What is SCS
SCS is a PHP and JS written security script for your website / server which enables encrypted communication between a web browser and a web server. The principle of operation is just like of the SSL/TLS certificate – after encryption the data can be only returned to a readable format with the proper decryption key.
Why using it
Nowadays the technology is very important part of our life but over 80% of the websites on the internet do not provide server-side security to their users and some of them just because the SSL certificates are too expensive. Unprotected server communications can be targeted by hackers at any time.
You own a website / server? Do not let it happen. SCS is now here.
- To encrypt the communication
- To defend users from network sniffing
- To protect from replay attacks
How does it work
To encrypt the data SCS uses asymmetric encryption (RSA) for the conclusion of security key. The way it works is based on a few requests:
- Client requests public key from the server
- Server gives the current public key to the client
- Client generates random text which encrypts with the public key from “step 1 & 2” and sends it to the server
- Server accepts the key from “step 3” and decrypts it with the private key
- The decrypted text from “step 4” is the key that should be used for the symmetric communication. This key is saved in the session of server and in local storage of browser
With saved key server and client start symmetric communication with AES. All data sent from client/server will be encrypted with AES. Warning
Client decrypts with the local storage key; server – with the session ones
UPDATE: SCS now coming with 2 additional features:
- PROXY BLOCKER
- IFRAME BLOCKER