How HTTPS and SSL Works?

HTTPS the Must have Protocol to Secure Communication

Encryption is certainly not new. It’s practiced since ancient Greeks and Romans where they use to send a secret message. However, encryption has advanced much more to date, and it has become one of the essential parts of the web.

Though everyone looks for HTTPS & SSL, they have no idea what it means and why it matters. So, here we will try to explore some of the things that you should know about modern encryption.

What is HTTPS?

The internet has thrived through the 1990s till now. Earlier it used HTTP or Hypertext Transfer Protocol for transferring information across the globe, one of the reasons why HTTP addresses made their presence on the web.

However, we have advanced enough to understand that HTTP isn’t safe and secure because the information it transfers is in plain text. What this means is that anyone can intercept and read your traffic and text, whether its hacker or any other cybercrook. In other words, anyone can see what information you are sending or receiving.

It was all fine and dandy until people started using the internet for sensitive data like their credit card numbers or social security numbers. However, the dramatic increase in sharing confidential information increased the need for secured HTTP to transfer without it being exposed to cybercrooks.

To overcome the HTTP loopholes, in 1994 Netscape improved the HTTP with some encryption. They included a new protocol called Secure Socket Layer to the original HTTP, and nowadays everyone is aware & used by website owners known as HTTPS.

Though, several websites are now in HTTPS, while the numbers have been growing more and more ever since with a goal to move the entire web to HTTPS and enable a better & more secured interaction between users & web servers.

Why Do We Need Encryption?

HTTPS is essential for both security and privacy reasons. It keeps hackers at bay – whether it’s injecting their code into your sessions or spying on your data – and it also improves your privacy against the governments and other institutions.

Governments and big data collection agencies love storing traffic for their benefit. Most of us have no idea what for, but marketing campaigns could be one of the possible reasons- as it’s common knowledge – and who-knows-what-else. While you may not think that you care – “They can’t get me” – but again it’s no one’s business to know about your medical issues or other problems.
It could be possible that a leak of your private information can become a source of income for someone else. A cybercriminal may be earning big bucks on your leaked information – it’s not only unfair, but it’s also immoral. Your online behavior should stay as private as possible.

How HTTPS Works?

HTTPS helps in keeping your information secret by encrypting while it transfers between your device browser and web server. Anyone listening – spying – can’t read a thing. So, any cybercriminal who position themselves between you and your web server will not be able to get any information.

SSL was a standard protocol used in HTTPS. The new version is called Transport Layer Security (TLS).

To encrypt any data, you need:

• The data, obviously
• An encryption keys
• An encryption algorithm

When you put the data and the key through an algorithm, what comes out is ciphertext, an encrypted form of your data which is unreadable and impossible to understand. On the other end, you need the same key to decipher the data. The uniqueness of the key and the secrecy of it is essential in making the process work.

Whenever there’s similar key on both the ends, it’s called symmetric encryption, for example, your home Wi-Fi. On the other hand, public internet requires asymmetric encryption. You can’t use the symmetric encryption as you don’t control the other end. What it means is that you need to use two keys – one to encrypt the data and other to decrypt the data, also known as Public Key Cryptography.

How Public Key Cryptography Works

Public Key Infrastructure uses both types of encryption – asymmetric is used to establish the connection which gets replaced by symmetric encryption for the duration of the session.

Difference between Symmetric Encryption & Asymmetric Encryption

Here is how that works:

1. For a connection, your web browser requests the web server.
2. The web server then sends you their public key – it’s private key is a secret.
3. Your browser creates the third key called session key.
4. The session key is then encrypted by your computer using the public key you’ve received from the web server.
5. The session is then shared with the server.
6. The web server decrypts the session key, and now both you and the server have the session key.
7. Asymmetric encryption is replaced by symmetric encryption.
8. You are in session until you leave the website.

The asymmetric encryption is used briefly in the beginning until both you and the web server have the session key. So, why not use asymmetric encryption all the time? Wouldn’t it be simpler? Well, the answer is NO, and the reason is that it takes more computing power to be sustainable which is not a good option when it comes to the extended session as it can consume a lot of processing power and time which is not practical at all. On the other hand, symmetric encryption keys are shorter and therefore, take less time to process which makes it feasible to use.

How SSL Encryption Secures Communication?

From many years SSL has been helpful to secure web transactions. It gives protection from anyone who tries to snoop around you & your web server. It may seem complicated, but again SSL is quite simple.

Your browser requests a secure page, and the server sends the public key with the certificate. The browser approves the certificate and its security. It then uses a public key to encrypt a unique symmetric encryption key and sends back to the server. The web server decrypts this key and uses the symmetric key to decrypt all the data.

Finally, it sends back the HTML document, and the HTTP data, encrypted with the symmetric key sent by the browser and the browser decrypts this data and shows the page you wanted to see.

Apart from this, HTTPs and encryption play an essential role in making sure that your data is secure. While it may seem simple, but it has been protecting people for decades, and it works. With new improvements, it can indeed be the best protection you can have on the web. Next time you browse the internet, look for a secure HTTPS connection.

Related Articles:

• What is SSL Certificate?
• Who Need SSL Certificate?
• How to Buy SSL Certificate?