Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
セキュリティの基礎とインシデントレスポンス / Security Fundamentals a...
Search
Kenji Saito
PRO
June 13, 2022
Technology
200
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
セキュリティの基礎とインシデントレスポンス / Security Fundamentals and Incident Response
2022年6月13日(月)、早稲田大学 大学院経営管理研究科「サイバーセキュリティ」にて使用するスライドです。
Kenji Saito
PRO
June 13, 2022
More Decks by Kenji Saito
See All by Kenji Saito
戦略と安全保障 / Strategy and Security
ks91
PRO
0
22
ローカル LLM とコンピューティングの脱領土化 / Local LLMs and Deterritorialization of Computing
ks91
PRO
0
13
サイバー戦の現在と未来 / The Present and Future of Cyber Warfare
ks91
PRO
0
71
金融の未来を考える / Thinking About the Future of Finance
ks91
PRO
0
150
AI Agentification: Current State and the Changes Ahead
ks91
PRO
0
40
サイバー攻撃・防御とサイバー法 / Cyber Attacks, Defense, and Cyber Law
ks91
PRO
0
100
AI・ロボティクスと自動化社会 / AI, Robotics, and the Automated Society
ks91
PRO
0
150
ロボティクスの技術 / Robotics Technology
ks91
PRO
0
170
インシデントレスポンス演習 I / Incident Response Exercise I
ks91
PRO
0
140
Other Decks in Technology
See All in Technology
AI時代における最適なQA組織の作り方
ymty
3
350
どうして今サーバーサイドKotlinを選択したのか
nealle
0
190
なぜ人は自分のプロジェクトを 「なんちゃってアジャイル」と 自嘲するのか
kozotaira
0
240
AI Agentをシステムに組み込む前にゆるく向き合ってみる
hayama17
0
190
しぶいSRE: サーバから見えない障害にどう向き合うか。ラストワンマイルのデバッグ実践 / Shibui SRE
kanny
0
170
AIに障害切り分けを全部やってもらった。 。 。 。
estie
0
340
飲食店もAIで。レジ締めやハンディシステムをつくってる話 / Using AI for restaurant management
vtryo
0
230
product engineering with qa
nealle
0
140
「ビジネスがわかるエンジニア」とは何か?
ryooob
0
490
なぜ私たちのSREプラクティスはなかなか機能しないのか 〜システムより先に組織を見る〜 / Why our SRE practices aren't really working
vtryo
0
160
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
170
背中から、背中へ /paying forward to community
naitosatoshi
0
210
Featured
See All Featured
Leading Effective Engineering Teams in the AI Era
addyosmani
9
2.1k
Agile that works and the tools we love
rasmusluckow
331
22k
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
300
Google's AI Overviews - The New Search
badams
0
1.1k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
3
1.1k
30 Presentation Tips
portentint
PRO
1
340
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
180
KATA
mclloyd
PRO
35
15k
Art, The Web, and Tiny UX
lynnandtonic
304
22k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Documentation Writing (for coders)
carmenintech
77
5.4k
Transcript
2022 3-4 (WBS) 2022 3-4 — 2022-06-13 – p.1/57
https://speakerdeck.com/ks91 WBS 2022 3-4 — 2022-06-13 – p.2/57
1 6 6 • 2 6 6 • 3 6
13 • 4 6 13 • 5 6 20 I ( ) 6 6 20 I ( ) 7 6 27 ( ) 8 6 27 ( ) 9 7 4 10 7 4 11 7 11 12 7 11 13 7 18 II ( ) 14 7 18 II ( ) 15 7 25 2022 3-4 — 2022-06-13 – p.3/57
+ + 2022 3-4 — 2022-06-13 – p.4/57
2022 3-4 — 2022-06-13 – p.5/57
1. (1) (2) 2022 6 9 ( ) 23:59 JST
Waseda Moodle (Q & A ) 2022 3-4 — 2022-06-13 – p.6/57
. . . . . . 11 ( ) 7
( ) ( ) 2022 3-4 — 2022-06-13 – p.7/57
Y T ⇒ 2022 3-4 — 2022-06-13 – p.8/57
O back plan ⇒ 2022 3-4 — 2022-06-13 – p.9/57
(1) : NFT (2) : 2022 3-4 — 2022-06-13 –
p.10/57
NPO https://www.nisc.go.jp/security-site/blue_handbook/index.html 1 6 2022 3-4 — 2022-06-13 – p.11/57
2022 3-4 — 2022-06-13 – p.12/57
( ) (1) : ( ) (2) : ( )(
) ( ) ( ) ( ↓ ) → ( : “Correct Horse Battery Staple”) ( ) 2022 3-4 — 2022-06-13 – p.13/57
3 2 ( ) (2 ) . . . .
