The internet is certainly a critical part of our life, but the longer we spend on the web the more that our personal security is compromised. Here is a basic overview of web security for those who want to know what kind of locks are in place behind the curtains, and want to stay safe rather than sorry.
I'm sure many of you have heard of or have personally dealt with the consequences of being hacked or breached by malware. It can waste your time at the bare minimum, and threaten your personal livelihood at the maximum. And thus the goal of internet security is to make sure maintain confidentiality, integrity and availability. In other words, to ensure that the correct people have the correct access to reliable information that is readily available.
This is generally accomplished with HTTPS (Hypertext Transfer Protocol Secure) for online websites or servers (also can be called SSL). HTTPS acts as a sort of handshake between two computers to make sure that they can trust each other.
This can be accomplished by sending over cryptographic keys, which are pieces of information that cryptographic algorithms can use to encrypt or decrypt data. These keys come in pairs, where one of them scrambles things up, and one of them unscrambles those things.
There are two types of these kinds of keys: symmetric, where the same key is used for scrambling and unscrambling; and asymmetric keys, where one key will scramble and the other key will decode. It is worth noting that symmetric keys are about 1000x faster to use that asymmetric keys.
The first step is to confirm the trustworthiness of the website you wish to visit. So you send a "hello" greeting and ask the server to send you some proof. This next part is done using the asymmetric keys, for if you simply send over the symmetric key, anyone paying close attention to your internet traffic can snatch that up and use it to steal your information.
The server will then say "hello" back along with sending you a certificate. These act like sort of badges of honor which signify that a reliable third party found them trustworthy and that you should to. They have this third party sign their public key and send that over to you, which you can verify.
Of course this can also be signed with a non-trustworthy certificate, but hopefully your browser picks this up and warns you of the danger ahead.
Now that you know the server is trustworthy you can scramble up a private session secret with their public key and send that back over. Even if an attacker in the middle takes a look at this information, it has been scrambled with the server's encryption key so they wouldn't be able to make heads or tails of it.
Once your scrambled session secret has arrived at the server, they can use their personal decrypting key to unscramble your key.
Now should they want to send something over to you they can scramble their messages with your session secret which only you can unscramble.
Now that a clean line of communication has been established, you have now completed the handshake and are ready to exchange information.
Now for some more details:
You may be wondering how these magical keys are made.
The answer is math. Yes, math.
If you recall what prime numbers are you may recall that if you multiply two prime numbers together, nothing else can divide that number besides those two prime numbers. So if you were given a very large number that was the product of two primes, it would be very hard to get what exactly it was.
As it turns out, computers don't actually have an easier way either other than just trying one by one. (Admittedly there are quicker algorithms than randomly guessing, but they are still very slow if the number is very big).
Now you may be wondering how exactly this key exchange works, well let me give you one of the protocols as an example: The Diffie Hellman Merkle Exchange.
There could be some math involved so buckle down.
Let us suppose there are two users, John and Terry.
John agrees to use the prime number 23 and Terry agrees to use the prime number 5, both publicly as no secure channel has been established.
Now John chooses the secret 6 and Terry chooses the Secret 15.
John multiplies Terry's prime number 5 six times and divides by his prime number 23, which gives the remainder 8.
Terry similarly multiplies 5 fifteen times (his secret) and divides by 23 giving him the remainder 19.
Then they send over each other's remainders.
John computes 19^6 mod 23 (19 multiplied by itself six times divided by 23 then getting the remainder) which gives him 2.
Bob computes 8^15 mod 23 = 2.
Now they have a symmetric key they can use to encrypt and decrypt their future messages!
Top comments (0)