The Foundation of the World Wide Web
The Hyper Text Transfer Protocol (HTTP) is one of the most widely used internet protocols. It facilitates communications between your web browser and the web server hosting the web page that you are trying to access. You may have noticed the “https://” or “https://” before the web address that you entered in your browser. This lets you know that you are using either HTTP or HTTPS. When using HTTP, your web browser sends HTTP request messages to the server and the server responds with an HTTP response message. Unfortunately, HTTP is not a secure protocol because it sends information in clear text. This means that anyone that spies on your traffic can see all of your communications with the web server including sensitive information like passwords or phone numbers that you type in. Luckily, a solution for this problem was developed.
Plugging The Security Hole
Hyper Text Transfer Protocol Secure (HTTPS) is the solution to the security problem that plagued HTTP. HTTPS has become the new standard for most websites on the internet. The reason that HTTPS is more secure than HTTP is because it uses the Transport Layer Security Protocol (TLS). TLS is the successor to the Secure Sockets Layer Protocol (SSL) and although they are sometimes used interchangeably, TLS has replaced SSL.
It applies encryption to the data transmitted over HTTPS. Remember, encryption will protect your data by scrambling the plaintext into an unreadable format. Decryption is the process of unscrambling the data back into the original plain text. TLS accomplishes this through a sequence known as the TLS handshake. This process utilizes public and private keys. Any message encrypted with the server’s public key can only be decrypted by the server’s private key. The client’s public and private keys also serve the same function as encryption and decryption keys, respectively. In addition to this, the client can also verify the server’s identity by verifying its digital certificate with the server’s Certificate Authority (CA). When the authentication phase is over, new secret session keys are generated and used for all further encryption during the session.
How do you know if HTTPS is being used?
As I mentioned earlier, HTTPS has become the standard for almost every website you visit. When visiting websites, you should always check for a padlock symbol in the address bar. This will tell you if the website is using HTTPS. You can also use a recommended browser extension called HTTPS Everywhere which will force websites to use HTTPS when available. While a website using HTTP is fine if you are only browsing the site, you should remember to never input any sensitive information on a web site that is not using HTTPS. Check out our VPN blog if you are looking for even more privacy while browsing the web.