Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
!"#$%&'()* +,--./012 3456378191,":1;78<=74>,?>17@./7AB12C;?D= .E./FEGFEH IJ7KLM=CNC/G
Slide 2
Slide 2 text
!"#$ • ౬ଜ ཌྷ (@yumu19) • ւಓใେֶ ใϝσΟΞֶ෦ ใϝσΟΞֶՊ ।ڭत (2021/04ʙ) • ࠃཱݚڀ։ൃ๏ਓใ௨৴ݚڀػߏ(NICT) ڠྗݚڀһ (݉) • ઐใՊֶ • ϢϏΩλείϯϐϡʔςΟϯά • ώϡʔϚϯίϯϐϡʔλΠϯλϥΫγϣϯ • ωοτϫʔΫ • ࡳຈग़ (ࠓ15ͿΓʹւಓʹ͖ͬͯ·ͨ͠) 2 Ϟϊͮ͘Γܥ ϙουΩϟετ ϞϊϥδΦ ӉσʔλΛͬͨ ϋοΧιϯ NASA SpaceApps ͷͮ͘ΓలࣔΠϕϯτ NTࡳຈ
Slide 3
Slide 3 text
%&'()*+,-./0'(123456789:;<=>?@ABCDEFGH93IJK8 • 2015-16 αΠόʔ߈ܸରࡦ૯߹ݚڀηϯλʔ αΠόʔ߈ܸݕূݚڀࣨ ٕज़һ • 2016-21 ૯߹ςετϕουݚڀ։ൃਪਐηϯλʔɹɹɹɹɹɹɹɹɹɹɹɹ ςετϕουݚڀ։ൃӡ༻ࣨ ݚڀһ • NICTͷηϯλʔ(ࣄۀॴ)ͷͻͱͭ (ৄࡉblogࢀর) • ੴݝೳඒࢢʹ͋Δੈք࠷େنͷωοτϫʔΫςετϕου • ࢪઃʹ1000ͷཧϊʔυ + ίϯςφܕσʔληϯλʔ͕Քಇ • ػߏ֎ͷݚڀऀɾ։ൃऀʹ࣮ݧڥΛఏڙ (Hardeningʹʂ) 3
Slide 4
Slide 4 text
@LAMNOPQRST-.UV • ౢ, ౬ଜΒ, Bluetooth Low EnergyͷࣹిΛ༻͍ͨɹ ՈఉͰͷੜମใऔಘ (2020) • Bluetooth Low EnergyͷࣹిΛܭଌͯ͠ݺٵΛܭଌ 4
Slide 5
Slide 5 text
@WXYZZ[\@WX]=ZZ=^_`abHGc'()* • ଟͷBLEػثʹΑΔૹड৴ΛιϑτΣΞతʹ࠶ݱ • ༗ઢωοτϫʔΫ(Πʔαωοτ)্ͰBLEϑϨʔϜΛૹड৴ 5
Slide 6
Slide 6 text
dXef][=]g7hij[e • PCεϚϗͷนࢴΧελϚΠζͰ͖Δ • ΩʔϘʔυ(ιϑτΣΞతʹ)ΧελϚΠζͰ͖ͳ͍ʂ • ө૾ΤϑΣΫτΛΩʔԡԼ࣌ʹ༩͠ɺλΠϐϯάମݧΛ֦ு 6
Slide 7
Slide 7 text
klmnopqrs • ৸ͯΔ͕͍࣌ؒͬͨͳ͍ → ༗ޮ׆༻ → ৸ͯΔؒʹήʔϜ • ίϯτϩʔϥͱͯ͠γϦίϯΩʔϘʔυΛϕουʹෑ͘ • ΩʔԡԼͰମͷҐஔΛݕ • ৸ฦΓʹ߹Θͤͯόʔ͕Ҡಈ • ͜ΕΛ৸ͯΔؒʹϓϨΠ 7
Slide 8
Slide 8 text
6tuv • Webαʔόʹରͯ͠ҙͷIPΞυϨε͔ΒͷΞΫηεΛੜ • IPΞυϨε·ͰؚΊͨWebαʔϏεͷςετ͕Մೳ (IP Geolocation) • OpenFlow (Ryu) Λ༻ 8 ౬ଜΒ, CROW: OpenFlowΛ༻͍ͨಈతWebΞΫηε฿γεςϜ (2016)
