$30 off During Our Annual Pro Sale. View Details »

セキュリティの基礎とインシデントレスポンス / Security Fundamentals and Incident Response

Kenji Saito
PRO
June 13, 2022
Technology
0
160

セキュリティの基礎とインシデントレスポンス / Security Fundamentals and Incident Response

2022年6月13日(月)、早稲田大学 大学院経営管理研究科「サイバーセキュリティ」にて使用するスライドです。

Kenji Saito
PRO

June 13, 2022
Tweet

More Decks by Kenji Saito

See All by Kenji Saito
組織とデータ分析/統計的仮説検定 / Organization and Data Analysis, and Statistical Hypothesis Testing
ks91
PRO
0
13
FinTech Lecture 8 : Blockchain
ks91
PRO
0
6
講師自己紹介 / Lecturer Self-Introduction
ks91
PRO
0
14
R をインストールする / Install R
ks91
PRO
0
15
データフレームと代表値 / Data Frame and Representative Values
ks91
PRO
0
13
ヒストグラムと箱ひげ図 / Histograms and Box-and-Whisker Plots
ks91
PRO
0
14
デザイン相談会 / Design Consultation
ks91
PRO
0
7
FinTech Lecture 7 : Basics of Cryptography and Blockchain
ks91
PRO
0
24
ウェブサービスデザイン 2 / Web Service Design 2
ks91
PRO
0
27

Other Decks in Technology

See All in Technology
生成AIでシステム開発はどう変わるか
etaroid
0
140
ChatGPT for Developer - 超入門
dahatake
39
20k
幸運を科学する ~アジャイルチームの成功を再現する方法~
okamototakuyasr2
0
190
データ活用推進のためのデータ基盤チームの取り組み / Data Infrastructure Team Initiatives to Promote Data Utilization
sansan_randd
2
350
実装がすべてではない、開発者の周りから考える Web プロダクトセキュリティ
oldbigbuddha
0
190
属人化からデータマネジメントをチームで実行するまでの道のり
shomaekawa
2
250
なぜコピペで使うコンポーネント集を利用するのか?
mottox2
6
4.5k
Self-RAG: Learning to Retrieve, Generate and Critique through Self-Reflections
peisuke
8
830
なぜ
リアーキテクティング専任チームを作ったのか
kei_s
PRO
2
970
【Python東海#44】Pydroid3で画像処理
kazuhitotakahashi
0
170
GraphQLクライアントの技術選定 2023冬
kazukihayase
6
2.5k
LINE WORKS 最新メジャーアップデート(v3.8)勉強会
lwug
0
100

Featured

See All Featured
Design by the Numbers
sachag
272
18k
Making the Leap to Tech Lead
cromwellryan
120
8.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
2.7k
Code Review Best Practice
trishagee
53
14k
The Pragmatic Product Professional
lauravandoore
23
5.3k
Being A Developer After 40
akosma
52
580k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
57k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.3k
How GitHub (no longer) Works
holman
299
140k
Done Done
chrislema
178
15k
How STYLIGHT went responsive
nonsquared
89
4.5k
Navigating Team Friction
lara
177
13k

Transcript

  1. 2022
    3-4
    (WBS)
    2022 3-4 — 2022-06-13 – p.1/57

    View Slide

  2. https://speakerdeck.com/ks91
    WBS
    2022 3-4 — 2022-06-13 – p.2/57

    View Slide

  3. 1 6 6 •
    2 6 6 •
    3 6 13 •
    4 6 13 •
    5 6 20 I ( )
    6 6 20 I ( )
    7 6 27 ( )
    8 6 27 ( )
    9 7 4
    10 7 4
    11 7 11
    12 7 11
    13 7 18 II ( )
    14 7 18 II ( )
    15 7 25
    2022 3-4 — 2022-06-13 – p.3/57

    View Slide

  4. +
    +
    2022 3-4 — 2022-06-13 – p.4/57

    View Slide

  5. 2022 3-4 — 2022-06-13 – p.5/57

    View Slide

  6. 1.
    (1)
    (2)
    2022 6 9 ( ) 23:59 JST
    Waseda Moodle (Q & A )
    2022 3-4 — 2022-06-13 – p.6/57

    View Slide

  7. . . . . . .
    11 ( ) 7 ( ) ( )
    2022 3-4 — 2022-06-13 – p.7/57

    View Slide

  8. Y T

    2022 3-4 — 2022-06-13 – p.8/57

    View Slide

  9. O
    back plan

    2022 3-4 — 2022-06-13 – p.9/57

    View Slide

  10. (1) : NFT
    (2) :
    2022 3-4 — 2022-06-13 – p.10/57

    View Slide

  11. NPO
    https://www.nisc.go.jp/security-site/blue_handbook/index.html
    1
    6
    2022 3-4 — 2022-06-13 – p.11/57

