Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026
Search
Kenji Rikitake
October 26, 2017
Technology
1
760
疑似乱数の作り方・使い方 ゲームから情報セキュリティまで / jeita-20171026
JEITA (電子情報技術産業協会) 第4回 ハードウェアセキュリティ技術分科会 発表原稿
Kenji Rikitake
October 26, 2017
Tweet
Share
More Decks by Kenji Rikitake
See All by Kenji Rikitake
SDR Implementation of Analog FM Broadcast Multipath Filter
jj1bdx
0
850
インターネットとオープンな無線技術の今後 / Future of Internet and Open Radio Engineering
jj1bdx
0
1.2k
FM放送とマルチパスを適応フィルタで極めてみた / Solving multipath distortion of FM broadcast by adaptive filters
jj1bdx
1
3.6k
ソフトウェアラジオとC++ そしてFMエアチェックのための信号解析と数値計算にまつわるよもやま話 / Software radio and C++
jj1bdx
0
1.1k
SDR時代のFM受信 マルチパスモニタとマルチパスフィルタ / FM broadcast reception with SDR - multipath monitor and multipath filter
jj1bdx
0
650
How I discover a working implementation of clock_nanosleep() for macOS in CPAN Time::Hires
jj1bdx
1
1.3k
Sleeping pays / 1000eng-74th-jj1bdx
jj1bdx
1
49
The BEAM Programming Paradigm
jj1bdx
1
980
Safe randomness: theory and practice
jj1bdx
1
1.5k
Other Decks in Technology
See All in Technology
「タコピーの原罪」から学ぶ間違った”支援” / the bad support of Takopii
piyonakajima
0
110
混合雲環境整合異質工作流程工具運行關鍵業務 Job 的經驗分享
yaosiang
0
140
SCONE - 動画配信の帯域を最適化する新プロトコル
kazuho
1
310
Azureコストと向き合った、4年半のリアル / Four and a half years of dealing with Azure costs
aeonpeople
1
250
AI時代、“平均値”ではいられない
uhyo
8
2k
サイバーエージェント流クラウドコスト削減施策「みんなで金塊堀太郎」
kurochan
4
2.2k
Copilot Studio ハンズオン - 生成オーケストレーションモード
tomoyasasakimskk
0
190
