Slide 1

Slide 1 text

"84,.4ͷ &ODSZQUJPO$POUFYUΛར༻ͯ͠ ΑΓ҆શʹ҉߸Խ͢Δ (JU)VC!RVJWFS

Slide 2

Slide 2 text

͓఻͍͑ͨ͜͠ͱ "84,.4Ͱ҉߸Խ͢Δͱ͖ʹ &ODSZQUJPO$POUFYUΛ࢖͏ͱ
 ʮൿಗʯʮ׬શʯʮೝূʯΛಉ࣌ʹ
 ຬͨ͢ೝূ෇͖҉߸ʹͳΔΑɻ
 ੵۃతʹ࢖͓͏

Slide 3

Slide 3 text

ೝূ෇͖҉߸ͱ͸

Slide 4

Slide 4 text

ೝূ෇͖҉߸ͱ͸ lೝূ෇͖҉߸ʢAE:Authenticated Encryption͋Δ͍͸AEAD:Authenticated Encryption with Associated Data ͱ͸ɺ σʔλͷൿಗੑɺ׬શੑɺ͓ΑͼೝূੑΛಉ࣌ʹ ఏڙ͢Δ҉߸ར༻ϞʔυͰ͋Δɻz IUUQTKBXJLJQFEJBPSHXJLJ&""%&"#$&##&%&"&'# ࣮ଶ͸ର৅҉߸ ൿಗੑ ͱϝοηʔδೝূίʔυ ׬શੑೝূੑ ͷ߹Θٕͤ

Slide 5

Slide 5 text

ೝূ෇͖҉߸ͱ͸ lೝূ෇͖҉߸ʢAE:Authenticated Encryption͋Δ͍͸AEAD:Authenticated Encryption with Associated Data ͱ͸ɺ σʔλͷൿಗੑɺ׬શੑɺ͓ΑͼೝূੑΛಉ࣌ʹ ఏڙ͢Δ҉߸ར༻ϞʔυͰ͋Δɻz IUUQTKBXJLJQFEJBPSHXJLJ&""%&"#$&##&%&"&'# ࣮ଶ͸ର৅҉߸ ൿಗੑ ͱϝοηʔδೝূίʔυ ׬શੑೝূੑ ͷ߹Θٕͤ

Slide 6

Slide 6 text

༻ޠઆ໌ w ൿಗੑ Confidentiality w ୈࡾऀͷ౪ௌΛ๷͙ɻผ໊ʮػີੑʯ w ׬શੑ Integrity w σʔλ͕ਖ਼ਅਖ਼໏ຊ෺ɻվ͟ΜΛ๷͙ɻผ໊ʮਖ਼ਅੑʯ w ೝূੑ Authenticity w ຊਓͰ͋Δ͜ͱΛ֬ೝɻͳΓ͢·͠Λ๷͙ɻ

Slide 7

Slide 7 text

"84,.4Ͱ ೝূ෇͖҉߸Λ࢖͏

Slide 8

Slide 8 text

ݩωλ ʰ"844PMVUJPOT"SDIJUFDUϒϩά
 "84,FZ.BOBHFNFOU4FSWJDFͱ &ODSZQUJPO$POUFYUΛར༻ͯ͠҉߸Խ
 σʔλͷ׬શੑΛอޢ͢Δํ๏ʱ IUUQBXTUZQFQBEDPNTBKQIPXUPQSPUFDUUIFJOUFHSJUZPGZPVSFODSZQUFEEBUBCZVTJOHBXTLFZNBOBHFNFOUIUNM

Slide 9

Slide 9 text

"84,.4ͱ͸ w σʔλͷ҉߸Խʹ࢖༻͞ΕΔ҉߸ԽΩʔͷ࡞੒ͱ؅ ཧΛ༰қʹ͢ΔϚωʔδυܕαʔϏε w "84,.4͕؅ཧ͢Δڞ௨伴Λ࢖ͬͯσʔλͷ҉߸ɾ ෮߸͕Ͱ͖Δ w ৄ͘͠͸ˠIUUQTBXTBNB[PODPNLNT

Slide 10

Slide 10 text

Α͋͘ΔΞϓϦέʔγϣϯ w σʔλϕʔεʹ҉߸Խͨ͠σʔλΛอଘ w σʔλͷ҉߸ɾ෮߸ʹ͸"84,.4Λ࢖͏

Slide 11

Slide 11 text

φΠʔϒ࣮૷

Slide 12

Slide 12 text

΍ͬͯΈͨ w ಉ͡伴Λ࢖ͬͯkms::EncryptͰ҉߸Խ # Encrypt ciphertext = kms.encrypt( KeyId = KEYID, Plaintext = plaintext)['CiphertextBlob'] # Decrypt decrypted = kms.decrypt( CiphertextBlob = ciphertext)['Plaintext']

