プロフェッショナルSSL/TLS勉強会 PKIに対する攻撃 (第4章)

E6814d062e4214045659f01deb793859?s=47 Hirotaka Nakajima
June 23, 2017
Technology
0
570

プロフェッショナルSSL/TLS勉強会 PKIに対する攻撃 (第4章)

E6814d062e4214045659f01deb793859?s=128

Hirotaka Nakajima

June 23, 2017
Tweet

More Decks by Hirotaka Nakajima

See All by Hirotaka Nakajima
E6814d062e4214045659f01deb793859?s=48 nunnun
0
180
E6814d062e4214045659f01deb793859?s=48 nunnun
0
57
E6814d062e4214045659f01deb793859?s=48 nunnun
0
850
E6814d062e4214045659f01deb793859?s=48 nunnun
1
210
E6814d062e4214045659f01deb793859?s=48 nunnun
2
58
E6814d062e4214045659f01deb793859?s=48 nunnun
36
11k
E6814d062e4214045659f01deb793859?s=48 nunnun
0
110
E6814d062e4214045659f01deb793859?s=48 nunnun
0
100
E6814d062e4214045659f01deb793859?s=48 nunnun
0
93

Other Decks in Technology

See All in Technology
8a84268593355816432ceaf78777d585?s=48 dena_tech
0
230
Ae03eb47606f4e0125268d39f8aebfad?s=48 ymmt2005
3
1.7k
Bf466502958a3e05d643e910ff5ec6a2?s=48 skmatz
0
180
Ff98f59b09d38b46d177e9a12b77dad4?s=48 yksn
0
160
B49933741d74e122bc1314b2975e9fc9?s=48 mrtc0
1
6.3k
88dae28e3d082236f37db2f5c2db339d?s=48 keropiyo
0
110
74948d1118cd84528f7861a3069dd8d9?s=48 qryuu
8
2.3k
Cad863e7fd94ece3248e0af21882259c?s=48 kennygt51
0
110
E2640ce3612d9e7848dc957b519d8ca0?s=48 polar3130
2
230
53850955f15249a1a9dc49df6113e400?s=48 line_developers
1
740
C3c921c8ae5f684bf046937bd162f322?s=48 kawagoi
4
990
Ea29e2b19d11b48f867ae71d6a6de5df?s=48 opelab
18
6.5k

Featured

See All Featured
11c84dff30266b907714802088852677?s=48 jasonvnalue
80
7.9k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
104
10k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
144
6.5k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
494
110k
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
251
19k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
274
31k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
682
180k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
52
2.7k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
142
19k
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
236
9.7k
3d6ace9554821d552146413bcdf874f6?s=48 trishagee
13
700
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
769
190k

Transcript

  1. PKIʹର͢Δ߈ܸ (ୈ4ষ) ϓϩϑΣογϣφϧSSL/TLSษڧձ 2017/6/23 Hirotaka Nakajima (@nunnun)

  2. ͳ͔͡· ͻΖ͔ͨ @nunnun ܚጯٛक़ ΠϯϑΥϝʔγϣϯςΫϊϩδʔηϯλʔຊ෦ ܚጯٛक़େֶେֶӃ੓ࡦɾϝσΟΞݚڀՊത࢜՝ఔ ISOC Japan Chapter https://about.me/nunnun

    ࣗݾ঺հ 

  3. PKIͷӡ༻ํ๏ʹ͸͕ܽؕଘࡏ ੑળઆʹج͍͍ͮͯΔ ϧʔτCAΛ৵֐͢Ε͹ɺͲΜͳWebα Πτͷূ໌ॻ΋ൃߦՄೳͱͳͬͯ͠·͏ ͜ͷষͰ͸աڈͷ߈ܸʹ͍ͭͯղઆ #4 PKIʹର͢Δ߈ܸ 

  4. 2001೥1݄ʹൃੜ ߈ܸऀ͸Verisign͔Β Microsoft Corporationͱ͍͏ ໊લͷίʔυॺ໊ূ໌ॻΛൃߦ͢ Δ͜ͱʹ੒ޭ #4-1 VerisignͷMSίʔυূ໌ॻ 

  5. Verisign͸ূ໌ॻΛࣦޮ ূ໌ॻʹ͸CRL഑෍ϙΠϯτ͕ະࢦఆ OS͕ূ໌ॻͷࣦޮΛݕূͰ͖ͳ͍ ໰୊ͷূ໌ॻΛϒϥοΫϦετʹೖΕΔ OSύονΛϦϦʔε͢Δ͜ͱͰରԠ #4-1 VerisignͷMSίʔυূ໌ॻ 

  6. 2008೥, Mike Zusman͕Thawteͷূ໌ॻݕূॲཧͷෆඋΛൃ ݟ Thawte͸υϝΠϯݕূʹϝʔϧΞυϨεΛ࢖༻͍ͯͨ͠ live.com ΞυϨε͸୭Ͱ΋औಘՄೳ υϝΠϯݕূʹ࢖༻ՄೳͳϝʔϧΞυϨε͕ଟذʹΘ͍ͨͬͯͨ sslcertificates@live.com ͸औಘՄೳͰ͋ͬͨ

    2008೥8݄ʹެ։ɺCAͷ໊લ͸ͦͷ೥ͷ฻ʹެ։
 ಉ༷ͷ߈ܸ͕2015೥ʹlive.fiͰߦΘΕͯ͠·ͬͨ #4-2 Thawte, login.live.com 

  7. 2008೥12݄, Mike Zusman͕ StartComͷυϝΠϯ໊ݕূͷܽؕΛൃݟ ͋ΒΏΔυϝΠϯ໊ͷঝೝ͕ՄೳͰ͋ͬͨ ϒϥοΫϦετʹొ࿥͞ΕͨυϝΠϯΛ࢖ ༻͍ͯͨͨ͠Ίɺ߈ܸ͸͙͢ʹൃݟ͞Εͨ #4-3 StartCom 

  8. #4-3ͷ߈ܸͷޙɺStartComͷEddy Nigg͕ଞ ࣾͰಉ༷ͷ໰୊Λൃݟ ComodoͷύʔτφʔCertStar͕υϝΠϯ໊Λ ·ͬͨ͘ݕূͤͣʹূ໌ॻൃߦΛ͍ͯ͠Δ͜ͱΛ ൃݟ Comodo͸Eddy͕ൃ஫ͨ͠ূ໌ॻΛؚΊ11௨ ͷূ໌ॻΛࣦޮͤͨ͞ #4-4 CertStart(Comodo)ͷMozillaূ໌ॻ

