Wondering What is HTTPS?
Full Form of HTTPS is Hypertext Transfer Protocol Secure and to understand the concept of HTTPS, let’s start with understanding how a network works.
When you make a request to the webserver to visit a particular site.
The request is carried forward in small data packets to the server and returned back in the same way as data packets to your local system.
Making a request may include entering your username and password for some sites such as Facebook, net banking, any eCommerce website etc.
All these are sensitive information that can be intercepted by malicious people present online and can be used for malpractices.
To eliminate the attack on the user’s personal information, the WWW consortium came up with the solution of end to end encryption.
This means that the information shared between you and the server are only readable by either of the two and not by anyone else.
HTTPS (Hypertext Transfer Protocol Secure) converts your HTTP request into an encrypted form so that the data exchanged between your system and the server remains confidential.
This is done with the help of the TLS (Transport Layer Security) protocol, also known as SSL (Secure Sockets Layer).
What this protocol does is it encrypts your sensitive data into a mixed series of numbers and letters which can only be decrypted by the server-side.
Before encrypting: Hi, My name is Piyush.
After encrypting: ITM0IRyExMiGyfkflYjDf/Kn3bo3SHl7ITEU5X73xMs+9XCPk63Y+z0=
Now you can see the difference if the man in the middle tries to intercept the network.
He won’t see anything else other than a jumbled sentence of letters that has absolutely no meaning in the literal sense.
HTTPS: A safe practice:
When you connect to a public network, the broadcast isn’t secured.
Almost anyone can snoop over your data packets using multiple softwares that are readily present in the market for free.
This makes your data more vulnerable and prone to such attacks.
To prevent it from happening, always ensure that the site you’re using has the TLS protocol for encryption and decryption.
A common practice of intercepting the network over an HTTP connection is injecting ads into a website.
This can help the attackers generate revenue out of the ads while broadcasting it to a mass audience connected over a public network.
HTTP vs HTTPS
HTTPS is an advanced or modified form of HTTP.
It adds a layer of security over the HTTP connection by providing encryption, authentication and integrity.
Encryption: The data sent over an HTTP network is a clear file that can be read by an attacker who’s eavesdropping on your server or network but HTTPS ensures an added layer of the sheet that uses methods such as public-key cryptography and TLS/SSL handshake to encrypt your data that can be further decrypted via network using a shared secret key.
Authentication: Even after encryption, how does one know where to send the data packets?
What if on the server side there’s an unauthorized set of systems present to take your data out.
All these issues are tackled with the help of authorization techniques.
In this method of sending packets of data over the network, the SSL/TLS gives a private key to the browser which then sort of locks the data and then this data can be only accessible to the network’s side if they have the correct public key required to open it.
So no third party network or application can be involved with this technique.
Integrity: All the files or web pages sent to a server using HTTPS network protocol contains a digital signature that a server can use to determine the document has not been touched or modified by any third-party application or software or otherwise damaged or lost while transmission.
How to check whether a site is HTTPS or not?
The most common way to know whether a site is TLS secure or not is just go to the URL bar and check whether the site begins with HTTPS or not.
The second way is to look for a padlock symbol to the left of the URL. It also indicates whether a site is HTTPS secured or not.