Please use this identifier to cite or link to this item:
Using Blockchain for Digital Evidence Preservation in Log Data
Digital Evidence Preservation
|引用:|| F. M. Granja and G. D. R. Rafael, 'Preservation of digital evidence: Application in criminal investigation,' 2015 Science and Information Conference (SAI), pp. 1284–1292, 2015.  T. Sato, Y. Himura, and Y. Yasuda, 'Evidence-based context-aware log data management for integrated monitoring system,' 2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS), 2016.  R. Accorsi, 'Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer?,' 2009 33rd Annual IEEE International Computer Software and Applications Conference, vol. 2, pp. 398–403, 2009.  S. Raval, Decentralized Applications: Harnessing Bitcoin's Blockchain Technology. O'Reilly Media, Inc, 2016.  J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, 'SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies,' 2015 IEEE Symposium on Security and Privacy, pp. 104–121, 2015.  Z. Zheng, S. Xie, H. Dai, X. Chen, and H. Wang, 'An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends,' 2017 IEEE International Congress on Big Data (BigData Congress), pp. 557–564, 2017.  Y.-F. Cheng, 'The Research of Digital Forensics applied to the Burden of Proof in Personal Information Protection Act,' 2013  葉奇鑫&李相臣, '淺談個人資料保護法民事賠償責任及數位鑑識相關問題,' 司法新聲, no. 101, pp. 33-49, 2012.  李榮耕, '個人資料外洩及個資外洩通知條款的立法芻議,' 東吳法律學報, vol. 20, no. 4, pp. 251-291, 2009.  林宜隆, 周瑞國, 蔡名家, & 邱泓傑, '新版個人資料保護與資料外洩防護之探討,' 電腦稽核, vol. 24, pp. 102-116, 2011.  林宜隆&方彥霏, '行動裝置數位證據鑑識標準作業程序與案例驗證之探討－以行動鑑識工具UFED萃取數位證據為例,' 資訊安全通訊, vol. 23, no. 3, pp. 5-18, 2017.  S. Narkhede, T. Baraskar, and D. Mukhopadhyay, 'Analyzing web application log files to find hit count through the utilization of Hadoop MapReduce in cloud computing environment,' 2014 Conference on IT in Business, Industry and Government (CSIBIG), pp. 1–7, Mar. 2014.  C. J. Aivalis and A. C. Boucouvalas, 'Log File Analysis of E-commerce Systems in Rich Internet Web 2.0 Applications,' 2011 15th Panhellenic Conference on Informatics, pp. 222–226, 2011.  A. A. Chuvakin, C. Phillips, and K. J. Schmidt, Logging and log management: the authoritative guide to understanding the concepts surrounding logging and log management. Newnes, 2013.  M. Nabil, S. Soukainat, A. Lakbabi, and O. Ghizlane, 'SIEM selection criteria for an efficient contextual security,' 2017 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6, May 2017.  J.-H. Hsiao, R. Tso, C.-M. Chen, and M.-E. Wu, 'Decentralized E-Voting System based on the Blockchain Technology,' Advances in Computer Science and Ubiquitous Computing, pp. 305–309, 2017.  G. Zyskind, O. Nathan, and A. sandy Pentland, 'Decentralizing Privacy: Using Blockchain to Protect Personal Data,' 2015 IEEE Security and Privacy Workshops, pp. 180–184, 2015.  S. Nakamoto, 'Bitcoin: A peer-to-peer electronic cash system,' 2008  Q. Gao and C. Zhang, 'Rolled versus plain fingerprints: Matching with cryptographic one-way hashes,' 2017 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp. 1–8, 2017.  J. D. Touch, 'Report on MD5 Performance,' ACM SIGCOMM Computer Communication Review, vol. 25, no. 4, pp. 77–86, 1995.  A. A. P. Ratna, P. D. Purnamasari, A. Shaugi, and M. Salman, 'Analysis and comparison of MD5 and SHA-1 algorithm implementation in Simple-O authentication based security system,' 2013 International Conference on QiR, pp. 99–104, 2013.  J. Buchmann, E. Dahmen, and M. Schneider, 'Merkle Tree Traversal Revisited,' Post-Quantum Cryptography Lecture Notes in Computer Science, pp. 63–78, 2008.  M. Bellare and P. Rogaway, 'Optimal asymmetric encryption,' Advances in Cryptology — EUROCRYPT94 Lecture Notes in Computer Science, pp. 92–111, 1994.  E. Fujisaki and T. Okamoto, 'Secure Integration of Asymmetric and Symmetric Encryption Schemes,' Annual International Cryptology Conference, pp. 537–554, Aug. 1999.  R. C. Merkle, 'A Certified Digital Signature,' Advances in Cryptology — CRYPTO' 89 Proceedings Lecture Notes in Computer Science, pp. 218–238.  R. C. Merkle, 'A Digital Signature Based on a Conventional Encryption Function,' Advances in Cryptology — CRYPTO '87 Lecture Notes in Computer Science, pp. 369–378, 1988.  J. Jonsson and B. Kaliski, 'Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1,' 2003.  H. Tewari and E. O. Nuallain, 'Netcoin: A Traceable P2P Electronic Cash System,' 2015 IEEE International Conference on Web Services, pp. 472–478, 2015.  