- PDF 無料ダウンロード

Size: px

Start display at page:

Download ""

あきひさのじま
5 years ago
Views:

3 MACsec DNSSEC CA/Browser User Managed Access IPv Gumblar QubesOS...46 ii

4 TG Early AdoptersEarly Majority[1] 3. RSA MACsec DNSSEC DNSSEC CA/Browser 20 PKI 2009 Web API OAuth Core 1.0 OAuth 2.0 User Managed Access IPv4 NAT/NAPTNetwork 1 1

5 Address Translation/Network Address Port Translation IPv6 Gumblar 2009 QubesOS OS Deposal VM VM [1] 2002pp

6 1. 1. RSA ECC RSA RSA ECC Diffie-HellmanDH ECDH Digital Signature AlgorithmDSA ECDSA Menezes Qu VanstoneMQV ECMQV 2005 NSA Suite B[1]Suite B RSA ECDH ECDSA ECC RSA AES P-256 P-384 ECDH P-256 P-384 ECDSA SHA-256 SHA-384 RFC 4869[2]5008[3]5430[4] Suite B NSA ECDH Suite B [5]Suite B ECC NSA Suite B ECDSA Suite B Implementer's Guide to FIPS (ECDSA)[6] 2 ECC 3 RFC 3 RFC 3

7 3. NSA Suite B Implementer's Guide to FIPS (ECDSA) RFC RFC RFC 5759 Suite B Certificate and Certificate Revocation List (CRL) Profile[7] RFC 5639 Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation[8] RFC 5915 Elliptic Curve Private Key Structure [9] RFC 5753 Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) [10] RFC 5758 Internet X.509 Public Key Infrastructure:Additional Algorithms and Identifiers for DSA and ECDSA [11] RFC 5903 Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2[12] NSA Suite B Implementer's Guide to FIPS (ECDSA) [6] Suite B ECDSA ECDSA NIST FIPS 186-3[13]FIPS DSADisital Signature AlgorithmRSA ECDSA ECDSA ANSI X9.62 FIPS ECDSA ECDSA Appendix FIPS ECDSA 15 Suite B P-256 P Appendix P-256 P-384 4

8 P-192 P-224 P-256 P-384 P-521 B-163 B-233 B-283 B-409 B-571 K-163 K-233 K-283 K-409 K IETF RFC 4.1 RFC RFC 5639 Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation Brainpool Brainpool epassport RFC 5759 Suite B Certificate and Certificate Revocation List (CRL) Profile Suite B X.509v3 X.509v2 CRL RFC 5915 Elliptic Curve Private Key Structure 5

9 Private ASN RFC RFC 5753 Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) RFC 3278 CMS ECC SHA2 RFC 5758 Internet X.509 Public Key Infrastructure:Additional Algorithms and Identifiers for DSA and ECDSA RFC 3279 SHA-224, SHA-256, SHA-384, SHA-512 DSA ECDSA OIDObject IDentifier RFC 5903 Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2 RFC 4753 IPsec IKE IKEv2 5ECC ECC 5.1 OpenSSL Windows CNG Cryptography Next Generation ECC OpenSSL ECC OpenSSL OpenSSL 1.0.0a 67 NIST FIPS NIST OpenSSL Appendix OpenSSL CSR Oakley-EC2N-4, Oakley-EC2N CSR OpenSSL CNG NIST P-256P-384P-521 6

10 CNG Windows Server 2008 CACertificate Authority ECC Web Web ECC CSP OpenSSL CSR Windows Server 2008 P-256 OpenSSL prime256v1p-384 secp384r1p-521 secp521r Web ECC Web Apache HTTP Server alpha OpenSSL 1.0.0a Microsoft IIS 7.0OpenSSL 1.0.0a s_server Microsoft Windows Vista Microsoft Internet Explorer 8Mozilla Firefox 3Google Chrome 5Opera 10 Apple Safari 5 Web ECC Apache HTTP Server 2.2 ECC Alpha Microsoft IIS OpenSSL CSR prime256v1p-256)secp384r1 P-384)secp521r1(P-521) OpenSSL s_server OpenSSL 65 prime256v1, secp384r1, secp521r1 IIS Opera Opera ECC OpenSSL 65 s_server Opera Ineternet ExplorerChromeSafari prime256v1, secp384r1, secp521r1 Firefox IIS prime256v1, secp384r1, secp521r1 s_server 7