. . . . . (1) : (2) : (3) : (4) : IC ( ) (2 ) . . . 2022 3-4 — 2022-06-13 – p.14/57
( ) CAP 2022 3-4 — 2022-06-13 – p.15/57
(1) ( ) ( ) ( 16 ) SHA (Secure
Hash Algorithm) ( ) 1bit 2022 3-4 — 2022-06-13 – p.16/57
(2) . . . H m H(m) = H(m′) m′
(m′ = m) H(m) m m′ H(m) = H(m′) ( m′ = m) 2022 3-4 — 2022-06-13 – p.17/57
SHA-1 https://shattered.io 2017 2 Google (CWI) (shattered ) SHA-1 2022
3-4 — 2022-06-13 – p.18/57
( ) (TCP, UDP) SSL (Secure Sockets Layer) → TLS
(Transport Layer Security) HTTPS IP (Internet Protocol) IPsec DNS DNSSEC (S/MIME) (PGP ) 2022 3-4 — 2022-06-13 – p.19/57
= . . . (AES : Advanced Encryption Standard) (
. . . ) 2022 3-4 — 2022-06-13 – p.20/57
2022 3-4 — 2022-06-13 – p.21/57
(RSA ) Πϯλʔωοτ ɾ ෮߸จͱݟͳͯ͠ ɹެ։ݤͰ҉߸Խ ɾ ॺ໊͖ฏจΛૹ৴ ɾ ҉߸จͱݟͳͯ͠
ɹൿີݤͰ෮߸ ड৴ऀ ެ։ݤ ൿີݤ ൃ৴ऀ ฏจ ฏจ ൿີݤ ެ։ݤ ݤ ॺ໊ ॺ໊ ɾ ͋Β͔͡Ίެ։ݤΛ͓ͯ͘͠ ݤϖΞ μΠδΣετ μΠδΣετ ɾ ෮߸ˠ҉߸Խॲཧͨ͠μΠδΣετ ɹݩʹΔ͕ͣͩɺ ͦΕ͕ฏจ͔Β ɹܭࢉͨ͠μΠδΣετͱҰக͢Δ͔ ( ) RSA ( Rivest, Shamir, Adleman ; ) Bitcoin ECDSA ( DSA : Digital Signature Algorithm) 2022 3-4 — 2022-06-13 – p.22/57
: < , > : : < , , >
: OK NG 2022 3-4 — 2022-06-13 – p.23/57
( ) RSA ( ) 2022 3-4 — 2022-06-13 –
p.24/57
RSA ( ) . . . Fermat Attack on RSA
(RSA ) (2022 3 14 ) https://fermatattack.secvuln.info ( ) ( ) / 1643 2 RSA 2 OK ( ) https://qiita.com/tnakagawa/items/d87fd8459ec9e1ce6844 RSA 2022 3-4 — 2022-06-13 – p.25/57
( ) PKI ( ) ɾ ΠϯλʔωοτΛ௨ͯ͠ಘͨެ։ݤʹ ɹຊͩͱ͍͏อূ͕ͳ͍ ɾ ূ໌ॻͷॺ໊ʹΘΕ͍ͯΔެ։ݤຊ͔͔Βͳ͍
"MJDF #PC $BSPMF ূ໌ऀ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ ެ։ݤ ݤϖΞ ൿີݤ ൿີݤ ൿີݤ ެ։ݤ # C C C C C C C C C " # ୭ͷʁ $" Πϯλʔωοτ ॺ໊ ॺ ॺ໊ ໊ ໊ ɾ ̖ͷެ։ݤͷॺ໊ ূ໌ॻ ɾ ͨͩ͠ɺ ॺ໊͕ຊ͔ݕূ͢Δ ɹʹ̘̖ͷެ։ݤ͕ඞཁ .BMJTTB ߈ܸऀ & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & & . " (PKI) CA (Certificate Authority) CA CA CA ( ) ← CA 2022 3-4 — 2022-06-13 – p.26/57