S. Iyer, A. Rowstron, and P. Druschel, 'Squirrel,' Proceedings of the twenty-first annual symposium on Principles of distributed computing - PODC 02, pp. 213–222, 2002.  H. Watanabe, S. Fujimura, A. Nakadaira, Y. Miyazaki, A. Akutsu, and J. J. Kishigami, 'Blockchain contract: A complete consensus using blockchain,' 2015 IEEE 4th Global Conference on Consumer Electronics (GCCE), pp. 577–578, 2015.  L. Lamport, R. Shostak, and M. Pease, 'The Byzantine Generals Problem,' ACM Transactions on Programming Languages and Systems, vol. 4, no. 3, pp. 382–401, 1982.  A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Capkun, 'On the Security and Performance of Proof of Work Blockchains,' Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS16, pp. 3–16, 2016.  D. Kraft, 'Difficulty control for blockchain-based consensus systems,' Peer-to-Peer Networking and Applications, vol. 9, no. 2, pp. 397–413, 2015.  S. King and S. Nadal, 'PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake.' [Online]. Available: https://pdfs.semanticscholar.org/0db3/8d32069f3341d34c35085dc009a85ba13c13.pdf.  L. Daniel, 'Delegated Proof of Stake,' Graphene Documentation. [Online]. Available: http://docs.bitshares.org/bitshares/dpos.html.  G. Greenspan, 'MultiChain Private Blockchain — White Paper.' [Online]. Available: http://www. multichain. com/download/MultiChain-White-Paper. pdf.  Z. Li, J. Kang, R. Yu, D. Ye, Q. Deng, and Y. Zhang, 'Consortium Blockchain for Secure Energy Trading in Industrial Internet of Things,' IEEE Transactions on Industrial Informatics, 2017.  N. Koblitz and A. J. Menezes, 'Cryptocash, cryptocurrencies, and cryptocontracts,' Designs, Codes and Cryptography, vol. 78, no. 1, pp. 87–102, 2015.  V. Buterin, 'A next-generation smart contract and decentralized application platform,' 2014. [Online]. Available: https://cryptorating.eu/whitepapers/Ethereum/Ethereum_white_paper.pdf.  E. Heilman, F. Baldimtsi, and S. Goldberg, 'Blindly Signed Contracts: Anonymous On-Blockchain and Off-Blockchain Bitcoin Transactions,' Financial Cryptography and Data Security Lecture Notes in Computer Science, pp. 43–60, Feb. 2016.  J.-H. Hsiao, R. Tso, C.-M. Chen, and M.-E. Wu, 'Decentralized E-Voting Systems Based on the Blockchain Technology,' Advances in Computer Science and Ubiquitous Computing Lecture Notes in Electrical Engineering, pp. 305–309, 2017.  M. Vukolić, 'Rethinking Permissioned Blockchains,' Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts - BCC 17, pp. 3–7, Apr. 2017.  E. Androulaki, Y. Manevich, S. Muralidharan, C. Murthy, B. Nguyen, M. Sethi, G. Singh, K. Smith, A. Sorniotti, C. Stathakopoulou, M. Vukolić, A. Barger, S. W. Cocco, J. Yellick, V. Bortnikov, C. Cachin, K. Christidis, A. D. Caro, D. Enyeart, C. Ferris, and G. Laventman, 'Hyperledger fabric,' Proceedings of the Thirteenth EuroSys Conference on - EuroSys 18, Apr. 2018.|
Recently, the news of hackers hack into company's network has been heard and the personal data protection law has been issued, which have made company pay attention to the field of digital forensics. In order to achieve the principle of absolute liability in personal data protection law and be able to prove effectively after the event, the preservation of digital evidence is even more important. Also, the log data can be used as a track for tracking incidents, and it can prove behavior when a security incident happens. However, the log data can be easily modified, and it is hard to determine the integrity and original source of data. Therefore, it is more difficult for the judge to believe the admissibility of evidence and the probative value of evidence. In this study, we will aim at the need for company to preserve the digital evidence to develop a digital evidence preservation in log data. We use blockchain's unmodifiable feature to store log data in blockchain distributed ledger, and use the consortium blockchain to design a blockchain, which contains one server peer and some company peers. The server peer controls peer's permissions, and the company peers can store log data on the blockchain. When block is generated by mining peer, each peer will receive this block, thereby achieving the unmodifiable and consistency of log data. In the litigation, it can not only be used to prove the probative value of evidence, but also make the log data more powerful in admissibility of evidence. So that company can achieve the purpose of absolute liability and prove effectively after the event.
|Appears in Collections:||資訊管理學系|
Show full item record
TAIR Related Article
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.