$30 off During Our Annual Pro Sale. View Details »

セキュリティの基礎とインシデントレスポンス / Security Fundamentals and Incident Response

セキュリティの基礎とインシデントレスポンス / Security Fundamentals and Incident Response

2022年6月13日(月)、早稲田大学 大学院経営管理研究科「サイバーセキュリティ」にて使用するスライドです。

Kenji Saito
PRO

June 13, 2022
Tweet

More Decks by Kenji Saito

Other Decks in Technology

Transcript

  1. 2022
    3-4
    (WBS)
    2022 3-4 — 2022-06-13 – p.1/57

    View Slide

  2. https://speakerdeck.com/ks91
    WBS
    2022 3-4 — 2022-06-13 – p.2/57

    View Slide

  3. 1 6 6 •
    2 6 6 •
    3 6 13 •
    4 6 13 •
    5 6 20 I ( )
    6 6 20 I ( )
    7 6 27 ( )
    8 6 27 ( )
    9 7 4
    10 7 4
    11 7 11
    12 7 11
    13 7 18 II ( )
    14 7 18 II ( )
    15 7 25
    2022 3-4 — 2022-06-13 – p.3/57

    View Slide

  4. +
    +
    2022 3-4 — 2022-06-13 – p.4/57

    View Slide

  5. 2022 3-4 — 2022-06-13 – p.5/57

    View Slide

  6. 1.
    (1)
    (2)
    2022 6 9 ( ) 23:59 JST
    Waseda Moodle (Q & A )
    2022 3-4 — 2022-06-13 – p.6/57

    View Slide

  7. . . . . . .
    11 ( ) 7 ( ) ( )
    2022 3-4 — 2022-06-13 – p.7/57

    View Slide

  8. Y T

    2022 3-4 — 2022-06-13 – p.8/57

    View Slide

  9. O
    back plan

    2022 3-4 — 2022-06-13 – p.9/57

    View Slide

  10. (1) : NFT
    (2) :
    2022 3-4 — 2022-06-13 – p.10/57

    View Slide

  11. NPO
    https://www.nisc.go.jp/security-site/blue_handbook/index.html
    1
    6
    2022 3-4 — 2022-06-13 – p.11/57

    View Slide

  12. 2022 3-4 — 2022-06-13 – p.12/57

    View Slide

  13. ( )
    (1) :
    ( )
    (2) : ( )( )
    ( ) ( )
    ( ↓ )

    ( : “Correct Horse Battery Staple”)
    ( )
    2022 3-4 — 2022-06-13 – p.13/57

    View Slide

  14. 3 2 ( ) (2 )
    . . .
    . . .
    . . .
    (1) :
    (2) :
    (3) :
    (4) : IC
    ( )
    (2 )
    . . .
    2022 3-4 — 2022-06-13 – p.14/57

    View Slide

  15. ( )
    CAP
    2022 3-4 — 2022-06-13 – p.15/57

    View Slide

  16. (1)
    ( )
    (
    ) ( 16
    )
    SHA (Secure Hash Algorithm)
    ( ) 1bit
    2022 3-4 — 2022-06-13 – p.16/57

    View Slide

  17. (2)
    . . .
    H m
    H(m) = H(m′) m′ (m′ = m)
    H(m) m m′
    H(m) = H(m′) ( m′ = m)
    2022 3-4 — 2022-06-13 – p.17/57

    View Slide

  18. SHA-1
    https://shattered.io
    2017 2 Google
    (CWI)
    (shattered )
    SHA-1
    2022 3-4 — 2022-06-13 – p.18/57

    View Slide

  19. ( )
    (TCP, UDP)
    SSL (Secure Sockets Layer) → TLS (Transport Layer Security)
    HTTPS
    IP (Internet Protocol)
    IPsec
    DNS
    DNSSEC
    (S/MIME) (PGP )
    2022 3-4 — 2022-06-13 – p.19/57

    View Slide

  20. =
    . . .
    (AES : Advanced Encryption Standard)
    (
    . . .
    )
    2022 3-4 — 2022-06-13 – p.20/57

