[go: up one dir, main page]

CN100403326C - Integrity Preservation Method of Digital Evidence Based on Computer Forensics - Google Patents

Integrity Preservation Method of Digital Evidence Based on Computer Forensics Download PDF

Info

Publication number
CN100403326C
CN100403326C CNB2006100136100A CN200610013610A CN100403326C CN 100403326 C CN100403326 C CN 100403326C CN B2006100136100 A CNB2006100136100 A CN B2006100136100A CN 200610013610 A CN200610013610 A CN 200610013610A CN 100403326 C CN100403326 C CN 100403326C
Authority
CN
China
Prior art keywords
information
signature
record
sha
mod
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2006100136100A
Other languages
Chinese (zh)
Other versions
CN1845116A (en
Inventor
孙济洲
綦朝晖
戴银华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CNB2006100136100A priority Critical patent/CN100403326C/en
Publication of CN1845116A publication Critical patent/CN1845116A/en
Application granted granted Critical
Publication of CN100403326C publication Critical patent/CN100403326C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

一种基于计算机取证的数字证据完整性保存方法。解决现有技术无法实现取证信息的完整性实时保护的问题。本发明方法是在新产生的第i条信息记录mi生成时就进行复制、签名和安全存储(mi’),得到被取证计算机系统S对mi的数字签名ri和si;当签名完成,S就将签名ri、si和信息记录mi’、记录序列号i以及该记录生成的时间ti发送到安全存储对象M中,并调用安全散列SHA算法对mi’‖i‖ti‖SHA(i-1)进行信息摘要,完成保存过程。本发明方法在入侵前、入侵中即可实时地对可能的犯罪证据进行完整性保护,避免入侵者的恶意破坏,使得事后的调查取证信息具有客观性、真实性,符合法律规定,具备合法证据所要求的特征。

Figure 200610013610

A method for preserving the integrity of digital evidence based on computer forensics. It solves the problem that the existing technology cannot realize the real-time protection of the integrity of the forensic information. The method of the present invention is to copy, sign and securely store (m i ') when the newly generated i-th information record m i is generated, and obtain the digital signature r i and si of the forensic computer system S to mi; when After the signature is completed, S sends the signature ri , s i and the information record m i ', the record serial number i and the time t i when the record was generated to the secure storage object M, and calls the secure hash SHA algorithm to m i ' ‖i‖t i ‖SHA (i-1) performs information summary and completes the preservation process. The method of the present invention can protect the integrity of possible criminal evidence in real time before and during the invasion, avoiding the malicious damage of the intruder, so that the after-the-fact investigation and evidence collection information has objectivity and authenticity, conforms to legal regulations, and has legal evidence required characteristics.

Figure 200610013610

Description

基于计算机取证的数字证据完整性保存方法 Integrity Preservation Method of Digital Evidence Based on Computer Forensics

【技术领域】: 【Technical field】:

本发明属于计算机证据的安全保护领域。通过实时地对被保护计算机系统中所产生的可能的犯罪证据进行固定,实现计算机犯罪证据的原始性保护。The invention belongs to the field of security protection of computer evidence. By fixing possible criminal evidence generated in the protected computer system in real time, the original protection of computer criminal evidence is realized.

【背景技术】: 【Background technique】:

近年来,计算机网络犯罪案件急剧上升,网络犯罪已经成为普遍关心的国际性问题。而打击计算机网络犯罪的关键是找到充分、可靠、具有法律效力的电子证据。因此,计算机取证受到了越来越多的关注,并成为计算机网络安全领域的研究热点。In recent years, computer network crime cases have risen sharply, and network crime has become an international issue of general concern. The key to combating computer network crimes is to find sufficient, reliable and legally effective electronic evidence. Therefore, computer forensics has received more and more attention and has become a research hotspot in the field of computer network security.

计算机取证就是对计算机犯罪的证据进行获取、保存、分析和出示,主要包括物理证据和数字证据两个方面。物理证据就是指合法的调查人员来到计算机犯罪或者入侵现场,寻找并扣留相关的计算机硬件;数字证据是指从原始数据(包括文件、日志等)中寻找用来证明某种具体犯罪行为的电子证据。与其他合法的证据一样,这些电子证据必须真实、合法。Computer forensics is the acquisition, preservation, analysis and presentation of computer crime evidence, mainly including physical evidence and digital evidence. Physical evidence means that legitimate investigators come to the scene of a computer crime or intrusion to find and detain relevant computer hardware; digital evidence means finding electronic evidence from raw data (including files, logs, etc.) evidence. Like other legal evidence, these electronic evidence must be authentic and legal.

一般来说,物理证据的安全性保护比较容易。而电子证据由于自身具有易修改、易删除等特点,使得它们的安全性保护变得困难。如果这些电子证据从产生的时刻到提交到合法的调查人员手中这一过程中发生了任何一点改变,都将使它们失去法律效力。因此,如何保证所提交的电子证据与原始的电子信息完全一致,变得十分重要。Generally speaking, the security protection of physical evidence is relatively easy. However, due to the characteristics of easy modification and deletion of electronic evidence, it is difficult to protect their security. Any change in the electronic evidence from the moment it is generated to when it is submitted to legitimate investigators renders it legally invalid. Therefore, how to ensure that the submitted electronic evidence is completely consistent with the original electronic information has become very important.

