Slide 1
Slide 1 text
PKIʹର͢Δ߈ܸ (ୈ4ষ)
ϓϩϑΣογϣφϧSSL/TLSษڧձ
2017/6/23
Hirotaka Nakajima (@nunnun)
Slide 2
Slide 2 text
ͳ͔͡· ͻΖ͔ͨ
@nunnun
ܚጯٛक़ ΠϯϑΥϝʔγϣϯςΫϊϩδʔηϯλʔຊ෦
ܚጯٛक़େֶେֶӃࡦɾϝσΟΞݚڀՊത࢜՝ఔ
ISOC Japan Chapter
https://about.me/nunnun
ࣗݾհ
Slide 3
Slide 3 text
PKIͷӡ༻ํ๏ʹ͕ܽؕଘࡏ
ੑળઆʹج͍͍ͮͯΔ
ϧʔτCAΛ৵͢ΕɺͲΜͳWebα
Πτͷূ໌ॻൃߦՄೳͱͳͬͯ͠·͏
͜ͷষͰաڈͷ߈ܸʹ͍ͭͯղઆ
#4 PKIʹର͢Δ߈ܸ
Slide 4
Slide 4 text
20011݄ʹൃੜ
߈ܸऀVerisign͔Β
Microsoft Corporationͱ͍͏
໊લͷίʔυॺ໊ূ໌ॻΛൃߦ͢
Δ͜ͱʹޭ
#4-1 VerisignͷMSίʔυূ໌ॻ
Slide 5
Slide 5 text
Verisignূ໌ॻΛࣦޮ
ূ໌ॻʹCRLϙΠϯτ͕ະࢦఆ
OS͕ূ໌ॻͷࣦޮΛݕূͰ͖ͳ͍
ͷূ໌ॻΛϒϥοΫϦετʹೖΕΔ
OSύονΛϦϦʔε͢Δ͜ͱͰରԠ
#4-1 VerisignͷMSίʔυূ໌ॻ
Slide 6
Slide 6 text
2008, Mike Zusman͕Thawteͷূ໌ॻݕূॲཧͷෆඋΛൃ
ݟ
ThawteυϝΠϯݕূʹϝʔϧΞυϨεΛ༻͍ͯͨ͠
live.com ΞυϨε୭ͰऔಘՄೳ
υϝΠϯݕূʹ༻ՄೳͳϝʔϧΞυϨε͕ଟذʹΘ͍ͨͬͯͨ
sslcertifi[email protected] औಘՄೳͰ͋ͬͨ
20088݄ʹެ։ɺCAͷ໊લͦͷͷʹެ։
ಉ༷ͷ߈ܸ͕2015ʹlive.fiͰߦΘΕͯ͠·ͬͨ
#4-2 Thawte, login.live.com
Slide 7
Slide 7 text
200812݄, Mike Zusman͕
StartComͷυϝΠϯ໊ݕূͷܽؕΛൃݟ
͋ΒΏΔυϝΠϯ໊ͷঝೝ͕ՄೳͰ͋ͬͨ
ϒϥοΫϦετʹొ͞ΕͨυϝΠϯΛ
༻͍ͯͨͨ͠Ίɺ߈ܸ͙͢ʹൃݟ͞Εͨ
#4-3 StartCom
Slide 8
Slide 8 text
#4-3ͷ߈ܸͷޙɺStartComͷEddy Nigg͕ଞ
ࣾͰಉ༷ͷΛൃݟ
ComodoͷύʔτφʔCertStar͕υϝΠϯ໊Λ
·ͬͨ͘ݕূͤͣʹূ໌ॻൃߦΛ͍ͯ͠Δ͜ͱΛ
ൃݟ
ComodoEddy͕ൃͨ͠ূ໌ॻΛؚΊ11௨
ͷূ໌ॻΛࣦޮͤͨ͞
#4-4 CertStart(Comodo)ͷMozillaূ໌ॻ
Slide 9
Slide 9 text
2008ʹMD5ͷબϓϨϑΟοΫεি
ಥ߈ܸʹΑΓِCAূ໌ॻΛRapidSSL
͔Βऔಘͨ͠
2004ʹMD5͕ഁΒΕ͔ͯΒົʹ
ͳ͍͕ͬͯͨɺ͜ͷ߈ܸ͕࠷ޙͷҰܸͱ
ͳͬͨ
#4-5 ِRapidSSLূ໌ॻ
Slide 10
Slide 10 text
1991: MD5͕ੜ
1991ʙ1996: MD5ͷऑΛࣔ͢ஹީ͕֬ೝ͞Εͨ
2004: ࠷ॳͷিಥͷ࣮ྫ͕ࣔ͞ΕΔɻ߈ܸݱ࣮తͰͳ͔ͬͨ
2005: ҟͳΔ2௨ͷূ໌ॻ͕ಉ͡MD5 HashΛ࣋ͭ͜ͱ͕ࣔ͞Εͨɻ͜ͷ࣌
ͰRSA伴ۭؒҟͳΔ͕ɺଞͷใಉҰͰ͋ͬͨ
2006: બϓϨϑΟοΫεিಥ߈ܸʹΑͬͯɺಉ͡MD5 HashΛ࣋ͭɺҟͳ
Δূ໌ॻ2௨ͷੜʹޭɻ͜ͷ࣌ͰMD5͕༗ҙͳ߈ܸʹ੬ऑͱͳΔ
2008: MD5ͷিಥʹΑͬͯѱ࣭ͳِCAূ໌ॻͷऔಘʹޭͨ͠
2012: MD5িಥΛ༻͍ͯMicrosoft CAΛِ͠ίʔυॺ໊Λճආ͢Δ߈ܸ
MD5ͱPKIʹର͢Δ߈ܸͷྺ࢙
Slide 11
Slide 11 text
ಉ͡MD5ͷॺ໊Λ࣋ͭ2ͭจॻΛ࡞Γग़͢͜ͱ
σδλϧॺ໊ͰσʔλͦͷͷͰͳ͘ɺϋο
γϡʹରͯ͠ॺ໊Λ࣮ࢪ͢Δ
ಉ͡MD5ϋογϡΛ࣋ͭ2ͭͷυΩϡϝϯτΛߏ
