Https
14
Hyper Text Transport Protocol Secure Authors : Pooya Sagharchi Ha April 18, 2015 1
-
Upload
pooyasi -
Category
Engineering
-
view
69 -
download
4
Transcript of Https
Hyper Text Transport Protocol Secure Authors :
Pooya Sagharchi Ha
April 18, 2015
1
2
Agenda
Introduction to HTTP Limitations to HTTP Introduction to HTTPS Implementation of HTTPS HTTPS Encryption Disadvantages of HTTPS HTTP vs. HTTPS
3
Introduction to HTTP
HTTP is the set of rules for transferring files on the world wide web.
HTTP uses port 80 as default.
The client submits an HTTP request message to the server.
The server, which provides resources such as HTML files and other content, returns a response message to the client.
4
How does it work?
A
Sends the password
B
HaHacker
Receives the password
“myPass”
Gets “myPass”
Unauthorized access
5
HTTP Limitations
Unsecured.
Does not use certificates.
Privacy.
Authentication.
6
HTTPS
HTTPS stand for Hypertext Transfer Protocol Secure.
HTTPS = HTTP + SSL.
HTTPS uses port 443 as default.
URL’s beginning with HTTPS indicate that the connection is encrypted
using SSL.
7
HTTPS implementation
HTTPS is implemented using Secure Sockets Layer ( SSL )
HTTPS by purchasing an SSL Certificate.
8
What is an SSL Certificate?
The SSL certificates is installed on a web server to identify the
business using it to encrypt sensitive data such as credit card
information.
SSL Certificates give a website the ability to communicate securely
with its web customers.
9
An SSL certificates enables encryption of sensitive information
during online transactions.
Each SSL Certificate contains unique, authenticated information
about the certificate owner.
10
How Encryption Works?
Each SSL certificate consists of a Public Key and a Private Key.
The browser encrypts the message using the Public Key and sends
it to the server.
The message is decrypted on the server side using the Private Key.
11
How does it work?
Sends the password
A“myPass”
Receives the password
B
Hacker
Unauthorized access
“myPass”
“xz77873hf”
Gets “xz77873hf”
E N C R Y P T I O N
D E C R Y P T I O N
12
Disadvantages of HTTPS
HTTPS is slightly slower than HTTP.
There is additional computational overhead on a per-byte basis,
due to the work of encrypting and decrypting the request and
response.
13
HTTPS vs HTTP:
URL begins with “http://“ in case of HTTP while the URL begins
with “https://“ in case of HTTPS.
HTTP is unsecured while HTTPS is secured.
HTTPS uses port 443 but HTTP uses port 80 for communication.
HTTP operates at Application Layer while HTTPS operate
at Transport Layer.
14
Any Questions ?!