    

  9. 2008೥ʹMD5ͷબ୒ϓϨϑΟοΫεি ಥ߈ܸʹΑΓِ଄CAূ໌ॻΛRapidSSL ͔Βऔಘͨ͠ 2004೥ʹMD5͕ഁΒΕ͔ͯΒ޼ົʹ ͳ͍͕ͬͯͨɺ͜ͷ߈ܸ͕࠷ޙͷҰܸͱ ͳͬͨ #4-5 ِ଄RapidSSLূ໌ॻ 

  10. 1991: MD5͕஀ੜ 1991ʙ1996: MD5ͷऑ఺Λࣔ͢ஹީ͕֬ೝ͞Εͨ 2004: ࠷ॳͷিಥͷ࣮ྫ͕ࣔ͞ΕΔɻ߈ܸ͸ݱ࣮తͰ͸ͳ͔ͬͨ 2005: ҟͳΔ2௨ͷূ໌ॻ͕ಉ͡MD5 Hash஋Λ࣋ͭ͜ͱ͕ࣔ͞Εͨɻ͜ͷ࣌ ఺Ͱ͸RSA伴ۭؒ͸ҟͳΔ͕ɺଞͷ৘ใ͸ಉҰͰ͋ͬͨ

    2006: બ୒ϓϨϑΟοΫεিಥ߈ܸʹΑͬͯɺಉ͡MD5 Hash஋Λ࣋ͭɺҟͳ Δূ໌ॻ2௨ͷੜ੒ʹ੒ޭɻ͜ͷ࣌఺ͰMD5͕༗ҙͳ߈ܸʹ੬ऑͱͳΔ 2008: MD5ͷিಥʹΑͬͯѱ࣭ͳِ଄CAূ໌ॻͷऔಘʹ੒ޭͨ͠ 2012: MD5িಥΛ༻͍ͯMicrosoft CAΛِ଄͠ίʔυॺ໊Λճආ͢Δ߈ܸ MD5ͱPKIʹର͢Δ߈ܸͷྺ࢙ 

  11. ಉ͡MD5ͷॺ໊Λ࣋ͭ2ͭจॻΛ࡞Γग़͢͜ͱ σδλϧॺ໊Ͱ͸σʔλͦͷ΋ͷͰ͸ͳ͘ɺϋο γϡ஋ʹରͯ͠ॺ໊Λ࣮ࢪ͢Δ ಉ͡MD5ϋογϡΛ࣋ͭ2ͭͷυΩϡϝϯτΛߏ੒ Ͱ͖Ε͹ɺCAʹਅਖ਼ͳυΩϡϝϯτΛॺ໊ͯ͠΋Β ͏ ِ଄ͨ͠υΩϡϝϯτʹॺ໊Λࠩ͠ࠐΉ͜ͱͰ੒ޭ #4-5-1 σδλϧॺ໊ʹର͢Δ߈ܸ໨ඪ 

  12. ௨ৗCAʹূ໌ॻΛૹ෇ͯ͠΋ॺ໊ͯ͠΋Β͑ ͳ͍ ূ໌ॻ͸CSRΛ༻͍ͯCA͕ੜ੒͢Δ CSRʹ͸ެ։伴΍υϝΠϯؚ໊͕·ΕΔ લड़ͷυΩϡϝϯτʹର͢Δ߈ܸΑΓ೉қ౓ ͸্͕Δ͕ෆՄೳͰ͸ͳ͍ #4-5-1 ূ໌ॻʹର͢Δ߈ܸ 

  13. িಥϒϩοΫ(collision block) ϋογϡؔ਺Λٗ͘2ͭͷσʔλ 2ͭͷσʔλ͕ಉ͡ϋογϡ஋ΛऔΔ িಥϒϩοΫ͕ɺਅਖ਼ͳจॻͱِ଄จ ॻͷࠩҟΛϋογϡؔ਺తʹଧͪফ͢ #4-5-1 িಥϒϩοΫ 

  14. ৚݅ ਅਖ਼ͳจॻͷઌ಄෦෼Λ஌͍ͬͯΔ͜ͱ(બ୒ϓ ϨϑΟοΫε) ਅਖ਼ͳจॻதʹিಥϒϩοΫΛ഑ஔͰ͖Δ͜ͱ িಥϒϩοΫΛจॻ຤ඌʹ഑ஔ͢Δ͜ͱ͸࣮࣭త ʹ͸Ͱ͖ͳ͍ͨΊɺϑΝΠϧ຤ඌ͸ਅਖ਼ͳจॻɾ ِ଄จॻͦΕͧΕಉҰʹ͢Δ #4-5-1 બ୒ϓϨϑΟοΫεিಥ߈ܸ 

  15. ূ໌ॻ͸CSRΛجʹCA͕࡞੒͢Δ ূ໌ॻͷߏ଄͸X.509v3࢓༷Ͱఆ·Δ ߈ܸऀ͸ߏ଄Λ༧ଌՄೳ ࠷ऴతͳূ໌ॻ͸CSR͔Βίϐʔ͞ΕΔ෦෼͕͋Δɻ(e.g. ެ։伴) ެ։伴͸ϥϯμϜͰͳ͚Ε͹ͳΒͳ͍͕ɺϥϯμϜʹݟ͑Ε͹ܯ ռ͞Εͳ͍ CA͕௥Ճ͢Δ৘ใͷଘࡏ(ূ໌ॻͷࣦޮ࣌ؒ) ߈ܸऀ͸Өڹ͸ٴ΅ͤͳ͍͕ɺਪଌ͸ՄೳͰ͋Δ #4-5-2

    ূ໌ॻͷ੍໿ 

  16. બ୒ϓϨϑΟοΫε ެ։伴ΑΓલʹؚ·ΕΔ͢΂ͯͷϑΟʔϧυ ຆͲͷ৘ใ͸ط஌ ূ໌ॻͷγϦΞϧ൪߸ͱࣦޮ೔࣌͸߈ܸऀʹ͸ະ஌ িಥϒϩοΫ ެ։伴 αϑΟοΫε X.509ͷ֦ு͔Βߏ੒͞ΕΔͨΊɺࣄલʹ༧ଌՄೳ #4-5-2 બ୒ϓϨϑΟοΫεিಥ߈ܸ

