Upload
aravind
View
225
Download
0
Embed Size (px)
Citation preview
8/6/2019 CCN MODULE I PART2
1/89
EECC694EECC694 -- ShaabanShaaban#1 lec #3 Spring2000 3-14-2000
The OSI Reference ModelThe OSI Reference Model
8/6/2019 CCN MODULE I PART2
2/89
EECC694EECC694 -- ShaabanShaaban#2 lec #3 Spring2000 3-14-2000
Data Link Layer: Virtual Vs. Actual CommunicationData Link Layer: Virtual Vs. Actual Communication
Virtual Communication Actual Communication
8/6/2019 CCN MODULE I PART2
3/89
EECC694EECC694 -- ShaabanShaaban#3 lec #3 Spring2000 3-14-2000
The Data Link Layer FunctionsThe Data Link Layer FunctionsConcerned with reliable, error-free and efficient communication
between adjacentmachines in the network through the following functions:
1 Data Framing:The term frame refers to a small block of data used in a specific network.
The data link layer groups raw data bits to/from the physical layer into discrete
frames with error detection/correction code bits added. Framing methods:
Character count.
Starting and ending characters, with character stuffing.
Starting and ending flags with bit stuffing. Physical layer coding violations.
2 Error Detection/Correction: Error Detection:
Include enough redundant information in each frame to allow the receiver to
deduce that an error has occurred, but not which error and to request
a retransmission.
Uses error-detecting codes.
Error Correction: Include redundant information in the transmitted frame to enable the receiver
not only to deduce that an error has occurred but also correct the error.
Uses error-correcting codes.
8/6/2019 CCN MODULE I PART2
4/89
EECC694EECC694 -- ShaabanShaaban#4 lec #3 Spring2000 3-14-2000
The Data Link Layer FunctionsThe Data Link Layer Functions
3 Services to the network layer: Unacknowledged connectionless service:
Independent frames sent without having the destination acknowledge
them.
Suitable for real-time data such as speech and video where
transmission speed is more important than absolute reliability.
Utilized in most LANS.
Acknowledged connectionless service:
Each frame sent is acknowledged by the receiver.
Acknowledgment at the layer level is not essential but provides moreefficiency than acknowledgment at higher layers (transport) which is
done only for the whole message.
A lost acknowledgment may cause a frame to be sent and received
several times.
8/6/2019 CCN MODULE I PART2
5/89
EECC694EECC694 -- ShaabanShaaban#5 lec #3 Spring2000 3-14-2000
The Data Link Layer FunctionsThe Data Link Layer Functions Acknowledged connection-oriented service:
The sender and receiver establish a connection before any data transmission.
The message is broken into numbered frames. The data link guarantees that each frame sent is received exactly once and in the
right order.
4 Flow control:Protocols to control the rate the sender transmits frames at a rate acceptable to
the receiver, and the ability to retransmit lost or damaged frames. This
insures that slow receivers are not swamped by fast senders and further aidserror detection/correction.
Several flow control protocols exist, but all essentially require a form of
feedback to make the sender aware of whether the receiver can keep up.
Stop-and-wait Protocols:
A positive acknowledgment frame is send by the receiver to indicate that
the frame has been received and to indicate being ready for the next frame.
Positive Acknowledgment with Retransmission (PAR); uses timeouts
Sliding Window Protocols:
Data frames and acknowledgement frames are mixed in both directions.
Frames sent contain sequence numbers
Timeouts used to initiate retransmission of lost frames.
8/6/2019 CCN MODULE I PART2
6/89
EECC694EECC694 -- ShaabanShaaban#6 lec #3 Spring2000 3-14-2000
Placement of The Data Link ProtocolPlacement of The Data Link Protocol
Data Channel
Adjacent routers/hosts shown
8/6/2019 CCN MODULE I PART2
7/89
EECC694EECC694 -- ShaabanShaaban#7 lec #3 Spring2000 3-14-2000
Data Link Layer: FramingData Link Layer: Framing The character count method:
The frame header includes the count of characters in the frame A transmission error can cause an incorrect count causing the source
and destination to get out of synchronization
Rarely used in actual data link protocols
A character stream with no errors
A character stream with one error
8/6/2019 CCN MODULE I PART2
8/89
EECC694EECC694 -- ShaabanShaaban#8 lec #3 Spring2000 3-14-2000
Data Link Layer: FramingData Link Layer: FramingUsing Starting and ending characters, with character stuffing
Each frame starts with the ASCII character sequence DLE (Data Link Escape)
and STX (Start of TeXt) and ends with DLE ETX (End of TeXt)
When binary data is transmitted where (DLE STX or DLE ETX) can occur in
data, character stuffing is used (additional DLE is inserted in the data).
Limited to 8-bit characters and ASCII.
Network Layer Data at the sender
Data after character stuffing by the Data Link Layer at the sender
Network Layer Data at the Receiver
8/6/2019 CCN MODULE I PART2
9/89
EECC694EECC694 -- ShaabanShaaban#9 lec #3 Spring2000 3-14-2000
Data Link Layer: FramingData Link Layer: Framing
Bit-Oriented Using Start/End Flags: Each frame begins and ends with 01111110
Bit stuffing: After each five consecutive ones in a data a zero is stuffed
Stuffed zero bits are removed by the data link layer at receiving end.
The Original Data
Data appearing on the line after bit stuffing
Data received after destuffing
8/6/2019 CCN MODULE I PART2
10/89
EECC694EECC694 -- ShaabanShaaban#10 lec #3 Spring2000 3-14-2000
Data Link Layer: Error Detection/CorrectionData Link Layer: Error Detection/Correction Simplest error detection : Parity bits and checksum (sum of
1s in data).
