「サイバーセキュリティ (2020夏)」第9-10回「サイバー戦の現在と未来」 / Cyber Warfare - Present and Future

Transcript

1. 2020 9-10 (WBS) 2020 9-10 — 2020-07-13 – p.1/34

2. https://speakerdeck.com/ks91 ( ) WBS ( ) 2020 9-10 — 2020-07-13

   – p.2/34

3. 1 6 15 • 2 6 15 • 3 6

   22 • 4 6 22 • 5 6 29 I • 6 6 29 I • 7 7 6 • 8 7 6 • 9 7 13 • 10 7 13 • 11 7 20 II 12 7 20 II 13 7 27 14 7 27 2020 9-10 — 2020-07-13 – p.3/34

4. + + 2020 9-10 — 2020-07-13 – p.4/34

5. 2020 9-10 — 2020-07-13 – p.5/34

6. 4. (1) (2) 2020 7 9 ( ) 23:59 JST

   ( ) Waseda Moodle 2020 9-10 — 2020-07-13 – p.6/34

7. . . . . . . 14 12 ( )

   ( ) / TV 13 / / / / / / 13 2020 9-10 — 2020-07-13 – p.7/34

8. T ⇒ 2020 9-10 — 2020-07-13 – p.8/34

9. T Tor ⇒ ^^; Tor Project ( Tor ) “If

   this is your first introduction to Tor Browser, we understand that you might think we’re bad people who enable even worse people.” “But please consider that our software is used every day for a wide variety of purposes by human rights activists, journalists, domestic violence survivors, whistleblowers, law enforcement officers, and many others. Unfortunately, the protection that our software can provide to these groups of people can also be abused by criminals and malware authors. The Tor Project does not support or condone the use of our software for malicious purposes.” 2020 9-10 — 2020-07-13 – p.9/34

10. . . . Tor Project F.A.Q. Doesn’t Tor enable criminals

    to do bad things? “Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides. . . .[snip]. . .” “Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that.” “Some advocates of anonymity explain that it’s just a tradeoff – accepting the bad uses for the good ones – but there’s more to it than that. Criminals and other bad people have the motivation to learn how to get good anonymity, and many have the motivation to pay well to achieve it. Being able to steal and reuse the identities of innocent victims (identity theft) makes it even easier. Normal people, on the other hand, don’t have the time or money to spend figuring out how to get privacy online. This is the worst of all possible worlds.” “So yes, criminals can use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.” 2020 9-10 — 2020-07-13 – p.10/34

11. N ⇒ ^^; 2020 9-10 — 2020-07-13 – p.11/34

12. Alice Alice sudo (superuser do) sudo UNIX Malissa (= Alice)

    Malissa Eats 2020 9-10 — 2020-07-13 – p.12/34

13. ( ) αʔό
    ʮग़લ &BUTʯαʔϏεӡ༻؀ڥ ΫϥΠΞϯτ
    ࡏ୐؀ڥ ಉ Ұ ਓ

    ෺ · ͨ ͸ ஥ ؒ ௨৴ܦ࿏ .BMJTTB
    
    ߈ܸऀ
    ݹࢁ͞Μʁ ᶃ
    ͦͷลͷίϯϐϡʔλͷݖݶΛୣऔ ɹ
    Φϓγϣφϧ #PC
    
    ҰൠΤϯδχΞ
    ࠤ౻͞Μ "MJDF
    
    ؅ཧऀ
    ݹࢁ͞Μ ؅ཧऀ͔͠ॻ͖ࠐΊͳ͍ ϑΝΠϧ܈  FUDQBTTXE FUDHSPVQ    FUDTIBEPX   ؅ཧऀ͔͠ಡΈग़ͤͳ͍ ϑΝΠϧ܈ & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . # " ެ։伴 ᶈ
    ެ։伴Λ౉͢ ᶅ
    QBTTXE
    ͱ
    TIBEPX ɹΛ౉͢ ᶆ
    αʔόͷ
    6/*9
    ύεϫʔυΛΫϥοΫͯ͠ ɹ#PC
    ͷύεϫʔυ͕ऑ͍͜ͱΛൃݟ
    ˠ
    #PC
    ஫ҙਂ͘ͳ͍ΤϯδχΞೝఆʂ ᶉ
    ؅ཧऀͱͯ͠௥ه͢Δ ᶊ
    .BMJTTB
    ͸
    #PC
    ͱͯ͠ ɹϦϞʔτϩάΠϯՄೳʜ
    ˞
    લճ͸੨ࣈͷ෦෼Λ࣮ԋ͠·ͨ͠ 
    