    

  17. 1. CAͰੜ੒͞ΕΔূ໌ॻͷϓϨϑΟοΫεΛܾఆ ͠ɺCSRͷϑΟʔϧυΛఆΊΔ 2. ෆਖ਼ͳূ໌ॻʹඞཁͳϓϨϑΟοΫεΛߏ੒ 3. ূ໌ॻͷαϑΟοΫεΛܾΊΔ 4. 1ʙ3ͷσʔλΛ༻͍ͯɺিಥϒϩοΫΛߏ੒͢ Δ

    5. CSRΛ૊ΈཱͯCAʹૹ෇͢Δ 6. ِ଄ϓϨϑΟοΫεɺ2ͭ໨ͷিಥϒϩοΫɺ αϑΟοΫεɺຊ෺ͷূ໌ॻ͔ΒऔΓग़ͨ͠ॺ ໊Λ༻͍ͯɺِ଄ূ໌ॻΛ૊ΈཱͯΔ #4-5-2 ߈ܸϓϩηε  90 ୈ4 ষ PKIʹର͢Δ߈ܸ 4 0 64 128 192 256 320 384 448 576 640 704 768 832 896 927 9 14 29 31 44 74 121 153 157 170 245 266 317 366 441 445 460 474 730 735 741 757 788 849 882 913 4 9 12 27 29 42 72 119 151 153 213 216 231 238 370 375 379 396 413 444 477 512 500 όʔδϣϯ“3” όʔδϣϯ “3” γϦΞϧ൪߸ “643015” γϦΞϧ൪߸ “65” ϔομ ॺ໊ΞϧΰϦζϜ“MD5 with RSA” ॺ໊ΞϧΰϦζϜ“MD5 with RSA” ެ։ݤΞϧΰϦζϜ“MD5 with RSA” ϔομ Ϟδϡ ϥ ε ʢ1024Ϗο τʣ ࠃ“US” ࠃ“US” ࠃ“US” “i.broke.the.internet.and .all.i.got.was.this .t-shirt.phreedom.org” “i.broke.the.internet.and .all.i.got.was.this .t-shirt.phreedom.org” ༗ޮੑ“from 3 Nov. 2008 7:52:02 to 4 Nov. 2009 7:52:02” ༗ޮੑ“from 31 Jul. 2004 0:00:00 to 2 Sep. 2004 0:00:00” “Equifax Secure Inc.” “Equifax Secure Inc.” “Equifax Secure Global eBusiness CA-1” “Equifax Secure Global eBusiness CA-1” “See www.rapidssl.com/ resources/cps (c)08” “Domain Control Validated - RapidSSL(R)” ૊৫ ૊৫ ૊৫ ෦໳ ෦໳ ෦໳ Ұൠ໊ Ұൠ໊ Ұൠ໊ Ұൠ໊ “GT11029001” “MD5 Collisions Inc. (http://www.phreedom.org/md5)” BAA659C92C28D62A B0F8ED9F46A4A437 EE0E196859D1B303 9951D6169A5E376B 15E00E4BF58464F8 A3DB416F35D59B15 1FDBC43852708197 5E8FA0B5F77E39F0 32AC1EAD44D2B3FA 48C3CE919BECF49C 7CE15AF5C8376B9A 83DEE7CA20973142 73159168F488AFF9 2828C5E90F73B017 4B134C9975D044E6 7E086C1AF24F1B41 ҉߸Խࢦ਺ “65537” ҉߸Խࢦ਺ “65537” ݤ༻్“…” ݤ༻్“…” ൃߦઌݤࣝผࢠ“…” ൃߦઌݤࣝผࢠ“…” $3-഑෍఺“…” ػؔݤࣝผࢠ“…” ػؔݤࣝผࢠ“…” ݤ֦ு༻్“…” جຊ੍໿“CA=TRUE” جຊ੍໿“CA=FALSE” ϒϩοΫ2 ϒϩοΫ1 ϒϩοΫ3 ϒϩοΫ4 ϒϩοΫ5 ϒϩοΫ6 ϒϩοΫ7 ϒϩοΫ8 ϒϩοΫ9 ϒϩοΫ10 ϒϩοΫ11 ϒϩοΫ12 ϒϩοΫ13 ϒϩοΫ14 ϒϩοΫ15 0692F14F45BED930 36A32B8CD677AE35 637F4E4C9A934836 D99F ެ։ݤΞϧΰϦζϜ“RSA” ϔομ ϔομ ஀ੜ೔Ϗο τ ʢʣ ΄΅িಥ͢ΔͭΊͷϒϩοΫ ΄΅িಥ͢Δ ͭΊͷϒϩοΫ ΄΅িಥ͢Δ ͭΊͷϒϩοΫ ಉҰ ಉҰ ಉҰ ಉҰ ಉҰ Ϟδϡ ϥ ε ʢ2048Ϗο τʣ A721028DD10EA280 7725FD4360158FEC EF9047D484421526 111CCDC23C1029A9 B6DFAB577591DAE5 2BB390451C306356 3F8AD950FAED586C C065AC6657DE1CC6 763BF5000E8E45CE 7F4C90EC2BC6CDB3 B48F62D0FEB7C526 7244EDF6985BAECB D195F5DA08BE6846 B175C8EC1D8F1E7A 94F1AA5378A245AE 54EAD19E74C87667 A721028DD10EA280 7725FD4360158FEC EF9047D484421526 111CCDC23C1029A9 B6DFAB577591DAE5 2BB390451C306356 3F8AD950FAED586C C065AC6657DE1CC6 763BF5000E8E45CE 7F4C90EC2BC6CDB3 B48F62D0FEB7C526 7244EDF6985BAECB D195F5DA08BE6846 B175C8EC1D8F1E7A 94F1AA5378A245AE 54EAD19E74C87667 A3C5450B36BB01D1 53AAC3088F6FF84F 3E87874411DC60E0 DF9255F9B8731B54 93C59FD046C460B6 3562CDB9AF1CA869 1AC95B3C9637C0ED 67EFBBFEC08B9C50 2F29BD83229E8E08 FAAC1370A2587F62 628A11F789F6DFB6 67597316FB63168A B49138CE2EF5B6BE 4CA49449E465110A 4215C9C130E269D5 457DA526BBB961EC 6264F039E1E7BC68 D850519E1D60D3D1 A3A70AF80320A170 011791364F027031 8683DDF70FD8071D 11B31304A5DCF0AE 50B1280E63692A0C 826F8F4733DF6CA2 0692F14F45BED930 36A32B8CD677AE35 637F4E4C9A934836 D99F0203010001A3 81BD3081BA300E06 03551D0F0101FF04 04030204F0301D06 03551D0E04160414 CDA683FAA56037F7 96371729DE4178F1 878955E7303B0603 551D1F0434303230 30A02EA02C862A68 7474703A2F2F6372 6C2E67656F747275 73742E636F6D2F63 726C732F676C6F62 616C6361312E6372 6C301F0603551D23 041830168014BEA8 A07472506B44B7C9 23D8FBA8FFB3576B 686C301D0603551D 250416301406082B 0601050507030106 082B060105050703 02300C0603551D13 0101FF04023000 ॺ໊ΞϧΰϦζϜ“MD5 with RSA” ॺ໊ΞϧΰϦζϜ“MD5 with RSA” ॺ໊ ॺ໊ जᙾ ʢ/FUTDBQF ίϝϯ τʣ B2D3 2581AA28E878B1E5 0AD53C0F36576EA9 5F06410E6BB4CB07 17000000 5BFD6B1C7B9CE8A9 A3C5450B36BB01D1 53AAC3088F6FF84F 3E87874411DC60E0 DF9255F9B8731B54 93C59FD046C460B6 3562CDB9AF1CA86B 1AC95B3C9637C0ED 67EFBBFEC08B9C50 33000000 275E39E089610F4E 2F29BD83229E8E08 FAAC1370A2587F62 628A11F789F6DFB6 67597316FB63168A B49138CE2EF5B6BE 4CA49449E465510A 4215C9C130E269D5 457DA526BBB961EC 6264F039E1E7BC68 D850519E1D60D3D1 A3A70AF80320A170 011791364F027031 8683DDF70FD8071D 11B31304A5DAF0AE 50B1280E63692A0C 826F8F4733DF6CA2 ϔομ ൃ ߦ ऀ ൃ ߦ ऀ ൃ ߦ ઌ ൃ ߦ ઌ ެ ։ ݤ ެ ։ ݤ ֦ ு ֦ ு ग़య: ϓϩϑΣογϣφϧSSL/TLS