Ͱ͖ΕɺCAʹਅਖ਼ͳυΩϡϝϯτΛॺ໊ͯ͠Β
͏
ِͨ͠υΩϡϝϯτʹॺ໊Λࠩ͠ࠐΉ͜ͱͰޭ
#4-5-1 σδλϧॺ໊ʹର͢Δ߈ܸඪ
Slide 12
Slide 12 text
௨ৗCAʹূ໌ॻΛૹͯ͠ॺ໊ͯ͠Β͑
ͳ͍
ূ໌ॻCSRΛ༻͍ͯCA͕ੜ͢Δ
CSRʹެ։伴υϝΠϯؚ໊͕·ΕΔ
લड़ͷυΩϡϝϯτʹର͢Δ߈ܸΑΓқ
্͕Δ͕ෆՄೳͰͳ͍
#4-5-1 ূ໌ॻʹର͢Δ߈ܸ
Slide 13
Slide 13 text
িಥϒϩοΫ(collision block)
ϋογϡؔΛٗ͘2ͭͷσʔλ
2ͭͷσʔλ͕ಉ͡ϋογϡΛऔΔ
িಥϒϩοΫ͕ɺਅਖ਼ͳจॻͱِจ
ॻͷࠩҟΛϋογϡؔతʹଧͪফ͢
#4-5-1 িಥϒϩοΫ
Slide 14
Slide 14 text
݅
ਅਖ਼ͳจॻͷઌ಄෦Λ͍ͬͯΔ͜ͱ(બϓ
ϨϑΟοΫε)
ਅਖ਼ͳจॻதʹিಥϒϩοΫΛஔͰ͖Δ͜ͱ
িಥϒϩοΫΛจॻඌʹஔ͢Δ͜ͱ࣮࣭త
ʹͰ͖ͳ͍ͨΊɺϑΝΠϧඌਅਖ਼ͳจॻɾ
ِจॻͦΕͧΕಉҰʹ͢Δ
#4-5-1 બϓϨϑΟοΫεিಥ߈ܸ
Slide 15
Slide 15 text
ূ໌ॻCSRΛجʹCA͕࡞͢Δ
ূ໌ॻͷߏX.509v3༷Ͱఆ·Δ
߈ܸऀߏΛ༧ଌՄೳ
࠷ऴతͳূ໌ॻCSR͔Βίϐʔ͞ΕΔ෦͕͋Δɻ(e.g. ެ։伴)
ެ։伴ϥϯμϜͰͳ͚ΕͳΒͳ͍͕ɺϥϯμϜʹݟ͑Εܯ
ռ͞Εͳ͍
CA͕Ճ͢Δใͷଘࡏ(ূ໌ॻͷࣦޮ࣌ؒ)
߈ܸऀӨڹٴ΅ͤͳ͍͕ɺਪଌՄೳͰ͋Δ
#4-5-2 ূ໌ॻͷ੍
Slide 16
Slide 16 text
બϓϨϑΟοΫε
ެ։伴ΑΓલʹؚ·ΕΔͯ͢ͷϑΟʔϧυ
ຆͲͷใط
ূ໌ॻͷγϦΞϧ൪߸ͱࣦޮ࣌߈ܸऀʹະ
িಥϒϩοΫ
ެ։伴
αϑΟοΫε
X.509ͷ֦ு͔Βߏ͞ΕΔͨΊɺࣄલʹ༧ଌՄೳ
#4-5-2 બϓϨϑΟοΫεিಥ߈ܸ
Slide 17
Slide 17 text
1. CAͰੜ͞ΕΔূ໌ॻͷϓϨϑΟοΫεΛܾఆ
͠ɺCSRͷϑΟʔϧυΛఆΊΔ
2. ෆਖ਼ͳূ໌ॻʹඞཁͳϓϨϑΟοΫεΛߏ
3. ূ໌ॻͷαϑΟοΫεΛܾΊΔ
4. 1ʙ3ͷσʔλΛ༻͍ͯɺিಥϒϩοΫΛߏ͢
Δ
5. CSRΛΈཱͯCAʹૹ͢Δ
6. ِϓϨϑΟοΫεɺ2ͭͷিಥϒϩοΫɺ
αϑΟοΫεɺຊͷূ໌ॻ͔ΒऔΓग़ͨ͠ॺ
໊Λ༻͍ͯɺِূ໌ॻΛΈཱͯΔ
#4-5-2 ߈ܸϓϩηε
90 ୈ4 ষ PKIʹର͢Δ߈ܸ
4 0
64
128
192
256
320
384
448
576
640
704
768
832
896
927
9
14
29
31
44
74
121
153
157
170
245
266
317
366
441
445
460
474
730
735
741
757
788
849
882
913
4
9
12
27
29
42
72
119
151
153
213
216
231
238
370
375
379
396
413
444
477
512
500
όʔδϣϯ“3” όʔδϣϯ
“3”
γϦΞϧ൪߸
“643015”
γϦΞϧ൪߸
“65”
ϔομ
ॺ໊ΞϧΰϦζϜ“MD5 with RSA” ॺ໊ΞϧΰϦζϜ“MD5 with RSA”
ެ։ݤΞϧΰϦζϜ“MD5 with RSA”
ϔομ
Ϟδϡ
ϥ
ε
ʢ1024Ϗο
τʣ
ࠃ“US” ࠃ“US”
ࠃ“US”
“i.broke.the.internet.and
.all.i.got.was.this
.t-shirt.phreedom.org”
“i.broke.the.internet.and
.all.i.got.was.this
.t-shirt.phreedom.org”
༗ޮੑ“from 3 Nov. 2008 7:52:02
to 4 Nov. 2009 7:52:02”
༗ޮੑ“from 31 Jul. 2004 0:00:00
to 2 Sep. 2004 0:00:00”
“Equifax Secure Inc.” “Equifax Secure Inc.”
