Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026
Search
Kenji Rikitake
October 26, 2017
Technology
1
750
疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026
JEITA (電子情報技術産業協会) 第4回 ハードウェアセキュリティ技術分科会 発表原稿
Kenji Rikitake
October 26, 2017
Tweet
Share
More Decks by Kenji Rikitake
See All by Kenji Rikitake
SDR Implementation of Analog FM Broadcast Multipath Filter
jj1bdx
0
820
インターネットとオープンな無線技術の今後 / Future of Internet and Open Radio Engineering
jj1bdx
0
1.2k
FM放送とマルチパスを適応フィルタで極めてみた / Solving multipath distortion of FM broadcast by adaptive filters
jj1bdx
1
3.5k
ソフトウェアラジオとC++ そしてFMエアチェックのための信号解析と数値計算にまつわるよもやま話 / Software radio and C++
jj1bdx
0
1k
SDR時代のFM受信 マルチパスモニタとマルチパスフィルタ / FM broadcast reception with SDR - multipath monitor and multipath filter
jj1bdx
0
630
How I discover a working implementation of clock_nanosleep() for macOS in CPAN Time::Hires
jj1bdx
1
1.2k
Sleeping pays / 1000eng-74th-jj1bdx
jj1bdx
1
49
The BEAM Programming Paradigm
jj1bdx
1
950
Safe randomness: theory and practice
jj1bdx
1
1.4k
Other Decks in Technology
See All in Technology
claude codeでPrompt Engineering
iori0311
0
180
Ktor + Google Cloud Tasks/PubSub におけるOTel Messaging計装の実践
sansantech
PRO
1
130
データ戦略部門 紹介資料
sansan33
PRO
1
3.3k
ClaudeCodeにキレない技術
gtnao
1
940
スプリントレビューを効果的にするために
miholovesq
7
1.3k
ゼロから始めるSREの事業貢献 - 生成AI時代のSRE成長戦略と実践 / Starting SRE from Day One
shinyorke
PRO
0
200
LLM拡張解体新書/llm-extension-deep-dive
oracle4engineer
PRO
27
7.6k
第64回コンピュータビジョン勉強会「The PanAf-FGBG Dataset: Understanding the Impact of Backgrounds in Wildlife Behaviour Recognition」
x_ttyszk
0
260
ClaudeCode_vs_GeminiCLI_Terraformで比較してみた
tkikuchi
1
3.9k
P2P通信の標準化 WebRTCを知ろう
faithandbrave
6
1.9k
20250708オープンエンドな探索と知識発見
sakana_ai
PRO
5
1.2k
M365アカウント侵害時の初動対応
lhazy
5
3.3k
Featured
See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Docker and Python
trallard
45
3.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.9k
Adopting Sorbet at Scale
ufuk
77
9.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
980
It's Worth the Effort
3n
185