  18. CA͕ܾఆ͢Δࣦޮ೔࣌ͱγϦΞϧ൪߸ΛͲ͏༧ଌͨ͠ͷ͔ RapidSSLͰ͸CSRΛૹ৴͔ͯ͠Βূ໌ॻ͕ੜ੒͞ΕΔ·Ͱ ͪΐ͏Ͳ6ඵͩͬͨ ࣦޮ೔࣌Λඵ୯ҐʹਪଌՄೳ RapidSSL͸γʔέϯε൪߸Λཚ਺Λ༻͍ͯੜ੒ͤͣ࿈൪Λ࢖༻ 2ͭͷূ໌ॻΛ࿈ଓͯ͠ૉૣ͘औಘ͢Ε͹2ͭ໨ͷূ໌ॻͷγ ϦΞϧ൪߸Λ༧ଌͰ͖Δ #4-5-3 ϓϨϑΟοΫεͷ༧ଌ 

  19. িಥ͸PlayStation3 200୆ΫϥελΛ༻͍Δͱ໿1೔Ͱੜ੒Մೳ ਖ਼֬ͳ࣌ؒΛબΜͰCSRΛૹ৴͠ɺγϦΞϧ൪߸Λ༧ଌ͢Δඞཁ ೔༵೔ͷ༦ํ(࠷΋CA͕ࠞΈ߹Θͳ͍࣌ؒ)ʹ࣮ߦ ༵ۚ೔ʹγϦΞϧ൪߸Λ1ճऔಘ͠ɺ߈ܸͷγϦΞϧ͸γϦΞϧ൪߸ +1000ͱͳΔΑ͏ʹ໨ࢦͨ͠ ߈ܸ͕͍࣌ؒۙͮͨΒɺ৽͍͠ূ໌ॻΛԿ௨͔ൃߦ͢Δ͜ͱͰͰ͖ Δ͚ͩ1000ʹۙ͘ͳΔΑ͏ʹΧ΢ϯτΛ্͛ͨ ि຤͝ͱʹ3ճ߈ܸΛ࣮ࢪ͠ɺ4ि໨Ͱ੒ޭͨ͠ #4-5-3

    RapidSSL΁ͷ߈ܸ 

  20. 2011೥3݄: ComodoͷRA(Registration Authority)ͷҰ ͕ͭʮηΩϡϦςΟΛ׬શʹ৵֐ʯ͞Εͨ 7ͭͷWebαΠτʹରͯ͠9௨ͷূ໌ॻ͕ൃߦ͞Εͨ ਝ଎ʹൃݟ͞Εͨҝɺ߈ܸऀ͕ར༻Ͱ͖͔ͨෆ໌ Chromeͷιʔείʔυ͔Βެ։೔ͷ਺೔લʹ߈ܸΛ஌ͬͯ ͍ͨਓ͕͍ͨ RAʹର͢Δ߈ܸʹ͍ͭͯͷڴҖϞσϧ͕ߟྀ͞Εͯͳ͔ͬͨ #4-6

    ComodoϦηϥʔʹΑΔηΩϡϦςΟ৵֐ 

  21. 2011೥ՆStartCom͕߈ܸ͞Εͨ ෆਖ਼ͳূ໌ॻͷൃߦͳͲ֎෦͔Β ֬ೝͰ͖Δඃ֐͸ൃੜͤͣ ݪҼ΍ඃ֐ͳͲ͸Θ͔Βͳ͍·· ऩଋ #4-7 StartCom΁ͷ߈ܸ 

