2022年6月13日(月)、早稲田大学 大学院経営管理研究科「サイバーセキュリティ」にて使用するスライドです。
20223-4(WBS)2022 3-4 — 2022-06-13 – p.1/57
View Slide
https://speakerdeck.com/ks91WBS2022 3-4 — 2022-06-13 – p.2/57
1 6 6 •2 6 6 •3 6 13 •4 6 13 •5 6 20 I ( )6 6 20 I ( )7 6 27 ( )8 6 27 ( )9 7 410 7 411 7 1112 7 1113 7 18 II ( )14 7 18 II ( )15 7 252022 3-4 — 2022-06-13 – p.3/57
++2022 3-4 — 2022-06-13 – p.4/57
2022 3-4 — 2022-06-13 – p.5/57
1.(1)(2)2022 6 9 ( ) 23:59 JSTWaseda Moodle (Q & A )2022 3-4 — 2022-06-13 – p.6/57
. . . . . .11 ( ) 7 ( ) ( )2022 3-4 — 2022-06-13 – p.7/57
Y T⇒2022 3-4 — 2022-06-13 – p.8/57
Oback plan⇒2022 3-4 — 2022-06-13 – p.9/57
(1) : NFT(2) :2022 3-4 — 2022-06-13 – p.10/57
NPOhttps://www.nisc.go.jp/security-site/blue_handbook/index.html162022 3-4 — 2022-06-13 – p.11/57
2022 3-4 — 2022-06-13 – p.12/57
( )(1) :( )(2) : ( )( )( ) ( )( ↓ )→( : “Correct Horse Battery Staple”)( )2022 3-4 — 2022-06-13 – p.13/57
3 2 ( ) (2 ). . .. . .. . .(1) :(2) :(3) :(4) : IC( )(2 ). . .2022 3-4 — 2022-06-13 – p.14/57
( )CAP2022 3-4 — 2022-06-13 – p.15/57
(1)( )() ( 16)SHA (Secure Hash Algorithm)( ) 1bit2022 3-4 — 2022-06-13 – p.16/57
(2). . .H mH(m) = H(m′) m′ (m′ = m)H(m) m m′H(m) = H(m′) ( m′ = m)2022 3-4 — 2022-06-13 – p.17/57
SHA-1https://shattered.io2017 2 Google(CWI)(shattered )SHA-12022 3-4 — 2022-06-13 – p.18/57
( )(TCP, UDP)SSL (Secure Sockets Layer) → TLS (Transport Layer Security)HTTPSIP (Internet Protocol)IPsecDNSDNSSEC(S/MIME) (PGP )2022 3-4 — 2022-06-13 – p.19/57
=. . .(AES : Advanced Encryption Standard)(. . .)2022 3-4 — 2022-06-13 – p.20/57
2022 3-4 — 2022-06-13 – p.21/57
(RSA )Πϯλʔωοτɾ෮߸จͱݟͳͯ͠ɹެ։ݤͰ҉߸Խɾॺ໊͖ฏจΛૹ৴ɾ҉߸จͱݟͳͯ͠ɹൿີݤͰ෮߸ड৴ऀެ։ݤൿີݤൃ৴ऀฏจฏจൿີݤެ։ݤݤॺ໊ ॺ໊ɾ͋Β͔͡Ίެ։ݤΛ͓ͯ͘͠ݤϖΞμΠδΣετμΠδΣετɾ෮߸ˠ҉߸Խॲཧͨ͠μΠδΣετɹݩʹΔ͕ͣͩɺͦΕ͕ฏจ͔Βɹܭࢉͨ͠μΠδΣετͱҰக͢Δ͔( )RSA ( Rivest, Shamir, Adleman ; )Bitcoin ECDSA ( DSA : Digital Signature Algorithm)2022 3-4 — 2022-06-13 – p.22/57
: < , >:: < , , >: OK NG2022 3-4 — 2022-06-13 – p.23/57