“Equifax Secure Global
eBusiness CA-1”
“Equifax Secure Global
eBusiness CA-1”
“See www.rapidssl.com/
resources/cps (c)08”
“Domain Control Validated
- RapidSSL(R)”
৫ ৫
৫
෦
෦
෦
Ұൠ໊
Ұൠ໊
Ұൠ໊
Ұൠ໊
“GT11029001”
“MD5 Collisions Inc.
(http://www.phreedom.org/md5)”
BAA659C92C28D62A B0F8ED9F46A4A437
EE0E196859D1B303 9951D6169A5E376B
15E00E4BF58464F8 A3DB416F35D59B15
1FDBC43852708197 5E8FA0B5F77E39F0
32AC1EAD44D2B3FA 48C3CE919BECF49C
7CE15AF5C8376B9A 83DEE7CA20973142
73159168F488AFF9 2828C5E90F73B017
4B134C9975D044E6 7E086C1AF24F1B41
҉߸Խࢦ
“65537”
҉߸Խࢦ
“65537”
ݤ༻్“…”
ݤ༻్“…”
ൃߦઌݤࣝผࢠ“…”
ൃߦઌݤࣝผࢠ“…”
$3-“…”
ػؔݤࣝผࢠ“…”
ػؔݤࣝผࢠ“…”
ݤ֦ு༻్“…”
جຊ੍“CA=TRUE”
جຊ੍“CA=FALSE”
ϒϩοΫ2
ϒϩοΫ1
ϒϩοΫ3
ϒϩοΫ4
ϒϩοΫ5
ϒϩοΫ6
ϒϩοΫ7
ϒϩοΫ8
ϒϩοΫ9
ϒϩοΫ10
ϒϩοΫ11
ϒϩοΫ12
ϒϩοΫ13
ϒϩοΫ14
ϒϩοΫ15
0692F14F45BED930 36A32B8CD677AE35
637F4E4C9A934836 D99F
ެ։ݤΞϧΰϦζϜ“RSA”
ϔομ
ϔομ
ੜϏο
τ
ʢʣ
΄΅িಥ͢ΔͭΊͷϒϩοΫ
΄΅িಥ͢Δ ͭΊͷϒϩοΫ
΄΅িಥ͢Δ ͭΊͷϒϩοΫ
ಉҰ
ಉҰ
ಉҰ
ಉҰ
ಉҰ
Ϟδϡ
ϥ
ε
ʢ2048Ϗο
τʣ
A721028DD10EA280 7725FD4360158FEC
EF9047D484421526 111CCDC23C1029A9
B6DFAB577591DAE5 2BB390451C306356
3F8AD950FAED586C C065AC6657DE1CC6
763BF5000E8E45CE 7F4C90EC2BC6CDB3
B48F62D0FEB7C526 7244EDF6985BAECB
D195F5DA08BE6846 B175C8EC1D8F1E7A
94F1AA5378A245AE 54EAD19E74C87667
A721028DD10EA280 7725FD4360158FEC
EF9047D484421526 111CCDC23C1029A9
B6DFAB577591DAE5 2BB390451C306356
3F8AD950FAED586C C065AC6657DE1CC6
763BF5000E8E45CE 7F4C90EC2BC6CDB3
B48F62D0FEB7C526 7244EDF6985BAECB
D195F5DA08BE6846 B175C8EC1D8F1E7A
94F1AA5378A245AE 54EAD19E74C87667
A3C5450B36BB01D1 53AAC3088F6FF84F
3E87874411DC60E0 DF9255F9B8731B54
93C59FD046C460B6 3562CDB9AF1CA869
1AC95B3C9637C0ED 67EFBBFEC08B9C50
2F29BD83229E8E08 FAAC1370A2587F62
628A11F789F6DFB6 67597316FB63168A
B49138CE2EF5B6BE 4CA49449E465110A
4215C9C130E269D5 457DA526BBB961EC