Error-detecting and -correcting codes:
m data bits + r redundant bits added.
n = m + r transmitted in frame.
Only 2m code words out of possible 2m+r words are legal.
The Hamming distance --minimum number of positions anytwo legal code words differ-- of a code defines its error
detection/correction ability.
To detect d errors code Hamming distance = d+ 1
To correct d errors code Hamming distance = 2d+ 1
Some codes are more suitable to correct burst errors rather
than isolated errors.
Polynomial codes: Cyclic Redundancy Check (CRC) Codes,
are characterized by a generating polynomial G(X)
8/6/2019 CCN MODULE I PART2
11/89
EECC694EECC694 -- ShaabanShaaban#11 lec #3 Spring2000 3-14-2000
Cyclic Redundancy Check (CRC)Cyclic Redundancy Check (CRC) Based on polynomial arithmetic over finite field.
View m-bit string a m-1a m-2 . . . a0 as a polynomial of degree m-1:
M(x) = a m-1 xm-1 + a m-2 x
m-2 + . + a0
Select a generating polynomial G(x) of degree r.
Let R(x) be the remainder of xr M(x) / G(x)
The code word T(x) of length m + r bit generated is then given by:
T(x) = xr M(x) - R(x)
Assume code word T(x) is transmitted, but T(x) + E(x) arrives
at the receiver:
If E(x) = 0 then no transmission errors and T(x)/G(x) = 0
If E(x) {0 then transmission error(s) occurred and:
[T(x) + E(x)] / G(x) { 0
8/6/2019 CCN MODULE I PART2
12/89
EECC694EECC694 -- ShaabanShaaban#12 lec #3 Spring2000 3-14-2000
Calculation of Polynomial Code (CRC) ChecksumCalculation of Polynomial Code (CRC) Checksum1. For degree of generating polynomial
G(x) =r , append r zero bits to low-order
of frame. The frame now has m+rbits.
2. Divide the bit string corresponding to
G(X) into the bit string xrM(x) mod(2)
3. Subtract the remainder R(x) from the
bit string xrM(x) mod(2)
Frame: 1 1 0 1 0 1 1 0 1 1
Generator: 1 0 0 1 1
G(X) = X4 + X + 1
Message after appending four 0s:
1 1 0 1 0 1 1 0 1 1 0 0 0 0
Remainder: 1110
Transmitted Frame:
1 1 0 1 0 1 1 0 1 1 1 1 1 0
8/6/2019 CCN MODULE I PART2
13/89
EECC694EECC694 -- ShaabanShaaban#13 lec #3 Spring2000 3-14-2000
Hardware Computation of CRCHardware Computation of CRC
An Example Frame Format with CRC bitsAn Example Frame Format with CRC bits
For G(x)=
x16
+ x12
+ x5
+ 1
+x5 +x121 +x16
8/6/2019 CCN MODULE I PART2
14/89
EECC694EECC694 -- ShaabanShaaban#14 lec #3 Spring2000 3-14-2000
Common CRC Generator PolynomialsCommon CRC Generator Polynomials
CRC-32: x32 + x 26 + x 23 + x22 + x16 + x12 + x11 +
x10 + x8 + x7 + x5 + x4 + x2 + x + 1
pUsed in FDDI, Ethernet.
CRC-CCITT: x16 + X12 + x5 + 1
pUsed in HDLC.
CRC-8: x8 + x2 + x + 1
pUsed in ATM.
8/6/2019 CCN MODULE I PART2
15/89
EECC694EECC694 -- ShaabanShaaban#15 lec #3 Spring2000 3-14-2000
Use of A Hamming Code to Correct Burst Errors
8/6/2019 CCN MODULE I PART2
16/89
Comparison and ContrastComparison and Contrastbetween the OSI andbetween the OSI and
TCP/IP ModelTCP/IP Model
8/6/2019 CCN MODULE I PART2
17/89
IntroductionIntroduction This presentation would discuss someThis presentation would discuss some
comparison and contrast between the 2 maincomparison and contrast between the 2 main
reference models which uses the concept ofreference models which uses the concept ofprotocol layering.protocol layering.
Open System Interconnection Model (OSI)Open System Interconnection Model (OSI)
Transport Control Protocol /Internet ProtocolTransport Control Protocol /Internet Protocol(TCP/IP)(TCP/IP)
8/6/2019 CCN MODULE I PART2
18/89
IntroductionIntroduction The topics that we will be discussingThe topics that we will be discussing
would be based on the diagram below.would be based on the diagram below.OSI TCP / IP
Application (Layer7)Application
Presentation (Layer6)
Session (Layer 5)
Transport (Layer 4) Transport
Network (Layer 3) Internet
Data Link (Layer 2)Subnet
Physical (Layer 1)
8/6/2019 CCN MODULE I PART2
19/89
OutlineOutline Compare the protocol layers thatCompare the protocol layers that
correspond to each other.correspond to each other.
General ComparisonGeneral Comparison
Focus of Reliability ControlFocus of Reliability Control
Roles of Host systemRoles of Host system
DeDe--jure vs. Dejure vs. De--factofacto
8/6/2019 CCN MODULE I PART2
20/89
The Upper LayersThe Upper LayersOSI TCP / IP
Application (Layer7)
ApplicationPresentation (Layer6)
Session (Layer 5)
SessionSession
PresentationPresentation
ApplicationApplication
8/6/2019 CCN MODULE I PART2
21/89
8/6/2019 CCN MODULE I PART2
22/89
The Presentation LayerThe Presentation LayerThe Presentation Layer handles data formatThe Presentation Layer handles data formatinformation for networked communications.information for networked communications.
