Anda di halaman 1dari 7

FACULTY OF INFORMATION SCIENCE AND

TECHNOLOGY

TM 3133
INDIVIDUAL PROJECT

SUBMITTED BY:
NOR IZZAIDAH BINTI HAMAD (A146406)
LECTURERS:
DR.ROSSILAWATI BINTI SULAIMAN
ENCIK AHMAD TARMIZI BIN ABDUL GHANI

TM3133 JAMINAN DAN KESELAMATAN


KOMPUTER

1.0 INTRODUCTION

Cryptography is a method of storing and transmitting data in a particular from so that


only those for whom it is intended can read and process it. It is nearly related to the
disciplines of cryptology and cryptanalysis. It includes techniques such as microdots,
merging words with images and other ways to hide information in storage or in one particular
transit. However, in todays computer centric world, cryptography is mostly associated with
scrambling with plaintext into cipher text which is come from a process called encryption.
Cryptography provides confidentiality, integrity and authentication of the information.
Confidentiality focused on the information that cannot be understood by anyone for
whom it was unintended. For integrity, the information cannot be altered in storage or transit
between sender and intended receiver without the alteration being detected. Cryptography
also will help to authenticate the information receives where the sender and receiver can
confirm each others identity and the origin or destination of the information. From that we
can conclude that cryptography will secured the information since it has the integrity,
authentication and confidentiality of the information.
In this assignment, I will discuss about the one of the method of cryptography which is
the encryption to secure or hide the information. Nowadays, in this world most of the website
or application whether for computer or mobile applications will use encryption technique to
secure their users information. Since encryption has many method or technique to use, it is
depends on the provider or owner to use which encryption technique to make their website or
application secured.

2.0 DESCRIPTION OF CHOSEN TOPIC

TM3133 JAMINAN DAN KESELAMATAN


KOMPUTER

For this assignment, I choose www.cimbclicks.com.my as my topic. In the event of


nowadays rapid emerging in information technology, internet banking facility is not an
unusual thing anymore. People just sit at their home or office and they can do their banking
transaction using the internet. Mostly, the financial institution in Malaysia already provide
their internet banking services for their customers as this services are highly demand by our
people. Thus, every banker that provide internet banking services should prepared a secured
website as this site will use a lot of personal information of the users. The website security is
one of the most important things that banker and users should consider.
www.cimbclicks.com.my is one of the examples for internet banking website. This
website uses cryptography method to provide a secure communication services between the
users and the banks server. www.cimbclicks.com.my is a website that provide by CIMB
Bank to increase the efficiency of their operation while at the same time increasing
customers satisfaction. Cimb clicks online banking helps their customers to check and
manage their financial standing, transfer funds, pay their bills online and on time, scheduled
their transactions and many more at any time.

1.0 HOW ENCRYPTION WORKS


In this website, the privacy of the communications between the user which is by using a
browser and the websites servers in ensured via encryption. They use 128-bit encryption.
Encryption will scrambles messages exchange between the browser and the CIMB clicks
online banking server. Encryption works when a user visiting the website sign-in page, the
user browser will establishes a secure session with the CIMB clicks online bankings server.
A secure session is established using a protocol called Transport Layer Security (TLS)
Encryption which requires the exchange of public key and private key. Keys are random
chosen number for that session and only known between the users browser and the online
banking servers. After the keys are exchanged between the browser and server, the browser
will use the numbers to encrypt the messages sent between the browser and the server. The
keys are required both side because they have to decrypt the messages received. The TLS
protocol assures the privacy of the information given and also ensures that no other can
impersonate the financial institution website or alter the information sent since banking
services requires the important information likes the bank account numbers. Once the
website doesnt have the security to protect customers information, their customers might
have a chance that their money will lost.

