疑似乱数の作り方・使い方ゲームから情報セキュリティまで / jeita-20171026

Slide 1

Slide 1 text

ٙࣅཚ਺ͷ࡞Γํɾ࢖͍ํ ήʔϜ͔Β৘ใηΩϡϦςΟ·Ͱ ྗ෢ ݈࣍ ྗ෢݈ٕ࣍ज़࢜ࣄ຿ॴ 2017೥10݄26೔ JEITA ୈ4ճϋʔυ΢ΣΞηΩϡϦςΟٕज़෼Պձ Kenji Rikitake / JEITA 26-OCT-2017 1

Slide 2

Slide 2 text

ࣗݾ঺հ (1/2) 1990೥ΑΓΠϯλʔωοτٕज़ ͷݚڀ։ൃʹैࣄ 2010೥ʙ2013೥: ژ౎େֶ ৘ใ ؀ڥػߏ ڭतͱͯ͠ಉେֶͷશ ֶ৘ใηΩϡϦςΟରࡦΛ୲౰ 2011೥/2012೥: ACM SIGPLAN Erlang Workshop ʹͯٙࣅཚ਺ SFMTͱTinyMTͷErlang/OTPฒ ߦॲཧγεςϜ΁ͷ࣮૷Λൃද Kenji Rikitake / JEITA 26-OCT-2017 2

Slide 3

Slide 3 text

ࣗݾ঺հ (2/2) 2014೥4݄ΑΓྗ෢݈ٕ࣍ज़࢜ ࣄ຿ॴॴ௕ͱͯ͠ಠཱ 2015೥: Erlang/OTP ͷٙࣅཚ਺ ϥΠϒϥϦ rand ϞδϡʔϧΛ։ ൃ όʔδϣϯ18.0ΑΓ࠾༻ 2016೥: Arduino UnoͰ෺ཧཚ਺ ʹجͮ͘ిࢠαΠίϩ avrdice ʢࣸਅʣΛ։ൃɺMaker Faire Tokyo 2016ʹͯలࣔ Kenji Rikitake / JEITA 26-OCT-2017 3

Slide 4

Slide 4 text

ٙࣅཚ਺ͱ͸ Kenji Rikitake / JEITA 26-OCT-2017 4

Slide 5

Slide 5 text

ͦͷલʹ ཚ਺ͱ͸? Kenji Rikitake / JEITA 26-OCT-2017 5

Slide 6

Slide 6 text

ཚ਺ྻͱ༧ଌෆೳੑ ݱࡏಘΒΕ͍ͯΔ਺ྻ͔Βະདྷ͕༧૝Ͱ͖ͳ͍਺ྻ 1 ཚ਺ͱ͸ཚ਺ྻͷཁૉʢ͋Δ͍͸ཚ਺ྻࣗ਎ʣ ిࢠճ࿏ͷʮࡶԻʯʹ૬౰ ༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏ ϥϯμϜωε͸ʮ৘ใΤϯτϩϐʔʯͷҰཁૉ 2 2 খ໦ીಓ෉ʮΘ͔Γ΍͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮ৘ใΤϯτϩϐʔʯ 1 Wikipedia ʮཚ਺ྻʯΑΓൈਮ Kenji Rikitake / JEITA 26-OCT-2017 6

Slide 7

Slide 7 text

ϥϯμϜωεΛࣔ͢෺ཧݱ৅ ೤ࡶԻ → ఍߅ͷੜ੒͢ΔࡶԻ ΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻ ൒ಋମͷ஗Ԇ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗ ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧ΢ϯλʔʣ ͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲ ʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣ Kenji Rikitake / JEITA 26-OCT-2017 7

Slide 8

Slide 8 text

෺ཧཚ਺ ϥϯμϜωεΛࣔ͢෺ཧݱ৅ʹΑΔཚ਺ྻ ه࿥͸Ͱ͖Δ͕࠶ݱͰ͖ͳ͍ ಘΒΕΔϥϯμϜωε͸༗ݶ →ޙड़͢Δٙࣅཚ਺ʹൺ΂ߴ଎Խ/େ༰ྔԽ͕ࠔ೉ ੜ੒૷ஔ΁ͷ෺ཧత߈ܸ͕Մೳ →ੜ੒͞Εͨཚ਺͔Β߈ܸΛ࡯஌͢Δ͜ͱ͸ࠔ೉ Kenji Rikitake / JEITA 26-OCT-2017 8

