不信任區域網路中數位證據保留之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：11

、訪客IP：18.117.153.38

姓名

楊文超(Wen-Chao Yang) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

不信任區域網路中數位證據保留之研究
(The Research of Keeping Digital Evidence in Untrusted Local Area Network)

相關論文

★ 網路合作式協同教學設計平台－以國中九年一貫課程為例	★ 內容管理機制於常用問答集(FAQ)之應用
★ 行動多重代理人技術於排課系統之應用	★ 應用數位版權管理機制於數位影音光碟內容保護之研究
★ 存取控制機制與國內資安規範之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 信用卡系統導入NFC手機交易機制探討	★ 以IAX2為基礎之網頁電話架構設計
★ App應用在電子商務的推薦服務-以P公司為例	★ 建置服務導向系統改善生產之流程-以W公司PMS系統為例
★ NFC行動支付之TSM平台規劃與導入	★ 關鍵字行銷在半導體通路商運用-以G公司為例
★ 探討國內田徑競賽資訊系統－以103年全國大專田徑公開賽資訊系統為例	★ 航空地勤機坪作業盤櫃追蹤管理系統導入成效評估—以F公司為例
★ 導入資訊安全管理制度之資安管理成熟度研究－以B個案公司為例	★ 資料探勘技術在電影推薦上的應用研究-以F線上影音平台為例

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

電腦犯罪與資訊安全事件發生件數的成長，使得企業或電腦使用者不得不正視此一問題。但常因為證據資料的刪除，而無法發現事件的發生；另外，就目前的電腦鑑識研究而言，雖然可以處理大多電腦犯罪事件，但是，對於技術高深的入侵者而言，要刪除證據資料且無法回復並非不可能做到。
本文之『不信任區域網路』，乃相對於Bruce Schneier所提出之網路上具有可信任之主機而言，故本研究之前提乃視所有於區域上之主機皆不可信，傳遞之資料皆須進行保護。
利用簡單的「公開加密機制」與具機密性和完整性的「分散式容錯機制」，建立具完整性、鑑別性、可用性及彈性的數位證據保留架構，有效地將可證明不法事件事實的數位資料，轉換成具（n卅m）容錯比例與企業內部亦無從竄改之數位證據。
並於上述架構中加入檢查機制，將原須約檢查[n/2]次（假設共有n筆資料）方可找出資料關鍵處的檢查方法，有效的減為約檢查[(2+n)/8]+2次，便可達到。
此架構的建置可同時確保公司內、外部犯罪證據之安全性，並經網路模擬器實驗模擬，該架構可於區域網路上建置，不至於造成網路癱瘓。

摘要(英)

By the rate of the information secirty events and computer crimes happened increasing, the business and computer users must face up to the problem. Because the high volatility of digital evidence, the illegal user do not usually cover up the happened event but also hide the actions what they do.
The research focuses on how to storage the digital evidence and keep the admissibility and weight of the digital evidence at the same time. The word “untrusted LAN” is oppsited to the Bruce Schneier’s “Trusted Machine”, means no trusted machines in the LAN, therefore any evidence that will be storaged must be protected or it will be broken.
After studying the Secure Log, Cryptography, and Fault Tolerance domains, we provide a solution, “ The framework of Keeping Digital Evidence”. The flexible framework can transfer important data about the illegal event to the digital enidence that cannot be modify and has n/m fault tolerance rate. Then we design a checking function, it can decrease the mean of check times from [n/2] to [(2+n)/8]+2. Finally we use the Network Simulator 2 program to simulate our framework in LAN, to valid the framework can implement in LAN without crashing the network traffic.

關鍵字(中)

★ 數位證據
★ 容錯性
★ 資訊安全
★ 電腦犯罪
★ 資訊分散演算法
★ 網路模擬

關鍵字(英)

★ Network Simulation
★ Information Dispersal Algorithm
★ Computer Crime
★ Information Security
★ Digital Evidence
★ Fault Tolerance