( )RSA ( )2022 3-4 — 2022-06-13 – p.24/57
RSA ( ). . .Fermat Attack on RSA (RSA ) (2022 3 14 )https://fermatattack.secvuln.info( )( )/1643 2RSA 2OK ( )https://qiita.com/tnakagawa/items/d87fd8459ec9e1ce6844RSA2022 3-4 — 2022-06-13 – p.25/57
( )PKI ( )ɾΠϯλʔωοτΛ௨ͯ͠ಘͨެ։ݤʹɹຊͩͱ͍͏อূ͕ͳ͍ɾূ໌ॻͷॺ໊ʹΘΕ͍ͯΔެ։ݤຊ͔͔Βͳ͍"MJDF #PC$BSPMF ূ໌ऀެ։ݤݤϖΞൿີݤൿີݤൿີݤެ։ݤެ։ݤݤϖΞൿີݤൿີݤൿີݤެ։ݤެ։ݤݤϖΞൿີݤൿີݤൿີݤެ։ݤ# CCCCCCCCC" #୭ͷʁ$"Πϯλʔωοτॺ໊ॺॺ໊໊໊ɾ̖ͷެ։ݤͷॺ໊ ূ໌ॻɾͨͩ͠ɺॺ໊͕ຊ͔ݕূ͢Δɹʹ̘̖ͷެ։ݤ͕ඞཁ.BMJTTB ߈ܸऀ&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&."(PKI)CA (Certificate Authority)CA CACA ( ) ← CA2022 3-4 — 2022-06-13 – p.26/57
Web of Trust"MJDF͔Βݟͨɺਓͷ৴༻ "MJDF͔Βݟͨɺݤͷਅਖ਼ੑશʹ৴༻͍ͯ͠Δ ਅਖ਼Ͱ͋Δڀۃతʹਅਖ਼ ਅਖ਼ͬΆ͍͔͋Δఔͷ৴༻Θ͔Βͳ͍ Θ͔Βͳ͍ڀۃతʹ৴༻Ͱ͖Δ"ˠ#ͷҙຯʮ"͕#ͷެ։ݤʹॺ໊ʯଞਓͷެ։ݤʹॺ໊͢ΔࡍɺϑΟϯΨʔϓϦϯτ μΠδΣετΛνΣοΫ͢ΔΑ͏ͳਓ͔ͳ"MJDFݤͷॴ༗ऀͷ৴༻ΛධՁ͢Δݤͷਅਖ਼ੑܭࢉͰٻΊΒΕΔ(PKI) (PGP )2022 3-4 — 2022-06-13 – p.27/57
10 ATM 1ATM 1:http://www.slideshare.net/yamaz2/ss-58813038( )⇒ATM2022 3-4 — 2022-06-13 – p.28/57
(safety)( ), ( ), etc.(liveness)( ), etc.( )( = )2022 3-4 — 2022-06-13 – p.29/57
CAP (. . .)Consistency ( )Availability ( )Partition tolerance ( )⇒ 3Eventual consistency ( ). . .2022 3-4 — 2022-06-13 – p.30/57
Consistency ( )Strong consistency ( )(safety)Eventual consistency ( )(liveness)↑Weak consistency ( )2022 3-4 — 2022-06-13 – p.31/57
(1) : NFT2022 3-4 — 2022-06-13 – p.32/57
( )= =:. . . ( : )( ) . . .. . .. . .2022 3-4 — 2022-06-13 – p.33/57
↑( )PDF2022 3-4 — 2022-06-13 – p.34/57
⇒( ) . . .. . .2022 3-4 — 2022-06-13 – p.35/57
NFT ( )NFT : Non-Fungible Token( )(1 ) → fungible token(1 ) → NFT2022 3-4 — 2022-06-13 – p.36/57
ERC-721ERC (Ethereum Request for Comments) 721 (721 )https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.mdinterface ERC721 {function balanceOf(address _owner) external view returns (uint256);function ownerOf(uint256 _tokenId) external view returns (address);function safeTransferFrom(address _from, address _to, uint256 _tokenId,. . .) external