Slide 9

Slide 9 text

Slide 10

Slide 10 text

૿෯લͷࡶԻ Kenji Rikitake / JEITA 26-OCT-2017 10

Slide 11

Slide 11 text

૿෯ޙͷϥϯμϜͳϏοτྻ Kenji Rikitake / JEITA 26-OCT-2017 11

Slide 12

Slide 12 text

2ͭͷಠཱͨ͠ճ࿏ͷग़ྗ Kenji Rikitake / JEITA 26-OCT-2017 12

Slide 13

Slide 13 text

ϑΥϯɾϊΠϚϯɾϑΟϧλ ΑΓߴ͍඼࣭ͷ෺ཧཚ਺ΛಘΔͨΊͷํ๏ 1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ 1ͭ໨ 2ͭ໨ ݁Ռ 0 0 ແࢹʢ࠶ࢼߦʣ 0 1 0 1 0 1 1 1 ແࢹʢ࠶ࢼߦʣ Kenji Rikitake / JEITA 26-OCT-2017 13

Slide 14

Slide 14 text

͋ΒͨΊͯ ٙࣅཚ਺ͱ͸? Kenji Rikitake / JEITA 26-OCT-2017 14

Slide 15

Slide 15 text

ཚ਺͸ίϯϐϡʔλͰ͸࡞Εͳ͍ ཚ਺͸༧ଌෆೳͰͳ͚Ε͹ͳΒͳ͍ →ܾఆతΞϧΰϦζϜͰ͸ੜ੒Ͱ͖ͳ͍ ܾఆతΞϧΰϦζϜ͸಺෦ঢ়ଶΛ࣋ͭ ಺෦ঢ়ଶͷऔΓಘΔ৔߹ͷ਺͸༗ݶ ৔߹ͷ਺͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δ पظ͕͋Ε͹ݪཧతʹ͸༧ଌͰ͖ͯ͠·͏ Kenji Rikitake / JEITA 26-OCT-2017 15

Slide 16

Slide 16 text

ͦΕͰ΋ٙࣅཚ਺Λܭࢉ͢Δҙຯ पظ͕े෼ʹେ͖͍਺ྻ͸ཚ਺ͱಉ༷ͷੑ࣭Λ࣋ͭ →ٙࣅతʹཚ਺ͱΈͳͤΔˠٙࣅཚ਺ ݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚ਺ͷपظ͸े෼େ͖͍ →ྫ: SFMTͷయܕత࣮૷: ֬཰෼෍Λ࠶ݱ͢Δ͚ͩͰ͋Ε͹༧ଌෆೳੑ͸ෆཁ →ٙࣅཚ਺ྻ͕ٻΊΔ֬཰෼෍Ͱ͋Ε͹Α͍ Kenji Rikitake / JEITA 26-OCT-2017 16

Slide 17

Slide 17 text

ٙࣅཚ਺ͷ෺ཧཚ਺ʹର͢Δར఺ ಺෦ঢ়ଶͷॳظ஋͕ಉ͡Ͱ͋Ε͹࠶ݱͰ͖Δ →࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ΋࢖͑Δ ܭࢉೳྗΛ૿΍͢͜ͱͰߴ଎Խ/େ༰ྔԽ͕Ͱ͖Δ →େن໛ͳधཁʹ༰қʹԠ͑ΒΕΔ ΞϧΰϦζϜͷ޻෉Ͱ༧ଌෆೳੑΛߴΊΒΕΔ →෺ཧཚ਺Ͱͳͯ͘΋࣮༻্े෼ͳ৔߹΋ଟ͍ Kenji Rikitake / JEITA 26-OCT-2017 17

Slide 18

Slide 18 text

ٙࣅཚ਺ͷ༻్ ҉߸伴ͷੜ੒ʢ҉߸࿦తڧ౓͕ඞཁɺޙड़ʣ γϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣ ιϑτ΢ΣΞςετʢ৚݅ΛϥϯμϜʹม͑Δʣ εϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣ ෛՙ෼ࢄʢϥϯμϜʹαʔόΛબ୒ʣ Kenji Rikitake / JEITA 26-OCT-2017 18

Slide 19

Slide 19 text

γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 3 3 By nicoguaro - Own work, CC BY 3.0, from Wikimedia Commons Kenji Rikitake / JEITA 26-OCT-2017 19

Slide 20

Slide 20 text

ݹ͍ٙࣅཚ਺ͷੜ੒๏: ઢܗ߹ಉ๏ ͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩ ܭࢉࣜͷྫ: →શͯͷ৔߹͕ܭࢉՄೳͳͨΊ҆શͰ͸ͳ͍ →ଟ࣍ݩͰنଇతʹ෼෍ͯ͠͠·͏ →ԼҐϏοτͷϥϯμϜωε͕௿͍ Kenji Rikitake / JEITA 26-OCT-2017 20

