Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026
Search
Kenji Rikitake
October 26, 2017
Technology
1
750
疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026
JEITA (電子情報技術産業協会) 第4回 ハードウェアセキュリティ技術分科会 発表原稿
Kenji Rikitake
October 26, 2017
Tweet
Share
More Decks by Kenji Rikitake
See All by Kenji Rikitake
SDR Implementation of Analog FM Broadcast Multipath Filter
jj1bdx
0
850
インターネットとオープンな無線技術の今後 / Future of Internet and Open Radio Engineering
jj1bdx
0
1.2k
FM放送とマルチパスを適応フィルタで極めてみた / Solving multipath distortion of FM broadcast by adaptive filters
jj1bdx
1
3.6k
ソフトウェアラジオとC++ そしてFMエアチェックのための信号解析と数値計算にまつわるよもやま話 / Software radio and C++
jj1bdx
0
1.1k
SDR時代のFM受信 マルチパスモニタとマルチパスフィルタ / FM broadcast reception with SDR - multipath monitor and multipath filter
jj1bdx
0
650
How I discover a working implementation of clock_nanosleep() for macOS in CPAN Time::Hires
jj1bdx
1
1.3k
Sleeping pays / 1000eng-74th-jj1bdx
jj1bdx
1
49
The BEAM Programming Paradigm
jj1bdx
1
970
Safe randomness: theory and practice
jj1bdx
1
1.5k
Other Decks in Technology
See All in Technology
いまさら聞けない ABテスト入門
skmr2348
1
200
BirdCLEF+2025 Noir 5位解法紹介
myso
0
190
Flaky Testへの現実解をGoのプロポーザルから考える | Go Conference 2025
upamune
1
410
業務自動化プラットフォーム Google Agentspace に入門してみる #devio2025
maroon1st
0
190
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
sagara
0
200
Green Tea Garbage Collector の今
zchee
PRO
2
390
生成AIとM5Stack / M5 Japan Tour 2025 Autumn 東京
you
PRO
0
190
定期的な価値提供だけじゃない、スクラムが導くチームの共創化 / 20251004 Naoki Takahashi
shift_evolve
PRO
3
290
AI Agentと MCP Serverで実現する iOSアプリの 自動テスト作成の効率化
spiderplus_cb
0
480
実装で解き明かす並行処理の歴史
zozotech
PRO
1
310
SwiftUIのGeometryReaderとScrollViewを基礎から応用まで学び直す:設計と活用事例
fumiyasac0921
0
130
Sidekiq その前に:Webアプリケーションにおける非同期ジョブ設計原則
morihirok
17
7.2k
Featured
See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Docker and Python
trallard
46
3.6k
BBQ
matthewcrist
89
9.8k
The Language of Interfaces
destraynor
162
25k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
A designer walks into a library…
pauljervisheath
209
24k
