基于可信计算的防网络欺诈认证方案

Authentication scheme based on trusted computing of preventing phishing attacks

由于大部分用户没有用户证书,在不安全网络环境中,基于用户名/口令的远程用户认证是最为常见的认证方式。正是基于这一点,许多攻击方式才得以成功实施。在分析了当今主要网络欺诈的方法和现有密钥保护机制的基础上,提出一种基于可信计算技术抵御网络欺诈的认证方案。该方案结合使用了可信计算保护存储机制、证书链、口令分割等多种技术,即使用户名/口令被盗,仍然能保证用户的认证安全。分析结果表明了该方法能有效抵御网络欺诈攻击。

User authentication is mostly carried out by sending a pair ofusername and password to the server in insecure network, since most users have not a certificate. Just based on this fact, some attacks are achieved. The method ofphishing and the common mechanism of protecting key are analyzed, and an authentication scheme employing trusted computing technology is proposed. Since the scheme combines protected storage, authentication chain, and password partition etc, thieving only the password will not have an affect on user security. In the end, the proposed approach is proven to protect against phishing attacks.