CS 100 (Learn) — CS 100 (Web) — Module 11
NOTE: If your internet access is restricted and you do not have access to YouTube, we have provided alternate video links.
Note: This video transcript has been slightly modified. Corrections are marked with strikethrough, and alternative wording has been placed in [square brackets] to correct some of the awkward or confusing phrasing in the videos.
In this video, we are going to explore all the concepts we have seen so far and see how HTTPS (Secure hypertext Transfer Protocol) is used to communicate over the internet.
We have already set up the scenario: there are people who are transmitting our messages who may be spying on them and there may be people out there wanting to impersonate other people.
HTTPS is really just a protocol which establishes a bunch of rules and procedures for communicating on the internet in a secure way.
What makes all this work is the idea of these one-way mathematical functions that are very easy to compute one-way but very hard to compute the other way.
Let's say you are on your laptop and you want to communicate with the server on the internet and you want to do something securely... maybe you want to share information (transmit some baking codes, make a purchase online... who knows).
You want to make sure it is going to be secure.
You initiate the conversation: "Hey website.com, I would like to communicate securely... I can do protocol X. [Can you] do protocol X? I can also support protocol Y or Z".
There are many different ways of communicating securely on the internet.
I send this message off to the server and then the server decides: "Hey, I can communicate over protocol X... that works for me, so I am going to send you back a public key and a certificate".
Of course, I still have my private key that only I have... so now I have the server's public key and the certificate.
I can verify the certificate through using a trusted Authority that is a third party.
I can construct a message back to the server saying: "Hey it is cool... I know you are you (you are verified) here is our new shared key that only we have. I am going to encrypt that in a message that only the server can receive".
Now you and the server have your own private key that nobody else can know.
There is one last piece of the puzzle which we have not described, which is that each individual message can have a mini-certificate or a specific "timestamp" to ensure that it has not been forged further.
Every time you communicate on the internet, you can ensure it is from the destination you are trusting and that it is secure.
That is what is involved whenever you use HTTPS.
What I wanted to show you right now is how this is [works] in practice.
I am using the Chrome browser and when I go to the University of Waterloo "about" page, you will notice that up here in the left hand corner is a little green lock that shows that this is an encrypted secure communication. Notice that it says HTTPS.
If I click on that icon, it will verify that this is a secure and private discussion. [If] I click on the details, it says this page is using secure valid HTTPS and you can even view the certificate that says: "this is a certificate", and we can even see that global sign is the third party that we trust and is the authority that has verified the identity of the University of Waterloo.
If you are curious, you can even go through and see the public key that was given to us by the University of Waterloo.
When you are browsing on the internet and you are doing anything that involves your security or your privacy or financial information or anything that, you really want to make sure it is secure: make sure you look for that extra green icon in your browser (or something similar depending on which browser you are using).
That is a quick overview of HTTPS.