跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 楊文超
Wen-Chao Yang
論文名稱: 不信任區域網路中數位證據保留之研究
The Research of Keeping Digital Evidence in Untrusted Local Area Network
指導教授: 林熙禎
Shi-Jen Lin
陳奕明
Yi-Ming Chen
口試委員:
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理學系
Department of Information Management
畢業學年度: 90
語文別: 中文
論文頁數: 76
中文關鍵詞: 數位證據容錯性資訊安全電腦犯罪資訊分散演算法網路模擬
外文關鍵詞: Network Simulation, Information Dispersal Algorithm, Computer Crime, Information Security, Digital Evidence, Fault Tolerance
相關次數: 點閱:15下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 電腦犯罪與資訊安全事件發生件數的成長,使得企業或電腦使用者不得不正視此一問題。但常因為證據資料的刪除,而無法發現事件的發生;另外,就目前的電腦鑑識研究而言,雖然可以處理大多電腦犯罪事件,但是,對於技術高深的入侵者而言,要刪除證據資料且無法回復並非不可能做到。
    本文之『不信任區域網路』,乃相對於Bruce Schneier所提出之網路上具有可信任之主機而言,故本研究之前提乃視所有於區域上之主機皆不可信,傳遞之資料皆須進行保護。
    利用簡單的「公開加密機制」與具機密性和完整性的「分散式容錯機制」,建立具完整性、鑑別性、可用性及彈性的數位證據保留架構,有效地將可證明不法事件事實的數位資料,轉換成具(n卅m)容錯比例與企業內部亦無從竄改之數位證據。
    並於上述架構中加入檢查機制,將原須約檢查[n/2]次(假設共有n筆資料)方可找出資料關鍵處的檢查方法,有效的減為約檢查[(2+n)/8]+2次,便可達到。
    此架構的建置可同時確保公司內、外部犯罪證據之安全性,並經網路模擬器實驗模擬,該架構可於區域網路上建置,不至於造成網路癱瘓。

    By the rate of the information secirty events and computer crimes happened increasing, the business and computer users must face up to the problem. Because the high volatility of digital evidence, the illegal user do not usually cover up the happened event but also hide the actions what they do.
    The research focuses on how to storage the digital evidence and keep the admissibility and weight of the digital evidence at the same time. The word “untrusted LAN” is oppsited to the Bruce Schneier’s “Trusted Machine”, means no trusted machines in the LAN, therefore any evidence that will be storaged must be protected or it will be broken.
    After studying the Secure Log, Cryptography, and Fault Tolerance domains, we provide a solution, “ The framework of Keeping Digital Evidence”. The flexible framework can transfer important data about the illegal event to the digital enidence that cannot be modify and has n/m fault tolerance rate. Then we design a checking function, it can decrease the mean of check times from [n/2] to [(2+n)/8]+2. Finally we use the Network Simulator 2 program to simulate our framework in LAN, to valid the framework can implement in LAN without crashing the network traffic.

    第一章 緒論 1 1.1 研究背景與動機 1 1.2 研究目的 3 1.3 研究假設與限制 4 1.4 預期貢獻 5 1.5 研究架構 5 1.6 章節簡介 8 第二章 文獻探討 9 2.1 數位證據與電腦鑑識(Digital Evidence and Computer Forensics) 9 2.2 密碼學(Cryptography) 11 2.3 安全稽核(Secure Audit) 26 2.4 容錯(Fault Tolerance) 27 第三章 數位證據保留架構 33 3.1 數位證據保留架構 35 3.2 產生階段 38 3.3 還原階段 40 3.4 檢查階段 46 第四章 網路模擬 54 4.1 NS2簡介 54 4.2 網路模擬實驗 55 第五章 結論與建議 65 5.1 研究發現 65 5.2 研究貢獻 65 5.3 研究限制 66 5.4 未來研究方向 66 參考文獻 68 網頁資料 68 中文文獻 69 英文文獻 70 附錄A 資訊分散演算法(IDA) 74

    網頁資料
    1.政府憑證管理中心網站, http://www.pki.gov.tw, Date 2002/05/24.