This is done by converting data into a genericThis is done by converting data into a genericformat that could be understood by bothformat that could be understood by bothsides.sides.
Not found in TCP/IP modelNot found in TCP/IP model
In TCP/IP, this function is provided by theIn TCP/IP, this function is provided by theApplication Layer.Application Layer.
e.g.e.g. External Data Representation Standard (XDR)External Data Representation Standard (XDR)Multipurpose Internet Mail ExtensionsMultipurpose Internet Mail Extensions (MIME)(MIME)
8/6/2019 CCN MODULE I PART2
23/89
The Application LayerThe Application LayerThe Application Layer is the top layer of theThe Application Layer is the top layer of thereference model. It provides a set of interfaces forreference model. It provides a set of interfaces forapplications to obtain access to networked servicesapplications to obtain access to networked services
as well as access to the kinds of network servicesas well as access to the kinds of network servicesthat support applications directly.that support applications directly.
OSIOSI -- FTAM,VT,MHS,DS,CMIPFTAM,VT,MHS,DS,CMIP
TCP/IPTCP/IP -- FTP,SMTP,TELNET,DNS,SNMPFTP,SMTP,TELNET,DNS,SNMP
Although the notion of an application process isAlthough the notion of an application process iscommon to both, their approaches to constructingcommon to both, their approaches to constructingapplication entities is different.application entities is different.
8/6/2019 CCN MODULE I PART2
24/89
Approaches use in constructingApproaches use in constructing
application entitiesapplication entities The diagram below provides an overall view on theThe diagram below provides an overall view on the
methods use by both themethods use by both the OSIOSI andand TCP/IPTCP/IP model.model.
8/6/2019 CCN MODULE I PART2
25/89
ISO ApproachISO Approach Sometime calledSometime called Horizontal ApproachHorizontal Approach
OSI asserts that distributed applicationsOSI asserts that distributed applications
operate over a strict hierarchy of layers andoperate over a strict hierarchy of layers andare constructed from a common tool kit ofare constructed from a common tool kit ofstandardized application service elements.standardized application service elements.
In OSI, each distributed application serviceIn OSI, each distributed application service
selects functions from a large commonselects functions from a large commontoolbox of application service elementtoolbox of application service element(ASEs) and complements these with(ASEs) and complements these withapplication service elements that performapplication service elements that performfunctions specific to given endfunctions specific to given end--user service .user service .
8/6/2019 CCN MODULE I PART2
26/89
TCP/IP ApproachTCP/IP Approach Sometime calledSometime calledVertical ApproachVertical Approach
In TCP/IP, each application entity isIn TCP/IP, each application entity is
composed of whatever set of function itcomposed of whatever set of function itneeds beyond end to end transport toneeds beyond end to end transport tosupport a distributed communications service.support a distributed communications service.
Most of these application processes builds onMost of these application processes builds onwhat it needs and assumes only that anwhat it needs and assumes only that anunderlying transport mechanism (datagramunderlying transport mechanism (datagramor connection) will be provided.or connection) will be provided.
8/6/2019 CCN MODULE I PART2
27/89
Transport LayerTransport Layer
The functionality of the transport layerThe functionality of the transport layeris to provide transparent transfer ofis to provide transparent transfer ofdata from a source end open system todata from a source end open system toa destination end open system (ISO /a destination end open system (ISO /IEC 7498: 1984).IEC 7498: 1984).
OSI TCP / IP
Transport (Layer 4) Transport (TCP/UDP)
8/6/2019 CCN MODULE I PART2
28/89
Transport LayerTransport Layer Transport is responsible for creatingTransport is responsible for creating
and maintaining the basic endand maintaining the basic end--toto--endend
connection between communicatingconnection between communicatingopen systems, ensuring that the bitsopen systems, ensuring that the bitsdelivered to the receiver are the samedelivered to the receiver are the same
as the bits transmitted by the sender; inas the bits transmitted by the sender; inthe same order and withoutthe same order and withoutmodification, loss or duplicationmodification, loss or duplication
8/6/2019 CCN MODULE I PART2
29/89
OSI Transport LayerOSI Transport Layer It takes the information to be sent andIt takes the information to be sent and
breaks it into individual packets that are sentbreaks it into individual packets that are sent
and reassembled into a complete message byand reassembled into a complete message bythe Transport Layer at the receiving nodethe Transport Layer at the receiving node
Also provide a signaling service for theAlso provide a signaling service for theremote node so that the sending node isremote node so that the sending node is
notified when its data is received successfullynotified when its data is received successfullyby the receiving nodeby the receiving node
8/6/2019 CCN MODULE I PART2
30/89
OSI Transport LayerOSI Transport Layer Transport Layer protocols include theTransport Layer protocols include the
capability to acknowledge the receipt ofcapability to acknowledge the receipt of
a packet; if no acknowledgement isa packet; if no acknowledgement isreceived, the Transport Layer protocolreceived, the Transport Layer protocolcan retransmit the packet or timecan retransmit the packet or time--outout
the connection and signal an errorthe connection and signal an error
8/6/2019 CCN MODULE I PART2
31/89
OSI Transport LayerOSI Transport Layer Transport protocols can also mark packetsTransport protocols can also mark packets
with sequencing information so that thewith sequencing information so that the
destination system can properly order thedestination system can properly order thepackets if theyre received outpackets if theyre received out--ofof--sequencesequence
In addition, Transport protocols provideIn addition, Transport protocols providefacilities for insuring the integrity of packetsfacilities for insuring the integrity of packets
and requesting retransmission should theand requesting retransmission should thepacket become garbled when routed.packet become garbled when routed.
