Improvement of Data Exchange Security on HTTP using Client-side Encryption

Abstract

Hypertext Transfer Protocol (HTTP) is a standard data exchange protocol over the web. Currently, HTTP is still widely used to handle communication between client and server. However the related researches show that data exchange via HTTP is still vulnerable because the data sent is in the form of plaintext. To overcome the problem, the available solutions are using Hypertext Transfer Protocol Secure (HTTPS) and Secure Hypertext Transfer Protocol (SHTTP). However, some results of related researches show HTTPS and SHTTP still have some weaknesses. Based on these problems, this study proposes a method of securing HTTP using Client-side Encryption. In this research, the encryption algorithm used is Advanced Encryption Standard (AES) dynamic key. Encryption method was performed by encrypting the data on the side of the web browser before it was sent, then the decryption process was done on the web server side. The testings of this research were performed in case of login authentication. The results show the proposed method has successfully secured data exchange on HTTP.