ASSESSMENT TASK 3: SECURITY PROTOCOL ANALYSIS

Table of Contents
1.0 Introduction..........................................................................................................................3

2.0 Protocol Description.............................................................................................................3

3.0 Security Properties...............................................................................................................6

4.0 Justification..........................................................................................................................8

5.0 Conclusion..........................................................................................................................10

Reference list............................................................................................................................12

2
1.0 Introduction

The whole discussion will be based on the simple principles and formalism about the formal
examination and evaluation of the security protocols. In this discussion, the main focus will
be on “Hypertext Transfer Protocol Secure (HTTPS)”, where the main fundamentals and
characteristics of a security system will be evaluated. HTTS is mainly an additional or
upgraded part of the Hypertext Transfer Protocol.

2.0 Protocol Description

The main explanations for HTTPS are the protection of the accessed database and the safety
of the privacy and integrity of the data exchanged during the transfer. It protects against
“man-in-the-middle attacks”, and the bidirectional encryption of data between a client and
server avoids eavesdropping and intrusion communications (Gong et al. 2018). The Internet
Security Task Force approved the most recent internet encryption standard in August 2018 —
TLS 1.3.

Alice-and-Bob notation is an easy and concise way to define security protocols: in an

unattached protocol run, one only needs to explain what messages are shared between the
protocol agents (Boylan, and Redmond 2018). Semantics is enough to automatically create
formal models and implementations from the “Alice-and-Bob specifications”.

Figure 2: Alice Bob notation

(Source: draw.io)

“Public-key cryptography” is conveniently used to validate identity in the following case that
includes Alice and Bob.

The {anything} key notation indicates that something use key is encrypted or has been
decrypted.

3
Alice receives this letter and decrypts it using the encryption key previously provided by Bob
(Suharyanto 2017). She compared the modified data to the one she initially gives back to Bob
once again. Then, Alice knows that that she is talking (geek-university.com).

3.0 Security Properties

The data transmission via HTTPS is much more secure by the Transport layer security
protocol and this security protocol associated with three main layers of prevention, which are
as follows,

 Authentication: It is mainly secure that a user system established a secured

communication with the desired website.
 Encryption: The data exchanged is encrypted to keep it "secure from eavesdroppers."
That ensures no one can "listen" to their messages while the user is surfing a website,
tracking their activities across several sites or capturing information.
 Data integrity: In the time of data transfer, the data cannot be manipulated or changed in
Any circumstances (Giladi 2017).

HTTPS included websites are particularly those that need login credentials. This
authentication system requires two different keys to encrypt the messages between two
parties:

The private key: A website owner maintains this key and as the reader may have thought,
it's kept hidden (Burt et al. 2019). This key sits on a registry of a computer, which is used to
decrypt encrypted information of the public key.

The Public key: It is mainly a public key where those wanting to data transferred with the
system in a safe manner. The private key will only unlock information which is encrypted by
the public key.

Figure 3: Non HTTPS websites

(Source: https://www.cloudflare.com/learning/ssl/what-is-https/)

Without the permission of the website owner, “Internet service providers (ISPs)” or other
security protocol which is mainly insert the content into WebPages or on websites without
Authentication. (Kotzanikolaou 2016). HTTPS is not a standalone interface of HTTP. It also
uses encryption via TLS / SSL over the HTTP protocol. HTTPS takes place on the basis of
distributing TLS / SSL credentials, checking that a certain company is who they claim they
are (atlantis-press.com, 2017).

4
4.0 Justification
Many providers of website hosting and other facilities would be providing TLS / SSL
certificates at a discount. For many consumers these certificates can be exchanged
sometimes. There are more costly licences available which can be personally linked to
various web assets. In TLS technology the encryption in the public domain is the most
important component. For this encryption there is two key which are described before. The
public and private keys are used in a random ways, where public key is delivered the
information to the users system through the SSL (Stadtländer 2019). In this case the HTTPS
make the real difference from HTTP buy securing the data transmission in compact way.

Figure 5: Data encryption in HTTPS

(Source: https://www.cloudflare.com/learning/ssl/why-is-http-not-secure/)

The schema of the HTTPS is mainly build based upon the principle of trust, where the data is
not leaked in the public platform in any cases. The computer is initially mainly shielded on
the Internet, by contrast. However, it turned out to be surprisingly complex to characterise a
formal semantic for such a notation, that is, to identify an inferential method of printing,
decomposing and verifying the messages they submit and receive from agents (usenix.org,
2018).

5.0 Conclusion
The significance of the network protocol; and be specifically the characteristics of HTTPS
was thoroughly discussed. Description of the protocol chosen and alongside with that the
Alice Bob notation also justified. The core principles and functionality of the security
systems are tested. HTTS is essentially an integral component of the Hypertext Transmission
Protocol, or an update. This transfer protocol is used primarily to protect data storage and
communication over a computer network. This security protocol avoids the guy in middle
access, and the transmission is secure from unwelcome visitors. It also allows the profits of
other industries.

5
Reference list
Journals

Boylan, S. and Redmond, D., Synchronoss Technologies Inc, 2018. Systems and methods for
securely provisioning hypertext transfer protocol secure (https) pins to a mobile client. U.S.
Patent Application 15/486,703.

Burt, A., Bilogorskiy, M., Navaraj, M., Jas, F., Han, L., Ting, Y., Kenyan, M., Gong, F.,
Golshan, A. and Singh, S., Cyphort Inc, 2019. System and method for detection of malicious
hypertext transfer protocol chains. U.S. Patent 10,354,072.

Giladi, A., FutureWei Technologies Inc, 2017. Dynamic adaptive streaming over hypertext
transfer protocol service protection. U.S. Patent 9,646,162.

Gong, L., Xianwei, L.I.N. and Jiang, H., Alibaba Group Holding Ltd, 2018. Hypertext
transfer protocol secure (https) based packet processing methods and apparatuses. U.S.
Patent Application 15/660,799.

Kotzanikolaou, P., 2016. Cryptographic protocol analysis–A short introduction to the Scyther
tool.

Ling, J., Wang, Y. and Chen, W., 2017. An Improved Privacy Protection Security Protocol
Based on NFC. IJ Network Security, 19(1), pp.39-46.

Lu, J., Yao, L., He, X., Huang, C., Wang, D. and Meng, B., 2018. A security analysis method
for security protocol implementations based on message construction. Applied
Sciences, 8(12), p.2543.

Stadtländer, E., 2019. Automatic Security Protocol Analysis with Tamarin-Prover.

Suharyanto, C.E., 2017. Potential Threat Analysis Hypertext Transfer Protocol and Secure
Hypertext Transfer Protocol of Public WiFi Users (Batam Case). International Journal of
Scientific & Engineering Research, 8(3), pp.320-326.

Online articles

atlantis-press.com, 2017, Security Analysis and Application of Common Dynamic Routing

Protocol, Available at: https://download.atlantis-press.com/article/25876085.pdf [Accessed
on: 28.08.2020]

usenix.org, 2018, Symbolic Execution of Security Protocol Implementations: Handling

Cryptographic Primitives, Available at:
https://www.usenix.org/system/files/conference/woot18/woot18-paper-vanhoef.pdf
[Accessed on: 28.08.2020]

Website

6
geek-university.com, 2020, Hypertext Transfer Protocol Secure (HTTPS), Available at:
https://geek-university.com/ccna/hypertext-transfer-protocol-secure-https/ [Accessed on:
28.08.2020]