8/6/2019 CCN MODULE I PART2
32/89
OSI Transport LayerOSI Transport Layer Transport protocols provide theTransport protocols provide the
capability for multiple applicationcapability for multiple application
processes to access the network byprocesses to access the network byusing individual local addresses tousing individual local addresses todetermine the destination process fordetermine the destination process for
each data streameach data stream
8/6/2019 CCN MODULE I PART2
33/89
8/6/2019 CCN MODULE I PART2
34/89
TCP/IP Transport LayerTCP/IP Transport Layer TCP provides reliable data transmissionTCP provides reliable data transmission
UDP is useful in many applicationsUDP is useful in many applications
eg. Where data needs to be broadcastedeg. Where data needs to be broadcastedor multicastedor multicasted
Primary difference is that UDP does notPrimary difference is that UDP does not
necessarily provide reliable datanecessarily provide reliable datatransmissiontransmission
8/6/2019 CCN MODULE I PART2
35/89
TCP/IP Transport LayerTCP/IP Transport Layer Many programs will use a separate TCPMany programs will use a separate TCP
connection as well as a UDP connectionconnection as well as a UDP connection
8/6/2019 CCN MODULE I PART2
36/89
TCP/IP Transport LayerTCP/IP Transport Layer TCP is responsible for data recoveryTCP is responsible for data recovery
by providing a sequence number with eachby providing a sequence number with each
packet that it sendspacket that it sends
TCP requires ACK (ackowledgement) toTCP requires ACK (ackowledgement) toensure correct data is receivedensure correct data is received
Packet can be retransmitted if errorPacket can be retransmitted if errordetecteddetected
8/6/2019 CCN MODULE I PART2
37/89
TCP/IP Transport LayerTCP/IP Transport Layer Use of ACKUse of ACK
8/6/2019 CCN MODULE I PART2
38/89
TCP/IP Transport LayerTCP/IP Transport Layer Flow control withFlow control with WindowWindow
via specifying an acceptable range ofvia specifying an acceptable range of
sequence numberssequence numbers
8/6/2019 CCN MODULE I PART2
39/89
TCP/IP Transport LayerTCP/IP Transport Layer TCP and UDP introduce the concept ofTCP and UDP introduce the concept of
portsports
Common ports and the services that runCommon ports and the services that runon them:on them:
FTPFTP 21 and 2021 and 20
telnettelnet 2323
SMTPSMTP 2525
httphttp 8080
POP3POP3 110110
8/6/2019 CCN MODULE I PART2
40/89
8/6/2019 CCN MODULE I PART2
41/89
Comparing Transport for both ModelsComparing Transport for both Models The features of UDP and TCP defined atThe features of UDP and TCP defined at
TCP/IP Transport Layer correspond to manyTCP/IP Transport Layer correspond to many
of the requirements of the OSI Transportof the requirements of the OSI TransportLayer. There is a bit of bleed over forLayer. There is a bit of bleed over forrequirements in the session layer of OSI sincerequirements in the session layer of OSI sincesequence numbers, and port values can helpsequence numbers, and port values can helpto allow the Operating System to keep trackto allow the Operating System to keep track
of sessions, but most of the TCP and UDPof sessions, but most of the TCP and UDPfunctions and specifications map to the OSIfunctions and specifications map to the OSITransport Layer.Transport Layer.
8/6/2019 CCN MODULE I PART2
42/89
Comparing Transport for both ModelsComparing Transport for both Models The TCP/IP and OSI architecture models bothThe TCP/IP and OSI architecture models both
employ all connection and connectionlessemploy all connection and connectionless
models at transport layer. However, themodels at transport layer. However, theinternet architecture refers to the two modelsinternet architecture refers to the two modelsin TCP/IP as simply connections andin TCP/IP as simply connections anddatagrams. But the OSI reference model,datagrams. But the OSI reference model,with its penchant for precise terminology,with its penchant for precise terminology,
uses the terms connectionuses the terms connection--mode andmode andconnectionconnection--oriented for the connection modeloriented for the connection modeland the term connectionlessand the term connectionless--mode for themode for theconnectionless model.connectionless model.
8/6/2019 CCN MODULE I PART2
43/89
Network vs. InternetNetwork vs. Internet
Like all the other OSI Layers, the networkLike all the other OSI Layers, the networklayer provides both connectionless andlayer provides both connectionless and
connectionconnection--oriented services. As for theoriented services. As for theTCP/IP architecture, the internet layer isTCP/IP architecture, the internet layer isexclusively connectionless.exclusively connectionless.
OSI TCP / IP
Network (Layer 3) Internet
8/6/2019 CCN MODULE I PART2
44/89
Network vs. InternetNetwork vs. Internet X.25 Packet Level ProtocolX.25 Packet Level Protocol OSIsOSIs
ConnectionConnection--oriented Network Protocoloriented Network Protocol
The CCITT standard for X.25 defines the DTE/DCEThe CCITT standard for X.25 defines the DTE/DCEinterface standard to provide access to a packetinterface standard to provide access to a packet--switched network. It is the network level interface,switched network. It is the network level interface,which specifies a virtual circuit (VC) service. A sourcewhich specifies a virtual circuit (VC) service. A sourcehost must establish a connection (a VC) with thehost must establish a connection (a VC) with the
destination host before data transfer can take place.destination host before data transfer can take place.The network attempts to deliver packets flowing overThe network attempts to deliver packets flowing overa VC in sequence.a VC in sequence.
