Updated June 9, 2023
Introduction to Internet Security Protocols
In today’s computer network world, internet security has achieved great importance. Since internet technology is vast and encompasses many years, various aspects are associated with internet security. Various security mechanisms exist for specialized internet services like email, electronic commerce, payment, wireless internet, etc. To provide security to the internet, various protocols like SSL (Secure Socket Layer), TLS ( Transport Layer Security), etc.
Various Internet Security Protocols
Given below are the various Internet Security protocols:
1. SSL Protocol
SSL Protocol stands for Secure Socket Layer Protocol, an internet security protocol that securely exchanges information between a web browser and a web server. It provides two basic security services like authentication and confidentiality. SSL protocol has become the world’s most popular web security mechanism; all major web browsers support SSL. The additional TCP/IP protocol suite layer is the Secure Socket Layer (SSL) protocol. It is located between the application layer and the transport layer. SSL has three sub-protocols: Handshake, Record, and Alert Protocol.
OpenSSL is an open-source implementation of the Secure Socket Layer protocol. OpenSSL is subject to four remotely exploitable buffer overflows. Buffer overflow vulnerabilities allow attackers to execute arbitrary code on the target computer with a privilege level of OpenSSL process and provide opportunities for launching a denial of service attack.
2. TLS Protocol
TLS stands for Transport Layer Security, which is an internet security protocol. TLS is an IETF standardization initiative aiming to develop an internet standard version of SSL. To standardize SSL, Netscape handed the protocol to IETF. The idea and implementation are quite similar. Transport layer security protocol uses a pseudo-random function to create a master secret. TLS also has three sub-protocols like SSL protocol – Handshake Protocol, Record Protocol, and Alert Protocol. In Handshake Protocol, some details are changed; Record Protocol uses HMAC, Alert protocol newly added features like record overflow, Unknown CA, Decryption failed, Decode error, Access denied, Export restrictions, Protocol version, insufficient security, and internal error. Transport layer security is defined in RFC 2246.
SHTTP stands for Secure HyperText Transfer Protocol, which defines a set of security mechanisms for protecting internet traffic. It also includes data entry forms and internet-based transactions. Services provided by SHTTP are quite similar to SSL protocol. Secure HyperText Transfer Protocol works at the application layer, therefore tightly coupled with HTTP. SHTTP supports both authentication and encryption of HTTP traffic between the client and the server. Encryption and digital signature format used in SHTTP originated in the PEM (Privacy Enhanced Mail) protocol. SHTTP works at the level of an individual message. It can encrypt and sign an individual message.
4. SET Protocol
SET Protocol for Secure Electronic Transaction Protocol is an open encryption and security mechanism designed for protecting eCommerce transactions over the internet. SET is not a payment system but a security protocol used over the Internet for secure transactions.
The SET protocol provides the following services:
- SET provides authentication by using digital certificates.
- It provides a secure communication channel among all parties involved in an eCommerce transaction.
- It ensures confidentiality because parties involved in a transaction have exclusive access to the information only when and where it is required.
The SET protocol includes the following participants:
- Cardholder: It is an authorized holder of payment cards such as Visa cards or Master cards.
- Merchant: A specific person or organization that wants to sell goods and services to the cardholder.
- Issuer: A financial institution provides payment cards to the cardholder.
- Acquirer: It is a financial institution that has a relationship with merchants for processing payment card Authorization and payments.
- Payment Gateway: It acts as an interface between SET and existing card payment networks for payment Authorization.
- Certification Authority: It is trusted to provide a public key certificate to cardholders, merchants, and payment gateways.
5. PEM Protocol
PEM Protocol stands for privacy-enhanced mail, used for email security over the internet. If we adopted by IAB ( Internet Architecture Board) to provide secure electronic mail communication over the Internet. It was initially developed by the IRTF (Internet Research Task Force) PSRG (Privacy Security Research Group). Then they handed over the PEM to the IETF (Internet Engineering Task Force) PEM working group Privacy Enhanced Mail protocol is described in four specific documents RFC 1421, RFC 1422, RFC 1423, and RFC 1424. It supports cryptographic functions, namely encryption, nonrepudiation, and message integrity.
6. PGP Protocol
PGP Protocol stands for Pretty Good Privacy, which we developed by Phil Zimmerman. The PGP protocol, including its source code documentation, is easy to use and free. It also supports the basic requirements of cryptography. However, organizations that require support can obtain a low-cost commercial version of the PGP protocol from ViaCrypt. PGP protocol has become extremely popular and more widely used than PEM protocol. PGP protocol support cryptography like encryption, Non-repudiation, and message integrity.
This is a guide to Internet Security Protocols. Here we discuss the introduction and various internet security protocols, respectively. You may also have a look at the following articles to learn more –