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
OAuthからOIDCへ ― 認可の仕組みが認証に拡張されるまで
yamatai1212
0
160
旅で応援する✈️ NEWTが目指すコミュニティ支援とあたらしい旅行 / New Travel: Supporting by NEWT on Your Journey
mii3king
0
140
CoRL 2025 Survey
harukiabe
1
240
CNCFの視点で捉えるPlatform Engineering - 最新動向と展望 / Platform Engineering from the CNCF Perspective
hhiroshell
0
120
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
5.8k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Designing for Performance
lara
610
69k
How GitHub (no longer) Works
holman
315
140k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
115
20k
A Tale of Four Properties
chriscoyier
161
23k
YesSQL, Process and Tooling at Scale
rocio
173
15k
Why Our Code Smells
bkeepers
PRO
340
57k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Thoughts on Productivity
jonyablonski
70
4.9k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Transcript
ٙࣅཚͷ࡞Γํɾ͍ํ ήʔϜ͔ΒใηΩϡϦςΟ·Ͱ ྗ ݈࣍ ྗ݈ٕ࣍ज़࢜ࣄॴ 201710݄26 JEITA ୈ4ճϋʔυΣΞηΩϡϦςΟٕज़Պձ Kenji Rikitake
/ JEITA 26-OCT-2017 1
ࣗݾհ (1/2) 1990ΑΓΠϯλʔωοτٕज़ ͷݚڀ։ൃʹैࣄ 2010ʙ2013: ژେֶ ใ ڥػߏ ڭतͱͯ͠ಉେֶͷશ ֶใηΩϡϦςΟରࡦΛ୲
2011/2012: ACM SIGPLAN Erlang Workshop ʹͯٙࣅཚ SFMTͱTinyMTͷErlang/OTPฒ ߦॲཧγεςϜͷ࣮Λൃද Kenji Rikitake / JEITA 26-OCT-2017 2
ࣗݾհ (2/2) 20144݄ΑΓྗ݈ٕ࣍ज़࢜ ࣄॴॴͱͯ͠ಠཱ 2015: Erlang/OTP ͷٙࣅཚ ϥΠϒϥϦ rand ϞδϡʔϧΛ։
ൃ όʔδϣϯ18.0ΑΓ࠾༻ 2016: Arduino UnoͰཧཚ ʹجͮ͘ిࢠαΠίϩ avrdice ʢࣸਅʣΛ։ൃɺMaker Faire Tokyo 2016ʹͯలࣔ Kenji Rikitake / JEITA 26-OCT-2017 3
ٙࣅཚͱ Kenji Rikitake / JEITA 26-OCT-2017 4
