Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
セキュリティの基礎とインシデントレスポンス / Security Fundamentals a...
Search
Kenji Saito
PRO
June 13, 2022
Technology
0
190
セキュリティの基礎とインシデントレスポンス / Security Fundamentals and Incident Response
2022年6月13日(月)、早稲田大学 大学院経営管理研究科「サイバーセキュリティ」にて使用するスライドです。
Kenji Saito
PRO
June 13, 2022
Tweet
Share
More Decks by Kenji Saito
See All by Kenji Saito
We Never Took the Kobayashi Maru Test Until Now. What Do You Think of Our Solutions? — Journeys of the Mind Through a No-Win Game
ks91
PRO
0
12
思いつきが武器になる:研究というゲームを始めよう / Ideas Are Your Equipments : Let the Game of Research Begin!
ks91
PRO
0
65
ロボットを雰囲気(ヴァイブ)でプログラミングするこどもたち / Children Vibe-Programming Robots
ks91
PRO
0
21
アカデミーキャンプ 2025 SuuuuuuMMeR「燃えろ!!ロボコン」 / Academy Camp 2025 SuuuuuuMMeR "Burn the Spirit, Robocon!!" DAY 3
ks91
PRO
0
30
アカデミーキャンプ 2025 SuuuuuuMMeR「燃えろ!!ロボコン」 / Academy Camp 2025 SuuuuuuMMeR "Burn the Spirit, Robocon!!" DAY 2
ks91
PRO
0
32
アカデミーキャンプ 2025 SuuuuuuMMeR「燃えろ!!ロボコン」 / Academy Camp 2025 SuuuuuuMMeR "Burn the Spirit, Robocon!!" DAY 1
ks91
PRO
0
160
未来へのフォワードキャスト / Forward Cast to the Future
ks91
PRO
0
86
発表と総括 / Presentations and Summary
ks91
PRO
0
61
サイバーフィジカル社会、金融の未来とアイデアソン / Cyber Physical Society, Future of Finance, and Ideathon
ks91
PRO
0
78
Other Decks in Technology
See All in Technology
JuniorからSeniorまで: DevOpsエンジニアの成長ロードマップ
yuriemori
2
350
DuckDB-Wasmを使って ブラウザ上でRDBMSを動かす
hacusk
1
140
努力家なスクラムマスターが陥る「傍観者」という罠と乗り越えた先に信頼があった話 / 20250830 Takahiro Sasaki
shift_evolve
PRO
2
130
実運用で考える PGO
kworkdev
PRO
0
130
つくって納得、つかって実感! 大規模言語モデルことはじめ
recruitengineers
PRO
32
12k
役割は変わっても、変わらないもの 〜スクラムマスターからEMへの転身で学んだ信頼構築の本質〜 / How to build trust
shinop
0
150
サンドボックス技術でAI利活用を促進する
koh_naga
0
150
7月のガバクラ利用料が高かったので調べてみた
techniczna
3
810
Vault meets Kubernetes
mochizuki875
0
150
攻撃と防御で実践するプロダクトセキュリティ演習~導入パート~
recruitengineers
PRO
3
1.8k
AWS環境のリソース調査を Claude Code で効率化 / aws investigate with cc devio2025
masahirokawahara
2
1k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
30k
Featured
See All Featured
KATA
mclloyd
32
14k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
Testing 201, or: Great Expectations
jmmastey
45
7.6k
