Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/125043
|
Title: | 基於區塊鏈之數位鑑識證據監管鏈 A Blockchain Based Digital Forensics Chain of Custody Technology |
Authors: | 翁嘉妤 Weng, Chia-Yu |
Contributors: | 左瑞麟 Tso, Ray-Lin 翁嘉妤 Weng, Chia-Yu |
Keywords: | 以太坊區塊鏈 數位鑑識 證據監管鏈 智能合約 ERC 721 代幣標準 PoA Clique 共識機制 ECQV 隱含式憑證 Ethereum blockchain Digital forensice Chain of custody Smart contract ERC 721 Token Standard Clique PoA ECQV Implicit Certificates |
Date: | 2019 |
Issue Date: | 2019-08-07 17:07:33 (UTC+8) |
Abstract: | 數位鑑識實驗室在受理案件時,鑑識人員需使用有效的數位鑑識工具,依正確的數位證據監管鏈原則將證據擷取出來,如此才能確保該證據在法律訴訟過程中具備證據能力。然而現行的蒐證作業多以紙本表單紀錄證據資訊,包含:數位證據蒐集工作表、證據取得清單表以及證據監管鏈表,而撰寫、修改表單紀錄的工作相當耗費人力和物力,且移交過程也可能出錯。 因此本論文針對證據監管鏈表建構出「區塊鏈數位鑑識證據監管鏈平台」系統雛形,利用以太坊區塊鏈的 ERC 721 代幣標準及 ECQV 隱含式憑證(Elliptic Curve Qu-Vanstone Implicit Certificates)的技術改善上述問題。 本平台為每張證據監管鏈表發行一個 ERC 721 不可替換代幣,在鏈上紀錄其內容的異動及所有權的移轉,並採用 Clique PoA 共識機制同步各參加節點的資料,達到證據監管鏈表的完整性認證。此外,所有用戶在加入本聯盟鏈前須先向 CA 申請一張 ECQV 隱含式憑證做身份認證,而 ECQV 憑證的容量較小、金鑰安全強度強,適合放在區塊鏈上傳遞以做證據監管鏈表的簽驗章、加解密達到機敏性及不可否認性。 When a digital forensics library acceptes a case, the forensics staffs of the library need to collect the evidence by using legal forensics tools according to the proper principle of Digital Forensics Chain of Custody. In this way, we can make sure that the extracted evidence has the evidential effect during the litigation. However, currently the coollecting process is being recorded and modified in paper work including Digital evidence collection worksheet, Incoming Evidence Form, and Chain of Custody Form which requires lots of huam resources and is time consumin. Focusing on Chain of Custody Form, this thesis proposes a blockchain based digital forensics chain of custody. This platfrom, to some extent, solves the problems mentioned above. The building blocks and the core techniques we used here including the Ethereum blockchain and ECQV implicit certificates. In order to attain the data integrity, this platform release ERC 721 non-fungible token for each chain of custody form, recording all modificatory history of ownersship and context. In addition, it adopts the Clique PoA consensus to sync the data of all nodes on the chain. Furthermore, all the users need to apply for an ECQV certificate from CA to athenticate the identification before the participating consortium chain. The reasons why we use ECQV certificates are beacuse of its smaller size and more secure of keys comparing with traditional certificates. So that we can put it on the blockchain for transmission, leting users to sign, verify, encrypt and decrypt the chain of custody for the purpose of achieving the data confidentiality and non-repudiation. |
Reference: | [1] 王旭正、林祝興、左瑞麟(2013)。科技犯罪安全之數位鑑識:證據力與行動智慧應用。博碩文化。 [2] 林宜隆、邱獻民。數位證據在法庭上之攻防對策。中央警察大學資訊、科技與社會學報,第7卷第12期,2007年。 [3] 林宜隆。建構數位證據鑑識標準作業程序(DEFSOP) 與案例實證之研究。法務部司法官訓練所司法新聲,101期第4篇 [4] 閆鶯、鄭凱、郭眾鑫,(2018)。以太坊技术详解与实战。机械工业。 [5] 行政院院臺護字第1040036611號函。政府機關(構)資安事件數位證據保全標準作業程序。 [6] Andreas M. Antonopoulos, (2014). Mastering Bitcoin – Unlocking Digital Crypto-Currencies. US-CA: O’REILLY. [7] Auqib Hamid Lone, Roohie Naaz Mir, (January 2019). Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer. Elsevier Digital Investigation 28 (2019) 44 - 55. [8] Certicom, (2013). Standards for Efficient Cryptography SEC 4: Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV). [9] CCITT, (1991). Recommendation X.800. [10] Chang-Seop Park, Member, IEEE. A Secure and Efficient ECQV Implicit Certificate Issuance Protocol for the Internet of Things Applications. IEEE SENSORS JOURNAL, VOL. 17, NO. 7, APRIL 1, 2017. [11] Daniel R. L. Brown, Matthew J. Campagna and Scott A. Vanstone, (2001). Security of ECQV-Certified ECDSA Against Passive Adversaries. [12] Douglas R. Stinson, (2005). Cryptography: Theory and Practice, 3rd Edition. Chapman & Hall/RCR. [13] Gavin Wood, (2018). Ethereum : A Secure Decentralised Generalised Transcation Leder Byzantium Version e738aca. [14] Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski & Łukasz Mazure, (2014). Secure Multiparty Computations on Bitcoin. University of Warsaw, Poland. [15] Pawani Porambage, Corinna Schmitt, Pardeep Kumar, Andrei Gurtov, Mika Ylianttila, (2014). PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications. SAGE Journals Volume: 10 issue: 7. [16] RFC - Informational, (2000). RFC 2828 - Internet Security Glossary. [17] Satoshi Nakamoto. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. [18] Tso, Ray-Lin, Su, Ching-Wen, (2018). A Study on ECQV Self-singed Certificate and Its Extensions. Department of Computer Science National Chengchi University. [19] William Entriken, Dieter Shirley, Jacob Evans, Nastassia Sachs, (2018). ERC721 Non-Fungible Token Standard. [20] William Stallings, (2011). Cryptography and Network Security: Principles and Practice 5th Edition. Pearson. |
Description: | 碩士 國立政治大學 資訊科學系碩士在職專班 105971009 |
Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0105971009 |
Data Type: | thesis |
DOI: | 10.6814/NCCU201900212 |
Appears in Collections: | [資訊科學系碩士在職專班] 學位論文
|
Files in This Item:
File |
Size | Format | |
100901.pdf | 36034Kb | Adobe PDF2 | 314 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|