Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026
Search
Kenji Rikitake
October 26, 2017
Technology
1
730
疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026
JEITA (電子情報技術産業協会) 第4回 ハードウェアセキュリティ技術分科会 発表原稿
Kenji Rikitake
October 26, 2017
Tweet
Share
More Decks by Kenji Rikitake
See All by Kenji Rikitake
SDR Implementation of Analog FM Broadcast Multipath Filter
jj1bdx
0
790
インターネットとオープンな無線技術の今後 / Future of Internet and Open Radio Engineering
jj1bdx
0
1.2k
FM放送とマルチパスを適応フィルタで極めてみた / Solving multipath distortion of FM broadcast by adaptive filters
jj1bdx
1
3.5k
ソフトウェアラジオとC++ そしてFMエアチェックのための信号解析と数値計算にまつわるよもやま話 / Software radio and C++
jj1bdx
0
1k
SDR時代のFM受信 マルチパスモニタとマルチパスフィルタ / FM broadcast reception with SDR - multipath monitor and multipath filter
jj1bdx
0
600
How I discover a working implementation of clock_nanosleep() for macOS in CPAN Time::Hires
jj1bdx
1
1.2k
Sleeping pays / 1000eng-74th-jj1bdx
jj1bdx
1
49
The BEAM Programming Paradigm
jj1bdx
1
930
Safe randomness: theory and practice
jj1bdx
1
1.4k
Other Decks in Technology
See All in Technology
バックオフィス向け toB SaaS バクラクにおけるレコメンド技術活用 / recommender-systems-in-layerx-bakuraku
yuya4
5
580
Dynamic Reteaming And Self Organization
miholovesq
3
650
Web Intelligence and Visual Media Analytics
weblyzard
PRO
1
5.9k
AWS全冠芸人が見た世界 ~資格取得より大切なこと~
masakiokuda
5
6.4k
Goの組織でバックエンドTypeScriptを採用してどうだったか / How was adopting backend TypeScript in a Golang company
kaminashi
12
8.6k
4/17/25 - CIJUG - Java Meets AI: Build LLM-Powered Apps with LangChain4j (part 2)
edeandrea
PRO
0
130
C++26アップデート 2025-03
faithandbrave
0
1.1k
AIと共に乗り越える、 入社後2ヶ月の苦労と学習の軌跡
sai_kaneko
0
120
CodePipelineのアクション統合から学ぶAWS CDKの抽象化技術 / codepipeline-actions-cdk-abstraction
gotok365
5
300
PicoRabbit: a Tiny Presentation Device Powered by Ruby
harukasan
PRO
2
260
地味にいろいろあった! 2025春のAmazon Bedrockアップデートおさらい
minorun365
PRO
1
480
Databricksで完全履修!オールインワンレイクハウスは実在した!
akuwano
0
110
Featured
See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
A Modern Web Designer's Workflow
chriscoyier
693
190k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
How GitHub (no longer) Works
