Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/98264
標題: 利用區塊鏈於螢幕側錄資料保全
Using Blockchain For Screen-Recording Data Preservation
作者: 吳明峰
Ming-Feng Wu
關鍵字: 區塊鏈
螢幕側錄
數位證據保全
Blockchain
Screen-recording
Digital evidence preservation
引用: 中文文獻 [1] 從智慧手機萃取數位證據。Retrieved January 10, 2018, from http://www.netadmin.com.tw/article_content.aspx?sn=1307100004&jump=2 [2] 楊中皇,電腦與手機鑑識-根基於數位證據,2012年第1季資訊安全管理系統標準化系列,2012年1月11日,頁6。 [3] 葉奇鑫、李相臣,淺談個人資料保護法民事賠償責任及數位鑑識相關問題,司法新聲,第101期,2012年1月。 [4] 張紹斌、陳威棋,談「數位鑑識」-從國內外實際案例看數位鑑識之重要性,財金資訊季刊,No.79,2014年7月,頁30。 [5] 向紙本監管作業說再見,勤業眾信用區塊鏈保護證物。Retrieved May 12, 2018, from https://www.bnext.com.tw/article/47944/system-for-evidence-tracking-blockchain [6] 英國司法部稱:區塊鏈技術可以防止證據被篡改。Retrieved May 19, 2018, from https://blockcast.it/2017/11/06/uk-moj-increasing-trust-in-criminal-evidence-with-blockchains [13] MBA 智庫百科 (2016),區塊鏈。Retrieved May 26, 2018, from http://wiki.mbalib.com/zh-tw/%E5%8C%BA%E5%9D%97%E9%93%BE [19] Merkle Tree(默克爾樹)算法解。Retrieved May 26, 2018, from http://www.itread01.com/articles/1487247623.html [21] Merkle Tree的使用。Retrieved June 5 , 2018, from http://blog.csdn.net/xtu_xiaoxin/article/details/8148237 [22] Merkle Tree算法详解。Retrieved June 7 , 2018, from http://blog.csdn.net/yuanrxdu/article/details/22474697?utm_source=tuicool&utm_medium=referral [25] 王旭正、柯永翰,電腦鑑識與數位證據,博碩文化,2007年6月,頁52。 [26] 黃偉賢(2013)。以部分雜湊樹達成有效率的雲端儲存系統即時稽核。碩士論文,國立臺灣師範大學。 [27] 鄭益昇(2017)。區塊鏈分散式帳本於證券集保之應用。碩士論文,國立中興大學。 [28] 廖子淳(2017)。利用智能合約實現單車共享經濟之研究。碩士論文,國立中興大學。 [29] 林展民(2016)。以智能合約實現快速醫療保險理賠。碩士論文,國立政治大學在職專班。 [30] 楊金祥(2017)。應用區塊鏈之金融KYC平台。碩士論文,國立政治大學。 [31] 何沛馨(2017)。應用區塊鏈技術於門診電子病歷系統。碩士論文,國立臺北科技大學。 英文文獻 [7] Increasing trust in criminal evidence with blockchains. Retrieved June 14 , 2018, from https://mojdigital.blog.gov.uk/2017/11/02/increasing-trust-in-criminal-evidence-with-blockchains/ [8] Whatis.com, What Is Keylogger? Retrieved April 18 , 2018, from http://searchmidmarketsecurity.techtarget.com/sDefinition/0,,sid198_gci962518,00.html [9] Webopedia Computer Dictionary, 'Screen Capture'. Retrieved April 20 , 2018, from http://www.webopedia.com/TERM/s/screen_capture.html [10] S. Sagiroglu and G. Canbek, 'Keyloggers,' IEEE Technology and Society Magazine, vol. 28, no. 3, pp. 10–17,fall 2009. [11] Centre for the Protection of National Infrastructure Technical Note,'Hardware Keyloggers' Retrieved April 25 , 2018, from http://www.cpni.org.uk/Docs/Hardware_Keyloggers_Technical_Note.pdf [12] KeyGrabber USB. Retrieved April 30 , 2018, from http://www.keelog.com/usb-keylogger/ [14] Swan, M. (2015), Blockchain: Blueprint for a New Economy. O'Reilly Media, Inc., Sebastopol, USA. [15] F. Reid and M. Harrigan, 'An analysis of anonymity in the bitcoin system,' Secur. Priv. Soc. Networks, 2013. [16] Miers, C. Garman, M. Green, and AD Rubin, 'Zerocoin: Anonymous distributed e-cash from bitcoin,' Proc. - IEEE Symp. Secur. Priv., 2013. [17] Blockchain. Retrieved July 1 , 2018, from https://www.blockchain.com/explorer, 2018/06 [18] Matthias Mettler, M.A. HSG. Blockchain Technology in Healthare. 