過去網路犯罪偵查,常對涉嫌對象進行通訊監察蒐證,由於隱私權及安全性意識,幾乎所有網路通訊均以SSL/TLS 或其他方式進行加密傳送,對於釐清犯罪事實造成相當大衝擊。在智慧型手機普及化後,即時通訊軟體已漸漸取代傳統話務,通訊種類愈來愈多元,不但可以進行語音視訊通話、文字訊息傳送,亦可傳送圖片、影像及各類檔案。本文針對通訊軟體LINE 為主題,以深度封包檢測概念應用於智慧型手機加密封包,首先以簡易方式取出LINE 傳送之封包後,去除掉無效封包,下一步再針對使用者網路行為常見之文字訊息傳送接收、語音通話、圖片影音傳送等行為進行分析,試圖找出各類網路行為之特徵,並將此特徵應用以Wireshark 過濾語法呈現,使偵查人員易於分析及判斷通訊監察封包內容,指引偵辦方向。Smart Phone and 4G Network are popular today. Many criminals use instant message application as a communication tools. LINE is the most popular instant message application in Taiwan. Telecommunication surveillance is ineffective for encrypted traffic. We setup a control environment to capture the traffic of smart phone, and filter all the packets related to LINE. It is helpful for law enforcement to extract some information from encrypted traffic.
加密封包分析; LINE; 通訊監察; Encrypted Traffic; LINE; Telecommunication Surveillance
Jay-chang Chen, "LINE封包特徵分析預測使用者網路活動," Communications of the CCISA, vol. 23, no. 3 , pp. 37-48, Jul. 2017.
