-2017 5

    View Slide

  6. ཚ਺ྻͱ༧ଌෆೳੑ
    ݱࡏಘΒΕ͍ͯΔ਺ྻ͔Βະདྷ͕༧૝Ͱ͖ͳ͍਺ྻ 1
    ཚ਺ͱ͸ཚ਺ྻͷཁૉʢ͋Δ͍͸ཚ਺ྻࣗ਎ʣ
    ిࢠճ࿏ͷʮࡶԻʯʹ૬౰
    ༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏
    ϥϯμϜωε͸ʮ৘ใΤϯτϩϐʔʯͷҰཁૉ 2
    2 খ໦ીಓ෉ʮΘ͔Γ΍͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮ৘ใΤϯτϩϐʔʯ
    1 Wikipedia ʮཚ਺ྻʯΑΓൈਮ
    Kenji Rikitake / JEITA 26-OCT-2017 6

    View Slide

  7. ϥϯμϜωεΛࣔ͢෺ཧݱ৅
    ೤ࡶԻ → ఍߅ͷੜ੒͢ΔࡶԻ
    ΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻ
    ൒ಋମͷ஗Ԇ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗
    ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧ΢ϯλʔʣ
    ͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲ
    ʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣ
    Kenji Rikitake / JEITA 26-OCT-2017 7

    View Slide

  8. ෺ཧཚ਺
    ϥϯμϜωεΛࣔ͢෺ཧݱ৅ʹΑΔཚ਺ྻ
    ه࿥͸Ͱ͖Δ͕࠶ݱͰ͖ͳ͍
    ಘΒΕΔϥϯμϜωε͸༗ݶ
    →ޙड़͢Δٙࣅཚ਺ʹൺ΂ߴ଎Խ/େ༰ྔԽ͕ࠔ೉
    ੜ੒૷ஔ΁ͷ෺ཧత߈ܸ͕Մೳ
    →ੜ੒͞Εͨཚ਺͔Β߈ܸΛ࡯஌͢Δ͜ͱ͸ࠔ೉
    Kenji Rikitake / JEITA 26-OCT-2017 8

    View Slide

  9. 9

    View Slide

  10. ૿෯લͷࡶԻ
    Kenji Rikitake / JEITA 26-OCT-2017 10

    View Slide

  11. ૿෯ޙͷϥϯμϜͳϏοτྻ
    Kenji Rikitake / JEITA 26-OCT-2017 11

    View Slide

  12. 2ͭͷಠཱͨ͠ճ࿏ͷग़ྗ
    Kenji Rikitake / JEITA 26-OCT-2017 12

    View Slide

  13. ϑΥϯɾϊΠϚϯɾϑΟϧλ
    ΑΓߴ͍඼࣭ͷ෺ཧཚ਺ΛಘΔͨΊͷํ๏
    1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ
    1ͭ໨ 2ͭ໨ ݁Ռ
    0 0 ແࢹʢ࠶ࢼߦʣ
    0 1 0
    1 0 1
    1 1 ແࢹʢ࠶ࢼߦʣ
    Kenji Rikitake / JEITA 26-OCT-2017 13

    View Slide

  14. ͋ΒͨΊͯ
    ٙࣅཚ਺ͱ͸?
    Kenji Rikitake / JEITA 26-OCT-2017 14

    View Slide

  15. ཚ਺͸ίϯϐϡʔλͰ͸࡞Εͳ͍
    ཚ਺͸༧ଌෆೳͰͳ͚Ε͹ͳΒͳ͍
    →ܾఆతΞϧΰϦζϜͰ͸ੜ੒Ͱ͖ͳ͍
    ܾఆతΞϧΰϦζϜ͸಺෦ঢ়ଶΛ࣋ͭ
    ಺෦ঢ়ଶͷऔΓಘΔ৔߹ͷ਺͸༗ݶ
    ৔߹ͷ਺͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δ
    पظ͕͋Ε͹ݪཧతʹ͸༧ଌͰ͖ͯ͠·͏
    Kenji Rikitake / JEITA 26-OCT-2017 15