    View Slide

  21. 2022 3-4 — 2022-06-13 – p.21/57

    View Slide

  22. (RSA )
    Πϯλʔωοτ
    ɾ
    ෮߸จͱݟͳͯ͠
    ɹެ։ݤͰ҉߸Խ
    ɾ
    ॺ໊෇͖ฏจΛૹ৴
    ɾ
    ҉߸จͱݟͳͯ͠
    ɹൿີݤͰ෮߸
    ड৴ऀ
    ެ։ݤ
    ൿີݤ
    ൃ৴ऀ
    ฏจ
    ฏจ
    ൿີݤ
    ެ։ݤ
    ݤ
    ॺ໊ ॺ໊
    ɾ
    ͋Β͔͡Ίެ։ݤΛ഑෇͓ͯ͘͠
    ݤϖΞ
    μΠδΣετ
    μΠδΣετ
    ɾ
    ෮߸ˠ҉߸Խॲཧͨ͠μΠδΣετ͸
    ɹݩʹ໭Δ͸͕ͣͩɺ
    ͦΕ͕ฏจ͔Β
    ɹܭࢉͨ͠μΠδΣετͱҰக͢Δ͔
    ( )
    RSA ( Rivest, Shamir, Adleman ; )
    Bitcoin ECDSA ( DSA : Digital Signature Algorithm)
    2022 3-4 — 2022-06-13 – p.22/57

    View Slide

  23. : < , >
    :
    : < , , >
    : OK NG
    2022 3-4 — 2022-06-13 – p.23/57

    View Slide

  24. ( )
    RSA ( )
    2022 3-4 — 2022-06-13 – p.24/57

    View Slide

  25. RSA ( )
    . . .
    Fermat Attack on RSA (RSA ) (2022 3 14 )
    https://fermatattack.secvuln.info
    ( )
    ( )
    /
    1643 2
    RSA 2
    OK ( )
    https://qiita.com/tnakagawa/items/d87fd8459ec9e1ce6844
    RSA
    2022 3-4 — 2022-06-13 – p.25/57

    View Slide

  26. ( )
    PKI ( )
    ɾ
    ΠϯλʔωοτΛ௨ͯ͠ಘͨެ։ݤʹ͸
    ɹຊ෺ͩͱ͍͏อূ͕ͳ͍
    ɾ
    ূ໌ॻͷॺ໊ʹ࢖ΘΕ͍ͯΔެ։ݤ΋ຊ෺͔෼͔Βͳ͍
    "MJDF #PC
    $BSPMF ূ໌ऀ

    ެ։ݤ
    ݤϖΞ
    ൿີݤ
    ൿີݤ
    ൿີݤ
    ެ։ݤ
    ެ։ݤ
    ݤϖΞ
    ൿີݤ
    ൿີݤ
    ൿີݤ
    ެ։ݤ
    ެ։ݤ
    ݤϖΞ
    ൿີݤ
    ൿີݤ
    ൿີݤ
    ެ։ݤ
    # C
    C
    C
    C
    C
    C
    C
    C
    C
    " #
    ୭ͷʁ
    $"
    Πϯλʔωοτ
    ॺ໊

    ॺ໊


    ɾ
    ̖ͷެ։ݤ΁ͷॺ໊ ূ໌ॻ

    ɾ
    ͨͩ͠ɺ
    ॺ໊͕ຊ෺͔ݕূ͢Δ
    ɹʹ͸̘̖ͷެ։ݤ͕ඞཁ
    .BMJTTB ߈ܸऀ

    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    .
    "
    (PKI)
    CA (Certificate Authority)
    CA CA
    CA ( ) ← CA
    2022 3-4 — 2022-06-13 – p.26/57

    View Slide

  27. Web of Trust
    "MJDF͔Βݟͨɺ
    ਓͷ৴༻ "MJDF͔Βݟͨɺ
    ݤͷਅਖ਼ੑ
    ׬શʹ৴༻͍ͯ͠Δ ਅਖ਼Ͱ͋Δ
    ڀۃతʹਅਖ਼ ਅਖ਼ͬΆ͍͔΋
    ͋Δఔ౓ͷ৴༻
    Θ͔Βͳ͍ Θ͔Βͳ͍
    ڀۃతʹ৴༻Ͱ͖Δ
    "ˠ#ͷҙຯ͸