Web of Trust "MJDF͔Βݟͨɺ ਓͷ৴༻ "MJDF͔Βݟͨɺ ݤͷਅਖ਼ੑ શʹ৴༻͍ͯ͠Δ ਅਖ਼Ͱ͋Δ ڀۃతʹਅਖ਼
ਅਖ਼ͬΆ͍͔ ͋Δఔͷ৴༻ Θ͔Βͳ͍ Θ͔Βͳ͍ ڀۃతʹ৴༻Ͱ͖Δ "ˠ#ͷҙຯ ʮ"͕#ͷެ։ݤʹॺ໊ʯ ଞਓͷެ։ݤʹॺ໊͢Δࡍɺ ϑΟϯΨʔϓϦϯτ μΠδΣετ ΛνΣοΫ͢ΔΑ͏ͳਓ͔ͳ "MJDFݤͷॴ༗ऀͷ ৴༻ΛධՁ͢Δ ݤͷਅਖ਼ੑܭࢉͰ ٻΊΒΕΔ (PKI) (PGP ) 2022 3-4 — 2022-06-13 – p.27/57
10 ATM 1 ATM 1 : http://www.slideshare.net/yamaz2/ss-58813038 ( ) ⇒
ATM 2022 3-4 — 2022-06-13 – p.28/57
(safety) ( ), ( ), etc. (liveness) ( ), etc.
( ) ( = ) 2022 3-4 — 2022-06-13 – p.29/57
CAP ( . . . ) Consistency ( ) Availability
( ) Partition tolerance ( ) ⇒ 3 Eventual consistency ( ) . . . 2022 3-4 — 2022-06-13 – p.30/57
Consistency ( ) Strong consistency ( ) (safety) Eventual consistency
( ) (liveness) ↑ Weak consistency ( ) 2022 3-4 — 2022-06-13 – p.31/57
(1) : NFT 2022 3-4 — 2022-06-13 – p.32/57
( ) = = : . . . ( :
) ( ) . . . . . . . . . 2022 3-4 — 2022-06-13 – p.33/57
↑ ( ) PDF 2022 3-4 — 2022-06-13 – p.34/57
⇒ ( ) . . . . . . 2022
3-4 — 2022-06-13 – p.35/57
NFT ( ) NFT : Non-Fungible Token ( ) (1
) → fungible token (1 ) → NFT 2022 3-4 — 2022-06-13 – p.36/57
ERC-721 ERC (Ethereum Request for Comments) 721 (721 ) https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md
interface ERC721 { function balanceOf(address _owner) external view returns (uint256); function ownerOf(uint256 _tokenId) external view returns (address); function safeTransferFrom(address _from, address _to, uint256 _tokenId, . . . ) external payable; : } interface ERC721TokenReceiver { function onERC721Received( .. . , uint256 _tokenId, . . . ) external returns(bytes4); } interface ERC721Metadata { function name() external view returns (string _name); function symbol() external view returns (string _symbol); function tokenURI(uint256 _tokenId) external view returns (string); } tokenURI URL ( ) ( ) 2022 3-4 — 2022-06-13 – p.37/57