11 6. ECC ECC NIST 15 OpenSSL 67 Windows CNS 3 P-256P-384P-521 Suite B 2 P-256P-384 P-256 P Appendix OpenSSL NIST RFC 4492[13] Table.6 OpenSSL NIST sect163k1 K-163 sect163r2 B-163 sect233k1 K-233 sect233r1 B-233 sect283k1 K-283 sect238r1 B-283 sect409k1 K-409 sect409r1 B-409 sect571k1 K-571 sect571r1 B-571 prime192v1 P-192 secp224r1 P-224 prime256v1 P-256 8

12 secp384r1 P-384 secp521r1 P-521 [1] NSA Suite B Cryptography [2] RFC 4869: Suite B Cryptographic Suites for IPsec, [3] RFC 5008: Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME), [4] RFC 5430: Suite B Profile for Transport Layer Security (TLS), [5] NSA Suite B Implementers' Guide to NIST SP A, [6] NSA Suite B Implementer's Guide to FIPS (ECDSA) [7] RFC 5759: Suite B Certificate and Certificate Revocation List (CRL) Profile, [8] RFC 5639: Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation, [9] RFC 5915: Elliptic Curve Private Key Structure, [10] RFC 5753: Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS), [11] RFC 5758: Internet X.509 Public Key Infrastructure:Additional Algorithms and Identifiers for DSA and ECDSA, [12] RFC 5903: Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2, [13] RFC4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS), 9

13 2. MACsec MACsecMedia Access Control Security Protocol MACsec 2. MACsec MACsec 2 IPsecIP Security Protocol SSL Secure Sockets Layer/TLSTransport Layer Security 2 IPSIntrusion Prevention System 3. MACsec MACsec MACsec MACsec IEEE 802.1AE-2006 Media Access Control (MAC) Security MACsec IEEE 802.1X-2010 Local and Metropolitan Area Networks - Port-Based Network Access Control IEEE 802.1X-2004 EAPOLEAP over LANMACsec MACsec IEEE P802.1af

14 4. MACsec MACsec IPsec 1 - MAC ICVIntegrity Check Value - ICV - MAC - MAC Packet Number ID ID MAC MAC Bounded receive delay - MAC MAC - 11

15 IPsec MACsec IPsec MACsec IKEv1 / IKEv2 IEEE 802.1X PNPacket Number 5. MACsec IPsec SASecurity Association MACsec CASCSA 3 1 CAConnectivity Association - SC - SCSecure Channel - - SA - SCISecure Channel Identifier = System Identifier6 +Port Identifier2 SASecure Association - SAKSecure Association Key - SAISecure Association Identifier= System Identifier6 +Port Identifier2 +Association Number2 12

16 1 MACsec CA/SC/SA 6. MACsec MACsec 2 MACsec 3 MACsec SecTAGMAC Security TAG ICVIntegrity Check Value SecTAG MACsec EtherType - MACsec 2 88-E5 TCITAG Control Information - MACsec V 0 SCI SC E 6 ANAssociation Number - SC SA 2 SC 4 SA SLShort Length - Secure Data PNPacket Number - SA ID 4 SCISecure Channel Identifier - TCI SC System Identifier 2 Port Identifier SC GCM-AES-128 SCI PN IV 13

17 Initialization Vector TCI E Data Data Secure Data DMAC MAC SMAC MAC SecTAGSecure Data 2 MACsec 3 MACsec 7. MACsec GCM-AES-128 GCM Galois/Counter Mode MACsec IEEE 802.1X CA/SC/SA 14