ͦͷલʹ ཚͱ? Kenji Rikitake / JEITA 26-OCT-2017 5
ཚྻͱ༧ଌෆೳੑ ݱࡏಘΒΕ͍ͯΔྻ͔Βະདྷ͕༧Ͱ͖ͳ͍ྻ 1 ཚͱཚྻͷཁૉʢ͋Δ͍ཚྻࣗʣ ిࢠճ࿏ͷʮࡶԻʯʹ૬ ༧ଌෆೳੑΛʮϥϯμϜωεʯͱ͍͏ ϥϯμϜωεʮใΤϯτϩϐʔʯͷҰཁૉ 2 2 খીಓʮΘ͔Γ͍͢ΦʔτϙΠΤʔγε(ࣗݾੜ࢈)ʯΑΓʮใΤϯτϩϐʔʯ
1 Wikipedia ʮཚྻʯΑΓൈਮ Kenji Rikitake / JEITA 26-OCT-2017 6
ϥϯμϜωεΛࣔ͢ཧݱ ࡶԻ → ߅ͷੜ͢ΔࡶԻ ΞόϥϯγΣ߱෬ → πΣφʔμΠΦʔυͷࡶԻ ಋମͷԆ࣌ؒͷόϥπΩ → ࣗྭൃৼͷΏΒ͗
ݪࢠ่֩յͷִ࣌ؒؒʢΨΠΨʔΧϯλʔʣ ͦͷଞɺྔࢠྗֶతෆ֬ఆੑͳͲ ʢʮࡶԻʯݯΛԿʹٻΊΔ͔ʹؼணʣ Kenji Rikitake / JEITA 26-OCT-2017 7
ཧཚ ϥϯμϜωεΛࣔ͢ཧݱʹΑΔཚྻ هͰ͖Δ͕࠶ݱͰ͖ͳ͍ ಘΒΕΔϥϯμϜωε༗ݶ →ޙड़͢ΔٙࣅཚʹൺߴԽ/େ༰ྔԽ͕ࠔ ੜஔͷཧత߈ܸ͕Մೳ →ੜ͞Εͨཚ͔Β߈ܸΛ͢Δ͜ͱࠔ Kenji Rikitake /
JEITA 26-OCT-2017 8
9
૿෯લͷࡶԻ Kenji Rikitake / JEITA 26-OCT-2017 10
૿෯ޙͷϥϯμϜͳϏοτྻ Kenji Rikitake / JEITA 26-OCT-2017 11
2ͭͷಠཱͨ͠ճ࿏ͷग़ྗ Kenji Rikitake / JEITA 26-OCT-2017 12
ϑΥϯɾϊΠϚϯɾϑΟϧλ ΑΓߴ͍࣭ͷཧཚΛಘΔͨΊͷํ๏ 1ϏοτಘΔͨΊʹ2ϏοταϯϓϦϯά͢Δ 1ͭ 2ͭ ݁Ռ 0 0 ແࢹʢ࠶ࢼߦʣ 0
1 0 1 0 1 1 1 ແࢹʢ࠶ࢼߦʣ Kenji Rikitake / JEITA 26-OCT-2017 13
͋ΒͨΊͯ ٙࣅཚͱ? Kenji Rikitake / JEITA 26-OCT-2017 14
ཚίϯϐϡʔλͰ࡞Εͳ͍ ཚ༧ଌෆೳͰͳ͚ΕͳΒͳ͍ →ܾఆతΞϧΰϦζϜͰੜͰ͖ͳ͍ ܾఆతΞϧΰϦζϜ෦ঢ়ଶΛ࣋ͭ ෦ঢ়ଶͷऔΓಘΔ߹ͷ༗ݶ ߹ͷ͕༗ݶͰ͋ΔҎ্पظ͕ܾ·Δ पظ͕͋Εݪཧతʹ༧ଌͰ͖ͯ͠·͏ Kenji Rikitake /
JEITA 26-OCT-2017 15
ͦΕͰٙࣅཚΛܭࢉ͢Δҙຯ पظ͕ेʹେ͖͍ྻཚͱಉ༷ͷੑ࣭Λ࣋ͭ →ٙࣅతʹཚͱΈͳͤΔˠٙࣅཚ ݱࡏͷٕज़Ͱ࡞ΕΔٙࣅཚͷपظेେ͖͍ →ྫ: SFMTͷయܕత࣮: ֬Λ࠶ݱ͢Δ͚ͩͰ͋Ε༧ଌෆೳੑෆཁ →ٙࣅཚྻ͕ٻΊΔ֬Ͱ͋ΕΑ͍ Kenji Rikitake
/ JEITA 26-OCT-2017 16
ٙࣅཚͷཧཚʹର͢Δར ෦ঢ়ଶͷॳظ͕ಉ͡Ͱ͋Ε࠶ݱͰ͖Δ →࠶ݱੑΛอূͰ͖ΔͷͰූ߸Խʹ͑Δ ܭࢉೳྗΛ૿͢͜ͱͰߴԽ/େ༰ྔԽ͕Ͱ͖Δ →େنͳधཁʹ༰қʹԠ͑ΒΕΔ ΞϧΰϦζϜͷͰ༧ଌෆೳੑΛߴΊΒΕΔ →ཧཚͰͳ࣮ͯ͘༻্ेͳ߹ଟ͍ Kenji Rikitake /
JEITA 26-OCT-2017 17
ٙࣅཚͷ༻్ ҉߸伴ͷੜʢ҉߸తڧ͕ඞཁɺޙड़ʣ γϛϡϨʔγϣϯʢϞϯςΧϧϩ๏ʣ ιϑτΣΞςετʢ݅ΛϥϯμϜʹม͑Δʣ εϖΫτϥϜͷ֦ࢄʢ௨৴ɺిݯϊΠζରࡦʣ ෛՙࢄʢϥϯμϜʹαʔόΛબʣ Kenji Rikitake / JEITA