  22. DigiNotar͸ΦϥϯμͷCA Φϥϯμిࢠ੓෎ͷPKIΛ୲౰ 2011೥ʹMITM߈ܸͰෆਖ਼ͳূ໌ॻΛར༻͞ Εͨ ϧʔτCA͸͢΂ࣦͯޮ͞Εɺ2011೥9݄ʹࣗ ݾഁ࢈ #4-8 DigiNotar 

  23. 2011೥8݄27೔ʹΠϥϯͷGmailϢʔβ͕அଓతͳ໰୊Λใࠂ ຖ೔30ʙ60෼μ΢ϯ͍ͯͨ͠ Chrome͸ެ։伴ϐϯχϯάΛ౥ࡌ͓ͯ͠ΓɺͦͷػೳͰ߈ ܸΛݕ஌͍ͯͨ͠ ͦͷޙͷ਺೔ͰΠϥϯͷશIPΞυϨεʹ૬౰͢Δ30ສΞυϨε ͕ӨڹΛड͚͍ͯͨ͜ͱ͕൑໌ MITMͰ༻͍ΒΕͨূ໌ॻ͸͢΂ͯDigiNotarʹΑΓൃߦ #4-8-1 ൃݟͷܦҢ 

  24. ࠷ॏཁͳαʔόʹѱҙͷ͋Διϑτ΢ΣΞ͕࢓ࠐ·Ε͍ͯͨ ௐࠪͨ͠αʔόʹ͸Anti-Virus͕ࢪ͞Εͣ ॏཁͳߏ੒ཁૉͷִ཭͸ػೳͤͣ CAαʔό͸؅ཧ༻LAN͔ΒωοτϫʔΫܦ༝ͰΞΫηεՄೳͩͬͨ શCAαʔό͸୯ҰWindowsυϝΠϯʹଐ͍ͯͨ͠ Ϣʔβ໊ͱύεϫʔυΛҰ૊৵֐Ͱ͖Ε͹ɺΞΫηεՄೳͩͬͨ ެ։Webαʔό͸چࣜͰύον͕౰ͯΒΕ͍ͯͳ͍ιϑτ΢ΣΞ͕ଘࡏ IPS͸ಋೖ͞Ε͍͕ͯͨɺWebαʔό΁ͷ߈ܸΛϒϩοΫͰ͖ͳ͔ͬͨ ҆શʹϩάΛूத؅ཧ͢Δ࢓૊Έ͸ͳ͔ͬͨ #4-8-2

    CAͷ৴༻ࣦ௢ 

  25. 6݄17೔: Webαʔόͷίϯςϯπ؅ཧ෦෼͕ഁΒΕͨ 7݄1೔: ϧʔτCAαʔόͷωοτϫʔΫηάϝϯτʹ৵ೖ ϧʔτCA͸Πϯλʔωοτʹ઀ଓ͞Ε͍ͯͳ͔͕ͬͨɺॏཁͰ ͳ͍γεςϜΛܦ༝ͯ͠৵ೖ͞Εͨ 7݄10೔: 128௨ͷෆਖ਼ͳূ໌ॻΛखʹೖΕΔϓϩάϥϜΛ࣮ߦɻ Ҏ߱53૊৫ʹͳΓ͢·͠531௨ͷূ໌ॻΛऔಘ 7݄19೔:

    DigiNotar͸৵ೖΛݕ஌ɻγεςϜΛΫϦʔϯΞοϓ͠ ͕ͨɺ୭ʹ΋৘ใΛ఻͑ͳ͔ͬͨ #4-8-2 CAͷ৴༻ࣦ௢ 

  26. #4-8-2 ൃߦ͞Εͨূ໌ॻ  ࠷ॳʹ CA αʔόຊମ΁ͷΞΫηεʹ੒ޭ͔ͯ͠Β໿ 1 िؒޙͷ͜ͱͰͨ͠ɻ߈ܸऀ͸ͦͷޙ ΋Կճ͔ଞͷόονΛىಈ͠ɺ૯ܭͰ͸গͳ͘ͱ΋ 53

    ૊৫ʹͳΓ͢·͢ 531 ௨ͷূ໌ॻΛख ʹೖΕ·ͨ͠ɻ໰୊͸͋·Γʹେ͖͘ɺෆਖ਼ͳূ໌ॻͷਖ਼֬ͳ਺͸Θ͔͍ͬͯ·ͤΜɻϩά͸ վ᜵͞Ε͓ͯΓɺ͋ͱʹͳͬͯ֎෦ͷ؀ڥͰݟ͔ͭͬͨূ໌ॻͷଟ͘͸ద੾ͳσʔλϕʔεʹ ͸ݟ౰ͨΓ·ͤΜͰͨ͠ɻ ද 4.1 ͔ΒΘ͔ΔΑ͏ʹɺূ໌ॻʹར༻͞Ε໊ͨલͷҰཡʹ͸༗໊Ͳ͜Ζͷ Web αΠτ΍ CAɺ੓෎ػؚ͕ؔ·Ε͍ͯ·͢ɻ ද4.1 DigiNotar ࣾ΁ͷ߈ܸऀʹΑͬͯൃߦ͞Εͨෆਖ਼ͳূ໌ॻͷ͏ͪओͩͬͨ΋ͷʢׅހ಺͸ൃߦ ͞Εͨূ໌ॻͷ਺Λද͢ɻׅހͷͳ͍΋ͷ͸1 ຕͷൃߦʣ *.*.com *.*.org *.10million.org (2) *.android.com *.aol.com *.azadegi.com (2) *.balatarin.com (3) *.comodo.com (3) *.digicert.com (2) *.globalsign.com (7) *.google.com (26) *.JanamFadayeRahbar.com *.logmein.com *.microsoft.com (3) *.mossad.gov.il (2) *.mozilla.org *.RamzShekaneBozorg.com *.SahebeDonyayeDigital.com *.skype.com (22) *.startssl.com *.thawte.com (6) *.torproject.org (14) *.walla.co.il (2) *.windowsupdate.com (3) *.wordpress.com (14) addons.mozilla.org (17) azadegi.com (16) Comodo Root CA (20) CyberTrust Root CA (20) DigiCert Root CA (21) Equifax Root CA (40) friends.walla.co.il (8) GlobalSign Root CA (20) login.live.com (17) login.yahoo.com (19) my.screenname.aol.com secure.logmein.com (17) Thawte Root CA (45) twitter.com (18) VeriSign Root CA (21) wordpress.com (12) www.10million.org (8) www.balatarin.com (16) www.cia.gov (25) www.cybertrust.com www.Equifax.com www.facebook.com (14) www.globalsign.com www.google.com (12) www.hamdami.com www.mossad.gov.il (5) www.sis.gov.uk (10) www.update.microsoft.com (4) ͍͔ͭ͘ͷূ໌ॻ͸ɺ༗໊ͳWebαΠτΛ᱐Δ໨తͰ͸ͳ͘ɺ͞·͟·ͳϝοηʔδΛӡͿ ໨తͰൃߦ͞Εͨ΋ͷͰ͢ɻද 4.2 ʹ·ͱΊͨΑ͏ͳจষ͕ূ໌ॻͷ͋ͪͪ͜Ͱݟ͔͍ͭͬͯ ग़య: ϓϩϑΣογϣφϧSSL/TLS

