Current study shows the possibility of a different approach to design with specified parameters and reliability assessment of single level personal data protection system. The considered approach to single level personal data protection system design and reliability assessment provides a quantitative assessment of protection in the form of probability and differs from the approach adopted in the regulatory documents of Ukraine. The correlation between attempt and time of personal data theft time is defined considering projected theft attempts frequency. It is shown that the parameter that determines the reliability of a single level protection against personal data theft can be not only a constant value with the dimension of time, but also depend on the theft attempts and the time of these theft attempts or, in other words, hacking protection. Based on the attempts and time of protection break-ins, equations are obtained for assessing the reliability of protection with the parameters inherent in a particular designed protection system, which take into account the initial and required data for the design of protection. Expressions are obtained for determining such parameters as probability values, coordinates of attempts and time for the hacking line which is used for theft. The obtained parameters of the hacking line allow not only to design protection, but also to investigate, control and manage the process of hacking by coincidence or deviation from the line of the real hacking events.
Currently, Ukraine is theoretically developing methods for personal data protection, that is, in other words, information protection (IP), using a systematic approach, expert evaluation analysis of fuzzy sets, game theory and others [1-4]. The published studies do not provide or describe the methods of IP tools design with specific security requirements in terms of the number of possible attempts and the time of personal data theft. Before designing the construction of one or another technical protection of information (TPI) for the prevention of personal data theft, it would be desirable to know its designed reliability for hacking or protection. When designing, the main parameters that are understandable to the customer of the TPI are its cost, protection efficiency, attempt and time of the attempt, at which TPI can be hacked. Therefore, when designing and evaluating the reliability of a functional protection against personal data theft, these parameters should reflect the real physical nature and reliability of the protection.
Technical protection of information (TPI) from personal data theft in various countries is carried out in accordance with its regulatory documents and developed methods. In this case, the constructed TPI basically has a quality assessment of protection that meets the initial conditions for the use of protection and is not related to the real process of personal data theft. And only some methods of constructing TPI give a quantitative assessment.
Naturally, it is important for the customer and developer of protection against personal data theft to know the probability of penetration through protection at each stage of its operation, and preferably from real hacking attempts. In real conditions, when TPI is hacked and personal data is stolen, the only facts or parameters that can be recorded are the hacking attempt and its time, that is in these coordinates the actual direction of the TPI hacking. In this case if the probability of hacking of working TPI for each moment of time is known from initial data, it is possible to estimate the probability of a possible penetration through protection by the real parameters of hacking attempts, for example, by the number of attempts and time of these hacking attempts. These results will help the developer to decide on the replacement of the used TPI or its modernization, which will save financial and material resources invested in protecting information, as well as losses from personal data theft.
The relevance of the work lies in the development of a new methodology and approach to the development of design and evaluation of working protection based on real physical processes of hacking.
Scientific novelty lies in the development of a new approach to the design, analysis and assessment of the status of a working TPI in order to save financial costs invested in protection. 2
There are no known defenses from open sources that would be developed according to regulatory documents and which would provide control of their condition against the number of hacking attempts in time. On the other hand, control of the number of attempts and the time of hacking would allow determining the intensity and direction of hacking. Since the direction of hacking depends on two parameters, the reliability should also depend on the attempts and time of hacking, and the parameters of attempts and time are interconnected by the direction of hacking. There are publications by B. Zhurylenko, in which an attempt was made to develop a methodology for building protection, monitoring its condition during operation, modernizing TPI depending on financial investments in protection, the effectiveness of the protection being created and the direction of the hack. However, in these works there is no rigorous proof of reliability depending on the direction of the hack.
The aim of the work is to obtain the distributions of the probability’s maximums and probability of breaking TPI depending on the direction of hacking, determined by two parameters - the hacking attempt and time of this attempt. 3
Theoretical basis of a single level technical information protection system design method To create a methodology of protection design against personal data theft let’s first obtain the dependences of the probability’s maximum distribution and the probability distribution on attempts and hacking time for a single level protection with predetermined parameters.
Let’s define t0 as parameter, defining the properties of technical protection of information over time and associated with the reliability of TPI. The specific properties of the parameter t0 will be determined later. Then t – the current time during which protection is carried out, р0(t) is the probability of protection of the TPI in time.
Then the properties of TPI through security risks over time are:
t0 t p0 t f t ,
where f(t) is positive function that depends on time and has the dimension of time.