TM3133 JAMINAN DAN KESELAMATAN


KOMPUTER

By using this encryption, the owner of this website can ensure that they have trying their
best to provide a secured online banking website to their customer. Based on a report by SSL
Lab, CIMB clicks website has a good rating of security. Their cipher strength and key
exchange for encryption have higher marks which are both above 80%. The report is based
on SSL server rating which was made on 2013. For overall rating this website got A. this
means that this website has a higher security and using a strong encryption to keep the
security of information given.
However, for the new SSL test of this website, it got C for overall but still the key
exchange and the cipher strength are above 80% and even they are more than before. It
shows that this website developer had upgrading their encryption method and still doing the
best in order to increase their website security.

SSL 3.0 report for cimbclicks.com.my


(https://www.ssllabs.com/ssltest/analyze.html?d=cimbclicks.com.my)
3

TM3133 JAMINAN DAN KESELAMATAN


KOMPUTER

SSL (Secure Sockets Layer) is the standard security technology for establishing an
encrypted link between a web server and a browser. This link will ensures that all the data
passed between the web server and the users browsers remain private and integral. SSL is an
industry standard and is used by websites to protect their online transactions with the
customers. Cimbclicks.com.my also one of the examples of websites that uses SSL to provide
a secured banking transactions experience to the customers.
In order to create an SSL connection, this website requires an SSL certificates. When they
choose to activate SSL on the web server, they will prompt to complete a number of
questions about the identity of the website. Then the web server will create two cryptographic
keys which are the private key and public key that will use in the encryption.
The public key does not need to be secret and will placed into a Certificate Signing
Request (CSR) which is a data file that also containing the details. During the SSL Certificate
application process, the Certification Authority will validate the company details and issue an
SSL certificate that contains the details and allowing them to use SSL. Then the web server
(in this example cimbclicks.com.my) will match the issued SSL Certificates to their private
key. Then, this web server will able to establish an encrypted link between the website and
their customers web browser. These complexities of the SSL protocol will remain invisible
to their customers. To complete the process, the customers browser and the web server will
exchange the key to encrypt and decrypt the messages. So that, a transaction will occur.
Not all the online internet banking services have a strong security and using a good
encryption to protect their customers information. But CIMB has provided a good one so far
which they got less complaint about the security of their websites by their customers.
Furthermore, this website also uses HTTPS rather than HTTP to increase their security and
also they are potentially vulnerable to Denial of service attacks due to its support of clientside-re-negotiation.
In addition, to ensure the privacy, confidentiality and integrity of the information which
are exchanged, disclosed, shared, stored or otherwise used on the system, cimbclicks.com.my
engaged the use of combination of the encryption with authentication and auditing
mechanisms which serve as a powerful barrier against all forms of system penetration and
abuse. The mechanisms that are developed in this website are such as username and
password protection and authentication, firewall and account locking. All of these are the
initiatives from the cimbclicks website team in order to provide a much secured site and give
their customers the best services.

TM3133 JAMINAN DAN KESELAMATAN


KOMPUTER

As the conclusion, this website use encryption as a method to make the data is secured,
private and confidential. As a customer, they need to take a risk by using the online transactions.
They always need to be careful and make sure that they are on a correct website. They have to
not expose their username or password to public to avoid from scammers or others attack. As a
developer also, they need to follow the correct ways and try to build a secured one if the website
requires confidential information from the users.
Nowadays we know that, there a lots of security method that a developer can use to keep
the confidential, integrity and authenticity of a data used. Cryptography is one of them where it
can keep the security of the information. The harder the encryption that we used, the harder the
hackers can attacks the information and a brute force will take a longer time to do so.

TM3133 JAMINAN DAN KESELAMATAN


KOMPUTER

REFERENCES

1. http://says.com/my/tech/best-worst-secure-online-banking-websites-malaysia-maybank2u2.
3.
4.
5.

cimbclicks-bank-islam
http://www.cimbclicks.com.my/
https://www.cimbclicks.com.my/security-policy.html
https://www.ssllabs.com/ssltest/analyze.html?d=cimbclicks.com.my&s=113.23.146.24
http://info.ssl.com/article.aspx?id=10241