Abstract: The diversity and severity of fishing attacks bring great threats to confidential data management such as identity management. This paper proposes a method which combines trusted computing technology and SSL(Secure Socket Layer) to prevent fishing attacks based on comparing current mechanisms for preventing fishing after introducing some main kinds of current fishing attacks and analyzing the rationale of it. The security analysis shows that the proposed method can prevent current main kinds of fishing attacks effectively.

Key words: trusted computing, fishing attack, certificate, key

摘要： 钓鱼攻击手段的多样性及其攻击后果的严重性给用户身份信息等私密数据的管理带来巨大威胁。该文分析了当今主要几类钓鱼攻击的手段，剖析其攻击原理，并在分析比较现有的几种密钥保护机制的特点的基础上，将可信计算技术与安全套接字相结合，提出一种抵御钓鱼攻击的方法。根据钓鱼攻击的特点，进行了安全性能分析，表明其能有效抵御钓鱼攻击。

关键词: 可信计算, 钓鱼攻击, 证书, 密钥

CLC Number: 

• TP309