Authors: Eric Chan-Tin; Rakesh Ravishankar
Addresses: Department of Computer Science, Loyola University Chicago, Chicago, IL, USA ' Computer Science Department, Oklahoma State University University, Stillwater, OK, USA
Abstract: The popularity of the web is indisputable. With revelations about mass surveillance, the use of secure web through TLS connections is needed for privacy. However, the pushback against enabling secure web connections by default is due to increase in communication time. We quantify the communication time for HTTP and HTTPS download times for the most popular websites. The average download time over a HTTP connection is 2.604 seconds while the average download time over a HTTPS connection is 2.937 seconds. The overhead in using encryption is 333 milliseconds (about three roundtrip times on the internet) or 333/2,604 = 12.78%. We thus make the case that HTTPS should be enabled by default due to the low communications overhead. With the recent hacks at certificate authorities, we also quantify which certificate authorities are most popular on the internet. By trusting ten certificate authorities, a web browser can access almost 80% of HTTPS websites.
Keywords: hyper text transfer protocol secure; HTTPS; certificate authorities; overhead; SSL; TLS; measurement; security; web.
International Journal of Security and Networks, 2018 Vol.13 No.4, pp.261 - 269
Accepted: 15 Jul 2018
Published online: 25 Sep 2018 *