Slide 9
Slide 9 text
4567At9w9BdABdLx<9w945tyd4d9w96xtA93z{|}~•€•‚ƒ„8 9 NICTER • μʔΫωοτͷΞΫηεݩՄࢹԽ • ىಈͷߴ͞ϙʔτ൪߸ • ৭L4σʔλάϥϜछ(TCP SYN,TCP ACK, UDP) NIRVANA • ΞϓϥΠΞϯεͷΞϥʔτͷूɾՄࢹԽ DAEDALUS • ରαΠόʔ߈ܸΞϥʔτγεςϜ • μʔΫωοτͷΞΫηεݩՄࢹԽ • DDoS͕Θ͔Γ͍͢ CURE • ηΩϡϦςΟؔ࿈ใΛू͢ΔηΩϡϦςΟใ༥߹ج൫
Slide 10
Slide 10 text
<]…†>…‡ˆ‰Š93z{|}~•€•‚ƒ„8 • NICT͕ओ࠵͢ΔηΩϡϦςΟਓࡐҭϓϩάϥϜ • 1ճืूɺ25ࡀҎԼɺࢀՃඅແྉɺֶੜަ௨අશֹิॿ 10
Slide 11
Slide 11 text
]‹…XŒ] • ޡղΛආ͚ΔͨΊɺෆ࣮֬ͳ͜ͱʹͳΔ͘ݴٴ͠ͳ͍Α͏ʹ͠·͢ • ఏڙͱͯ͠ฉ͍͍ͯͩ͘͞ʢڵຯΛ࣋ͬͨΒ֤ࣗͰௐͯΈ͍ͯͩ͘͞ʣ 11
Slide 12
Slide 12 text
•Žc•• • εϚʔτεϐʔΧʔͷηΩϡϦςΟϦεΫ • ωοτϫʔΫΧϝϥͷηΩϡϦςΟϦεΫ • ਓؒߦಈೝٕࣝज़ʹΑΔηΩϡϦςΟϦεΫ • IoTػثΛλʔήοτͱͨ͠ϚϧΣΞ • IoTγεςϜͷηϯαϊʔυͱήʔτΣΠͷηΩϡϦςΟϦεΫ 12
Slide 13
Slide 13 text
5Z7‘{ • Internet of ThingsɿϞϊͷΠϯλʔωοτɿʮϞϊʯͱʁ • PCɾεϚϗ͕Πϯλʔωοτʹܨ͕Δ → ී௨ • র໌ɺ࣌ܭɺମॏܭ͕Πϯλʔωοτʹܨ͕Δ → ͍͢͝ʂ(ʁ) • ͬ͘͟Γ͍͏ͱɺPCͱεϚϗҎ֎ͰωοτϫʔΫʹܨ͕Δػثʢͬ͘͟Γౖ͗ͯ͢ΒΕΔͭʣ • ΣΞϥϒϧσόΠεɺϔϧεέΞɺεϚʔτϗʔϜ / ϗʔϜΦʔτϝʔγϣϯɺεϚʔτγ ςΟɺɺ etc. • όζϫʔυͳͷͰɺ͏ਓʹΑͬͯҙຯ͕ҟͳΔ • ʮ͏Μ͏ΜɺͦΕ·ͨIoTͩͶʯ • ͳΜͰηϯγϯά (σʔλऩू) Ͱ͖ΔΑ͏ʹͳΔ • ίϯϐϡʔλͷখܕԽɾՁ֨Խ • ηϯαͷՁ֨Խ • ωοτϫʔΫͷՁ֨ԽɾফඅిྗԽ (LPWA) 13
Slide 14
Slide 14 text
•Ž’•“”•5Z7– 14 εϚʔτεϐʔΧʔ https://www.amazon.co.jp/ εϚʔτϩοΫ https://akerun.com/ ωοτϫʔΫΧϝϥ https://www.keian.co.jp/products/c7823wip/
Slide 15
Slide 15 text
—˜H™—šH›H • ΦϯϥΠϯߨԋͱ͔Ͱݴ͍͚ͬͯͳ͍ϫʔυʮAlexaʯʮOK, GoogleʯʮHey, Siriʯetc… (wakeup word) 15 Amazon Echo https://www.amazon.co.jp/
Slide 16
Slide 16 text
