Upgrade to Pro — share decks privately, control downloads, hide ads and more …

プロフェッショナルSSL/TLS勉強会 PKIに対する攻撃 (第4章)

プロフェッショナルSSL/TLS勉強会 PKIに対する攻撃 (第4章)

Hirotaka Nakajima

June 23, 2017
Tweet

More Decks by Hirotaka Nakajima

Other Decks in Technology

Transcript

  1. PKIʹର͢Δ߈ܸ (ୈ4ষ)
    ϓϩϑΣογϣφϧSSL/TLSษڧձ
    2017/6/23
    Hirotaka Nakajima (@nunnun)

    View full-size slide

  2. ͳ͔͡· ͻΖ͔ͨ
    @nunnun
    ܚጯٛक़ ΠϯϑΥϝʔγϣϯςΫϊϩδʔηϯλʔຊ෦
    ܚጯٛक़େֶେֶӃ੓ࡦɾϝσΟΞݚڀՊത࢜՝ఔ
    ISOC Japan Chapter
    https://about.me/nunnun
    ࣗݾ঺հ

    View full-size slide

  3. PKIͷӡ༻ํ๏ʹ͸͕ܽؕଘࡏ
    ੑળઆʹج͍͍ͮͯΔ
    ϧʔτCAΛ৵֐͢Ε͹ɺͲΜͳWebα
    Πτͷূ໌ॻ΋ൃߦՄೳͱͳͬͯ͠·͏
    ͜ͷষͰ͸աڈͷ߈ܸʹ͍ͭͯղઆ
    #4 PKIʹର͢Δ߈ܸ

    View full-size slide

  4. 2001೥1݄ʹൃੜ
    ߈ܸऀ͸Verisign͔Β
    Microsoft Corporationͱ͍͏
    ໊લͷίʔυॺ໊ূ໌ॻΛൃߦ͢
    Δ͜ͱʹ੒ޭ
    #4-1 VerisignͷMSίʔυূ໌ॻ

    View full-size slide

  5. Verisign͸ূ໌ॻΛࣦޮ
    ূ໌ॻʹ͸CRL഑෍ϙΠϯτ͕ະࢦఆ
    OS͕ূ໌ॻͷࣦޮΛݕূͰ͖ͳ͍
    ໰୊ͷূ໌ॻΛϒϥοΫϦετʹೖΕΔ
    OSύονΛϦϦʔε͢Δ͜ͱͰରԠ
    #4-1 VerisignͷMSίʔυূ໌ॻ

    View full-size slide

  6. 2008೥, Mike Zusman͕Thawteͷূ໌ॻݕূॲཧͷෆඋΛൃ
    ݟ
    Thawte͸υϝΠϯݕূʹϝʔϧΞυϨεΛ࢖༻͍ͯͨ͠
    live.com ΞυϨε͸୭Ͱ΋औಘՄೳ
    υϝΠϯݕূʹ࢖༻ՄೳͳϝʔϧΞυϨε͕ଟذʹΘ͍ͨͬͯͨ
    sslcertifi[email protected] ͸औಘՄೳͰ͋ͬͨ
    2008೥8݄ʹެ։ɺCAͷ໊લ͸ͦͷ೥ͷ฻ʹެ։

    ಉ༷ͷ߈ܸ͕2015೥ʹlive.fiͰߦΘΕͯ͠·ͬͨ
    #4-2 Thawte, login.live.com

    View full-size slide

  7. 2008೥12݄, Mike Zusman͕
    StartComͷυϝΠϯ໊ݕূͷܽؕΛൃݟ
    ͋ΒΏΔυϝΠϯ໊ͷঝೝ͕ՄೳͰ͋ͬͨ
    ϒϥοΫϦετʹొ࿥͞ΕͨυϝΠϯΛ࢖
    ༻͍ͯͨͨ͠Ίɺ߈ܸ͸͙͢ʹൃݟ͞Εͨ
    #4-3 StartCom

    View full-size slide

  8. #4-3ͷ߈ܸͷޙɺStartComͷEddy Nigg͕ଞ
    ࣾͰಉ༷ͷ໰୊Λൃݟ
    ComodoͷύʔτφʔCertStar͕υϝΠϯ໊Λ
    ·ͬͨ͘ݕূͤͣʹূ໌ॻൃߦΛ͍ͯ͠Δ͜ͱΛ
    ൃݟ
    Comodo͸Eddy͕ൃ஫ͨ͠ূ໌ॻΛؚΊ11௨
    ͷূ໌ॻΛࣦޮͤͨ͞
    #4-4 CertStart(Comodo)ͷMozillaূ໌ॻ

    View full-size slide

  9. 2008೥ʹMD5ͷબ୒ϓϨϑΟοΫεি
    ಥ߈ܸʹΑΓِ଄CAূ໌ॻΛRapidSSL
    ͔Βऔಘͨ͠
    2004೥ʹMD5͕ഁΒΕ͔ͯΒ޼ົʹ
    ͳ͍͕ͬͯͨɺ͜ͷ߈ܸ͕࠷ޙͷҰܸͱ
    ͳͬͨ
    #4-5 ِ଄RapidSSLূ໌ॻ

    View full-size slide

  10. 1991: MD5͕஀ੜ
    1991ʙ1996: MD5ͷऑ఺Λࣔ͢ஹީ͕֬ೝ͞Εͨ
    2004: ࠷ॳͷিಥͷ࣮ྫ͕ࣔ͞ΕΔɻ߈ܸ͸ݱ࣮తͰ͸ͳ͔ͬͨ
    2005: ҟͳΔ2௨ͷূ໌ॻ͕ಉ͡MD5 Hash஋Λ࣋ͭ͜ͱ͕ࣔ͞Εͨɻ͜ͷ࣌
    ఺Ͱ͸RSA伴ۭؒ͸ҟͳΔ͕ɺଞͷ৘ใ͸ಉҰͰ͋ͬͨ
    2006: બ୒ϓϨϑΟοΫεিಥ߈ܸʹΑͬͯɺಉ͡MD5 Hash஋Λ࣋ͭɺҟͳ
    Δূ໌ॻ2௨ͷੜ੒ʹ੒ޭɻ͜ͷ࣌఺ͰMD5͕༗ҙͳ߈ܸʹ੬ऑͱͳΔ
    2008: MD5ͷিಥʹΑͬͯѱ࣭ͳِ଄CAূ໌ॻͷऔಘʹ੒ޭͨ͠
    2012: MD5িಥΛ༻͍ͯMicrosoft CAΛِ଄͠ίʔυॺ໊Λճආ͢Δ߈ܸ
    MD5ͱPKIʹର͢Δ߈ܸͷྺ࢙