26-OCT-2017 18
γϛϡϨʔγϣϯ: ϞϯςΧϧϩ๏ 3 3 By nicoguaro - Own work, CC
BY 3.0, from Wikimedia Commons Kenji Rikitake / JEITA 26-OCT-2017 19
ݹ͍ٙࣅཚͷੜ๏: ઢܗ߹ಉ๏ ͔͚ࢉɺͨ͠ࢉɺׂΓࢉ͚ͩ ܭࢉࣜͷྫ: →શͯͷ߹͕ܭࢉՄೳͳͨΊ҆શͰͳ͍ →ଟ࣍ݩͰنଇతʹͯ͠͠·͏ →ԼҐϏοτͷϥϯμϜωε͕͍ Kenji Rikitake /
JEITA 26-OCT-2017 20
ઢܗ߹ಉ๏ͰݱΕΔنଇੑ 4 4 CC BY-SA 3.0, from Wikimedia Commons Kenji
Rikitake / JEITA 26-OCT-2017 21
ݱͷੜ๏: LFSR LFSR: ઢܗϑΟʔυόοΫϨδελ 5 ಛੑଟ߲ࣜͷྫ: 5 By melan -
ߘऀ͕ࣗ࡞, ύϒϦοΫɾυϝΠϯ Kenji Rikitake / JEITA 26-OCT-2017 22
LFSRͷಛ ಛੑଟ߲ࣜΛબͿͱ࠷पظʹͰ͖Δ ݱࡏ༏Ε͍ͯΔͱ͞ΕΔཚੜํࣜͷجૅ ϋʔυΣΞԽ͕༰қ →GPSɺGSMܞଳɺΠʔαωοτͳͲԠ༻ ιϑτΣΞ࣮༰қ Kenji Rikitake / JEITA
26-OCT-2017 23
҉߸తҎ֎Ͱͷ͓קΊͷٙࣅཚ Mersenne Twister (MT): ͍पظ͕औΕΔ Xorshift+/*: ߴ SFMT: MTͷվྑ൛ɺ͍पظ͕औΕΔ TinyMT:
ΈࠐΈతʹద͍ͯ͠Δ MTΛϥΠϒϥϦʹ࣋ͭݴޠ͋Δ(R, Python) ͨͩ͠҉߸తʹ͍͚ͬͯ·ͤΜ Kenji Rikitake / JEITA 26-OCT-2017 24
҉߸తʹΈͨ ٙࣅཚͷηΩϡϦςΟ Kenji Rikitake / JEITA 26-OCT-2017 25
ٙࣅཚͷ҆શΛकΔʹ ಠࣗͷΞϧΰϦζϜΛ࡞Βͳ͍ ৴པͰ͖Δ࣮Λมߋͤͣʹ͏ ʢ҉߸ͷηΩϡϦςΟͱಉ͡ʣ Kenji Rikitake / JEITA 26-OCT-2017 26
JavaScriptॲཧܥV8Ͱ͋ͬͨόά Kenji Rikitake / JEITA 26-OCT-2017 27
౷ܭతͳཚͷݕఆ ஶ͘͠ภΓ͕͋Δ߹όά·ͨҟৗͷՄೳੑ ɺฏۉɺϞϯςΧϧϩ๏ʢԁपͳͲʣ ֤छύλʔϯͷ ݕఆʢߦྻϥϯΫͳͲʣ 6 ֤छπʔϧ: Dieharder, TestU01, PractRand
7 7 ৽෦༟ʮཚͷݕূπʔϧʹ͍ͭͯʯɺNeuG handbook 1.0 documentation 6 ୮Ӌ࿕ਓɺಢۼʮٖࣅཚݕূπʔϧͷௐࠪ։ൃʯɺژେֶཧղੳݚڀॴߨڀ 1351רɺ2004ɺpp. 80-93 Kenji Rikitake / JEITA 26-OCT-2017 28
౷ܭతͳݕఆํ๏ͷݶք पظΛௐΔ͜ͱ͕Ͱ͖ͳ͍ ݕఆΛύεͯ͠༧ଌෆೳੑࣔͤͳ͍ →҉߸త҆શੜํ๏ͷݕূΛߦΘͳ͍͜ͱʹ ࣔ͢͜ͱ͕Ͱ͖ͳ͍ ظؒʹฆΕࠐΜͩෆਖ਼ͳ݁Ռͷݕग़͕Ͱ͖ͳ͍ Kenji Rikitake / JEITA
26-OCT-2017 29
҉߸త҆શͷ݅ લఏ݅: ౷ܭతݕఆͰෆඋ͕ݟΒΕͳ͍ ෦ঢ়ଶ͕໌ͯ͠༧ଌෆೳੑ͕อͨΕΔ →ΞϧΰϦζϜ/࡞ํ๏ͷެ։͕ݕূͷେલఏ →ʮൿີͷճ࿏/ΞϧΰϦζϜʯ৴༻͞Εͳ͍ ҉߸త҆શੑʹର͢Δ߈ܸख๏ͷ։ൃΜ →ใηΩϡϦςΟͷҰେݚڀ Kenji Rikitake
