Explain how the data is secured in HTTPS?

HTTP secure or HTTPS can be thought of as an extended version of the regular HTTP. This communication protocol is the widely used one next to the regular HTTP when it comes to having a secure communication path between the user and the server over a computer network. 

The HTTPS finds quite a wide deployment over the internet when compared to deployment over intranet. If we understand it deeply we will come to know that in actual it is not a protocol in itself as it seems so from outside. 

It is actually a regular hyper text transfer protocol (HTTP) simply layered over SSL/ TSL protocol. The SSL/ TSL protocol thus lends its security capabilities to the standard HTTP communications when HTTP is layered up on SSL/ TSL. 

In this article we discuss how the data is secured in HTTPS. As we mentioned above that it is quite deployed in the internet services and it is so because it provides a quite convenient means to authenticate the web site as well as the web server associated with it (with which the connection is being established).

How data is secured in HTTPS

Such an authentication is of much importance as it provides the protection against the man in middle attacks which usually occurs because of eavesdropping between our communications with the server. 

- Moreover, HTTPS provides bidirectional encryption of the communications or the data that is exchanged between the clients and the servers. 

- The ability of the bidirectional encryption by virtue of which it protects against tampering and eavesdropping which otherwise would forge the contents of the communications between the clients and the servers, makes it much necessary. 

- HTTPS comes with a reasonable guarantee that you get to communicate only with the web site which you intended to communicate with and with none else.  - Furthermore, a way to prevent the forgery of the contents of the communication that takes place between the users and the clients cannot be hampered or forged by any of the third parties is ensured by the http secure. 

- In HTTPS, the entire HTTP is levied up on the top of the TSL or SSL thus enabling the total encryption of the HTTP communications content.

- This communications content includes:

1. Request URL which states the particular web page that was requested.
2. Query parameters
3. Headers
4. Cookies containing the identity information about the user and so on. 

Negative Points of HTTPS

Though the HTTPS has got many advantages, its minus point cannot be unseen.

-HTTPS cannot protect the disclosure of the communication content.

-This happens so because the addresses of the host web sites and port numbers form a necessary part of the TCP/ IP protocols that underlie the https. -To be seen practically, it means that the identity of the server can still be inferred by the eavesdroppers even on a correctly configured web server as well as the amount and duration of the communication.

-In the early years, the HTTPS was common to be used in the money transactions over the World Wide Web and other sensitive transitions like e- mails.

-In the recent years it has been known for the following:

1. Authenticating the web pages,
2. Providing security to the accounts,
3. Maintaining the privacy of the user communications, web browsing and identity.

The HTTPS has also come to the rescue of the wi- fi since it is highly prone to attacks being un- encrypted. The importance of https is often more realized when the connections are made over tor or anonymity network.       

What is the difference between HTTP and HTTPS?

HTTP is quite a common language with us and stands for hyper text transfer protocol. This is actually an application protocol that has been developed exclusively for the hyper media, collaborative and distributed information systems. 

The foundation of the data communication is entirely based upon www or World Wide Web.  

Now what is HTTPS? HTTPS is nothing but HTTP secure! This one is much more secure than usual hyper text transfer protocol. And like HTTP, it is also a quite popular communication protocol for a much secure communication over a network of computers. It is quite popular with internet. 

If you see it technically, it is actually not a protocol in itself but rather a layered form of HTTP along with SSL/ TLS protocol. This allows the security capabilities of the SSL/ TLS to be added to the HTTP.  In this article we hold up to discuss the differences between the two i.e., the HTTP and HTTPS.

Difference #1:

- The transmission and receiving of the information across a computer network or internet is solely the responsibility of the HTTP.   

- HTTPS holds the responsibility of exchanging confidential information among the servers and also since the access to such information has to be secured to prevent it from any un- authorized access.

Difference #2:

-The transmission of HTTP takes place through a wire via PORT 80(TCP) but it is not at all secure! Some can easily interfere in the communication between your system and the server. 

- HTTPS is a creation of the NetScape and it comes as a built in thing with the netscape browser that uses it for the encryption and decryption of the user’s requests.

- HTTPS is actually HTTP working over the layer of netscape’s secure socket layer (SSL). 

- Unlike regular HTTP, HTTPS transmission takes place through a wire via PORT 443 for carrying out interactions between the lower layer TCP/ IP. 

- SSL or secure socket layer makes use of a 40 bit key size for encrypting the RC4 streams algorithm. 

- Therefore an adequate degree of encryption is possible for commercial exchange.

Difference #3:

- HTTPS being so very secure finds its use in shopping/ commercial sites and login pages. 

- HTTPS though being a standard secure protocol transmits the data over world wide web just like HTTP with the only difference being in the form in which data is transmitted i.e., the encrypted form. 

- When you put https:// instead of http:// you are asking the server to establish a secure connection path. 

- The server makes it a point that the secure and non secure connections are kept separately. 

- When the address in the address bar of the web browser that you are using, starts with http://, it simply means that your requests are being communicated over regular un-secure “HTTP” language.

- It is basically the letter ‘S’ that makes all the difference between HTTP and HTTPS. 

Difference #4:

- Most of the requests of the clients are processed via HTTP. The client in turn gets a response from the server on the completion of a request in the form of a web page. 

- In HTTPS the information is highly encrypted which means that no can have a clue of what you are looking for. 

This type of secure communication is commonly prevalent in those areas wheer security is quite mandatory like the following:

1. E- mails
2. Banking web sites
3. Payment gateways and so on.

To get an HTTPS connection, the server requires a public key trusted and signed certificate.