    View full-size slide

  11. ಉ͡MD5ͷॺ໊Λ࣋ͭ2ͭจॻΛ࡞Γग़͢͜ͱ
    σδλϧॺ໊Ͱ͸σʔλͦͷ΋ͷͰ͸ͳ͘ɺϋο
    γϡ஋ʹରͯ͠ॺ໊Λ࣮ࢪ͢Δ
    ಉ͡MD5ϋογϡΛ࣋ͭ2ͭͷυΩϡϝϯτΛߏ੒
    Ͱ͖Ε͹ɺCAʹਅਖ਼ͳυΩϡϝϯτΛॺ໊ͯ͠΋Β
    ͏
    ِ଄ͨ͠υΩϡϝϯτʹॺ໊Λࠩ͠ࠐΉ͜ͱͰ੒ޭ
    #4-5-1 σδλϧॺ໊ʹର͢Δ߈ܸ໨ඪ

    View full-size slide

  12. ௨ৗCAʹূ໌ॻΛૹ෇ͯ͠΋ॺ໊ͯ͠΋Β͑
    ͳ͍
    ূ໌ॻ͸CSRΛ༻͍ͯCA͕ੜ੒͢Δ
    CSRʹ͸ެ։伴΍υϝΠϯؚ໊͕·ΕΔ
    લड़ͷυΩϡϝϯτʹର͢Δ߈ܸΑΓ೉қ౓
    ͸্͕Δ͕ෆՄೳͰ͸ͳ͍
    #4-5-1 ূ໌ॻʹର͢Δ߈ܸ

    View full-size slide

  13. িಥϒϩοΫ(collision block)
    ϋογϡؔ਺Λٗ͘2ͭͷσʔλ
    2ͭͷσʔλ͕ಉ͡ϋογϡ஋ΛऔΔ
    িಥϒϩοΫ͕ɺਅਖ਼ͳจॻͱِ଄จ
    ॻͷࠩҟΛϋογϡؔ਺తʹଧͪফ͢
    #4-5-1 িಥϒϩοΫ

    View full-size slide

  14. ৚݅
    ਅਖ਼ͳจॻͷઌ಄෦෼Λ஌͍ͬͯΔ͜ͱ(બ୒ϓ
    ϨϑΟοΫε)
    ਅਖ਼ͳจॻதʹিಥϒϩοΫΛ഑ஔͰ͖Δ͜ͱ
    িಥϒϩοΫΛจॻ຤ඌʹ഑ஔ͢Δ͜ͱ͸࣮࣭త
    ʹ͸Ͱ͖ͳ͍ͨΊɺϑΝΠϧ຤ඌ͸ਅਖ਼ͳจॻɾ
    ِ଄จॻͦΕͧΕಉҰʹ͢Δ
    #4-5-1 બ୒ϓϨϑΟοΫεিಥ߈ܸ

    View full-size slide

  15. ূ໌ॻ͸CSRΛجʹCA͕࡞੒͢Δ
    ূ໌ॻͷߏ଄͸X.509v3࢓༷Ͱఆ·Δ
    ߈ܸऀ͸ߏ଄Λ༧ଌՄೳ
    ࠷ऴతͳূ໌ॻ͸CSR͔Βίϐʔ͞ΕΔ෦෼͕͋Δɻ(e.g. ެ։伴)
    ެ։伴͸ϥϯμϜͰͳ͚Ε͹ͳΒͳ͍͕ɺϥϯμϜʹݟ͑Ε͹ܯ
    ռ͞Εͳ͍
    CA͕௥Ճ͢Δ৘ใͷଘࡏ(ূ໌ॻͷࣦޮ࣌ؒ)
    ߈ܸऀ͸Өڹ͸ٴ΅ͤͳ͍͕ɺਪଌ͸ՄೳͰ͋Δ
    #4-5-2 ূ໌ॻͷ੍໿

    View full-size slide

  16. બ୒ϓϨϑΟοΫε
    ެ։伴ΑΓલʹؚ·ΕΔ͢΂ͯͷϑΟʔϧυ
    ຆͲͷ৘ใ͸ط஌
    ূ໌ॻͷγϦΞϧ൪߸ͱࣦޮ೔࣌͸߈ܸऀʹ͸ະ஌
    িಥϒϩοΫ
    ެ։伴
    αϑΟοΫε
    X.509ͷ֦ு͔Βߏ੒͞ΕΔͨΊɺࣄલʹ༧ଌՄೳ
    #4-5-2 બ୒ϓϨϑΟοΫεিಥ߈ܸ

    View full-size slide

  17. 1. CAͰੜ੒͞ΕΔূ໌ॻͷϓϨϑΟοΫεΛܾఆ
    ͠ɺCSRͷϑΟʔϧυΛఆΊΔ
    2. ෆਖ਼ͳূ໌ॻʹඞཁͳϓϨϑΟοΫεΛߏ੒
    3. ূ໌ॻͷαϑΟοΫεΛܾΊΔ
    4. 1ʙ3ͷσʔλΛ༻͍ͯɺিಥϒϩοΫΛߏ੒͢
    Δ
    5. CSRΛ૊ΈཱͯCAʹૹ෇͢Δ
    6. ِ଄ϓϨϑΟοΫεɺ2ͭ໨ͷিಥϒϩοΫɺ
    αϑΟοΫεɺຊ෺ͷূ໌ॻ͔ΒऔΓग़ͨ͠ॺ
    ໊Λ༻͍ͯɺِ଄ূ໌ॻΛ૊ΈཱͯΔ
    #4-5-2 ߈ܸϓϩηε