    View Slide

  16. ͦΕͰ΋ٙࣅཚ਺Λܭࢉ͢Δҙຯ
    पظ͕े෼ʹେ͖͍਺ྻ͸ཚ਺ͱಉ༷ͷੑ࣭Λ࣋ͭ
    →ٙࣅతʹཚ਺ͱΈͳͤΔˠٙࣅཚ਺
    ݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚ਺ͷपظ͸े෼େ͖͍
    →ྫ: SFMTͷయܕత࣮૷:
    ֬཰෼෍Λ࠶ݱ͢Δ͚ͩͰ͋Ε͹༧ଌෆೳੑ͸ෆཁ
    →ٙࣅཚ਺ྻ͕ٻΊΔ֬཰෼෍Ͱ͋Ε͹Α͍
    Kenji Rikitake / JEITA 26-OCT-2017 16

    View Slide

  17. ٙࣅཚ਺ͷ෺ཧཚ਺ʹର͢Δར఺
    ಺෦ঢ়ଶͷॳظ஋͕ಉ͡Ͱ͋Ε͹࠶ݱͰ͖Δ
    →࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ΋࢖͑Δ
    ܭࢉೳྗΛ૿΍͢͜ͱͰߴ଎Խ/େ༰ྔԽ͕Ͱ͖Δ
    →େن໛ͳधཁʹ༰қʹԠ͑ΒΕΔ
    ΞϧΰϦζϜͷ޻෉Ͱ༧ଌෆೳੑΛߴΊΒΕΔ
    →෺ཧཚ਺Ͱͳͯ͘΋࣮༻্े෼ͳ৔߹΋ଟ͍
    Kenji Rikitake / JEITA 26-OCT-2017 17

    View Slide

  18. ٙࣅཚ਺ͷ༻్
    ҉߸伴ͷੜ੒ʢ҉߸࿦తڧ౓͕ඞཁɺޙड़ʣ
    γϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣ
    ιϑτ΢ΣΞςετʢ৚݅ΛϥϯμϜʹม͑Δʣ
    εϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣ
    ෛՙ෼ࢄʢϥϯμϜʹαʔόΛબ୒ʣ
    Kenji Rikitake / JEITA 26-OCT-2017 18

    View Slide

  19. γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 3
    3 By nicoguaro - Own work, CC BY 3.0, from Wikimedia Commons
    Kenji Rikitake / JEITA 26-OCT-2017 19

    View Slide

  20. ݹ͍ٙࣅཚ਺ͷੜ੒๏: ઢܗ߹ಉ๏
    ͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩ
    ܭࢉࣜͷྫ:
    →શͯͷ৔߹͕ܭࢉՄೳͳͨΊ҆શͰ͸ͳ͍
    →ଟ࣍ݩͰنଇతʹ෼෍ͯ͠͠·͏
    →ԼҐϏοτͷϥϯμϜωε͕௿͍
    Kenji Rikitake / JEITA 26-OCT-2017 20

    View Slide

  21. ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 4
    4 CC BY-SA 3.0, from Wikimedia Commons
    Kenji Rikitake / JEITA 26-OCT-2017 21

    View Slide

  22. ݱ୅ͷੜ੒๏: LFSR
    LFSR: ઢܗϑΟʔυόοΫϨδελ 5
    ಛੑଟ߲ࣜͷྫ:
    5 By melan - ౤ߘऀࣗ਎͕࡞੒, ύϒϦοΫɾυϝΠϯ
    Kenji Rikitake / JEITA 26-OCT-2017 22

    View Slide

  23. LFSRͷಛ௃
    ಛੑଟ߲ࣜΛબͿͱ࠷௕पظʹͰ͖Δ
    ݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚ਺ੜ੒ํࣜͷجૅ
    ϋʔυ΢ΣΞԽ͕༰қ
    →GPSɺGSMܞଳɺΠʔαωοτͳͲ΁Ԡ༻
    ιϑτ΢ΣΞ࣮૷΋༰қ
    Kenji Rikitake / JEITA 26-OCT-2017 23

