姓名 楊文超(Wen-Chao Yang)  查詢紙本館藏   畢業系所 資訊管理學系
論文名稱 不信任區域網路中數位證據保留之研究
(The Research of Keeping Digital Evidence in Untrusted Local Area Network)
摘要(中) 電腦犯罪與資訊安全事件發生件數的成長,使得企業或電腦使用者不得不正視此一問題。但常因為證據資料的刪除,而無法發現事件的發生;另外,就目前的電腦鑑識研究而言,雖然可以處理大多電腦犯罪事件,但是,對於技術高深的入侵者而言,要刪除證據資料且無法回復並非不可能做到。
本文之『不信任區域網路』,乃相對於Bruce Schneier所提出之網路上具有可信任之主機而言,故本研究之前提乃視所有於區域上之主機皆不可信,傳遞之資料皆須進行保護。
摘要(英) By the rate of the information secirty events and computer crimes happened increasing, the business and computer users must face up to the problem. Because the high volatility of digital evidence, the illegal user do not usually cover up the happened event but also hide the actions what they do.
The research focuses on how to storage the digital evidence and keep the admissibility and weight of the digital evidence at the same time. The word “untrusted LAN” is oppsited to the Bruce Schneier’s “Trusted Machine”, means no trusted machines in the LAN, therefore any evidence that will be storaged must be protected or it will be broken.
After studying the Secure Log, Cryptography, and Fault Tolerance domains, we provide a solution, “ The framework of Keeping Digital Evidence”. The flexible framework can transfer important data about the illegal event to the digital enidence that cannot be modify and has n/m fault tolerance rate. Then we design a checking function, it can decrease the mean of check times from [n/2] to [(2+n)/8]+2. Finally we use the Network Simulator 2 program to simulate our framework in LAN, to valid the framework can implement in LAN without crashing the network traffic.
關鍵字(中) ★ 數位證據
★ 容錯性
★ 資訊安全
★ 電腦犯罪
★ 資訊分散演算法
★ 網路模擬
關鍵字(英) ★ Network Simulation
★ Information Dispersal Algorithm
★ Computer Crime
★ Information Security
★ Digital Evidence
★ Fault Tolerance
論文目次 第一章 緒論 1
1.1 研究背景與動機 1
1.2 研究目的 3
1.3 研究假設與限制 4
1.4 預期貢獻 5
1.5 研究架構 5
1.6 章節簡介 8
第二章 文獻探討 9
2.1 數位證據與電腦鑑識(Digital Evidence and Computer Forensics) 9
2.2 密碼學(Cryptography) 11
2.3 安全稽核(Secure Audit) 26
2.4 容錯(Fault Tolerance) 27
第三章 數位證據保留架構 33
3.1 數位證據保留架構 35
3.2 產生階段 38
3.3 還原階段 40
3.4 檢查階段 46
第四章 網路模擬 54
4.1 NS2簡介 54
4.2 網路模擬實驗 55
第五章 結論與建議 65
5.1 研究發現 65
5.2 研究貢獻 65
5.3 研究限制 66
5.4 未來研究方向 66
參考文獻 68
網頁資料 68
中文文獻 69
英文文獻 70
附錄A 資訊分散演算法(IDA) 74
1.政府憑證管理中心網站, http://www.pki.gov.tw, Date 2002/05/24.
2.America Computer Industry Almanac. Data from http://japanonline.hypermart.net/new_page_239.htm, Date 2002/05/24.
3.Computer Emergency Response Team (CERT), http://www.cert.org/stats/cert_stats.html, Date 2002/05/24.
4.Dai, Wei’s Home Page, Speed Comparison of Popular Crypto Algorithms, http://www.eskimo.com/~weidai/benchmarks.html, Date 2002/05/24.
5.Federal Rules of Evidence 803, Hearsay Exceptions; Availability of Declarant Immaterial, Data from http://www.courtrules.org/r803hear.htm, Date 2002/05/24
6.Federal Rules of Evidence 902, Self-authentication, Data from http://www.courtrules.org/r902self.htm, Date 2002/05/24.
7.Kerr, Orin S., Computer Crime and Intellectual Property Section(CCIPS) Search and Seizing Computer and Obtaining Electronic Evidence in Criminal Investigations, January 2001, Data from http://www.cybercrime.gov/searchmanual.htm, Date 2002/05/24.
8.Network Simulator Version 2. http://www.isi.edu/nsnam/ns/, Date 2002/05/24.
9.Research using Network Simulator. http://www.isi.edu/nsnam/ns/ns-research.html, Date 2002/05/24.
15.Bates, Jim, “Fundamentals of Computer Forensics,” Information Security Technical Report, Vol. 3, No. 4, 1998, p. 75-78.
16.Bates, Jim, “Computer Evidence – Recent Issues,” Information Security Technical Report, Vol. 5, No. 2, 2000, p. 15-22.
17.Berkeley NS research group, USC/ISI and Xerox PARC, The NS Manual, 2001.
18.Bestavros, Azer, “An Adaptive Information Dispersal Algorithm for Time-critical Reliable Communication.” In Ivan Frisch, Manu Malek, and Shivendra Panwar,” Editors, Network Management and Control. Vol. II, Chapter 6, Plenum Publishing Corporation, New York, 1994, p. 423-438.
19.Bigler, Mark, “Computer Forensics Gear,“ Internal Auditor, 2001.