8/6/2019 CCN MODULE I PART2
45/89
Network vs. InternetNetwork vs. Internet Connectionless Network ServiceConnectionless Network Service
Both OSI and TCP/IP support a connectionlessBoth OSI and TCP/IP support a connectionlessnetwork service: OSI as an alternative to networknetwork service: OSI as an alternative to networkconnections and TCP/IP as the only way in use.connections and TCP/IP as the only way in use.
Internetworking ProtocolsInternetworking Protocols OSIs CLNP (ISO/IEC 8473: 1993) is functionallyOSIs CLNP (ISO/IEC 8473: 1993) is functionally
identical to the Internets IP (RPC 791). Both CLNPidentical to the Internets IP (RPC 791). Both CLNP
and IP are bestand IP are best--efforteffort--delivery network protocols.delivery network protocols.Bit niggling aside, they are virtually identical. TheBit niggling aside, they are virtually identical. Themajor difference between the two is that CLNPmajor difference between the two is that CLNPaccommodates variableaccommodates variable--length addresses,length addresses,whereas IP supports fixed, 32whereas IP supports fixed, 32--bit address.bit address.
8/6/2019 CCN MODULE I PART2
46/89
Network vs. InternetNetwork vs. Internet Internet (IP) AddressesInternet (IP) Addresses
The lnternet network address is more commonlyThe lnternet network address is more commonlycalled the IP address. It consists of 32 bits,called the IP address. It consists of 32 bits,some of which are allocated to a highsome of which are allocated to a high--orderordernetworknetwork--numbernumber part and the remainder of whichpart and the remainder of whichare allocated to a loware allocated to a low--order hostorder host--numbernumber part.part.The distribution of bitsThe distribution of bits -- how many form thehow many form thenetwork number, and how many are therefore leftnetwork number, and how many are therefore leftfor the host numberfor the host number -- can be done in one of threecan be done in one of threedifferent ways, giving three differentdifferent ways, giving three different classesclasses of IPof IPaddressaddress
8/6/2019 CCN MODULE I PART2
47/89
Network vs. InternetNetwork vs. Internet OSI Network Layer AddressingOSI Network Layer Addressing
ISO/IEC and CCITT jointly administer the globalISO/IEC and CCITT jointly administer the globalnetwork addressing domain. The initialnetwork addressing domain. The initialhierarchical decomposition of the NSAP address ishierarchical decomposition of the NSAP address isdefined by (ISO/IEC 8348). The standard specifiesdefined by (ISO/IEC 8348). The standard specifiesthe syntax and the allowable values for the highthe syntax and the allowable values for the high--order part of the addressorder part of the address -- the Initial Domain Partthe Initial Domain Part(IDP), which consists of the Authority and Format(IDP), which consists of the Authority and Format
Identifier (AFI) and the Initial Domain IdentifierIdentifier (AFI) and the Initial Domain Identifier(IDI)(IDI) -- but specifically eschews constraints on orbut specifically eschews constraints on orrecommendations concerning the syntax orrecommendations concerning the syntax orsemantics of the domain specific part (DSP).semantics of the domain specific part (DSP).
8/6/2019 CCN MODULE I PART2
48/89
Network vs. InternetNetwork vs. Internet OSI Routing ArchitectureOSI Routing Architecture
End systems (ESs) and intermediate systems (ISs)End systems (ESs) and intermediate systems (ISs)use routing protocols to distribute (advertise)use routing protocols to distribute (advertise)some or all of the information stored in theirsome or all of the information stored in theirlocally maintained routing information base. ESslocally maintained routing information base. ESsand ISs send and receive these routing updatesand ISs send and receive these routing updatesand use the information that they contain (andand use the information that they contain (andinformation that may be available from the localinformation that may be available from the local
environment, such as information enteredenvironment, such as information enteredmanually by an operator) to modify their routingmanually by an operator) to modify their routinginformation base.information base.
8/6/2019 CCN MODULE I PART2
49/89
Network vs. InternetNetwork vs. Internet TCP/IP Routing ArchitectureTCP/IP Routing Architecture
The TCP/IP routing architecture looks very muchThe TCP/IP routing architecture looks very muchlike the OSI routing architecture. Hosts use alike the OSI routing architecture. Hosts use adiscovery protocol to obtain the identification ofdiscovery protocol to obtain the identification ofgateways and other hosts attached to the samegateways and other hosts attached to the samenetwork (subnetwork). Gateways withinnetwork (subnetwork). Gateways withinautonomous systems (routing domains) operateautonomous systems (routing domains) operatean interior gateway protocol (intradomain ISan interior gateway protocol (intradomain IS--ISIS
routing protocol), and between autonomousrouting protocol), and between autonomoussystems, they operate exterior or border gatewaysystems, they operate exterior or border gatewayprotocols (interdomain routing protocols). Theprotocols (interdomain routing protocols). Thedetails are different but the principles are thedetails are different but the principles are thesame.same.
8/6/2019 CCN MODULE I PART2
50/89
Data link / Physical vs. SubnetData link / Physical vs. Subnet
Data link layerData link layer The function of theData Link Layeris provides for the control of
the physical layer, and detects and possibly corrects errors which
may occur (IOS/IEC 7498:1984). In another words, the DataLink Layer transforms a stream of raw bits (0s and 1s) from thephysical into a data frame and provides an error-free transfer fromone node to another, allowing the layers above it to assumevirtually error-free transmission
OSI TCP / IP
Data Link (Layer 2)
Subnet
Physical (Layer 1)
8/6/2019 CCN MODULE I PART2
51/89
Data link / Physical vs. SubnetData link / Physical vs. Subnet Physical layerPhysical layer
The function of the Physical Layeris to provide
mechanical, electrical, functional, and procedural
means to activate a physical connection for bit
transmission (ISO/IEC 7498:1984). Basically, this
means that the typical role of the physical layer is to
transform bits in a computer system into
electromagnetic (or equivalent) signals for a particulartransmission medium (wire, fiber, ether, etc.)