    View Slide

  24. ҉߸໨తҎ֎Ͱͷ͓קΊͷٙࣅཚ਺
    Mersenne Twister (MT): ௕͍पظ͕औΕΔ
    Xorshift+/*: ߴ଎
    SFMT: MTͷվྑ൛ɺ௕͍पظ͕औΕΔ
    TinyMT: ૊ΈࠐΈ໨తʹద͍ͯ͠Δ
    MTΛϥΠϒϥϦʹ࣋ͭݴޠ΋͋Δ(R, Python)
    ͨͩ͠҉߸໨తʹ࢖ͬͯ͸͍͚·ͤΜ
    Kenji Rikitake / JEITA 26-OCT-2017 24

    View Slide

  25. ҉߸࿦తʹΈͨ
    ٙࣅཚ਺ͷηΩϡϦςΟ
    Kenji Rikitake / JEITA 26-OCT-2017 25

    View Slide

  26. ٙࣅཚ਺ͷ҆શΛकΔʹ͸
    ಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍
    ৴པͰ͖Δ࣮૷Λมߋͤͣʹ࢖͏
    ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣ
    Kenji Rikitake / JEITA 26-OCT-2017 26

    View Slide

  27. JavaScriptॲཧܥV8Ͱ͋ͬͨόά
    Kenji Rikitake / JEITA 26-OCT-2017 27

    View Slide

  28. ౷ܭతͳཚ਺ͷݕఆ
    ஶ͘͠ภΓ͕͋Δ৔߹͸όά·ͨ͸ҟৗͷՄೳੑ
    ෼෍ɺฏۉ஋ɺϞϯςΧϧϩ๏ʢԁप཰ͳͲʣ
    ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6
    ֤छπʔϧ: Dieharder, TestU01, PractRand 7
    7 ৽෦༟ʮཚ਺ͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation
    6 ୮Ӌ࿕ਓɺಢۼ޹໵ʮٖࣅཚ਺ݕূπʔϧͷௐࠪ։ൃʯɺژ౎େֶ਺ཧղੳݚڀॴߨڀ࿥
    1351רɺ2004೥ɺpp. 80-93
    Kenji Rikitake / JEITA 26-OCT-2017 28

    View Slide

  29. ౷ܭతͳݕఆํ๏ͷݶք
    पظΛௐ΂Δ͜ͱ͕Ͱ͖ͳ͍
    ݕఆΛύεͯ͠΋༧ଌෆೳੑ͸ࣔͤͳ͍
    →҉߸࿦త҆શ͸ੜ੒ํ๏ͷݕূΛߦΘͳ͍͜ͱʹ
    ͸ࣔ͢͜ͱ͕Ͱ͖ͳ͍
    ୹ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍
    Kenji Rikitake / JEITA 26-OCT-2017 29

    View Slide

  30. ҉߸࿦త҆શͷ৚݅
    લఏ৚݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍
    ಺෦ঢ়ଶ͕൑໌ͯ͠΋༧ଌෆೳੑ͕อͨΕΔ
    →ΞϧΰϦζϜ/࡞੒ํ๏ͷެ։͕ݕূͷେલఏ
    →ʮൿີͷճ࿏/ΞϧΰϦζϜʯ͸৴༻͞Εͳ͍
    ҉߸࿦త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃ͸੝Μ
    →৘ใηΩϡϦςΟͷҰେݚڀ෼໺
    Kenji Rikitake / JEITA 26-OCT-2017 30

    View Slide

  31. OSͰͷ҉߸࿦త҆શͳཚ਺ੜ੒ख๏
    Kenji Rikitake / JEITA 26-OCT-2017 31

    View Slide

  32. ΑΓ҆શͳٙࣅཚ਺ΛಘΔʹ͸
    ίϯϐϡʔλ಺෦ͰͷΤϯτϩϐʔͰ͸ෆे෼
    →ಛʹԾ૝ϚγϯͰ͸Τϯτϩϐʔ͕ෆ଍
    →֎෦ʹ෺ཧཚ਺ͷڙڅݯΛઃ͚Δ
    ෺ཧཚ਺ʹ͸ϑΥϯɾϊΠϚϯɾϑΟϧλΛ࢖͏
    ෺ཧཚ਺ʹ͸ϋογϡؔ਺Λซ༻
    →֎෦ͷ৙ཚ΍߈ܸͷӨڹΛ؇࿨Ͱ͖Δ
    Kenji Rikitake / JEITA 26-OCT-2017 32