当前,在这一研究领域中,国内外的理论研究状况大都是跟踪研究居多、源头创新思想较少,许多研究成果都是停留在一个统一的模式上:被取证机、取证机和分析机。这样的研究模式几乎是跟踪入侵检测系统的框架结构,没有体现入侵取证的具体目标,反倒是继承了入侵检测系统的一些安全缺陷,如自身安全保护不力、漏报和误报率高、资源消耗庞大、所保留的证据文件不具有严格的法律效力且易于被篡改。与具体的理论研究工作进展不同的是,已经出现了不少的取证工具软件,如TCT(the Coronor’s Toolkit)和Encase等取证软件。但是,这些工具软件的重点都是如何恢复被删除的文件,如何在事后文件信息中提取证据。随着网络入侵形式的多样化和反取证技术的出现,它们的实用性将受到大的限制。并且,一旦包含入侵信息的数据被删除或者在正式提交之前就已经被恶意篡改的话,它们将失去法律效力。At present, in this research field, the theoretical research at home and abroad is mostly follow-up research, with few original innovative ideas, and many research results are stuck in a unified model: forensics machine, evidence machine and analysis machine. Such a research model is almost tracking the framework structure of the intrusion detection system. It does not reflect the specific goal of intrusion forensics. Instead, it inherits some security defects of the intrusion detection system, such as weak self-security protection, high rate of missed and false positives, and resource consumption. Huge, preserved evidence files do not have strict legal effect and are easily tampered with. Different from the progress of specific theoretical research work, there have been many forensics tool software, such as TCT (the Coronor's Toolkit) and Encase and other forensics software. However, the focus of these tool software is how to restore deleted files and how to extract evidence from file information afterwards. With the diversification of network intrusion forms and the emergence of anti-forensics technology, their practicality will be greatly limited. Also, once the data containing intrusion information is deleted or has been maliciously tampered with before being officially submitted, they will lose their legal effect.

【发明内容】: 【Invention content】:

本发明的目的是解决现有计算机取证技术无法实现取证信息的完整性实时保护的问题,提供一种基于计算机取证的数字证据完整性保证方法。The purpose of the present invention is to solve the problem that the existing computer forensics technology cannot realize the real-time protection of the integrity of forensic information, and provide a method for ensuring the integrity of digital evidence based on computer forensics.

本发明提供的基于计算机取证的数字证据完整性保存方法,是在主机系统运行期间,实时地记录主机产生的可能与入侵相关的每一条关键信息即取证信息,并采取一致性算法对这些信息记录进行保护;The method for preserving the integrity of digital evidence based on computer forensics provided by the present invention is to record in real time every piece of key information generated by the host computer that may be related to the intrusion, that is, evidence collection information, during the operation of the host system, and adopt a consistency algorithm to record these information to protect;

具体包括:Specifically include:

第一、取证信息的安全签名与转移First, secure signature and transfer of evidence collection information

在新产生的信息记录mi生成的同时,进行复制、签名和安全存储,信息记录签名的详细步骤如下:When the newly generated information record m i is generated, it is copied, signed and stored safely. The detailed steps of information record signature are as follows:

a.S产生满足条件的素数p和q,并选择h,计算g;a.S generates prime numbers p and q that meet the conditions, selects h, and calculates g;

b.由于签名过程中用到的r值与具体的信息无关,因此可以产生一串随机的小于q的k值,并且计算出与之对应的r值,对每个k值,计算出k-1,其中,0<k<q,.(k-1k)mod q=1,r=(gk mod p)mod q;b. Since the r value used in the signature process has nothing to do with the specific information, a string of random k values smaller than q can be generated, and the corresponding r value can be calculated. For each k value, k- 1 , where, 0<k<q, .(k -1 k)mod q=1, r=(g k mod p)mod q;

c.当一条新的信息记录mi产生,就会产生一份完全的拷贝mi’,此时,从b的结果中取出一组值:(ki,k-1 i,r1);c. When a new information record m i is generated, a complete copy m i ' will be generated. At this time, a set of values is taken from the result of b: (k i , k -1 i , r 1 );

d.S随机取值xi作为第i条信息记录的私人密钥,并计算出相应的公开密钥yidS randomly selects the value x i as the private key of the i-th information record, and calculates the corresponding public key y i ;

e.根据公式s=(k-1(SHA(m)+xr))mod q计算出相应的si,其中,m=mi’||i||ti。如果mi’中包含时刻ti,则m的表达式中不再考虑tie. Calculate the corresponding s i according to the formula s=(k −1 (SHA(m)+xr)) mod q, where m=m i '||i||t i . If moment t i is included in m i ', t i is no longer considered in the expression of m;

f.经过前面各步所得到的ri和si就是被取证计算机系统S对第i条信息记录mi的数字签名;当一条新的信息记录的签名完成,S就将签名ri、si和信息记录mi’、记录序列号i以及该记录生成的时间ti发送到安全存储对象M中;f. The r i and s i obtained through the previous steps are the digital signatures of the i-th information record m i by the computer system S to be forensic; when the signature of a new information record is completed, S will sign r i and s i and the information record m i ', the record sequence number i and the time t i when the record was generated are sent to the secure storage object M;

g.当第i条信息记录的签名和其相关信息存储到M时,调用安全散列SHA算法对mi’||i||ti||SHA(i-1)进行信息摘要,即:SHAi=SHA(mi’||i||ti||SHA(i-1)),由于这是一个递推式,当第i条信息记录的相关信息到达时,第i-1条信息记录的信息摘要SHA(i-1)已经生成;g. When the signature of the i-th information record and its related information are stored in M, call the secure hash SHA algorithm to perform information digest on m i '||i||t i ||SHA (i-1) , namely: SHA i =SHA(m i '||i||t i ||SHA (i-1) ), since this is a recursive formula, when the relevant information of the i-th information record arrives, the i-1th The information digest SHA (i-1) of the information record has been generated;

第二、重复进行上述取证信息的安全签名与转移过程至全部取证文件记录完成;Second, repeat the process of securely signing and transferring the above-mentioned evidence collection information until all the evidence collection documents are recorded;

