A probabilistic approach to assessing the security of the information system in the problem of user identification by keypad handwriting

The purpose of the study. Assessment of IP security in the process of user identification by keyboard handwriting. Materials and methods. The study and analysis of scientific publications on the problem of assessing the security of information systems allowed us to identify the most effective approach to assessing the security of an information system based on attack modeling. The method considered in the article is a combination of graphical and probabilistic approaches to the analysis of possible scenarios for the implementation of threats in information systems for the case of user identification. We used a graphical representation in the form of attack trees to model possible ways of attacking actions of the violator, interconnected in accordance with the sequence in which they can be performed by the violator. The probabilistic approach in the case of user identification was used by us to assess the probability of success of an attack on an asset along the path indicated in the corresponding attack tree and the effectiveness of the proposed countermeasures. Results. The set of the most informative parameters of keyboard handwriting is indicated, to which we attributed: the time of pressing the key, the pauses between keystrokes and the speed of typing. For this set, possible scenarios for the development of events in the process of user identification are identified, as well as cases when it is necessary to take countermeasures: all three values of the keyboard handwriting parameter coincide, countermeasures are not provided; any two of the three values of the keyboard handwriting parameter are combined, countermeasures must be provided; two of the three or all three values of the keyboard handwriting parameter do not match, it is necessary to provide countermeasures. With the help of the attack tree, possible variants of attack paths and possible scenarios for the development of events in the process of user identification are modeled. Using a probabilistic approach, the probability of a successful attack on an asset along the path indicated in the attack tree and the degree of effectiveness of the proposed countermeasures are calculated. Conclusion. The calculation of the security level of the information system presented in the article will be useful to developers and researchers in their practical and scientific activities.