Music & Morning Musume
bryan
46
6.8k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Optimizing for Happiness
mojombo
379
70k
How STYLIGHT went responsive
nonsquared
100
5.8k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
jQuery: Nuts, Bolts and Bling
dougneiner
64
7.9k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6k
Transcript
2022 3-4 (WBS) 2022 3-4 — 2022-06-13 – p.1/57
https://speakerdeck.com/ks91 WBS 2022 3-4 — 2022-06-13 – p.2/57
1 6 6 • 2 6 6 • 3 6
13 • 4 6 13 • 5 6 20 I ( ) 6 6 20 I ( ) 7 6 27 ( ) 8 6 27 ( ) 9 7 4 10 7 4 11 7 11 12 7 11 13 7 18 II ( ) 14 7 18 II ( ) 15 7 25 2022 3-4 — 2022-06-13 – p.3/57
+ + 2022 3-4 — 2022-06-13 – p.4/57
2022 3-4 — 2022-06-13 – p.5/57
1. (1) (2) 2022 6 9 ( ) 23:59 JST
Waseda Moodle (Q & A ) 2022 3-4 — 2022-06-13 – p.6/57
. . . . . . 11 ( ) 7
( ) ( ) 2022 3-4 — 2022-06-13 – p.7/57
Y T ⇒ 2022 3-4 — 2022-06-13 – p.8/57
O back plan ⇒ 2022 3-4 — 2022-06-13 – p.9/57
(1) : NFT (2) : 2022 3-4 — 2022-06-13 –
p.10/57
NPO https://www.nisc.go.jp/security-site/blue_handbook/index.html 1 6 2022 3-4 — 2022-06-13 – p.11/57
2022 3-4 — 2022-06-13 – p.12/57
( ) (1) : ( ) (2) : ( )(
) ( ) ( ) ( ↓ ) → ( : “Correct Horse Battery Staple”) ( ) 2022 3-4 — 2022-06-13 – p.13/57
3 2 ( ) (2 ) . . . .
. . . . . (1) : (2) : (3) : (4) : IC ( ) (2 ) . . . 2022 3-4 — 2022-06-13 – p.14/57
( ) CAP 2022 3-4 — 2022-06-13 – p.15/57
(1) ( ) ( ) ( 16 ) SHA (Secure
Hash Algorithm) ( ) 1bit 2022 3-4 — 2022-06-13 – p.16/57
(2) . . . H m H(m) = H(m′) m′
(m′ = m) H(m) m m′ H(m) = H(m′) ( m′ = m) 2022 3-4 — 2022-06-13 – p.17/57
SHA-1 https://shattered.io 2017 2 Google (CWI) (shattered ) SHA-1 2022
3-4 — 2022-06-13 – p.18/57
( ) (TCP, UDP) SSL (Secure Sockets Layer) → TLS
(Transport Layer Security) HTTPS IP (Internet Protocol) IPsec DNS DNSSEC (S/MIME) (PGP ) 2022 3-4 — 2022-06-13 – p.19/57
= . . . (AES : Advanced Encryption Standard) (
. . . ) 2022 3-4 — 2022-06-13 – p.20/57
2022 3-4 — 2022-06-13 – p.21/57
(RSA ) Πϯλʔωοτ ɾ ෮߸จͱݟͳͯ͠ ɹެ։ݤͰ҉߸Խ ɾ ॺ໊͖ฏจΛૹ৴ ɾ ҉߸จͱݟͳͯ͠
ɹൿີݤͰ෮߸ ड৴ऀ ެ։ݤ ൿີݤ ൃ৴ऀ ฏจ ฏจ ൿີݤ ެ։ݤ ݤ ॺ໊ ॺ໊ ɾ ͋Β͔͡Ίެ։ݤΛ͓ͯ͘͠ ݤϖΞ μΠδΣετ μΠδΣετ ɾ ෮߸ˠ҉߸Խॲཧͨ͠μΠδΣετ ɹݩʹΔ͕ͣͩɺ ͦΕ͕ฏจ͔Β ɹܭࢉͨ͠μΠδΣετͱҰக͢Δ͔ ( ) RSA ( Rivest, Shamir, Adleman ; ) Bitcoin ECDSA ( DSA : Digital Signature Algorithm) 2022 3-4 — 2022-06-13 – p.22/57