  27. ෆਖ਼ͳূ໌ॻ͸OCSP৘ใ͕ຒΊࠐ·Ε͍ͯͨ ࢖༻͞Εͨ৔߹ɺOCSPϨεϙϯμͷϩάΛ௥੻͢Ε͹ূ໌ॻͷ ௥੻͕Մೳͩͬͨ 8݄4೔: େن໛ͳ߈ܸͷஹީ͕ݕग़ 8݄29೔: ϧʔτCA͕ࣦޮ ߈ܸ͸όʔετతʹൃੜ͍ͯͨ͠ DNSΩϟογϡϙΠκχϯά͕༻͍ΒΕ͍ͯͨͨΊɺ߈ܸํ๏ ʹ੍ݶ͕͋ͬͨͷͰ͸ͱਪଌ

    #4-8-3 MITM߈ܸ 

  28. Gmailͷύεϫʔυͷऩू͕໨త GoogleΛὃΔূ໌ॻ͸30ສIPΞυϨε͔Β65 ສճͷOCSPϦΫΤετΛੜΈग़͍ͯͨ͠ ͦͷ͏ͪ95%͕Πϥϯ಺෦ ࢒Γ͸ੈքதͷTorͷExit NodeɺϓϩΩγɺ VPNͩͬͨ #4-8-3 ߈ܸऀͷ໨త 

  29. 2011೥9݄ʹ൜ߦ੠໌ ৄࡉͳ߈ܸΛ։ࣔ Ͳ͏΍ͬͯ6૚ͷωοτϫʔΫʹΞΫηε͔ͨ͠ netHSMͷϋʔυ΢ΣΞ伴ͳͲΛͲ͏΍ͬͯᷖ ճ͔ͨ͠ Πϥϯʹର͢Δ߈ܸʹ͍ͭͯ͸ݴٴͤͣ #4-8-4 ComodoHackerͷ൜ߦ੠໌ 

  30. 2011೥11݄ϚϨʔγΞͷDigiCert Sdn. Bhd.ͱ ͍͏CA͕ةݥͳ΄Ͳऑ͍ূ໌ॻΛൃߦ͍ͯͨ͠ DigiCertͱ͸ؔ܎ͳ͘ɺEntrustɺCyberTrustͱ தؒCAͱͯ͠ͷܖ໿Λ݁ΜͰ͍ͨ 22௨ͷূ໌ॻ͕ൃߦ͞Ε͕ͨɺக໋తͳ໰୊Λ๊ ͍͑ͯͨ #4-9 DigiCert

    Sdn. Bhd. 

  31. 512bit͔͠ແ͍ͨΊ૯౰Γ߈ܸͰҼ਺෼ղ͕ՄೳͰ͋ͬͨ ࢖༻ํ๏ͷ੍ݶ͕ͳ͍ EKU(Extended Key Usage)֦ுʹΑΓ௨ৗɺূ໌ॻͷ࢖༻ํ๏͕ݶఆ͞ Ε͍ͯΔ ࢖༻ํ๏͕ݶఆ͞Ε͍ͯͳ͍ͨΊɺίʔυॺ໊ͳͲʹ΋ར༻Ͱ͖ͨ ໰୊͕ൃݟ͞Εͨཧ༝͸ɺഁΒΕͨެ։伴͕Ϛϧ΢ΣΞͷॺ໊ʹѱ༻͞Εͨ ͨΊ ࣦޮ৘ใ͕ͳ͍ͨΊɺ࣮֬ʹࣦޮͰ͖ͳ͔ͬͨ

    ݁ہEntrustͱCyberTrust͕தؒCAΛࣦޮͤ͞ɺϒϥ΢βϕϯμʔ͕ϒϥοΫ Ϧετʹొ࿥͢Δߋ৽ΛϦϦʔε͢Δ͜ͱͰରԠ #4-9 க໋తͳ໰୊ 

  32. 2012೥5݄ʹ໠ҖΛฃͬͨϚϧ΢ΣΞ SQLiteͱLuaͰϏϧυ͞Εɺඇৗʹߴ͍৴པੑΛ࣋ͬ ͍ͯͨ 1,000ͷγεςϜͰൃݟ͞Εͨඪతܕ߈ܸͰ͋ͬͨ 2012೥5݄ʹΠϥϯͷCERT͕։ࣔ ։ࣔ௚ޙɺશΠϯελϯεΛফڈ͢ΔͨΊͷࣗಈফ໓ ίϚϯυΛൃߦ #4-10 Flame 

  33. Flame͸Windows Updateͷ࢓૊ΈΛѱ༻ IEͷWPAD(Web Proxy Auto Discovery)Λ༻͍ͯɺLAN ಺ͷPCʹରͯ͠Windows UpdateαʔόͰ͋ΔΑ͏࠮শ LAN্ͷWindowsʹͨ΍͘͢఻೻Ͱ͖Δ Windows

    Update͸TLSΛ࢖༻͍ͯ͠ͳ͍͕ɺίʔυॺ໊ ʹΑΓόΠφϦΛอޢ͍ͯͨ͠ ԿΒ͔ͷܗͰWindows Updateͱͯ͠όΠφϦʹॺ໊ #4-10-1 Windows UpdateʹΑΔ߈ܸ 

  34. ϥΠηϯεೝূͷҝɺಛผͳCAূ໌ॻΛΞΫςΟϕʔγϣϯ࣌ʹड͚औΔ࢓૊Έ Λѱ༻ ओཁͳTSͷCAূ໌ॻ͕Windows Updateͱಉ͡ϧʔτCA͔Βൃߦ͞Εͯ ͍ͨ ਌Ͱ͋ΔTSͷCAΛϥΠηϯεॲཧͱɺίʔυॺ໊ʹར༻Ͱ͖ͨʢཧ༝ෆ໌ʣ ԼҐCAͷEKUʹ͸੍ݶ͕ͳ͔ͬͨͷͰɺ਌ূ໌ॻͱಉ༷ʹ࢖༻Ͱ͖ͨ TS͝ͱʹແ੍ݶͷCAূ໌ॻ͕ൃߦ͞ΕɺϋοΩϯάͳ͠ʹWindows Update όΠφϦʹରͯ͠ίʔυॺ໊͕࣮ࢪͰ͖ͨ