holman
314
140k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
41
2.2k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Adopting Sorbet at Scale
ufuk
76
9.3k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
400
Visualization
eitanlees
146
16k
Optimizing for Happiness
mojombo
377
70k
Transcript
ٙࣅཚͷ࡞Γํɾ͍ํ ήʔϜ͔ΒใηΩϡϦςΟ·Ͱ ྗ ݈࣍ ྗ݈ٕ࣍ज़࢜ࣄॴ 201710݄26 JEITA ୈ4ճϋʔυΣΞηΩϡϦςΟٕज़Պձ Kenji Rikitake
/ JEITA 26-OCT-2017 1
ࣗݾհ (1/2) 1990ΑΓΠϯλʔωοτٕज़ ͷݚڀ։ൃʹैࣄ 2010ʙ2013: ژେֶ ใ ڥػߏ ڭतͱͯ͠ಉେֶͷશ ֶใηΩϡϦςΟରࡦΛ୲
2011/2012: ACM SIGPLAN Erlang Workshop ʹͯٙࣅཚ SFMTͱTinyMTͷErlang/OTPฒ ߦॲཧγεςϜͷ࣮Λൃද Kenji Rikitake / JEITA 26-OCT-2017 2
ࣗݾհ (2/2) 20144݄ΑΓྗ݈ٕ࣍ज़࢜ ࣄॴॴͱͯ͠ಠཱ 2015: Erlang/OTP ͷٙࣅཚ ϥΠϒϥϦ rand ϞδϡʔϧΛ։
ൃ όʔδϣϯ18.0ΑΓ࠾༻ 2016: Arduino UnoͰཧཚ ʹجͮ͘ిࢠαΠίϩ avrdice ʢࣸਅʣΛ։ൃɺMaker Faire Tokyo 2016ʹͯలࣔ Kenji Rikitake / JEITA 26-OCT-2017 3
ٙࣅཚͱ Kenji Rikitake / JEITA 26-OCT-2017 4
ͦͷલʹ ཚͱ? Kenji Rikitake / JEITA 26-OCT-2017 5
ཚྻͱ༧ଌෆೳੑ ݱࡏಘΒΕ͍ͯΔྻ͔Βະདྷ͕༧Ͱ͖ͳ͍ྻ 1 ཚͱཚྻͷཁૉʢ͋Δ͍ཚྻࣗʣ ిࢠճ࿏ͷʮࡶԻʯʹ૬ ༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏ ϥϯμϜωεʮใΤϯτϩϐʔʯͷҰཁૉ 2 2 খીಓʮΘ͔Γ͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮใΤϯτϩϐʔʯ
1 Wikipedia ʮཚྻʯΑΓൈਮ Kenji Rikitake / JEITA 26-OCT-2017 6
ϥϯμϜωεΛࣔ͢ཧݱ ࡶԻ → ߅ͷੜ͢ΔࡶԻ ΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻ ಋମͷԆ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗
ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧϯλʔʣ ͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲ ʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣ Kenji Rikitake / JEITA 26-OCT-2017 7
ཧཚ ϥϯμϜωεΛࣔ͢ཧݱʹΑΔཚྻ هͰ͖Δ͕࠶ݱͰ͖ͳ͍ ಘΒΕΔϥϯμϜωε༗ݶ →ޙड़͢ΔٙࣅཚʹൺߴԽ/େ༰ྔԽ͕ࠔ ੜஔͷཧత߈ܸ͕Մೳ →ੜ͞Εͨཚ͔Β߈ܸΛ͢Δ͜ͱࠔ Kenji Rikitake /
JEITA 26-OCT-2017 8
9
૿෯લͷࡶԻ Kenji Rikitake / JEITA 26-OCT-2017 10
૿෯ޙͷϥϯμϜͳϏοτྻ Kenji Rikitake / JEITA 26-OCT-2017 11
2ͭͷಠཱͨ͠ճ࿏ͷग़ྗ Kenji Rikitake / JEITA 26-OCT-2017 12
ϑΥϯɾϊΠϚϯɾϑΟϧλ ΑΓߴ͍࣭ͷཧཚΛಘΔͨΊͷํ๏ 1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ 1ͭ 2ͭ ݁Ռ 0 0 ແࢹʢ࠶ࢼߦʣ 0
1 0 1 0 1 1 1 ແࢹʢ࠶ࢼߦʣ Kenji Rikitake / JEITA 26-OCT-2017 13
͋ΒͨΊͯ ٙࣅཚͱ? Kenji Rikitake / JEITA 26-OCT-2017 14