    View Slide

  12. 2022 3-4 — 2022-06-13 – p.12/57

    View Slide

  13. ( )
    (1) :
    ( )
    (2) : ( )( )
    ( ) ( )
    ( ↓ )

    ( : “Correct Horse Battery Staple”)
    ( )
    2022 3-4 — 2022-06-13 – p.13/57

    View Slide

  14. 3 2 ( ) (2 )
    . . .
    . . .
    . . .
    (1) :
    (2) :
    (3) :
    (4) : IC
    ( )
    (2 )
    . . .
    2022 3-4 — 2022-06-13 – p.14/57

    View Slide

  15. ( )
    CAP
    2022 3-4 — 2022-06-13 – p.15/57

    View Slide

  16. (1)
    ( )
    (
    ) ( 16
    )
    SHA (Secure Hash Algorithm)
    ( ) 1bit
    2022 3-4 — 2022-06-13 – p.16/57

    View Slide

  17. (2)
    . . .
    H m
    H(m) = H(m′) m′ (m′ = m)
    H(m) m m′
    H(m) = H(m′) ( m′ = m)
    2022 3-4 — 2022-06-13 – p.17/57

    View Slide

  18. SHA-1
    https://shattered.io
    2017 2 Google
    (CWI)
    (shattered )
    SHA-1
    2022 3-4 — 2022-06-13 – p.18/57

    View Slide

  19. ( )
    (TCP, UDP)
    SSL (Secure Sockets Layer) → TLS (Transport Layer Security)
    HTTPS
    IP (Internet Protocol)
    IPsec
    DNS
    DNSSEC
    (S/MIME) (PGP )
    2022 3-4 — 2022-06-13 – p.19/57

    View Slide

  20. =
    . . .
    (AES : Advanced Encryption Standard)
    (
    . . .
    )
    2022 3-4 — 2022-06-13 – p.20/57

    View Slide

  21. 2022 3-4 — 2022-06-13 – p.21/57

    View Slide

  22. (RSA )
    Πϯλʔωοτ
    ɾ
    ෮߸จͱݟͳͯ͠
    ɹެ։ݤͰ҉߸Խ
    ɾ
    ॺ໊෇͖ฏจΛૹ৴
    ɾ
    ҉߸จͱݟͳͯ͠
    ɹൿີݤͰ෮߸
    ड৴ऀ
    ެ։ݤ
    ൿີݤ
    ൃ৴ऀ
    ฏจ
    ฏจ
    ൿີݤ
    ެ։ݤ
    ݤ
    ॺ໊ ॺ໊
    ɾ
    ͋Β͔͡Ίެ։ݤΛ഑෇͓ͯ͘͠
    ݤϖΞ
    μΠδΣετ
    μΠδΣετ
    ɾ
    ෮߸ˠ҉߸Խॲཧͨ͠μΠδΣετ͸
    ɹݩʹ໭Δ͸͕ͣͩɺ
    ͦΕ͕ฏจ͔Β
    ɹܭࢉͨ͠μΠδΣετͱҰக͢Δ͔
    ( )
    RSA ( Rivest, Shamir, Adleman ; )
    Bitcoin ECDSA ( DSA : Digital Signature Algorithm)
    2022 3-4 — 2022-06-13 – p.22/57

    View Slide

  23. : < , >
    :
    : < , , >
    : OK NG
    2022 3-4 — 2022-06-13 – p.23/57

    View Slide

  24. ( )
    RSA ( )
    2022 3-4 — 2022-06-13 – p.24/57

    View Slide

  25. RSA ( )
    . . .
    Fermat Attack on RSA (RSA ) (2022 3 14 )
    https://fermatattack.secvuln.info
    ( )
    ( )
    /
    1643 2
    RSA 2
    OK ( )
    https://qiita.com/tnakagawa/items/d87fd8459ec9e1ce6844
    RSA
    2022 3-4 — 2022-06-13 – p.25/57

    View Slide

  26. ( )
    PKI ( )
    ɾ
    ΠϯλʔωοτΛ௨ͯ͠ಘͨެ։ݤʹ͸
    ɹຊ෺ͩͱ͍͏อূ͕ͳ͍
    ɾ
    ূ໌ॻͷॺ໊ʹ࢖ΘΕ͍ͯΔެ։ݤ΋ຊ෺͔෼͔Βͳ͍
    "MJDF #PC
    $BSPMF ূ໌ऀ

    ެ։ݤ
    ݤϖΞ
    ൿີݤ
    ൿີݤ
    ൿີݤ
    ެ։ݤ
    ެ։ݤ
    ݤϖΞ
    ൿີݤ
    ൿີݤ
    ൿີݤ
    ެ։ݤ
    ެ։ݤ
    ݤϖΞ
    ൿີݤ
    ൿີݤ
    ൿີݤ
    ެ։ݤ
    # C
    C
    C
    C
    C
    C
    C
    C
    C
    " #
    ୭ͷʁ
    $"
    Πϯλʔωοτ
    ॺ໊