    90 ୈ4 ষ PKIʹର͢Δ߈ܸ
    4 0
    64
    128
    192
    256
    320
    384
    448
    576
    640
    704
    768
    832
    896
    927
    9
    14
    29
    31
    44
    74
    121
    153
    157
    170
    245
    266
    317
    366
    441
    445
    460
    474
    730
    735
    741
    757
    788
    849
    882
    913
    4
    9
    12
    27
    29
    42
    72
    119
    151
    153
    213
    216
    231
    238
    370
    375
    379
    396
    413
    444
    477
    512
    500
    όʔδϣϯ“3” όʔδϣϯ
    “3”
    γϦΞϧ൪߸
    “643015”
    γϦΞϧ൪߸
    “65”
    ϔομ
    ॺ໊ΞϧΰϦζϜ“MD5 with RSA” ॺ໊ΞϧΰϦζϜ“MD5 with RSA”
    ެ։ݤΞϧΰϦζϜ“MD5 with RSA”
    ϔομ
    Ϟδϡ
    ϥ
    ε
    ʢ1024Ϗο
    τʣ
    ࠃ“US” ࠃ“US”
    ࠃ“US”
    “i.broke.the.internet.and
    .all.i.got.was.this
    .t-shirt.phreedom.org”
    “i.broke.the.internet.and
    .all.i.got.was.this
    .t-shirt.phreedom.org”
    ༗ޮੑ“from 3 Nov. 2008 7:52:02
    to 4 Nov. 2009 7:52:02”
    ༗ޮੑ“from 31 Jul. 2004 0:00:00
    to 2 Sep. 2004 0:00:00”
    “Equifax Secure Inc.” “Equifax Secure Inc.”
    “Equifax Secure Global
    eBusiness CA-1”
    “Equifax Secure Global
    eBusiness CA-1”
    “See www.rapidssl.com/
    resources/cps (c)08”
    “Domain Control Validated
    - RapidSSL(R)”
    ૊৫ ૊৫
    ૊৫
    ෦໳
    ෦໳
    ෦໳
    Ұൠ໊
    Ұൠ໊
    Ұൠ໊
    Ұൠ໊
    “GT11029001”
    “MD5 Collisions Inc.
    (http://www.phreedom.org/md5)”
    BAA659C92C28D62A B0F8ED9F46A4A437
    EE0E196859D1B303 9951D6169A5E376B
    15E00E4BF58464F8 A3DB416F35D59B15
    1FDBC43852708197 5E8FA0B5F77E39F0
    32AC1EAD44D2B3FA 48C3CE919BECF49C
    7CE15AF5C8376B9A 83DEE7CA20973142
    73159168F488AFF9 2828C5E90F73B017
    4B134C9975D044E6 7E086C1AF24F1B41
    ҉߸Խࢦ਺
    “65537”
    ҉߸Խࢦ਺
    “65537”
    ݤ༻్“…”
    ݤ༻్“…”
    ൃߦઌݤࣝผࢠ“…”
    ൃߦઌݤࣝผࢠ“…”
    $3-഑෍఺“…”
    ػؔݤࣝผࢠ“…”
    ػؔݤࣝผࢠ“…”
    ݤ֦ு༻్“…”
    جຊ੍໿“CA=TRUE”
    جຊ੍໿“CA=FALSE”
    ϒϩοΫ2
    ϒϩοΫ1
    ϒϩοΫ3
    ϒϩοΫ4
    ϒϩοΫ5
    ϒϩοΫ6
    ϒϩοΫ7
    ϒϩοΫ8
    ϒϩοΫ9
    ϒϩοΫ10
    ϒϩοΫ11
    ϒϩοΫ12
    ϒϩοΫ13
    ϒϩοΫ14
    ϒϩοΫ15
    0692F14F45BED930 36A32B8CD677AE35
    637F4E4C9A934836 D99F
    ެ։ݤΞϧΰϦζϜ“RSA”
    ϔομ
    ϔομ
    ஀ੜ೔Ϗο
    τ
    ʢʣ
    ΄΅িಥ͢ΔͭΊͷϒϩοΫ
    ΄΅িಥ͢Δ ͭΊͷϒϩοΫ
    ΄΅িಥ͢Δ ͭΊͷϒϩοΫ
    ಉҰ

    ಉҰ

    ಉҰ

    ಉҰ

    ಉҰ

    Ϟδϡ
    ϥ
    ε
    ʢ2048Ϗο
    τʣ
    A721028DD10EA280 7725FD4360158FEC
    EF9047D484421526 111CCDC23C1029A9
    B6DFAB577591DAE5 2BB390451C306356
    3F8AD950FAED586C C065AC6657DE1CC6
    763BF5000E8E45CE 7F4C90EC2BC6CDB3
    B48F62D0FEB7C526 7244EDF6985BAECB
    D195F5DA08BE6846 B175C8EC1D8F1E7A
    94F1AA5378A245AE 54EAD19E74C87667
    A721028DD10EA280 7725FD4360158FEC
    EF9047D484421526 111CCDC23C1029A9
    B6DFAB577591DAE5 2BB390451C306356
    3F8AD950FAED586C C065AC6657DE1CC6
    763BF5000E8E45CE 7F4C90EC2BC6CDB3
    B48F62D0FEB7C526 7244EDF6985BAECB
    D195F5DA08BE6846 B175C8EC1D8F1E7A
    94F1AA5378A245AE 54EAD19E74C87667
    A3C5450B36BB01D1 53AAC3088F6FF84F
    3E87874411DC60E0 DF9255F9B8731B54
    93C59FD046C460B6 3562CDB9AF1CA869
    1AC95B3C9637C0ED 67EFBBFEC08B9C50
    2F29BD83229E8E08 FAAC1370A2587F62
    628A11F789F6DFB6 67597316FB63168A
    B49138CE2EF5B6BE 4CA49449E465110A
    4215C9C130E269D5 457DA526BBB961EC
    6264F039E1E7BC68 D850519E1D60D3D1
    A3A70AF80320A170 011791364F027031
    8683DDF70FD8071D 11B31304A5DCF0AE
    50B1280E63692A0C 826F8F4733DF6CA2
    0692F14F45BED930 36A32B8CD677AE35
    637F4E4C9A934836 D99F0203010001A3
    81BD3081BA300E06 03551D0F0101FF04
    04030204F0301D06 03551D0E04160414
    CDA683FAA56037F7 96371729DE4178F1
    878955E7303B0603 551D1F0434303230
    30A02EA02C862A68 7474703A2F2F6372
    6C2E67656F747275 73742E636F6D2F63
    726C732F676C6F62 616C6361312E6372
    6C301F0603551D23 041830168014BEA8
    A07472506B44B7C9 23D8FBA8FFB3576B
    686C301D0603551D 250416301406082B
    0601050507030106 082B060105050703
    02300C0603551D13 0101FF04023000
    ॺ໊ΞϧΰϦζϜ“MD5 with RSA”
    ॺ໊ΞϧΰϦζϜ“MD5 with RSA”
    ॺ໊
    ॺ໊
    जᙾ
    ʢ/FUTDBQF
    ίϝϯ
    τʣ
    B2D3 2581AA28E878B1E5
    0AD53C0F36576EA9 5F06410E6BB4CB07
    17000000 5BFD6B1C7B9CE8A9
    A3C5450B36BB01D1 53AAC3088F6FF84F
    3E87874411DC60E0 DF9255F9B8731B54
    93C59FD046C460B6 3562CDB9AF1CA86B
    1AC95B3C9637C0ED 67EFBBFEC08B9C50
    33000000 275E39E089610F4E
    2F29BD83229E8E08 FAAC1370A2587F62
    628A11F789F6DFB6 67597316FB63168A
    B49138CE2EF5B6BE 4CA49449E465510A
    4215C9C130E269D5 457DA526BBB961EC
    6264F039E1E7BC68 D850519E1D60D3D1
    A3A70AF80320A170 011791364F027031
    8683DDF70FD8071D 11B31304A5DAF0AE
    50B1280E63692A0C 826F8F4733DF6CA2
    ϔομ