Slide 21

Slide 21 text

ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 4 4 CC BY-SA 3.0, from Wikimedia Commons Kenji Rikitake / JEITA 26-OCT-2017 21

Slide 22

Slide 22 text

ݱ୅ͷੜ੒๏: LFSR LFSR: ઢܗϑΟʔυόοΫϨδελ 5 ಛੑଟ߲ࣜͷྫ: 5 By melan - ౤ߘऀࣗ਎͕࡞੒, ύϒϦοΫɾυϝΠϯ Kenji Rikitake / JEITA 26-OCT-2017 22

Slide 23

Slide 23 text

LFSRͷಛ௃ ಛੑଟ߲ࣜΛબͿͱ࠷௕पظʹͰ͖Δ ݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚ਺ੜ੒ํࣜͷجૅ ϋʔυ΢ΣΞԽ͕༰қ →GPSɺGSMܞଳɺΠʔαωοτͳͲ΁Ԡ༻ ιϑτ΢ΣΞ࣮૷΋༰қ Kenji Rikitake / JEITA 26-OCT-2017 23

Slide 24

Slide 24 text

҉߸໨తҎ֎Ͱͷ͓קΊͷٙࣅཚ਺ Mersenne Twister (MT): ௕͍पظ͕औΕΔ Xorshift+/*: ߴ଎ SFMT: MTͷվྑ൛ɺ௕͍पظ͕औΕΔ TinyMT: ૊ΈࠐΈ໨తʹద͍ͯ͠Δ MTΛϥΠϒϥϦʹ࣋ͭݴޠ΋͋Δ(R, Python) ͨͩ͠҉߸໨తʹ࢖ͬͯ͸͍͚·ͤΜ Kenji Rikitake / JEITA 26-OCT-2017 24

Slide 25

Slide 25 text

҉߸࿦తʹΈͨ ٙࣅཚ਺ͷηΩϡϦςΟ Kenji Rikitake / JEITA 26-OCT-2017 25

Slide 26

Slide 26 text

ٙࣅཚ਺ͷ҆શΛकΔʹ͸ ಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍ ৴པͰ͖Δ࣮૷Λมߋͤͣʹ࢖͏ ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣ Kenji Rikitake / JEITA 26-OCT-2017 26

Slide 27

Slide 27 text

JavaScriptॲཧܥV8Ͱ͋ͬͨόά Kenji Rikitake / JEITA 26-OCT-2017 27

Slide 28

Slide 28 text

౷ܭతͳཚ਺ͷݕఆ ஶ͘͠ภΓ͕͋Δ৔߹͸όά·ͨ͸ҟৗͷՄೳੑ ෼෍ɺฏۉ஋ɺϞϯςΧϧϩ๏ʢԁप཰ͳͲʣ ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6 ֤छπʔϧ: Dieharder, TestU01, PractRand 7 7 ৽෦༟ʮཚ਺ͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation 6 ୮Ӌ࿕ਓɺಢۼ޹໵ʮٖࣅཚ਺ݕূπʔϧͷௐࠪ։ൃʯɺژ౎େֶ਺ཧղੳݚڀॴߨڀ࿥ 1351רɺ2004೥ɺpp. 80-93 Kenji Rikitake / JEITA 26-OCT-2017 28

Slide 29

Slide 29 text

౷ܭతͳݕఆํ๏ͷݶք पظΛௐ΂Δ͜ͱ͕Ͱ͖ͳ͍ ݕఆΛύεͯ͠΋༧ଌෆೳੑ͸ࣔͤͳ͍ →҉߸࿦త҆શ͸ੜ੒ํ๏ͷݕূΛߦΘͳ͍͜ͱʹ ͸ࣔ͢͜ͱ͕Ͱ͖ͳ͍ ୹ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍ Kenji Rikitake / JEITA 26-OCT-2017 29

Slide 30

Slide 30 text

҉߸࿦త҆શͷ৚݅ લఏ৚݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍ ಺෦ঢ়ଶ͕൑໌ͯ͠΋༧ଌෆೳੑ͕อͨΕΔ →ΞϧΰϦζϜ/࡞੒ํ๏ͷެ։͕ݕূͷେલఏ →ʮൿີͷճ࿏/ΞϧΰϦζϜʯ͸৴༻͞Εͳ͍ ҉߸࿦త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃ͸੝Μ →৘ใηΩϡϦςΟͷҰେݚڀ෼໺ Kenji Rikitake / JEITA 26-OCT-2017 30