論文目次

第一章緒論 1
1.1 研究背景與動機 1
1.2 研究目的 3
1.3 研究假設與限制 4
1.4 預期貢獻 5
1.5 研究架構 5
1.6 章節簡介 8
第二章文獻探討 9
2.1 數位證據與電腦鑑識（Digital Evidence and Computer Forensics） 9
2.2 密碼學（Cryptography） 11
2.3 安全稽核（Secure Audit） 26
2.4 容錯（Fault Tolerance） 27
第三章數位證據保留架構 33
3.1 數位證據保留架構 35
3.2 產生階段 38
3.3 還原階段 40
3.4 檢查階段 46
第四章網路模擬 54
4.1 NS2簡介 54
4.2 網路模擬實驗 55
第五章結論與建議 65
5.1 研究發現 65
5.2 研究貢獻 65
5.3 研究限制 66
5.4 未來研究方向 66
參考文獻 68
網頁資料 68
中文文獻 69
英文文獻 70
附錄A 資訊分散演算法（IDA） 74

參考文獻

網頁資料
1.政府憑證管理中心網站, http://www.pki.gov.tw, Date 2002/05/24.
2.America Computer Industry Almanac. Data from http://japanonline.hypermart.net/new_page_239.htm, Date 2002/05/24.
3.Computer Emergency Response Team (CERT), http://www.cert.org/stats/cert_stats.html, Date 2002/05/24.
4.Dai, Wei’s Home Page, Speed Comparison of Popular Crypto Algorithms, http://www.eskimo.com/~weidai/benchmarks.html, Date 2002/05/24.
5.Federal Rules of Evidence 803, Hearsay Exceptions; Availability of Declarant Immaterial, Data from http://www.courtrules.org/r803hear.htm, Date 2002/05/24
6.Federal Rules of Evidence 902, Self-authentication, Data from http://www.courtrules.org/r902self.htm, Date 2002/05/24.
7.Kerr, Orin S., Computer Crime and Intellectual Property Section(CCIPS) Search and Seizing Computer and Obtaining Electronic Evidence in Criminal Investigations, January 2001, Data from http://www.cybercrime.gov/searchmanual.htm, Date 2002/05/24.
8.Network Simulator Version 2. http://www.isi.edu/nsnam/ns/, Date 2002/05/24.
9.Research using Network Simulator. http://www.isi.edu/nsnam/ns/ns-research.html, Date 2002/05/24.
中文文獻
10.林煒翔，電腦犯罪模式分析，民國八十七年，中央警察大學警政研究所碩士論文。
11.黃世昆，防止攻擊跳板主機之安全管理策略,中央大學演講,民國九十年十月十八日。
12.黃東熊，證據法綱要，民國八十三年，中央警察大學印行。
13.蔡文輝，社會學，民國八十九年，台北市：三民書局。
14.鍾慶豐編著，近代網路安全與編碼機制原理、實作，民國九十一年，台北市：儒林圖書有限公司。
英文文獻
15.Bates, Jim, “Fundamentals of Computer Forensics,” Information Security Technical Report, Vol. 3, No. 4, 1998, p. 75-78.
16.Bates, Jim, “Computer Evidence – Recent Issues,” Information Security Technical Report, Vol. 5, No. 2, 2000, p. 15-22.
17.Berkeley NS research group, USC/ISI and Xerox PARC, The NS Manual, 2001.
18.Bestavros, Azer, “An Adaptive Information Dispersal Algorithm for Time-critical Reliable Communication.” In Ivan Frisch, Manu Malek, and Shivendra Panwar,” Editors, Network Management and Control. Vol. II, Chapter 6, Plenum Publishing Corporation, New York, 1994, p. 423-438.
19.Bigler, Mark, “Computer Forensics Gear,“ Internal Auditor, 2001.
20.Casey, Eoghan: Digital Evidence and Computer Crime. Academic Press, 2000.
21.Chen, Peter M., Edward K. Lee, Garth A. Gibson, Randy H. Katz, David A. Patterson, “RAID: High-Performance, Reliable Secondary Storage,” ACM Computing Surveys, Vol. 26, No. 2, June 1994, p. 145-185.
22.Civie, Victor, and Richard Civie, “Future Technologies from Trends in Computer Forensic Science,” Information Technology Conference IEEE, 1998.
23.Davis, Bryan j., “Computer Intrusion Investigation Guidelines,” FBI Law Enforcement Bulletin, January 2001, p. 8-11.
24.Federal Information Processing Standards, “DATA ENCRYPTION STANDARD (DES),” FIPS PUB 46-3, 1977.
25.Federal Information Processing Standards, “SECURE HASH STANDARD (SHA),” FIPS PUB 180-1, 1993.
26.Goan, Terrance, ”A Cop on the Beat: Collecting and Appraising Intrusion Evidence,” Communications of the ACM, Vol. 42, No. 7, 1999, p. 46-52.
27.Hafner, Katherine & John Markoff: Cyberpunk. New York: Simon & Schuster, 1991.
28.Icove, David, Karl Seger & William VonStorch: Computer Crime. O’Reilly & Associates, Inc., 1995.