其中符号与参数:Among them, symbols and parameters:

“||”表示字符串的连接操作;"||" indicates the concatenation operation of strings;

“S”,表示被保护的计算机系统,即被取证机;"S" means the protected computer system, that is, the forensics machine;

“V”,表示取证信息记录完整性验证者;"V" indicates the verifier of the integrity of the forensic information record;

“mi”,表示计算机在关键性文件中所产生的第i条信息记录;“m i ” means the i-th information record generated by the computer in the key file;

“mi’”表示在第i条信息记录“mi”产生的同时进行复制转移,并存放在足够安全的地方这一过程中用于安全复制转移的对象;"m i '" indicates the object used for safe copy transfer during the process of copying and transferring when the i information record "m i "is generated, and storing it in a sufficiently safe place;

“ti”表示计算机在相应的关键性文件中所产生的第i条记录的时刻;“t i ” indicates the moment of the i-th record generated by the computer in the corresponding key file;

系统参数System parameters

本发明的取证信息完整性保存方法可以看成是被取证机S即签名者和用户V即验证者之间使用协议的集合,在取证信息完整性协议中,要用到与DSA相同的系统参数,取证信息完整性保护协议的系统参数为:The method for preserving the integrity of forensic information of the present invention can be regarded as a set of protocols used between the forensic machine S, which is the signer, and user V, which is the verifier. In the forensic information integrity protocol, the same system parameters as DSA are used. , the system parameters of the forensic information integrity protection protocol are:

“p”,是L位长的素数,其中L从512到1024位且是64的倍数;"p" is a prime number of L bits long, where L is from 512 to 1024 bits and is a multiple of 64;

“q”,是160位长且与p-1互素的因子;"q", is a 160-bit long factor that is relatively prime to p-1;

“g”,g=h(p-1)/qmod p,其中h是小于p-1并且满足h(p-1)/qmod p大于1的任意数;"g", g=h (p-1)/q mod p, wherein h is any number smaller than p-1 and satisfying that h (p-1)/q mod p is greater than 1;

“x”,是小于q的数;"x" is a number less than q;

“y”,y=gx mod p;另外,算法中还使用一个单向散列函数H(m),标准指定了安全散列算法SHA;"y", y=g x mod p; In addition, a one-way hash function H(m) is also used in the algorithm, and the standard specifies the secure hash algorithm SHA;

上述参数中,p,q和g是公开的,且可以为网络中的所有用户公有,x为私人密钥,y为公开密钥。Among the above parameters, p, q and g are public and can be shared by all users in the network, x is a private key, and y is a public key.

上述关键信息记录包括但不限于主机系统产生的日志以及网络日志,防火墙日志,入侵检测系统日志等。The above-mentioned key information records include but are not limited to logs generated by the host system, network logs, firewall logs, intrusion detection system logs, etc.

一种用上述方法保存的取证信息完整性的验证方法,该验证方法包括:A method for verifying the integrity of forensic information preserved by the above method, the verification method comprising:

第一、取证信息签名和信息摘要的验证,具体过程如下:First, the verification of forensic information signature and information digest, the specific process is as follows:

a.信息一致性验证者V通过常用的身份认证协议向安全存储对象M证明自己的合法身份,在取得合法身份之后,准许对任何信息记录的数字签名和信息摘要进行验证;a. The information consistency verifier V proves his legal identity to the secure storage object M through the commonly used identity authentication protocol. After obtaining the legal identity, he is allowed to verify the digital signature and information summary of any information record;

b.验证S的签名有效,对第i条信息记录签名的验证过程为:b. Verify that the signature of S is valid, and the verification process for the i-th information record signature is:

①把si代入公式w=s-1 mod q,计算出wi①Substitute s i into the formula w=s -1 mod q to calculate w i ;

②u1=(SHA(mi’||i||ti)×wi)mod q,u2=(riwi)mod q,则vi=((gu1×yu2)mod p)mod q;②u 1 =(SHA(m i '||i||t i )×w i )mod q, u 2 =(r i w i )mod q, then v i =((g u1 ×y u2 )mod p ) mod q;

经过计算,当vi=ri,则S的签名有效,即:mi’≡miAfter calculation, when v i = ri , the signature of S is valid, that is: m i '≡m i ;

当验证过程中发现vi≠ri,说明签名无效,表明mi’已经被修改,mi’中所记录的信息不再有效,不具有法律效力;When v i ≠ r i is found during the verification process, it means that the signature is invalid, indicating that m i ' has been modified, and the information recorded in m i ' is no longer valid and has no legal effect;

c.验证第i条签名所对应的信息摘要是否有效:c. Verify that the information digest corresponding to the i-th signature is valid:

把第i条签名所对应的mi’,i,ti值以及第i-1条签名所对应的信息摘要值SHA(i-1)代入公式SHA(mi’||i||ti||SHA(i-1)),得到SHAi’,当SHAi’=SHAi,则第i条签名所对应的信息摘要值有效,这表明第i条签名与第i-1条签名之间没有任何记录被删除或者添加;Substitute the m i ', i, t i value corresponding to the i-th signature and the information digest value SHA (i-1) corresponding to the i-1 signature into the formula SHA(m i '||i||t i ||SHA (i-1) ), get SHA i ', when SHA i '=SHA i , the information digest value corresponding to the i-th signature is valid, which indicates that the difference between the i-th signature and the i-1 signature No records were deleted or added during the period;

第二、重复进行上述取证信息的验证过程至全部取证文件记录验证完成。Second, repeat the verification process of the above-mentioned evidence collection information until the verification of all the evidence collection document records is completed.