Function f(t) must be positive, since the left side of the expression (
From (
Let’s choose the independence of the hacking probability from the results of previous attempts. If the next hacking attempt was unsuccessful, then we believe that the probability of hacking the protection used remains the same. Such a distribution of hacking attempts will obey the geometric law of probability distribution, and in this case, according to [5], the probability of a hacking event on the m attempt can be written as
Pm ( t ) [ p0 ( t )]m1 p( t ) ( f ( t ) t f ( t ) )m1 (
t f ( t ) t ) .
Let's find the distribution curve of the hacking probabilities’ maximums Pm(t). To do this, we determine the probability m of a hacking attempt in time, setting the first derivative of expression (6) equal to zero. We get f (t) t m
f (t) f (t) t
[t m
f (t)
f (t) t
t m 1] f (t)
t
or, considering stated above, we consider f(t)+ t>0 , then we get
(
t t f ( t ) f ( t )
f ( t ) t t
1 ]
f m2 ( t ) f ( t ) t m 0.
f m2 ( t ) f ( t ) t m
0 , f(t)>0 и t≥0. If f(t)=0 for any time
t≥0, then according to expression (
From equality (9) we find one of its solutions, equating the expression in square brackets to zero. We will get mations, we have
The second solution of equality (9) can be found if we divide both its parts by expression in square brackets, which is not equal to zero. As a result of simple transforand then, potentiating equality (12), we obtain the second solution of equation (9) (9) (10) (11) (12) (13) (14) (15)
Comparing expressions (13) and (10), we see that they will be equal if const = (m1). Since the constant can be any value, we can conclude that equality (9) has one solution defined by expression (10). At the same time, expression (10) determines the relationship between hacking attempts m and the time of this attempt t, that is, determines the direction of the hacking process. The second time derivative of the hacking probability distribution (6) gives a maximum at the point defined by expression (10).
Thus, in the process of the above calculations, it was shown that the parameter t0 = f (t) is the mathematical expectation of the security of this TPI and can be a variable depending on the product of the number of hacking attempts and the time of hacking. This is an important result, since in real conditions, if the hacking attempts or the time of protection increase, then a high level of security risks exists.
Thus, the surface of the probability distribution of hacking ( , ) on m –attempt will be described by the expression ( , ) = [ ( , )+
] ( , ) −1 ∙ [
or the surface of hacking probabilities’ maximums distribution ( , ) from any attempts and hacking time f (t) (m 1) t . t t f (t) f (t) ( , ) = [ ( , )+ no hacking attempts. To prove this, we write expression (14) in the form tion of probabilities’ maximums surfaces and hacking probabilities ( , ) and depends on the coordinates m and t of the hacking point. The relationship between the coordinates m and t of the hacking point at constant values of the function is shown in function will change, respectively, 1, 10, 20, 40. Lines 5, 6 give the hacking direction, which is determined by two hacking points. Moreover, one of the points can be determined by the origin, that is, m-1 = 0 and t = 0. Thus, the intersection of the lines of constancy of the function and the directions of hacking will give the values of the probability of hacking at each point of intersection with a given hacking attempt.
In real conditions, each specific hacking attempt corresponds to the values m1, t1 and m2, t2. Moreover, each subsequent hacking attempt will have values m2 > m1, t2 > t1 and, therefore, according to expression (10), the value ( , ) should increase. In tween the two values ( 1, 1) and ( 2, 2) and coordinates m1, t1 and m2, t2.
Function ( , ) in the direction of hacking, depending on a change in one of the coordinates, can be represented as:
time
( ) = [( 1 − 1) + mine the probability value at the hacking point. Expression (10) in expression (15) (16) (17) (18) (19) defines the hacking probability’s maximums distribution surface, which is described by two coordinates m and t of hacking point. Expression (18) describes the probability of breaking from one time coordinate t of the hacking point. Expression (19) describes the probability of breaking from the coordinate m of the hacking point. Thus, we can write
We introduce the concept of the intensity or frequency of hacking attempts ( , ) = ( ) = ( ) .
= 2− 1 . function ( ) or ( ) and hacking direction. This will allow, when assessing the quality of the TЗI, to determine a possible attempt or its hacking time at a constant frequency or intensity of hacking. Given equality (20), from expressions (18) and (19) we find the dependence of time on a hacking attempt ( ) =
4 √ 2+ ∙ ( ) − , где = 1 + 2 1−1 , (20) (21) (22) and the dependence of the hacking attempt on time
√ 2+4∙ ∙ ( ) − + 1 , где = ∙ 1 − ( 1 − 1) .
It should be considered that in (23) during the first hacking attempt ( ) = 1 , that is, corresponds to the upcoming real hacking attempt, when the real initial time is still zero.
In studies [6,7] it is shown how the financial costs of the designed protection and the coefficient of protection efficiency are taken into account in the expression for the probability of hacking .
