Volume 6, Issue 5, May 2016 ISSN: 2277 128XInternational Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.
ijarcsse.comAn Overview of World Wide Web Protocol (Hypertext TransferProtocol and Hypertext Transfer Protocol Secure)Sh. Rajinder SinghResearch Scholar PUSSGRC,Hoshiarpur, Punjab, IndiaDr. Satish KumarResearch Supervisor PUSSGRC,Hoshiarpur, Punjab, IndiaAbstract— HTTP is the main protocol of World Wide Web. It allows communication between varieties of clients. Withthe help of HTTP web-server are used to communicate with the nowadays available browser like Google Chrome,Mozilla Firefox, and internet Explorer etc. HTTPS (Hypertext Transfer Protocol Secure) is also used for the samepurpose as HTTP but with additional features.
In this paper a detail study of both the protocols has been made.Various features of both the protocols are also discussed.Keywords: HTTP; HTTPS; SSL;I. INTRODUCTIONHTTP and HTTPS both the protocols are used by the web browser to transmit and receive information on theinternet.
HTTP means Hypertext Transfer Protocol and it is used for exchanging information between the web-server andclient. This protocol is used for delivering virtually all files like image files, text files and video files etc. With the help ofHTTP web-server communicate with the browser like Google Chrome, Mozilla Firefox, and internet Explorer etc.HTTPS means hypertext transfer protocol secure and it is used to establish secure connection across the internet.
Communications between the client side browser and web-server is encrypted by a secure certificate known as an SSL.This encryption of the information helps from preventing sniffing of the information by hackers 1.II. WHAT IS HTTP?HTTP is the main protocol used by World Wide Web for communication. HTTP defines how the messages areformatted and transmitted across the internet. HTTP protocol is based on client server model. A browser is like clientbecause it is used to send request to server.
Server then sends the response back to the client. The default port for theserver to listen for the request is 80. HTTP protocol is a request/response stateless protocol 2.
Main function of HTTP isto transmit resources across the internet. A resource can be a file, A CGI script, or a document written in any availablelanguages. The format of the request and response message is very much similar.An HTTP request has mainly three parts: a) request line, b) HTTP header, and c) an optional HTTP body.An example of HTTP request is given belowGET /xyz1.html HTTP/1.1Means client is instructing the server to GET the xyz1.html file by using HTTP/1.
1 protocol.Next information needed by server is HTTP header. HTTP header contains the information about the request andinformation about the client such as browser type or connection information.Final part of the HTTP request is HTTP body which is optional. It is used when client want to transfer specific datato server 312.Main Features of HTTP:Main features of HTTP are given below:a) HTTP is connectionless protocol. It means client or a browser makes an HTTP request and then it disconnects fromthe server and waits for response from the server. The server after processing the request sends response back to theclient.
b) HTTP is media independent protocol means any type of data can be sent by HTTP.c) HTTP is stateless protocol means the server and client are in touch with each other only during current request 12.Main methods used by HTTP are i) GET ii) HEAD iii) POSTGET: It is the most common method used by HTTP.
It is used to retrieve the requested information. If the requestedfile is an HTML file then its content will be displayed at the browser side. If the requested file is a dynamic ASP file,then the server first process this file, executes its commands and finally the output of those command is send to therequesting Browser.HEAD: This method is almost similar to GET method but it does not return the requested data. It is used to transferheader section, status line, server response code etc.POST: This method is used to send data to server and then act on it. POST methods are used when the CGI or serverside scripting is involved 11.
Singh et al., International Journal of Advanced Research in Computer Science and Software Engineering 6(5),May- 2016, pp. 396-399© 2016, IJARCSSE All Rights Reserved Page | 397III. HTTPS(S FOR SECURE)HTTPS (Hypertext Transfer Protocol Secure) is used for achieving security of data across the internet. It iscombination HTTP with SSL/TLS protocol. HTTP is not a secure protocol.
So when users communicate across thenetwork by using HTTP protocol, anyone can eavesdrop communication between client and the web server easily. So ifusers want to transfer sensitive information across the internet, then this information needs to be secured and it should beaccessible to authorized users only. For these purposes HTTPS is used 510.Mainly HTTPS protocol is used in the following websites:Shopping Websites, Banking Websites, Payment Gateway, Login Pages, and Email Apps etc 6.