本发明的优点和积极效果:与现有技术相比,本发明具有以下有益效果:Advantages and positive effects of the present invention: compared with prior art, the present invention has the following beneficial effects:

1、取证信息的合法性。每一条取证信息都通过固定的算法进行签名和哈希迭代处理,通过严格的数学推理可以证明验证成功的取证信息是合法的。1. The legitimacy of the information collected. Each piece of forensic information is signed and hashed iteratively through a fixed algorithm, and strict mathematical reasoning can prove that the successfully verified forensic information is legal.

2、取证信息完整性保护过程的安全性。本方法所保存的每一条信息记录都是在其生成的时候同时复制到安全的缓冲区中(而不是存入文件中),随后对其进行签名和哈希迭代处理,在保证其原始性的同时又能防止其他进程对信息记录的修改,因而具有很高的安全性。2. The security of the integrity protection process of forensic information. Each information record saved by this method is copied to a safe buffer (rather than stored in a file) at the same time when it is generated, and then it is signed and hashed iteratively to ensure its originality. At the same time, it can prevent other processes from modifying information records, so it has high security.

3、本方法具有较低的运行代价。采用多线程技术,信息记录和签名并行处理,需要的cpu资源和内存资源都较少。3. This method has a lower operating cost. Using multi-thread technology, information records and signatures are processed in parallel, requiring less CPU resources and memory resources.

4、更高的实时性。本方法中采用的算法在保证取证信息完整性的前提下,能够实时地对原始的证据信息进行完整性保护与安全转移。本发明方法在前两个阶段,即入侵前、入侵中(见图1)即可实时地对可能的犯罪证据进行完整性保护,避免入侵者的恶意破坏,使得事后的调查取证信息具有客观性、真实性,符合法律规定,具备合法证据所要求的特征。4. Higher real-time performance. The algorithm adopted in the method can protect the integrity and securely transfer the original evidence information in real time under the premise of ensuring the integrity of the evidence collection information. The method of the present invention can protect the integrity of possible criminal evidence in real time in the first two stages, that is, before the invasion and during the invasion (see Figure 1), so as to avoid the malicious destruction of the intruder and make the investigation and evidence collection information after the event objective , authenticity, compliance with the law, and the characteristics required by legal evidence.

【附图说明】:[Description of drawings]:

图1是描述计算机被入侵的全过程示意图;Fig. 1 is a schematic diagram describing the whole process of a computer being invaded;

图2取证信息记录的安全签名与转移流程图;Figure 2 is a flow chart of secure signature and transfer of evidence collection information records;

图3是信息签名与转移的程序测试流程;Figure 3 is the program testing process of information signature and transfer;

图4是数字签名验证的程序测试流程;Fig. 4 is the program testing process of digital signature verification;

图5是没有任何信息被修改或者删除时的验证结果;Figure 5 is the verification result when no information is modified or deleted;

图6是当第4条信息纪录被篡改时的验证结果;Figure 6 is the verification result when the fourth information record is tampered with;

图7是当删除第5、6条信息纪录时的验证结果。Fig. 7 is the verification result when the 5th and 6th information records are deleted.

【具体实施方式】:【Detailed ways】:

实施例1Example 1

如图1-4所示,计算机证据的完整性验证是计算机证据鉴定中的关键问题。计算机取证工作的难点之一就是证明取证人员所搜集的证据没有被修改过。图1描述了计算机被入侵的全过程,这一过程可分为三个阶段:入侵前、入侵中,入侵后。其中,在入侵前期,入侵者首先确定攻击目标,并使用各种扫描工具对目标系统进行远程扫描,以获取目标系统的脆弱性,为下一阶段的成功入侵搜集信息;在入侵中,入侵者根据第一阶段所搜集到的信息,利用各种入侵技术或者工具成功地入侵目标系统;在计算机系统被发现已经被成功入侵或者正在被入侵之后,入侵过程进入第三阶段。显然,在前两个阶段确保犯罪证据的安全性和完整性与入侵后同样重要,因此,本发明提出取证信息的完整性实时保护方法。该方法由以下步骤完成:As shown in Figure 1-4, the integrity verification of computer evidence is a key issue in the identification of computer evidence. One of the most difficult aspects of computer forensics is proving that the evidence collected by the forensic investigator has not been altered. Figure 1 describes the whole process of a computer being invaded, which can be divided into three stages: before the intrusion, during the intrusion, and after the intrusion. Among them, in the early stage of the invasion, the intruder first determines the attack target, and uses various scanning tools to remotely scan the target system to obtain the vulnerability of the target system and collect information for the next stage of successful intrusion; during the intrusion, the intruder According to the information collected in the first stage, various intrusion techniques or tools are used to successfully invade the target system; after the computer system is found to have been successfully invaded or is being invaded, the intrusion process enters the third stage. Apparently, ensuring the security and integrity of criminal evidence in the first two stages is as important as after the intrusion. Therefore, the present invention proposes a real-time protection method for the integrity of forensic information. This method is accomplished by the following steps:

第一步,取证信息的保存The first step, preservation of forensic information

(1)符号与基本定义(1) Symbols and basic definitions

“||表示字符串的连接操作;"|| indicates the concatenation operation of strings;

“S”,表示被保护的计算机系统;"S" means a protected computer system;

“V”,表示取证信息记录完整性验证者;"V" indicates the verifier of the integrity of the forensic information record;

“mi”,在计算机系统中,一些关键性的文件如系统日志、网络信息记录等文件中包含许多信息记录,通过查看这些记录,可以检查错误发生的原因,或者系统受到攻击时攻击者所留下的证据,为了方便描述,我们用“mi”表示计算机在关键性文件中所产生的第i条信息记录;"m i ", in the computer system, some key files such as system logs, network information records and other files contain many information records. The remaining evidence, for the convenience of description, we use "m i " to represent the i-th information record generated by the computer in the key file;

