Upgrade to Pro — share decks privately, control downloads, hide ads and more …

「サイバーセキュリティ (2020夏)」第3-4回「セキュリティの基礎とインシデントレスポンス」 / Basics of Security and Incident Response

「サイバーセキュリティ (2020夏)」第3-4回「セキュリティの基礎とインシデントレスポンス」 / Basics of Security and Incident Response

2020年6月22日、早稲田大学 大学院経営管理研究科の「サイバーセキュリティ (2020夏)」第3-4回にて使用したスライドです。

Kenji Saito

June 22, 2020
Tweet

More Decks by Kenji Saito

Other Decks in Technology

Transcript

  1. 1 6 15 • 2 6 15 • 3 6

    22 • 4 6 22 • 5 6 29 I 6 6 29 I 7 7 6 8 7 6 9 7 13 10 7 13 11 7 20 II 12 7 20 II 13 7 27 14 7 27 2020 3-4 — 2020-06-22 – p.3/54
  2. 1. (1) (2) 2020 6 18 ( ) 23:59 JST

    Waseda Moodle 2020 3-4 — 2020-06-22 – p.6/54
  3. . . . . . . 19 14 ( )

    ( ) Moodle ^^; 2020 3-4 — 2020-06-22 – p.7/54
  4. T PC ⇒ × → . . . (ex. )

    “In one survey, carried out by PentaSafe Security, two-thirds of commuters at London’s Victoria Station were happy to reveal their computer password in return for a ballpoint pen” — The Future of Technology 2020 3-4 — 2020-06-22 – p.12/54
  5. ( ) (1) : ( ) (2) : ( )(

    ) ( ) ( ) ( ↓ ) → ( : “Correct Horse Battery Staple”) Apple ID 2020 3-4 — 2020-06-22 – p.16/54
  6. 3 2 ( ) (2 ) . . . .

    . . . . . (1) : (2) : (3) : (4) : IC ( ) (2 ) . . . 2020 3-4 — 2020-06-22 – p.17/54
  7. (1) ( ) ( ) ( 16 ) SHA (Secure

    Hash Algorithm) ( ) 1bit 2020 3-4 — 2020-06-22 – p.19/54
  8. (2) . . . H m H(m) = H(m′) m′

    (m′ = m) H(m) m m′ H(m) = H(m′) ( m′ = m) 2020 3-4 — 2020-06-22 – p.20/54
  9. ( ) (TCP, UDP) SSL (Secure Sockets Layer) → TLS

    (Transport Layer Security) HTTPS IP (Internet Protocol) IPsec DNS DNSSEC (S/MIME) (PGP ) 2020 3-4 — 2020-06-22 – p.22/54
  10. = . . . (AES : Advanced Encryption Standard) (

    . . . ) 2020 3-4 — 2020-06-22 – p.23/54
  11. (RSA ) Πϯλʔωοτ ɾ ෮߸จͱݟͳͯ͠ ɹެ։ݤͰ҉߸Խ ɾ ॺ໊෇͖ฏจΛૹ৴ ɾ ҉߸จͱݟͳͯ͠

    ɹൿີݤͰ෮߸ ड৴ऀ ެ։ݤ ൿີݤ ൃ৴ऀ ฏจ ฏจ ൿີݤ ެ։ݤ ݤ ॺ໊ ॺ໊ ɾ ͋Β͔͡Ίެ։ݤΛ഑෇͓ͯ͘͠ ݤϖΞ μΠδΣετ μΠδΣετ ɾ ෮߸ˠ҉߸Խॲཧͨ͠μΠδΣετ͸ ɹݩʹ໭Δ͸͕ͣͩɺ ͦΕ͕ฏจ͔Β ɹܭࢉͨ͠μΠδΣετͱҰக͢Δ͔ ( ) RSA ( Rivest, Shamir, Adleman ; ) Bitcoin ECDSA ( DSA : Digital Signature Algorithm) 2020 3-4 — 2020-06-22 – p.25/54
  12. : < , > : : < , , >

    : OK NG 2020 3-4 — 2020-06-22 – p.26/54
  13. ( ) PKI ( ) ɾ ΠϯλʔωοτΛ௨ͯ͠ಘͨެ։ݤʹ͸ ɹຊ෺ͩͱ͍͏อূ͕ͳ͍ ɾ ূ໌ॻͷॺ໊ʹ࢖ΘΕ͍ͯΔެ։ݤ΋ຊ෺͔෼͔Βͳ͍

    "MJDF #PC $BSPMF ূ໌ऀ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ # C C C C C C C C C " # ୭ͷʁ $" Πϯλʔωοτ ॺ໊ ॺ ॺ໊ ໊ ໊ ɾ ̖ͷެ։ݤ΁ͷॺ໊ ূ໌ॻ ɾ ͨͩ͠ɺ ॺ໊͕ຊ෺͔ݕূ͢Δ ɹʹ͸̘̖ͷެ։ݤ͕ඞཁ .BMJTTB ߈ܸऀ & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " (PKI) CA (Certificate Authority) CA CA CA ( ) ← CA 2020 3-4 — 2020-06-22 – p.28/54
  14. Web of Trust "MJDF͔Βݟͨɺ ਓͷ৴༻ "MJDF͔Βݟͨɺ ݤͷਅਖ਼ੑ ׬શʹ৴༻͍ͯ͠Δ ਅਖ਼Ͱ͋Δ ڀۃతʹਅਖ਼

    ਅਖ਼ͬΆ͍͔΋ ͋Δఔ౓ͷ৴༻ Θ͔Βͳ͍ Θ͔Βͳ͍ ڀۃతʹ৴༻Ͱ͖Δ "ˠ#ͷҙຯ͸  ʮ"͕#ͷެ։ݤʹॺ໊ʯ ଞਓͷެ։ݤʹॺ໊͢Δࡍɺ ϑΟϯΨʔϓϦϯτ μΠδΣετ ΛνΣοΫ͢ΔΑ͏ͳਓ͔ͳ "MJDF͸ݤͷॴ༗ऀͷ ৴༻ΛධՁ͢Δ ݤͷਅਖ਼ੑ͸ܭࢉͰ ٻΊΒΕΔ (PKI) (PGP ) 2020 3-4 — 2020-06-22 – p.29/54
  15. (safety) ( ), ( ), etc. (liveness) ( ), etc.