6264F039E1E7BC68 D850519E1D60D3D1
A3A70AF80320A170 011791364F027031
8683DDF70FD8071D 11B31304A5DCF0AE
50B1280E63692A0C 826F8F4733DF6CA2
0692F14F45BED930 36A32B8CD677AE35
637F4E4C9A934836 D99F0203010001A3
81BD3081BA300E06 03551D0F0101FF04
04030204F0301D06 03551D0E04160414
CDA683FAA56037F7 96371729DE4178F1
878955E7303B0603 551D1F0434303230
30A02EA02C862A68 7474703A2F2F6372
6C2E67656F747275 73742E636F6D2F63
726C732F676C6F62 616C6361312E6372
6C301F0603551D23 041830168014BEA8
A07472506B44B7C9 23D8FBA8FFB3576B
686C301D0603551D 250416301406082B
0601050507030106 082B060105050703
02300C0603551D13 0101FF04023000
ॺ໊ΞϧΰϦζϜ“MD5 with RSA”
ॺ໊ΞϧΰϦζϜ“MD5 with RSA”
ॺ໊
ॺ໊
जᙾ
ʢ/FUTDBQF
ίϝϯ
τʣ
B2D3 2581AA28E878B1E5
0AD53C0F36576EA9 5F06410E6BB4CB07
17000000 5BFD6B1C7B9CE8A9
A3C5450B36BB01D1 53AAC3088F6FF84F
3E87874411DC60E0 DF9255F9B8731B54
93C59FD046C460B6 3562CDB9AF1CA86B
1AC95B3C9637C0ED 67EFBBFEC08B9C50
33000000 275E39E089610F4E
2F29BD83229E8E08 FAAC1370A2587F62
628A11F789F6DFB6 67597316FB63168A
B49138CE2EF5B6BE 4CA49449E465510A
4215C9C130E269D5 457DA526BBB961EC
6264F039E1E7BC68 D850519E1D60D3D1
A3A70AF80320A170 011791364F027031
8683DDF70FD8071D 11B31304A5DAF0AE
50B1280E63692A0C 826F8F4733DF6CA2
ϔομ
ൃ
ߦ
ऀ
ൃ
ߦ
ऀ
ൃ
ߦ
ઌ
ൃ
ߦ
ઌ
ެ
։
ݤ
ެ
։
ݤ
֦
ு
֦
ு
ग़య: ϓϩϑΣογϣφϧSSL/TLS
Slide 18
Slide 18 text
CA͕ܾఆ͢Δࣦޮ࣌ͱγϦΞϧ൪߸ΛͲ͏༧ଌͨ͠ͷ͔
RapidSSLͰCSRΛૹ৴͔ͯ͠Βূ໌ॻ͕ੜ͞ΕΔ·Ͱ
ͪΐ͏Ͳ6ඵͩͬͨ
ࣦޮ࣌Λඵ୯ҐʹਪଌՄೳ
RapidSSLγʔέϯε൪߸ΛཚΛ༻͍ͯੜͤͣ࿈൪Λ༻
2ͭͷূ໌ॻΛ࿈ଓͯ͠ૉૣ͘औಘ͢Ε2ͭͷূ໌ॻͷγ
ϦΞϧ൪߸Λ༧ଌͰ͖Δ
#4-5-3 ϓϨϑΟοΫεͷ༧ଌ
Slide 19
Slide 19 text
িಥPlayStation3 200ΫϥελΛ༻͍Δͱ1ͰੜՄೳ
ਖ਼֬ͳ࣌ؒΛબΜͰCSRΛૹ৴͠ɺγϦΞϧ൪߸Λ༧ଌ͢Δඞཁ
༵ͷ༦ํ(࠷CA͕ࠞΈ߹Θͳ͍࣌ؒ)ʹ࣮ߦ
༵ۚʹγϦΞϧ൪߸Λ1ճऔಘ͠ɺ߈ܸͷγϦΞϧγϦΞϧ൪߸
+1000ͱͳΔΑ͏ʹࢦͨ͠
߈ܸ͕͍࣌ؒۙͮͨΒɺ৽͍͠ূ໌ॻΛԿ௨͔ൃߦ͢Δ͜ͱͰͰ͖
Δ͚ͩ1000ʹۙ͘ͳΔΑ͏ʹΧϯτΛ্͛ͨ
ि͝ͱʹ3ճ߈ܸΛ࣮ࢪ͠ɺ4िͰޭͨ͠
#4-5-3 RapidSSLͷ߈ܸ
Slide 20
Slide 20 text
20113݄: ComodoͷRA(Registration Authority)ͷҰ
