English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113648/144635 (79%)
Visitors : 51663119      Online Users : 637
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/125043


    Title: 基於區塊鏈之數位鑑識證據監管鏈
    A Blockchain Based Digital Forensics Chain of Custody Technology
    Authors: 翁嘉妤
    Weng, Chia-Yu
    Contributors: 左瑞麟
    Tso, Ray-Lin
    翁嘉妤
    Weng, Chia-Yu
    Keywords: 以太坊區塊鏈
    數位鑑識
    證據監管鏈
    智能合約
    ERC 721 代幣標準
    PoA Clique 共識機制
    ECQV 隱含式憑證
    Ethereum blockchain
    Digital forensice
    Chain of custody
    Smart contract
    ERC 721 Token Standard
    Clique PoA
    ECQV Implicit Certificates
    Date: 2019
    Issue Date: 2019-08-07 17:07:33 (UTC+8)
    Abstract: 數位鑑識實驗室在受理案件時,鑑識人員需使用有效的數位鑑識工具,依正確的數位證據監管鏈原則將證據擷取出來,如此才能確保該證據在法律訴訟過程中具備證據能力。然而現行的蒐證作業多以紙本表單紀錄證據資訊,包含:數位證據蒐集工作表、證據取得清單表以及證據監管鏈表,而撰寫、修改表單紀錄的工作相當耗費人力和物力,且移交過程也可能出錯。
    因此本論文針對證據監管鏈表建構出「區塊鏈數位鑑識證據監管鏈平台」系統雛形,利用以太坊區塊鏈的 ERC 721 代幣標準及 ECQV 隱含式憑證(Elliptic Curve Qu-Vanstone Implicit Certificates)的技術改善上述問題。
    本平台為每張證據監管鏈表發行一個 ERC 721 不可替換代幣,在鏈上紀錄其內容的異動及所有權的移轉,並採用 Clique PoA 共識機制同步各參加節點的資料,達到證據監管鏈表的完整性認證。此外,所有用戶在加入本聯盟鏈前須先向 CA 申請一張 ECQV 隱含式憑證做身份認證,而 ECQV 憑證的容量較小、金鑰安全強度強,適合放在區塊鏈上傳遞以做證據監管鏈表的簽驗章、加解密達到機敏性及不可否認性。
    When a digital forensics library acceptes a case, the forensics staffs of the library need to collect the evidence by using legal forensics tools according to the proper principle of Digital Forensics Chain of Custody. In this way, we can make sure that the extracted evidence has the evidential effect during the litigation. However, currently the coollecting process is being recorded and modified in paper work including Digital evidence collection worksheet, Incoming Evidence Form, and Chain of Custody Form which requires lots of huam resources and is time consumin.
    Focusing on Chain of Custody Form, this thesis proposes a blockchain based digital forensics chain of custody. This platfrom, to some extent, solves the problems mentioned above. The building blocks and the core techniques we used here including the Ethereum blockchain and ECQV implicit certificates.
    In order to attain the data integrity, this platform release ERC 721 non-fungible token for each chain of custody form, recording all modificatory history of ownersship and context. In addition, it adopts the Clique PoA consensus to sync the data of all nodes on the chain. Furthermore, all the users need to apply for an ECQV certificate from CA to athenticate the identification before the participating consortium chain. The reasons why we use ECQV certificates are beacuse of its smaller size and more secure of keys comparing with traditional certificates. So that we can put it on the blockchain for transmission, leting users to sign, verify, encrypt and decrypt the chain of custody for the purpose of achieving the data confidentiality and non-repudiation.
    Reference: [1] 王旭正、林祝興、左瑞麟(2013)。科技犯罪安全之數位鑑識:證據力與行動智慧應用。博碩文化。
    [2] 林宜隆、邱獻民。數位證據在法庭上之攻防對策。中央警察大學資訊、科技與社會學報,第7卷第12期,2007年。
    [3] 林宜隆。建構數位證據鑑識標準作業程序(DEFSOP) 與案例實證之研究。法務部司法官訓練所司法新聲,101期第4篇
    [4] 閆鶯、鄭凱、郭眾鑫,(2018)。以太坊技术详解与实战。机械工业。
    [5] 行政院院臺護字第1040036611號函。政府機關(構)資安事件數位證據保全標準作業程序。
    [6] Andreas M. Antonopoulos, (2014). Mastering Bitcoin – Unlocking Digital Crypto-Currencies. US-CA: O’REILLY.
    [7] Auqib Hamid Lone, Roohie Naaz Mir, (January 2019). Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer. Elsevier Digital Investigation 28 (2019) 44 - 55.
    [8] Certicom, (2013). Standards for Efficient Cryptography SEC 4: Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV).
    [9] CCITT, (1991). Recommendation X.800.
    [10] Chang-Seop Park, Member, IEEE. A Secure and Efficient ECQV Implicit Certificate Issuance Protocol for the Internet of Things Applications. IEEE SENSORS JOURNAL, VOL. 17, NO. 7, APRIL 1, 2017.
    [11] Daniel R. L. Brown, Matthew J. Campagna and Scott A. Vanstone, (2001). Security of ECQV-Certified ECDSA Against Passive Adversaries.
    [12] Douglas R. Stinson, (2005). Cryptography: Theory and Practice, 3rd Edition. Chapman & Hall/RCR.
    [13] Gavin Wood, (2018). Ethereum : A Secure Decentralised Generalised Transcation Leder Byzantium Version e738aca.
    [14] Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski & Łukasz Mazure, (2014). Secure Multiparty Computations on Bitcoin. University of Warsaw, Poland.
    [15] Pawani Porambage, Corinna Schmitt, Pardeep Kumar, Andrei Gurtov, Mika Ylianttila, (2014). PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications. SAGE Journals Volume: 10 issue: 7.
    [16] RFC - Informational, (2000). RFC 2828 - Internet Security Glossary.
    [17] Satoshi Nakamoto. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System.
    [18] Tso, Ray-Lin, Su, Ching-Wen, (2018). A Study on ECQV Self-singed Certificate and Its Extensions. Department of Computer Science National Chengchi University.
    [19] William Entriken, Dieter Shirley, Jacob Evans, Nastassia Sachs, (2018). ERC721 Non-Fungible Token Standard.
    [20] William Stallings, (2011). Cryptography and Network Security: Principles and Practice 5th Edition. Pearson.
    Description: 碩士
    國立政治大學
    資訊科學系碩士在職專班
    105971009
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0105971009
    Data Type: thesis
    DOI: 10.6814/NCCU201900212
    Appears in Collections:[資訊科學系碩士在職專班] 學位論文

    Files in This Item:

    File SizeFormat
    100901.pdf36034KbAdobe PDF2314View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback