 Principles of Networking Applications: Web, FTP, E-mail,

DNS, Peer-to- Peer applications, Creating Networking

Applications, Telnet, SNMP, Recent trends in Computer
Networks.
 Recent Trends in Network Security: Cryptography,
Substitution and Transposition Ciphers, Data encryption
standard (DES), breaking DES,Public Key Cryptography,
Network layer security (IPSec), Transport Layer Security
(TLS/SSL, HTTPS).
Position of Application-layer protocols in
the TCP/IP protocol suite
 The application layer provides services to the user.
 Communication is provided using a logical connection,
which means that the two application layers assume that
there is an imaginary direct connection through which they
can send and receive messages.
 The telephone network was originally designed to provide
voice service. Likewise the Internet was originally
designed to provide service to users around the world.
 The protocols in this layer do not provide services: it only
receive services from the protocols in the transport layer. It
implies that protocols can be removed from this layer
easily.
 New application protocols to be easily added to the
Internet.
Application-Layer Paradigms
Traditional Paradigm: Client-Server

Fig:Example of a client-server paradigm

Application-Layer Paradigms
New paradigm: peer-to-peer paradigm
(often abbreviated P2P paradigm)

Fig: Example of a peer-to-peer paradigm

 World Wide Web
 The Web today is a repository of information in which the documents,
called web pages, are distributed all over the world and related
documents are linked together.
 Distribution allows the growth of the Web. Each web server in the
world can add a new web page to the repository and announce it to all
Internet users without overloading a few servers.
 Linking allows one web page to refer to another web page stored in
another server somewhere else in the world.
 The linking of web pages was achieved using a concept called
hypertext.
 The Web implemented this idea electronically to allow the linked
document to be retrieved when the link was clicked by the user.
 Applications: Retrieving of linked documents, electronic shopping and
gaming, radio programs or view television programs
 The WWW today is a distributed client-server service, in which a client
using a browser can access a service using a server.
 A web page can be simple or composite.
 A simple web page has no links to other web pages; a composite web page
has one or more links to other web pages

Fig: Example of client server service

WWW: Architecture
 Web Client (Browser)
 A variety of vendors offer commercial browsers that interpret and display a
web page, and all of them use nearly the same architecture.
 Each browser usually consists of three parts: a controller, client protocols, and
interpreters.
 The controller receives input from the keyboard or the mouse and uses the
client programs to access the document.
 After the document has been accessed, the controller uses one of the
interpreters to display the document on the screen.
 The client protocol can be one of the protocols, such as HTTP or FTP.
 The interpreter can be HTML, Java, or JavaScript, depending on the type of
document
 Commercial browsers: Internet Explorer, Netscape Navigator, and Firefox
 Web Server
 The web page is stored at the server.
 Each time a request arrives, the corresponding document is sent to the client.
 To improve efficiency, servers normally store requested files in a cache in
memory; memory is faster to access than a disk.
 Popular Web servers: Apache, Microsoft Internet Information Server
 A web page, as a file, needs to have a unique identifier to distinguish it from
other web pages.
 To define a web page, we need 4 identifiers: host, port, and path and
protocol.
 Protocol. The first identifier is the abbreviation for the client-server program
that we need in order to access the web page.
 Most commonly used: HTTP and FTP
 Host. The host identifier can be the IP address of the server or the unique
name given to the server. Assigned(say I1p=64.23.56.17) uniquely the name
that is normally the domain name that uniquely defines the host, such as
xyz.com.
 Port. The port, a 16-bit integer, is normally predefined for the client-server
application. For eg: HTTP=80(Port number)
 Path. The path identifies the location and the name of the file in the
underlying operating system. Or the path lists the directories from the top to
the bottom, followed by the file name.
 For example, /top/next/last/myfile is a path that uniquely defines a file named
myfile,
 To combine these four pieces together, the uniform resource locator (URL)
has been designed; it uses three different separators between the four pieces.

 Eg:URL http://www.mhhe.com/compsci/forouzan
 Web Documents
 The documents in the WWW can be grouped into three broad categories:
static, dynamic, and active.
 Static documents are fixed-content documents that are created and stored
in a server. The client can get a copy of the document only.
 The contents in the server can be changed, but the user cannot change them.
 Static documents are prepared using one of several languages: HyperText
Markup Language (HTML), Extensible Markup Language (XML),
Extensible Style Language (XSL), and Extensible Hypertext Markup
Language (XHTML).
 Dynamic Documents
 Web Documents
 The documents in the WWW can be grouped into three broad categories:
static, dynamic, and active.
 Dynamic Documents
 A dynamic document is created by a web server whenever a browser
requests the document.
 When a request arrives, the web server runs an application program or a
script that creates the dynamic document.
 Because a fresh document is created for each request, the contents of a
dynamic document may vary from one request to another.
 Time and date are kinds of information that are dynamic in that they change
from moment to moment.
 To prepare dynamic documents: Common Gateway Interface (CGI)(Used
earlier),today options include Java Server Pages (JSP), Active Server Pages
(ASP), ColdFusion(Embed SQL+HTTP)
 Active Documents
 For many applications, we need a program or a script to be run at the client
site. These are called active documents.
 For example, suppose we want to run a program that creates animated
graphics on the screen or a program that interacts with the user.
 When a browser requests an active document, the server sends a copy of the
document or a script.
 The document is then run at the client (browser) site.
 Methods to prepare such documents: Java applets and Java Scripts
 File Transfer Protocol (FTP) is the standard protocol provided
by TCP/IP for copying a file from one host to another.
 Some of concerns that should be considered before transferring
files: two systems may use different file name conventions, two
systems may have different ways of data representation, two
systems may have different directory structures.
 All of these problems have been solved by FTP in a very simple
and elegant approach.
 Although we can transfer files using HTTP, FTP is a better
choice to transfer large files or to transfer files using different
formats.
FTP
• Separation of commands and data transfer makes FTP more
efficient.
 The two connections in FTP have different lifetimes.
 The control connection remains connected during the entire
interactive FTP session.
 The data connection is opened and then closed for each file
transfer activity.
 It opens each time commands that involve transferring files are
used, and it closes when the file is transferred.
 FTP uses two well-known TCP ports: port 21 is used for the
control connection, and port 20 is used for the data connection.
 Communication is achieved through commands and responses.
 During this control connection, commands are sent from the
client to the server and responses are sent from the server to the
client.
 Every FTP command generates at least one response.
 A response has two parts: a three-digit number followed by text.
The numeric part defines the code; the text part defines needed
parameters or further explanations.
 The first digit defines the status of the command.
 The second digit defines the area in which the status applies.
 The third digit provides additional information.
Control Connection
Fig: Some FTP commands
Control Connection

Table: Some responses in FTP

 Data connection is used to transfer files.
 Before sending the file through the data connection, we prepare for
transmission through the control connection.
 The heterogeneity problem is resolved by defining three attributes of
communication: file type, data structure, and transmission mode
 File Type
 FTP can transfer one of the following file types across the data
connection: ASCII file, EBCDIC file, or image file.
 Data Structure
 FTP can transfer a file across the data connection using one of the
following interpretations of the structure of the data: file structure,
record structure, or page structure.
 The file structure format (used by default) has no structure.
 It is a continuous stream of bytes.
 In the record structure, the file is divided into records.
 This can be used only with text files.
 In the page structure, the file is divided into pages, with each
page having a page number and a page header. The pages can be
stored and accessed randomly or sequentially.
 Transmission Mode
 FTP can transfer a file across the data connection using one of the
following three transmission modes: stream mode, block mode, or
compressed mode.
 The stream mode is the default mode; data are delivered from FTP to
TCP as a continuous stream of bytes.
 In the block mode, data can be delivered from FTP to TCP in blocks.
 In this case, each block is preceded by a 3-byte header.
 The first byte is called the block descriptor; the next two bytes define the
size of the block in bytes.
 File Transfer
 File transfer occurs over the data connection under the control of the
commands sent over the control connection.
 It involves either of them: retrieving a file (server to client), storing a file
(client to server), and directory listing (server to client).
FTP:Example
 Electronic mail (or e-mail) allows users to exchange messages.
 In HTTP or FTP, the server program is running all the time,
waiting for a request from a client. When the request arrives, the
server provides the service.
 In case of electronic mail, the situation is different.
 First, e-mail is considered a one-way transaction. When one
client sends an email second party, it may expect a response, but
this is not a mandate.
 The second party may or may not respond. If he does respond, it
is another one-way transaction.
 Second the users run only client programs when they want and
the intermediate servers apply the client/server paradigm.
E-Mail
 User Agent
 The first component of an electronic mail system is the user
agent (UA).
 It provides service to the user to make the process of sending
and receiving a message easier.
 A user agent is a software package (program) that composes,
reads, replies to, and forwards messages.
 It also handles local mailboxes on the user computers.
 There are two types of user agents: command-driven and
GUI-based.
 Some examples of command driven user agents are mail,
pine, and elm.
 Some examples of GUI-based user agents are Eudora and
Outlook.
 Sending mail has header and the body.
 The header of the message defines the sender, the receiver, the subject of the
message, and some other information. The body of the message contains the
actual information to be read by the recipient.