    ॺ໊


    ɾ
    ̖ͷެ։ݤ΁ͷॺ໊ ূ໌ॻ

    ɾ
    ͨͩ͠ɺ
    ॺ໊͕ຊ෺͔ݕূ͢Δ
    ɹʹ͸̘̖ͷެ։ݤ͕ඞཁ
    .BMJTTB ߈ܸऀ

    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    &
    .
    "
    (PKI)
    CA (Certificate Authority)
    CA CA
    CA ( ) ← CA
    2022 3-4 — 2022-06-13 – p.26/57

    View Slide

  27. Web of Trust
    "MJDF͔Βݟͨɺ
    ਓͷ৴༻ "MJDF͔Βݟͨɺ
    ݤͷਅਖ਼ੑ
    ׬શʹ৴༻͍ͯ͠Δ ਅਖ਼Ͱ͋Δ
    ڀۃతʹਅਖ਼ ਅਖ਼ͬΆ͍͔΋
    ͋Δఔ౓ͷ৴༻
    Θ͔Βͳ͍ Θ͔Βͳ͍
    ڀۃతʹ৴༻Ͱ͖Δ
    "ˠ#ͷҙຯ͸

    ʮ"͕#ͷެ։ݤʹॺ໊ʯ
    ଞਓͷެ։ݤʹॺ໊͢Δࡍɺ
    ϑΟϯΨʔϓϦϯτ μΠδΣετ

    ΛνΣοΫ͢ΔΑ͏ͳਓ͔ͳ
    "MJDF͸ݤͷॴ༗ऀͷ
    ৴༻ΛධՁ͢Δ
    ݤͷਅਖ਼ੑ͸ܭࢉͰ
    ٻΊΒΕΔ
    (PKI) (PGP )
    2022 3-4 — 2022-06-13 – p.27/57

    View Slide

  28. 10 ATM 1
    ATM 1
    :
    http://www.slideshare.net/yamaz2/ss-58813038
    ( )

    ATM
    2022 3-4 — 2022-06-13 – p.28/57

    View Slide

  29. (safety)
    ( ), ( ), etc.
    (liveness)
    ( ), etc.
    ( )
    ( = )
    2022 3-4 — 2022-06-13 – p.29/57

    View Slide

  30. CAP (
    . . .
    )
    Consistency ( )
    Availability ( )
    Partition tolerance ( )
    ⇒ 3
    Eventual consistency ( )
    . . .
    2022 3-4 — 2022-06-13 – p.30/57

    View Slide

  31. Consistency ( )
    Strong consistency ( )
    (safety)
    Eventual consistency ( )
    (liveness)

    Weak consistency ( )
    2022 3-4 — 2022-06-13 – p.31/57

    View Slide

  32. (1) : NFT
    2022 3-4 — 2022-06-13 – p.32/57

    View Slide

  33. ( )
    = =
    :
    . . . ( : )
    ( ) . . .
    . . .
    . . .
    2022 3-4 — 2022-06-13 – p.33/57

    View Slide


  34. ( )
    PDF
    2022 3-4 — 2022-06-13 – p.34/57

    View Slide


  35. ( ) . . .
    . . .
    2022 3-4 — 2022-06-13 – p.35/57

    View Slide

  36. NFT ( )
    NFT : Non-Fungible Token
    ( )
    (1 ) → fungible token
    (1 ) → NFT
    2022 3-4 — 2022-06-13 – p.36/57

    View Slide

  37. ERC-721
    ERC (Ethereum Request for Comments) 721 (721 )
    https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md
    interface ERC721 {
    function balanceOf(address _owner) external view returns (uint256);
    function ownerOf(uint256 _tokenId) external view returns (address);
    function safeTransferFrom(address _from, address _to, uint256 _tokenId,
    . . .
    ) external payable;
    :
    }
    interface ERC721TokenReceiver {
    function onERC721Received(
    .. .
    , uint256 _tokenId,
    . . .
    ) external returns(bytes4);
    }
    interface ERC721Metadata {
    function name() external view returns (string _name);
    function symbol() external view returns (string _symbol);
    function tokenURI(uint256 _tokenId) external view returns (string);
    }
    tokenURI URL ( ) ( )
    2022 3-4 — 2022-06-13 – p.37/57