    ޾͍ͳ͜ͱʹWindows VistaҎ߱Ͱ͸Hydraͱݺ͹ΕΔಠࣗͷX.509֦ுΛ ؚ·ͳ͍ূ໌ॻΛऔಘ͠ͳ͍ͱ߈ܸͰ͖ͳ͍ #4-10-2 WindowsλʔϛφϧαʔϏε(TS)ʹର͢Δ߈ܸ 

  35. TSͷCAূ໌ॻ͸MD5Ͱॺ໊͞Ε͍ͯͨ ͦͷҝRapidSSLͱಉ༷ʹબ୒ϓϨϑΟοΫεিಥ߈ܸ͕Մೳ ূ໌ॻൃߦ͸ࣗಈԽɻࣦޮ೔࣌ͱγϦΞϧ൪߸Ҏ֎ͷϑΟʔ ϧυ͸ೖखՄೳ ࣦޮ೔࣌͸༧ଌՄೳ͕ͩɺඵ୯ҐͰͷਖ਼͕֬͞ඞཁ γϦΞϧ൪߸͸࿈൪Ͱ͸ͳ͍͕ɺىಈ͔ͯ͠ΒͷϛϦඵͱ࿈ ൪Ͱߏ੒͞Ε͍ͯͨ ߈ܸʹ͸ϛϦඵ୯ҐͰͷਫ਼౓͕ཁٻ͞Ε͕ͨɺ߈ܸ͸੒ޭ #4-10-3 MD5ͷѱ༻

    

  36. FlameͰ͸িಥϒϩοΫ͕4ͭ༻͍ΒΕ͍ͯͨ িಥϏοτ ਅਖ਼ͳূ໌ॻͷmodulusϑΟʔϧυͷRSA modulus ෆਖ਼ͳূ໌ॻͷissuerUniqueID ͜ΕΒΛ༻͍ͯࠩ෼ύεΛߏஙͨ͠ จݙʹͳ͍બ୒ϓϨϑΟοΫεিಥ߈ܸͰ͋Γɺ৽छͷࠩ෼ύεߏங ΞϧΰϦζϜ͕બ୒͞Ε͍ͯͨ ߈ܸऀ͸ߴੑೳͳϋʔυ΢ΣΞɺ༗ೳͳΤϯδχΞɺੈքϨϕϧͷ҉߸ֶ ऀΛར༻Ͱ͖Δཱ৔Ͱ͋ͬͨ͜ͱ͸ؒҧ͍ͳ͍

    #4-10-3 Flameͷબ୒ϓϨϑΟοΫεিಥ߈ܸ 

  37. 2012೥12݄ChromeͰHPKPʹҧ൓͢Δূ໌ॻΛൃݟ Google͸τϧίͷCAͰ͋Δ͜ͱΛಛఆ(TURKTRUST) γεςϜҠߦ࣌ʹޡͬͯԼҐCAূ໌ॻΛ2௨ൃߦ 1௨͕EGOࣾͰ༻͍ΒΕɺMITMػೳΛ࣋ͭFWʹΠϯετʔϧ͞ Εͨ ͦͷػث͕ԼҐCAΛར༻ͨ݁͠ՌɺGoogleͷূ໌ॻΫϩʔϯ ͕ੜ੒͞Εɺݕग़͞Εͨ γεςϜ؅ཧ্ͷϛεͱͯ͠ॲཧ͞Εͨ #4-11 TURKTRUST

    

  38. 2013೥12݄Google͕ϑϥϯεͷػ͔ؔΒൃߦ͞ΕͨԼҐCAΛഉআ ANSSIͷϧʔτCA΋.frυϝΠϯͷΈ৴པ͞ΕΔΑ͏ʹมߋ ཧ༝: ԼҐCA͕MITMػثͰ࢖༻͞Ε͍ͯͨͨΊ ݪҼ: ਓతͳϛεͱൃද͞Εͨ ANSSI͸CAͷӡ༻ʹ΋໰୊Λ๊͍͑ͯͨ ଟ͘ʹ͸ࣦޮ৘ใؚ͕·Ε͍ͯͳ͍ ۭͷCRLʹಥવ਺ઍͷূ໌ॻ͕௥Ճ͞ΕΔͳͲෆ໌ྎ ANSSI͸Baseline

    Requirementʹ४ڌͰ͖Δ·Ͱ2೥͔͔Δͱൃද #4-12 ANSSI 

  39. 2014೥7݄ɺ·ͨͯ͠΋Google͸ޡൃߦ͞Εͨূ໌ॻ Λݕ஌ Πϯυ੓෎ͷೝূ؅ཧہ(CCA)͕ൃߦ͍ͯͨ͠ ԼҐͷNICͷCA͕৵֐͞Ε͍ͯͨ தؒCA͸ࣦޮ͞Εͨ Chrome͸CCAͷϧʔτCA΋.inͷಛఆυϝΠϯͷΈ৴པ ͢ΔΑ͏ʹ੍ݶ #4-13 Πϯυ৘ใ޻ֶηϯλʔ 

  40. PKIͷ࠷େͷڴҖ͸ɺ͸ͼ͜ΔTLS๣डͰ͋Δ ๣डऀͱͯ͠ڍ͛ΒΕΔͷ͸ ϩʔΧϧʹΠϯετʔϧ͞Εͨιϑτ΢ΣΞ ैۀһ ISP ௨ৗ؍ଌ͢Δ͜ͱ͕೉͍͕͠ɺز͔ͭͷΠϯγσϯτ ͕ใࠂ͞Εɺ໰୊ͷෳࡶ͞ʹؾ෇͔͞ΕΔ #4-14 ޿ൣғʹٴͿTLS๣ड 

