Maroti Deshmukh

12MCMB02
Introduction to HTTP
Limitations to HTTP
Introduction to HTTPS
Implementation of HTTPS
HTTPS Encryption
Identify secure connection
Disadvantages of HTTPS
HTTP vs. HTTPS
Conclusion






HTTP (Hypertext Transfer Protocol) is the set
of rules for transferring files (text, graphic
images, sound, video, and other multimedia
files) on the world wide web.
HTTP uses default port 80.
The client submits an HTTP request message
to the server. The server, which provides
resources such as HTML files and other
content, or performs other functions on
behalf of the client, returns a response
message to the client.
Unsecured
Does not use certificates
Privacy
Integrity
Authentication
HTTPS = HTTP + SSL
HTTPS stands for Hypertext Transfer Protocol
over Secure Socket Layer, or HTTP over SSL.
HTTPS by default uses port 443.
URL's beginning with HTTPS indicate that the
connection is encrypted using SSL.
HTTPS is implemented using Secure Sockets
Layer (SSL).
HTTPS by purchasing an SSL Certificate.

SSL certificates becomes the "passport" or the
digital document that verify that the security
and authenticity of the interaction.
The SSL certificate is installed on a web server
to identify the business using it to encrypt
sensitive data such as credit card
information.
SSL Certificates give a website the ability to
communicate securely with its web
customers.

An SSL Certificate enables encryption of
sensitive information during online
transactions.
Each SSL Certificate contains unique,
authenticated information about the
certificate owner.
A Certificate Authority verifies the identity of
the certificate owner when it is issued.
Each SSL Certificate consists of a Public key
and a Private key.
So during a secure communication, the
browser encrypts the message using the
public key and sends it to the server. The
message is decrypted on the server side
using the Private key.
In Internet Explorer, you will see a lock icon
in the Security Status bar. The Security Status
bar is located on the right side of the Address
bar. You can click the lock to view the identity
of the website.
If the information does not match or the
certificate has expired, the browser displays
an error message or warning and the status
bar may turn RED.
HTTPS is slightly slower than HTTP
HTTPS adds computational overhead as well
as network overhead.

URL begins with http://" in case of HTTP while
the URL begins with https:// in case of HTTPS.
HTTP is unsecured while HTTPS is secured.
HTTP uses port 80 for communication while
HTTPS uses port 443 for communication.
HTTP operates at Application Layer while HTTPS
operates at Transport Layer.
No encryption is there in HTTP while HTTPS uses
encryption.
No certificates required in HTTP while certificates
required in HTTPS.
The HTTP network protocol is fundamental to
the way the World Wide Web works, and the
encryption involved in HTTPS adds an
essential layer if confidential information or
sensitive data are to be exchanged over the
public internet.

Murizah Kassim1, 2, Mohamed Ismail1,
Kasmiran Jumari1 and Mat Ikram Yusuf
21Universiti Kebangsaan Malaysia
Kefei Cheng, Meng Gao, Ruijie Guo College of
Computer Science Chongqing University of
Posts and Telecommunications Chongqing,
China
http://www.101hacker.com