͕ͭʮηΩϡϦςΟΛશʹ৵ʯ͞Εͨ
7ͭͷWebαΠτʹରͯ͠9௨ͷূ໌ॻ͕ൃߦ͞Εͨ
ਝʹൃݟ͞Εͨҝɺ߈ܸऀ͕ར༻Ͱ͖͔ͨෆ໌
Chromeͷιʔείʔυ͔Βެ։ͷલʹ߈ܸΛͬͯ
͍ͨਓ͕͍ͨ
RAʹର͢Δ߈ܸʹ͍ͭͯͷڴҖϞσϧ͕ߟྀ͞Εͯͳ͔ͬͨ
#4-6 ComodoϦηϥʔʹΑΔηΩϡϦςΟ৵
Slide 21
Slide 21 text
2011ՆStartCom͕߈ܸ͞Εͨ
ෆਖ਼ͳূ໌ॻͷൃߦͳͲ֎෦͔Β
֬ೝͰ͖Δඃൃੜͤͣ
ݪҼඃͳͲΘ͔Βͳ͍··
ऩଋ
#4-7 StartComͷ߈ܸ
Slide 22
Slide 22 text
DigiNotarΦϥϯμͷCA
ΦϥϯμిࢠͷPKIΛ୲
2011ʹMITM߈ܸͰෆਖ਼ͳূ໌ॻΛར༻͞
Εͨ
ϧʔτCAࣦͯ͢ޮ͞Εɺ20119݄ʹࣗ
ݾഁ࢈
#4-8 DigiNotar
Slide 23
Slide 23 text
20118݄27ʹΠϥϯͷGmailϢʔβ͕அଓతͳΛใࠂ
ຖ30ʙ60μϯ͍ͯͨ͠
Chromeެ։伴ϐϯχϯάΛࡌ͓ͯ͠ΓɺͦͷػೳͰ߈
ܸΛݕ͍ͯͨ͠
ͦͷޙͷͰΠϥϯͷશIPΞυϨεʹ૬͢Δ30ສΞυϨε
͕ӨڹΛड͚͍ͯͨ͜ͱ͕໌
MITMͰ༻͍ΒΕͨূ໌ॻͯ͢DigiNotarʹΑΓൃߦ
#4-8-1 ൃݟͷܦҢ
Slide 24
Slide 24 text
࠷ॏཁͳαʔόʹѱҙͷ͋ΔιϑτΣΞ͕ࠐ·Ε͍ͯͨ
ௐࠪͨ͠αʔόʹAnti-Virus͕ࢪ͞Εͣ
ॏཁͳߏཁૉͷִػೳͤͣ
CAαʔόཧ༻LAN͔ΒωοτϫʔΫܦ༝ͰΞΫηεՄೳͩͬͨ
શCAαʔό୯ҰWindowsυϝΠϯʹଐ͍ͯͨ͠
Ϣʔβ໊ͱύεϫʔυΛҰ৵Ͱ͖ΕɺΞΫηεՄೳͩͬͨ
ެ։WebαʔόچࣜͰύον͕ͯΒΕ͍ͯͳ͍ιϑτΣΞ͕ଘࡏ
IPSಋೖ͞Ε͍͕ͯͨɺWebαʔόͷ߈ܸΛϒϩοΫͰ͖ͳ͔ͬͨ
҆શʹϩάΛूதཧ͢ΔΈͳ͔ͬͨ
#4-8-2 CAͷ৴༻ࣦ
Slide 25
Slide 25 text
6݄17: Webαʔόͷίϯςϯπཧ෦͕ഁΒΕͨ
7݄1: ϧʔτCAαʔόͷωοτϫʔΫηάϝϯτʹ৵ೖ
ϧʔτCAΠϯλʔωοτʹଓ͞Ε͍ͯͳ͔͕ͬͨɺॏཁͰ
ͳ͍γεςϜΛܦ༝ͯ͠৵ೖ͞Εͨ
7݄10: 128௨ͷෆਖ਼ͳূ໌ॻΛखʹೖΕΔϓϩάϥϜΛ࣮ߦɻ
Ҏ߱53৫ʹͳΓ͢·͠531௨ͷূ໌ॻΛऔಘ
7݄19: DigiNotar৵ೖΛݕɻγεςϜΛΫϦʔϯΞοϓ͠
͕ͨɺ୭ʹใΛ͑ͳ͔ͬͨ
#4-8-2 CAͷ৴༻ࣦ
Slide 26
Slide 26 text
#4-8-2 ൃߦ͞Εͨূ໌ॻ
࠷ॳʹ CA αʔόຊମͷΞΫηεʹޭ͔ͯ͠Β 1 िؒޙͷ͜ͱͰͨ͠ɻ߈ܸऀͦͷޙ
Կճ͔ଞͷόονΛىಈ͠ɺ૯ܭͰগͳ͘ͱ 53 ৫ʹͳΓ͢·͢ 531 ௨ͷূ໌ॻΛख
ʹೖΕ·ͨ͠ɻ͋·Γʹେ͖͘ɺෆਖ਼ͳূ໌ॻͷਖ਼֬ͳΘ͔͍ͬͯ·ͤΜɻϩά
վ᜵͞Ε͓ͯΓɺ͋ͱʹͳͬͯ֎෦ͷڥͰݟ͔ͭͬͨূ໌ॻͷଟ͘దͳσʔλϕʔεʹ
ݟͨΓ·ͤΜͰͨ͠ɻ
ද 4.1 ͔ΒΘ͔ΔΑ͏ʹɺূ໌ॻʹར༻͞Ε໊ͨલͷҰཡʹ༗໊Ͳ͜Ζͷ Web αΠτ
CAɺػؚ͕ؔ·Ε͍ͯ·͢ɻ
ද4.1 DigiNotar ࣾͷ߈ܸऀʹΑͬͯൃߦ͞Εͨෆਖ਼ͳূ໌ॻͷ͏ͪओͩͬͨͷʢׅހൃߦ
͞Εͨূ໌ॻͷΛද͢ɻׅހͷͳ͍ͷ1 ຕͷൃߦʣ
*.*.com *.*.org *.10million.org (2)
*.android.com *.aol.com *.azadegi.com (2)
*.balatarin.com (3) *.comodo.com (3) *.digicert.com (2)
*.globalsign.com (7) *.google.com (26) *.JanamFadayeRahbar.com
*.logmein.com *.microsoft.com (3) *.mossad.gov.il (2)
*.mozilla.org *.RamzShekaneBozorg.com *.SahebeDonyayeDigital.com