8/6/2019 CCN MODULE I PART2
52/89
Data link / Physical vs. SubnetData link / Physical vs. Subnet Comparing to TCP/IPComparing to TCP/IP
These 2 layers of the OSI correspond directly to the subnet layer ofthe TCP/IP model.
Majority of the time, the lower layers below the Interface or
Network layer of the TCP/IP model are seldom or rarely discussed.
The TCP/IP model does nothing but to high light the fact the hosthas to connect to the network using some protocol so it can send IP
packets over it. Because the protocol used is not defines, it will
vary from host to host and network to network
8/6/2019 CCN MODULE I PART2
53/89
Data link / Physical vs. SubnetData link / Physical vs. Subnet Comparing to TCP/IPComparing to TCP/IP
After much deliberation by organizations, it wasdecided that the Network Interface Layer in the TCP/IPmodel corresponds to a combination of the OSI DataLink Layer and network specific functions of the OSInetwork layer (eg IEEE 203.3).
Since these two layers deal with functions that are soinherently specific to each individual networkingtechnology, the layering principle of grouping themtogether related functions is largely irrelevant.
8/6/2019 CCN MODULE I PART2
54/89
General ComparisonGeneral Comparison
Focus of Reliability ControlFocus of Reliability Control
Roles of Host SystemRoles of Host System
DeDe--jure vs. Dejure vs. De--factofacto
8/6/2019 CCN MODULE I PART2
55/89
Focus of Reliability ControlFocus of Reliability Control Implementation of the OSI model places emphasis onImplementation of the OSI model places emphasis on
providing a reliable data transfer service, while the TCP/IPproviding a reliable data transfer service, while the TCP/IPmodel treats reliability as an endmodel treats reliability as an end--toto--end problem.end problem.
Each layer of the OSI model detects and handles errors,Each layer of the OSI model detects and handles errors,all data transmitted includes checksums. The transportall data transmitted includes checksums. The transportlayer of the OSI model checks sourcelayer of the OSI model checks source--toto--destinationdestinationreliability.reliability.
In the TCP/IP model, reliability control is concentrated atIn the TCP/IP model, reliability control is concentrated atthe transport layer. The transport layer handles all errorthe transport layer. The transport layer handles all errordetection and recovery. The TCP/IP transport layer usesdetection and recovery. The TCP/IP transport layer useschecksums, acknowledgments, and timeouts to controlchecksums, acknowledgments, and timeouts to controltransmissions and provides endtransmissions and provides end--toto--end verificationend verification..
8/6/2019 CCN MODULE I PART2
56/89
Roles of Host SystemRoles of Host System Hosts on OSI implementations do notHosts on OSI implementations do not
handle network operations (simplehandle network operations (simple
terminal), but TCP/IP hosts participateterminal), but TCP/IP hosts participatein most network protocols. TCP/IP hostsin most network protocols. TCP/IP hostscarry out such functions as endcarry out such functions as end--toto--endendverification, routing, and networkverification, routing, and network
control. The TCP/IP internet can becontrol. The TCP/IP internet can beviewed as a data stream deliveryviewed as a data stream deliverysystem involving intelligent hosts.system involving intelligent hosts.
8/6/2019 CCN MODULE I PART2
57/89
DeDe--jure vs. Dejure vs. De--facto (OSI)facto (OSI) OSIOSI
StandardStandard legislatedlegislated byby officialofficial recognizedrecognized bodybody.. (ISO)(ISO)
TheThe OSIOSI referencereference modelmodel waswas deviseddevised beforebefore thethe protocolsprotocols werewere
inventedinvented.. ThisThis orderingordering meansmeans thatthat thethe modelmodel waswas not not biasedbiasedtowardtoward oneone particularparticular setset of of protocols,protocols, whichwhich mademade it it quitequitegeneralgeneral.. TheThe downdown sideside ofof thisthis orderingordering isis thatthat thethe designersdesigners diddidnotnot havehave muchmuch experienceexperience withwith thethe subjectsubject andand diddid notnot havehave aagoodgood ideaidea ofof whichwhich functionalityfunctionality toto putput inin whichwhich layerlayer..
BeingBeing general,thegeneral,the protocolsprotocols inin thethe OSIOSI modelmodel areare betterbetter hiddenhidden
thanthan inin thethe TCP/IPTCP/IP modelmodel andand cancan bebe replacedreplaced relativelyrelatively easilyeasily asasthethe technologytechnology changeschanges..
NotNot soso widespreadwidespread asas comparedcompared withwith TCP/IPTCP/IP.. (complex(complex ,, costly)costly)
MoreMore commonlycommonly usedused asas teachingteaching aidsaids..
8/6/2019 CCN MODULE I PART2
58/89
DeDe--jure vs. Dejure vs. De--facto (TCP/IP)facto (TCP/IP) TCP/IPTCP/IP
Standards adopted due to widespread use. (Internet)Standards adopted due to widespread use. (Internet)
The protocols came first, and the model was really just aThe protocols came first, and the model was really just a
description of the existing protocols. There was no problemdescription of the existing protocols. There was no problemwith the protocols fitting the model, but it is hardly possiblewith the protocols fitting the model, but it is hardly possibleto be use to describe other modelsto be use to describe other models..
Get the job done" orientation.Get the job done" orientation.
Over the years it has handled most challenges by growing toOver the years it has handled most challenges by growing tomeet the needs.meet the needs.
