Thanks… • To Anthony Joseph, Doug Tygar, Umesh Networks Tutorial Vazirani, and David Wagner for generously allowing me to use their slides as the basis for this set of slides. Fall 2008 CS 334: Computer Security 1 Fall 2008 CS 334: Computer Security 2 What is a Communications Network? Outline (End-system Centric View) • Communications Network Taxonomy – Packet Networks • Network offers one basic service: move information • The Internet – Bird, fire, messenger, truck, telegraph, telephone, Internet … • Transport Layer: UDP/IP, TCP/IP • What distinguish different types of networks? – The services they provide, security, … • Network Service Examples • P2P applications Fall 2008 CS 334: Computer Security 3 Fall 2008 CS 334: Computer Security 4 What is a Communications Network? What is a Communication Network (End-system Centric View) (Infrastructure Centric View) • What distinguish the services? • Communication medium: electron, photon – Latency • Network components: – Bandwidth – Links – carry bits from 1 place to 1 or more: fiber, – Loss rate copper, wireless,… – Number of end systems – Interfaces – attach devices to links – Service interface (how to invoke the service?) – Switches/routers – interconnect links: electronic/ – Others optic, crossbar/Banyan • Reliability, unicast vs. multicast, real-time... – Hosts – communication endpoints: PCs, PDAs, cell • What are the security issues? phones, toasters – Authentication, privacy, anonymity, integrity, … Fall 2008 CS 334: Computer Security 5 Fall 2008 CS 334: Computer Security 6 1
What is a Communication Network Network Components (Examples) (Infrastructure Centric View) Links Interfaces Switches/routers • Protocols – rules governing communication between nodes Fibers – TCP/IP, ATM, MPLS, SONET, Ethernet, X.25 Large router • Applications: Web browser, X Windows, FTP, ... Ethernet card • Low-level security issues: Coaxial Cable Telephone – Authentication, privacy, integrity, … switch Wireless card Fall 2008 CS 334: Computer Security 7 Fall 2008 CS 334: Computer Security 8 Broadcast vs Switched Communications Networks Taxonomy of Communication Networks • Broadcast Communication Networks • Communication networks can be classified based on the way in which the nodes exchange information: – Information transmitted by any node is received by every other node in the network Communication • Examples: usually in LANs (non-switched Ethernet, WiFi) Network • Switched Communication Networks – Information transmitted to a sub-set of designated nodes Switched Broadcast Communication Communication • Examples: WANs (Telephony Network, Internet), switched Network Network Ethernet – Problem: how to forward information to intended Circuit-switched Packet-switched node(s)? Communication Communication Network Network • Done by special nodes (e.g., routers, switches) executing routing protocols Datagram Virtual Circuit Network Network • Can the routing process be subverted? Fall 2008 CS 334: Computer Security 9 Fall 2008 CS 334: Computer Security 10 Taxonomy of Communication Networks Taxonomy of Communication Networks • Communication networks can be classified based on the way • Communication networks can be classified based on the way in which the nodes exchange information: in which the nodes exchange information: Communication Communication Network Network Switched Broadcast Switched Broadcast Communication Communication Communication Communication Network Network Network Network Circuit-switched Packet-switched Circuit-switched Packet-switched Communication Communication Communication Communication Network Network Network Network Datagram Virtual Circuit Datagram Virtual Circuit Public Telephone Network Network Network Network Network Fall 2008 CS 334: Computer Security 11 Fall 2008 CS 334: Computer Security 12 2