    ߦ


    ߦ


    ߦ


    ߦ

    ެ
    ։
    ݤ
    ެ
    ։
    ݤ
    ֦

    ֦

    ग़య: ϓϩϑΣογϣφϧSSL/TLS

    View full-size slide

  18. CA͕ܾఆ͢Δࣦޮ೔࣌ͱγϦΞϧ൪߸ΛͲ͏༧ଌͨ͠ͷ͔
    RapidSSLͰ͸CSRΛૹ৴͔ͯ͠Βূ໌ॻ͕ੜ੒͞ΕΔ·Ͱ
    ͪΐ͏Ͳ6ඵͩͬͨ
    ࣦޮ೔࣌Λඵ୯ҐʹਪଌՄೳ
    RapidSSL͸γʔέϯε൪߸Λཚ਺Λ༻͍ͯੜ੒ͤͣ࿈൪Λ࢖༻
    2ͭͷূ໌ॻΛ࿈ଓͯ͠ૉૣ͘औಘ͢Ε͹2ͭ໨ͷূ໌ॻͷγ
    ϦΞϧ൪߸Λ༧ଌͰ͖Δ
    #4-5-3 ϓϨϑΟοΫεͷ༧ଌ

    View full-size slide

  19. িಥ͸PlayStation3 200୆ΫϥελΛ༻͍Δͱ໿1೔Ͱੜ੒Մೳ
    ਖ਼֬ͳ࣌ؒΛબΜͰCSRΛૹ৴͠ɺγϦΞϧ൪߸Λ༧ଌ͢Δඞཁ
    ೔༵೔ͷ༦ํ(࠷΋CA͕ࠞΈ߹Θͳ͍࣌ؒ)ʹ࣮ߦ
    ༵ۚ೔ʹγϦΞϧ൪߸Λ1ճऔಘ͠ɺ߈ܸͷγϦΞϧ͸γϦΞϧ൪߸
    +1000ͱͳΔΑ͏ʹ໨ࢦͨ͠
    ߈ܸ͕͍࣌ؒۙͮͨΒɺ৽͍͠ূ໌ॻΛԿ௨͔ൃߦ͢Δ͜ͱͰͰ͖
    Δ͚ͩ1000ʹۙ͘ͳΔΑ͏ʹΧ΢ϯτΛ্͛ͨ
    ि຤͝ͱʹ3ճ߈ܸΛ࣮ࢪ͠ɺ4ि໨Ͱ੒ޭͨ͠
    #4-5-3 RapidSSL΁ͷ߈ܸ

    View full-size slide

  20. 2011೥3݄: ComodoͷRA(Registration Authority)ͷҰ
    ͕ͭʮηΩϡϦςΟΛ׬શʹ৵֐ʯ͞Εͨ
    7ͭͷWebαΠτʹରͯ͠9௨ͷূ໌ॻ͕ൃߦ͞Εͨ
    ਝ଎ʹൃݟ͞Εͨҝɺ߈ܸऀ͕ར༻Ͱ͖͔ͨෆ໌
    Chromeͷιʔείʔυ͔Βެ։೔ͷ਺೔લʹ߈ܸΛ஌ͬͯ
    ͍ͨਓ͕͍ͨ
    RAʹର͢Δ߈ܸʹ͍ͭͯͷڴҖϞσϧ͕ߟྀ͞Εͯͳ͔ͬͨ
    #4-6 ComodoϦηϥʔʹΑΔηΩϡϦςΟ৵֐

    View full-size slide

  21. 2011೥ՆStartCom͕߈ܸ͞Εͨ
    ෆਖ਼ͳূ໌ॻͷൃߦͳͲ֎෦͔Β
    ֬ೝͰ͖Δඃ֐͸ൃੜͤͣ
    ݪҼ΍ඃ֐ͳͲ͸Θ͔Βͳ͍··
    ऩଋ
    #4-7 StartCom΁ͷ߈ܸ

    View full-size slide

  22. DigiNotar͸ΦϥϯμͷCA
    Φϥϯμిࢠ੓෎ͷPKIΛ୲౰
    2011೥ʹMITM߈ܸͰෆਖ਼ͳূ໌ॻΛར༻͞
    Εͨ
    ϧʔτCA͸͢΂ࣦͯޮ͞Εɺ2011೥9݄ʹࣗ
    ݾഁ࢈
    #4-8 DigiNotar

    View full-size slide

  23. 2011೥8݄27೔ʹΠϥϯͷGmailϢʔβ͕அଓతͳ໰୊Λใࠂ
    ຖ೔30ʙ60෼μ΢ϯ͍ͯͨ͠
    Chrome͸ެ։伴ϐϯχϯάΛ౥ࡌ͓ͯ͠ΓɺͦͷػೳͰ߈
    ܸΛݕ஌͍ͯͨ͠
    ͦͷޙͷ਺೔ͰΠϥϯͷશIPΞυϨεʹ૬౰͢Δ30ສΞυϨε
    ͕ӨڹΛड͚͍ͯͨ͜ͱ͕൑໌
    MITMͰ༻͍ΒΕͨূ໌ॻ͸͢΂ͯDigiNotarʹΑΓൃߦ
    #4-8-1 ൃݟͷܦҢ

