16 - HTTP Vs Htpps
16 - HTTP Vs Htpps
Plaintext Ciphertext
Meet me at the Phhw ph dw wkh
pier at midnight slhu dw plgqljkw
Encoder
Plaintext
Meet me at the
pier at midnight
Decoder
UNIT-III HTTPS (Security Protocol)
Cryptography
How Encryption Works
A cryptographic algorithm works in
combination with a key(can be a word,
number, or phrase) to encrypt the plaintext
and the same plaintext encrypts to different
ciphertext with different keys.
Hence, the encrypted data is completely
dependent on couple of parameters viz- the
strength of the cryptographic algorithm and
the secrecy of the key.
• Confidentiality
– provides privacy for messages and stored data by hiding
• Message Integrity
– provides assurance to all parties that a message remains unchanged
• Non-repudiation
– Can prove a document came from X even if X’ denies it
• Authentication
– identifies the origin of a message
– verifies the identity of person using a computer system
6
UNIT-III HTTPS (Security Protocol)
Cryptography Techniques
Symmetric Encryption -
Encryption conventional cryptography, also known
as Conventional encryption in which one key is used both for
encryption and decryption. Strength of encryption technique
depends on key length
7
UNIT-III HTTPS (Security Protocol)
Rotate-by-3 cipher example
Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHI JKLMNOPQRSTUVWXYZABC
Encryption d
e
f
e
f
g
f
g
h
g
h
i
h
i
j
i
j
k
j
k
l
k
l
m
l
m
n
m
n
o
Caesar Cipher g
h
h
i
i
j
j
k
k
l
l
m
m
n
n
o
o
p
p
q
3 changes
i j k l m n o p q r
j k l m n o p q r s
The shift is linear and equidistributed k l m n o p q r s t
l m n o p q r s t u
I agree lcdjuhh m
n
o
n
o
p
o
p
q
p
q
r
q
r
s
r
s
t
s
t
u
t
u
v
u
v
w
v
w
x
i+3=l p q r s t u v w x y
q r s t u v w x y z
r s t u v w x y z 0
Space=c [+3] s t u v w x y z 0 1
t u v w x y z 0 1 2
Key Cipher u
v
v
w
w
x
x
y
y
z
z
0
0
1
1
2
2
3
3
4
269
w x y z 0 1 2 3 4 5
x y z 0 1 2 3 4 5 6
The shift is linear (cyclic) y z 0 1 2 3 4 5 6 7
z 0 1 2 3 4 5 6 7 8
k.n.gupta 62 mewam3rzjba 0
1
1
2
2
3
3
4
4
5
5
6
6
7
7
8
8
9 .
9
2 3 4 5 6 7 8 9 .
3 4 5 6 7 8 9 . a
k+2=m 4 5 6 7 8 9 . a b
5 6 7 8 9 . a b c
(dot)=e [+6] 6 7 8 9 . a b c d
7 8 9 . a b c d e
8 9 . a b c d e f
9 . a b c d e f g
n=w [+9]
. (Dot) a b c d e f g h
UNIT-III HTTPS (Security Protocol)
Space a b c d e f g h i
Cryptography Techniques
Asymmetric Encryption
Encryption - It is a Public key
cryptography that uses a pair of keys for encryption:
a public key, which encrypts data, and a private key
used for decryption. Public key is published to the
people while keeping the private key secret.
11
UNIT-III HTTPS (Security Protocol)
Public-Key Cryptography
Using different keys for encoding and decoding
client
Plaintext
Public Private
Encrypted key=ds
key=es ciphertext
Internet
Plaintext
A A
kAX ex
B kBX D B D
kDX ex ex
kCX
ex
C C
• Digital Envelopes
– secure delivery of secret keys
• Message Digests
– short bit string hash of message
• Secure Channels
– Encryption can be used to create secure channels over private or public networks
16
UNIT-III HTTPS (Security Protocol)
Signatures Are Cryptographic
Checksums
A Plaintext B
Message
message digest
Message
digest D E Same?
Signature
Message
digest
Private Public
key=dA key=eA
18
UNIT-III HTTPS (Security Protocol)
Message Digests
• How to create and use a message digest
– sender uses message as input to digest function
– “sign” (encrypt) output (hash) with sender’s private
key
– send signed hash and original message (in plain text) to
receiver
– receiver decrypts hash with sender’s public key
– receiver runs plain text message through digest
function to obtain a hash
– if receiver’s decrypted hash and computed hash match
then message valid.
UNIT-III HTTPS (Security Protocol)
Digital Certificates (ID)
• Certification Authorities (CA)
– used to distribute the public key of a public/private pair
– guarantees the validity of the public key
• does this by verifying the credentials of the entity associated with the public
key
– Some Case
• Versign - http://www.versign.com
• U.S. Post Office - http://www.ups.gov
• CommerceNet - http//www.commerce.net
– certificates contain
• public key
• e-mail
• full name
ga mod p
gb mod p
Network interfaces Data link layer Network interfaces Data link layer
Netscape Communications created HTTPS in
1994 for its Netscape Navigator web browser.
Originally, HTTPS was used with SSL protocol. As
SSL evolved into Transport Layer Security (TLS), the
current version of HTTPS was formally specified
by RFC 2818 in May 2000.