    .BMJTTB
    ͸
    #PC
    ʹͳΓ͢·ͭͭ͠ ɹ
    
    ؅ཧऀͷΑ͏ʹৼΔ෣͑Δʜ
    ˕
    "MJDF
    ͸ୀ৬ޙ΋αʔόΛίϯτϩʔϧͰ͖Δ ɹ
    
    ͨΊͷखஈΛಘͨ ᶋ
    #PC
    Λ
    TVEPՄʹ ᶄ
    ಡΈग़͠ ᶄ
    ಡΈग़͠ 伴ϖΞ ൿີ伴 Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ ൿີ伴 伴 ެ։伴 伴ϖΞ ൿີ伴 Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ Ξ ൿີ伴 伴 ެ։伴 ᶇ
    伴ϖΞੜ੒ ʮ४උʯ ʹͯํ๏Λॻ͖·ͨ͠ ൿີ伴 ൿີ伴 伴 "MJDF
    ͷެ։伴 "MJDF
    ͷ࡞ۀ؀ڥ 44)
    4FDVSF
    4IFMM 44) 44)
    PWFS
    5PS
    5IF
    0OJPO
    3PVUFS #PC
    ͷ࡞ۀ؀ڥ #PC
    ͷެ։伴 .BMJTTB
    ͷެ։伴 2020 9-10 — 2020-07-13 – p.13/34

14. UNIX ҉߸ֶతϋογϡؔ਺ 4)" ιϧτ
    ϥϯμϜ஋ ੜ੒͞ΕͨμΠδΣετ “/etc/shadow” $ $ $

    1 MD5 5 SHA-256 6 SHA-512 base64 (64 ) 2020 9-10 — 2020-07-13 – p.14/34

15. N ⇒ ( : GDPR (EU )) ICT ( )

    ( ) ( ) ( ) : ( ) : ( ) 2020 9-10 — 2020-07-13 – p.15/34

16. N TV 13 1995 11 ⇒ 3 . . .

    ( / / 1 ) 2 ( ) MAGI ( ) 3 ( ) A,B,C A B yes, C no B C A yes/no . . . C 3 . . . ( ; 1 2 ) 4 ( 1 1 ) 2020 9-10 — 2020-07-13 – p.16/34

17. : n = f ( or ) ( or )

    ( ) ⇒ ( ) 2020 9-10 — 2020-07-13 – p.17/34

18. : (1) 1 1, 2 n ≤ 3f 2020 9-10

    — 2020-07-13 – p.18/34

19. : (2) 2020 9-10 — 2020-07-13 – p.19/34

20. K ⇒ ( ) . . . 2020 9-10 —

    2020-07-13 – p.20/34

21. (1) : 3 (14 ) . . . TV 2020

    9-10 — 2020-07-13 – p.21/34

22. W ⇒ 2020 9-10 — 2020-07-13 – p.22/34

23. 2019 2020 9-10 — 2020-07-13 – p.23/34

24. (1) IPA ( ) 10 2020 (2020) https://www.ipa.go.jp/security/vuln/10threats2020.html 1 2

    3 4 5 6 IT 7 8 9 IoT 10 2020 9-10 — 2020-07-13 – p.24/34

25. (2) (13) (2014) (warfare) 2020 9-10 — 2020-07-13 – p.25/34

26. (warfare) . . . . . . ⇒ ( )

    2020 9-10 — 2020-07-13 – p.26/34

27. 24 365 2020 9-10 — 2020-07-13 – p.27/34

28. . . . ( ) (sabotage) (espionage) (subversion) 3 .

    . . 2020 9-10 — 2020-07-13 – p.28/34

29. – C&C 2020 9-10 — 2020-07-13 – p.29/34

30. (2) : Eats Eats Eats 2020 9-10 — 2020-07-13 –

    p.30/34

31. (3) : Eats Eats Eats 2020 9-10 — 2020-07-13 –

    p.31/34

32. 2020 9-10 — 2020-07-13 – p.32/34

33. 5. (1) (2) I Eats Eats 2020 7 16 (

    ) 23:59 JST ( ) Waseda Moodle 2020 9-10 — 2020-07-13 – p.33/34

34. 2020 9-10 — 2020-07-13 – p.34/34