20.Casey, Eoghan: Digital Evidence and Computer Crime. Academic Press, 2000.
21.Chen, Peter M., Edward K. Lee, Garth A. Gibson, Randy H. Katz, David A. Patterson, “RAID: High-Performance, Reliable Secondary Storage,” ACM Computing Surveys, Vol. 26, No. 2, June 1994, p. 145-185.
22.Civie, Victor, and Richard Civie, “Future Technologies from Trends in Computer Forensic Science,” Information Technology Conference IEEE, 1998.
23.Davis, Bryan j., “Computer Intrusion Investigation Guidelines,” FBI Law Enforcement Bulletin, January 2001, p. 8-11.
24.Federal Information Processing Standards, “DATA ENCRYPTION STANDARD (DES),” FIPS PUB 46-3, 1977.
25.Federal Information Processing Standards, “SECURE HASH STANDARD (SHA),” FIPS PUB 180-1, 1993.
26.Goan, Terrance, ”A Cop on the Beat: Collecting and Appraising Intrusion Evidence,” Communications of the ACM, Vol. 42, No. 7, 1999, p. 46-52.
27.Hafner, Katherine & John Markoff: Cyberpunk. New York: Simon & Schuster, 1991.
28.Icove, David, Karl Seger & William VonStorch: Computer Crime. O’Reilly & Associates, Inc., 1995.
29.Iyengar, Arun, Robert Cahn, Juan Garay, and Charanjit Jutla, “Design and Implementation of a Secure Distributed Data Repository,” In Proceedings of the 14th IFIP International Information Security Conference (SEC ’’98), Vienna, Austria and Budapest, Hungary, September 1998.
30.Kelsey, John, Bruce Schneier, and Chris Hall, “An Authenticated Camera,” Computer Security Applications Conference, 1996, p. 24-30
31.Kruse, II Warren G. and Jay G. Heiser: Computer Forensics., Addison-Wesley, 2001.
32.Kurtz, George, Stuart McClure and Joel Scambray: Hacking Exposed: Network Security Secrets & Solutions. 1999, McGraw-Hill, Inc.
33.Krawczyk, Hugo, “Distributed fingerprints and secure information dispersal,” In Proceedings of the 12th ACM Symposium on Principles of Distributed Computing, 1993, p. 207-218.
34.Lai, Xuejia and James L. Massey, “A Proposal for a New Block Encryption Standard,” Proceedings of EUROCRYPT’90, Springer-Verlag, 1991, p. 389-404.
35.Mansfield, Richard: Hacker Attack! , CA: SYBEX Inc., 2000.
36.Mirsky, L.: An Introduction to Linear Algebra. Dover, New York, 1963.
37.Nakayama, Marvin K., Bülent Yener, “Optimal Information Dispersal for Probabilistic Latency Targets,” Computer Networks, Vol. 36, Issue 5-6, August 2001, p. 695-707.
38.Patterson, David A., Garth Gibson, and Randy H. Katz, “A case for Redundant Arrays of Inexpensive Disks (RAID),” In Proceedings of ACM SIGMOD International Conference on Management of Data, June 1988, p. 109-116.
39.Patzakis, John M., “Electronic Evidence Discovery: From High-End Litigation Tactic to Standard Practice,” Federal Discovery News, Vol. 6, No. 10, September, 2000, p. 3-4.
40.Pfleeger, Charles P.: Security in Computing. Second Edition, NJ: Simon & Schuster, 1997.
41.Phillips, B.J. and N. Burgess, “Implementing 1,024-bit RSA Exponentiation on a 32-bit Processor Core,” Proceedings of the IEEE International Conference on Application-Specific Systems, Architectures, and Processors (ASAP’’00), 2000, p. 127-137.
42.Rabin, Michael O., “Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance,“ Journal of ACM, Vol. 36, No. 2, 1989, p. 335-348.
43.Rivest, Ronald L., “The RC5 Encryption Algorithm,” Dr. Dobb’s Journal, January 1995.
44.Rivest, R. L., A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2, February 1978, p. 120-126.
45.Schneier, Bruce: Applied Cryptography. Second Edition, John Wiley & Sons, 1996.
46.Schneier, Bruce and John Kelsey, “Cryptographic Support for Secure Logs on Untrusted Machines,” In Proceedings of the International Workshop on USENIX Security Symposium, USENIX Assoc., Berkeley, CA, 1998, p. 53-62.
47.Schneier, Bruce and John Kelsey, “Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs,” Second International Workshop on the Recent Advances in Intrusion Detection (RAID ’’99), September 1999.
48.Schneier, Bruce and John Kelsey, “Secure Audit Logs to Support Computer Forensics,” ACM Transactions on Information and System Security, Vol. 2, No. 2, 1999, p. 159-176.
49.Shamir, Adi, “How to Share a Secret,” Communications of the ACM, Vol. 22, No. 11, 1979, p. 612-613.
50.Sommer, Peter, “Digital Footprints: Assessing Computer Evidence“, Criminal Law Review Special Edition, 1998, p. 61-78.
51.Sommer, Peter, “Intrusion Detection System as Evidence”, Computer Networks, Vol. 31, 1999, p. 2477-2487.
52.Stallings, William: Cryptography and Network Security: Principles and Practices. Second Edition, Prentice Hall International, 1999.
指導教授 林熙禎、陳奕明
(Shi-Jen Lin、Yi-Ming Chen)
審核日期 2002-7-2