    View full-size slide

  24. ࠷ॏཁͳαʔόʹѱҙͷ͋Διϑτ΢ΣΞ͕࢓ࠐ·Ε͍ͯͨ
    ௐࠪͨ͠αʔόʹ͸Anti-Virus͕ࢪ͞Εͣ
    ॏཁͳߏ੒ཁૉͷִ཭͸ػೳͤͣ
    CAαʔό͸؅ཧ༻LAN͔ΒωοτϫʔΫܦ༝ͰΞΫηεՄೳͩͬͨ
    શCAαʔό͸୯ҰWindowsυϝΠϯʹଐ͍ͯͨ͠
    Ϣʔβ໊ͱύεϫʔυΛҰ૊৵֐Ͱ͖Ε͹ɺΞΫηεՄೳͩͬͨ
    ެ։Webαʔό͸چࣜͰύον͕౰ͯΒΕ͍ͯͳ͍ιϑτ΢ΣΞ͕ଘࡏ
    IPS͸ಋೖ͞Ε͍͕ͯͨɺWebαʔό΁ͷ߈ܸΛϒϩοΫͰ͖ͳ͔ͬͨ
    ҆શʹϩάΛूத؅ཧ͢Δ࢓૊Έ͸ͳ͔ͬͨ
    #4-8-2 CAͷ৴༻ࣦ௢

    View full-size slide

  25. 6݄17೔: Webαʔόͷίϯςϯπ؅ཧ෦෼͕ഁΒΕͨ
    7݄1೔: ϧʔτCAαʔόͷωοτϫʔΫηάϝϯτʹ৵ೖ
    ϧʔτCA͸Πϯλʔωοτʹ઀ଓ͞Ε͍ͯͳ͔͕ͬͨɺॏཁͰ
    ͳ͍γεςϜΛܦ༝ͯ͠৵ೖ͞Εͨ
    7݄10೔: 128௨ͷෆਖ਼ͳূ໌ॻΛखʹೖΕΔϓϩάϥϜΛ࣮ߦɻ
    Ҏ߱53૊৫ʹͳΓ͢·͠531௨ͷূ໌ॻΛऔಘ
    7݄19೔: DigiNotar͸৵ೖΛݕ஌ɻγεςϜΛΫϦʔϯΞοϓ͠
    ͕ͨɺ୭ʹ΋৘ใΛ఻͑ͳ͔ͬͨ
    #4-8-2 CAͷ৴༻ࣦ௢

    View full-size slide

  26. #4-8-2 ൃߦ͞Εͨূ໌ॻ

    ࠷ॳʹ CA αʔόຊମ΁ͷΞΫηεʹ੒ޭ͔ͯ͠Β໿ 1 िؒޙͷ͜ͱͰͨ͠ɻ߈ܸऀ͸ͦͷޙ
    ΋Կճ͔ଞͷόονΛىಈ͠ɺ૯ܭͰ͸গͳ͘ͱ΋ 53 ૊৫ʹͳΓ͢·͢ 531 ௨ͷূ໌ॻΛख
    ʹೖΕ·ͨ͠ɻ໰୊͸͋·Γʹେ͖͘ɺෆਖ਼ͳূ໌ॻͷਖ਼֬ͳ਺͸Θ͔͍ͬͯ·ͤΜɻϩά͸
    վ᜵͞Ε͓ͯΓɺ͋ͱʹͳͬͯ֎෦ͷ؀ڥͰݟ͔ͭͬͨূ໌ॻͷଟ͘͸ద੾ͳσʔλϕʔεʹ
    ͸ݟ౰ͨΓ·ͤΜͰͨ͠ɻ
    ද 4.1 ͔ΒΘ͔ΔΑ͏ʹɺূ໌ॻʹར༻͞Ε໊ͨલͷҰཡʹ͸༗໊Ͳ͜Ζͷ Web αΠτ΍
    CAɺ੓෎ػؚ͕ؔ·Ε͍ͯ·͢ɻ
    ද4.1 DigiNotar ࣾ΁ͷ߈ܸऀʹΑͬͯൃߦ͞Εͨෆਖ਼ͳূ໌ॻͷ͏ͪओͩͬͨ΋ͷʢׅހ಺͸ൃߦ
    ͞Εͨূ໌ॻͷ਺Λද͢ɻׅހͷͳ͍΋ͷ͸1 ຕͷൃߦʣ
    *.*.com *.*.org *.10million.org (2)
    *.android.com *.aol.com *.azadegi.com (2)
    *.balatarin.com (3) *.comodo.com (3) *.digicert.com (2)
    *.globalsign.com (7) *.google.com (26) *.JanamFadayeRahbar.com
    *.logmein.com *.microsoft.com (3) *.mossad.gov.il (2)
    *.mozilla.org *.RamzShekaneBozorg.com *.SahebeDonyayeDigital.com
    *.skype.com (22) *.startssl.com *.thawte.com (6)
    *.torproject.org (14) *.walla.co.il (2) *.windowsupdate.com (3)
    *.wordpress.com (14) addons.mozilla.org (17) azadegi.com (16)
    Comodo Root CA (20) CyberTrust Root CA (20) DigiCert Root CA (21)
    Equifax Root CA (40) friends.walla.co.il (8) GlobalSign Root CA (20)
    login.live.com (17) login.yahoo.com (19) my.screenname.aol.com
    secure.logmein.com (17) Thawte Root CA (45) twitter.com (18)
    VeriSign Root CA (21) wordpress.com (12) www.10million.org (8)
    www.balatarin.com (16) www.cia.gov (25) www.cybertrust.com
    www.Equifax.com www.facebook.com (14) www.globalsign.com
    www.google.com (12) www.hamdami.com www.mossad.gov.il (5)
    www.sis.gov.uk (10) www.update.microsoft.com (4)
    ͍͔ͭ͘ͷূ໌ॻ͸ɺ༗໊ͳWebαΠτΛ᱐Δ໨తͰ͸ͳ͘ɺ͞·͟·ͳϝοηʔδΛӡͿ
    ໨తͰൃߦ͞Εͨ΋ͷͰ͢ɻද 4.2 ʹ·ͱΊͨΑ͏ͳจষ͕ূ໌ॻͷ͋ͪͪ͜Ͱݟ͔͍ͭͬͯ
    ग़య: ϓϩϑΣογϣφϧSSL/TLS