    ( ) ( = ) 2020 3-4 — 2020-06-22 – p.32/54
  16. CAP ( . . . ) Consistency ( ) Availability

    ( ) Partition tolerance ( ) ⇒ 3 Eventual consistency ( ) . . . 2020 3-4 — 2020-06-22 – p.33/54
  17. Consistency ( ) Strong consistency ( ) (safety) Eventual consistency

    ( ) (liveness) ↑ Weak consistency ( ) 2020 3-4 — 2020-06-22 – p.34/54
  18. (1) : (COCOA) 2020 6 19 ( ) (COCOA) (iOS

    , android ) 2020 3-4 — 2020-06-22 – p.35/54
  19. GLOCOM #1 : ∼ ∼ (INTERNET Watch) https://internet.watch.impress.co.jp/docs/event/1259046.html ( )

    https://roppongi-kaigi.org/wp-content/uploads/2020/06/200616_ _v1.0.pdf . . . 6 (BUSINESS INSIDER) https://www.businessinsider.jp/post-214726 Code for Japan COVID-19 Radar ( ) ( ) ( 200616_ _v1.0.pdf ) Apple and Google, “Exposure Notification — Cryptography Specification” https://covid19-static.cdn-apple.com/ .. . /ExposureNotification-CryptographySpecificationv1.2.pdf 2020 3-4 — 2020-06-22 – p.36/54
  20. ( ) ௨஌αʔό εϚϗ εϚϗ ް࿑ল Ұ࣌๫࿐Ωʔ CJU ྠసۙ઀ࣝผΩʔ ى఺࣌ࠁ

    i ͦͷ࣌ͷ࣌ࠁ  ೔ຖʹੜ੒͢Δ ϥϯμϜͳ਺ ࣌ࠁ͸  ෼ִؒͰ ࠁΉ #MVFUPPUI ͷ ࣝผࢠ͸ ίϩίϩมΘΔ ް࿑ল͕ൃߦ͢Δ ίʔυΛ෇͚ͳ͍ͱ ΞοϓϩʔυͰ͖ͳ͍ ݕࠪͰཅੑ൑ఆΛड͚ͨΒ աڈ  ೔෼Ξοϓϩʔυ Ͱ͖Δ  ೔  ճ μ΢ϯϩʔυ͢Δ ˞$0$0"ͷ࢓্༷ɺϝλσʔλ͸͓ͦΒ͘ෆཁ ΋͠Ұக͢Δ΋ͷ͕ ݟ͔ͭͬͨΒ ߴ͍֬཰Ͱ ೱް઀৮͍ͯ͠Δ Ұํ޲ੑؔ਺ ڞ௨伴҉߸ ෮߸Ͱ͖Δ  ݸܭࢉͰ͖Δ ͜ΕΒΛ #MVFUPPUI ͰૹΔ ूΊͨ͜ΕΒ͸ աڈ  ೔෼Λอଘ 伴 伴 ڞ௨伴҉߸ ྠసۙ઀ࣝผࢠ ҉߸Խ͞Εͨϝλσʔλ ྠసۙ઀ࣝผࢠ ҉߸Խ͞Εͨϝλσʔλ ྠసۙ઀ࣝผࢠ Ұ࣌๫࿐Ωʔ CJU ى఺࣌ࠁ i ϝλσʔλ ϝλσʔλ 2020 3-4 — 2020-06-22 – p.37/54
  21. ( ) 1970 1 1 00:00:00 GMT 10 24 (128bit)

    i 144 (10 ×144 = 24 ) 14 (2 ) i BLE MAC a (128bit) Bluetooth ( ) a BLE (Bluetooth Low Energy) Bluetooth , MAC Bluetooth 10∼20 MAC 2020 3-4 — 2020-06-22 – p.38/54
  22. ( ) 14 i ( 1 1 ) i 144

    Bluetooth 2020 3-4 — 2020-06-22 – p.39/54
  23. Πϯγσϯτͷ༧ஹͳͲ ॳಈରԠ ෮چાஔ ࢑ఆରԠ ࠶ൃ๷ࢭࡦ ߃ٱରԠ ݕ౼ ࣄޙରԠ τϦΞʔδ ใ

    ࠂ ɾ ެ ද Π ϯ γ σ ϯ τ ϋ ϯ υ Ϧ ϯ ά Π ϯ γ σ ϯ τ Ϩ ε ϙ ϯ ε ސ ٬ ɾ ެ ڞ ݕ஌ɾड෇ ରԠํ਑ݕ౼ 1PJOUPG$POUBDU ূڌอશ ෧͡ࠐΊ ࠜઈ , , DoS , , etc. 2020 3-4 — 2020-06-22 – p.43/54
  24. ( ) JPCERT/CC, NISC, ( ) ( ) 2020 3-4

    — 2020-06-22 – p.49/54
  25. (3) : 70 1,000 Twitter 3 1. 2. 3. 3

    2020 3-4 — 2020-06-22 – p.51/54
  26. 2. OK (1) (2) 2020 6 25 ( ) 23:59

    JST Waseda Moodle 2020 3-4 — 2020-06-22 – p.53/54