    View Slide

  33. ෺ཧཚ਺ͱϋογϡؔ਺ͷซ༻
    Kenji Rikitake / JEITA 26-OCT-2017 33

    View Slide

  34. ҉߸໨తͰٙࣅཚ਺Λ࢖͏ʹ͸
    ՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ࢖͏
    →Linux/macOS/BSD: /dev/urandom
    →Windows: CryptGenRandom
    →Android: SecureRandom
    ͦͷଞOpenSSL, LibreSSLͳͲ
    ݪଇࣗ෼ͰϓϩάϥϜ͸ॻ͍ͯ͸͍͚ͳ͍
    Kenji Rikitake / JEITA 26-OCT-2017 34

    View Slide

  35. MCU΍CPUͷ෺ཧཚ਺ͷ৴པੑ
    Intel x86_64: RDRAND/RDSEED ໋ྩ
    →౰ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ
    →ͦͷ··࢖ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔ
    ARM Cortex-M4౳Ͱ΋ࣄ৘͸ಉ͡
    →࠷௿ݶϋογϡؔ਺ͱซ༻͕ඞཁ
    Kenji Rikitake / JEITA 26-OCT-2017 35

    View Slide

  36. ݕূෆे෼ͳٙࣅཚ਺ʹΑΔ੬ऑੑ
    ݕূෆे෼ͳٙࣅཚ਺ͷੜ੒৘ใ͸੬ऑੑͱͳΔ
    IEEE 802.11Ͱͷ伴ੜ੒ʹ܎Δཚ਺ੜ੒૷ஔͷ੬ऑੑ
    ˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8
    InfineonࣾͷRSA҉߸伴ੜ੒࣌ͷݕূෆ଍Ͱ੬ऑͳ҉
    ߸伴͕ੜ੒ˠTPM΍ICΧʔυೝূʹӨڹ9
    9 ROCA: Vulnerable RSA generation (CVE-2017-15361)
    8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11
    Group Keys, 25th USENIX Security Symposium
    Kenji Rikitake / JEITA 26-OCT-2017 36

    View Slide

  37. ·ͱΊ
    ෺ཧཚ਺૷ஔ͸੡଄աఔ͕͔֬ͳ΋ͷΛ࢖͏
    ෺ཧཚ਺૷ஔͷੜ੒݁ՌΛͦͷ··৴༻͠ͳ͍
    ٙࣅཚ਺͸৽͘͠ධՁ͕࣮֬ͳ΋ͷΛ࢖͏
    ҉߸ϓϩτίϧʹ͸OSͷϥΠϒϥϦΛ࢖͏
    ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυ͸ϦεΫ
    Kenji Rikitake / JEITA 26-OCT-2017 37

    View Slide

  38. ͋Γ͕ͱ͏͍͟͝·ͨ͠
    ࣭͝໰ΛͲ͏ͧ
    Kenji Rikitake / JEITA 26-OCT-2017 38

    View Slide

  39. ຊจதͷURLʹ͍ͭͯ͸ https://speakerdeck.com/
    jj1bdx/jeita-20171026 Λࢀর
    ը૾ΫϨδοτ:
    ग़యΛ໌ه͍ͯ͠ͳ͍΋ͷ͸ྗ෢ ݈͕࣍ࡱӨ
    λΠτϧεϥΠυͷഎܠ: TV Noise, Theodore Pulser,
    PublicDomainPictures.net (public domain)
    ֤ηΫγϣϯͷഎܠʢ਺ࣈͷฒΜͰ͍Δ΋ͷʣ: Tyler
    Easton, Unsplash.com (public domain)
    Kenji Rikitake / JEITA 26-OCT-2017 39

    View Slide