  41. ChromeνʔϜ͸Gogo͕҉߸Խ͞ΕͨτϥϑΟοΫΛ͢ ΂ͯ๣ड͍ͯ͠Δ͜ͱΛൃݟ ࣮ࡏ͢ΔWebαΠτͷ໊લΛ͚ͭͨෆਖ਼ͳূ໌ॻΛ͹Β ·͍͍ͯͨ ͳʹ͔߈ܸΛͨ͠Θ͚Ͱ͸ͳ͘ɺϢʔβʹূ໌ॻʹ͍ͭͯ ͷܯࠂΛΫϦοΫͤͯ͞ܧଓ͍ͯͨ͠ Gogo͸ଳҬΛ੍ޚ͢ΔͨΊʹඞཁͩͬͨͱห໌͕ͨ͠ɺ ޙ೔๣डΛ׬શʹ΍Ίͨ #4-14-1 Gogo

    

  42. 2015೥12݄ Lenovo͕ग़ՙ͢Δ੡඼ͷҰ෦ʹSuperfishͱݺ͹Ε ΔϚϧ΢ΣΞΛϓϦΠϯετʔϧ͍ͯͨ͜͠ͱ͕൑໌ HTTPSΛؚΊͨར༻ऀͷશτϥϑΟοΫΛ๣ड͍ͯͨ͠ ূ໌ॻʹ͍ͭͯͷܯࠂΛճආ͢ΔͨΊʹɺϢʔβಉҙͳ͠ʹϧʔτ ূ໌ॻετΞʹSuperfishͷϧʔτূ໌ॻΛ௥Ճ͍ͯͨ͠ τϥϑΟοΫ͸͢΂ͯϩʔΧϧͷϓϩηεʹϦμΠϨΫτ͞Εɺ޷ ͖উखʹվม͍ͯͨ͠ ϓϥΠϕʔτͳ৘ใ΍ػඍͳ৘ใ΋؂ࢹ͞Ε͍͕ͯͨɺҰ൪໰୊ͳ ͷ͸ద੾ʹ࣮૷͞Ε͍ͯͳ͔ͬͨ఺

    #4-14-2 Superfishes 

  43. ຊདྷϢʔβ͝ͱʹCAΛੜ੒͠࢖༻͢΂͖ SuperfishͰ͸ಉҰͷϧʔτCAΛར༻͍ͯͨ͠ ϧʔτCAͷൿີ伴Λൈ͖ग़ͤͨϢʔβ͸ͦͷൿີ伴Λ༻͍ͯ߈ܸʹ࢖༻Ͱ ͖ͯ͠·͏ ϓϩΩγͷTLS͕TLS 1.1͔͠αϙʔτ͍ͯ͠ͳ͔ͬͨͨΊɺࣄ্࣮Ϣʔβͷη ΩϡϦςΟΛμ΢ϯάϨʔυ͍ͯͨ͠ MITM΍ࣗݾॺ໊ূ໌ॻΛݕग़͢Δ͜ͱ΋Ͱ͖ͳ͔ͬͨ ࣄ্࣮͢΂ͯͷWebαΠτΛ৴པͯ͠͠·͍ͬͯͨ͜ͱʹ౳͍͠ HPKPͰ͸ϩʔΧϧͰ৴པ͞ΕͨϧʔτCAʹର߅͢Δ͜ͱ͕Ͱ͖ͳ͍

    #4-14-2 Superfishͷෆద੾ͳ࣮૷ 

  44. FacebookʹΑΔͱΧβϑελϯͰ͸4.5%ͷ Ϣʔβ͕SuperfishͷӨڹΛड͚͍ͯͨ Lenovo͸ͦͷޙMSͱڠྗͯ͠ෆཁͳϧʔτCA Λআڈ 25ສ୆΋ͷPC͕Өڹ͞Ε͍ͯͨͱൃද SuperfishҎ֎ʹ΋ಉ༷ͷ੡඼͸ଟ਺͋Δ #4-14-2 ͦͷޙͷରԠ 

  45. 2015೥3݄ CNNIC(தࠃωοτϫʔΫΠϯϑΥϝʔγϣϯηϯλʔ)͕ MCSͱ͍͏اۀʹରͯ͠ࢼݧతͳதؒCAΛൃߦ MCS͸ΤδϓτͰূ໌ॻͷఏڙͱؔ࿈ࣄۀͷ։୓ ࢼݧظؒதʹTLSͷಁաϓϩΩγʹΠϯϙʔτ͞Εɺ1௨ͷূ໌ॻ͕ޡͬ ͯൃߦ͞Εͨ Chrome͕ൃݟ͠ɺGoogleʹใࠂ͞Εͨ ݁Ռతʹແ੍ݶͰάϩʔόϧʹ༗ޮͳதؒCAূ໌ॻΛ؅ཧͰ͖ͳ͍૊৫ ʹରͯ͠ূ໌ॻΛൃߦͨ͠੹೚ͱͯ͠Chrome, Mozilla͸CNNICূ໌

    ॻΛࣦޮͤͨ͞ #4-15 CNNIC 

  46. 2016೥10݄ Mozilla͸WoSign͕SHA-1ʹΑΔূ໌ॻൃߦͷ ظݶͱͨ͠2016೥1݄1೔Ҏ߱ʹSHA-1ʹΑΔॺ ໊෇͖ূ໌ॻΛൃߦͨ͠ͱͯ͠WoSignΛࣦޮ ಉ࣌ʹWoSign͕StartSSLΛ׬શʹॴ༗͍ͯͨ͠ ʹ΋ؔΘΒͣɺ։ࣔΛ͍ͯ͠ͳ͔ͬͨ͜ͱ͔Β StartSSL΋ࣦޮ ͦͷޙ: StartSSL 

  47. ChromeνʔϜʹΑΔͱɺ2ϲ݄ؒʹ౉Γ30,000௨ͷূ໌ ॻ͕ਖ਼͘͠ݕূ͞Εͣʹൃߦ͞Εͨͱใࠂ ஈ֊తʹ༗ޮظݶΛ୹ॖ͢Δ͜ͱɺEVূ໌ॻΛEVͱͯ͠औ ΓѻΘͳ͍ͱൃද 5݄17೔࣌఺ͰGoogle͸2017೥8݄8೔·ͰʹSymantec ͕ൃߦͨ͠ূ໌ॻΛୈࡾऀʹΑΔCAͰ࠶ൃߦ͠௚͢Α͏ཁ ٻ͍ͯ͠Δ ݱࡏ΋΍ΓऔΓ͸ଓ͍͍ͯΔɻɻɻ 2017೥Symantec