*.skype.com (22) *.startssl.com *.thawte.com (6)
*.torproject.org (14) *.walla.co.il (2) *.windowsupdate.com (3)
*.wordpress.com (14) addons.mozilla.org (17) azadegi.com (16)
Comodo Root CA (20) CyberTrust Root CA (20) DigiCert Root CA (21)
Equifax Root CA (40) friends.walla.co.il (8) GlobalSign Root CA (20)
login.live.com (17) login.yahoo.com (19) my.screenname.aol.com
secure.logmein.com (17) Thawte Root CA (45) twitter.com (18)
VeriSign Root CA (21) wordpress.com (12) www.10million.org (8)
www.balatarin.com (16) www.cia.gov (25) www.cybertrust.com
www.Equifax.com www.facebook.com (14) www.globalsign.com
www.google.com (12) www.hamdami.com www.mossad.gov.il (5)
www.sis.gov.uk (10) www.update.microsoft.com (4)
͍͔ͭ͘ͷূ໌ॻɺ༗໊ͳWebαΠτΛ᱐ΔతͰͳ͘ɺ͞·͟·ͳϝοηʔδΛӡͿ
తͰൃߦ͞ΕͨͷͰ͢ɻද 4.2 ʹ·ͱΊͨΑ͏ͳจষ͕ূ໌ॻͷ͋ͪͪ͜Ͱݟ͔͍ͭͬͯ
ग़య: ϓϩϑΣογϣφϧSSL/TLS
Slide 27
Slide 27 text
ෆਖ਼ͳূ໌ॻOCSPใ͕ຒΊࠐ·Ε͍ͯͨ
༻͞Εͨ߹ɺOCSPϨεϙϯμͷϩάΛ͢Εূ໌ॻͷ
͕Մೳͩͬͨ
8݄4: େنͳ߈ܸͷஹީ͕ݕग़
8݄29: ϧʔτCA͕ࣦޮ
߈ܸόʔετతʹൃੜ͍ͯͨ͠
DNSΩϟογϡϙΠκχϯά͕༻͍ΒΕ͍ͯͨͨΊɺ߈ܸํ๏
ʹ੍ݶ͕͋ͬͨͷͰͱਪଌ
#4-8-3 MITM߈ܸ
Slide 28
Slide 28 text
Gmailͷύεϫʔυͷऩू͕త
GoogleΛὃΔূ໌ॻ30ສIPΞυϨε͔Β65
ສճͷOCSPϦΫΤετΛੜΈग़͍ͯͨ͠
ͦͷ͏ͪ95%͕Πϥϯ෦
ΓੈքதͷTorͷExit NodeɺϓϩΩγɺ
VPNͩͬͨ
#4-8-3 ߈ܸऀͷత
Slide 29
Slide 29 text
20119݄ʹ൜ߦ໌
ৄࡉͳ߈ܸΛ։ࣔ
Ͳ͏ͬͯ6ͷωοτϫʔΫʹΞΫηε͔ͨ͠
netHSMͷϋʔυΣΞ伴ͳͲΛͲ͏ͬͯᷖ
ճ͔ͨ͠
Πϥϯʹର͢Δ߈ܸʹ͍ͭͯݴٴͤͣ
#4-8-4 ComodoHackerͷ൜ߦ໌
Slide 30
Slide 30 text
201111݄ϚϨʔγΞͷDigiCert Sdn. Bhd.ͱ
͍͏CA͕ةݥͳ΄Ͳऑ͍ূ໌ॻΛൃߦ͍ͯͨ͠
DigiCertͱؔͳ͘ɺEntrustɺCyberTrustͱ
தؒCAͱͯ͠ͷܖΛ݁ΜͰ͍ͨ
22௨ͷূ໌ॻ͕ൃߦ͞Ε͕ͨɺக໋తͳΛ๊
͍͑ͯͨ
#4-9 DigiCert Sdn. Bhd.
Slide 31
Slide 31 text
512bit͔͠ແ͍ͨΊ૯Γ߈ܸͰҼղ͕ՄೳͰ͋ͬͨ
༻ํ๏ͷ੍ݶ͕ͳ͍
EKU(Extended Key Usage)֦ுʹΑΓ௨ৗɺূ໌ॻͷ༻ํ๏͕ݶఆ͞
Ε͍ͯΔ
༻ํ๏͕ݶఆ͞Ε͍ͯͳ͍ͨΊɺίʔυॺ໊ͳͲʹར༻Ͱ͖ͨ
͕ൃݟ͞Εͨཧ༝ɺഁΒΕͨެ։伴͕ϚϧΣΞͷॺ໊ʹѱ༻͞Εͨ
ͨΊ
ࣦޮใ͕ͳ͍ͨΊɺ࣮֬ʹࣦޮͰ͖ͳ͔ͬͨ
݁ہEntrustͱCyberTrust͕தؒCAΛࣦޮͤ͞ɺϒϥβϕϯμʔ͕ϒϥοΫ
Ϧετʹొ͢Δߋ৽ΛϦϦʔε͢Δ͜ͱͰରԠ
#4-9 க໋తͳ