ཚίϯϐϡʔλͰ࡞Εͳ͍ ཚ༧ଌෆೳͰͳ͚ΕͳΒͳ͍ →ܾఆతΞϧΰϦζϜͰੜͰ͖ͳ͍ ܾఆతΞϧΰϦζϜ෦ঢ়ଶΛ࣋ͭ ෦ঢ়ଶͷऔΓಘΔ߹ͷ༗ݶ ߹ͷ͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δ पظ͕͋Εݪཧతʹ༧ଌͰ͖ͯ͠·͏ Kenji Rikitake /
JEITA 26-OCT-2017 15
ͦΕͰٙࣅཚΛܭࢉ͢Δҙຯ पظ͕ेʹେ͖͍ྻཚͱಉ༷ͷੑ࣭Λ࣋ͭ →ٙࣅతʹཚͱΈͳͤΔˠٙࣅཚ ݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚͷपظेେ͖͍ →ྫ: SFMTͷయܕత࣮: ֬Λ࠶ݱ͢Δ͚ͩͰ͋Ε༧ଌෆೳੑෆཁ →ٙࣅཚྻ͕ٻΊΔ֬Ͱ͋ΕΑ͍ Kenji Rikitake
/ JEITA 26-OCT-2017 16
ٙࣅཚͷཧཚʹର͢Δར ෦ঢ়ଶͷॳظ͕ಉ͡Ͱ͋Ε࠶ݱͰ͖Δ →࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ͑Δ ܭࢉೳྗΛ૿͢͜ͱͰߴԽ/େ༰ྔԽ͕Ͱ͖Δ →େنͳधཁʹ༰қʹԠ͑ΒΕΔ ΞϧΰϦζϜͷͰ༧ଌෆೳੑΛߴΊΒΕΔ →ཧཚͰͳ࣮ͯ͘༻্ेͳ߹ଟ͍ Kenji Rikitake /
JEITA 26-OCT-2017 17
ٙࣅཚͷ༻్ ҉߸伴ͷੜʢ҉߸తڧ͕ඞཁɺޙड़ʣ γϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣ ιϑτΣΞςετʢ݅ΛϥϯμϜʹม͑Δʣ εϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣ ෛՙࢄʢϥϯμϜʹαʔόΛબʣ Kenji Rikitake / JEITA
26-OCT-2017 18
γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 3 3 By nicoguaro - Own work, CC
BY 3.0, from Wikimedia Commons Kenji Rikitake / JEITA 26-OCT-2017 19
ݹ͍ٙࣅཚͷੜ๏: ઢܗ߹ಉ๏ ͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩ ܭࢉࣜͷྫ: →શͯͷ߹͕ܭࢉՄೳͳͨΊ҆શͰͳ͍ →ଟ࣍ݩͰنଇతʹͯ͠͠·͏ →ԼҐϏοτͷϥϯμϜωε͕͍ Kenji Rikitake /
JEITA 26-OCT-2017 20
ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 4 4 CC BY-SA 3.0, from Wikimedia Commons Kenji
Rikitake / JEITA 26-OCT-2017 21
ݱͷੜ๏: LFSR LFSR: ઢܗϑΟʔυόοΫϨδελ 5 ಛੑଟ߲ࣜͷྫ: 5 By melan -
ߘऀ͕ࣗ࡞, ύϒϦοΫɾυϝΠϯ Kenji Rikitake / JEITA 26-OCT-2017 22
LFSRͷಛ ಛੑଟ߲ࣜΛબͿͱ࠷पظʹͰ͖Δ ݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚੜํࣜͷجૅ ϋʔυΣΞԽ͕༰қ →GPSɺGSMܞଳɺΠʔαωοτͳͲԠ༻ ιϑτΣΞ࣮༰қ Kenji Rikitake / JEITA
26-OCT-2017 23
҉߸తҎ֎Ͱͷ͓קΊͷٙࣅཚ Mersenne Twister (MT): ͍पظ͕औΕΔ Xorshift+/*: ߴ SFMT: MTͷվྑ൛ɺ͍पظ͕औΕΔ TinyMT:
ΈࠐΈతʹద͍ͯ͠Δ MTΛϥΠϒϥϦʹ࣋ͭݴޠ͋Δ(R, Python) ͨͩ͠҉߸తʹ͍͚ͬͯ·ͤΜ Kenji Rikitake / JEITA 26-OCT-2017 24
҉߸తʹΈͨ ٙࣅཚͷηΩϡϦςΟ Kenji Rikitake / JEITA 26-OCT-2017 25
ٙࣅཚͷ҆શΛकΔʹ ಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍ ৴པͰ͖Δ࣮Λมߋͤͣʹ͏ ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣ Kenji Rikitake / JEITA 26-OCT-2017 26
JavaScriptॲཧܥV8Ͱ͋ͬͨόά Kenji Rikitake / JEITA 26-OCT-2017 27
౷ܭతͳཚͷݕఆ ஶ͘͠ภΓ͕͋Δ߹όά·ͨҟৗͷՄೳੑ ɺฏۉɺϞϯςΧϧϩ๏ʢԁपͳͲʣ ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6 ֤छπʔϧ: Dieharder, TestU01, PractRand