2016 IEEE 18th International Conferernce on e-Health Networking, Applications and Services (Healthcom) [19] Merkle tree. Retrieved July 5, 2018, from https://en.wikipedia.org/wiki/Merkle_tree [23] Hash function. Retrieved July 7, 2018, from from https://en.wikipedia.org/wiki/Hash_function#Hash_function_algorithms [24] Tapscott, D. and A. Tapscott (2016), Blockchain Revolution. Penguin Random House LLC, New York.
摘要: 近年來,營業秘密外洩司法案件頻傳,因此全球各產業企業日益重視資訊安全,開始檢討並加強內部資訊安全管理。為了防止企業內部資料外洩,依照不同的資料外洩情境,導入了相關的管控措施。為了能於發生資料外洩事件後,快速釐清事件主因,某些企業便希望藉由行為監控來掌握特權帳號所有的活動記錄,因此導入了特權帳戶側錄系統,藉由螢幕側錄的手法,將特權帳號所有系統操作畫面記錄,以數位化方式留存下來,做為資安事件事後舉證之證據。然而,即便導入了側錄系統保留了特權帳號所有系統操作畫面記錄,或許在資安事件發生時,可以藉由側錄記錄來舉證不法行為。但這些側錄記錄在收集的過程中,仍然有機會遭受到具有最高權限的系統管理者來進行竄改或刪除,因而在舉證過程中產生了證據力不足的問題。隨著科技的進步,區塊鏈技術的也在近兩年興起,從金融科技到資訊安全,帶動了各個領域技術應用被廣泛的討論。因此,為了避免側錄記錄遭受竄改,本研究希望藉由區塊鏈的概念與Hash技術,將其不可竄改和加密安全性的特性,延伸應用至螢幕側錄資料的保全,以便未來發生資訊外洩案件時,能夠有效舉證,證明螢幕側錄資料不曾遭受污染、刪除及竄改,證明企業無業務過失,進一步還原資訊安全犯罪事實。
In order to be able to quickly clarify the main cause of the problem in the event of data leakage, some enterprises hope to grasp all the activity records of the privileged account through behavior monitoring, so the privileged account side recording system is introduced, and the screen recording method is adopted. All system operation screens of the privileged account are recorded and saved in a digital manner as evidence for the evidence of the incident after the security incident. However, even if the imported skimming system retains all system operation screen records of the privileged account, it may be possible to prove the wrongful behavior by recording the side record when the security incident occurs. However, in the process of collecting, these side records still have the opportunity to be subjected to tampering or deletion by the system administrator with the highest authority, thus causing insufficient evidence in the process of proof. With the advancement of technology, blockchain technology has also emerged in the past two years. From financial technology to information security, technology applications in various fields have been widely discussed. Therefore, in order to avoid tampering with the recording of the side record, this study hopes to extend the application of the non-tamperable and cryptographic security features to the preservation of the screen recording data by the concept of blockchain and Hash technology, so that information can be generated in the future. When the case is squandered, it can effectively prove that the screen-recording data has not been contaminated, deleted and falsified, which proves that the company has no business fault and further restores the information security crime facts.
URI: http://hdl.handle.net/11455/98264
文章公開時間: 10000-01-01
Appears in Collections:資訊管理學系

文件中的檔案:

取得全文請前往華藝線上圖書館

Show full item record
 
TAIR Related Article
 
Citations:


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.