スライド 1

Size: px

Start display at page:

Download "スライド 1"

あまめさわまつ
5 years ago
Views:

1 IPA

2 1 / / 2 (DRBG) DRBG NIST SP

3 1 3

4 JCMVP JCATT AES 15 4

5 5

6 OK/NG OK ( ) ( ) 6

7 JCMVP JCATT JCATT 7

8 332 (DES, Triple-DES, DSA, SHA1) 88(26.5%)(*1) % (*1) CMVP FAQ 8

9 9

10 JCATT (FSM VE FSM FSM 10

11 CMVP FIPS (2001/5) FIPS DTR (2001/5) (ISO) ISO/IEC (2006/3) ISO/IEC (2008/7) JIS X (2007/3) JIS X (2009/10) 11

13 JIS X Z Y X W X Z Y W CSP (Critical Security Parameter) : CSP CSP CSP 13

14 ! 14

15 1 USB! USB USB 15

16 1 USB! (1) (2) AES (3)USB USB USB (4) : on_usb_flash_drive.pdf 16

17 1 USB! (1) (2) AES! B5 D3 68 DC 8A 4D A5 B1 FD 2E D F2 0D 52 1E 2B F9 CD (3) (4) AES (5) USB USB 17

18 1 USB!! (1) (2) AES (3)USB USB USB USB (4)!! B5 D3 68 DC 8A 4D A5 B1 FD 2E D F2 0D 52 1E 2B F9 CD

19 2 Debian GNU/Linux OpenSSL OpenSSL Debian Valgrind( ) : CVE ( 19

20 3 IC IC () 20

21 JCMVP 2 21

22 2 (DRBG) DRBG NIST SP

23 (DRBG) ( ) Initial Vector DRBG : Deterministic Random Bit Generators 23

24 DRBG (1) 128-bit 128-bit ( ) 24

25 DRBG (2) DRBG DRBG 128-bit DRBG( ) DRBG( ) 25

26 DRBG (3) NIST SP DRBG DRBG 26

27 (1) 4-bit X 16 X 78? 27

28 (2) Shannon H S H = P x)log ( P( x)) S x Ω X ( 2 Ω X Xx H S Shannon 28

29 (3) H min H min = max P max 2 H min log P 2 H min <= H S (ISO/IEC 18031:2005, Annex G) 29

30 (1) 1( )4 n-bit n 8,16, 256 (=2 28 ) n=8n /2 8 =2 20 = P max 3 n=16n /2 16 =2 11 =2048 P max 3 30

31 (2) n 31

32 32

33 (3) Entropy and Entropy Sources in X9.82, John Kelsey, NIST, July EntropySources.pdf Testing Issues with OS-based Entropy Sources, Peter Gutmann, University of Auckland TestingOSSources.pdf NIST Special Publication rev1, A Statistical Test Suite for Random and Pseudorandom Number Generators rev1/SP800-22rev1.pdf 33

34 RBG RBG prediction resistance reseeding backtracking resistance( ) DRBG DRBG 1 x x + 1 x + 2 x

35 (RBG) (1) ISO/IEC 18031, Information technology Security techniques Random bit generation ANS X9.82 Draft AIS20AIS31 (NRBG : Non-deterministic Random Bit Generators) (DRBG) JIS X ANS X9.82, NIST SP ANS X9.82, Random Number Generation Part1:Overview and Basic Principles, Part3:Deterministic Random Bit GeneratorsPart2:Entropy Sources AIS20, Functionality classes and evaluation methodology for deterministic random number generators AIS31, Functionality classes and evaluation methodology for true (physical) random number generators FIPS

36 (RBG) (2) NIST SP (DRBG) ISO/IEC ANS X9.82:Part3 Draft ANS X9.82:Part3 Hash_DRBGNIST SP ANS X9.82:Part3 Hash_DRBGANSI-approved ( ANS X9.62:2005ECDSA) /SP800-90revised_March2007.pdf 36

37 NIST SP800-90DRBG(1) Personalization string Additional input Nonce Entropy Input Instantiate Instantiate Reseed Reseed Uninstantiate Generate Generate Health test DRBG Random Bit Generator (RBG) DRBG 37

38 NIST SP800-90DRBG(2) DRBG DRBGHealth Test Health Test DRBG (Instantiate, Reseed, Generate, Uninstantiate) DRBG (Seed ) Seed nonce Seed additional input ReseedGenerate personalization string DRBG 38

39 NIST SP800-90DRBG DRBG ( :HMAC_DRBG) Instantiate (a) Instantiate Reseed (b) Reseed Generate (c) Generate HMAC_DRBG_Instantiate_algorithm HMAC_DRBG_Reseed_algorithm HMAC_DRBG_Generate_algorithm HMAC Uninstantiate Health Test DRBG 39

40 NIST SP DRBG reseed_intervalgenerate Instantiate Generate Generate Reseed () Generate Generate Reseed Generate Generate Uninstantiate 40

41 JIS X ISO/IEC 18031JCMVP NIST SP Hash_DRBG HMAC_DRBG CTR_DRBG FIPS NIST SP ( ) NIST SP Health Test FIPS 140-2RBG revised-draft-fips140-3_pdf-zip_document-annexa-to-annexg.zip 41

42 NIST SP DRBG DRBG Instantiate Generate Generate Reseed Generate Generate Uninstantiate DRBG 42

43 NIST SP Instantiate(1) Instantiate Instantiate Instantiate [ ] [ ] [] [ ] Uninstantiate [] [ ] 43

44 NIST SP Instantiate(2) Instantiate Instantiate Instantiate [] [ ] 44

45 NIST SP DRBG DRBG Instantiate Generate Generate Reseed Generate Generate Uninstantiate DRBG 45

46 NIST SP Generate(1) Generate Generate Reseed Generate [ ] [ ] [] [ ] Uninstantiate [] [ ] 46

47 NIST SP Generate(2) Generate Generate Generate [ ] Uninstantiate [] [] [ ] 47

48 NIST SP DRBG DRBG DRBG DRBG DRBG FIPS 140-2, JIS X

49 NIST SP (7 11 ) 49

50 JCMVP 50

ASF-01

ASF-01 暗号モジュール試験及び認証制度 (JCMVP) 承認されたセキュリティ機能に関する仕様平成 26 年 4 月 1 日独立行政法人情報処理推進機構 ASF-01 A p p r o v e d S e c u r i t y F u n c t i o n s 目次 1. 目的... 1 2. 承認されたセキュリティ機能... 1 公開鍵... 1 共通鍵... 3 ハッシュ... 4 メッセージ認証...