7 7 ৽෦༟ʮཚͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation 6 ୮Ӌ࿕ਓɺಢۼʮٖࣅཚݕূπʔϧͷௐࠪ։ൃʯɺژେֶཧղੳݚڀॴߨڀ 1351רɺ2004ɺpp. 80-93 Kenji Rikitake / JEITA 26-OCT-2017 28
౷ܭతͳݕఆํ๏ͷݶք पظΛௐΔ͜ͱ͕Ͱ͖ͳ͍ ݕఆΛύεͯ͠༧ଌෆೳੑࣔͤͳ͍ →҉߸త҆શੜํ๏ͷݕূΛߦΘͳ͍͜ͱʹ ࣔ͢͜ͱ͕Ͱ͖ͳ͍ ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍ Kenji Rikitake / JEITA
26-OCT-2017 29
҉߸త҆શͷ݅ લఏ݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍ ෦ঢ়ଶ͕໌ͯ͠༧ଌෆೳੑ͕อͨΕΔ →ΞϧΰϦζϜ/࡞ํ๏ͷެ։͕ݕূͷେલఏ →ʮൿີͷճ࿏/ΞϧΰϦζϜʯ৴༻͞Εͳ͍ ҉߸త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃΜ →ใηΩϡϦςΟͷҰେݚڀ Kenji Rikitake
/ JEITA 26-OCT-2017 30
OSͰͷ҉߸త҆શͳཚੜख๏ Kenji Rikitake / JEITA 26-OCT-2017 31
ΑΓ҆શͳٙࣅཚΛಘΔʹ ίϯϐϡʔλ෦ͰͷΤϯτϩϐʔͰෆे →ಛʹԾϚγϯͰΤϯτϩϐʔ͕ෆ →֎෦ʹཧཚͷڙڅݯΛઃ͚Δ ཧཚʹϑΥϯɾϊΠϚϯɾϑΟϧλΛ͏ ཧཚʹϋογϡؔΛซ༻ →֎෦ͷཚ߈ܸͷӨڹΛ؇Ͱ͖Δ Kenji Rikitake /
JEITA 26-OCT-2017 32
ཧཚͱϋογϡؔͷซ༻ Kenji Rikitake / JEITA 26-OCT-2017 33
҉߸తͰٙࣅཚΛ͏ʹ ՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ͏ →Linux/macOS/BSD: /dev/urandom →Windows: CryptGenRandom →Android: SecureRandom ͦͷଞOpenSSL, LibreSSLͳͲ
ݪଇࣗͰϓϩάϥϜॻ͍͍͚ͯͳ͍ Kenji Rikitake / JEITA 26-OCT-2017 34
MCUCPUͷཧཚͷ৴པੑ Intel x86_64: RDRAND/RDSEED ໋ྩ →ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ →ͦͷ··ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔ ARM Cortex-M4Ͱࣄಉ͡ →࠷ݶϋογϡؔͱซ༻͕ඞཁ
Kenji Rikitake / JEITA 26-OCT-2017 35
ݕূෆेͳٙࣅཚʹΑΔ੬ऑੑ ݕূෆेͳٙࣅཚͷੜใ੬ऑੑͱͳΔ IEEE 802.11Ͱͷ伴ੜʹΔཚੜஔͷ੬ऑੑ ˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8 InfineonࣾͷRSA҉߸伴ੜ࣌ͷݕূෆͰ੬ऑͳ҉ ߸伴͕ੜˠTPMICΧʔυೝূʹӨڹ9 9 ROCA:
Vulnerable RSA generation (CVE-2017-15361) 8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys, 25th USENIX Security Symposium Kenji Rikitake / JEITA 26-OCT-2017 36
·ͱΊ ཧཚஔաఔ͕͔֬ͳͷΛ͏ ཧཚஔͷੜ݁ՌΛͦͷ··৴༻͠ͳ͍ ٙࣅཚ৽͘͠ධՁ͕࣮֬ͳͷΛ͏ ҉߸ϓϩτίϧʹOSͷϥΠϒϥϦΛ͏ ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυϦεΫ Kenji Rikitake / JEITA
26-OCT-2017 37
͋Γ͕ͱ͏͍͟͝·ͨ͠ ࣭͝ΛͲ͏ͧ Kenji Rikitake / JEITA 26-OCT-2017 38
ຊจதͷURLʹ͍ͭͯ https://speakerdeck.com/ jj1bdx/jeita-20171026 Λࢀর ը૾ΫϨδοτ: ग़యΛ໌ه͍ͯ͠ͳ͍ͷྗ ݈͕࣍ࡱӨ λΠτϧεϥΠυͷഎܠ: TV Noise,
Theodore Pulser, PublicDomainPictures.net (public domain) ֤ηΫγϣϯͷഎܠʢࣈͷฒΜͰ͍Δͷʣ: Tyler Easton, Unsplash.com (public domain) Kenji Rikitake / JEITA 26-OCT-2017 39