“mi’”,目前,还没有一种加密方法能够阻止入侵者对关键文件以及关键文件中的信息记录进行删除或者添加等恶意行为,解决这个问题需要在信息记录产生时就进行复制转移,并存放在足够安全的地方,这个地方可以是受到安全保护的文件或者是安全的输出机,其中,“mi’”就是“mi”在这一过程中用于安全复制转移的对象;"m i '", at present, there is no encryption method that can prevent intruders from deleting or adding malicious behaviors such as key files and information records in key files. To solve this problem, copy and transfer information records when they are generated. And stored in a safe enough place, this place can be a file under safety protection or a safe output machine, where "m i '" is the object used by "m i " for safe copy transfer during this process;

“ti”表示计算机在相应的关键性文件中所产生的第i条记录的时刻;“t i ” indicates the moment of the i-th record generated by the computer in the corresponding key file;

(2)系统参数(2) System parameters

本发明的取证信息完整性保存方法可以看成是被取证机S即签名者和用户V即验证者之间使用协议的集合,在取证信息完整性协议中,要用到与DSA相同的系统参数,取证信息完整性保护协议的系统参数为:The method for preserving the integrity of forensic information of the present invention can be regarded as a set of protocols used between the forensic machine S, which is the signer, and user V, which is the verifier. In the forensic information integrity protocol, the same system parameters as DSA are used. , the system parameters of the forensic information integrity protection protocol are:

“p”,是L位长的素数,其中L从512到1024位且是64的倍数;"p" is a prime number of L bits long, where L is from 512 to 1024 bits and is a multiple of 64;

“q”,是160位长且与p-1互素的因子;"q", is a 160-bit long factor that is relatively prime to p-1;

“g”,g=h(p-1)/q mod p,其中h是小于p-1并且满足h(p-1)/q mod p大于1的任意数;“x”,是小于q的数;"g", g=h (p-1)/q mod p, where h is any number less than p-1 and satisfying that h (p-1)/q mod p is greater than 1; "x" is less than q number;

“y”,y=gx mod p;另外,算法中还使用一个单向散列函数H(m),标准指定了安全散列算法SHA;"y", y=g x mod p; In addition, a one-way hash function H(m) is also used in the algorithm, and the standard specifies the secure hash algorithm SHA;

上述参数中,p,q和g是公开的,且可以为网络中的所有用户公有,x为私人密钥,y为公开密钥;Among the above parameters, p, q and g are public and can be shared by all users in the network, x is the private key, and y is the public key;

(3)取证信息的安全签名与转移(3) Secure signature and transfer of evidence collection information

为了快速地对新产生的信息记录mi进行安全转移,必须在mi生成的时候就进行复制、签名和安全存储,这一过程可以用图2所示的流程来描述。信息记录签名的详细步骤如下:In order to quickly and securely transfer the newly generated information record mi , copying, signing and safe storage must be performed when mi is generated. This process can be described by the process shown in Figure 2. The detailed steps of information record signature are as follows:

(a)S产生满足条件的素数p和q,计算g=h(p-1)/qmod p,且h<p-1,且h(p-1)/qmodp>1,其中,p,q,g是公开的;(a) S produces prime numbers p and q that satisfy the conditions, calculate g=h (p-1)/q mod p, and h<p-1, and h (p-1)/q mod p>1, where p , q, g are public;

(b)由于签名过程中用到的r值与具体的信息无关,因此可以产生一串随机的小于q的k值,并且计算出与之对应的r值,对每个k值,计算出k-1,其中,0<k<q,(k-1k)mod q=1,r=(gk mod p)mod q;(b) Since the r value used in the signature process has nothing to do with the specific information, it is possible to generate a series of random k values smaller than q, and calculate the corresponding r value, and for each k value, calculate k -1 , where, 0<k<q, (k -1 k)mod q=1, r=(g k mod p)mod q;

(c)当一条新的信息记录mi产生,就会产生一份完全的拷贝mi’,此时,从(b)的结果中取出一组值:(ki,k-1 i,ri);(c) When a new information record m i is generated, a complete copy m i ' will be generated. At this time, a set of values is taken from the result of (b): (k i , k -1 i , r i );

(d)S随机取值xi作为第i条信息记录的私人密钥,xi<q,并根据公式y=gk modp计算出相应的公开密钥yi(d) S randomly selects the value x i as the private key of the i-th information record, x i <q, and calculates the corresponding public key y i according to the formula y=g k modp;

(e)根据公式s=(k-1(SHA(m)+xr))mod q计算出相应的si,其中,m=mi’||i ||ti。如果mi’中包含时刻ti,则m的表达式中不再考虑ti(e) Calculate the corresponding si according to the formula s=(k −1 (SHA(m)+xr))mod q, where m=m i '||i ||t i . If moment t i is included in m i ', t i is no longer considered in the expression of m;

(f)经过前面各步所得到的ri和si就是被取证计算机系统S对第i条信息记录mi的数字签名;当一条新的信息记录的签名完成,S就将签名ri、si和信息记录mi’、记录序列号i以及该记录生成的时间ti发送到安全存储对象M中;(f) The r i and si obtained through the previous steps are the digital signatures of the i-th information record m i by the computer system S to be forensic; when the signature of a new information record is completed, S will sign r i , s i and information record m i ', record sequence number i and the time t i when the record was generated are sent to the secure storage object M;

(g)当第i条信息记录的签名和其相关信息存储到M时,调用安全散列SHA算法对mi’||i||ti||SHA(i-1)进行信息摘要,即:SHAi=SHA(mi’||i||ti||SHA(i-1)),由于这是一个递推式,当第i条信息记录的相关信息到达时,第i-1条信息记录的信息摘要SHA(i-1)已经生成;(g) When the signature of the i-th information record and its related information are stored in M, call the secure hash SHA algorithm to perform information digest on m i '||i||t i ||SHA (i-1) , that is : SHA i =SHA(m i '||i||t i ||SHA (i-1) ), since this is a recursive formula, when the relevant information of the i-th information record arrives, the i-1 The information digest SHA (i-1) of information records has been generated;

(4)重复进行上述取证信息的安全签名与转移过程至全部取证文件记录完成。(4) Repeat the process of securely signing and transferring the above-mentioned forensic information until the records of all forensic documents are completed.