    View full-size slide

  27. ෆਖ਼ͳূ໌ॻ͸OCSP৘ใ͕ຒΊࠐ·Ε͍ͯͨ
    ࢖༻͞Εͨ৔߹ɺOCSPϨεϙϯμͷϩάΛ௥੻͢Ε͹ূ໌ॻͷ
    ௥੻͕Մೳͩͬͨ
    8݄4೔: େن໛ͳ߈ܸͷஹީ͕ݕग़
    8݄29೔: ϧʔτCA͕ࣦޮ
    ߈ܸ͸όʔετతʹൃੜ͍ͯͨ͠
    DNSΩϟογϡϙΠκχϯά͕༻͍ΒΕ͍ͯͨͨΊɺ߈ܸํ๏
    ʹ੍ݶ͕͋ͬͨͷͰ͸ͱਪଌ
    #4-8-3 MITM߈ܸ

    View full-size slide

  28. Gmailͷύεϫʔυͷऩू͕໨త
    GoogleΛὃΔূ໌ॻ͸30ສIPΞυϨε͔Β65
    ສճͷOCSPϦΫΤετΛੜΈग़͍ͯͨ͠
    ͦͷ͏ͪ95%͕Πϥϯ಺෦
    ࢒Γ͸ੈքதͷTorͷExit NodeɺϓϩΩγɺ
    VPNͩͬͨ
    #4-8-3 ߈ܸऀͷ໨త

    View full-size slide

  29. 2011೥9݄ʹ൜ߦ੠໌
    ৄࡉͳ߈ܸΛ։ࣔ
    Ͳ͏΍ͬͯ6૚ͷωοτϫʔΫʹΞΫηε͔ͨ͠
    netHSMͷϋʔυ΢ΣΞ伴ͳͲΛͲ͏΍ͬͯᷖ
    ճ͔ͨ͠
    Πϥϯʹର͢Δ߈ܸʹ͍ͭͯ͸ݴٴͤͣ
    #4-8-4 ComodoHackerͷ൜ߦ੠໌

    View full-size slide

  30. 2011೥11݄ϚϨʔγΞͷDigiCert Sdn. Bhd.ͱ
    ͍͏CA͕ةݥͳ΄Ͳऑ͍ূ໌ॻΛൃߦ͍ͯͨ͠
    DigiCertͱ͸ؔ܎ͳ͘ɺEntrustɺCyberTrustͱ
    தؒCAͱͯ͠ͷܖ໿Λ݁ΜͰ͍ͨ
    22௨ͷূ໌ॻ͕ൃߦ͞Ε͕ͨɺக໋తͳ໰୊Λ๊
    ͍͑ͯͨ
    #4-9 DigiCert Sdn. Bhd.

    View full-size slide

  31. 512bit͔͠ແ͍ͨΊ૯౰Γ߈ܸͰҼ਺෼ղ͕ՄೳͰ͋ͬͨ
    ࢖༻ํ๏ͷ੍ݶ͕ͳ͍
    EKU(Extended Key Usage)֦ுʹΑΓ௨ৗɺূ໌ॻͷ࢖༻ํ๏͕ݶఆ͞
    Ε͍ͯΔ
    ࢖༻ํ๏͕ݶఆ͞Ε͍ͯͳ͍ͨΊɺίʔυॺ໊ͳͲʹ΋ར༻Ͱ͖ͨ
    ໰୊͕ൃݟ͞Εͨཧ༝͸ɺഁΒΕͨެ։伴͕Ϛϧ΢ΣΞͷॺ໊ʹѱ༻͞Εͨ
    ͨΊ
    ࣦޮ৘ใ͕ͳ͍ͨΊɺ࣮֬ʹࣦޮͰ͖ͳ͔ͬͨ
    ݁ہEntrustͱCyberTrust͕தؒCAΛࣦޮͤ͞ɺϒϥ΢βϕϯμʔ͕ϒϥοΫ
    Ϧετʹొ࿥͢Δߋ৽ΛϦϦʔε͢Δ͜ͱͰରԠ
    #4-9 க໋తͳ໰୊

    View full-size slide

  32. 2012೥5݄ʹ໠ҖΛฃͬͨϚϧ΢ΣΞ
    SQLiteͱLuaͰϏϧυ͞Εɺඇৗʹߴ͍৴པੑΛ࣋ͬ
    ͍ͯͨ
    1,000ͷγεςϜͰൃݟ͞Εͨඪతܕ߈ܸͰ͋ͬͨ
    2012೥5݄ʹΠϥϯͷCERT͕։ࣔ
    ։ࣔ௚ޙɺશΠϯελϯεΛফڈ͢ΔͨΊͷࣗಈফ໓
    ίϚϯυΛൃߦ
    #4-10 Flame

    View full-size slide

  33. Flame͸Windows Updateͷ࢓૊ΈΛѱ༻
    IEͷWPAD(Web Proxy Auto Discovery)Λ༻͍ͯɺLAN
    ಺ͷPCʹରͯ͠Windows UpdateαʔόͰ͋ΔΑ͏࠮শ
    LAN্ͷWindowsʹͨ΍͘͢఻೻Ͱ͖Δ
    Windows Update͸TLSΛ࢖༻͍ͯ͠ͳ͍͕ɺίʔυॺ໊
    ʹΑΓόΠφϦΛอޢ͍ͯͨ͠
    ԿΒ͔ͷܗͰWindows Updateͱͯ͠όΠφϦʹॺ໊
    #4-10-1 Windows UpdateʹΑΔ߈ܸ

    View full-size slide

  34. ϥΠηϯεೝূͷҝɺಛผͳCAূ໌ॻΛΞΫςΟϕʔγϣϯ࣌ʹड͚औΔ࢓૊Έ
    Λѱ༻
    ओཁͳTSͷCAূ໌ॻ͕Windows Updateͱಉ͡ϧʔτCA͔Βൃߦ͞Εͯ
    ͍ͨ
    ਌Ͱ͋ΔTSͷCAΛϥΠηϯεॲཧͱɺίʔυॺ໊ʹར༻Ͱ͖ͨʢཧ༝ෆ໌ʣ
    ԼҐCAͷEKUʹ͸੍ݶ͕ͳ͔ͬͨͷͰɺ਌ূ໌ॻͱಉ༷ʹ࢖༻Ͱ͖ͨ
    TS͝ͱʹແ੍ݶͷCAূ໌ॻ͕ൃߦ͞ΕɺϋοΩϯάͳ͠ʹWindows Update
    όΠφϦʹରͯ͠ίʔυॺ໊͕࣮ࢪͰ͖ͨ
    ޾͍ͳ͜ͱʹWindows VistaҎ߱Ͱ͸Hydraͱݺ͹ΕΔಠࣗͷX.509֦ுΛ
    ؚ·ͳ͍ূ໌ॻΛऔಘ͠ͳ͍ͱ߈ܸͰ͖ͳ͍
    #4-10-2 WindowsλʔϛφϧαʔϏε(TS)ʹର͢Δ߈ܸ