/ JEITA 26-OCT-2017 30
OSͰͷ҉߸త҆શͳཚੜख๏ Kenji Rikitake / JEITA 26-OCT-2017 31
ΑΓ҆શͳٙࣅཚΛಘΔʹ ίϯϐϡʔλ෦ͰͷΤϯτϩϐʔͰෆे →ಛʹԾϚγϯͰΤϯτϩϐʔ͕ෆ →֎෦ʹཧཚͷڙڅݯΛઃ͚Δ ཧཚʹϑΥϯɾϊΠϚϯɾϑΟϧλΛ͏ ཧཚʹϋογϡؔΛซ༻ →֎෦ͷཚ߈ܸͷӨڹΛ؇Ͱ͖Δ Kenji Rikitake /
JEITA 26-OCT-2017 32
ཧཚͱϋογϡؔͷซ༻ Kenji Rikitake / JEITA 26-OCT-2017 33
҉߸తͰٙࣅཚΛ͏ʹ ՄೳͳݶΓOSͷαʔϏε/ϥΠϒϥϦΛ͏ →Linux/macOS/BSD: /dev/urandom →Windows: CryptGenRandom →Android: SecureRandom ͦͷଞOpenSSL, LibreSSLͳͲ
ݪଇࣗͰϓϩάϥϜॻ͍͍͚ͯͳ͍ Kenji Rikitake / JEITA 26-OCT-2017 34
MCUCPUͷཧཚͷ৴པੑ Intel x86_64: RDRAND/RDSEED ໋ྩ →ہʹΑΔόοΫυΞͷଘࡏ͕ࢦఠ͞Εͨ →ͦͷ··ΘͣΤϯτϩϐʔݯʹͱͲΊ͍ͯΔ ARM Cortex-M4Ͱࣄಉ͡ →࠷ݶϋογϡؔͱซ༻͕ඞཁ
Kenji Rikitake / JEITA 26-OCT-2017 35
ݕূෆेͳٙࣅཚʹΑΔ੬ऑੑ ݕূෆेͳٙࣅཚͷੜใ੬ऑੑͱͳΔ IEEE 802.11Ͱͷ伴ੜʹΔཚੜஔͷ੬ऑੑ ˠޙͷWPA2ͷKRACK੬ऑੑʹͭͳ͕Δ 8 InfineonࣾͷRSA҉߸伴ੜ࣌ͷݕূෆͰ੬ऑͳ҉ ߸伴͕ੜˠTPMICΧʔυೝূʹӨڹ9 9 ROCA:
Vulnerable RSA generation (CVE-2017-15361) 8 Mathy Vanhoef and Frank Piessens, Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys, 25th USENIX Security Symposium Kenji Rikitake / JEITA 26-OCT-2017 36
·ͱΊ ཧཚஔաఔ͕͔֬ͳͷΛ͏ ཧཚஔͷੜ݁ՌΛͦͷ··৴༻͠ͳ͍ ٙࣅཚ৽͘͠ධՁ͕࣮֬ͳͷΛ͏ ҉߸ϓϩτίϧʹOSͷϥΠϒϥϦΛ͏ ݕূ͕Ͱ͖ͳ͍ಠࣗίʔυϦεΫ Kenji Rikitake / JEITA
26-OCT-2017 37
͋Γ͕ͱ͏͍͟͝·ͨ͠ ࣭͝ΛͲ͏ͧ Kenji Rikitake / JEITA 26-OCT-2017 38
ຊจதͷURLʹ͍ͭͯ https://speakerdeck.com/ jj1bdx/jeita-20171026 Λࢀর ը૾ΫϨδοτ: ग़యΛ໌ه͍ͯ͠ͳ͍ͷྗ ݈͕࣍ࡱӨ λΠτϧεϥΠυͷഎܠ: TV Noise,
Theodore Pulser, PublicDomainPictures.net (public domain) ֤ηΫγϣϯͷഎܠʢࣈͷฒΜͰ͍Δͷʣ: Tyler Easton, Unsplash.com (public domain) Kenji Rikitake / JEITA 26-OCT-2017 39