28k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.5k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
[RailsConf 2023] Rails as a piece of cake
palkan
55
5.7k
Transcript
ٙࣅཚͷ࡞Γํɾ͍ํ ήʔϜ͔ΒใηΩϡϦςΟ·Ͱ ྗ ݈࣍ ྗ݈ٕ࣍ज़࢜ࣄॴ 201710݄26 JEITA ୈ4ճϋʔυΣΞηΩϡϦςΟٕज़Պձ Kenji Rikitake
/ JEITA 26-OCT-2017 1
ࣗݾհ (1/2) 1990ΑΓΠϯλʔωοτٕज़ ͷݚڀ։ൃʹैࣄ 2010ʙ2013: ژେֶ ใ ڥػߏ ڭतͱͯ͠ಉେֶͷશ ֶใηΩϡϦςΟରࡦΛ୲
2011/2012: ACM SIGPLAN Erlang Workshop ʹͯٙࣅཚ SFMTͱTinyMTͷErlang/OTPฒ ߦॲཧγεςϜͷ࣮Λൃද Kenji Rikitake / JEITA 26-OCT-2017 2
ࣗݾհ (2/2) 20144݄ΑΓྗ݈ٕ࣍ज़࢜ ࣄॴॴͱͯ͠ಠཱ 2015: Erlang/OTP ͷٙࣅཚ ϥΠϒϥϦ rand ϞδϡʔϧΛ։
ൃ όʔδϣϯ18.0ΑΓ࠾༻ 2016: Arduino UnoͰཧཚ ʹجͮ͘ిࢠαΠίϩ avrdice ʢࣸਅʣΛ։ൃɺMaker Faire Tokyo 2016ʹͯలࣔ Kenji Rikitake / JEITA 26-OCT-2017 3
ٙࣅཚͱ Kenji Rikitake / JEITA 26-OCT-2017 4
ͦͷલʹ ཚͱ? Kenji Rikitake / JEITA 26-OCT-2017 5
ཚྻͱ༧ଌෆೳੑ ݱࡏಘΒΕ͍ͯΔྻ͔Βະདྷ͕༧Ͱ͖ͳ͍ྻ 1 ཚͱཚྻͷཁૉʢ͋Δ͍ཚྻࣗʣ ిࢠճ࿏ͷʮࡶԻʯʹ૬ ༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏ ϥϯμϜωεʮใΤϯτϩϐʔʯͷҰཁૉ 2 2 খીಓʮΘ͔Γ͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮใΤϯτϩϐʔʯ
1 Wikipedia ʮཚྻʯΑΓൈਮ Kenji Rikitake / JEITA 26-OCT-2017 6
ϥϯμϜωεΛࣔ͢ཧݱ ࡶԻ → ߅ͷੜ͢ΔࡶԻ ΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻ ಋମͷԆ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗
ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧϯλʔʣ ͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲ ʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣ Kenji Rikitake / JEITA 26-OCT-2017 7
ཧཚ ϥϯμϜωεΛࣔ͢ཧݱʹΑΔཚྻ هͰ͖Δ͕࠶ݱͰ͖ͳ͍ ಘΒΕΔϥϯμϜωε༗ݶ →ޙड़͢ΔٙࣅཚʹൺߴԽ/େ༰ྔԽ͕ࠔ ੜஔͷཧత߈ܸ͕Մೳ →ੜ͞Εͨཚ͔Β߈ܸΛ͢Δ͜ͱࠔ Kenji Rikitake /
JEITA 26-OCT-2017 8
9
૿෯લͷࡶԻ Kenji Rikitake / JEITA 26-OCT-2017 10
૿෯ޙͷϥϯμϜͳϏοτྻ Kenji Rikitake / JEITA 26-OCT-2017 11
2ͭͷಠཱͨ͠ճ࿏ͷग़ྗ Kenji Rikitake / JEITA 26-OCT-2017 12
ϑΥϯɾϊΠϚϯɾϑΟϧλ ΑΓߴ͍࣭ͷཧཚΛಘΔͨΊͷํ๏ 1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ 1ͭ 2ͭ ݁Ռ 0 0 ແࢹʢ࠶ࢼߦʣ 0
1 0 1 0 1 1 1 ແࢹʢ࠶ࢼߦʣ Kenji Rikitake / JEITA 26-OCT-2017 13
͋ΒͨΊͯ ٙࣅཚͱ? Kenji Rikitake / JEITA 26-OCT-2017 14
ཚίϯϐϡʔλͰ࡞Εͳ͍ ཚ༧ଌෆೳͰͳ͚ΕͳΒͳ͍ →ܾఆతΞϧΰϦζϜͰੜͰ͖ͳ͍ ܾఆతΞϧΰϦζϜ෦ঢ়ଶΛ࣋ͭ ෦ঢ়ଶͷऔΓಘΔ߹ͷ༗ݶ ߹ͷ͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δ पظ͕͋Εݪཧతʹ༧ଌͰ͖ͯ͠·͏ Kenji Rikitake /