Function ( , ) determines the direction of hacking, but does not take into account the effectiveness of protection, that is, gives the value of the probability of hacking with a protection efficiency ratio (PER) equal to = 1 , which corresponds to hacking on infinitive attempt. In real conditions, hacking occurs on the final attempt at when PER is less than 1.
Considering PER with respect to [7], expression (15) will look like
When designing the TPI, hacking parameters are set by the developer and must correspond to the initial data. In this case, it is necessary to know the reliability of the TPI in the designed hacking direction and in the direction of the real hacking process. In order to construct the designed surface for a specific hacking attempt and the hacking time chosen by the system developer, in expressions (14) or (15), it is necessary to express the degree in terms of the parameters of a specific hacking attempt, for example, m = mc, t = tс. Then (14) will look like ( , ) = {[ ( , ) ] −1
∙ [ selected protection efficiency =0,7. A surface with a selected projected hacking direction along line 5 is shown, and line 6 corresponds to another, for example, real hacking direction. On lines 5 and 6, the probabilities of hacking are plotted depending on the direction of the hacking. The points of intersection of the surface with the lines give the coordinates of the maximum probabilities of hacking in this direction. For line 5, these coordinates will be mм = 9, tм = 6 with a maximum probability of hacking at a given point, and for the line 6 – mм = 12, tм = 11. sen breaking direction along line 5, for example, with a maximum at a point mc = 9, tс = 6. Line 5 corresponds to the chosen direction, and line 6 corresponds to another real hacking direction, but along the surface projected along line 5. The surface of the (24) (25) (26) probability distribution of hacking in Fig. 3 is constructed according to the formula (26).
It can be seen from Fig. 3 that with a change in the direction of hacking (line 6), the reliability of the TPI will change and it must be taken into account during design process.
On the surface along the coordinates m, t, the values of hacking probabilities’ maximums are visible. The intersection point of both maximums and lines gives the point of maximum hacking probability in this direction. There can be only one such point and in Fig. 2 it is represented by the intersection of the surface with the direction line of the hacking process for line 5, these coordinates will be mм = 9, tм = 6, and for line 6 – mм = 12, tм = 11.
Figure 4a shows a surface with hacking probability maximum at a point with projected hacking direction along line 1, with maximum at a point mc = 10, tс = 5. Line 2 corresponds to the probability distribution of another real hacking direction, but on a surface designed with the hacking direction along line 1. Line 3 gives the direction of a real hack if the attacker changes the real process of attack. It can be seen from Fig.4b that the real process of hacking with the hacking probability surface [8-11] described by the expression P(m)=1/m (white surface) and the surface of the designed protection (gray surface) will flow with probability determined by the line of intersection of the white and gray surfaces. In this case, according to Fig.4b, the hacking process with the calculated maximum probability value will only be for the direction of the designed TPI (line 1), and for other directions the value of the hacking probability will be lower (lines 2 and 3). If the direction of the real hacking process is close to the projected direction of protection, then TPI hacking can occur at values close to the projected hacking attempt mhack, especially with small increases in time between hacking attempts.
With significant increases in time between hacking attempts, hacking case may not occur at all. A similar situation where hacking does not happen is possible if hacking attempts will follow each other very often.
Based on protection risks of TPI there was acquired function ( , ), depending on hacking process direction, which is inherent in this protection, that is mathematical expectation of TPI protection and defines the reliability of technical protection in designed hacking direction.
From the function of the direction of the hacking process, an expression that allows to determine one of the parameters using second parameter m or t is promising. This is important when designing, analyzing the state and modernizing the TPI, because it will allow one to find another using one of the known parameters in the direction of hacking. For example, using a known hacking attempt, you can evaluate the possible time when a protection hack occurs.
In this work, we obtain the TPI hacking probability distribution for the direction of the projected process of hacking, depending on the parameters of the attempt, the time of this hacking attempt. When designing protection, the hacking direction is selected in the form of a straight line, which is built according to the required initial data.
Using the expressions obtained in this work, we constructed the distribution surface of the hacking probabilities' maximums (Fig. 2), from which the most probable value of hacking and the coordinates of the hacking point are determined at the points of intersection of the surface and the line. The surfaces of the hacking probability distribution are constructed (Fig. 3, Fig. 4a) along the lines of the designed hacking directions (lines 5, line 1). The results of the work make it possible to assess the state of the residual probability of reliability of the working TPI of the real hacking process in directions of personal data theft chosen by the attacker.
In the future, the studies will allow us to create a new methodology for the design, modernization and analysis of the state of the working complex of technical protection of information, taking into account the financing invested in protection, the effectiveness of the developed protection and the hacking direction chosen by the developer.