第二步,取证信息签名的验证The second step is the verification of the signature of the forensic information

在M中,每一条信息记录都经过了图2所示的流程进行签名和信息摘要,且整个过程都由S完成,那么,当签名和信息摘要被正确验证,就可以确定其完整性。下面是签名和信息摘要的验证过程:In M, each information record has been signed and digested through the process shown in Figure 2, and the whole process is completed by S. Then, when the signature and digest are verified correctly, its integrity can be determined. The verification process of the signature and message digest is as follows:

(a)信息一致性验证者V通过常用的身份认证协议向安全存储对象M证明自己的合法身份。在取得合法身份之后,可以对任何信息记录的数字签名和信息摘要进行验证。下面以验证第i条信息记录签名为例;(a) The information consistency verifier V proves his legal identity to the secure storage object M through common identity authentication protocols. After obtaining legal identity, the digital signature and information digest of any information record can be verified. The following is an example of verifying the i-th information record signature;

(b)验证S的签名有效:(b) Verify that the signature of S is valid:

①把si代入公式w=s-1mod q,计算出wi①Substitute s i into the formula w=s -1 mod q to calculate w i ;

②u1=(SHA(mi’||i||ti)×wi)mod q,u2=(riwi)mod q,则vi=((gu1×yu2)mod p)mod q。经过计算,如果vi=ri,则S的签名有效,即:mi’≡mi。如果在验证过程中发现vi≠ri,说明签名无效,它表明mi’已经被修改,mi’中所记录的信息不再有效,不具有法律效力。②u 1 =(SHA(m i '||i||t i )×w i )mod q, u 2 =(r i w i )mod q, then v i =((g u1 ×y u2 )mod p ) mod q. After calculation, if v i = ri , the signature of S is valid, that is: m i '≡m i . If v i ≠ r i is found during the verification process, it means that the signature is invalid, and it indicates that m i ' has been modified, and the information recorded in m i ' is no longer valid and has no legal effect.

(c)验证第i条签名所对应的信息摘要是否有效:(c) Verify that the information digest corresponding to the i-th signature is valid:

把第i条签名所对应的mi’,i,ti值以及第i-1条签名所对应的信息摘要值SHA(i-1)代入公式SHA(mi’||i||ti||SHA(i-1)),得到SHAi’,如果SHAi’=SHAi,则第i条签名所对应的信息摘要值有效,这表明第i条签名与第i-1条签名之间没有任何记录被删除或者添加。Substitute the m i ', i, t i value corresponding to the i-th signature and the information digest value SHA (i-1) corresponding to the i-1 signature into the formula SHA(m i '||i||t i ||SHA (i-1) ), get SHA i ', if SHA i '=SHA i , then the information digest value corresponding to the i-th signature is valid, which indicates that the difference between the i-th signature and the i-1 signature No records were deleted or added during the period.

重复进行上述取证信息的验证过程至全部取证文件记录验证完成。Repeat the verification process of the above-mentioned forensic information until the verification of all forensic document records is completed.

实施例2Example 2

取证信息完整性保护协议的测试效果Test Effects of Forensic Information Integrity Protection Protocol

首先对取证信息进行安全签名与转移(祥见实施例1),其程序测试流程如图3所示。该程序循环首先检测缓冲区是否存在要进行签名的数据,若有,则读出这条记录,判断是否是第一条记录,若是,则计算其SHA摘要,然后计算其签名,若不是,则将上一条记录得到的摘要值加入到这条信息中再进行哈希,最后保存这个信息摘要,并把这条记录及其摘要、签名、公钥以及记录号进行安全保存,然后从缓冲区中删除这条记录。First, securely sign and transfer the evidence collection information (see Example 1), and its program testing process is shown in Figure 3. The program loop first checks whether there is data to be signed in the buffer, and if so, reads out this record to determine whether it is the first record, if so, calculates its SHA digest, and then calculates its signature, if not, then Add the summary value obtained from the previous record to this information and then hash it, and finally save the information summary, and save this record and its summary, signature, public key and record number safely, and then retrieve the information from the buffer Delete this record.

接下来对已经进行安全签名与保存的信息记录进行验证,其程序测试流程如图4所示。程序从数据库中读出第一行数据,首先验证其签名的正确性,然后判断其是否第一条记录,若是,则计算其hash值与这条记录保存的hash值比较,若不是,则将从上一条记录中得到的hash值加入到记录中再计算其hash值,与该行中保存的hash值进行比较,若相等,则可验证这条记录出现在正确的位置上,即该条记录与上一条记录之间无任何添加的或删除的记录。Next, verify the information records that have been safely signed and saved, and the program testing process is shown in Figure 4. The program reads the first row of data from the database, first verifies the correctness of its signature, and then judges whether it is the first record, if so, calculates its hash value and compares it with the hash value saved in this record, if not, then compares it to The hash value obtained from the previous record is added to the record and then its hash value is calculated, compared with the hash value saved in this row, if they are equal, it can be verified that this record appears in the correct position, that is, this record There are no added or deleted records from the previous record.

