課題Ⅱ 第４編① 技術的セキュリティ対策の基礎知識

Technical security countermeasures in information systems are the foundation for protecting personal information. A systematic understanding of four pillars -- encryption technology, authentication technology, access control, and network security -- is required for Task II of the Certified Personal Information Protection Specialist examination. This section comprehensively covers cipher mechanisms, key management, hash functions, digital signatures, PKI, SSL/TLS, various authentication methods, access control models, and firewalls, IDS/IPS, and VPN.

Shared-key encryption (symmetric-key encryption) uses the same key for both encryption and decryption. The current standard is AES (Advanced Encryption Standard), with key lengths selectable from 128, 192, or 256 bits. DES (Data Encryption Standard), the former standard, has a key length of only 56 bits and is now considered insecure. 3DES (Triple DES) enhanced security by repeating DES three times, but it is slow and migration to AES is underway. The greatest advantage of symmetric encryption is processing speed, but the key distribution problem (how to securely deliver the key to the other party) is a fundamental challenge.

Public-key encryption (asymmetric-key encryption) uses two different keys: a public key for encryption and a private key for decryption. A representative algorithm is RSA, and key lengths of 2048 bits or more are recommended. Elliptic Curve Cryptography (ECC) can achieve equivalent security with shorter key lengths than RSA, making it attractive for mobile terminals and IoT devices. Public-key encryption solves the key distribution problem, but processing speed is significantly slower compared to symmetric encryption.

The hybrid encryption method combines the strengths of public-key and shared-key encryption. First, public-key encryption is used to securely exchange a shared key (session key), and then the actual data communication is performed using fast shared-key encryption. SSL/TLS is a representative implementation of this method.

A hash function is a one-way function that generates a fixed-length hash value (message digest) from data of arbitrary length. There are three important properties. First, one-wayness (the original data cannot be restored from the hash value). Second, fixed-length output (the same output length regardless of input length). Third, collision resistance (it is difficult for different inputs to produce the same hash value). Current standards are SHA-256 and SHA-3; MD5 and SHA-1 are deprecated due to discovered collision vulnerabilities.

A digital signature is a technology where the sender signs the hash value of a message with their private key, and the recipient verifies it with the sender's public key. Digital signatures provide three functions. First, tamper detection (confirming that data has not been altered in transit). Second, identity confirmation (that the sender is indeed who they claim to be). Third, non-repudiation (the sender cannot later claim they did not send it).

PKI (Public Key Infrastructure) is a mechanism for guaranteeing the reliability of public keys. A Certificate Authority (CA) issues digital certificates, and a Registration Authority (RA) handles identity verification of applicants. Digital certificates use the X.509 format as standard, containing the owner's public key, validity period, issuer information, and more. For certificate revocation checking, CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol), which allows real-time checking, are used.

SSL/TLS is a protocol that encrypts internet communication, adopting the hybrid encryption method. During the handshake process, the server presents a digital certificate (server certificate), the client verifies it with the CA's public key, and then they negotiate a session key. Currently TLS 1.2 and TLS 1.3 are the valid versions; SSL 3.0 and TLS 1.0/1.1 are recommended to be disabled due to vulnerabilities. HTTPS (HTTP + TLS) is considered essential for websites handling personal information.

Authentication technology is a mechanism for confirming that a user is the legitimate person, and is classified into three factors. The knowledge factor (something you know) is information only the person knows, such as passwords, PINs, and secret questions. The possession factor (something you have) is something only the person has, such as IC cards and security tokens. The biometric factor (something you are) is the person's physical characteristics, such as fingerprints and irises.

Password authentication, the representative of knowledge-based authentication, is the most widespread method but is exposed to many attack techniques. Brute-force attacks try all combinations exhaustively; dictionary attacks use lists of commonly used words; rainbow table attacks use pre-computed hash correspondence tables. As countermeasures, password complexity requirements (mixing uppercase, lowercase, numbers, and symbols), salted hash storage, and account lockout after a certain number of failures are effective.

Possession-based authentication includes IC card authentication, one-time passwords (OTP), security tokens, and SMS authentication. One-time passwords include TOTP (Time-based OTP) using time synchronization and HOTP (HMAC-based OTP) using event synchronization. TOTP generates passwords that change at fixed intervals (usually 30 seconds) based on the current time, and is widely used in Google Authenticator and Microsoft Authenticator. SMS authentication carries the risk of SIM swap attacks, so there is a trend toward recommending migration to TOTP.