    2.America Computer Industry Almanac. Data from http://japanonline.hypermart.net/new_page_239.htm, Date 2002/05/24.
    3.Computer Emergency Response Team (CERT), http://www.cert.org/stats/cert_stats.html, Date 2002/05/24.
    4.Dai, Wei’s Home Page, Speed Comparison of Popular Crypto Algorithms, http://www.eskimo.com/~weidai/benchmarks.html, Date 2002/05/24.
    5.Federal Rules of Evidence 803, Hearsay Exceptions; Availability of Declarant Immaterial, Data from http://www.courtrules.org/r803hear.htm, Date 2002/05/24
    6.Federal Rules of Evidence 902, Self-authentication, Data from http://www.courtrules.org/r902self.htm, Date 2002/05/24.
    7.Kerr, Orin S., Computer Crime and Intellectual Property Section(CCIPS) Search and Seizing Computer and Obtaining Electronic Evidence in Criminal Investigations, January 2001, Data from http://www.cybercrime.gov/searchmanual.htm, Date 2002/05/24.
    8.Network Simulator Version 2. http://www.isi.edu/nsnam/ns/, Date 2002/05/24.
    9.Research using Network Simulator. http://www.isi.edu/nsnam/ns/ns-research.html, Date 2002/05/24.
    中文文獻
    10.林煒翔,電腦犯罪模式分析,民國八十七年,中央警察大學警政研究所碩士論文。
    11.黃世昆,防止攻擊跳板主機之安全管理策略,中央大學演講,民國九十年十月十八日。
    12.黃東熊,證據法綱要,民國八十三年,中央警察大學印行。
    13.蔡文輝,社會學,民國八十九年,台北市:三民書局。
    14.鍾慶豐編著,近代網路安全與編碼機制原理、實作,民國九十一年,台北市:儒林圖書有限公司。
    英文文獻
    15.Bates, Jim, “Fundamentals of Computer Forensics,” Information Security Technical Report, Vol. 3, No. 4, 1998, p. 75-78.
    16.Bates, Jim, “Computer Evidence – Recent Issues,” Information Security Technical Report, Vol. 5, No. 2, 2000, p. 15-22.
    17.Berkeley NS research group, USC/ISI and Xerox PARC, The NS Manual, 2001.
    18.Bestavros, Azer, “An Adaptive Information Dispersal Algorithm for Time-critical Reliable Communication.” In Ivan Frisch, Manu Malek, and Shivendra Panwar,” Editors, Network Management and Control. Vol. II, Chapter 6, Plenum Publishing Corporation, New York, 1994, p. 423-438.
    19.Bigler, Mark, “Computer Forensics Gear,“ Internal Auditor, 2001.
    20.Casey, Eoghan: Digital Evidence and Computer Crime. Academic Press, 2000.
    21.Chen, Peter M., Edward K. Lee, Garth A. Gibson, Randy H. Katz, David A. Patterson, “RAID: High-Performance, Reliable Secondary Storage,” ACM Computing Surveys, Vol. 26, No. 2, June 1994, p. 145-185.
    22.Civie, Victor, and Richard Civie, “Future Technologies from Trends in Computer Forensic Science,” Information Technology Conference IEEE, 1998.
    23.Davis, Bryan j., “Computer Intrusion Investigation Guidelines,” FBI Law Enforcement Bulletin, January 2001, p. 8-11.
    24.Federal Information Processing Standards, “DATA ENCRYPTION STANDARD (DES),” FIPS PUB 46-3, 1977.
    25.Federal Information Processing Standards, “SECURE HASH STANDARD (SHA),” FIPS PUB 180-1, 1993.
    26.Goan, Terrance, ”A Cop on the Beat: Collecting and Appraising Intrusion Evidence,” Communications of the ACM, Vol. 42, No. 7, 1999, p. 46-52.
    27.Hafner, Katherine & John Markoff: Cyberpunk. New York: Simon & Schuster, 1991.
    28.Icove, David, Karl Seger & William VonStorch: Computer Crime. O’Reilly & Associates, Inc., 1995.
