The privacy of communications between you (your browser)

and our servers is ensured via encryption. Encryption

scrambles messages exchanged between your browser and
our online banking server.
How Encryption Works
When visiting online banking's sign-on page, your
browser establishes a secure session with our server.
The secure session is established using a protocol
called Secure Sockets Layer (SSL) Encryption. This
protocol requires the exchange of what are called public
and private keys.
Keys are random numbers chosen for that session and
are only known between your browser and our server.
Once keys are exchanged, your browser will use the
numbers to scramble (encrypt) the messages sent
between your browser and our server.
Both sides require the keys because they need to
descramble (decrypt) messages received. The SSL
protocol assures privacy, but also ensures no other
website can "impersonate" your financial institution's
website, nor alter information sent.
To learn whether your browser is in secure mode, look
for the secured lock symbol at the bottom of your browser
window.

Encryption Level
The numbers used as encryption keys are similar to
combination locks. The strength of encryption is based on the
number of possible combinations a lock can have. The more
possible combinations, the less likely someone could guess
the combination to decrypt the message.

For your protection, our servers require the browser to connect
at 128-bit encryption (versus the less-secure 40-bit
encryption). Users will be unable to access online banking
functions at lesser encryption levels. This may require some
end users to upgrade their browser to the stronger encryption
level.
To determine if your browser supports 128-bit encryption:
Click "Help" in the toolbar of your Internet browser
Click on "About [browser name]"
A pop-up box or window will appear.
o For Internet Explorer: next to "Cipher strength" you
should see "128-bit"
o For Netscape: you should see "This version supports
high-grade (128-bit) security with RSA Public Key
Cryptography"
If your browser does not support 128-bit encryption, you must

upgrade to continue to access the website's secure pages.
Firefox and Safari browsers and DI
July 2005 --
1. Firefox and Safari - Encryption levels
Both browsers recently designated as supported for use
with DI products, Firefox 1.0 and Safari 1.2, use strong
128-bit encryption when accessing secure sites, to ensure
safe and secure transmittal of private data such as
account and payment information.
2. Firefox and Safari - How end users can determine
which levels of encryption they have
A. Firefox - In Firefox, this option is not visible until
connected to a site. Negotiation occurs between the
client browser and the server at run-time. To view the
encryption level being used while connected to a
specific secure site, you can do the following:
Click to the 'Tools' menu
Select 'Page Info'
Click the 'Security' tab
Or: double-click the yellow 'lock' icon in the lower
right corner of the screen while connected to a
secure site.
B. Safari - The Safari browser displays a 'lock' icon at
the top right corner of the browser window when
you're viewing a secure (https://) site. This symbol is
absent when viewing an unsecured (http://) site.
Safari can use both 40-bit and 128-bit "strong"
encryption; the website determines which level of
encryption is used at a given time.
Other browsers that support 128-bit encryption also may work.
More information on some common browsers is available via
these links:
Netscape
Microsoft Internet Explorer
Firefox
Safari
The network architecture used to provide the online banking
service was designed by the brightest minds in network
technology. The architecture is too complex to explain here,
but it is important to convey that the computers storing your
actual account information are not linked directly to the
Internet.
Transactions initiated through the Internet are received by
our online banking Web servers
These servers route your transaction through firewall
servers
Firewall servers act as a traffic cop between segments of
our online banking network used to store information, and
the public Internet.
This configuration isolates the publicly accessible Web servers
from data stored on our online banking servers and ensures
only authorized requests are processed.

Various access control mechanisms, including intrusion
detection and anti-virus, monitor for and protect our systems
from potential malicious activity. Additionally, our online
banking servers are fault-tolerant, and provide for
uninterruptible access, even in the event of various types of
failures.


Security Features
We provide a number of additional security features in online
banking. For example, online banking will "timeout" after a
specified period of inactivity. This prevents curious persons
from continuing your online banking session if you left your
PC unattended without logging out. You may set the timeout
period in online banking's User Options screen. We
recommend that you always sign off (log out) when done
banking online.

https://www.myinvestorsbank.com/onlineserv/HB/security_site/privacy.html

From Wikipedia, the free encyclopedia
Financial cryptography (FC) is the use of cryptography in applications in which financial loss could
result from subversion of the message system.
Cryptographers think of the field as originating in the work of Dr David Chaum who invented
the blinded signature. This special form of a cryptographic signature permitted a virtual coin to be
signed without the signer seeing the actual coin, and permitted a form of digital token money that
offered untraceability. This form is sometimes known as Digital currency.
A widely used and previously developed cryptographic mechanism is the Data Encryption Standard,
which was used primarily for the protection of electronic funds transfers. However, it was the work
of David Chaum that excited the cryptography community about the potential of encrypted messages
as actual financial instruments.
Financial cryptography includes the mechanisms and algorithms necessary for the protection of
financial transfers, in addition to the creation of new forms of money. Proof of workand
various auction protocols fall under the umbrella of Financial Cryptography. Hashcash is being used
to limit spam.
Financial cryptography is distinguished from traditional cryptography in that for most of recorded
history, cryptography has been used almost entirely for military and diplomatic purposes.
As part of a business model, FC followed the guide of cryptography and only the simplest ideas were
adopted. Account money systems protected by SSL such as PayPal and e-goldwere relatively
successful, but more innovative mechanisms, including blinded token money, were not.
Financial cryptography is frequently seen to have a very broad scope of application. Ian Grigg sees
financial cryptography in seven layers [1], being the combination of seven distinct disciplines:
cryptography, software engineering, rights, accounting, governance, value, and financial applications.
Business failures can often be traced to the absence of one or more of these disciplines, or to poor
application of them. This views FC as an appropriately crossdiscipline subject. Indeed, inevitably so,
given that finance and cryptography are each built upon multiple disciplines.
Financial cryptography is to some extent organized around the annual meeting of the International
Financial Cryptography Association Financial Cryptography, which is held each year in a different
location.
http://en.wikipedia.org/wiki/Financial_cryptography
http://en.wikipedia.org/wiki/Anonymous_Internet_banking
The underlying mathematics[edit]
Anonymous internet banking depends on the mathematics of public key cryptography and blind
signature algorithms. In this simple example we have Alice and Bob and a banker. The banker
generates an RSA public key with modulus , where and are large primes,
making a semiprime. As described in RSA operation, the bank also generates public key
exponent and private key exponent .
Bob asks the banker for a $100 deposit slip in anticipation of Alice wanting to transfer money to him.
To generate a deposit slip the bank selects a large, globally unique random number and encrypts
it using the bank's public key; this means that it can only be decrypted with the bank's secret key:

This encrypted value is sent to Bob with the promise to deposit $100 into his account when Bob
sends the value back to the bank. The bank is confident that Bob won't be able to break RSA to
generate from within a reasonable period without knowledge of , so it does not worry about
handing out the deposit slips without receiving anything from Bob.
When Alice wants to pay Bob $100 she asks for the deposit slip and Bob sends her . Alice
selects a large random value coprime with (so as to have an inverse modulo ) and uses it to
blind and sends it to the bank to be blind signed. The Bank charges Alice $100 for
this operation and returns the blind signed value . Due to the symmetric properties of RSA, this
provides her with :

Because of the blinding process, the Bank is not able to associate or with or . The
only possible way for the bank to do this is to trial divide by all the values of that it gave out
or by all values of . This means is unable to determine that Bob and Alice are doing business
together, preserving the anonymity of the transaction. Alice unblinds (by dividing it by ) to
generate the original value , which she sends to Bob. Bob verifies that can be encrypted with
the bank's public key by computing , which means that Alice has deposited
$100 into the bank. Bob then sends this value to the bank and the bank checks its records to be sure
that has not been already used. If it has not, it deposits $100 into his account and updates its
database that the unique value has been redeemed.
Different public keys can be used for different denominations of currency so this system doesn't take
appreciably longer for large transactions.
Note that if neither Alice nor Bob wishes the bank to know that they performed a transaction with
each other, then it is hard for the bank to find out. However, in order to ensure this is the case many
people need to be making transactions at the same time. Otherwise the bank can figure it out by the
timing of the transactions, using traffic analysis.



How we measure Online Banking security
Online Banking uses several different methods to protect your information.
All information within Online Banking uses the SSL (Secure Socket Layer) protocol for transferring
data. SSL is encryption that creates a secure environment for the information being transferred
between your browser and Bank of America.
At a high level, SSL uses public key cryptography to secure transmissions over the Internet. In
practice, your browser will send a message via SSL to the banks server. The bank responds by
sending a certificate, which contains the banks public key. Your browser authenticates the certificate
(agrees that the server is in fact Bank of America), then generates a random session key which is
used to encrypt data traveling between your browser and the banks server. This session key is
encrypted using the banks public key and sent back to the server. The bank decrypts this message
using its private key, and then uses the session key for the remainder of the communication.
Secure Socket Layer (SSL) protects data in three key ways:
Authentication ensures that you are communicating with the correct server. This prevents another
computer from impersonating Bank of America.
Encryption scrambles transferred data.
Data integrity verifies that the information sent by you to Bank of America wasnt altered during the
transfer. The system detects if data was added or deleted after you sent the message. If any
tampering has occurred, the connection is dropped.
https://www.bankofamerica.com/onlinebanking/online-banking-security-faqs.go
http://groups.csail.mit.edu/mac/classes/6.805/articles/money/cryptnum.htm
Electronic banking - Security issues
Questions and answers:
Technology and computers cannot protect everything for you automatically.
1. Describe strategies that you can use in order to ensure your personal security
when using Internet banking facilities.

An individual should take the following responsibilities:
o Change your password regularly; notify the organisation if you feel your password
is compromised.
o Do not disclose your password to anyone
o Maintain control over your account details, be careful of saved or printed
electronic information
o Exit Internet banking site by logging off properly and never leave your computer
unattended in order to avoid others accessing your account details.
o Ensure that anti-virus and anti-spyware software is current and running on your
computer at all times.
Return to activity
2. Discuss the meaning of cryptography.

Cryptography means secret writing or the art of secret writing. It refers to techniques to
write secret messages that only the recipient can decode to understand the messages.
Return to activity
3. Describe the techniques of cryptography.

Cryptography prevents unauthorised people from monitoring your password, account
details, credit card numbers, name and address details during electronic transmission
between your computer the banks computer system.
Modern cryptography generally uses one of two techniques.


1. Asymmetric encryption, or Public Key Encryption (PKE), uses two different, but
mathematically related keys. Providing one key is kept secret (the Private key),
the other can be disclosed (the Public key) without decreasing the protection
available.
2. Symmetric, or Secret Key Encryption (SKE), requires identical keys at the sender
and receiver's locations. Then the sender and receiver can send secure messages
back and forth. However, the difficulty now lies in transporting the secret keys
between each pair of people who wish to communicate securely.
The Commonwealth Bank has combined both forms of cryptography in our security
system.
Return to activity
4. Discuss the advantages and disadvantages of electronic banking for:
. Individual
Some of the possible responses include:
Advantages
Save method of transactions with the bank due to encryption
Convenient 24/7, less time, effort, no traveling
Lower administration costs for customers
Disadvantages
Susceptible to fraud
Equity issue, not everyone has access to the Internet and is computer
literate
i. Society
Some of the possible responses include:
Advantages
Increased use of electronic banking
New role for bank employee because less of a need for administration
Disadvantages
Changing nature of work for bank employees requiring re-training in new
aspects of the job
Loss of jobs through downsizing
Less face to face banking therefore less human interaction
ii. Environment
Some of the possible responses include:
Advantages
Introduction of antispyware software
Disadvantages

Electronic banking provides an opportunity for invasion of customer
privacy.
http://www.hsc.csu.edu.au/ipt/comms_systems/2584/electronic_answers.htm
Secure Sockets Layer (SSL)



Introduction

HTTPS is HTTP running over Secure Sockets Layer (SSL) which was developed by Netscape. SSL
(now up to version 3.0) is a tunnelling protocol that allows a proxy server to act as a tunnel between the
client and the server. SSL runs at the application layer and provides secure transaction of data such as
credit card details, between a client and an E-commerce server. SSL uses certificates, private/public key
exchange pairs and Diffie-Hellman key agreements to provide privacy (key exchange), authentication and
integrity with Message Authentication Code (MAC). This information is know as a Cypher Suite and
exists within a Public Key Infrastructure (PKI).


Three Elements of SSL


Confidentiality

Data can only be viewed by the intended user. This is achieved by way of encrypting the data using keys.
That is, each of the parties has knowledge of a key to be used. The keys can be known by one of two
methods:
Key Exchange - One party generates a symmetric key and then encrypts and transmits it using
an asymmetric encryption scheme where each device has a private key and a public key that can
be shared to all devices. Data encrypted using the public key can be decrypted using the private
key and the reverse is true. A well known asymmetric key encryption scheme is Rivest, Shamir
and Adelman (RSA). The private key is never shared and always remains secure.
Key Agreement - both parties generate a shared symmetric key usually using the Diffie-Hellman
algorithm in conjunction with DES (40-bit key) or 3-DES (128-bit key). Parameters used to
generate the shared key are exchanged between the client and server.


Authentication and the Certification Authority (CA)

Is the other party really who they say they are? This is confirmed by way of Digital Certificates.
A Certification Authority (CA) is a trusted authority that issues digital certificates via a PKI so that the
certificates are not compromised. A discussion on CAs can be found within the IPsec tutorial here.


Message Integrity

In order to ensure that a message has not been interfered with between the sender and receipient,
a Message Digest (or Hash) is applied to the message and attached to it. The message digest is a fixed
length value that cannot be easily reversed. The message digest is encrypted to form the Message
Authentication Code (MAC), using the sender's private key, and then it is decrypted at the other end by
using the sender's public key. The message digest can either be created using Message Digest 5
(MD5) or Secure Hash Algorithm (SHA).

The public/private keys used to form the MAC (sign it with a digital signature) could be from RSA (used
also for key exchange as described earlier). There is a new standard for signing which could be used
instead of RSA. This is called the Digital Signature Algorithm (DSA is only used for digital signatures. It
is considered a good idea to separate key exchange from signing. DSA is standardised in the Digital
Signature Standard (DSS) designated FIPS-186. DSS uses Diffie-Hellman type algorithms and uses
SHA-1 for the message digest.


Operation of SSL

The client initiates an HTTP request for an SSL tunnel either via a hook in HTTP or by calling HTTPS
directly. The cache can then issue a CONNECT method (see earlier) using https:// url to tunnel SSL over
HTTP.

By default, SSL uses a number of ports including 443, 643, 1443 and 2443. For encryption SSL uses
RC4-128, Diffie-Hellman 1024, MD5 and Null. The encryption is carried out at layer 4 i.e. the socket layer.

SSL handshaking occurs as follows:
1. The client sends a 'hello' to the server as a request for a secure connection
2. The server sends a 'hello' to the client.
3. The server sends its authentication certificate and public key
4. The server sends a server_key_exchange
5. The server sends a certificate request
6. The server indicates that the server hello is complete.
7. Upon verification of the server certificate, the client sends its certificate
8. The client sends a client_key_exchange with a randomly generated key derived from the server
key
9. The client sends a certificate verify message
10. The client sends a change_cipher_spec
11. The client indicates that it has finished
12. The server decodes the client key with its own private key
13. The server sends a change_cipher_spec
14. The server indicates that it has finished
15. The client and server exchange encrypted data
The SSL Record Protocol then takes the application data and splits it into fragments. Each fragment has
the following operations carried out on it:
1. Compressed
2. Message Authentication Code (MAC) added
3. Encrypted
4. SSL Record header added to the front of the fragment
SSL provides the following:
Client-to-server, end-to-end encrypted traffic (including basic authentication
usernames/passwords, content of submitted forms, etc)
Strongly authenticated server credentials supplied to the browser (including hostname and name
of site operator etc.) - Server-side authentication.
Strongly authenticated user credentials supplied to the server (requires user to have a personal
certificate) - Client-side authentication.
The problems associated with SSL are:
It prevents caching.
Using SSL imposes greater overheads on the server and the client.
Some firewalls and/or web proxies may not alow SSL traffic.
There is a financial cost associated with gaining a Certificate for the server/subject device.
http://www.rhyshaden.com/ssl.htm
Secure Sockets Layer (SSL): How It Works
What Happens When a Browser Encounters SSL
1. A browser attempts to connect to a website secured with SSL.
2. The browser requests that the web server identify itself.
3. The server sends the browser a copy of its SSL Certificate.
4. The browser checks whether it trusts the SSL Certificate. If so, it sends a message to the server.
5. The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
6. Encrypted data is shared between the browser and the server and https appears.
Encryption Protects Data During Transmission
Web servers and web browsers rely on the Secure Sockets Layer (SSL) protocol to help users protect their data
during transfer by creating a uniquely encrypted channel for private communications over the public Internet. Each
SSL Certificate consists of a key pair as well as verified identification information. When a web browser (or client)
points to a secured website, the server shares the public key with the client to establish an encryption method and a
unique session key. The client confirms that it recognizes and trusts the issuer of the SSL Certificate. This process is
known as the "SSL handshake" and it begins a secure session that protects message privacy, message integrity,
and server security.
Strong encryption, at 128 bits, can calculate 288 times as many combinations as 40-bit encryption. That's over a
trillion times stronger. At current computing speeds, a hacker with the time, tools, and motivation to attack using
brute force would require a trillion years to break into a session protected by an SGC-enabled certificate. To enable
strong encryption for the most site visitors, choose an SSL Certificate that enables 128-bit minimum encryption for
99.9 percent of website visitors.
Credentials Establish Identity Online
Credentials for establishing identity are common: a driver's license, a passport, a company badge. SSL Certificates
are credentials for the online world, uniquely issued to a specific domain and web server and authenticated by the
SSL Certificate provider. When a browser connects to a server, the server sends the identification information to the
browser.
To view a websites' credentials:
Click the closed padlock in a browser window
Click the trust mark (such as a Norton Secured Seal)
Look in the green address bar triggered by an Extended Validation (EV) SSL
Authentication Generates Trust in Credentials
Trust of a credential depends on confidence in the credential issuer, because the issuer vouches for the credential's
authenticity.Certification Authorities use a variety of authentication methods to verify information provided by
organizations. Symantec, the leading Certification Authority, is well known and trusted by browser vendors because
of our rigorous authentication methods and highly reliable infrastructure. Browsers extend that trust to SSL
Certificates issued by Symantec.
Extend Protection beyond HTTPS
Symantec SSL Certificates offer more services to protect your site and grow your online business. Our combination of
SSL, vulnerability assessment and daily website malware scanning helps you provide site visitors with a safer online
experience and extendserver security beyond https to your public-facing web pages. The Norton Secured Seal and
Symantec Seal-in-Search technology help assure your customers that your site is safe from search to browse to buy.
To learn more about how SSL certificates work and the benefits of implementing SSL on your website, visit our "SSL
Explained" interactive resource.
http://www.symantec.com/page.jsp?id=how-ssl-works
Mengenal SSL (Secure Socket Layer)
Author: Dwiarum Astriani Published: January 31, 2013 Category: Komputer Dasar

Secure Socket Layer (SSL) adalah protokol yang umum digunakan untuk mengelola keamanan transmisi pesan di
Internet. SSL baru ini telah digantikan oleh Transport Layer Security (TLS), yang didasarkan pada SSL. SSL
menggunakan lapisan program yang terletak antara InternetHypertext Transfer Protocol (HTTP) dan Transport Control
Protocol (TCP)lapisan. SSL dimasukkan sebagai bagian dari baik Microsoft dan browserNetscape dan produk server yang
paling web. Dikembangkan oleh Netscape,SSL juga mendapat dukungan dari Microsoft dan lain Internet klien /
serverpengembang juga dan menjadi standar de facto sampai berkembang menjadiTransport Layer
Security. The socket bagian dari istilah ini mengacu padametode soket yang lewat data bolak-balik antara klien dan
program server dalam jaringan atau di antara lapisan program di komputer yang sama. SSL menggunakan publik-dan-
swasta kunci sistem enkripsi dari RSA, yang juga mencakup penggunaan sertifikat digital.
SSL adalah suatu protokol kriptografi menggunakan algoritma yang berbeda untuk mengimplementasikan keamanan
menggunakan otentikasi dengan sertifikat, algoritma pertukaran kunci sesi, enkripsi dan memeriksa integritas. Ini adalah
protokol umum, sering digunakan untuk memastikan bahwa komunikasi antara WWW-server dan WWW-klien aman dan
dienkripsi.
SSL menawarkan tiga tingkat keamanan, yaitu:
Authentication: Memastikan bahwa message yang diterima berasal dari seseorang yang tersurat
Confidentiality: Melindungi pesan dari suatu usaha pembacaan oleh penerima yang tidak berhak disepanjang
perjalanannya.
Integrity: Memastikan bahwa pesan asli, tidak mengalami perubahan dalam perjalanannya.
Jika anda mempunyai website, apa yang diperlukan agar bisa di host disuatu host yang bisa SSL.
Web server haruslah support inkripsi SSL
IP address public yang unik agar penyedia certificate SSL bisa melakukan validasi website anda
Suatu certificate SSL dari penyedia layanan SSL
Cara Kerja SSL
Secure Socket Layer menggunakan sistem kriptografi yang mengenkripsi data dengan dua tombol. Ketika sebuah Sertifikat
SSL digital diinstal pada situs web, pengguna dapat melihat ikon gembok di area bawah navigator. Ketika sebuah Sertifikat
Extended Validation diinstal pada situs web, pengguna dengan versi terbaru dari Firefox, Internet Explorer atau Opera akan
melihat address bar hijau di area URL navigator.
http://ilmukomputer.org/2013/01/31/mengenal-ssl-secure-socket-layer/
Minggu, 14 November 2010
Implementasi Kriptografi : SSL Web Security


Implementasi kriptografi membutuhkan pengetahuan teknis yang komprehensif terhadap teknologi yang
menjadi inangnya. Sama halnya dengan kriptografi, implementasi kriptanalisis pun membutuhkan
pengetahuan teknis yang komprehensif pula. Bahkan beberapa algoritma kriptografis diciptakan khusus
untuk suatu arsitektur perangkat keras atau perangkat lunak tertentu agar implementasinya dapat optimal.
Begitu pula sebaliknya beberapa arsitektur perangkat keras atau perangkat lunak dibuat untuk
memudahkan perancangan dan implementasi suatu algoritma kriptografis ke dalamnya. Bahkan
produsen-produsen mikroprosesor membuat suatu chip yang khusus memberikan pelayanan
kriptografis.

Penciptaan suatu mesin kriptanalisis yang dapat berfungsi sebagai code breaker membutuhkan nilai
investasi yang sangat besar. Namun seiring dengan perkembangan teknik manufaktur prosesor, harga
prosesor-prosesor dengan kecepatan lebih tinggi dapat diproduksi dengan lebih murah dari waktu ke
waktu.

Pada dasarnya SSL didesain untuk selalu bekerja di mana salah satu host akan menjadi client dan yang
lainnya akan menjadi server.

Protokol SSL terdiri atas 3 (tiga) elemen utama, yaitu:
a. Protokol record
Mengindikasi bahwa enkripsi yang menjamin confidentiality dan pengamanan integritas data telah
digunakan.
b. Protokol handshake
Menyamakan penggunaan algoritma enkripsi dan kunci yang baru antara client dan server.
c. Protokol alert
Mengetahui ketika ada kesalahan yang terjadi atau ketika komunikasi antara keduanya sudah selesai.

