The parameters and mechanisms that can be used as the basis for a method for detecting information security events in cloud signature systems, where the signature activation protocol is used, and the development of such a method are substantiated. The following parameters are proposed: the number of signed electronic documents, the number of incorrect authentication attempts to access the user’s personal key, the rate of comparing the hash value of the signed documents, and the rate of sending the hash value of the signed data in the signature creation device. It is recommended to base the method on the mechanisms of mathematical statistics in relation to the listed parameters. The description and results of testing the developed method, the number of false positive and false negative results of the analysis of information security events in cloud signature systems are presented. The obtained values turned out to be less than similar indicators typical for the results of analysis carried out using other existing methods. This is the main advantage of the proposed method compared to its analogues.
Read full abstract