Designing for Performance
lara
610
69k
Music & Morning Musume
bryan
46
6.8k
Facilitating Awesome Meetings
lara
56
6.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.2k
Transcript
ٙࣅཚͷ࡞Γํɾ͍ํ ήʔϜ͔ΒใηΩϡϦςΟ·Ͱ ྗ ݈࣍ ྗ݈ٕ࣍ज़࢜ࣄॴ 201710݄26 JEITA ୈ4ճϋʔυΣΞηΩϡϦςΟٕज़Պձ Kenji Rikitake
/ JEITA 26-OCT-2017 1
ࣗݾհ (1/2) 1990ΑΓΠϯλʔωοτٕज़ ͷݚڀ։ൃʹैࣄ 2010ʙ2013: ژେֶ ใ ڥػߏ ڭतͱͯ͠ಉେֶͷશ ֶใηΩϡϦςΟରࡦΛ୲
2011/2012: ACM SIGPLAN Erlang Workshop ʹͯٙࣅཚ SFMTͱTinyMTͷErlang/OTPฒ ߦॲཧγεςϜͷ࣮Λൃද Kenji Rikitake / JEITA 26-OCT-2017 2
ࣗݾհ (2/2) 20144݄ΑΓྗ݈ٕ࣍ज़࢜ ࣄॴॴͱͯ͠ಠཱ 2015: Erlang/OTP ͷٙࣅཚ ϥΠϒϥϦ rand ϞδϡʔϧΛ։
ൃ όʔδϣϯ18.0ΑΓ࠾༻ 2016: Arduino UnoͰཧཚ ʹجͮ͘ిࢠαΠίϩ avrdice ʢࣸਅʣΛ։ൃɺMaker Faire Tokyo 2016ʹͯలࣔ Kenji Rikitake / JEITA 26-OCT-2017 3
ٙࣅཚͱ Kenji Rikitake / JEITA 26-OCT-2017 4
ͦͷલʹ ཚͱ? Kenji Rikitake / JEITA 26-OCT-2017 5
ཚྻͱ༧ଌෆೳੑ ݱࡏಘΒΕ͍ͯΔྻ͔Βະདྷ͕༧Ͱ͖ͳ͍ྻ 1 ཚͱཚྻͷཁૉʢ͋Δ͍ཚྻࣗʣ ిࢠճ࿏ͷʮࡶԻʯʹ૬ ༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏ ϥϯμϜωεʮใΤϯτϩϐʔʯͷҰཁૉ 2 2 খીಓʮΘ͔Γ͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮใΤϯτϩϐʔʯ
1 Wikipedia ʮཚྻʯΑΓൈਮ Kenji Rikitake / JEITA 26-OCT-2017 6
ϥϯμϜωεΛࣔ͢ཧݱ ࡶԻ → ߅ͷੜ͢ΔࡶԻ ΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻ ಋମͷԆ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗
ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧϯλʔʣ ͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲ ʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣ Kenji Rikitake / JEITA 26-OCT-2017 7
ཧཚ ϥϯμϜωεΛࣔ͢ཧݱʹΑΔཚྻ هͰ͖Δ͕࠶ݱͰ͖ͳ͍ ಘΒΕΔϥϯμϜωε༗ݶ →ޙड़͢ΔٙࣅཚʹൺߴԽ/େ༰ྔԽ͕ࠔ ੜஔͷཧత߈ܸ͕Մೳ →ੜ͞Εͨཚ͔Β߈ܸΛ͢Δ͜ͱࠔ Kenji Rikitake /
JEITA 26-OCT-2017 8
9
૿෯લͷࡶԻ Kenji Rikitake / JEITA 26-OCT-2017 10
૿෯ޙͷϥϯμϜͳϏοτྻ Kenji Rikitake / JEITA 26-OCT-2017 11
2ͭͷಠཱͨ͠ճ࿏ͷग़ྗ Kenji Rikitake / JEITA 26-OCT-2017 12
ϑΥϯɾϊΠϚϯɾϑΟϧλ ΑΓߴ͍࣭ͷཧཚΛಘΔͨΊͷํ๏ 1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ 1ͭ 2ͭ ݁Ռ 0 0 ແࢹʢ࠶ࢼߦʣ 0
1 0 1 0 1 1 1 ແࢹʢ࠶ࢼߦʣ Kenji Rikitake / JEITA 26-OCT-2017 13
͋ΒͨΊͯ ٙࣅཚͱ? Kenji Rikitake / JEITA 26-OCT-2017 14
ཚίϯϐϡʔλͰ࡞Εͳ͍ ཚ༧ଌෆೳͰͳ͚ΕͳΒͳ͍ →ܾఆతΞϧΰϦζϜͰੜͰ͖ͳ͍ ܾఆతΞϧΰϦζϜ෦ঢ়ଶΛ࣋ͭ ෦ঢ়ଶͷऔΓಘΔ߹ͷ༗ݶ ߹ͷ͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δ पظ͕͋Εݪཧతʹ༧ଌͰ͖ͯ͠·͏ Kenji Rikitake /