Slide 32
Slide 32 text
20125݄ʹҖΛฃͬͨϚϧΣΞ
SQLiteͱLuaͰϏϧυ͞Εɺඇৗʹߴ͍৴པੑΛ࣋ͬ
͍ͯͨ
1,000ͷγεςϜͰൃݟ͞Εͨඪతܕ߈ܸͰ͋ͬͨ
20125݄ʹΠϥϯͷCERT͕։ࣔ
։ࣔޙɺશΠϯελϯεΛফڈ͢ΔͨΊͷࣗಈফ໓
ίϚϯυΛൃߦ
#4-10 Flame
Slide 33
Slide 33 text
FlameWindows UpdateͷΈΛѱ༻
IEͷWPAD(Web Proxy Auto Discovery)Λ༻͍ͯɺLAN
ͷPCʹରͯ͠Windows UpdateαʔόͰ͋ΔΑ͏শ
LAN্ͷWindowsʹͨ͘͢Ͱ͖Δ
Windows UpdateTLSΛ༻͍ͯ͠ͳ͍͕ɺίʔυॺ໊
ʹΑΓόΠφϦΛอޢ͍ͯͨ͠
ԿΒ͔ͷܗͰWindows Updateͱͯ͠όΠφϦʹॺ໊
#4-10-1 Windows UpdateʹΑΔ߈ܸ
Slide 34
Slide 34 text
ϥΠηϯεೝূͷҝɺಛผͳCAূ໌ॻΛΞΫςΟϕʔγϣϯ࣌ʹड͚औΔΈ
Λѱ༻
ओཁͳTSͷCAূ໌ॻ͕Windows Updateͱಉ͡ϧʔτCA͔Βൃߦ͞Εͯ
͍ͨ
Ͱ͋ΔTSͷCAΛϥΠηϯεॲཧͱɺίʔυॺ໊ʹར༻Ͱ͖ͨʢཧ༝ෆ໌ʣ
ԼҐCAͷEKUʹ੍ݶ͕ͳ͔ͬͨͷͰɺূ໌ॻͱಉ༷ʹ༻Ͱ͖ͨ
TS͝ͱʹແ੍ݶͷCAূ໌ॻ͕ൃߦ͞ΕɺϋοΩϯάͳ͠ʹWindows Update
όΠφϦʹରͯ͠ίʔυॺ໊͕࣮ࢪͰ͖ͨ
͍ͳ͜ͱʹWindows VistaҎ߱ͰHydraͱݺΕΔಠࣗͷX.509֦ுΛ
ؚ·ͳ͍ূ໌ॻΛऔಘ͠ͳ͍ͱ߈ܸͰ͖ͳ͍
#4-10-2 WindowsλʔϛφϧαʔϏε(TS)ʹର͢Δ߈ܸ
Slide 35
Slide 35 text
TSͷCAূ໌ॻMD5Ͱॺ໊͞Ε͍ͯͨ
ͦͷҝRapidSSLͱಉ༷ʹબϓϨϑΟοΫεিಥ߈ܸ͕Մೳ
ূ໌ॻൃߦࣗಈԽɻࣦޮ࣌ͱγϦΞϧ൪߸Ҏ֎ͷϑΟʔ
ϧυೖखՄೳ
ࣦޮ࣌༧ଌՄೳ͕ͩɺඵ୯ҐͰͷਖ਼͕֬͞ඞཁ
γϦΞϧ൪߸࿈൪Ͱͳ͍͕ɺىಈ͔ͯ͠ΒͷϛϦඵͱ࿈
൪Ͱߏ͞Ε͍ͯͨ
߈ܸʹϛϦඵ୯ҐͰͷਫ਼͕ཁٻ͞Ε͕ͨɺ߈ܸޭ
#4-10-3 MD5ͷѱ༻
Slide 36
Slide 36 text
FlameͰিಥϒϩοΫ͕4ͭ༻͍ΒΕ͍ͯͨ
িಥϏοτ
ਅਖ਼ͳূ໌ॻͷmodulusϑΟʔϧυͷRSA modulus
ෆਖ਼ͳূ໌ॻͷissuerUniqueID
͜ΕΒΛ༻͍ͯࠩύεΛߏஙͨ͠
จݙʹͳ͍બϓϨϑΟοΫεিಥ߈ܸͰ͋Γɺ৽छͷࠩύεߏங
ΞϧΰϦζϜ͕બ͞Ε͍ͯͨ
߈ܸऀߴੑೳͳϋʔυΣΞɺ༗ೳͳΤϯδχΞɺੈքϨϕϧͷ҉߸ֶ
ऀΛར༻Ͱ͖ΔཱͰ͋ͬͨ͜ͱؒҧ͍ͳ͍
#4-10-3 FlameͷબϓϨϑΟοΫεিಥ߈ܸ
Slide 37
Slide 37 text
201212݄ChromeͰHPKPʹҧ͢Δূ໌ॻΛൃݟ
GoogleτϧίͷCAͰ͋Δ͜ͱΛಛఆ(TURKTRUST)
γεςϜҠߦ࣌ʹޡͬͯԼҐCAূ໌ॻΛ2௨ൃߦ
1௨͕EGOࣾͰ༻͍ΒΕɺMITMػೳΛ࣋ͭFWʹΠϯετʔϧ͞
Εͨ
ͦͷػث͕ԼҐCAΛར༻ͨ݁͠ՌɺGoogleͷূ໌ॻΫϩʔϯ
͕ੜ͞Εɺݕग़͞Εͨ
γεςϜཧ্ͷϛεͱͯ͠ॲཧ͞Εͨ
#4-11 TURKTRUST
Slide 38
Slide 38 text
201312݄Google͕ϑϥϯεͷػ͔ؔΒൃߦ͞ΕͨԼҐCAΛഉআ
ANSSIͷϧʔτCA.frυϝΠϯͷΈ৴པ͞ΕΔΑ͏ʹมߋ
ཧ༝: ԼҐCA͕MITMػثͰ༻͞Ε͍ͯͨͨΊ
ݪҼ: ਓతͳϛεͱൃද͞Εͨ
ANSSICAͷӡ༻ʹΛ๊͍͑ͯͨ
ଟ͘ʹࣦޮใؚ͕·Ε͍ͯͳ͍
ۭͷCRLʹಥવઍͷূ໌ॻ͕Ճ͞ΕΔͳͲෆ໌ྎ
ANSSIBaseline Requirementʹ४ڌͰ͖Δ·Ͱ2͔͔Δͱൃද
#4-12 ANSSI
Slide 39
Slide 39 text
20147݄ɺ·ͨͯ͠Googleޡൃߦ͞Εͨূ໌ॻ
Λݕ
Πϯυͷೝূཧہ(CCA)͕ൃߦ͍ͯͨ͠
