A
number of approaches
to providing Web security are possible. The various approaches that exist are described in this part of
the article.
Fig: Security facilities in the TCP/IP protocol stack
1. Secure-HTTP (S-HTTP)
Secure
Hypertext Transfer Protocol (SHTTP) extends the features of Hypertext Transfer
Protocol (HTTP). HTTP was designed for a Web that was simple, not
requiring for dynamic graphics and hard encryption for end to end transactions
that have since made. Since the Web has become in style for businesses users so
the existing HTTP protocols required more cryptographic and graphic enhancement
if it has to fulfill the demands of businesses users in the e-commerce
industry.
S-HTTP
protocol has the digital certificate whose design offers the secure connections
between a HTTP client and a server mainly commercial transaction. It is done by different techniques to offer
the confidentiality, integrity and authentication.
The
header and body of the messages are the two
part of HTTP messages in which the header has information to the recipients
(browser and server) on how to process the message’s body. The header of HTTP
also contains information regarding the format during the transfer transaction
which the client browser and the server will use. The S-HTTP protocol adds
security by using additional headers for message encryption and how to decrypt
the message body between the client browser and the server.
2. Hypertext Transfer Protocol over Secure Socket Layer (HTTPS)
This is application layer protocol with security
features within it and uses the Secure
Sockets Layer (SSL) protocol as a sub-layer at the transport level. It is
also referred to as Hypertext Transfer Protocol over Secure Socket Layer
(HTTPS) or HTTP over SSL, in short. It is also a web protocol made by Netscape,
and it is built into its browser to encrypt and decrypt user page requests as
well as the pages that are returned by the Web server. It utilizes port 443
rather than HTTP port 80 in its communications with the lower layer, TCP/IP.
Secure Socket Layer (SSL)
SSL
is a widely used common cryptographic
system employed in the two main Internet browsers: Netscape and Explorer. It offers an encrypted communication between a
client and a server without considering about the platform or OS.
S-HTTP was intended to deal with only web
protocols. SSL protocols works with other network protocols in the network
stack and it designed as an alternative for the sockets API. This protocol is
defined at transport layer and adds security to the upper layers protocol while
communication.
Transport Layer Security (TLS)
This
protocol is also define at transport layer and is the effort of the 1996 Internet
Engineering Task Force for standardization of a secure technique to communicate
over the Web. The 1999 result of that effort was available as RFC 2246 spelling
out a new protocol, the Transport Layer Security or TLS. It was responsible for
offering security and data integrity at the transport layer between two
applications. TLS version 1.0 was an evolved SSL 3.0. Normally, the new
standard is termed as SSL/TLS. Since then, though, the subsequent supplementary
features have been incorporated: Interoperability
and Expandability. Interoperability is the ability to exchange TLS
parameter whereas expandability is to plan for future expansion.
Secure Electronic Transactions (SET)
Secure
electronic transactions is a cryptographic
protocol made by a group of companies which are MasterCard, Netscape, Microsoft, RSA, Visa, IBM, and others. For every transaction, it offers the
subsequent services: confidentiality, message integrity, authentication, and
linkage. It utilizes public key encryption and signed certificates to set up
the identity of each one concerned in the transaction and to permit every
communication between them to be confidential.
No comments:
Post a Comment