Encryption powers the modern internet. Without the ability to exchange data packets privately and securely, e-commerce would not exist, and users wouldn’t be able to safely authenticate themselves to internet sites. The HyperText Transfer Protocol Secure is the most widely used form of encryption on the web. Web servers and web browsers universally support HTTPS, so the developer can divert all traffic to that protocol and guarantee secure communication for their users. A web developer who wants to use HTTPS on their site needs only to obtain a certificate from a certificate authority and install it with their hosting provider. The ease with which you can get started using encryption belies the complexity of what is happening when a website and user agent interact over HTTPS. Modern cryptography — the study of methods of encrypting and decrypting data — depends on techniques developed and actively researched by mathematicians and security professionals. Thankfully, the abstracted layers of the Internet Protocol mean you don’t need to know linear algebra or number theory to use their discoveries. But the more you understand about the underlying algorithms, the more you will be able to preempt potential risks.
Encryption in the Internet Protocol
Recall that messages sent over the internet are split into data packets and directed toward their eventual destination via the Transmission Control Protocol (TCP). The recipient computer assembles these TCP packets back into the original message. TCP doesn’t dictate how the data being sent is meant to be interpreted. For that to happen, both computers need to agree on how to interpret the data being sent, using a higher-level protocol such as HTTP. TCP also does nothing to disguise the content of the packets being sent. Unsecured TCP conversations are vulnerable to man-in-themiddle attacks, whereby malicious third parties intercept and read the packets as they are transmitted. To avoid this, HTTP conversations between a browser and a web server are secured by Transport Layer Security (TLS), a method of encryption that provides both privacy (by ensuring data packets can’t be deciphered by a third party) and data integrity (by ensuring that any attempt to tamper with the packets in transit will be detectable). HTTP conversations conducted using TLS are called HTTP Secure (HTTPS) conversations. When your web browser connects to an HTTPS website, the browser and web server negotiate which encryption algorithms to use as part of the TLS handshake — the exchange of data packets that occurs when a TLS conversation is initiated. To make sense of what happens during the TLS handshake, we need to take a brief detour into the various types of encryption algorithms. Time for some light mathematics!
For More on Encryption, visit