18 9. MACsec MACsec Cisco Systems Intel Cisco Systems TrustSec MACsec Nexus 7000Catalyst 3750-XCatalyst 3560-X RADIUS Cisco Secure Access Control System 5.1 Security Association Protocol SAP IEEE 802.1X-2010 Intel Intel 82567LM LAN MACsec 10. MACsec MACsec 2 VMware vmotion 2 2 MACsec 2 DRDisaster Recovery VPLSVirtual Private LAN ServiceMAC-VPNCisco Overlay Transport VirtualizationOTV MACsec MACsec MACsec 15

19 MACsec 2 WAN IPsec IPsec MACsec 2 / 12. MACsec Cisco Systems Intel NIC 2 16

20 3. DNSSEC DNS [1].jp.se cctld.com.org gtld.apra TLD DNS DNS DNSSEC DNSSEC DNSSEC DNSSEC DPSDNSSEC Practice Statement DNSSEC 1. DNSSEC DNSSEC 1 ICANN VeriSign Root DNSSEC [2] Web DNSSEC 1 DNSSEC VeriSign ICANN ICANN VeriSign KSK ZSK DURZ DURZ KSK ZSK DURZ DNSSEC ICANN KSK ICANN KSK ICANN 17

21 DURZ 2 A M DNSSEC DURZDeliberately Unvalidatable Root Zone DNSSEC DURZ 1 DURZDeliberately Unvalidatable Root Zone DURZ DURZ DNSSEC ICANN VeriSign DNSSEC [3] Transparency Audited DPS High Security NIST SP DPS 18

22 2. KSK [4]TCR Trusted Community RepresentativesKSK [5] Transparency JPRS 3. DPS DPSDNSSEC Practice Statement CPSCertification Practice Statement[6] DNSSEC DNSSEC DPS DPS Transparency Audited KSK DPS ICANN [7]ZSK DPS VeriSign [8] 4. DNSSEC DNSSEC [9]7 21 DNSSEC DNSSEC 2010 [10] DNSSEC Web URL DNSSEC JP DNSSEC JPRS JPRS JP DNSSEC DNSSEC 19

23 DNSSEC DNSSEC DNSSEC ML DNSSEC BIND OpenDNSSEC JP [11] DNSSEC 20

24 [1] ICANN,VeriSign: Status Update, [2] Root DNSSEC [3] DNSSEC for the Root Zone [4] ICANN DNS Operations [5] Trusted Community Representatives - Proposed Approach to Root Key Management [6] Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework [7] DNSSEC Practice Statement for the Root Zone KSK Operator [8] DNSSEC Practice Statement for the Root Zone ZSK operator [9] DNSSEC [10] DNSSEC [11] JP DNSSEC 21

4. CA/Browser 2010 5 12 13 CA/Browser [1] 20 CA/Browser CA/Browser 1.

25 4. CA/Browser CA/Browser [1] 20 CA/Browser CA/Browser 1. EV SSL CA/Browser EV SSL EV SSL Web SSL EV SSL EV SSL Certificate Guidelines[2]EV CA/Browser CA/Browser Web Web 2. CA/Browser CA/Browser 22

26 EV CA/Browser 1 CA/Browser EV 2 EV F Google CABF GMO CA/Browser EV TWCA 5. [] 6. EV SSL JPRS 10. cctld CABF EV EV SSL 3. EV 23

27 [3]JCAF EV SSL Fujitsu SonyEV SSL EV SSL EV EV EV SSL EV SSL EV 4. CA/Browser JCAF CA/Browser SSL/TLS CA/Browser EV SSL CA/Browser CA/Browser

28 [1] CA/Browser Forum [2] EV SSL Certificate Guidelines [3] JCAF 25

29 5. User Managed Access User Managed Access [1] 2. User Managed Access 2.1 PDPPolicy Decision PointPDP PEPPolicy Enforcement Point PDP Web API Web API OAuth [2] [3] OAuth ClientResource OwnerResource Server Protected Resource Protected Resource Client OAuth Client Resource Owner Resource Owner Protected Resource Resource Owner Protected Resource Resource Server Client Authorization Server PEP PDP Resource Server Authorization Server Resource Server Resource Owner Resource Server Authorization ServerResource Server Authorization Server Client Client Protected Resource 26

