IoTセキュリティって特別なの?(仮)/OWASP_Kansai_20180218-01

341ac9f717b3904d6674784c0fcd9cf2?s=47 OWASP Kansai
February 18, 2018

 IoTセキュリティって特別なの?(仮)/OWASP_Kansai_20180218-01

「OWASP Kansai x IoTSecJP ~今こそ語り合おうIoTセキュリティ~」にて 日本ネットワークセキュリティ協会 IoT Security WG リーダー /株式会社カスペルスキー 松岡 正人さんより発表頂いたプレゼンテーションです。

341ac9f717b3904d6674784c0fcd9cf2?s=128

OWASP Kansai

February 18, 2018
Tweet

Transcript

  1. A NO J A G I

  2. 2

  3. 2 NIST SP-800

  4. I :: 3 : 1 3: 30/ . -08 0.

    83: 3 : 3 3:3 :3 0 3 :
  5. 2 NIST SP-800

  6. I :: : 16 : 0/ . -08 0. 8

    : : : : 0 6:
  7. '  &"!%  JIS X 25010  $&&" #

  8. E IOT C A IOT C A IoT A GI

    J
  9. 4 3. 1 . 3 1 . . /4 3

    J 1 . . /4 . 43 ? . . .3 23 4 WN J C
  10.       G I  

    
  11. 4 3. 1 . 3 1 . . /4 3

    C 1 . . /4 . 43 ? . . .3 23 4 NJ W
  12. QFA M e Nn o CG T E / S

    e M R XG T E / S CG T E 2 / // / N e IVBPXG G T E // POIF M I I / I Q CG C e N       
  13. - -

  14. /. ---

  15. /. ---

  16. /. ---

  17. /. ---

  18. 4 3. 1 . 3 1 . . /4 3

    C 1 . . /4 . 43 ? . . .3 23 4 NJ W
  19. * 5 18.421 22.445 28.749 131.725 30.32 37.5 48.805 250.066

    0 50 100 150 200 250 300 2013 2014 2015 2020 Automotive Generic Business Vertical Business Consumer Total * 794/7 5: 199 0 794/7 5 4/ 755 2. 4 2 1 0
  20. I I 22.77 30.23 40.24 135.09 38.07 49.03 63.92 207.97

    0 50 100 150 200 250 2014 2015 2016 2020 Cross-Industry Vertical Business Consumer Total * 7 /7 5: 1 6 0 7 /7 53 / 7553 2. * 1 5 * 2 025 7*
  21. /E * I • M S • • • y

    • R g • gM G • gMb • ns • ns • A e g N • M • a S • • M • g c M • ns • p • M Sa • ns • • M S fPT • nso • e O a S • - • yr • • M • • M S • PT • ns R • g Si g T - PS
  22. 4 3. 1 . 3 1 . . /4 3

    C 1 . . /4 . 43 ? . . .3 23 4 NJ W
  23. 

  24.  117  "    #  #$%!

    Copyright,(c),201532016,,,NPO    #$      94 WiFi LAN USB HDMI    Copyright8(c)82015@2016888NPO     102 USB Wi)Fi+/+Bluetooth      Wi)Fi Copyright+(c)+2015)2016+++NPO    110 WiFi  LAN      NAS  SD     Copyright3(c)3201592016333NPO' &)!#$"(% 
  25. y % -A&=;.98>; 95 !3673)27# 44"165:@<; # ' ,? 

    *    .+$ (/0?  b b o b A LOY S AN y O A AT OA AT • u A N L N • k N L L • e L L • u • e L • N u AN L N N • o L D • k N N N N • N e b N • O A O • O k b F O Y k b O LOY S b O A b O b O • u A N L N • • N O • y I N Y LA A N • N p • p L k N L L • p • p L k N L L • o L D • k N N N N • N N N • N e b N • O A O • O k Copyright,(c),201532016,,,NPO    N / a i ( 2?/0 0$ 96 #589 5+49& !66%387:><; & ) .=  ,   "0-' *12=  • FN o / r e or I / i A N • A • • / a i / N / / • / a i / N / / • / a i / N / / • • N /i /i • N I N A • • N / a i / N / / • N / a i / N / / • N / a i / N / / • • I I al w N • r / / A N I A N • r ar • • I / T r • / / • rar I A • • o / r A • • ra r I Copyright-(c)-201542016---NPO    e l +3A2" 97 '7:; 7.6;) %88(5:9<@>= ) , "1?   /" # $! &20*  -34? • erD D • e l D D • • w • • • e • • • D • e • • • ia l • D D • e D • I D D er • I D l D • • w • • • D • l T • T Fo T • D • D • ia l • D D • e D Copyright-(c)-201552016---NPO    A iw )4@* 1#1DoS 98 %69: 6-5:' "77&498;?=< ' + 0>   . ! $1/( ,23> • C S TF / i A • rl a T C • rl a I I • • S rl a I C • I iI • • I iI • F • C • e S C • F F AD • ( I C I C R • • I iI • • I iI • F • C • e S C /) • R N TF i S i C • / o iS i e AD • • I iI • • I iI • F • Copyright/(c)/201572016///NPO    / '5GA?>D<0B:E(,F 99 #589 5+49% !66$387;D@= % ) /C   -   "0.& *12C oe / • N I oe / F N a F • T oe / • • ie / l a A • o/ / / A • o/ / / A • / /F • • o/ / / A • Tlr /a A • • I • F A • o/ / / A • o/ / / A • o/ / / A • o/ / / A • F w F • w F Copyright,(c),201532016,,,NPO    /// .
  26.  IOT=  IoT=Industrial IoT 