Slide 31

Slide 31 text

OSͰͷ҉߸࿦త҆શͳཚ਺ੜ੒ख๏ Kenji Rikitake / JEITA 26-OCT-2017 31

Slide 32

Slide 32 text

ΑΓ҆શͳٙࣅཚ਺ΛಘΔʹ͸ ίϯϐϡʔλ಺෦ͰͷΤϯτϩϐʔͰ͸ෆे෼ →ಛʹԾ૝ϚγϯͰ͸Τϯτϩϐʔ͕ෆ଍ →֎෦ʹ෺ཧཚ਺ͷڙڅݯΛઃ͚Δ ෺ཧཚ਺ʹ͸ϑΥϯɾϊΠϚϯɾϑΟϧλΛ࢖͏ ෺ཧཚ਺ʹ͸ϋογϡؔ਺Λซ༻ →֎෦ͷ৙ཚ΍߈ܸͷӨڹΛ؇࿨Ͱ͖Δ Kenji Rikitake / JEITA 26-OCT-2017 32

Slide 33

Slide 33 text

෺ཧཚ਺ͱϋογϡؔ਺ͷซ༻ Kenji Rikitake / JEITA 26-OCT-2017 33

Slide 34

Slide 34 text

҉߸໨తͰٙࣅཚ਺Λ࢖͏ʹ͸ ՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ࢖͏ →Linux/macOS/BSD: /dev/urandom →Windows: CryptGenRandom →Android: SecureRandom ͦͷଞOpenSSL, LibreSSLͳͲ ݪଇࣗ෼ͰϓϩάϥϜ͸ॻ͍ͯ͸͍͚ͳ͍ Kenji Rikitake / JEITA 26-OCT-2017 34

Slide 35

Slide 35 text

MCU΍CPUͷ෺ཧཚ਺ͷ৴པੑ Intel x86_64: RDRAND/RDSEED ໋ྩ →౰ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ →ͦͷ··࢖ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔ ARM Cortex-M4౳Ͱ΋ࣄ৘͸ಉ͡ →࠷௿ݶϋογϡؔ਺ͱซ༻͕ඞཁ Kenji Rikitake / JEITA 26-OCT-2017 35

Slide 36

Slide 36 text

ݕূෆे෼ͳٙࣅཚ਺ʹΑΔ੬ऑੑ ݕূෆे෼ͳٙࣅཚ਺ͷੜ੒৘ใ͸੬ऑੑͱͳΔ IEEE 802.11Ͱͷ伴ੜ੒ʹ܎Δཚ਺ੜ੒૷ஔͷ੬ऑੑ ˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8 InﬁneonࣾͷRSA҉߸伴ੜ੒࣌ͷݕূෆ଍Ͱ੬ऑͳ҉ ߸伴͕ੜ੒ˠTPM΍ICΧʔυೝূʹӨڹ9 9 ROCA: Vulnerable RSA generation (CVE-2017-15361) 8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys, 25th USENIX Security Symposium Kenji Rikitake / JEITA 26-OCT-2017 36

Slide 37

Slide 37 text

·ͱΊ ෺ཧཚ਺૷ஔ͸੡଄աఔ͕͔֬ͳ΋ͷΛ࢖͏ ෺ཧཚ਺૷ஔͷੜ੒݁ՌΛͦͷ··৴༻͠ͳ͍ ٙࣅཚ਺͸৽͘͠ධՁ͕࣮֬ͳ΋ͷΛ࢖͏ ҉߸ϓϩτίϧʹ͸OSͷϥΠϒϥϦΛ࢖͏ ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυ͸ϦεΫ Kenji Rikitake / JEITA 26-OCT-2017 37

Slide 38

Slide 38 text

͋Γ͕ͱ͏͍͟͝·ͨ͠ ࣭͝໰ΛͲ͏ͧ Kenji Rikitake / JEITA 26-OCT-2017 38

Slide 39

Slide 39 text

ຊจதͷURLʹ͍ͭͯ͸ https://speakerdeck.com/ jj1bdx/jeita-20171026 Λࢀর ը૾ΫϨδοτ: ग़యΛ໌ه͍ͯ͠ͳ͍΋ͷ͸ྗ෢ ݈͕࣍ࡱӨ λΠτϧεϥΠυͷഎܠ: TV Noise, Theodore Pulser, PublicDomainPictures.net (public domain) ֤ηΫγϣϯͷഎܠʢ਺ࣈͷฒΜͰ͍Δ΋ͷʣ: Tyler Easton, Unsplash.com (public domain) Kenji Rikitake / JEITA 26-OCT-2017 39