30 Twitter Facebook n n 2.2 User Managed Access UMA User Managed Access Web UMA 1 Client Protected Resouce Resource Owner Client Client Claim Resource User Resource Owner Client 2 Resource Server Authorization Server Resource Server Authorization Server Resource Owner Resource Owner Authorization Manager 3. UMA Core UMA IETF OAuth 2.0 [4] OAuth 2.0 1( UMA OAuth 2.0 OAuth

31 1UMA Authorizing User: OAuth 2.0 Resource OwnerHost Protected Resource Requester Authorization Manager Authorization Manager: Authorization ServerAuthorizing User Protected Resource policy decision Host: Resource ServerProtected Resource Authorization Manager Requester policy enforcement Requester: ClientRequesting PartyAuthorizing User Protected Resource UMA [5]

3.1 Authorizing User Host Authorization Manager introductionhost Authorization Manager Authorizing User Host Authorization Manager Host Host Web Host Metadata [6] Authorization Manager Host

32 3.1 Authorizing User Host Authorization Manager introductionhost Authorization Manager Authorizing User Host Authorization Manager Host Host Web Host Metadata [6] Authorization Manager Host Authorization Manager Protected Resource Authorizing User Authorization Manager Host Access Token Protected Resource Authorization Manager Host Authorization Manager Host Authorization Manager Authorization Manager Host IDdynamic registration[7] 2UMA 3 29

33 3.2 Requester Requesting PartyProtected Resource Authorizing User Protected Resource Protected Resource Host Requester Protected Resource access token access token Host Requester Authorization Manager Requester Authorizaiton Manager scope access token Authorization Manager 3 access token Claim Authorization Manager Claim Requester Authorization Manager Claim Authorization Manager Claim [8] JSON access token Claim Authorization Manager Claim access token Claim 3.3 Authorizaiton Manager access token Requester access token Host Protected Resource Host access token Authorization Manager Protected Resource Requester Authorizing User Protected Resource 4. UMA Kantara Initiative WG WG 2009 PayPal Eve Maler SMARTStudent-Managed Access to Online Resources [9] 30

34 5. OAuth 2.0 / OAuth OAuth UMA 31

35 [1] Home - WG - User Managed Access - Kantara Initiative [2] OAuth [3] OAuth Community Site [4] The OAuth 2.0 Protocol [5] UMA 1.0 Core Protocol - WG - User Managed Access - Kantara Initiative [6] Web Host Metadata [7] OAuth Dynamic Client Registration Protocol [8] Claims WG - User Managed Access - Kantara Initiative [9] Student-Managed Access to Online Resources 32

36 6. IPv6 1, IPv4 [1] IPv6 IPv6 IPv6 IPv6 ON IPv6 IPv4 IPv6 IPv6 IPv4 NAT/NAPT Network Address Translation/Network Address Port Translation IETFInternet Engineering Task Force End-to-End IPv4 NAT IPv6 NAT IPv6 NAT NAT NAT/NAPT 2. IPv6 IPv6 Integrity 2007 RFC 4864[2] RFC 4864 IPv4 NAT IPv6 NAT NAT IPv6 NAT IPv6 NAT NAT66[3] 33

37 2010 IAB Internet Architecture Board 2 End-to-End [4] NAT IPv6 RFC 5902[5] RFC 4864 RFC 5902 NAT RFC 4864 IPv6 NAT NAT 2.1 NAT NAT IPv4 NAT (1) (2) (1) NAT NAT NAT NAPT NAT RFC 4864 RFC 5902 NAT