ԼҐͷNICͷCA͕৵͞Ε͍ͯͨ
தؒCAࣦޮ͞Εͨ
ChromeCCAͷϧʔτCA.inͷಛఆυϝΠϯͷΈ৴པ
͢ΔΑ͏ʹ੍ݶ
#4-13 Πϯυใֶηϯλʔ
Slide 40
Slide 40 text
PKIͷ࠷େͷڴҖɺͼ͜ΔTLSडͰ͋Δ
डऀͱͯ͠ڍ͛ΒΕΔͷ
ϩʔΧϧʹΠϯετʔϧ͞ΕͨιϑτΣΞ
ैۀһ
ISP
௨ৗ؍ଌ͢Δ͜ͱ͕͍͕͠ɺز͔ͭͷΠϯγσϯτ
͕ใࠂ͞Εɺͷෳࡶ͞ʹؾ͔͞ΕΔ
#4-14 ൣғʹٴͿTLSड
Slide 41
Slide 41 text
ChromeνʔϜGogo͕҉߸Խ͞ΕͨτϥϑΟοΫΛ͢
ͯड͍ͯ͠Δ͜ͱΛൃݟ
࣮ࡏ͢ΔWebαΠτͷ໊લΛ͚ͭͨෆਖ਼ͳূ໌ॻΛΒ
·͍͍ͯͨ
ͳʹ͔߈ܸΛͨ͠Θ͚Ͱͳ͘ɺϢʔβʹূ໌ॻʹ͍ͭͯ
ͷܯࠂΛΫϦοΫͤͯ͞ܧଓ͍ͯͨ͠
GogoଳҬΛ੍ޚ͢ΔͨΊʹඞཁͩͬͨͱห໌͕ͨ͠ɺ
ޙडΛશʹΊͨ
#4-14-1 Gogo
Slide 42
Slide 42 text
201512݄ Lenovo͕ग़ՙ͢ΔͷҰ෦ʹSuperfishͱݺΕ
ΔϚϧΣΞΛϓϦΠϯετʔϧ͍ͯͨ͜͠ͱ͕໌
HTTPSΛؚΊͨར༻ऀͷશτϥϑΟοΫΛड͍ͯͨ͠
ূ໌ॻʹ͍ͭͯͷܯࠂΛճආ͢ΔͨΊʹɺϢʔβಉҙͳ͠ʹϧʔτ
ূ໌ॻετΞʹSuperfishͷϧʔτূ໌ॻΛՃ͍ͯͨ͠
τϥϑΟοΫͯ͢ϩʔΧϧͷϓϩηεʹϦμΠϨΫτ͞Εɺ
͖উखʹվม͍ͯͨ͠
ϓϥΠϕʔτͳใػඍͳใࢹ͞Ε͍͕ͯͨɺҰ൪ͳ
ͷదʹ࣮͞Ε͍ͯͳ͔ͬͨ
#4-14-2 Superfishes
Slide 43
Slide 43 text
ຊདྷϢʔβ͝ͱʹCAΛੜ͠༻͖͢
SuperfishͰಉҰͷϧʔτCAΛར༻͍ͯͨ͠
ϧʔτCAͷൿີ伴Λൈ͖ग़ͤͨϢʔβͦͷൿີ伴Λ༻͍ͯ߈ܸʹ༻Ͱ
͖ͯ͠·͏
ϓϩΩγͷTLS͕TLS 1.1͔͠αϙʔτ͍ͯ͠ͳ͔ͬͨͨΊɺࣄ্࣮Ϣʔβͷη
ΩϡϦςΟΛμϯάϨʔυ͍ͯͨ͠
MITMࣗݾॺ໊ূ໌ॻΛݕग़͢Δ͜ͱͰ͖ͳ͔ͬͨ
ࣄ্࣮ͯ͢ͷWebαΠτΛ৴པͯ͠͠·͍ͬͯͨ͜ͱʹ͍͠
HPKPͰϩʔΧϧͰ৴པ͞ΕͨϧʔτCAʹର߅͢Δ͜ͱ͕Ͱ͖ͳ͍
#4-14-2 Superfishͷෆదͳ࣮
Slide 44
Slide 44 text
FacebookʹΑΔͱΧβϑελϯͰ4.5%ͷ
Ϣʔβ͕SuperfishͷӨڹΛड͚͍ͯͨ
LenovoͦͷޙMSͱڠྗͯ͠ෆཁͳϧʔτCA
Λআڈ
25ສͷPC͕Өڹ͞Ε͍ͯͨͱൃද
SuperfishҎ֎ʹಉ༷ͷଟ͋Δ
#4-14-2 ͦͷޙͷରԠ
Slide 45
Slide 45 text
20153݄ CNNIC(தࠃωοτϫʔΫΠϯϑΥϝʔγϣϯηϯλʔ)͕
MCSͱ͍͏اۀʹରͯ͠ࢼݧతͳதؒCAΛൃߦ
MCSΤδϓτͰূ໌ॻͷఏڙͱؔ࿈ࣄۀͷ։
ࢼݧظؒதʹTLSͷಁաϓϩΩγʹΠϯϙʔτ͞Εɺ1௨ͷূ໌ॻ͕ޡͬ
ͯൃߦ͞Εͨ
Chrome͕ൃݟ͠ɺGoogleʹใࠂ͞Εͨ
݁Ռతʹແ੍ݶͰάϩʔόϧʹ༗ޮͳதؒCAূ໌ॻΛཧͰ͖ͳ͍৫
ʹରͯ͠ূ໌ॻΛൃߦͨ͠ͱͯ͠Chrome, MozillaCNNICূ໌
ॻΛࣦޮͤͨ͞
#4-15 CNNIC
Slide 46
Slide 46 text
201610݄
MozillaWoSign͕SHA-1ʹΑΔূ໌ॻൃߦͷ
ظݶͱͨ͠20161݄1Ҏ߱ʹSHA-1ʹΑΔॺ
໊͖ূ໌ॻΛൃߦͨ͠ͱͯ͠WoSignΛࣦޮ
ಉ࣌ʹWoSign͕StartSSLΛશʹॴ༗͍ͯͨ͠
ʹؔΘΒͣɺ։ࣔΛ͍ͯ͠ͳ͔ͬͨ͜ͱ͔Β
StartSSLࣦޮ
ͦͷޙ: StartSSL
Slide 47
Slide 47 text
ChromeνʔϜʹΑΔͱɺ2ϲ݄ؒʹΓ30,000௨ͷূ໌
ॻ͕ਖ਼͘͠ݕূ͞Εͣʹൃߦ͞Εͨͱใࠂ
ஈ֊తʹ༗ޮظݶΛॖ͢Δ͜ͱɺEVূ໌ॻΛEVͱͯ͠औ
ΓѻΘͳ͍ͱൃද
5݄17࣌ͰGoogle20178݄8·ͰʹSymantec
͕ൃߦͨ͠ূ໌ॻΛୈࡾऀʹΑΔCAͰ࠶ൃߦ͢͠Α͏ཁ
ٻ͍ͯ͠Δ
ݱࡏΓऔΓଓ͍͍ͯΔɻɻɻ
2017Symantec