—˜H™—šH›HcEœa•žŸ•—q3 8 • υʔϧϋεࣄ݅ (US, 2015) • ʮࢠڙ͕EchoΛͬͯυʔϧϋεΛจͯ͠͠·ͬͨʯͱ͍͏ χϡʔε͕TV์ૹ͞Εͨ • Ωϟελʔ͕ϫʔυΛಡΈ্͛ͨͨΊɺTVࢹௌऀͷՈఉͷAmazon Echo͕Ԡͯ͠ಉ࣌ʹେྔʹυʔϧϋεΛൃ • όʔΨʔΩϯάCM (US, 2017) • TVCMͷ࠷ޙʹʮOK, Google. What is whopper?ʯͱ͍͏ηϦϑ • ֤ՈఉͷGoogle Home͕આ໌͠͡ΊΔ • → (Wikipediaͷ༰ΛಡΈ্͍͛ͯΔͨΊ) WikipediaͷߥΒ͕͠ൃੜ • → Google HomeͷΞοϓσʔτͰԠ͠ͳ͍Α͏मਖ਼ 16
Slide 17
Slide 17 text
—˜H™—šH›HcEœa•žŸ•—q3¡8 • Webձٞಈը৴ͷίϝϯτಡΈ্͛Ͱʮࢲͷॅॴʁʯ 17 https://twitter.com/depolarization1/status/1342651891931435009 άʔάϧͷԻΞγελϯτ͕Իͨ͠ձɺ୭ʹͲ͜·Ͱʮฉ͔Εͯʯ͍Δͷ͔ʁ | WIRED.jp https://wired.jp/2019/07/17/whos-listening-talk-google-assistant/ • Ի͞Ε͍ͯΔʁ
Slide 18
Slide 18 text
—˜H™—šH›HcEœa•žŸ•—q3ˆ8 • 伴(εϚʔτϑΥϯ/εϚʔτΥον)Λ࣋ͨͣʹ֎ग़ • εϚʔτϩοΫͷࣗಈࢪৣͰకΊग़͠ • ֎͔ΒΠϯλʔϗϯͱεϚʔτεϐʔΧܦ༝Ͱղৣ • ੬ऑੑʹͳΓಘΔ • ʢԡ͢͠ΔͱͤΔΠϯλʔϗϯ͕͋Δʁʣ 18 εϚʔτϩοΫ͕ղআͰ͖ͣʹకΊͩ͠ʹ͋ͬͯ͠·ͬͨ - έʔλΠ Watch https://k-tai.watch.impress.co.jp/docs/column/minna/1340971.html
Slide 19
Slide 19 text
dg¢]?Œ>?j>W9A‹>fiW]Œ • Adversarial (ఢରత) ɹExamples (ྫ) • ਓ͕ؒݟΕҰྎવͳը૾ͰػցֶशͷྨΛڰΘͤΔ͜ͱ͕Ͱ͖Δ • ػցֶशͰʮಛྔʯΛผʹར༻͍ͯ͠Δ 19 Goodfellow et al., Explaining and Harnessing Adversarial Examples (2015) ςφΨβϧ
Slide 20
Slide 20 text
—˜H™—šH›HcEœa•žŸ•—q3£8 • Audio Adversarial Examples • ਓؒʹόϨͳ͍Α͏ʹεϚʔτεϐʔΧ໋ྩͰ͖ͪΌ͏ 20 Carlini and Wagner, Audio Adversarial Examples: Targeted Attacks on Speech-to-Text (2017) • σϞ • 1ճɿΦϦδφϧ (ԻָͷΈ) • 2ճɿ“speech can be embedded in music” ͱ͍͏Ի͕ຒΊࠐ·Ε͍ͯΔ
Slide 21
Slide 21 text
