Применение метода идеальной точки для поиска наилучшего способа аутентификации в корпоративных информационных системах

Abstract

Nowadays, various information systems, including enterprise ones, are becoming increasingly popular. Many of these systems store sensitive data of their users. Basically, this data is protected only by a login and a password, which today can no longer provide a high level of security and guarantee the safety of the data. Along with the development of information systems, methods and tools that attackers can use to get hold of confidential information are also evolving. It is not uncommon to hear news that some of the large companies have leaked its users' personal data. So, in order to minimize the risk of compromising user data, it is worth taking a more careful approach to selecting a method of authenticating users in the system. Aim. To determine the most appropriate method of authentication in enterprise information systems with the help of a mathematical approach and taking into account certain criteria. Materials and methods. The following types of authentication were considered: reusable password authentication, TOTP (Time-based one-time password authentication), SMS-based authentication, biometric authentication, OpenID, SAML (Security Assertion Markup Language). The Pareto set method and the ideal point method were used to determine the most preferable authentication method to implement. Results. In the article, the authors describe the authentication methods considered, the algorithm of their work, and diagrams of their interaction. Using the ideal point method, SAML was determined to be the most appropriate authentication method.