Advertisement

Analysis of Hypertext Transfer Protocol and Its Variants

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 670)

Abstract

With massive amounts of information being communicated and served over the Internet these days, it becomes crucial to provide fast, effective, and secure means to transport and save data. The previous versions of the Hyper Text Transfer Protocol (HTTP/1.0 and HTTP/1.1) possess some subtle as well as several conspicuous security and performance issues. They open doors for attackers to execute various malicious activities [1]. The final version of its successor, HTTP/2.0, was released in 2015 to improve upon these weaknesses of the previous versions of HTTP. This paper discusses the issues present in HTTP/1.1 by simulating attacks on the vulnerabilities of the protocol and tests the improvements provided by HTTPS and HTTP/2.0. A performance and security analysis of myriad of commonly used Websites has been done. Some of the measures that a Website must take to provide excellent performance and utmost security to its users have also been proposed in this paper.

Keywords

HTTP/1.1 HTTPS HTTP/2.0 Head-of-line blocking Man in the middle attack Sniffing attack 

References

  1. 1.
    Fielding, R., Berners-Lee, T.: RFC 2616—Hypertext Transfer Protocol–HTTP/1.1, https://tools.ietf.org/html/rfc2616#page-7.
  2. 2.
    History of the Web. (2017). World Wide Web Foundation. Retrieved 10 September 2016, from http://webfoundation.org/about/vision/history-of-the-web/.
  3. 3.
    Berners Lee, T.: Hyper Text Transfer Protocol, https://www.w3.org/History/19921103hypertext/hypertext/WWW/Protocols/HTTP.html.Google Scholar
  4. 4.
    Podila, P.: HTTP: The Protocol Every Web Developer Must Know—Part 1, https://code.tutsplus.com/tutorials/http-the-protocol-every-web-developer-must-know-part-1–net-31177.Google Scholar
  5. 5.
    Jon C. R. Bennett; Craig Partridge; Nicholas Shectman (December 1999). “Packet reordering is not pathological network behavior”. IEEE/ACM Transactions on Networking. 7 (6): 789–798.  https://doi.org/10.1109/90.811445.
  6. 6.
  7. 7.
    Prusty, N.: What is Multiplexing in HTTP/2?, http://qnimate.com/what-is-multiplexing-in-http2/.Google Scholar
  8. 8.
    Clark, J.: SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. IEEE Symposium on Security and Privacy (2013).Google Scholar
  9. 9.
    Wireman, M.: CSRF and XSS: A Lethal Combination—Part I, http://resources.infosecinstitute.com/csrf-xss-lethal-combination/#gref.
  10. 10.
  11. 11.
    Usage Statistics of HTTP/2 for Websites, March 2017, https://w3techs.com/technologies/details/ce-http2/all/all.Google Scholar
  12. 12.
    HTTP/2: In-depth analysis of the top four flaws of the next generation web protocol. Imperva (2017).Google Scholar
  13. 13.

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Shaheed Rajguru College of Applied Sciences for WomenUniversity of DelhiNew DelhiIndia

Personalised recommendations