Introduction to Internet Security Protocols
In today’s computer network world, internet security has achieved great importance. Since internet technology is vast and encompasses many years, there are various aspects associated with internet security. Various security mechanisms exist for specialized internet services like email, electronic commerce, and payment, wireless internet, etc. To provide the security to this internet various protocols have been used like SSL (Secure Socket Layer), TLS ( Transport Layer Security), etc.
Various Internet Security Protocols
Given below are the various protocols:
1. SSL Protocol
SSL Protocol stands for Secure Socket Layer protocol, which is an internet security protocol used for exchanging the information between a web browser and a web server in a secure manner. It provides two basic security services like authentication and confidentiality. SSL protocol has become the world’s most popular web security mechanism, all major web browsers support SSL. Secure socket layer protocol is considered as an additional layer in TCP/IP protocol suite. It is located between the application layer and the transport layer. SSL has three sub protocols namely Handshake Protocol, Record Protocol, and Alert Protocol.
OpenSSL is an open source implementation of the Secure Socket Layer protocol. OpenSSL is subject to four remotely exploitable buffer overflow. Buffer overflow vulnerabilities allow attackers to execute arbitrary code on the target computer with a privilege level of OpenSSL process as well as providing opportunities for launching a denial of service attack.
2. TLS Protocol
TLS stands for Transport Layer Security, which is an internet security protocol. TLS is an IETF standardization initiative whose goal is to come out with an internet standard version of SSL. To standardized SSL, Netscape handed the protocol to IETF. The idea and implementation are quite similar. Transport layer security protocol uses a pseudo random function to create a master secret. TLS also has three sub protocols same as SSL protocol – Handshake Protocol, Record Protocol, and Alert Protocol. In Handshake Protocol some details are changed, Record Protocol uses HMAC, Alert protocol newly added features like record overflow, Unknown CA, Decryption failed, Decode error, Access denied, Export restrictions, Protocol version, insufficient security, internal error. Transport layer security is defined in RFC 2246.
SHTTP stands for Secure HyperText Transfer Protocol, is a set of security mechanism defined for protecting internet traffic. It also includes data entry forms and internet based transaction. Services provided by SHTTP are quite similar to SSL protocol. Secure HyperText Transfer Protocol works at the application layer, and therefore tightly coupled with HTTP. SHTTP supports both authentication and encryption of HTTP traffic between the client and the server. Encryption and digital signature format used in SHTTP have the origins in the PEM (Privacy Enhanced Mail) protocol. SHTTP works at the level of an individual message. It can encrypt and sign an individual message.
4. SET Protocol
SET Protocol stands for Secure Electronic Transaction protocol is an open encryption and security mechanism designed for protecting the eCommerce transaction over the internet. SET is not a payment system, it is a security protocol used over the internet for secure transaction.
The SET protocol provides the following services:
- SET provides authentication by using digital certificates.
- It provides a secure communication channel among all parties involved in an eCommerce transaction.
- It ensures confidentiality because the information is only available for parties involved in a transaction and that too only when and where required.
The SET protocol includes the following participants:
- Cardholder: It is an authorized holder of payment card such as visa card, Master card.
- Merchant: It is a specific person or organization who wants to sell goods and services to the cardholder.
- Issuer: It is a financial institution which provides payment card to the cardholder.
- Acquirer: It is a financial institution which has a relationship with merchants for processing payment card Authorization and payments.
- Payment Gateway: It acts as an interface between SET and existing card payment networks for payment Authorization.
- Certification Authority: It is an authority that is trusted to provide a public key certificate to cardholder, merchant, and payment gateways.
5. PEM Protocol
PEM Protocol stands for privacy enhanced mail, used for email security over the internet. If we adopted by IAB ( Internet Architecture Board) to provide secure electronic mail communication over the internet. It was initially developed by the IRTF (Internet Research Task Force) PSRG (Privacy Security Research Group). Then they handed over the PEM to the IETF (Internet Engineering Task Force) PEM working group Privacy Enhanced Mail protocol is described in four specific documents RFC 1421, RFC 1422, RFC 1423, and RFC 1424. It supports cryptographic functions namely encryption, nonrepudiation, and message integrity.
6. PGP Protocol
PGP Protocol stands for Pretty Good Privacy, which we developed by Phil Zimmerman. PGP protocol is easy to use and free including its source code documentation. It also supports the basic requirements of cryptography. However, for those organizations that require support, a low-cost commercial version Of PGP protocol is available from an organization called viacrypt. PGP protocol becomes extremely popular and more widely used as compared to PEM protocol. PGP protocol support cryptography like encryption, Non-repudiation, and message integrity.
This is a guide to Internet Security Protocols. Here we discuss the introduction to Internet Security Protocols along with 6 different security protocols. In this article we have seen what are various security protocols that help us to secure communication over the internet. You may also have a look at the following articles to learn more –