SSL memiliki 2 (dua) definisi, yaitu:
a. SSL session
Langkah-langkahnya sebagai berikut:
Session identifier: proses generate oleh server yang mengidentifikasi atau dapat menyimpulkan langkah
session.
Peer certificate: sertifikat X.509 v3 client. Langkah ini mungkin juga tidak ada.
Compression method: algoritma yang digunakan untuk mengkompres data utama untuk dienkripsi.
Cipher spec: data algoritma enkripsi dan algoritma hash. Mendefinisikan juga aspek kriptografis seperti
nilai hash.
Master secret: kunci rahasia 48-byte antara client dan server. Menunjukkan keamanan data rahasia
untuk membangkitkan kunci penyandian, MAC dan IV.
Is resumable: pemilihan bendera yang mengindikasikan jika session dapat digunakan untuk
membangun hubungan/koneksi yang baru.

b. SSL connection
Didefinisikan menjadi elemen-elemen sebagai berikut:
Server and client random: rangkaian byte yang dipilih oleh server dan client untuk masing-masing
koneksinya.
Server write MAC secret: mengindikasi kunci yang digunakan dalam proses MAC pada pengiriman data
oleh server.
Client write MAC secret: mendefinisikan kunci yang digunakan dalam proses MAC pada pengiriman
data oleh client .
Server write key: kunci penyandian konvensional untuk menyandi data oleh server dan nantinya akan
dibuka oleh client .
Client write key: kunci penyandian konvensional untuk menyandi data oleh client dan nantinya akan
dibuka oleh server.
Initialization vectors: menggunakan mode CBC, IV hanya digunakan sekali. Bagian ini diinisialisasi
pertama kali oleh protokol handshake. Setelah itu blok ciphertext yang telah selesai digunakan sebagai
IV berikutnya. IV di-XOR dengan blok pertama plaintext untuk penyandian selanjutnya.
Number sequences: masing-masing pihak mengelola number sequences yang terpisah untuk kirim
terima berita di setiap koneksinya. Ketika salah satu pihak mengirim atau menerima sebuah berita
perubahan spec penyandian, rangkaian angka tersebut diset kembali menjadi nol. Rangkaian angka
tersebut tidak dapat lebih besar dari 264 1.
Selain menggunakan IPSec, SSL mengelola bentuk pengamanannya berdasarkan apa yang dilakukan
dengan menggunakan pengalamatan TCP/IP dan korespondensi nomor port server.

SSL versi 3 merupakan protokol yang amat rumit tetapi masih setipe dengan versi sebelumnya yaitu SSL
versi 2 yang disebarluaskan oleh Netscape Navigator. SSL versi 3 mendukung pertukaran kunci antara
client dan server dengan menggunakan:
a. RSA menggunakan anonymous public key.
b. Diffie-Hellman menggunakan anonymous atau nilai public key yang ditandatangani.
c. Fortezza key exchange menggunakan algoritma Skipjack.

Protokol TLS adalah pengembangan dari SSL versi 3 yang dipublikasikan oleh Netscape. Perbedaannya
tidak terlalu banyak hanya pada struktur data algoritma-dependent dan aturannya saja. Proses dalam
TLS ditujukan untuk menghasilkan versi inisial sebagai suatu standar internet. Penggunaan elemen-
elemen berikut ini yang membuat perbedaan anatara TLS dengan SSL versi 3.
a. Algoritma HMAC.
b. Fungsi pseudo-random untuk men-genarate kunci.
c. Peringatan kesalahan (error alerts) mengambil dan mendeskripsikan kesalahan.
d. Certificate verify message handshake menggunakan MD5 dan SHA-1.
e. Finished message kirim finished message segera setelah berita perubahan spec penyandian untuk
verifikasi bahwa pertukaran kunci dan proses otentikasi telah berhasil.
Diposkan oleh TRI WAHYUDI di 11.49