    ʮ"͕#ͷެ։ݤʹॺ໊ʯ
    ଞਓͷެ։ݤʹॺ໊͢Δࡍɺ
    ϑΟϯΨʔϓϦϯτ μΠδΣετ

    ΛνΣοΫ͢ΔΑ͏ͳਓ͔ͳ
    "MJDF͸ݤͷॴ༗ऀͷ
    ৴༻ΛධՁ͢Δ
    ݤͷਅਖ਼ੑ͸ܭࢉͰ
    ٻΊΒΕΔ
    (PKI) (PGP )
    2022 3-4 — 2022-06-13 – p.27/57

    View Slide

  28. 10 ATM 1
    ATM 1
    :
    http://www.slideshare.net/yamaz2/ss-58813038
    ( )

    ATM
    2022 3-4 — 2022-06-13 – p.28/57

    View Slide

  29. (safety)
    ( ), ( ), etc.
    (liveness)
    ( ), etc.
    ( )
    ( = )
    2022 3-4 — 2022-06-13 – p.29/57

    View Slide

  30. CAP (
    . . .
    )
    Consistency ( )
    Availability ( )
    Partition tolerance ( )
    ⇒ 3
    Eventual consistency ( )
    . . .
    2022 3-4 — 2022-06-13 – p.30/57

    View Slide

  31. Consistency ( )
    Strong consistency ( )
    (safety)
    Eventual consistency ( )
    (liveness)

    Weak consistency ( )
    2022 3-4 — 2022-06-13 – p.31/57

    View Slide

  32. (1) : NFT
    2022 3-4 — 2022-06-13 – p.32/57

    View Slide

  33. ( )
    = =
    :
    . . . ( : )
    ( ) . . .
    . . .
    . . .
    2022 3-4 — 2022-06-13 – p.33/57

    View Slide


  34. ( )
    PDF
    2022 3-4 — 2022-06-13 – p.34/57

    View Slide


  35. ( ) . . .
    . . .
    2022 3-4 — 2022-06-13 – p.35/57

    View Slide

  36. NFT ( )
    NFT : Non-Fungible Token
    ( )
    (1 ) → fungible token
    (1 ) → NFT
    2022 3-4 — 2022-06-13 – p.36/57

    View Slide

  37. ERC-721
    ERC (Ethereum Request for Comments) 721 (721 )
    https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md
    interface ERC721 {
    function balanceOf(address _owner) external view returns (uint256);
    function ownerOf(uint256 _tokenId) external view returns (address);
    function safeTransferFrom(address _from, address _to, uint256 _tokenId,
    . . .
    ) external payable;
    :
    }
    interface ERC721TokenReceiver {
    function onERC721Received(
    .. .
    , uint256 _tokenId,
    . . .
    ) external returns(bytes4);
    }
    interface ERC721Metadata {
    function name() external view returns (string _name);
    function symbol() external view returns (string _symbol);
    function tokenURI(uint256 _tokenId) external view returns (string);
    }
    tokenURI URL ( ) ( )
    2022 3-4 — 2022-06-13 – p.37/57

    View Slide

  38. NFT ( )
    τʔΫϯ *%
    ൪߸
    63*
    ΞυϨε
    63*
    /'5
    Ұҙ
    Ұҙʁ Ұҙʁ
    Ұҙʁ
    Ұҙ
    ࣄ্࣮Ұҙ
    ϝλσʔλ
    ίϯτϥΫτͱ͍͏ఆٛҬ ˞ͦͷίϯτϥΫτͱ͍͏ఆٛҬͷதͰ
    ɹ࣮ઢ໼ҹͰࣔͨ͠ҰҙੑΛอূ͢Δʹա͗ͳ͍
    ˞ഁઢ໼ҹͰࣔͨ͠Ұҙੑ͸ɺ࣮૷ɾӡ༻ͷ޻෉࣍ୈͰอূͰ͖Δ
    ˞ྫ͑͹ɺ63* 63-
    ͕ͦΕ͕ࢦ͢Ϧιʔεͷ
    ɹ҉߸ֶతμΠδΣετΛؚΉ౳
    ର৅σʔλ
    ը૾ͱ͔
    ॴ༗ऀ
    ϝλσʔλ 63* ର৅σʔλ 63*
    ൿີ伴
    Ұҙ
    Ұҙʁ
    2022 3-4 — 2022-06-13 – p.38/57