More popular standard for internetworking for severalMore popular standard for internetworking for severalreasons :reasons :
relatively simple and robust compared to alternatives such as OSIrelatively simple and robust compared to alternatives such as OSI
available on virtually every hardware and operating system platformavailable on virtually every hardware and operating system platform(often free)(often free)
the protocol suite on which the Internet depends.the protocol suite on which the Internet depends.
8/6/2019 CCN MODULE I PART2
59/89
The EndThe End Project team membersProject team members
ANDREW TAN TENG HONGANDREW TAN TENG HONG
MAH CHEE MENGMAH CHEE MENG CHEE YEW WAICHEE YEW WAI
TAN YOKE CHUANTAN YOKE CHUAN
CHEONG KIM MINGCHEONG KIM MING
8/6/2019 CCN MODULE I PART2
60/89
Chapter 8Network Security Principles,Symmetric Key Cryptography,
Public Key CryptographyProfessor Rick Han
University of Colorado at Boulder
8/6/2019 CCN MODULE I PART2
61/89
Prof. Rick Han, University of
Colorado at Boulder
Network Security
Classic properties of secure systems: Confidentiality Encrypt message so only sender and receiver can
understand it.
Authentication Both sender and receiver need to verify the identity of
the other party in a communication: are you really whoyou claim to be?
Authorization Does a party with a verified identity have permission to
access (r/w/x/) information? Gets into access controlpolicies.
8/6/2019 CCN MODULE I PART2
62/89
Prof. Rick Han, University of
Colorado at Boulder
Network Security (2)
Classic properties of secure systems: (cont.) Integrity During a communication, can both sender and receiver
detect whether a message has been altered?
Non-Repudiation Originator of a communication cant deny later that the
communication never took place
Availability Guaranteeing access to legitimate users. Prevention of
Denial-of-Service (DOS) attacks.
8/6/2019 CCN MODULE I PART2
63/89
Prof. Rick Han, University of
Colorado at Boulder
Cryptography
Encryption algorithm also called a cipher
Cryptography has evolved so that modernencryption and decryption use secret keys Only have to protect the keys! => Key distribution problem Cryptographic algorithms can be openly published
Encryption Decryption
plaintext ciphertext plaintext
Encryption Decryption
plaintext ciphertext plaintext
Key KA Key KB
8/6/2019 CCN MODULE I PART2
64/89
Prof. Rick Han, University of
Colorado at Boulder
Cryptography (2)
Cryptography throughout history: Julius Caesar cipher: replaced each character by a
character cyclically shifted to the left. Weakness? Easy to attack by looking at frequency of characters
Mary Queen of Scots: put to deathfor treason after Queen Elizabeths Isspymaster cracked her encryption code
WWII: Allies break German Enigma
code and Japanese naval code Enigma code machine (right)
8/6/2019 CCN MODULE I PART2
65/89
8/6/2019 CCN MODULE I PART2
66/89
Prof. Rick Han, University of
Colorado at Boulder
Cryptography (4)
Cryptanalysis Type of attacks: Chosen-plaintext attack: Attacker can choose the plaintext and look at the
paired ciphertext. Attacker has more control than known-plaintext
attack and may be able to gain more info about key
Adaptive Chosen-Plaintext attack: Attacker chooses a series of plaintexts, basing the
next plaintext on the result of previous encryption Differential cryptanalysis very powerful attacking
tool
But DES is resistant to it Cryptanalysis attacks often exploit the
redundancy of natural language Lossless compression before encryption removes
redundancy
8/6/2019 CCN MODULE I PART2
67/89
Principl s f C nfusi n nd
8/6/2019 CCN MODULE I PART2
68/89
Prof. Rick Han, University of
Colorado at Boulder
Principles of Confusion andDiffusion (2)
Modern substitution ciphers take in N bits andsubstitute N bits using lookup table: called S-
Boxes
Confusion : a classical Substitution Cipher
Courtesy:
AndreasSteffen
Principles of Confusion and
8/6/2019 CCN MODULE I PART2
69/89
Prof. Rick Han, University of
Colorado at Boulder
Principles of Confusion andDiffusion (3)
Diffusion : a classical Transposition cipher
modern Transposition ciphers take in N bitsand permute using lookup table : called P-
Boxes
Courtesy:
AndreasSteffen
8/6/2019 CCN MODULE I PART2
70/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography
Both sender and receiver keys are the same: KA=KB
The keys must be kept secret and securely distributed wellstudy this later Thus, also called Secret Key Cryptography
Data Encryption Standard (DES)
Encryption Decryption
plaintext ciphertext plaintext
Key KA Key KB=KA
Secure Key Distribution
8/6/2019 CCN MODULE I PART2
71/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography (2)
DES 64-bit input is permuted 16 stages of identical
operation differ in the 48-bit key
extracted from 56-bitkey - complex R2= R1 is encrypted
with K1 and XORd withL1
L2=R1, Final inverse permutation
stage
8/6/2019 CCN MODULE I PART2
72/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography (3)
Data Encryption Standard (DES) Encodes plaintext in 64-bit chunks using a 64-bit key (56bits + 8 bits parity)
Uses a combination of diffusion and confusion to achievesecurity
abcd dbac
Was cracked in 1997 Parallel attack exhaustively search key space
Triple-DES: put the output of DES back as input into DESagain with a different key, loop again: 3*56 = 168 bit key
Decryption in DES its symmetric! Use KA again as input
and then the same keys except in reverse order Advanced Encryption Standard (AES) successor
8/6/2019 CCN MODULE I PART2
73/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography (4)
DES is an example of a block cipher Divide input bit stream into n-bit sections, encrypt onlythat section, no dependency/history between sections
In a good block cipher, each output bit is a function ofall n input bits and all k key bits
Courtesy:
Andreas
Steffen
8/6/2019 CCN MODULE I PART2
74/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography (5)
Electronic Code Book (ECB) mode for blockciphers of a long digital sequence
Vulnerable to replay attacks: if an attacker thinks block C2corresponds to $ amount, then substitute another Ck
Attacker can also build a codebook of pairs
8/6/2019 CCN MODULE I PART2
75/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography (6)
Cipher Block Chaining (CBC) mode for blockciphers
Inhibits replay attacks and codebook building: identical inputplaintext Pi =Pk wont result in same output code due to memory-based chaining
IV = Initialization Vector use only once
8/6/2019 CCN MODULE I PART2
76/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography (7) S
tream ciphers
Rather than divide bit stream into discrete blocks, as block
ciphers do, XOR each bit of your plaintext continuous streamwith a bit from a pseudo-random sequence At receiver, use same symmetric key, XOR again to extract
plaintext
8/6/2019 CCN MODULE I PART2
77/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography (8)
RC4 stream cipher by Ron Rivest of RSA DataSecurity Inc. used in 802.11bs security Block ciphers vs. stream ciphers
Stream ciphers work at bit-level and were originallyimplemented in hardware => fast!
