摘要
计算机日志完整与否关系到取证证据真实与否,针对该问题设计了一个日志完整性检测模型。模型包括两个模块,日志完整性检测模块主要利用哈希函数为计算机系统日志生成一系列日志唯一标识符和其序列号,标识符的特殊关联作用可快速检测出日志是否被篡改,序列号能准确查到日志被篡改位置,同时利用数字签名技术为标识符确认身份,防止其在传送中身份被伪造,引入的可信第三方模块利用可信硬件很好提高了其存储安全性,也保证日志完整性检测离线、断电或被敌手攻击情况下正常工作。安全性分析与性能结果表明,该模型安全可靠,计算复杂度低,尤其对日志数量较大情况下进行检测,其效率较好。
Whether computer log is complete or not matters to whether the forensic evidence is true or not, to solve this prob- lem, a log integrity detection model is designed. The model consists of two modules, log integrity testing module mainly uses a hash function to generate a series of log unique identifier and its serial number for the computer system log. With identifier of the special correlation function, whether the log is tampered or not can be quickly detected, serial number can accurately check the location of tampered log, at the same time, the digital signature technology is used to confirm identities, which prevents the iden- tity from forging in the transmission. Introduced trusted third party modules uses reliable hardware to improve the safety of the storage, and also to guarantee the offline log integrity tests, power outages, and attacked by enemy cases while working normal- ly. Security analysis and performance results show that the model is safe and reliable and has low calculation complexity. For the larger log number cases, its efficiency is better especially.
出处
《计算机工程与设计》
CSCD
北大核心
2014年第3期830-834,共5页
Computer Engineering and Design
基金
国家自然科学基金项目(61070219)