近年來,可攜式電腦的普及率不斷提升,所提供的行動性與便利性改變了人們使用 電腦的方式。不幸地,在輕巧便於攜帶的背後,卻潛藏著因電腦遺失或失竊而造成資料 安全性的問題。一般而言,儲存在可攜式電腦中的重要資料,其價值遠高於電腦本身硬 體之價值。因此,如何保護遺失或失竊電腦內所儲存的重要資料,是一項重要的研究議 題。 本論文中,我們設計與實作一套應用網路技術之可攜式電腦防竊系統(NAS: Network Anti-theft System)。讓可攜式電腦於遺失或失竊後,自動連接有線或無線網路, 並回傳所連接網路之路由器的IP 位址至後端伺服器,透過伺服器內的資料庫,轉換IP 位址為實際地理位置,讓使用者能進行追蹤定位。此外,為了保護該電腦內的檔案資料, 使用者可透過網路進行遠端控制,取回或刪除重要檔案資料,或鎖定電腦等,達到電腦 的防竊保護。本系統包含三個主要模組NAS-Core、NAS-EOS 與NAS-Server。透過三個 模組間環環相扣之相互檢驗機制,來確保系統的安全。其中,NAS-Core 是建構於韌體 層的安全檢驗核心,結合SMM (System Management Mode)與HAD (Hidden Disk Areas) 技術,避免軟體程式被惡意的窺探與竄改,而達到嚴密的安全防護。而NAS-EOS 是一 個嵌入式系統,讓本系統在不依靠使用者的作業系統環境,與網路驅動程式的協助,即 可完成與遠端伺服器的通訊。最後的NAS-Server 則裝有Web 與資料庫伺服器,提供使 用者網頁介面以進行遠端控制,與儲存目前電腦的安全狀態資訊等資料。 本系統將電腦的安全狀態資訊,存放於獨立的非揮發性記憶體中,藉由韌體無法被 輕易移除或關閉的特性,確保系統有較高的安全性。實驗結果證明,本系統在機器遺失 後,能立即啟動防護,且使用者能進行追蹤定位與遠端控制等功能。The way of computer usage has changed a great deal in recent years due to the mobility and convenience provided by mobile computers. Unfortunately, because of they are portable, the risks, such as theft and its associated loss of data, have increased as well. The data stored in the computer is usually far more valuable to the owner than the hardware itself; therefore, the protection against the loss of data is an important research issue. In this paper, we designed and implemented a Network Anti-theft System (NAS). The NAS allows the mobile computers to connect to the internet through wired or wireless network, and transmits their current router IP addresses to a backend server. From the server, the IP addresses can be used to find the positions of the users. Our system can not only protect the data inside the computer but also the user can retrieve or delete the data remotely, or to lock the computer preventing from further access. NAS has three primary modules, NAS-Core, NAS-EOS, and NAS-Server. Security is achieved through the interactions between these three modules. NAS-Core is the kernel module for security check process in the firmware layer. By combining the System Management Mode (SMM) and Hidden Disk Areas (HAD), it prevents the user’s password or key from being viewed and changed by malicious software. NAS-EOS is an embedded system that allows the system to connect to a remote server without relying on the operating systems. Lastly, NAS-Server is a web and database server which stores status of the computer and allows the user to remote control through its web interface. This system stores the security status of the computer into non-volatile memory. Since the firmware is difficult to be removed or shut down, it increases the safety of our system. Experiments have shown that the proposed system can activate immediately upon the loss of mobile computer and allows the user to track its position and remote control the lost computer.