38 (2) NAT NAT NAT IP IP IP-ID NAT [6] NAT NAPT NAT SIPSession Initiation Protocol SCTPStream Control Transmission Protocol NAT OS Host finger printing NAT Host finger printing - Hop Limit Host finger printing IPv6 RFC 4941 pseudo-random privacy address [7] RFC 4193 ULAUnique Local Address[8] RFC 4941 SLAACStateless Address Auto Configuration ID MAC EUI-64Extended Unique Identifier-64 1 RFC 4193 IPv4 NAT RFC

39 NAT Mobile IP Mobile IP Binding update RFC 5902 NAT End-to-End IPv6 2.2 NAT RFC 4864 NAT66[3]RFC 5902 NAT (1) Avoiding renumbering (2) Facilitating multi-homing (3) Making edge consumer network configurations homogenous (1) IPv4 CIDRClass-less Inter Domain Routing ISP NAT NAT IPv6 CIDR DHCP-PD[9] Prefix IP DNS DHCP IDS IPv6 NAT 36

40 PIProvider Independent NAT PI (2) ISP IPv4 NAT NAT NAT NAT IP IPv6 ISP IPv4 NAT IPv6 IPv4 NAT NAT End-to-End IPv6 End-to-End (3) ISP NAT IPv6 NAT IPv6 NAT 3. RFC 5902 IAB IPv4 37

41 NAT IPv6 NAT NAT RFC 5902 NAT NAT NAT NAT End-to-End IAB RFC 5902 End-to-End IPv4 IPv6 IPv6 RFC 4864 IPv6 ULA 38

42 [1] IPv4 IPv4 [2] G. Van de Velde, T. Hain, R. Droms, B. Carpenter, E. Klein, Local Network Protection, RFC 4864, May 2007 [3] M. Wasserman, F. Baker, IPv6-to-IPv6 Network Address Translation NAT66), Internet-Draft, Nov [4] Aboba, B. and E. Davies, Reflections on Internet Transparency, RFC 4924, July 2007 [5] D. Thaler, G. Lebovitz, IAB Thoughts on IPv6 Network Address Translation, RFC 5902, July 2010 [6] Bellovin, S., A Technique for Counting NATed Hosts, Proc. Second Internet Measurement Workshop, November 2002 [7] Narten, T., R.Draves, and S. Krishnan, Privacy Exensions for Stateless Address Autoconfiguration in IPv6, RFC 4941, September [8] Hinden, R. and B. Haberman, Unique Local IPv6 Unicast Addresses, RFC 4193, October [9] Troan, O. And R. Drms, IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) Version 6, RFC 3633, December

43 7. Gumblar Gumblar Web [1] Gumblar 1 1 Gumblar Web (1) Web (2) 2 (1) Web Web Web FTPSSH authentication Web Web (2) Gumblar Web HTTP 40

44 2. Web 2.1 Web Web Web Web Web CMS FTP FTP SSHSecure Shell [2] scp SSH OpenSSH 3 FTPSFile Transfer Protocol over SSL/TLS[3][4] Gumblar Web FTP SSH FTP SSH authentication 2.2 SANS ISCInternet Storm Center SSH [5] TCP 22 SSH (1) SSH (2) (3) authentication(4) (5) AllowGroups (6) SSH chroot jail (7) SSH IP (8) (1) FTP [6] SSH (2)

45 sshdfilterv1.5.7 ssh brute force attack blocker 4 SSH ipfilter (5) MUSTAN 5 SSH admintestoraclemysqlpostgress DBMS NIST SP , Electronic Authentication Guideline [6] Appendix A `Information about estimating the entropy of passwords 4 2 `Passwords shall have at least 10 bits of min-entropy 3 Web PC FTP SSH OpenSSH unix 128 Gumblar Web

46 2.3 SP PC FTP SSH PKI PKI (1) SSH OpenSSH X.509 v3 Petrov OpenSSH 6 OpenSSL X509 Store OpenSSL (2) FTPS FTPS 7 OpenSSL ingress egress Web phishing