payable;:}interface ERC721TokenReceiver {function onERC721Received(.. ., uint256 _tokenId,. . .) external returns(bytes4);}interface ERC721Metadata {function name() external view returns (string _name);function symbol() external view returns (string _symbol);function tokenURI(uint256 _tokenId) external view returns (string);}tokenURI URL ( ) ( )2022 3-4 — 2022-06-13 – p.37/57
NFT ( )τʔΫϯ *%൪߸63*ΞυϨε63*/'5ҰҙҰҙʁ ҰҙʁҰҙʁҰҙࣄ্࣮ҰҙϝλσʔλίϯτϥΫτͱ͍͏ఆٛҬ ˞ͦͷίϯτϥΫτͱ͍͏ఆٛҬͷதͰɹ࣮ઢҹͰࣔͨ͠ҰҙੑΛอূ͢Δʹա͗ͳ͍˞ഁઢҹͰࣔͨ͠Ұҙੑɺ࣮ɾӡ༻ͷ࣍ୈͰอূͰ͖Δ˞ྫ͑ɺ63* 63-͕ͦΕ͕ࢦ͢Ϧιʔεͷɹ҉߸ֶతμΠδΣετΛؚΉରσʔλը૾ͱ͔ॴ༗ऀϝλσʔλ 63* ରσʔλ 63*ൿີ伴ҰҙҰҙʁ2022 3-4 — 2022-06-13 – p.38/57
NFTNFT URLMarlinspike, M.: My first impressions of web3 (2022)Web3. . .URL↑ NFT → → NFTNFT ↔Lazy Minting NFT( )2022 3-4 — 2022-06-13 – p.39/57
NFT< , ID>ERC-721 ←OKNFT . . .ID→ID NFTNFTURL . . . URL . . .→NFT2022 3-4 — 2022-06-13 – p.40/57
NFTNFT . . .NFT ( )↑ID . . .2022 3-4 — 2022-06-13 – p.41/57
NFT :ERC-721 NFTNFT (ID)NFT → URINFT( NFT )(ID)(URI) → NFT ( )URI → ( )→ ( )NFTNFT NFT2022 3-4 — 2022-06-13 – p.42/57
NFTNFT⇒2022 3-4 — 2022-06-13 – p.43/57
(2) :https://www.cloudsign.jphttps://www.gmosign.com2022 3-4 — 2022-06-13 – p.44/57
NPONICT CYDERhttps://cyder.nict.go.jp(3) :2022 3-4 — 2022-06-13 – p.45/57
Πϯγσϯτͷ༧ஹͳͲॳಈରԠ෮چાஔ ఆରԠ ࠶ൃࢭࡦ ߃ٱରԠ ݕ౼ࣄޙରԠτϦΞʔδใࠂɾެදΠϯγσϯτϋϯυϦϯάΠϯγσϯτϨεϙϯεސ٬ɾެڞݕɾडରԠํݕ౼1PJOUPG$POUBDUূڌอશ෧͡ࠐΊࠜઈ, , DoS , , etc.2022 3-4 — 2022-06-13 – p.46/57
Point of Contact (PoC)12022 3-4 — 2022-06-13 – p.47/57
2022 3-4 — 2022-06-13 – p.48/57
HDD( )2022 3-4 — 2022-06-13 – p.49/57
2022 3-4 — 2022-06-13 – p.50/57
( )2022 3-4 — 2022-06-13 – p.51/57
( )JPCERT/CC, NISC,( )( )2022 3-4 — 2022-06-13 – p.52/57
(1 )2022 3-4 — 2022-06-13 – p.53/57
(3) :70 1,000Twitter31.2.3.32022 3-4 — 2022-06-13 – p.54/57
2022 3-4 — 2022-06-13 – p.55/57
2. OK(1)(2)2020 6 16 ( ) 23:59 JSTWaseda Moodle (Q & A )2022 3-4 — 2022-06-13 – p.56/57
Zoom Discord #2022 3-4 — 2022-06-13 – p.57/57