    29.Iyengar, Arun, Robert Cahn, Juan Garay, and Charanjit Jutla, “Design and Implementation of a Secure Distributed Data Repository,” In Proceedings of the 14th IFIP International Information Security Conference (SEC ''98), Vienna, Austria and Budapest, Hungary, September 1998.
    30.Kelsey, John, Bruce Schneier, and Chris Hall, “An Authenticated Camera,” Computer Security Applications Conference, 1996, p. 24-30
    31.Kruse, II Warren G. and Jay G. Heiser: Computer Forensics., Addison-Wesley, 2001.
    32.Kurtz, George, Stuart McClure and Joel Scambray: Hacking Exposed: Network Security Secrets & Solutions. 1999, McGraw-Hill, Inc.
    33.Krawczyk, Hugo, “Distributed fingerprints and secure information dispersal,” In Proceedings of the 12th ACM Symposium on Principles of Distributed Computing, 1993, p. 207-218.
    34.Lai, Xuejia and James L. Massey, “A Proposal for a New Block Encryption Standard,” Proceedings of EUROCRYPT’90, Springer-Verlag, 1991, p. 389-404.
    35.Mansfield, Richard: Hacker Attack! , CA: SYBEX Inc., 2000.
    36.Mirsky, L.: An Introduction to Linear Algebra. Dover, New York, 1963.
    37.Nakayama, Marvin K., Bülent Yener, “Optimal Information Dispersal for Probabilistic Latency Targets,” Computer Networks, Vol. 36, Issue 5-6, August 2001, p. 695-707.
    38.Patterson, David A., Garth Gibson, and Randy H. Katz, “A case for Redundant Arrays of Inexpensive Disks (RAID),” In Proceedings of ACM SIGMOD International Conference on Management of Data, June 1988, p. 109-116.
    39.Patzakis, John M., “Electronic Evidence Discovery: From High-End Litigation Tactic to Standard Practice,” Federal Discovery News, Vol. 6, No. 10, September, 2000, p. 3-4.
    40.Pfleeger, Charles P.: Security in Computing. Second Edition, NJ: Simon & Schuster, 1997.
    41.Phillips, B.J. and N. Burgess, “Implementing 1,024-bit RSA Exponentiation on a 32-bit Processor Core,” Proceedings of the IEEE International Conference on Application-Specific Systems, Architectures, and Processors (ASAP''00), 2000, p. 127-137.
    42.Rabin, Michael O., “Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance,“ Journal of ACM, Vol. 36, No. 2, 1989, p. 335-348.
    43.Rivest, Ronald L., “The RC5 Encryption Algorithm,” Dr. Dobb’s Journal, January 1995.
    44.Rivest, R. L., A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2, February 1978, p. 120-126.
    45.Schneier, Bruce: Applied Cryptography. Second Edition, John Wiley & Sons, 1996.
    46.Schneier, Bruce and John Kelsey, “Cryptographic Support for Secure Logs on Untrusted Machines,” In Proceedings of the International Workshop on USENIX Security Symposium, USENIX Assoc., Berkeley, CA, 1998, p. 53-62.
    47.Schneier, Bruce and John Kelsey, “Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs,” Second International Workshop on the Recent Advances in Intrusion Detection (RAID ''99), September 1999.
    48.Schneier, Bruce and John Kelsey, “Secure Audit Logs to Support Computer Forensics,” ACM Transactions on Information and System Security, Vol. 2, No. 2, 1999, p. 159-176.
    49.Shamir, Adi, “How to Share a Secret,” Communications of the ACM, Vol. 22, No. 11, 1979, p. 612-613.
    50.Sommer, Peter, “Digital Footprints: Assessing Computer Evidence“, Criminal Law Review Special Edition, 1998, p. 61-78.
    51.Sommer, Peter, “Intrusion Detection System as Evidence”, Computer Networks, Vol. 31, 1999, p. 2477-2487.
    52.Stallings, William: Cryptography and Network Security: Principles and Practices. Second Edition, Prentice Hall International, 1999.

    QR CODE
    :::