现假设有如下一些取证信息:1111111111、2222222222、aaaaaaaaaa、bbbbbbbbbb、cccccccccc、3333333333、ttyyuu1177、556677hhkk。Now assume that there are some forensic information as follows: 1111111111, 2222222222, aaaaaaaaaa, bbbbbbbbbb, cccccccccc, 3333333333, ttyyuu1177, 556677hhkk.

当这8条信息记录未被改动时,其验证结果如图5所示。When the eight information records have not been changed, the verification result is shown in Figure 5.

当第四条消息纪录“bbbbbbbbbb”被人为篡改为“bbbbbbbbba”时,验证结果如图6所示,从图6中可以看出,第4条记录的签名和hash值都是无效的,由此可以验证第4条纪录已经被篡改过。When the fourth message record "bbbbbbbbbb" is artificially changed to "bbbbbbbbba", the verification result is shown in Figure 6. It can be seen from Figure 6 that the signature and hash value of the fourth record are invalid, so It can be verified that the fourth record has been tampered with.

当删除第5条和第6条信息纪录时,验证结果如图7所示。When the 5th and 6th information records are deleted, the verification result is shown in Figure 7.

Claims (3)

1. digital evidence integrality preserving method based on computer forensics, it is characterized in that described method is at the host computer system run duration, the information of may each bar key message relevant promptly collecting evidence that writes down in real time that main frame produces with invasion, and take consistency algorithm that these information are write down and protect;
Specifically comprise:
The first, the security signature and the transfer of evidence obtaining information
At the new information record m that produces 1When generating, duplicate, signature and safe storage, the detailed step of information record signature is as follows:
A.S produces prime number p and the q that satisfies condition, and selects h, calculates g;
B. since in the signature process r value used irrelevant with concrete information, so can produce a string k value at random, and calculate the r value of correspondence with it less than q, to each k value, calculate k -1, wherein, 0<k<q, (k -1K) mod q=1, r=(g kMod p) mod q;
C. as a new information record m iProduce, will produce portion and copy m completely i', at this moment, from the result of b, take out a class value: (k i, k -1 i, r i);
D.S random value x iAs the private key of i bar information record, and calculate corresponding public-key cryptography y i
E. according to formula s=(k -1(SHA (m)+xr)) mod q calculates corresponding s i, wherein, m=m i' || i||t i', if m i' in comprise t constantly i, then no longer consider t in the expression formula of m i
F. respectively go on foot resulting r through the front iAnd s iBe exactly to i bar information record m by evidence obtaining computer system S iDigital signature; When the signature of a new information record is finished, the S r that just will sign i, s iWith information record m i', records series i and the time t that should record generates iSend among the safe storage object M;
G. when the signature of i bar information record stores M into its relevant information, call secure hash SHA algorithm to mi ' || i||t i|| SHA (i-1)Carry out informative abstract, that is: SHA i=SHA (m i' || i||t i|| SHA (i-1), because this is a stepping type, when the relevant information of i bar information record arrives, the informative abstract SHA of i-1 bar information record (i-1)Generate;
The second, security signature and transfer process to the file logging of all collecting evidence that repeats above-mentioned evidence obtaining information finished; Wherein symbol and parameter:
" || ", the attended operation of expression character string;
" S " represents protected computer system;
" V ", expression evidence obtaining information record integrity verification person;
" m i", the i bar information record that the expression computing machine is produced in key file;
" m i' " be illustrated in i bar information record " m i" duplicate transfer when producing, and leave in this process of place of safe enough and be used for the object that secure copy shifts;
" t i" moment of the i bar record that in corresponding key file, produced of expression computing machine;
" p " is the long prime number in L position, wherein from 512 to 1024 of L and be 64 multiple;
" q " is 160 long and coprime with p-1 factors;
" g ", g=h (p-1)/qMod p, wherein h is less than p-1 and satisfies h (p-1)/qMod p is greater than any number of 1;
" x " is the number less than q;
" y ", y=g xMod p; In addition, also use an one-way hash function H (m) in the algorithm, standard has been specified Secure Hash Algorithm SHA;
In the above-mentioned parameter, p, q and g are disclosed, and are that all users in the network are publicly-owned, and x is a private key, and y is a public-key cryptography.
2. according to the store method of claim 1, it is characterized in that the key message record includes daily record and the network log that host computer system produces, fire wall daily record, intruding detection system daily record.
3. the verification method of an evidence obtaining information integrity of preserving with the described method of claim 1 is characterized in that this verification method comprises:
The first, the checking of evidence obtaining Information Signature and informative abstract, detailed process is as follows:
A. consistency on messaging verifier V, permits the digital signature and the informative abstract of any information record are verified by authentication agreement commonly used legal identity to safe storage object M proof oneself after obtaining legal identity;
B. the signature of verifying S is effective, to i bar information record signature verification process is:
1. s iSubstitution formula w=s -1Mod q calculates w i
2. u 1=(SHA (m i' || i||t i) * w i) mod q, u 2=(r iw i) mod q, then v i=((g U1* y U2) mod p) mod q;
Through calculating, work as v i=r i, then the signature of S is effective, that is: m i' ≡ m i
In proof procedure, find v i≠ r i, illustrate that signature is invalid, show m i' be modified m i' in the information that write down no longer valid, null;
C. verify whether the i bar pairing informative abstract of signing is effective:
The i bar pairing m that signs i', i, t iValue and the i-1 bar pairing informative abstract value SHA that signs (i-1)Substitution formula S HA (m i' || i||t i|| SHA (i-1)), obtain SHA i', work as SHA i'=SHA i, then the i bar pairing informative abstract value of signing is effective, and this shows the deleted or interpolation without any record between i bar signature and the i-1 bar signature;
The second, proof procedure to the file logging checking of all collecting evidence that repeats above-mentioned evidence obtaining information is finished.
CNB2006100136100A 2006-04-30 2006-04-30 Integrity Preservation Method of Digital Evidence Based on Computer Forensics Expired - Fee Related CN100403326C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100136100A CN100403326C (en) 2006-04-30 2006-04-30 Integrity Preservation Method of Digital Evidence Based on Computer Forensics