47 2005 [8]ISP [9]ISP [10]Web HTTP 80 IRC ConflickerDownadup [11] PCIPayment Card Industry-DSSData Security Standard 1.2 [12] IPv6 IPv4 Gumblar 44

48 [1] Web Gumblar [2] RFC 4251, SSH Protocol Architecture (2006) [3] RFC 2228, FTP Security Extensions (1997) [4] RFC 4217, Securing FTP with TLS (2005) [5] SANS, Internet Storm Center Diary, `Distributed SSH Brute Force Attempts on the rise again, Published: , [6] NIST SP , Electronic Authentication Guideline Version (2006) [7] RFC 2577, FTP Security Considerations (1999) [8] US-CERT Informational Whitepaper, Malware Threats and Mitigation Strategies (2005), [9] RFC 3013 ISP Recommended Internet Service Provider Security Services and Procedures [10] Detecting and Preventing Unauthorized Outbound Traffic, SANS (2007), authorized-outbound-traffic_1951 [11] SANS Technology Institute. Group Discussion/Written Project GIAC Enterprises Downadup Incident (2009), [12] PCI Security Standards Council, PCI DSS Version 1.2, 45

49 8. QubesOS 1. QubesOS OS OS Qubes OS 1 OS Web Work Data Spread Sheet 1 1 Web Work Data Web 2 46

50 2 SELinux Linux ACL Access Control List 2. QubesOS QubesOS VM Qubes OS Xen VM "OS ""Xen " Hyper Visor VM 3 QubesOS 47

3 (1) Domain0 Domain0 Network Storage Domain0 Dom0 2500 C (2) Network Domain VM Network VM (3) Storage Domain VM Storage VM (4) Application VM

51 3 (1) Domain0 Domain0 Network Storage Domain0 Dom C (2) Network Domain VM Network VM (3) Storage Domain VM Storage VM (4) Application VM Application VMQubesOS Qube WorkShoppingRandom Application VM Template VMRead Only QubesOS Hyper Visor VM Xen Linux Linux 7 1 Fedora13 Alpha2 QubesOS Windows VM 48

52 3. QubesOS 3 (1) Lightweight Virtual Machine VM lightweight Virtual Machines VM Guest Linux (2) VM (1) Lightweight Virtual Machine VM Qubes OS NetTop VM OS QubesOS 4Clipboard 5 6 "pendrive" Application VM 49

53 4 5 50

54 6 (3) DisposableVM Work AppVM Shopping AppVM Work AppVM Work AppVM Work AppVM PDF Work AppVM Spread Sheet PDF Random AppVM AppVM PDF Disposable VM 1s VM PDF Disposable VM PDF Disposable VM PDF Work PDF PDF Disposable VM 51

55 Disposable VM VM Disposable QubesOS Beta1 VM 1s 4. Fedora13 Alpha2 64bit CPU Yum Desktop Environments/KDE Applications/Editors Base System/Base Base System/Fonts Base System/Hardware Support Base System/X Window System Desktop Environment KDE Fedora13 Yum Domain 0 Qubes OS AppDomain AppVMLinux SystemVM 5. QubesOS 1. Work 2. Shopping 3. RandomWeb 52

56 1. Mail OpenOffice Web 2. Amazon Web 3. Web Disposable VM Disposable VM Work a.) b.) Random c.) Shopping Work d.) Work Work VM Linux Windows VM 53

楕円曲線暗号の整備動向＋楕円暗号の実装状況

楕円曲線暗号の整備動向＋楕円暗号の実装状況楕円曲線暗号の整備動向 + 楕円暗号の実装状況 2011 年 2 23 筑波学岡晃 2011/2/23 JNSA PKI 相互運用 WG 1 IPA 情報セキュリティ技術動向調査 TG ( タスクグループ ) 広範な情報セキュリティ分野において継続的にかつ質のい技術情報を収集し続けるため半期毎に発表会形式の会合を開催し討議をふまえて調査報告書を作成します http://www.ipa.go.jp/security/outline/comm