29.Iyengar, Arun, Robert Cahn, Juan Garay, and Charanjit Jutla, “Design and Implementation of a Secure Distributed Data Repository,” In Proceedings of the 14th IFIP International Information Security Conference (SEC ’’98), Vienna, Austria and Budapest, Hungary, September 1998.
30.Kelsey, John, Bruce Schneier, and Chris Hall, “An Authenticated Camera,” Computer Security Applications Conference, 1996, p. 24-30
31.Kruse, II Warren G. and Jay G. Heiser: Computer Forensics., Addison-Wesley, 2001.
32.Kurtz, George, Stuart McClure and Joel Scambray: Hacking Exposed: Network Security Secrets & Solutions. 1999, McGraw-Hill, Inc.
33.Krawczyk, Hugo, “Distributed fingerprints and secure information dispersal,” In Proceedings of the 12th ACM Symposium on Principles of Distributed Computing, 1993, p. 207-218.
34.Lai, Xuejia and James L. Massey, “A Proposal for a New Block Encryption Standard,” Proceedings of EUROCRYPT’90, Springer-Verlag, 1991, p. 389-404.
35.Mansfield, Richard: Hacker Attack! , CA: SYBEX Inc., 2000.
36.Mirsky, L.: An Introduction to Linear Algebra. Dover, New York, 1963.
37.Nakayama, Marvin K., Bülent Yener, “Optimal Information Dispersal for Probabilistic Latency Targets,” Computer Networks, Vol. 36, Issue 5-6, August 2001, p. 695-707.
38.Patterson, David A., Garth Gibson, and Randy H. Katz, “A case for Redundant Arrays of Inexpensive Disks (RAID),” In Proceedings of ACM SIGMOD International Conference on Management of Data, June 1988, p. 109-116.
39.Patzakis, John M., “Electronic Evidence Discovery: From High-End Litigation Tactic to Standard Practice,” Federal Discovery News, Vol. 6, No. 10, September, 2000, p. 3-4.
40.Pfleeger, Charles P.: Security in Computing. Second Edition, NJ: Simon & Schuster, 1997.
41.Phillips, B.J. and N. Burgess, “Implementing 1,024-bit RSA Exponentiation on a 32-bit Processor Core,” Proceedings of the IEEE International Conference on Application-Specific Systems, Architectures, and Processors (ASAP’’00), 2000, p. 127-137.
42.Rabin, Michael O., “Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance,“ Journal of ACM, Vol. 36, No. 2, 1989, p. 335-348.
43.Rivest, Ronald L., “The RC5 Encryption Algorithm,” Dr. Dobb’s Journal, January 1995.
44.Rivest, R. L., A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2, February 1978, p. 120-126.
45.Schneier, Bruce: Applied Cryptography. Second Edition, John Wiley & Sons, 1996.
46.Schneier, Bruce and John Kelsey, “Cryptographic Support for Secure Logs on Untrusted Machines,” In Proceedings of the International Workshop on USENIX Security Symposium, USENIX Assoc., Berkeley, CA, 1998, p. 53-62.
47.Schneier, Bruce and John Kelsey, “Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs,” Second International Workshop on the Recent Advances in Intrusion Detection (RAID ’’99), September 1999.
48.Schneier, Bruce and John Kelsey, “Secure Audit Logs to Support Computer Forensics,” ACM Transactions on Information and System Security, Vol. 2, No. 2, 1999, p. 159-176.
49.Shamir, Adi, “How to Share a Secret,” Communications of the ACM, Vol. 22, No. 11, 1979, p. 612-613.
50.Sommer, Peter, “Digital Footprints: Assessing Computer Evidence“, Criminal Law Review Special Edition, 1998, p. 61-78.
51.Sommer, Peter, “Intrusion Detection System as Evidence”, Computer Networks, Vol. 31, 1999, p. 2477-2487.
52.Stallings, William: Cryptography and Network Security: Principles and Practices. Second Edition, Prentice Hall International, 1999.

指導教授

林熙禎、陳奕明
(Shi-Jen Lin、Yi-Ming Chen)

審核日期

2002-7-2

推文