Timing of Datagram Packet Datagram Packet Switching Switching • Each packet is independently switched – Each packet header contains destination address • No resources are pre-allocated (reserved) in advance • Example: IP networks Fall 2008 CS 334: Computer Security 13 Fall 2008 CS 334: Computer Security 14 Datagram Packet Switching Outline • Communications Network Taxonomy – Packet Networks • The Internet • Transport Layer: UDP/IP, TCP/IP • Network Service Examples • P2P applications Fall 2008 CS 334: Computer Security 15 Fall 2008 CS 334: Computer Security 16 The Internet History of the Internet • Global scale, general purpose, heterogeneous- • 68-70’s: started as a research project, 56 kbps, technologies, public, computer network initially 4 nodes (UCLA, UCSB, SRI, Utah) then < 100 computers • 80-83: TCP/IP, DNS; ARPANET and MILNET split • Internet Protocol • 85-86: NSF builds NSFNET as backbone, links 6 – Open standard: Internet Engineering Task Force (IETF) as standard body ( http://www.ietf.org ) Supercomputer centers, 1.5 Mbps, 10,000 – Technical basis for other types of networks computers • Intranet: enterprise IP network • 87-90: link regional networks, NSI (NASA), ESNet (DOE), DARTnet, TWBNet (DARPA), • Developed by the research community 100,000 computers Fall 2008 CS 334: Computer Security 17 Fall 2008 CS 334: Computer Security 18 3
History of the Internet Network “Cloud” • 90-92: NSFNET moves to 45 Mbps, 16 mid-level networks • 94: NSF backbone dismantled, multiple private backbones; Introduction of Commercial Internet • Today: backbones run at 10 Gbps, close to 600M computers in 150 countries Fall 2008 CS 334: Computer Security 19 Fall 2008 CS 334: Computer Security 20 Regional Nets + Backbone Backbones + NAPS + ISPs Fall 2008 CS 334: Computer Security 21 Fall 2008 CS 334: Computer Security 22 Core Networks + Access Networks Computers Inside the Core Fall 2008 CS 334: Computer Security 23 Fall 2008 CS 334: Computer Security 24 4
Internet Protocol Layers Services Provided by the Internet • Shared access to computing resources – telnet (1970’s), ssh (1990’s) • Shared access to data/files – FTP, NFS, AFS (1980’s), CIFS (late 90’s) • Communication medium over which people interact – email (1980’s), on-line chat rooms, instant messaging (1990’s) – audio, video, Voice-over-IP (1990’s, early 00’s) • replacing telephone network? Fall 2008 CS 334: Computer Security 25 Fall 2008 CS 334: Computer Security 26 Services Provided by the Internet Addressing • Medium for information dissemination • Every Internet host has an IP address – USENET (1980’s) – e.g., 67.114.133.15 – WWW (1990’s) • Packets include destination address • replacing newspaper, magazine? – Network is responsible for routing packet to address – Audio, video (late 90’s, early 00’s) • Host-view: • replacing radio, TV? – File sharing (late 90’s, early 00’s) helllowthe Fall 2008 CS 334: Computer Security 27 Fall 2008 CS 334: Computer Security 28 IP-centric View Routing • Routers have “routing tables” – Tables mapping each destination with an outgoing link – Requires that routing table is highly compressible! – Implications for address assignment, mobility, etc. • Routing decisions made packet-by-packet – Routers keep no connection state • Question: Why have the network do routing? – Why not the hosts? – Compare delivery-by-hand to FedEx Fall 2008 CS 334: Computer Security 29 Fall 2008 CS 334: Computer Security 30 5
Internet Service Outline • Communications Network Taxonomy – Packet Networks • “Best-Effort” service – No guarantees about packet delivery • The Internet – Hosts must cope with loss, delay, reordering, duplication • Why not guarantee no loss and low delay? • Transport Layer: UDP/IP, TCP/IP • IP packets are addressed to a host – How to decide which application gets which packets? • Network Service Examples • Need a transport layer! • P2P applications Fall 2008 CS 334: Computer Security 31 Fall 2008 CS 334: Computer Security 32 Ports Transport Layer • Need to decide which application gets which packets • Solution: map each socket to a port • Client must know server’s port • Separate 16-bit port address space for UDP and TCP – (src_IP, src_port, dest_IP, dest_port) uniquely identifies TCP connection • Well known ports (0-1023): everyone agrees which services run on these ports – e.g., ssh: 22, http: 80 – On UNIX, must be root to gain access to these ports (why?) • Ephemeral ports (most 1024-65535): given to clients – e.g., chat client gets one of these Fall 2008 CS 334: Computer Security 33 Fall 2008 CS 334: Computer Security 34 Headers IP Internet • IP header: used for IP routing, fragmentation, • Protocol Stack (note difference between TCP error detection… and IP) • UDP header: used for multiplexing/ demultiplexing, error detection • TCP header: used for multiplexing/ H1 H8 demultiplexing, flow and congestion control TCP TCP R1 R2 R3 IP IP IP IP IP Application Application data data ETH ETH FDDI FDDI PPP PPP ETH ETH TCP UDP TCP UDP TCP/UDP data TCP/UDP data IP IP IP TCP/UDP data IP TCP/UDP data Fall 2008 CS 334: Computer Security 35 Fall 2008 36 6
Recommend
More recommend