JEITA 26-OCT-2017 15
ͦΕͰٙࣅཚΛܭࢉ͢Δҙຯ पظ͕ेʹେ͖͍ྻཚͱಉ༷ͷੑ࣭Λ࣋ͭ →ٙࣅతʹཚͱΈͳͤΔˠٙࣅཚ ݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚͷपظेେ͖͍ →ྫ: SFMTͷయܕత࣮: ֬Λ࠶ݱ͢Δ͚ͩͰ͋Ε༧ଌෆೳੑෆཁ →ٙࣅཚྻ͕ٻΊΔ֬Ͱ͋ΕΑ͍ Kenji Rikitake
/ JEITA 26-OCT-2017 16
ٙࣅཚͷཧཚʹର͢Δར ෦ঢ়ଶͷॳظ͕ಉ͡Ͱ͋Ε࠶ݱͰ͖Δ →࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ͑Δ ܭࢉೳྗΛ૿͢͜ͱͰߴԽ/େ༰ྔԽ͕Ͱ͖Δ →େنͳधཁʹ༰қʹԠ͑ΒΕΔ ΞϧΰϦζϜͷͰ༧ଌෆೳੑΛߴΊΒΕΔ →ཧཚͰͳ࣮ͯ͘༻্ेͳ߹ଟ͍ Kenji Rikitake /
JEITA 26-OCT-2017 17
ٙࣅཚͷ༻్ ҉߸伴ͷੜʢ҉߸తڧ͕ඞཁɺޙड़ʣ γϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣ ιϑτΣΞςετʢ݅ΛϥϯμϜʹม͑Δʣ εϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣ ෛՙࢄʢϥϯμϜʹαʔόΛબʣ Kenji Rikitake / JEITA
26-OCT-2017 18
γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 3 3 By nicoguaro - Own work, CC
BY 3.0, from Wikimedia Commons Kenji Rikitake / JEITA 26-OCT-2017 19
ݹ͍ٙࣅཚͷੜ๏: ઢܗ߹ಉ๏ ͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩ ܭࢉࣜͷྫ: →શͯͷ߹͕ܭࢉՄೳͳͨΊ҆શͰͳ͍ →ଟ࣍ݩͰنଇతʹͯ͠͠·͏ →ԼҐϏοτͷϥϯμϜωε͕͍ Kenji Rikitake /
JEITA 26-OCT-2017 20
ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 4 4 CC BY-SA 3.0, from Wikimedia Commons Kenji
Rikitake / JEITA 26-OCT-2017 21
ݱͷੜ๏: LFSR LFSR: ઢܗϑΟʔυόοΫϨδελ 5 ಛੑଟ߲ࣜͷྫ: 5 By melan -
ߘऀ͕ࣗ࡞, ύϒϦοΫɾυϝΠϯ Kenji Rikitake / JEITA 26-OCT-2017 22
LFSRͷಛ ಛੑଟ߲ࣜΛબͿͱ࠷पظʹͰ͖Δ ݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚੜํࣜͷجૅ ϋʔυΣΞԽ͕༰қ →GPSɺGSMܞଳɺΠʔαωοτͳͲԠ༻ ιϑτΣΞ࣮༰қ Kenji Rikitake / JEITA
26-OCT-2017 23
҉߸తҎ֎Ͱͷ͓קΊͷٙࣅཚ Mersenne Twister (MT): ͍पظ͕औΕΔ Xorshift+/*: ߴ SFMT: MTͷվྑ൛ɺ͍पظ͕औΕΔ TinyMT:
ΈࠐΈతʹద͍ͯ͠Δ MTΛϥΠϒϥϦʹ࣋ͭݴޠ͋Δ(R, Python) ͨͩ͠҉߸తʹ͍͚ͬͯ·ͤΜ Kenji Rikitake / JEITA 26-OCT-2017 24
҉߸తʹΈͨ ٙࣅཚͷηΩϡϦςΟ Kenji Rikitake / JEITA 26-OCT-2017 25
ٙࣅཚͷ҆શΛकΔʹ ಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍ ৴པͰ͖Δ࣮Λมߋͤͣʹ͏ ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣ Kenji Rikitake / JEITA 26-OCT-2017 26
JavaScriptॲཧܥV8Ͱ͋ͬͨόά Kenji Rikitake / JEITA 26-OCT-2017 27
౷ܭతͳཚͷݕఆ ஶ͘͠ภΓ͕͋Δ߹όά·ͨҟৗͷՄೳੑ ɺฏۉɺϞϯςΧϧϩ๏ʢԁपͳͲʣ ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6 ֤छπʔϧ: Dieharder, TestU01, PractRand
