HTTPS: SSL and TLS

Welcome to this presentation about HTTPS, SSL, and TLS.

Group Members
. Mamoona Ramzan
. Filza Khan
. Muhammad Saad
. Muhammad Saad Bin Khalid
A Journey into Secure Web Communication
The Genesis of Secure Web SSL and TLS: Building Blocks of HTTPS
HTTPS emerged from the need for secure Secure Sockets Layer (SSL) and Transport Layer
communication over the internet. It builds upon Security (TLS) are cryptographic protocols that
the foundation of HTTP, adding an extra layer of establish encrypted connections between web
security using SSL/TLS. servers and clients.

The Impact of HTTPS on Web How HTTPS Improves SEO Rankings

Performance
While HTTPS was initially thought to slow down Google and other search engines prioritize
websites, advancements in protocol optimization and secure websites with HTTPS in their rankings.
server technologies have significantly improved its
HTTPS helps enhance search engine
performance, making secure websites faster than
optimization (SEO) by building trust and
ever
ensuring user data privacy.
Where Security Meets the W
Secure Web Browsing Online Banking and Finan
HTTPS protects your HTTPS protects your
personal information when financial information
browsing the web, when accessing online
preventing eavesdropping banking platforms,
and ensuring data privacy. ensuring secure
transactions.
Sensitive Data Sharing Secure File Sharing
HTTPS safeguards HTTPS (SSL/TLS) encrypts
sensitive data, such as files shared between
medical records or users and cloud storage,
confidential documents, preventing unauthorized
during online access.
communication.
HTTPS: The Shield Against
Cyber Threats
1 Data Integrity 2 Confidentiality
HTTPS guarantees that HTTPS encrypts the
the data transmitted data, ensuring that only
between a server and a authorized parties can
client remains unaltered, access it, protecting
preventing tampering. sensitive information.

3 Authentication 4 Mitigation of Data

HTTPS verifies the
Injection Attacks
identity of the website,
ensuring that you are HTTPS ensures all data
communicating with the is encrypted during
intended server and not transmission, protecting
a malicious against data injection by
impersonator. malicious actors.
Unveiling the HTTPS Handshak
1 Negotiation
The client and server negotiate the encryption
algorithms and cryptographic keys to be used for
secure communication.

2 Authentication
The server presents its digital certificate, verifying
its identity to the client.

3 Key Exchange
The server and client exchange cryptographic
keys, securely establishing a shared secret.

4 Session Encryption
The connection is encrypted, and all subsequent
communication is protected.
The Power of Cryptography in HTTPS

Symmetric Encryption Asymmetric Encryption Hashing

Both the server and client use The server uses a public key to Hash functions create a unique
the same key to encrypt and encrypt data, while the client fingerprint of data, verifying
decrypt data, ensuring speed uses a private key to decrypt, data integrity and preventing
and efficiency. ensuring secure key exchange. tampering.
Cryptographic Algorithms and Primitives Used in
HTTPS (SSL/TLS)
1 AES & ChaCha20 2 Key Exchange 3 Integrity

• AES (Advanced Encryption • RSA (Rivest-Shamir- • SHA-256 (Secure Hash

Standard): A symmetric Adleman): An asymmetric Algorithm 256): A
encryption algorithm that encryption algorithm used cryptographic hash
uses a single key to to exchange keys function that generates a
encrypt and decrypt data. securely, based on public unique fingerprint for
and private keys. data, verifying its integrity
and detecting any
• ChaCha20: A modern • DH (Diffie-Hellman): A key tampering.
stream cipher that is exchange protocol that
faster than AES, offering allows two parties to
strong security for establish a shared secret
encrypting data. key over an insecure
channel.
Evolution of Secure Communication
SSL 1.0
1 The first version of SSL, which had security vulnerabilities.

SSL 2.0
2
An improved version with better security features.

SSL 3.0
3
A more secure version that addressed vulnerabilities in SSL 2.0.

TLS 1.0
4
The first version of TLS, building upon the foundation of SSL.

TLS 1.2, TLS 1.3

5 Subsequent versions of TLS with enhanced
security features and performance improvements.
Beyond the Web: HTTPS and Other Secure P
HTTPS FTPS IMAP/POP3S SSH
Secure File Transfer Protocol, Secure email Secure Shell, a
communication for providing files protocols, protecting protocol for remote
web traffic, protecting transfer , often used email content and access and file
sensitive data like in business preventing transfer, enabling
passwords, credit card environments for unauthorized access secure connections to
information, and known users during transmission. servers and secure
personal data. command-line
interactions.
Beyond the Web: HTTPS and Other Secure P
SFTP
1 Secure File Transfer Protocol (SFTP) provides secure file transfer over an SSH connection,
ensuring data integrity and confidentiality.

VPNs
2 Virtual Private Networks (VPNs) create encrypted tunnels, protecting online
activity and privacy.

IPsec
Internet Protocol Security (IPsec) provides secure
3
communication at the network layer, protecting data
transmissions between devices.
Best Practices for a Secure
Online World

1 2
Use Strong Encryption
Implement Certificate Pinning
Employ TLS 1.3 and robust Verify the authenticity of
cryptographic algorithms for certificates to prevent man-
robust security. in-the-middle attacks.

3 4
Keep Software Updated
Beware of Phishing attacks
Install security updates Prevent phishing attacks by
regularly to patch verifying sender identities,
vulnerabilities and maintain avoiding suspicious links, and
security. enabling multi-factor
authentication
The Future of Secure
Web Communication
HTTPS is constantly evolving, driven by advancements in
cryptography and emerging cyber threats. As we navigate
the future of web security, HTTPS will remain a
cornerstone, ensuring a secure and trustworthy online
experience.
The Future of Secure Web Communication
Quantum Resistance and HTTPS
As quantum computers advance, current cryptographic algorithms used in HTTPS may
become vulnerable. Research into post-quantum cryptography is vital to ensure the
continued security of HTTPS in the future.

HTTPS and Privacy-Focused Developments

New protocols and techniques enhancing user privacy, such as differential privacy and
homomorphic encryption, will likely integrate with HTTPS to offer stronger data protection
and user control.

Zero-Trust Architecture and HTTPS

The shift toward zero-trust security will necessitate enhanced authentication and
authorization mechanisms within HTTPS, ensuring that every connection is verified and
secure regardless of context.
Key Takeaways
1 Secure Web 2 Evolving Security 3 Best Practices
Communication Landscape
HTTPS ensures secure Continuous advancements Implementing strong
transmission of data, in cryptography and encryption, certificate
safeguarding privacy and security protocols are pinning, and regular
integrity. crucial to combating updates are essential for a
evolving cyber threats. secure online experience.
Thank You & Questions
Thank You
1 Thank you for your time and attention.

Questions?
2
Feel free to ask any questions you may have.