: < , > : : < , , >
: OK NG 2022 3-4 — 2022-06-13 – p.23/57
( ) RSA ( ) 2022 3-4 — 2022-06-13 –
p.24/57
RSA ( ) . . . Fermat Attack on RSA
(RSA ) (2022 3 14 ) https://fermatattack.secvuln.info ( ) ( ) / 1643 2 RSA 2 OK ( ) https://qiita.com/tnakagawa/items/d87fd8459ec9e1ce6844 RSA 2022 3-4 — 2022-06-13 – p.25/57
( ) PKI ( ) ɾ ΠϯλʔωοτΛ௨ͯ͠ಘͨެ։ݤʹ ɹຊͩͱ͍͏อূ͕ͳ͍ ɾ ূ໌ॻͷॺ໊ʹΘΕ͍ͯΔެ։ݤຊ͔͔Βͳ͍
"MJDF #PC $BSPMF ূ໌ऀ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ # C C C C C C C C C " # ୭ͷʁ $" Πϯλʔωοτ ॺ໊ ॺ ॺ໊ ໊ ໊ ɾ ̖ͷެ։ݤͷॺ໊ ূ໌ॻ ɾ ͨͩ͠ɺ ॺ໊͕ຊ͔ݕূ͢Δ ɹʹ̘̖ͷެ։ݤ͕ඞཁ .BMJTTB ߈ܸऀ & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " (PKI) CA (Certificate Authority) CA CA CA ( ) ← CA 2022 3-4 — 2022-06-13 – p.26/57
Web of Trust "MJDF͔Βݟͨɺ ਓͷ৴༻ "MJDF͔Βݟͨɺ ݤͷਅਖ਼ੑ શʹ৴༻͍ͯ͠Δ ਅਖ਼Ͱ͋Δ ڀۃతʹਅਖ਼
ਅਖ਼ͬΆ͍͔ ͋Δఔͷ৴༻ Θ͔Βͳ͍ Θ͔Βͳ͍ ڀۃతʹ৴༻Ͱ͖Δ "ˠ#ͷҙຯ ʮ"͕#ͷެ։ݤʹॺ໊ʯ ଞਓͷެ։ݤʹॺ໊͢Δࡍɺ ϑΟϯΨʔϓϦϯτ μΠδΣετ ΛνΣοΫ͢ΔΑ͏ͳਓ͔ͳ "MJDFݤͷॴ༗ऀͷ ৴༻ΛධՁ͢Δ ݤͷਅਖ਼ੑܭࢉͰ ٻΊΒΕΔ (PKI) (PGP ) 2022 3-4 — 2022-06-13 – p.27/57
10 ATM 1 ATM 1 : http://www.slideshare.net/yamaz2/ss-58813038 ( ) ⇒
ATM 2022 3-4 — 2022-06-13 – p.28/57
(safety) ( ), ( ), etc. (liveness) ( ), etc.
( ) ( = ) 2022 3-4 — 2022-06-13 – p.29/57
CAP ( . . . ) Consistency ( ) Availability
( ) Partition tolerance ( ) ⇒ 3 Eventual consistency ( ) . . . 2022 3-4 — 2022-06-13 – p.30/57
Consistency ( ) Strong consistency ( ) (safety) Eventual consistency
( ) (liveness) ↑ Weak consistency ( ) 2022 3-4 — 2022-06-13 – p.31/57
(1) : NFT 2022 3-4 — 2022-06-13 – p.32/57
( ) = = : . . . ( :
) ( ) . . . . . . . . . 2022 3-4 — 2022-06-13 – p.33/57
↑ ( ) PDF 2022 3-4 — 2022-06-13 – p.34/57
⇒ ( ) . . . . . . 2022
3-4 — 2022-06-13 – p.35/57
NFT ( ) NFT : Non-Fungible Token ( ) (1
) → fungible token (1 ) → NFT 2022 3-4 — 2022-06-13 – p.36/57
ERC-721 ERC (Ethereum Request for Comments) 721 (721 ) https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md