NFT ( ) τʔΫϯ *% ൪߸ 63* ΞυϨε 63* /'5
Ұҙ Ұҙʁ Ұҙʁ Ұҙʁ Ұҙ ࣄ্࣮Ұҙ ϝλσʔλ ίϯτϥΫτͱ͍͏ఆٛҬ ˞ͦͷίϯτϥΫτͱ͍͏ఆٛҬͷதͰ ɹ࣮ઢҹͰࣔͨ͠ҰҙੑΛอূ͢Δʹա͗ͳ͍ ˞ഁઢҹͰࣔͨ͠Ұҙੑɺ࣮ɾӡ༻ͷ࣍ୈͰอূͰ͖Δ ˞ྫ͑ɺ63* 63- ͕ͦΕ͕ࢦ͢Ϧιʔεͷ ɹ҉߸ֶతμΠδΣετΛؚΉ ରσʔλ ը૾ͱ͔ ॴ༗ऀ ϝλσʔλ 63* ରσʔλ 63* ൿີ伴 Ұҙ Ұҙʁ 2022 3-4 — 2022-06-13 – p.38/57
NFT NFT URL Marlinspike, M.: My first impressions of web3
(2022) Web3 . . . URL ↑ NFT → → NFT NFT ↔ Lazy Minting NFT ( ) 2022 3-4 — 2022-06-13 – p.39/57
NFT < , ID> ERC-721 ← OK NFT . .
. ID → ID NFT NFT URL . . . URL . . . →NFT 2022 3-4 — 2022-06-13 – p.40/57
NFT NFT . . . NFT ( ) ↑ ID
. . . 2022 3-4 — 2022-06-13 – p.41/57
NFT : ERC-721 NFT NFT (ID) NFT → URI NFT
( NFT ) (ID) (URI) → NFT ( ) URI → ( ) → ( ) NFT NFT NFT 2022 3-4 — 2022-06-13 – p.42/57
NFT NFT ⇒ 2022 3-4 — 2022-06-13 – p.43/57
(2) : https://www.cloudsign.jp https://www.gmosign.com 2022 3-4 — 2022-06-13 – p.44/57
NPO NICT CYDER https://cyder.nict.go.jp (3) : 2022 3-4 — 2022-06-13
– p.45/57
Πϯγσϯτͷ༧ஹͳͲ ॳಈରԠ ෮چાஔ ఆରԠ ࠶ൃࢭࡦ ߃ٱରԠ ݕ౼ ࣄޙରԠ τϦΞʔδ ใ
ࠂ ɾ ެ ද Π ϯ γ σ ϯ τ ϋ ϯ υ Ϧ ϯ ά Π ϯ γ σ ϯ τ Ϩ ε ϙ ϯ ε ސ ٬ ɾ ެ ڞ ݕɾड ରԠํݕ౼ 1PJOUPG$POUBDU ূڌอશ ෧͡ࠐΊ ࠜઈ , , DoS , , etc. 2022 3-4 — 2022-06-13 – p.46/57
Point of Contact (PoC) 1 2022 3-4 — 2022-06-13 –
p.47/57
2022 3-4 — 2022-06-13 – p.48/57
HDD ( ) 2022 3-4 — 2022-06-13 – p.49/57
2022 3-4 — 2022-06-13 – p.50/57
( ) 2022 3-4 — 2022-06-13 – p.51/57
( ) JPCERT/CC, NISC, ( ) ( ) 2022 3-4
— 2022-06-13 – p.52/57
(1 ) 2022 3-4 — 2022-06-13 – p.53/57
(3) : 70 1,000 Twitter 3 1. 2. 3. 3
2022 3-4 — 2022-06-13 – p.54/57
2022 3-4 — 2022-06-13 – p.55/57
2. OK (1) (2) 2020 6 16 ( ) 23:59
JST Waseda Moodle (Q & A ) 2022 3-4 — 2022-06-13 – p.56/57
Zoom Discord # 2022 3-4 — 2022-06-13 – p.57/57