JEITA 26-OCT-2017 15
ͦΕͰٙࣅཚΛܭࢉ͢Δҙຯ पظ͕ेʹେ͖͍ྻཚͱಉ༷ͷੑ࣭Λ࣋ͭ →ٙࣅతʹཚͱΈͳͤΔˠٙࣅཚ ݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚͷपظेେ͖͍ →ྫ: SFMTͷయܕత࣮: ֬Λ࠶ݱ͢Δ͚ͩͰ͋Ε༧ଌෆೳੑෆཁ →ٙࣅཚྻ͕ٻΊΔ֬Ͱ͋ΕΑ͍ Kenji Rikitake
/ JEITA 26-OCT-2017 16
ٙࣅཚͷཧཚʹର͢Δར ෦ঢ়ଶͷॳظ͕ಉ͡Ͱ͋Ε࠶ݱͰ͖Δ →࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ͑Δ ܭࢉೳྗΛ૿͢͜ͱͰߴԽ/େ༰ྔԽ͕Ͱ͖Δ →େنͳधཁʹ༰қʹԠ͑ΒΕΔ ΞϧΰϦζϜͷͰ༧ଌෆೳੑΛߴΊΒΕΔ →ཧཚͰͳ࣮ͯ͘༻্ेͳ߹ଟ͍ Kenji Rikitake /
JEITA 26-OCT-2017 17
ٙࣅཚͷ༻్ ҉߸伴ͷੜʢ҉߸తڧ͕ඞཁɺޙड़ʣ γϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣ ιϑτΣΞςετʢ݅ΛϥϯμϜʹม͑Δʣ εϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣ ෛՙࢄʢϥϯμϜʹαʔόΛબʣ Kenji Rikitake / JEITA
26-OCT-2017 18
γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 3 3 By nicoguaro - Own work, CC
BY 3.0, from Wikimedia Commons Kenji Rikitake / JEITA 26-OCT-2017 19
ݹ͍ٙࣅཚͷੜ๏: ઢܗ߹ಉ๏ ͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩ ܭࢉࣜͷྫ: →શͯͷ߹͕ܭࢉՄೳͳͨΊ҆શͰͳ͍ →ଟ࣍ݩͰنଇతʹͯ͠͠·͏ →ԼҐϏοτͷϥϯμϜωε͕͍ Kenji Rikitake /
JEITA 26-OCT-2017 20
ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 4 4 CC BY-SA 3.0, from Wikimedia Commons Kenji
Rikitake / JEITA 26-OCT-2017 21
ݱͷੜ๏: LFSR LFSR: ઢܗϑΟʔυόοΫϨδελ 5 ಛੑଟ߲ࣜͷྫ: 5 By melan -
ߘऀ͕ࣗ࡞, ύϒϦοΫɾυϝΠϯ Kenji Rikitake / JEITA 26-OCT-2017 22
LFSRͷಛ ಛੑଟ߲ࣜΛબͿͱ࠷पظʹͰ͖Δ ݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚੜํࣜͷجૅ ϋʔυΣΞԽ͕༰қ →GPSɺGSMܞଳɺΠʔαωοτͳͲԠ༻ ιϑτΣΞ࣮༰қ Kenji Rikitake / JEITA
26-OCT-2017 23
҉߸తҎ֎Ͱͷ͓קΊͷٙࣅཚ Mersenne Twister (MT): ͍पظ͕औΕΔ Xorshift+/*: ߴ SFMT: MTͷվྑ൛ɺ͍पظ͕औΕΔ TinyMT:
ΈࠐΈతʹద͍ͯ͠Δ MTΛϥΠϒϥϦʹ࣋ͭݴޠ͋Δ(R, Python) ͨͩ͠҉߸తʹ͍͚ͬͯ·ͤΜ Kenji Rikitake / JEITA 26-OCT-2017 24
҉߸తʹΈͨ ٙࣅཚͷηΩϡϦςΟ Kenji Rikitake / JEITA 26-OCT-2017 25
ٙࣅཚͷ҆શΛकΔʹ ಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍ ৴པͰ͖Δ࣮Λมߋͤͣʹ͏ ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣ Kenji Rikitake / JEITA 26-OCT-2017 26
JavaScriptॲཧܥV8Ͱ͋ͬͨόά Kenji Rikitake / JEITA 26-OCT-2017 27
౷ܭతͳཚͷݕఆ ஶ͘͠ภΓ͕͋Δ߹όά·ͨҟৗͷՄೳੑ ɺฏۉɺϞϯςΧϧϩ๏ʢԁपͳͲʣ ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6 ֤छπʔϧ: Dieharder, TestU01, PractRand
