Abstract:

With the development of Internet technology, many domestic banks have offered E-banking services. Now all of the E-banking systems use HTTPS to ensure data transferred online securely. But because of the weak awareness of network security and the non-compliance with the security standards of HTTPS, such as using the unsafe cryptography algorithm, some serious security vulnerabilities are created in E-banking system while HTTPS is deployed on it . If hackers successfully exploit these vulnerabilities, the banks and customers may suffer severe losses. According to the bank directory from the China Banking Regulatory Commission’s website, this paper analyzes the HTTPS configurations of each E-banking system by way of classification, and sorts out the existing security vulnerabilities by acquiring information of certificate, protocol version, cipher suite, etc. In order to prevent safety incidents, banks should pay attention to these security vulnerabilities, and eliminate them as soon as possible.

Key words: E-banking system, HTTPS, digital certificate, cipher suite