    View full-size slide

  35. TSͷCAূ໌ॻ͸MD5Ͱॺ໊͞Ε͍ͯͨ
    ͦͷҝRapidSSLͱಉ༷ʹબ୒ϓϨϑΟοΫεিಥ߈ܸ͕Մೳ
    ূ໌ॻൃߦ͸ࣗಈԽɻࣦޮ೔࣌ͱγϦΞϧ൪߸Ҏ֎ͷϑΟʔ
    ϧυ͸ೖखՄೳ
    ࣦޮ೔࣌͸༧ଌՄೳ͕ͩɺඵ୯ҐͰͷਖ਼͕֬͞ඞཁ
    γϦΞϧ൪߸͸࿈൪Ͱ͸ͳ͍͕ɺىಈ͔ͯ͠ΒͷϛϦඵͱ࿈
    ൪Ͱߏ੒͞Ε͍ͯͨ
    ߈ܸʹ͸ϛϦඵ୯ҐͰͷਫ਼౓͕ཁٻ͞Ε͕ͨɺ߈ܸ͸੒ޭ
    #4-10-3 MD5ͷѱ༻

    View full-size slide

  36. FlameͰ͸িಥϒϩοΫ͕4ͭ༻͍ΒΕ͍ͯͨ
    িಥϏοτ
    ਅਖ਼ͳূ໌ॻͷmodulusϑΟʔϧυͷRSA modulus
    ෆਖ਼ͳূ໌ॻͷissuerUniqueID
    ͜ΕΒΛ༻͍ͯࠩ෼ύεΛߏஙͨ͠
    จݙʹͳ͍બ୒ϓϨϑΟοΫεিಥ߈ܸͰ͋Γɺ৽छͷࠩ෼ύεߏங
    ΞϧΰϦζϜ͕બ୒͞Ε͍ͯͨ
    ߈ܸऀ͸ߴੑೳͳϋʔυ΢ΣΞɺ༗ೳͳΤϯδχΞɺੈքϨϕϧͷ҉߸ֶ
    ऀΛར༻Ͱ͖Δཱ৔Ͱ͋ͬͨ͜ͱ͸ؒҧ͍ͳ͍
    #4-10-3 Flameͷબ୒ϓϨϑΟοΫεিಥ߈ܸ

    View full-size slide

  37. 2012೥12݄ChromeͰHPKPʹҧ൓͢Δূ໌ॻΛൃݟ
    Google͸τϧίͷCAͰ͋Δ͜ͱΛಛఆ(TURKTRUST)
    γεςϜҠߦ࣌ʹޡͬͯԼҐCAূ໌ॻΛ2௨ൃߦ
    1௨͕EGOࣾͰ༻͍ΒΕɺMITMػೳΛ࣋ͭFWʹΠϯετʔϧ͞
    Εͨ
    ͦͷػث͕ԼҐCAΛར༻ͨ݁͠ՌɺGoogleͷূ໌ॻΫϩʔϯ
    ͕ੜ੒͞Εɺݕग़͞Εͨ
    γεςϜ؅ཧ্ͷϛεͱͯ͠ॲཧ͞Εͨ
    #4-11 TURKTRUST

    View full-size slide

  38. 2013೥12݄Google͕ϑϥϯεͷػ͔ؔΒൃߦ͞ΕͨԼҐCAΛഉআ
    ANSSIͷϧʔτCA΋.frυϝΠϯͷΈ৴པ͞ΕΔΑ͏ʹมߋ
    ཧ༝: ԼҐCA͕MITMػثͰ࢖༻͞Ε͍ͯͨͨΊ
    ݪҼ: ਓతͳϛεͱൃද͞Εͨ
    ANSSI͸CAͷӡ༻ʹ΋໰୊Λ๊͍͑ͯͨ
    ଟ͘ʹ͸ࣦޮ৘ใؚ͕·Ε͍ͯͳ͍
    ۭͷCRLʹಥવ਺ઍͷূ໌ॻ͕௥Ճ͞ΕΔͳͲෆ໌ྎ
    ANSSI͸Baseline Requirementʹ४ڌͰ͖Δ·Ͱ2೥͔͔Δͱൃද
    #4-12 ANSSI

    View full-size slide

  39. 2014೥7݄ɺ·ͨͯ͠΋Google͸ޡൃߦ͞Εͨূ໌ॻ
    Λݕ஌
    Πϯυ੓෎ͷೝূ؅ཧہ(CCA)͕ൃߦ͍ͯͨ͠
    ԼҐͷNICͷCA͕৵֐͞Ε͍ͯͨ
    தؒCA͸ࣦޮ͞Εͨ
    Chrome͸CCAͷϧʔτCA΋.inͷಛఆυϝΠϯͷΈ৴པ
    ͢ΔΑ͏ʹ੍ݶ
    #4-13 Πϯυ৘ใ޻ֶηϯλʔ

    View full-size slide

  40. PKIͷ࠷େͷڴҖ͸ɺ͸ͼ͜ΔTLS๣डͰ͋Δ
    ๣डऀͱͯ͠ڍ͛ΒΕΔͷ͸
    ϩʔΧϧʹΠϯετʔϧ͞Εͨιϑτ΢ΣΞ
    ैۀһ
    ISP
    ௨ৗ؍ଌ͢Δ͜ͱ͕೉͍͕͠ɺز͔ͭͷΠϯγσϯτ
    ͕ใࠂ͞Εɺ໰୊ͷෳࡶ͞ʹؾ෇͔͞ΕΔ
    #4-14 ޿ൣғʹٴͿTLS๣ड

    View full-size slide

  41. ChromeνʔϜ͸Gogo͕҉߸Խ͞ΕͨτϥϑΟοΫΛ͢
    ΂ͯ๣ड͍ͯ͠Δ͜ͱΛൃݟ
    ࣮ࡏ͢ΔWebαΠτͷ໊લΛ͚ͭͨෆਖ਼ͳূ໌ॻΛ͹Β
    ·͍͍ͯͨ
    ͳʹ͔߈ܸΛͨ͠Θ͚Ͱ͸ͳ͘ɺϢʔβʹূ໌ॻʹ͍ͭͯ
    ͷܯࠂΛΫϦοΫͤͯ͞ܧଓ͍ͯͨ͠
    Gogo͸ଳҬΛ੍ޚ͢ΔͨΊʹඞཁͩͬͨͱห໌͕ͨ͠ɺ
    ޙ೔๣डΛ׬શʹ΍Ίͨ
    #4-14-1 Gogo