Biometric authentication is an authentication method using individual physical characteristics, including fingerprint, iris, vein, facial, and voiceprint authentication. Metrics for measuring accuracy include FAR (False Acceptance Rate -- other person acceptance rate) and FRR (False Rejection Rate -- identity rejection rate). The lower the FAR, the higher the security; the lower the FRR, the higher the convenience. These two have a tradeoff relationship: tightening the threshold lowers FAR but raises FRR.

Multi-factor authentication (MFA) is a method that combines two or more authentication factors from different categories. The key point is that they must be from "different" categories. Password + secret question is NOT MFA because both are knowledge factors. It only becomes MFA when different categories are combined, such as password (knowledge) + one-time password (possession). Two-factor authentication (2FA) is the most common form of MFA.

DAC (Discretionary Access Control) is a model where the resource owner sets access rights at their own discretion. Standard file permission systems in Windows and Linux, where file owners grant read or write privileges to other users, fall under this category. While flexibility is high, security levels can vary because they depend on the owner's judgment.

MAC (Mandatory Access Control) is a model where the system compulsorily controls access based on security labels (confidentiality classifications) and user clearance levels. Individual users are not permitted to change permissions, and it is adopted in high-security environments such as military and government organizations.

RBAC (Role-Based Access Control) is a model that assigns privileges to roles and grants roles to users. For example, access rights to the expense settlement system are defined for the "accounting staff" role, and that role is granted to applicable employees. During personnel transfers, only the role reassignment is needed, making management efficiency a key characteristic. It is the most widely adopted model in enterprise information systems.

There are three important principles supporting access control. The Principle of Least Privilege grants only the minimum privileges necessary for business operations and does not give unnecessary privileges. Separation of Duties prevents fraud by having important processes shared among multiple people rather than completed by one person alone. The Need-to-Know principle permits access only to information that is necessary to know for business purposes, and is especially important when limiting the scope of personal information handling.

A firewall is a device that controls communication between networks, and comes in several types. Packet filtering type permits or denies communication at OSI reference model Layer 3 (network layer) and Layer 4 (transport layer) based on IP addresses and port numbers. Stateful inspection type tracks communication state (connection information) and allows only legitimate response packets to pass. Application gateway (proxy) type inspects communication content at Layer 7 (application layer). NGFW (Next-Generation Firewall) is an advanced product that integrates application identification and IPS functions in addition to these capabilities.

IDS (Intrusion Detection System) detects unauthorized access and notifies the administrator, but does not automatically block it. IPS (Intrusion Prevention System) automatically blocks communication in addition to detection. Detection methods include signature-based, which matches against known attack patterns, and anomaly-based, which detects deviations from normal communication patterns. By installation location, they are classified into network-type (NIDS/NIPS) and host-type (HIDS/HIPS). Network-type monitors communication on the network, while host-type operates on individual servers.

WAF (Web Application Firewall) is a defense device specialized for web applications. It detects and blocks web-specific attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Its distinguishing feature is the ability to handle application-layer attacks that regular firewalls and IPS cannot defend against. For web services handling personal information, WAF deployment is strongly recommended.

The fundamental SQL injection countermeasure is not embedding user input into SQL statements via string concatenation. With string concatenation, quotation marks and semicolons within input get interpreted as SQL syntax, leaving room for attackers to execute arbitrary SQL statements. In contrast, when prepared statements (pre-prepared SQL statements) using placeholders (such as the question mark "?" or ":name") and the bind variable mechanism are used, the SQL statement structure (syntax tree) is parsed and finalized in advance on the database server side, and the values bound later are treated purely as mere data. As a result, even if input contains quotation marks or strings like "OR '1'='1'", they cannot alter the SQL statement structure, and injection cannot be established in principle. Input validation and escaping of special characters are also auxiliary effective measures, but omissions readily occur, so prepared statements using placeholders/bind variables are recommended as the primary countermeasure even in IPA's "How to Create Safe Websites."

A DMZ (Demilitarized Zone) is a buffer zone placed between the external network (internet) and the internal network (company LAN). By placing servers that need to be publicly accessible, such as web servers and mail servers, in the DMZ, direct damage to the internal network is prevented even in the unlikely event that a server is compromised.

VPN (Virtual Private Network) is a technology that constructs an encrypted, secure communication path over a public network. IPsec VPN operates at OSI Layer 3 and is suitable for site-to-site connections between bases. SSL-VPN operates at Layers 4-7 and is widely used for remote access because it can be used with just a web browser. When handling personal information during remote work, encryption of communication via VPN is essential.