Analysis of Hypertext Transfer Protocol and Its Variants
With massive amounts of information being communicated and served over the Internet these days, it becomes crucial to provide fast, effective, and secure means to transport and save data. The previous versions of the Hyper Text Transfer Protocol (HTTP/1.0 and HTTP/1.1) possess some subtle as well as several conspicuous security and performance issues. They open doors for attackers to execute various malicious activities . The final version of its successor, HTTP/2.0, was released in 2015 to improve upon these weaknesses of the previous versions of HTTP. This paper discusses the issues present in HTTP/1.1 by simulating attacks on the vulnerabilities of the protocol and tests the improvements provided by HTTPS and HTTP/2.0. A performance and security analysis of myriad of commonly used Websites has been done. Some of the measures that a Website must take to provide excellent performance and utmost security to its users have also been proposed in this paper.
KeywordsHTTP/1.1 HTTPS HTTP/2.0 Head-of-line blocking Man in the middle attack Sniffing attack
- 1.Fielding, R., Berners-Lee, T.: RFC 2616—Hypertext Transfer Protocol–HTTP/1.1, https://tools.ietf.org/html/rfc2616#page-7.
- 2.History of the Web. (2017). World Wide Web Foundation. Retrieved 10 September 2016, from http://webfoundation.org/about/vision/history-of-the-web/.
- 3.Berners Lee, T.: Hyper Text Transfer Protocol, https://www.w3.org/History/19921103hypertext/hypertext/WWW/Protocols/HTTP.html.Google Scholar
- 4.Podila, P.: HTTP: The Protocol Every Web Developer Must Know—Part 1, https://code.tutsplus.com/tutorials/http-the-protocol-every-web-developer-must-know-part-1–net-31177.Google Scholar
- 5.Jon C. R. Bennett; Craig Partridge; Nicholas Shectman (December 1999). “Packet reordering is not pathological network behavior”. IEEE/ACM Transactions on Networking. 7 (6): 789–798. https://doi.org/10.1109/90.811445.
- 6.Rouse, M.: Transport Layer Security (TLS), http://searchsecurity.techtarget.com/definition/Transport-Layer-Security-TLS.
- 7.Prusty, N.: What is Multiplexing in HTTP/2?, http://qnimate.com/what-is-multiplexing-in-http2/.Google Scholar
- 8.Clark, J.: SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. IEEE Symposium on Security and Privacy (2013).Google Scholar
- 9.Wireman, M.: CSRF and XSS: A Lethal Combination—Part I, http://resources.infosecinstitute.com/csrf-xss-lethal-combination/#gref.
- 10.Chauhan, S.: Cross-Site Scripting (XSS), http://resources.infosecinstitute.com/cross-site-scripting-xss/#gref.
- 11.Usage Statistics of HTTP/2 for Websites, March 2017, https://w3techs.com/technologies/details/ce-http2/all/all.Google Scholar
- 12.HTTP/2: In-depth analysis of the top four flaws of the next generation web protocol. Imperva (2017).Google Scholar
- 13.Gmarkham: Same Origin Policy—Web Security, https://www.w3.org/Security/wiki/index.php?title=Same_Origin_Policy&oldid=2.