7 7 ৽෦༟ʮཚͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation 6 ୮Ӌ࿕ਓɺಢۼʮٖࣅཚݕূπʔϧͷௐࠪ։ൃʯɺژେֶཧղੳݚڀॴߨڀ 1351רɺ2004ɺpp. 80-93 Kenji Rikitake / JEITA 26-OCT-2017 28
౷ܭతͳݕఆํ๏ͷݶք पظΛௐΔ͜ͱ͕Ͱ͖ͳ͍ ݕఆΛύεͯ͠༧ଌෆೳੑࣔͤͳ͍ →҉߸త҆શੜํ๏ͷݕূΛߦΘͳ͍͜ͱʹ ࣔ͢͜ͱ͕Ͱ͖ͳ͍ ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍ Kenji Rikitake / JEITA
26-OCT-2017 29
҉߸త҆શͷ݅ લఏ݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍ ෦ঢ়ଶ͕໌ͯ͠༧ଌෆೳੑ͕อͨΕΔ →ΞϧΰϦζϜ/࡞ํ๏ͷެ։͕ݕূͷେલఏ →ʮൿີͷճ࿏/ΞϧΰϦζϜʯ৴༻͞Εͳ͍ ҉߸త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃΜ →ใηΩϡϦςΟͷҰେݚڀ Kenji Rikitake
/ JEITA 26-OCT-2017 30
OSͰͷ҉߸త҆શͳཚੜख๏ Kenji Rikitake / JEITA 26-OCT-2017 31
ΑΓ҆શͳٙࣅཚΛಘΔʹ ίϯϐϡʔλ෦ͰͷΤϯτϩϐʔͰෆे →ಛʹԾϚγϯͰΤϯτϩϐʔ͕ෆ →֎෦ʹཧཚͷڙڅݯΛઃ͚Δ ཧཚʹϑΥϯɾϊΠϚϯɾϑΟϧλΛ͏ ཧཚʹϋογϡؔΛซ༻ →֎෦ͷཚ߈ܸͷӨڹΛ؇Ͱ͖Δ Kenji Rikitake /
JEITA 26-OCT-2017 32
ཧཚͱϋογϡؔͷซ༻ Kenji Rikitake / JEITA 26-OCT-2017 33
҉߸తͰٙࣅཚΛ͏ʹ ՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ͏ →Linux/macOS/BSD: /dev/urandom →Windows: CryptGenRandom →Android: SecureRandom ͦͷଞOpenSSL, LibreSSLͳͲ
ݪଇࣗͰϓϩάϥϜॻ͍͍͚ͯͳ͍ Kenji Rikitake / JEITA 26-OCT-2017 34
MCUCPUͷཧཚͷ৴པੑ Intel x86_64: RDRAND/RDSEED ໋ྩ →ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ →ͦͷ··ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔ ARM Cortex-M4Ͱࣄಉ͡ →࠷ݶϋογϡؔͱซ༻͕ඞཁ
Kenji Rikitake / JEITA 26-OCT-2017 35
ݕূෆेͳٙࣅཚʹΑΔ੬ऑੑ ݕূෆेͳٙࣅཚͷੜใ੬ऑੑͱͳΔ IEEE 802.11Ͱͷ伴ੜʹΔཚੜஔͷ੬ऑੑ ˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8 InfineonࣾͷRSA҉߸伴ੜ࣌ͷݕূෆͰ੬ऑͳ҉ ߸伴͕ੜˠTPMICΧʔυೝূʹӨڹ9 9 ROCA:
Vulnerable RSA generation (CVE-2017-15361) 8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys, 25th USENIX Security Symposium Kenji Rikitake / JEITA 26-OCT-2017 36
·ͱΊ ཧཚஔաఔ͕͔֬ͳͷΛ͏ ཧཚஔͷੜ݁ՌΛͦͷ··৴༻͠ͳ͍ ٙࣅཚ৽͘͠ධՁ͕࣮֬ͳͷΛ͏ ҉߸ϓϩτίϧʹOSͷϥΠϒϥϦΛ͏ ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυϦεΫ Kenji Rikitake / JEITA
26-OCT-2017 37
͋Γ͕ͱ͏͍͟͝·ͨ͠ ࣭͝ΛͲ͏ͧ Kenji Rikitake / JEITA 26-OCT-2017 38
ຊจதͷURLʹ͍ͭͯ https://speakerdeck.com/ jj1bdx/jeita-20171026 Λࢀর ը૾ΫϨδοτ: ग़యΛ໌ه͍ͯ͠ͳ͍ͷྗ ݈͕࣍ࡱӨ λΠτϧεϥΠυͷഎܠ: TV Noise,
Theodore Pulser, PublicDomainPictures.net (public domain) ֤ηΫγϣϯͷഎܠʢࣈͷฒΜͰ͍Δͷʣ: Tyler Easton, Unsplash.com (public domain) Kenji Rikitake / JEITA 26-OCT-2017 39