| dc.contributor.advisor | 左瑞麟 | zh_TW |
| dc.contributor.advisor | Tso, Ray-Lin | en_US |
| dc.contributor.author (Authors) | 翁嘉妤 | zh_TW |
| dc.contributor.author (Authors) | Weng, Chia-Yu | en_US |
| dc.creator (作者) | 翁嘉妤 | zh_TW |
| dc.creator (作者) | Weng, Chia-Yu | en_US |
| dc.date (日期) | 2019 | en_US |
| dc.date.accessioned | 7-Aug-2019 17:07:33 (UTC+8) | - |
| dc.date.available | 7-Aug-2019 17:07:33 (UTC+8) | - |
| dc.date.issued (上傳時間) | 7-Aug-2019 17:07:33 (UTC+8) | - |
| dc.identifier (Other Identifiers) | G0105971009 | en_US |
| dc.identifier.uri (URI) | http://nccur.lib.nccu.edu.tw/handle/140.119/125043 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 資訊科學系碩士在職專班 | zh_TW |
| dc.description (描述) | 105971009 | zh_TW |
| dc.description.abstract (摘要) | 數位鑑識實驗室在受理案件時,鑑識人員需使用有效的數位鑑識工具,依正確的數位證據監管鏈原則將證據擷取出來,如此才能確保該證據在法律訴訟過程中具備證據能力。然而現行的蒐證作業多以紙本表單紀錄證據資訊,包含:數位證據蒐集工作表、證據取得清單表以及證據監管鏈表,而撰寫、修改表單紀錄的工作相當耗費人力和物力,且移交過程也可能出錯。因此本論文針對證據監管鏈表建構出「區塊鏈數位鑑識證據監管鏈平台」系統雛形,利用以太坊區塊鏈的 ERC 721 代幣標準及 ECQV 隱含式憑證(Elliptic Curve Qu-Vanstone Implicit Certificates)的技術改善上述問題。本平台為每張證據監管鏈表發行一個 ERC 721 不可替換代幣,在鏈上紀錄其內容的異動及所有權的移轉,並採用 Clique PoA 共識機制同步各參加節點的資料,達到證據監管鏈表的完整性認證。此外,所有用戶在加入本聯盟鏈前須先向 CA 申請一張 ECQV 隱含式憑證做身份認證,而 ECQV 憑證的容量較小、金鑰安全強度強,適合放在區塊鏈上傳遞以做證據監管鏈表的簽驗章、加解密達到機敏性及不可否認性。 | zh_TW |
| dc.description.abstract (摘要) | When a digital forensics library acceptes a case, the forensics staffs of the library need to collect the evidence by using legal forensics tools according to the proper principle of Digital Forensics Chain of Custody. In this way, we can make sure that the extracted evidence has the evidential effect during the litigation. However, currently the coollecting process is being recorded and modified in paper work including Digital evidence collection worksheet, Incoming Evidence Form, and Chain of Custody Form which requires lots of huam resources and is time consumin.Focusing on Chain of Custody Form, this thesis proposes a blockchain based digital forensics chain of custody. This platfrom, to some extent, solves the problems mentioned above. The building blocks and the core techniques we used here including the Ethereum blockchain and ECQV implicit certificates.In order to attain the data integrity, this platform release ERC 721 non-fungible token for each chain of custody form, recording all modificatory history of ownersship and context. In addition, it adopts the Clique PoA consensus to sync the data of all nodes on the chain. Furthermore, all the users need to apply for an ECQV certificate from CA to athenticate the identification before the participating consortium chain. The reasons why we use ECQV certificates are beacuse of its smaller size and more secure of keys comparing with traditional certificates. So that we can put it on the blockchain for transmission, leting users to sign, verify, encrypt and decrypt the chain of custody for the purpose of achieving the data confidentiality and non-repudiation. | en_US |
| dc.description.tableofcontents | 第 1 章 緒論 101-1. 研究動機 111-2. 研究方法及目標 121-3. 研究貢獻 131-4. 論文架構 17第 2 章 研究背景 182-1. 名詞定義 18(1) 數位鑑識 18(2) 數位證據 18(3) 證據監管鏈原則 18(4) 證據監管鏈表 192-2. 區塊鏈 19(1) 區塊鏈聯盟鏈 20(2) 智能合約 20(3) ERC 20 代幣合約標準 21(4) ERC 721 代幣合約標準 222-3. POA CLIQUE 共識機制 232-4. 以太坊 ECDSA 公私鑰及帳戶位址的關係 262-5. ECQV 隱含式憑證 272-6. 政府機關(構)資安事件數位證據保全標準作業程序 28第 3 章 區塊鏈數位鑑識證據監管鏈平台系統設計 303-1. 系統概述 303-2. 平台角色介紹 313-3. 聯盟區塊鏈架構設計 323-4. 數位鑑識證據監管鏈平台系統架構 33(1) 區塊鏈系統(Blockchain System) 33(2) 數位證據監管鏈應用系統 (Digital Evidence Chain AP System) 34(3) 應用系統連結閘道 (AP Gateway) 343-5. 數位鑑識證據監管鏈平台智能合約說明 35(1) 部署數位鑑識案件以太坊智能合約(Deploy) 36(2) 建立證據監管鏈表 ERC721 Token(Create) 37(3) 取得證據監管鏈表的 Token ID (GetTokenID) 38(4) 設定證據監管鏈表 Token 的特徵值(SetTokenURI) 39(5) 取得證據監管鏈表 Token 的特徵值(TokenURI) 40(6) 取得 Token 持有者的 Account Address(OwnerOf) 41(7) 將 Token 授權給指定 Account(Approve) 42(8) 將 Token 傳送給指定 Account(Transfer) 433-6. 