7 7 ৽෦༟ʮཚͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation 6 ୮Ӌ࿕ਓɺಢۼʮٖࣅཚݕূπʔϧͷௐࠪ։ൃʯɺژେֶཧղੳݚڀॴߨڀ 1351רɺ2004ɺpp. 80-93 Kenji Rikitake / JEITA 26-OCT-2017 28
౷ܭతͳݕఆํ๏ͷݶք पظΛௐΔ͜ͱ͕Ͱ͖ͳ͍ ݕఆΛύεͯ͠༧ଌෆೳੑࣔͤͳ͍ →҉߸త҆શੜํ๏ͷݕূΛߦΘͳ͍͜ͱʹ ࣔ͢͜ͱ͕Ͱ͖ͳ͍ ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍ Kenji Rikitake / JEITA
26-OCT-2017 29
҉߸త҆શͷ݅ લఏ݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍ ෦ঢ়ଶ͕໌ͯ͠༧ଌෆೳੑ͕อͨΕΔ →ΞϧΰϦζϜ/࡞ํ๏ͷެ։͕ݕূͷେલఏ →ʮൿີͷճ࿏/ΞϧΰϦζϜʯ৴༻͞Εͳ͍ ҉߸త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃΜ →ใηΩϡϦςΟͷҰେݚڀ Kenji Rikitake
/ JEITA 26-OCT-2017 30
OSͰͷ҉߸త҆શͳཚੜख๏ Kenji Rikitake / JEITA 26-OCT-2017 31
ΑΓ҆શͳٙࣅཚΛಘΔʹ ίϯϐϡʔλ෦ͰͷΤϯτϩϐʔͰෆे →ಛʹԾϚγϯͰΤϯτϩϐʔ͕ෆ →֎෦ʹཧཚͷڙڅݯΛઃ͚Δ ཧཚʹϑΥϯɾϊΠϚϯɾϑΟϧλΛ͏ ཧཚʹϋογϡؔΛซ༻ →֎෦ͷཚ߈ܸͷӨڹΛ؇Ͱ͖Δ Kenji Rikitake /
JEITA 26-OCT-2017 32
ཧཚͱϋογϡؔͷซ༻ Kenji Rikitake / JEITA 26-OCT-2017 33
҉߸తͰٙࣅཚΛ͏ʹ ՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ͏ →Linux/macOS/BSD: /dev/urandom →Windows: CryptGenRandom →Android: SecureRandom ͦͷଞOpenSSL, LibreSSLͳͲ
ݪଇࣗͰϓϩάϥϜॻ͍͍͚ͯͳ͍ Kenji Rikitake / JEITA 26-OCT-2017 34
MCUCPUͷཧཚͷ৴པੑ Intel x86_64: RDRAND/RDSEED ໋ྩ →ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ →ͦͷ··ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔ ARM Cortex-M4Ͱࣄಉ͡ →࠷ݶϋογϡؔͱซ༻͕ඞཁ
Kenji Rikitake / JEITA 26-OCT-2017 35
ݕূෆेͳٙࣅཚʹΑΔ੬ऑੑ ݕূෆेͳٙࣅཚͷੜใ੬ऑੑͱͳΔ IEEE 802.11Ͱͷ伴ੜʹΔཚੜஔͷ੬ऑੑ ˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8 InfineonࣾͷRSA҉߸伴ੜ࣌ͷݕূෆͰ੬ऑͳ҉ ߸伴͕ੜˠTPMICΧʔυೝূʹӨڹ9 9 ROCA:
Vulnerable RSA generation (CVE-2017-15361) 8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys, 25th USENIX Security Symposium Kenji Rikitake / JEITA 26-OCT-2017 36
·ͱΊ ཧཚஔաఔ͕͔֬ͳͷΛ͏ ཧཚஔͷੜ݁ՌΛͦͷ··৴༻͠ͳ͍ ٙࣅཚ৽͘͠ධՁ͕࣮֬ͳͷΛ͏ ҉߸ϓϩτίϧʹOSͷϥΠϒϥϦΛ͏ ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυϦεΫ Kenji Rikitake / JEITA
26-OCT-2017 37
͋Γ͕ͱ͏͍͟͝·ͨ͠ ࣭͝ΛͲ͏ͧ Kenji Rikitake / JEITA 26-OCT-2017 38
ຊจதͷURLʹ͍ͭͯ https://speakerdeck.com/ jj1bdx/jeita-20171026 Λࢀর ը૾ΫϨδοτ: ग़యΛ໌ه͍ͯ͠ͳ͍ͷྗ ݈͕࣍ࡱӨ λΠτϧεϥΠυͷഎܠ: TV Noise,
Theodore Pulser, PublicDomainPictures.net (public domain) ֤ηΫγϣϯͷഎܠʢࣈͷฒΜͰ͍Δͷʣ: Tyler Easton, Unsplash.com (public domain) Kenji Rikitake / JEITA 26-OCT-2017 39