  27.  Industrial Internet Consortium

  28. 2 * 20 2* 0 2 * 2 0 2

  29. a e S TY BDH d E NOH LGAI R

    3 : 2 P LC D
  30. : C BD A E : : : : :

    :
  31. 1 . 5CAB :2 . B B A B:C :A

    2 32 3 AC B 5 2 : 2B: B 2B B A B 244 2B 5 EB B . 5CAB :2 . B B 1 : A 3G 4 5: 2B: 4 AGAB : :B:2B: A B A 4C G 4 4B 4 B 2 5 : B 2B 2AA BA 2 5 AGAB A 2AA BA E:B 4 AA A 2 5 52B2 CA: 4 2 4 :B 4BC A : B 23: :BG 2 5 AB2 52 5A B 5 : B 2 A 2B: 2 3CA: AA 2 5 A 4: B2 CB4 A 24 AA : 5CAB : A 2 5 C3 :4 : 2AB C4BC 2C 4 5 : 02 4 & 3G : C 5: 3 A 1 1 :A4 2 , 4B :4 . 0 . B 1 .. :A 2 CB 2 IA2 53 E : 5CAB G 2425 :2 2 5 B B B 4 23 2B : 2B 2 5 23 f ig f aM c h b di e l f LT L T . 5CAB :2 . B B A B:C
  32. • OMPRNQ C D F D E DE /E D

    D E D D AA D C ) () ) D D D F D I • UT ) ECD ) D D E D ( ) ECD ) D D D DE I *http://www.iiconsortium.org/test-beds.htm ) & ) ) - - ) L S
  33. sa i & 1 i o e o RS C

    Co P o n E AB K E M oi C o C c ri M C oidhE BS E o Pe * http://www.iiconsortium.org/track-and-trace.htm S T
  34. z v C AD I N& A C E B

    CCN&D 2 KEDG N& 2 C H GE A HGDB G DCN DN CG AN A EN- A GDN - - N/ G DC A C GEHB CG N AMN2 C A GEDC N - N N8 A CK P i g e hg a V O a cu s n d cu s n W Nlkm wW O c g W X gcW /O d G EC G E A C G DE R S UT /coy s e TgO * http://www.iiconsortium.org/time-sensitive-networks.htm / / 02- / r sx t
  35. Y o eh m n CI H m l ai

    H AE Q T QANYL u ci CFG r * http://www.iiconsortium.org/manufacturing-quality-management.htm MQU R
  36.  http://www.iiconsortium.org/IISF.htm

  37. vR I PWHY . . . . . .. E

    PRM. K GM LBPB T KGYO PO R edE MSP AW icE PRM UaTY NBCrMsn tgB MS R uPO
  38. / . / . , , , . / .

    , . , ,. . ,. , / , , , / , ,. / , / t TH O hnUhnU g u fE aceUp oT O OUs S aceU Ti Oly aceUv k UdEbIr N è x TmW t vIRU S T O k
  39. CI M FME T CI L S Y S L

  40. A ü O L N ü O E ü U

    I P H ü O RT I SH
  41. / / LU SIUP F EDFBA C / CR H

    N OT V CY
  42. 0 4 4.0 .

  43.  ',*+ 2017/7/18-23 ! # "$ )  %.-(& Oleg

    Bocharov ”4.0RU”  *https://www.vesti.ru/doc.html?id=2912970
  44. N 4 4 2017 7 “INNOPROM” E S MS-21 ND

    ”4.0RU” D MS-21 U .D DU 0 SIEMENS U R I STAN ITALMA Kaspersky T *https://www.vesti.ru/doc.html?id=2912970
  45. &( <46: "/, $) 8;'*2? 3<4!%0 8;.>+5&( # 91 $)-=@

    7 *https://www.vesti.ru/doc.html?id=2912970
  46. 0 D . INDUSTRIE4.04 U S N E 4 I

    RT *https://ostexperte.de/innoprom-2017-industrie
  47. ITOTICSEmbedded system     

  48. n eS T f T f T f a o

    r s t h I
  49. .