Question

TEKSEC is a marketing business and is required to have a web server open to public however, they must provide secure communication between public customers and the webserver. Please explain what would be the right encryption solution for this seceneario. Also using a diagram please show the process of obtaining the encryption key by TEKSEC and customers.

Answer 1

Given that: TEKSEC is a marketing business and it is required to have a web server open to public however on the same time they must provide secure communication between public customers and webserver.

The right encryption solution for the above scenario is use of SSL or TLS.

Basically, HTTP(i.e Hyper text transfer protocol) is a protocol which is used to deliver the data from the client( i,e web browser) to the server or HTTP is a way of communication between server and browser.

but there is a limitation of the HTTP protocol, that is it transfer the data in clear text format. so, as our websites are getting advanced and we are passing credit card information, log in information,or another bunch of sensitive information that needs encryption or data to be secured from cybercriminals or hackers.

here comes the HTTPS( i.e hypertext transfer protocol secure) protocol that is a secure version of HTTP protocol. It simply makes the encryption when request or data is traveling from web browser to web server so that if any cybercriminal picks up the information from the server, they get data in an encrypted format and do not do any modification.

HTTPS protocol works either of two things that are SSL( secure socket layer) or TLS( transport layer security). SSL is used for encrypted data that is sent from a web browser to the server. In short, SSL is the one that provides a secure communication between two systems by encrypting the sensitive data. TLS is just an updated version of SSL that provides more security in terms of encryption.

Now, these both use PKI( i.e public key infrastructure). further, PKI uses two keys that is a public key and private key. so, anything which is encrypted using public key can be decrypted using private key or anything which is encrypted using private key can be decrypted using public key.

also, encrypted data is in form of ciphertext which further decrypted in plain text format to make it readable again.

Diagram that shows the process of obtaining encryption key by TECSEC and Customers are:

as discuss earlier, different keys are used to encrypt or decrypt the data. so, if data is to be encrypted using public key can be decrypted using private key or vice versa.