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100136100A CN100403326C (en) 2006-04-30 2006-04-30 Integrity Preservation Method of Digital Evidence Based on Computer Forensics

Publications (2)

Publication Number Publication Date
CN1845116A CN1845116A (en) 2006-10-11
CN100403326C true CN100403326C (en) 2008-07-16

Family

ID=37064044

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100136100A Expired - Fee Related CN100403326C (en) 2006-04-30 2006-04-30 Integrity Preservation Method of Digital Evidence Based on Computer Forensics

Country Status (1)

Country Link
CN (1) CN100403326C (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102663131A (en) * 2012-05-02 2012-09-12 谢建全 Credible accounting original evidence electronic image inquiring system
CN103810410A (en) * 2014-03-10 2014-05-21 辽宁科技大学 Information evidence collection method for Internet of things
CN106713297B (en) * 2016-12-15 2020-03-31 周影 Electronic data fixed platform based on cloud service
CN106685640B (en) * 2016-12-15 2020-03-31 周影 Electronic evidence fixed information generation method and electronic evidence fixed server
CN107818261A (en) * 2017-09-12 2018-03-20 王振铎 A kind of computer information safe stocking system
CN108011890A (en) * 2017-12-20 2018-05-08 东北电力大学 A kind of information safety of mobile electronic equipment protects system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1308803A (en) * 1998-05-04 2001-08-15 伊奥里金纳尔公司 System and method for electronic transmission, storage and retrieval of authenticated decouments
US6601047B2 (en) * 2000-03-08 2003-07-29 Inbit Inc. Image-based digital evidence system and associated method
US20030233552A1 (en) * 2001-06-04 2003-12-18 Adrian Baldwin Packaging evidence for long term validation
CN1648923A (en) * 2005-02-06 2005-08-03 刘怡梅 Method for identifying e-mail text and appendix

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1308803A (en) * 1998-05-04 2001-08-15 伊奥里金纳尔公司 System and method for electronic transmission, storage and retrieval of authenticated decouments
US6601047B2 (en) * 2000-03-08 2003-07-29 Inbit Inc. Image-based digital evidence system and associated method
US20030233552A1 (en) * 2001-06-04 2003-12-18 Adrian Baldwin Packaging evidence for long term validation
CN1648923A (en) * 2005-02-06 2005-08-03 刘怡梅 Method for identifying e-mail text and appendix

Also Published As

Publication number Publication date
CN1845116A (en) 2006-10-11

Similar Documents

Publication Publication Date Title
Ibrahim et al. Darpa: Device attestation resilient to physical attacks
Ma et al. A new approach to secure logging
Holt et al. Logcrypt: forward security and public verification for secure audit logs
US8959346B2 (en) System and method for a single request—single response protocol with mutual replay attack protection
US20070283158A1 (en) System and method for generating a forensic file
CN110969207B (en) Electronic evidence processing method, device, equipment and storage medium
CN100403326C (en) Integrity Preservation Method of Digital Evidence Based on Computer Forensics
Yu et al. Comments on “public integrity auditing for dynamic data sharing with multiuser modification”
Accorsi BBox: A distributed secure log architecture
CN115208628B (en) Blockchain-based data integrity verification method
CN102215109A (en) Method for dynamically storing and validating digital evidences based on computer forensics
CN117749535A (en) Network traffic abnormality detection method and device
CN118842652B (en) A cloud photo frame data end-to-end secure encryption transmission method based on security requirements
CN114782238A (en) Image self-authentication method based on hash function and information hiding
CN117037988B (en) Electronic medical record storage method and device based on blockchain
CN117395474B (en) Locally stored tamper-resistant video evidence obtaining and storing method and system
US20070261061A1 (en) System and method of aggregating and consolidating security event data
CN113420085B (en) Power network security storage method and supervision and inspection method based on blockchain
CN110992219A (en) Intellectual property protection method and system based on block chain technology
CN114756863B (en) File tampering detection method, device, electronic equipment and storage medium
KR102013415B1 (en) System and method for verifying integrity of personal information
Xu et al. Expecting the unexpected: Towards robust credential infrastructure
Talirongan et al. A modified MD5 algorithm incorporating hirose compression function
US20110208969A1 (en) Method and apparatus for providing authenticity and integrity to stored data
CN112307519B (en) Hierarchical verifiable query system based on selective leakage

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Assignee: Tianjin University

Assignor: Tianjin great software Co., Ltd.

Contract record no.: 2010120000151

Denomination of invention: Digital evidence integrality preserving method based on computer evidence

Granted publication date: 20080716

License type: Exclusive License

Open date: 20061011

Record date: 20101105

EE01 Entry into force of recordation of patent licensing contract

Assignee: Tianjin great software Co., Ltd.

Assignor: Tianjin University

Contract record no.: 2010120000151

Denomination of invention: Digital evidence integrality preserving method based on computer evidence

Granted publication date: 20080716

License type: Exclusive License

Open date: 20061011

Record date: 20101105

C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20080716

Termination date: 20130430