Block ciphers work at word-level and were originallyimplemented in software => not as fast
Error in a stream cipher only affects one bit Error in a block cipher in CBC mode affects two blocks Distinction is blurring:
Stream ciphers can be efficiently implemented insoftware Block ciphers getting faster
8/6/2019 CCN MODULE I PART2
78/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric-Key Cryptography (9)
Symmetric key is propagated to bothendpoints A & B via Diffie-Hellman keyexchange algorithm A & B agree on a large prime modulus n, a primitive element
g, and a one-way function f(x)=gx mod n
n and g are publicly known A chooses a large random int a and sends B AA=ga mod n B chooses a large random int b and sends A BB= gb mod n A & B compute secret key S = gba mod n Since x=f-1(y) is difficult to compute, then observer who
knows AA, BB, n, g and f will not be able to deduce theproduct ab and hence S is secure
8/6/2019 CCN MODULE I PART2
79/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric Key Distribution
Key distribution Public key via trusted Certificate
Authorities
Symmetric key? Diffie-Helman Key Exchange Public key, then secret key (e.g. SSL) Symmetric Key distribution via a KDC (Key Distribution
Center)
8/6/2019 CCN MODULE I PART2
80/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric Key Distribution (2)
Symmetric Key distribution via a KDC (KeyDistribution Center) KDC is a server (trusted 3rd party) sharing a different
symmetric key with each registered user Alice wants to talk with Bob, and sends encrypted request
to KDC, KA-KDC(Alice,Bob) KDC generates a one-time shared secret key R1 KDC encrypts Alices identity and R1 with Bobs secret
key, let m= KB-KDC(Alice,R1) KDC sends to both Alice R1 and m, encrypted with
Alices key: i.e. KA-KDC(R1, KB-KDC(Alice,R1))
Alice decrypts message, extracting R1 and m. Alice sendsm to Bob.
Bob decrypts m and now has the session key R1
8/6/2019 CCN MODULE I PART2
81/89
Prof. Rick Han, University of
Colorado at Boulder
Symmetric Key Distribution (3)
Kerberos authentication basically follows this KDCtrusted 3rd party approach
In Kerberos, the message m is called a ticket and hasan expiration time
m=
8/6/2019 CCN MODULE I PART2
82/89
Chapter 8Public Key Cryptography,
Authentication, Data Integrity
Professor Rick Han
University of Colorado at Boulder
8/6/2019 CCN MODULE I PART2
83/89
8/6/2019 CCN MODULE I PART2
84/89
8/6/2019 CCN MODULE I PART2
85/89
Prof. Rick Han, University of
Colorado at Boulder
Public-Key Cryptography (3)
Decryption algorithm has the property that only a private key K
privatecan decrypt the ciphertext, and
it is computationally infeasible to deduce Kprivate eventhough attacker knows the public key Kpublic and theencryption algorithm
Encryption Decryption
plaintext ciphertext plaintext
Key KPUBLIC Key KPRIVATE
Secure KeyPublic Key Distribution
8/6/2019 CCN MODULE I PART2
86/89
8/6/2019 CCN MODULE I PART2
87/89
P bl K C h (4)
8/6/2019 CCN MODULE I PART2
88/89
Prof. Rick Han, University of
Colorado at Boulder
Public-Key Cryptography (4)
Provides security because: There are no known algorithms for quickly factoringn=p*q, the product of two large prime #s
If we could factor n into p and q, then it would be easyto break the algorithm: have n, p, q, e, then just iterateto find decryption key d.
Public-key cryptography is slow because of theexponentiation: m = cd mod n = (me)d mod n = (md)e mod n From 21-64 kbps (1024-bit value for n) So, dont use it for time-sensitive applications and/or use
only for small amounts of data well see how SSL makesuse of this
P bli K C h (5)
8/6/2019 CCN MODULE I PART2
89/89
Public-Key Cryptography (5)
A 512 bit number (155 decimals) was factored into twoprimes in 1999 using one Cray and 300 workstations 1024 bit keys still safe
Incredibly useful property of public-key cryptography: m = cd mod n = (me)d mod n = (md)e mod n Thus, can swap the order in which the keys are used. Example: can use private key for encryption and a public
key for decryption will see how it is useful inauthentication!