,¤¥¦§¨ 21 ڑηϯα ಈըɾը૾ ߦಈೝࣝ RUNNING WALKING SITTING STANDING JUMPING σʔλ εϚʔτϑΥϯ ʢՃɾ͖ɾ࣓ؾʣ ΣΞϥϒϧσόΠε ʢՃɾ຺ʣ • ਓؒߦಈೝࣝ (Human Activity Recognition: HAR) • ϔϧεέΞɺεϙʔπɺεϚʔτϗʔϜͳͲ • ΣΞϥϒϧηϯαɺεϚʔτϑΥϯɺಈը૾ɺڥηϯαʢڑηϯ αɺαʔϞάϥϑΟʣͳͲͷσʔλ͕༻͍ΒΕΔ • ਓؒߦಈೝٕࣝज़ͷଟ͘ʹػցֶश͕༻͍ΒΕΔ • αϙʔτϕΫλʔϚγϯ • ϥϯμϜϑΥϨετ • Deep Learning (CNN)
Slide 22
Slide 22 text
¥¦§¨9©9
Slide 23
Slide 23 text
¥¦§¨9©9ª«M¬-®G•F¯°±”¥¦²³ • ߴྛΒ, அπʔϧΛ༻͍ͨεϚʔτλοϓͷফඅిྗใʹΑΔਓͷ ߦಈਪఆਫ਼ͷ࣮ূධՁ (2018) • εϚʔτλοϓͰऔಘͨ͠ফඅిྗྔ͔Βʮىচɺ֎ग़ɺؼɺब৸ʯ Λਪఆ 23
Slide 24
Slide 24 text
¥¦§¨9©9™´bp™µH¶Hc·Um¸¹Pº¨» • ڮΒ, τΠϨοτϖʔύͷճసʹجͮ͘τΠϨ༻ऀࣝผख๏ (2017) • τΠϨοτϖʔύʔͷਊʹ֯ηϯαΛઃஔ͠ɺ5ͭͷಛྔ(༻ ྔɺ࣌ؒɺͷ࠷େɺͷฏۉɺͷࢄ)͔Β༻ऀΛਪఆ 24 http://cse.eedept.kobe-u.ac.jp/portfolio/tp_identi fi cation/
Slide 25
Slide 25 text
¥¦§¨‘¼HG‘½¾´¿ÀH • “ͳΜͰσʔλऩूͰ͖ΔΑ͏ʹͳΔ” IoTͱߦಈೝࣝ૬ੑ͕ྑ͍ • Ұํɾɾɾ • ࿙Εͯͳ͍ͱࢥͬͨσʔλ͔Βɺ༧ظ͠ͳ͍ใ(ߦಈσʔλͳ Ͳ)͕࿙ΕΔՄೳੑ͋Δ • σʔλͷѻ͍ɺ͜Ε·ͰҎ্ʹϓϥΠόγʔʹྀ͢Δඞཁ͕͋Δ 25
Slide 26
Slide 26 text
5Z7‘q¾ÁÂÃÄ • Ոి͕͑ͳ͍ɺݐʹೖΕͳ͍ etc. • Amazon EC2ͷSLA: 99.99% • SLA(Service Level Agreement): ߹ҙՔಇ (͜ΕΛԼճΔͱฦۚ) • ؒ 52.56 ·Ͱࢭ·Δ (ͪΖΜ࣮ࡍͬͱ͍) 26 ΫϥυোͰՈిૢ࡞Ͱ͖ͣɹεϚʔτϗʔϜʹམͱ݀͠ | ܦΫϩεςοΫʢxTECHʣ https://xtech.nikkei.com/atcl/nxt/mag/nc/18/092400133/031100045/
Slide 27
Slide 27 text
Åp™ÆHq›Ç¾ • Πϯλʔωοτӽ͠ʹө૾ΛݟΔ͜ͱ͕Ͱ͖ΔΧϝϥ • ൜Χϝϥɺࣗϖοτࢹ etc. • ੬ऑͳύεϫʔυόοΫυΞʹΑΔෆਖ਼ΞΫηεͷϦεΫ 27 தࠃωοτϫʔΫΧϝϥʹཧऀݖݶΛୣऔͰ͖ΔόοΫυΞͷଘࡏ͕ใࠂ͞ΕΔ - GIGAZINE https://gigazine.net/news/20200207-xiongmai-backdoor/
Slide 28
Slide 28 text
<†uBd4 • ΠϯλʔωοτଓػثͷݕࡧαΠτ 28
Slide 29
Slide 29 text