IV. WORKING OF HTTPSHTTPS protocol is used to provide secure connection between client and web server. HTTPS insert a layer ofencryption/decryption between HTTP and TCP. It is a Secure Sockets Layer (SSL) or Transport Layer Security (TLS).Figure 1 SSL/TLS Layer between HTTP and TCPSSL uses RSA and public-key cryptography 7. Pictures given below show facebook and gmail websites both areusing HTTPS protocol.
Important point to note here is that in this case URL starts with HTTPS:// and not with HTTP://Figure 2 facebook using httpsFigure 3 gmail using httpsThe SSL layer serves two main purposesi) Verifying that client browser is communicating to the authenticated server .ii) Ensuring that only server is able to read client’s data and only client is able to read data sent by server.Singh et al.
, International Journal of Advanced Research in Computer Science and Software Engineering 6(5),May- 2016, pp. 396-399© 2016, IJARCSSE All Rights Reserved Page | 398So main function of SSL is to encrypt data between the server and client. If in case anyone is able to intercept data,he is still not able to read actual data 8.Picture given below shows content of a packet captured by wireshark when the communication is taking place withHTTPS protocolFigure 4 content of a packetConnection between a client and server is set by a handshake which ensures thati) client is talking to the right server and server is talking to the right client.ii) to make an agreement on the encryption algorithm client and server will use to exchange the dataiii) an agreement on the necessary keys that will be used by this algorithm 8 .Main steps which are followed during https connection are given below:i) client request a secure page by typing https:// in the browser.ii) server then sends public key, and its certificate.
iii) browser verify the certificate: checks that it is not expired and it is issued by a trusted partyiv) browser then creates a Symmetric key and send to server.v) server decrypt this key with its private keyvi) server then sends the requested page to the client encrypted with symmetric keyvii) browser then decrypt the received page with the symmetric key and display the result to user 6.V.
NEED OF CERTIFICATEWhen client and server are connected with HTTP protocol then data is transmitted across the network in plain textand it can be read by any hacker if he is able to sniff data. So if a user is sending his personal information across thenetwork then it is not secured. When the client and server are using HTTPS protocol then all the communication acrossthe network is encrypted. So even in case an attacker is able to sniff data he/she has to decrypt it first 9.A picture of certificate for website facebook is shown below:Figure 5 Viewing HTTPS certificateSingh et al., International Journal of Advanced Research in Computer Science and Software Engineering 6(5),May- 2016, pp.
396-399© 2016, IJARCSSE All Rights Reserved Page | 399Figure 6 facebook certificateVI. DIFFERENCES BETWEEN HTTP AND HTTPSa) HTTP protocol use port 80 for communication. HTTPS uses port 443 for communication.
b) In case of HTTP URL starts with http:// whereas in case of HTTPS URL starts with the https://c) HTTP is unsecured whereas HTTPS is secured.d) In case of HTTP no certificates are used but in case of HTTPS certificates are used.e) In case of HTTP information is passed as a plain text across the network but in case of HTTPS data is encrypted.VII.
CONCLUSIONSHTTP is useful when user is only intended to access the information from a given website. But it is not safe for theuser to transfer his personal information using HTTP. HTTPS protocol is helpful for the users when users want to sendtheir personal information across the internet.
HTTPS is not unbreakable but it is still a robust way to send personalinformation across the internet.REFERENCES1 http://www.thewindowsclub.com/difference-http-https2 https://en.wikipedia.
org/wiki/Hypertext_Transfer_Protocol3 http://www.jmarshall.com/easy/http/4 http://www.tutorialspoint.com/http/http_overview.
htm5 http://www.brighthub.com/internet/web-development/articles/105799.
aspx6 http://www.tutorialspoint.com/security_testing/https_protocol_basics.htm7 http://code.tutsplus.com/tutorials/http-the-protocol-every-web-developer-must-know-part-2–net-311558 http://robertheaton.com/2014/03/27/how-does-https-actually-work/9 https://www.instantssl.
com/ssl-certificate-products/https.html10 Naylor, David, et al. “The cost of the S in HTTPS.” Proceedings of the 10th ACM International on Conferenceon emerging Networking Experiments and Technologies. ACM, 2014.
11 Berners-Lee, Tim, Roy Fielding, and Henrik Frystyk. “Hypertext transfer protocol–HTTP/1.0.” (1996).12 Yannakopoulos, John. “Hypertext Transfer Protocol: A short Course.
” University of Crete. August (2003).