    View Slide

  39. NFT
    NFT URL
    Marlinspike, M.: My first impressions of web3 (2022)
    Web3
    . . .
    URL
    ↑ NFT → → NFT
    NFT ↔
    Lazy Minting NFT
    ( )
    2022 3-4 — 2022-06-13 – p.39/57

    View Slide

  40. NFT
    < , ID>
    ERC-721 ←
    OK
    NFT . . .
    ID

    ID NFT
    NFT
    URL . . . URL . . .
    →NFT
    2022 3-4 — 2022-06-13 – p.40/57

    View Slide

  41. NFT
    NFT . . .
    NFT ( )

    ID . . .
    2022 3-4 — 2022-06-13 – p.41/57

    View Slide

  42. NFT :
    ERC-721 NFT
    NFT (ID)
    NFT → URI
    NFT
    ( NFT )
    (ID)
    (URI) → NFT ( )
    URI → ( )
    → ( )
    NFT
    NFT NFT
    2022 3-4 — 2022-06-13 – p.42/57

    View Slide

  43. NFT
    NFT

    2022 3-4 — 2022-06-13 – p.43/57

    View Slide

  44. (2) :
    https://www.cloudsign.jp
    https://www.gmosign.com
    2022 3-4 — 2022-06-13 – p.44/57

    View Slide

  45. NPO
    NICT CYDER
    https://cyder.nict.go.jp
    (3) :
    2022 3-4 — 2022-06-13 – p.45/57

    View Slide

  46. Πϯγσϯτͷ༧ஹͳͲ
    ॳಈରԠ
    ෮چાஔ ࢑ఆରԠ

    ࠶ൃ๷ࢭࡦ ߃ٱରԠ
    ݕ౼
    ࣄޙରԠ
    τϦΞʔδ


    ɾ
    ެ

    Π
    ϯ
    γ
    σ
    ϯ
    τ
    ϋ
    ϯ
    υ
    Ϧ
    ϯ
    ά
    Π
    ϯ
    γ
    σ
    ϯ
    τ
    Ϩ
    ε
    ϙ
    ϯ
    ε
    ސ
    ٬
    ɾ
    ެ
    ڞ
    ݕ஌ɾड෇
    ରԠํ਑ݕ౼
    1PJOUPG$POUBDU
    ূڌอશ
    ෧͡ࠐΊ
    ࠜઈ
    , , DoS , , etc.
    2022 3-4 — 2022-06-13 – p.46/57

    View Slide

  47. Point of Contact (PoC)
    1
    2022 3-4 — 2022-06-13 – p.47/57

    View Slide

  48. 2022 3-4 — 2022-06-13 – p.48/57

    View Slide

  49. HDD
    ( )
    2022 3-4 — 2022-06-13 – p.49/57

    View Slide

  50. 2022 3-4 — 2022-06-13 – p.50/57

    View Slide

  51. ( )
    2022 3-4 — 2022-06-13 – p.51/57

    View Slide

  52. ( )
    JPCERT/CC, NISC,
    ( )
    ( )
    2022 3-4 — 2022-06-13 – p.52/57

    View Slide

  53. (1 )
    2022 3-4 — 2022-06-13 – p.53/57

    View Slide

  54. (3) :
    70 1,000
    Twitter
    3
    1.
    2.
    3.
    3
    2022 3-4 — 2022-06-13 – p.54/57

    View Slide

  55. 2022 3-4 — 2022-06-13 – p.55/57

    View Slide

  56. 2. OK
    (1)
    (2)
    2020 6 16 ( ) 23:59 JST
    Waseda Moodle (Q & A )
    2022 3-4 — 2022-06-13 – p.56/57

    View Slide

  57. Zoom Discord #
    2022 3-4 — 2022-06-13 – p.57/57

    View Slide