Using Blockchain for Digital Evidence Preservation in Log Data

Abstract

近來駭客入侵企業網路的新聞時有所聞及個資法的上路，使得企業開始重視數位鑑識領域，為了達到個資法中無過失免責的原則以及能在事後有效舉證，數位證據保全更顯得重要。而日誌資料在資安事件發生時，在法律上可作為追蹤事件的管道與證明行為之軌跡，但日誌資料能輕易被修改，不易確定資料完整性及原始來源，因此要讓法官相信日誌資料的證據力及證據能力時更顯得困難。故本研究針對企業欲保存數位證據保全之需求，開發日誌資料之數位證據保全，利用區塊鏈的不可竄改性將日誌資料儲存在區塊鏈分散式帳本中，利用區塊鏈中聯盟鏈的概念，設計了一條包含伺服器節點及各企業節點之區塊鏈，由伺服器控管節點權限，企業可將日誌資料儲存至區塊鏈上，產生區塊後各節點皆會收到此區塊，以此達 到資料的不可竄改性及一致性。在訴訟上可利用此技術承認日誌資料之證據能力，也加強了日誌資料之證據力，使企業達到個資法上無過失免責及舉證之目的。Recently, the news of hackers hack into company's network has been heard and the personal data protection law has been issued, which have made company pay attention to the field of digital forensics. In order to achieve the principle of absolute liability in personal data protection law and be able to prove effectively after the event, the preservation of digital evidence is even more important. Also, the log data can be used as a track for tracking incidents, and it can prove behavior when a security incident happens. However, the log data can be easily modified, and it is hard to determine the integrity and original source of data. Therefore, it is more difficult for the judge to believe the admissibility of evidence and the probative value of evidence. In this study, we will aim at the need for company to preserve the digital evidence to develop a digital evidence preservation in log data. We use blockchain's unmodifiable feature to store log data in blockchain distributed ledger, and use the consortium blockchain to design a blockchain, which contains one server peer and some company peers. The server peer controls peer's permissions, and the company peers can store log data on the blockchain. When block is generated by mining peer, each peer will receive this block, thereby achieving the unmodifiable and consistency of log data. In the litigation, it can not only be used to prove the probative value of evidence, but also make the log data more powerful in admissibility of evidence. So that company can achieve the purpose of absolute liability and prove effectively after the event.Chapter 1 緒論 1 1.1 前言 1 1.2 動機與目的 4 1.3 論文架構 6 Chapter 2 文獻探討 7 2.1. 日誌資料(Log File) 7 2.1.1. 日誌檔輸出 8 2.1.2. 日誌資料管理 10 2.2. 區塊鏈(Blockchain) 12 2.2.1. 區塊結構 13 2.2.2. 區塊鏈技術 14 2.2.2.1. 雜湊函式(Hash Function) 14 2.2.2.2. 默克爾樹(Merkle Tree) 15 2.2.2.3. 公開金鑰基礎建設(Public Key Infrastructure, PKI) 16 2.2.2.4. 對等式網路(Peer-to-Peer, P2P) 19 2.2.3. 區塊鏈運作流程 20 2.2.4. 共識機制 20 2.2.4.1. 工作量證明(Proof of Work, POW) 21 2.2.4.2. 權益證明(Proof of Stake, POS) 23 2.2.4.3. 授權股權證明機制(Delegate Proof of Stake, DPOS) 24 2.2.5. 區塊鏈類型 24 2.2.6. 應用 25 2.2.6.1. 比特幣(Bitcoin) 25 2.2.6.2. 以太坊(Ethereum) 25 2.2.6.3. 超級帳本(Hyperledger) 26 Chapter 3 系統設計 29 3.1. 系統分析與目的 29 3.2. 系統概述 29 3.2.1. 分散式系統架構 30 3.2.2. 系統流程 30 3.2.3. 系統設計 31 3.2.3.1. 寫入日誌資料 32 3.2.3.2. 區塊產生 35 3.2.3.3. 資料同步傳輸 36 3.2.3.4. 驗證日誌資料 37 3.2.3.5. 共識機制 39 Chapter 4 系統實作 40 4.1. 系統環境 40 4.2. 實作成果 41 4.2.1. 寫入日誌資料 41 4.2.2. 區塊產生 44 4.2.3. 資料同步傳輸 46 4.2.4. 驗證日誌資料 48 4.2.5. 網頁呈現 50 4.3. 系統評估 52 Chapter 5 結論與未來研究 53 Reference 5