interface ERC721 { function balanceOf(address _owner) external view returns (uint256); function ownerOf(uint256 _tokenId) external view returns (address); function safeTransferFrom(address _from, address _to, uint256 _tokenId, . . . ) external payable; : } interface ERC721TokenReceiver { function onERC721Received( .. . , uint256 _tokenId, . . . ) external returns(bytes4); } interface ERC721Metadata { function name() external view returns (string _name); function symbol() external view returns (string _symbol); function tokenURI(uint256 _tokenId) external view returns (string); } tokenURI URL ( ) ( ) 2022 3-4 — 2022-06-13 – p.37/57
NFT ( ) τʔΫϯ *% ൪߸ 63* ΞυϨε 63* /'5
Ұҙ Ұҙʁ Ұҙʁ Ұҙʁ Ұҙ ࣄ্࣮Ұҙ ϝλσʔλ ίϯτϥΫτͱ͍͏ఆٛҬ ˞ͦͷίϯτϥΫτͱ͍͏ఆٛҬͷதͰ ɹ࣮ઢҹͰࣔͨ͠ҰҙੑΛอূ͢Δʹա͗ͳ͍ ˞ഁઢҹͰࣔͨ͠Ұҙੑɺ࣮ɾӡ༻ͷ࣍ୈͰอূͰ͖Δ ˞ྫ͑ɺ63* 63- ͕ͦΕ͕ࢦ͢Ϧιʔεͷ ɹ҉߸ֶతμΠδΣετΛؚΉ ରσʔλ ը૾ͱ͔ ॴ༗ऀ ϝλσʔλ 63* ରσʔλ 63* ൿີ伴 Ұҙ Ұҙʁ 2022 3-4 — 2022-06-13 – p.38/57
NFT NFT URL Marlinspike, M.: My first impressions of web3
(2022) Web3 . . . URL ↑ NFT → → NFT NFT ↔ Lazy Minting NFT ( ) 2022 3-4 — 2022-06-13 – p.39/57
NFT < , ID> ERC-721 ← OK NFT . .
. ID → ID NFT NFT URL . . . URL . . . →NFT 2022 3-4 — 2022-06-13 – p.40/57
NFT NFT . . . NFT ( ) ↑ ID
. . . 2022 3-4 — 2022-06-13 – p.41/57
NFT : ERC-721 NFT NFT (ID) NFT → URI NFT
( NFT ) (ID) (URI) → NFT ( ) URI → ( ) → ( ) NFT NFT NFT 2022 3-4 — 2022-06-13 – p.42/57
NFT NFT ⇒ 2022 3-4 — 2022-06-13 – p.43/57
(2) : https://www.cloudsign.jp https://www.gmosign.com 2022 3-4 — 2022-06-13 – p.44/57
NPO NICT CYDER https://cyder.nict.go.jp (3) : 2022 3-4 — 2022-06-13
– p.45/57
Πϯγσϯτͷ༧ஹͳͲ ॳಈରԠ ෮چાஔ ఆରԠ ࠶ൃࢭࡦ ߃ٱରԠ ݕ౼ ࣄޙରԠ τϦΞʔδ ใ
ࠂ ɾ ެ ද Π ϯ γ σ ϯ τ ϋ ϯ υ Ϧ ϯ ά Π ϯ γ σ ϯ τ Ϩ ε ϙ ϯ ε ސ ٬ ɾ ެ ڞ ݕɾड ରԠํݕ౼ 1PJOUPG$POUBDU ূڌอશ ෧͡ࠐΊ ࠜઈ , , DoS , , etc. 2022 3-4 — 2022-06-13 – p.46/57
Point of Contact (PoC) 1 2022 3-4 — 2022-06-13 –
p.47/57
2022 3-4 — 2022-06-13 – p.48/57
HDD ( ) 2022 3-4 — 2022-06-13 – p.49/57
2022 3-4 — 2022-06-13 – p.50/57
( ) 2022 3-4 — 2022-06-13 – p.51/57
( ) JPCERT/CC, NISC, ( ) ( ) 2022 3-4
— 2022-06-13 – p.52/57
(1 ) 2022 3-4 — 2022-06-13 – p.53/57
(3) : 70 1,000 Twitter 3 1. 2. 3. 3
2022 3-4 — 2022-06-13 – p.54/57
2022 3-4 — 2022-06-13 – p.55/57
2. OK (1) (2) 2020 6 16 ( ) 23:59
JST Waseda Moodle (Q & A ) 2022 3-4 — 2022-06-13 – p.56/57
Zoom Discord # 2022 3-4 — 2022-06-13 – p.57/57