    View full-size slide

  42. 2015೥12݄ Lenovo͕ग़ՙ͢Δ੡඼ͷҰ෦ʹSuperfishͱݺ͹Ε
    ΔϚϧ΢ΣΞΛϓϦΠϯετʔϧ͍ͯͨ͜͠ͱ͕൑໌
    HTTPSΛؚΊͨར༻ऀͷશτϥϑΟοΫΛ๣ड͍ͯͨ͠
    ূ໌ॻʹ͍ͭͯͷܯࠂΛճආ͢ΔͨΊʹɺϢʔβಉҙͳ͠ʹϧʔτ
    ূ໌ॻετΞʹSuperfishͷϧʔτূ໌ॻΛ௥Ճ͍ͯͨ͠
    τϥϑΟοΫ͸͢΂ͯϩʔΧϧͷϓϩηεʹϦμΠϨΫτ͞Εɺ޷
    ͖উखʹվม͍ͯͨ͠
    ϓϥΠϕʔτͳ৘ใ΍ػඍͳ৘ใ΋؂ࢹ͞Ε͍͕ͯͨɺҰ൪໰୊ͳ
    ͷ͸ద੾ʹ࣮૷͞Ε͍ͯͳ͔ͬͨ఺
    #4-14-2 Superfishes

    View full-size slide

  43. ຊདྷϢʔβ͝ͱʹCAΛੜ੒͠࢖༻͢΂͖
    SuperfishͰ͸ಉҰͷϧʔτCAΛར༻͍ͯͨ͠
    ϧʔτCAͷൿີ伴Λൈ͖ग़ͤͨϢʔβ͸ͦͷൿີ伴Λ༻͍ͯ߈ܸʹ࢖༻Ͱ
    ͖ͯ͠·͏
    ϓϩΩγͷTLS͕TLS 1.1͔͠αϙʔτ͍ͯ͠ͳ͔ͬͨͨΊɺࣄ্࣮Ϣʔβͷη
    ΩϡϦςΟΛμ΢ϯάϨʔυ͍ͯͨ͠
    MITM΍ࣗݾॺ໊ূ໌ॻΛݕग़͢Δ͜ͱ΋Ͱ͖ͳ͔ͬͨ
    ࣄ্࣮͢΂ͯͷWebαΠτΛ৴པͯ͠͠·͍ͬͯͨ͜ͱʹ౳͍͠
    HPKPͰ͸ϩʔΧϧͰ৴པ͞ΕͨϧʔτCAʹର߅͢Δ͜ͱ͕Ͱ͖ͳ͍
    #4-14-2 Superfishͷෆద੾ͳ࣮૷

    View full-size slide

  44. FacebookʹΑΔͱΧβϑελϯͰ͸4.5%ͷ
    Ϣʔβ͕SuperfishͷӨڹΛड͚͍ͯͨ
    Lenovo͸ͦͷޙMSͱڠྗͯ͠ෆཁͳϧʔτCA
    Λআڈ
    25ສ୆΋ͷPC͕Өڹ͞Ε͍ͯͨͱൃද
    SuperfishҎ֎ʹ΋ಉ༷ͷ੡඼͸ଟ਺͋Δ
    #4-14-2 ͦͷޙͷରԠ

    View full-size slide

  45. 2015೥3݄ CNNIC(தࠃωοτϫʔΫΠϯϑΥϝʔγϣϯηϯλʔ)͕
    MCSͱ͍͏اۀʹରͯ͠ࢼݧతͳதؒCAΛൃߦ
    MCS͸ΤδϓτͰূ໌ॻͷఏڙͱؔ࿈ࣄۀͷ։୓
    ࢼݧظؒதʹTLSͷಁաϓϩΩγʹΠϯϙʔτ͞Εɺ1௨ͷূ໌ॻ͕ޡͬ
    ͯൃߦ͞Εͨ
    Chrome͕ൃݟ͠ɺGoogleʹใࠂ͞Εͨ
    ݁Ռతʹແ੍ݶͰάϩʔόϧʹ༗ޮͳதؒCAূ໌ॻΛ؅ཧͰ͖ͳ͍૊৫
    ʹରͯ͠ূ໌ॻΛൃߦͨ͠੹೚ͱͯ͠Chrome, Mozilla͸CNNICূ໌
    ॻΛࣦޮͤͨ͞
    #4-15 CNNIC

    View full-size slide

  46. 2016೥10݄
    Mozilla͸WoSign͕SHA-1ʹΑΔূ໌ॻൃߦͷ
    ظݶͱͨ͠2016೥1݄1೔Ҏ߱ʹSHA-1ʹΑΔॺ
    ໊෇͖ূ໌ॻΛൃߦͨ͠ͱͯ͠WoSignΛࣦޮ
    ಉ࣌ʹWoSign͕StartSSLΛ׬શʹॴ༗͍ͯͨ͠
    ʹ΋ؔΘΒͣɺ։ࣔΛ͍ͯ͠ͳ͔ͬͨ͜ͱ͔Β
    StartSSL΋ࣦޮ
    ͦͷޙ: StartSSL

    View full-size slide

  47. ChromeνʔϜʹΑΔͱɺ2ϲ݄ؒʹ౉Γ30,000௨ͷূ໌
    ॻ͕ਖ਼͘͠ݕূ͞Εͣʹൃߦ͞Εͨͱใࠂ
    ஈ֊తʹ༗ޮظݶΛ୹ॖ͢Δ͜ͱɺEVূ໌ॻΛEVͱͯ͠औ
    ΓѻΘͳ͍ͱൃද
    5݄17೔࣌఺ͰGoogle͸2017೥8݄8೔·ͰʹSymantec
    ͕ൃߦͨ͠ূ໌ॻΛୈࡾऀʹΑΔCAͰ࠶ൃߦ͠௚͢Α͏ཁ
    ٻ͍ͯ͠Δ
    ݱࡏ΋΍ΓऔΓ͸ଓ͍͍ͯΔɻɻɻ
    2017೥Symantec

    View full-size slide