    View Slide

  38. NFT ( )
    τʔΫϯ *%
    ൪߸
    63*
    ΞυϨε
    63*
    /'5
    Ұҙ
    Ұҙʁ Ұҙʁ
    Ұҙʁ
    Ұҙ
    ࣄ্࣮Ұҙ
    ϝλσʔλ
    ίϯτϥΫτͱ͍͏ఆٛҬ ˞ͦͷίϯτϥΫτͱ͍͏ఆٛҬͷதͰ
    ɹ࣮ઢ໼ҹͰࣔͨ͠ҰҙੑΛอূ͢Δʹա͗ͳ͍
    ˞ഁઢ໼ҹͰࣔͨ͠Ұҙੑ͸ɺ࣮૷ɾӡ༻ͷ޻෉࣍ୈͰอূͰ͖Δ
    ˞ྫ͑͹ɺ63* 63-
    ͕ͦΕ͕ࢦ͢Ϧιʔεͷ
    ɹ҉߸ֶతμΠδΣετΛؚΉ౳
    ର৅σʔλ
    ը૾ͱ͔
    ॴ༗ऀ
    ϝλσʔλ 63* ର৅σʔλ 63*
    ൿີ伴
    Ұҙ
    Ұҙʁ
    2022 3-4 — 2022-06-13 – p.38/57

    View Slide

  39. NFT
    NFT URL
    Marlinspike, M.: My first impressions of web3 (2022)
    Web3
    . . .
    URL
    ↑ NFT → → NFT
    NFT ↔
    Lazy Minting NFT
    ( )
    2022 3-4 — 2022-06-13 – p.39/57

    View Slide

  40. NFT
    < , ID>
    ERC-721 ←
    OK
    NFT . . .
    ID

    ID NFT
    NFT
    URL . . . URL . . .
    →NFT
    2022 3-4 — 2022-06-13 – p.40/57

    View Slide

  41. NFT
    NFT . . .
    NFT ( )

    ID . . .
    2022 3-4 — 2022-06-13 – p.41/57

    View Slide

  42. NFT :
    ERC-721 NFT
    NFT (ID)
    NFT → URI
    NFT
    ( NFT )
    (ID)
    (URI) → NFT ( )
    URI → ( )
    → ( )
    NFT
    NFT NFT
    2022 3-4 — 2022-06-13 – p.42/57

    View Slide

  43. NFT
    NFT

    2022 3-4 — 2022-06-13 – p.43/57

    View Slide

  44. (2) :
    https://www.cloudsign.jp
    https://www.gmosign.com
    2022 3-4 — 2022-06-13 – p.44/57

    View Slide

  45. NPO
    NICT CYDER
    https://cyder.nict.go.jp
    (3) :
    2022 3-4 — 2022-06-13 – p.45/57

    View Slide

  46. Πϯγσϯτͷ༧ஹͳͲ
    ॳಈରԠ
    ෮چાஔ ࢑ఆରԠ

    ࠶ൃ๷ࢭࡦ ߃ٱରԠ
    ݕ౼
    ࣄޙରԠ
    τϦΞʔδ


    ɾ
    ެ

    Π
    ϯ
    γ
    σ
    ϯ
    τ
    ϋ
    ϯ
    υ
    Ϧ
    ϯ
    ά
    Π
    ϯ
    γ
    σ
    ϯ
    τ
    Ϩ
    ε
    ϙ
    ϯ
    ε
    ސ
    ٬
    ɾ
    ެ
    ڞ
    ݕ஌ɾड෇
    ରԠํ਑ݕ౼
    1PJOUPG$POUBDU
    ূڌอશ
    ෧͡ࠐΊ
    ࠜઈ
    , , DoS , , etc.
    2022 3-4 — 2022-06-13 – p.46/57

    View Slide

  47. Point of Contact (PoC)
    1
    2022 3-4 — 2022-06-13 – p.47/57

    View Slide

  48. 2022 3-4 — 2022-06-13 – p.48/57

    View Slide

  49. HDD
    ( )
    2022 3-4 — 2022-06-13 – p.49/57

    View Slide

  50. 2022 3-4 — 2022-06-13 – p.50/57

    View Slide

  51. ( )
    2022 3-4 — 2022-06-13 – p.51/57

    View Slide

  52. ( )
    JPCERT/CC, NISC,
    ( )
    ( )
    2022 3-4 — 2022-06-13 – p.52/57

    View Slide

  53. (1 )
    2022 3-4 — 2022-06-13 – p.53/57

    View Slide

  54. (3) :
    70 1,000
    Twitter
    3
    1.
    2.
    3.
    3
    2022 3-4 — 2022-06-13 – p.54/57

    View Slide

  55. 2022 3-4 — 2022-06-13 – p.55/57

    View Slide

  56. 2. OK
    (1)
    (2)
    2020 6 16 ( ) 23:59 JST
    Waseda Moodle (Q & A )
    2022 3-4 — 2022-06-13 – p.56/57

    View Slide

  57. Zoom Discord #
    2022 3-4 — 2022-06-13 – p.57/57

    View Slide