數位鑑識證據監管鏈平台 WEB SERVICE API 說明 44(1) API URL 說明 44(2) API 欄位格式說明 44(3) 取得Node資訊(GetNodeInfo) 45(4) 傳送證據監管鏈表(TransferEvidenceChain) 45(5) 接收證據監管鏈表(ReceiveEvidenceChain) 503-7. 數位鑑識證據監管鏈平台資料庫設計 51(1) 資料庫欄位格式說明 52(2) 案件資料表(ForensicsCase) 52(3) 證據資訊資料表(ForensicsEvidence) 52(4) 證據監管鏈資料表(ForensicsEvidenceChain) 53(5) 節點資料表(ForensicsNodeInfo) 543-8. 數位鑑識證據監管鏈平台作業流程 55(1) 註冊新用戶 56(2) 產生證據監管鏈表 58(3) 傳送證據監管鏈表 59(4) 接收證據監管鏈表 63第 4 章 區塊鏈數位鑑識證據監管鏈平台應用系統操作說明 674-1. 執行環境 674-2. 系統頁面導覽 684-3. 註冊新用戶 694-4. 查詢及產生證據監管鏈表 774-5. 查詢及傳送證據監管鏈表 814-6. 接收證據監管鏈表 91第 5 章 結論及未來研究方向 98第 6 章 附件 996-1 政府機關(構)資安事件數位證據保全標準作業程序 99第 7 章 參考文獻 105 | zh_TW |
| dc.format.extent | 36899103 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0105971009 | en_US |
| dc.subject (關鍵詞) | 以太坊區塊鏈 | zh_TW |
| dc.subject (關鍵詞) | 數位鑑識 | zh_TW |
| dc.subject (關鍵詞) | 證據監管鏈 | zh_TW |
| dc.subject (關鍵詞) | 智能合約 | zh_TW |
| dc.subject (關鍵詞) | ERC 721 代幣標準 | zh_TW |
| dc.subject (關鍵詞) | PoA Clique 共識機制 | zh_TW |
| dc.subject (關鍵詞) | ECQV 隱含式憑證 | zh_TW |
| dc.subject (關鍵詞) | Ethereum blockchain | en_US |
| dc.subject (關鍵詞) | Digital forensice | en_US |
| dc.subject (關鍵詞) | Chain of custody | en_US |
| dc.subject (關鍵詞) | Smart contract | en_US |
| dc.subject (關鍵詞) | ERC 721 Token Standard | en_US |
| dc.subject (關鍵詞) | Clique PoA | en_US |
| dc.subject (關鍵詞) | ECQV Implicit Certificates | en_US |
| dc.title (題名) | 基於區塊鏈之數位鑑識證據監管鏈 | zh_TW |
| dc.title (題名) | A Blockchain Based Digital Forensics Chain of Custody Technology | en_US |
| dc.type (資料類型) | thesis | en_US |
| dc.relation.reference (參考文獻) | [1] 王旭正、林祝興、左瑞麟(2013)。科技犯罪安全之數位鑑識:證據力與行動智慧應用。博碩文化。[2] 林宜隆、邱獻民。數位證據在法庭上之攻防對策。中央警察大學資訊、科技與社會學報,第7卷第12期,2007年。[3] 林宜隆。建構數位證據鑑識標準作業程序(DEFSOP) 與案例實證之研究。法務部司法官訓練所司法新聲,101期第4篇[4] 閆鶯、鄭凱、郭眾鑫,(2018)。以太坊技术详解与实战。机械工业。[5] 行政院院臺護字第1040036611號函。政府機關(構)資安事件數位證據保全標準作業程序。[6] Andreas M. Antonopoulos, (2014). Mastering Bitcoin – Unlocking Digital Crypto-Currencies. US-CA: O’REILLY.[7] Auqib Hamid Lone, Roohie Naaz Mir, (January 2019). Forensic-chain: Blockchain based digital forensics chain of custody with PoC in Hyperledger Composer. Elsevier Digital Investigation 28 (2019) 44 - 55.[8] Certicom, (2013). Standards for Efficient Cryptography SEC 4: Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV).[9] CCITT, (1991). Recommendation X.800.[10] Chang-Seop Park, Member, IEEE. A Secure and Efficient ECQV Implicit Certificate Issuance Protocol for the Internet of Things Applications. IEEE SENSORS JOURNAL, VOL. 17, NO. 7, APRIL 1, 2017.[11] Daniel R. L. Brown, Matthew J. Campagna and Scott A. Vanstone, (2001). Security of ECQV-Certified ECDSA Against Passive Adversaries.[12] Douglas R. Stinson, (2005). Cryptography: Theory and Practice, 3rd Edition. Chapman & Hall/RCR.[13] Gavin Wood, (2018). Ethereum : A Secure Decentralised Generalised Transcation Leder Byzantium Version e738aca.[14] Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski & Łukasz Mazure, (2014). Secure Multiparty Computations on Bitcoin. University of Warsaw, Poland.[15] Pawani Porambage, Corinna Schmitt, Pardeep Kumar, Andrei Gurtov, Mika Ylianttila, (2014). PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications. SAGE Journals Volume: 10 issue: 7.[16] RFC - Informational, (2000). RFC 2828 - Internet Security Glossary.[17] Satoshi Nakamoto. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System.[18] Tso, Ray-Lin, Su, Ching-Wen, (2018). A Study on ECQV Self-singed Certificate and Its Extensions. Department of Computer Science National Chengchi University.[19] William Entriken, Dieter Shirley, Jacob Evans, Nastassia Sachs, (2018). ERC721 Non-Fungible Token Standard.[20] William Stallings, (2011). Cryptography and Network Security: Principles and Practice 5th Edition. Pearson. | zh_TW |
| dc.identifier.doi (DOI) | 10.6814/NCCU201900212 | en_US |