j[Œ]…>f • ύεϫʔυઃఆ͍ͯ͠ͳ͍ωοτϫʔΫΧϝϥͷө૾ΛूΊͨWebαΠτ͋Δ 29 ൜Χϝϥө૾Λͷ͖ͧݟͰ͖ͯ͠·͏ʮinsecamʯϨϏϡʔɺ ຊͷ൜Χϝϥ1000Ҏ্ϦΞϧλΠϜͰ౪ΈݟՄೳ - GIGAZINE https://gigazine.net/news/20200718-insecam/
Slide 30
Slide 30 text
5Z71ÈOGHÉp™‘sR˜ÊÁËÌ • Mirai (2016) • ωοτϫʔΫΧϝϥɺՈఉ༻ϧʔλͷLinuxػثΛλʔήοτ • ײછػث͕ϘοτωοτΛߏங͠DDoS߈ܸ • IoTػثύεϫʔυ͕੬ऑ (ॳظύεϫʔυ) ͳ͜ͱଟ͍ 30 ҆৺૬ஊ૭ޱͩΑΓɿIPA ಠཱߦ๏ਓ ใॲཧਪਐػߏ https://www.ipa.go.jp/security/anshin/mgdayori20161125.html
Slide 31
Slide 31 text
4u756A • Πϯλʔωοτଓػثͷ੬ऑੑௐࠪ • ૯লɺࠃཱݚڀ։ൃ๏ਓใ௨৴ݚڀػߏ͕࣮ࢪ 31 NOTICEʛαΠόʔ߈ܸʹѱ༻͞ΕΔ͓ͦΕͷ͋ΔIoTػثͷௐࠪɺҙשىΛߦ͏ϓϩδΣΫτ https://notice.go.jp/
Slide 32
Slide 32 text
ÍÎ\%&'()*+,-./0'(12+ • ࠃཱݚڀ։ൃ๏ਓɺͦͷతۀ༰ɺۀൣғ͕๏ͰఆΊΒΕ͍ͯΔ • ۀ༰͕Ճ͞ΕΔ߹ʹ๏վਖ਼͕ඞཁ 32
Slide 33
Slide 33 text
Ï®HÐp™93ÑÒÓOÔ“€•ÕÖºcצOØÙ8 33 ٶ࡚ ॣ, ࣗಈंϋχʔϙοτ (Valpot) ͷߏͱ࣮ݧ http://www.gentei.org/~hayao/material/ 20190309_honeypot_tech_event.pdf IoTϋχʔϙοτ X-Pot ࣗಈंϋχʔϙοτ Valpot ٢Ԭ ࠀ, ߈ܸ؍ଌݚڀͷ৽ͨͳεςʔδ ʙαΠόʔੈքͷ”PCRݕࠪ”ͷ࣮ݱʹ͚ͯʙ https://www.jssec.org/dl/ 20210609_sf21_yoshioka.pdf
Slide 34
Slide 34 text
d9
Slide 35
Slide 35 text
<]…X?j=h95ŒŒX]Œ9>=9<][Œj[e9L>h]? • Node Capturing: ηϯαϊʔυΛΩϟϓνϟ / ஔ͖͑ • Malicious Code Injection Attack: ѱҙͷ͋Δ ίʔυೖ • False Data Injection Attack: ِͷσʔλೖ • Side-Channel Attacks (SCA): ࿙Εग़Δσʔ λ (ి࣓์ࣹɺফඅిྗ) Λͬͨใऔಘ • Eavesdropping and Interference: ౪ௌͱׯব • Sleep Deprivation Attacks (ਭෆ߈ܸ): IoTػثͷόοςϦʔΛফͤ͞Δ • Booting Attacks (ىಈ߈ܸ): ىಈϓϩηε࣮ ߦதͷ੬ऑੑΛૂ͏ 35 Hassija et al., A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures (2019)
Slide 36
Slide 36 text
<]…X?j=h95ŒŒX]Œ9>=9Ú>=]Û>hŒ • ͷηϯαϊʔυ͕༻͍Δ௨৴ϓϩτίϧ༷ʑ • LoraWan, ZigBee, Z-Wave etc. • ΫϥυαʔόͷଓήʔτΣΠΛհ͢ • End-to-End Encryption: ήʔτΣΠͰ෮߸Խ͢Δ(E2EͰͳ͍)ͱϦεΫߴ • Extra Interfaces: ߈ܸରྖҬͱͳΔͷͰ࠷খݶʹͱͲΊΔ͖ • Firmware updates: ήʔτΣΠIoTσόΠεͷϑΝʔϜΣΞΞοϓσʔ τ୲͏ࣄ͕ଟ͍ 36
Slide 37
Slide 37 text
5Z7‘Eœa•žŸ9©9‚‘Ü 37 while(true ) printf “Hello ” end • ର͕ཧۭؒʹ͕Δ • ਓମͷ҆શ͕ڴ͔͞ΕΔՄೳੑ ίϯϐϡʔληΩϡϦςΟ • ରใ • ݸਓใࢿ࢈͕ڴ͔͞ΕΔՄೳੑ IoTηΩϡϦςΟ • ʮηΩϡϦςΟʯ૯߹֨ಆٕ (༷ʑͳͷ͕ࣝབྷΉ) • ʮIoTʯ૯߹֨ಆٕ • ʮIoTͷηΩϡϦςΟʯʮ૯߹֨ಆٕͷ૯߹֨ಆٕʯ
Slide 38
Slide 38 text
t]Ý]?][…]Œ
Slide 39
Slide 39 text
5Z7Eœa•žŸc޴¾´Fß 39 IoTͷηΩϡϦςΟɿIPA ಠཱߦ๏ਓ ใॲཧਪਐػߏ https://www.ipa.go.jp/security/iot/index.html
Slide 40
Slide 40 text
àác——Ç 40 #ղͷεεϝ ըΞʔΧΠϒ – Medium https://medium.com/bunkai
Slide 41
Slide 41 text
jZ=9Œ]…X?j=h 41 iot security https://www.trendmicro.com/jp/iot-security/
Slide 42
Slide 42 text
Eœa•žŸcÌb93âZg…>Œ=98 42 podcast - #ηΩϡϦςΟͷΞϨ - ΏΔʔ͍ηΩϡϦςΟͷϙουΩϟετͰ͢Αɻ https://www.tsujileaks.com/
Slide 43
Slide 43 text
—˜H™—šH›Hãäå‘æçè 43 Ḻ୩ ༏, εϚʔτεϐʔΧʔΈͱةݥੑ https://www.eng.okayama-u.ac.jp/oict/wp-content/uploads/2020/01/doc44-4.pdf
Slide 44
Slide 44 text
éê 44 ळా७Ұ, ༲͛ͯᖰͬͯΘ͔Δ ίϯϐϡʔλͷ͘͠Έ (2020) ΞϯυϦϡʔ“όχʔ”ϑΝϯ, ϋʔυΣΞϋοΧʔ (2018)
Slide 45
Slide 45 text
éê 45 ࠇྛޝ, ଜౡ ਖ਼ߒ, ϋοΧʔͷֶߍ IoTϋοΩϯάͷڭՊॻ (2018) ্দ྄հ, ϋοΧʔͷٕज़ॻ IoTιϑτΣΞແઢͷڭՊॻ (2020) ീࢠྱ, ਿࢁ߃࢘, ೭Լߤ༸, দӜ ਅٷ, ຊࢠ, IoTͷجຊɾΈɾ ॏཁࣄ߲͕શ෦Θ͔ΔڭՊॻ (2017)