Slide 13

Slide 13 text

҉߸෮߸ͷྲྀΕ

Slide 14

Slide 14 text

σʔλ͕ॻ͖׵͑ΒΕͨΒʁ

Slide 15

Slide 15 text

໰୊఺ w 伴͕ಉ͡ͳͷͰ෮߸Մೳ w ରশ伴҉߸୯ମͰ͸σʔλ͕ॻ͖׵Θ͍ͬͯΔ͜ͱ վ͟Μ ʹؾ͔ͮͳ͍ˠ*OUFHSJUZ ׬શੑ Λຬͨͤ ͯͳ͍

Slide 16

Slide 16 text

&ODSZQUJPO$POUFYU Ͱվ͟Μ๷ࢭ࣮ͨ͠૷

Slide 17

Slide 17 text

&ODSZQUJPO$POUFYUͱ͸ w ҉߸ɾ෮߸࣌ʹ౉͢ΩʔɾόϦϡʔϖΞ w "EEJUJPOBM"VUIFOUJDBUFE%BUB ""% ͱͯ͠ ϝοηʔδೝূίʔυ ."$ ͷੜ੒ʹར༻ w ."$͸ʮ׬શੑʯͱʮೝূੑʯΛอূ w &ODSZQUJPO$POUFYU͸ೝূ͖ͭ҉߸ͷ,.4࣮૷ IUUQEPDTBXTBNB[PODPNLNTMBUFTUEFWFMPQFSHVJEFDSZQUP@BVUIFOIUNM
 IUUQEPDTBXTBNB[PODPNLNTMBUFTUEFWFMPQFSHVJEFFODSZQUJPODPOUFYUIUNM

Slide 18

Slide 18 text

΍ͬͯΈͨ w ҉߸࣌ʹEncryptionContextΛ౉͢ # Encrypt ciphertext = kms.encrypt( KeyId = KEYID, EncryptionContext={'user': '1234'}, Plaintext = plaintext)['CiphertextBlob'] # Decrypt decrypted = kms.decrypt( EncryptionContext={'user': '1234'}, CiphertextBlob = ciphertext)['Plaintext']

Slide 19

Slide 19 text

σʔλ͕ॻ͖׵͑ΒΕͨΒ w &ODSZQUJPO$POUFYU 㲈."$஋ ͕Ұக͠ͳ͚Ε͹ InvalidCiphertextException͕ൃੜ # Decrypt decrypted = kms.decrypt( EncryptionContext={'user': '1235'}, CiphertextBlob = ciphertext)[‘Plaintext'] ⇒ {"__type":"InvalidCiphertextException"}

Slide 20

Slide 20 text

&ODSZQUJPO$POUFYUͷ஫ҙ఺ w &ODSZQUJPO$POUFYU͸҉߸Խ͞Εͳ͍ w ηϯγςΟϒͳσʔλ͸ར༻͠ͳ͍ w $MPVE5SBJMͷϩάΛ༗ޮʹ͍ͯ͠ΔͱɺฏจͰ4 ʹอଘ͞ΕΔ w ϢʔβʔσʔλͰ͋Ε͹Ϣʔβʔ*%ͷΑ͏ʹσʔλ ʹඥ෇͍ͨ৘ใΛར༻͢Δ

Slide 21

Slide 21 text

"84ͷར༻ྫ w "84αʔϏεͷ,.4αʔόʔαΠυ҉߸Ͱ͸ &ODSZQUJPO$POUFYUΛ׆༻ "844FSWJDF &ODSZQUJPO$POUFYU "encryptionContext": { "aws:ebs:id": "vol-2cfb133e" } 4 "encryptionContext": { "aws:s3:arn": "arn:aws:s3:::bucket_name/file_name"}

Slide 22

Slide 22 text

·ͱΊ

Slide 23

Slide 23 text

͓఻͍͑ͨ͜͠ͱ "84,.4Ͱ҉߸Խ͢Δͱ͖ʹ &ODSZQUJPO$POUFYUΛ࢖͏ͱ
 ʮൿಗʯʮ׬શʯʮೝূʯΛಉ࣌ʹ
 ຬͨ͢ೝূ෇͖҉߸ʹͳΔΑɻ
 ੵۃతʹ࢖͓͏