Fig: E-mail address

 Message Transfer Agent: SMTP
 E-mail is one of those applications that needs three uses of
client-server paradigms to accomplish its task.
 The formal protocol that defines the MTA client and server in
the Internet is called Simple Mail Transfer Protocol (SMTP).
 SMTP is used two times, between the sender and the
sender’s mail server and between the two mail servers.
 Commands and Responses
 SMTP uses commands and responses to transfer messages
between an MTA client and an MTA server.
 The command is from an MTA client to an MTA server; the
response is from an MTA server to the MTA client
 The process of transferring a mail message occurs in three
phases: connection establishment, mail transfer, and
connection termination.
SMTP commands
SMTP Responses
 The process of transferring a mail message occurs in three
phases: connection establishment, mail transfer, and
connection termination.
 I.Connection Establishment :After a client has made a TCP
connection to the well known port 25, the SMTP server starts
the connection phase. This phase involves the following three
steps:
1. The server sends code 220 (service ready) to tell the client
that it is ready to receive mail. If the server is not ready, it sends
code 421 (service not available).
2. The client sends the HELO message to identify itself, using
its domain name address. This step is necessary to inform the
server of the domain name of the client.
3. The server responds with code 250 (request command
completed) or some other code depending on the situation.
 II.Message Transfer After connection has been established
between the SMTP client and server, a single message
between a sender and one or more recipients can be
exchanged. This phase involves eight steps
1.The client sends the MAIL FROM(mailbox and the domain
name) message to introduce the sender of the message.
2. The server responds with code 250(Request complete) or
some other appropriate code.
3. The client sends the RCPT TO (recipient) message, which
includes the mail address of the recipient.
4. The server responds with code 250(Request complete) or
some other appropriate code.
5. The client sends the DATA message to initialize the message
transfer.
2. The server responds with code 250(Request complete) or
some other appropriate code.
3. The client sends the RCPT TO (recipient) message, which
includes the mail address of the recipient.
4. The server responds with code 250(Request complete) or
some other appropriate code.
5. The client sends the DATA message to initialize the message
transfer.
6. The server responds with code 354 (start mail input) or
some other appropriate message.
7. The client sends the contents of the message in consecutive
lines
8. The server responds with code 250 (OK) or some other
appropriate code.
 III.Connection Termination :After the message is transferred
successfully, the client terminates the connection. This phase
involves two steps.
1. The client sends the QUIT command.
2. The server responds with code 221 or some other appropriate
code.
Mail-transfer phases: Examples
Message Access Agent: POP and IMAP
 SMTP is a push protocol; it pushes the message from the client
to the server Or the direction of the bulk data (messages) is from
the client to the server.
 The third stage needs a pull protocol; the client must pull
messages from the server. The direction of the bulk data is from
the server to the client.
 The third stage uses a message access agent.
 Two message access protocols are available: Post Office
Protocol, version 3 (POP3) and Internet Mail Access Protocol,
version 4 (IMAP4).
 Mail access starts with the client when the user needs to download its
e-mail from the mailbox on the mail server.
 The client opens a connection to the server on TCP port 110.
 It then sends its user name and password to access the mailbox. The
user can then list and retrieve the mail messages, one by one.
 POP3 has two modes: the delete mode and the keep mode
 IMAP4 is similar to POP3, but it has more features; IMAP4 is
more powerful and more complex.
 POP3 is deficient in several ways.
 It does not allow the user to organize its mail on the server;
the user cannot have different folders on the server.
 In addition, POP3 does not allow the user to partially check
the contents of the mail before downloading.
 IMAP4 provides the following extra functions:
 A user can check the e-mail header prior to downloading.
 A user can search the contents of the e-mail for a specific
string of characters prior to downloading.
 IMAP4 provides the following extra functions:
 A user can check the e-mail header prior to downloading.
 A user can search the contents of the e-mail for a specific string
of characters prior to downloading.
 A user can partially download e-mail. This is especially useful if
bandwidth is limited and the e-mail contains multimedia with
high bandwidth requirements.
 User can create a hierarchy of mailboxes in a folder for e-mail
storage
 A server program can provide a specific service to its
corresponding client program.
 For example, the FTP server is designed to let the FTP client
store or retrieve files on the server site.
 For example, if a student needs to use the Java compiler program
at her university lab, there is no need for a Java compiler client
and a Java compiler server.
 The student can use a client logging program to log into the
university server and use the compiler program at the university.
 These generic client/server pairs as remote logging applications.
 One of the original remote logging protocols is TELNET, which
is an abbreviation for TErminaL NETwork
 Although TELNET requires a logging name and password, it
is vulnerable to hacking because it sends all data including the
password in plaintext (not encrypted).
 A hacker can eavesdrop and obtain the logging name and
password.
 Because of this security issue, the use of TELNET has
diminished in favour of another protocol, Secure Shell (SSH),
 Although TELNET is almost replaced by SSH, TELNET is
used for two reasons.
1.Like TELNET the concept of remote logging, is also used in
SSH when it serves as a remote logging protocol.
2. Network administrators often use TELNET for diagnostic
and debugging purposes
 TELNET:Local versus Remote Logging
 When a user logs into a local system, it is called local logging.
 However, when a user wants to access an application program or
utility located on a remote machine, it performs remote logging.
Here the TELNET client and server programs come into use.
 The user sends the keystrokes to the terminal driver where the
local operating system accepts the characters but does not
interpret them.
 The characters are sent to the TELNET client, which transforms
the characters into a universal character set called Network
Virtual Terminal (NVT) characters and delivers them to the local
TCP/IP stack.
 The commands or text, in NVT form, travel through the Internet
and arrive at the TCP/IP stack at the remote machine.
 Here the characters are delivered to the operating system and
passed to the TELNET server, which changes the characters to the
corresponding characters understandable by the remote computer.
 However, the characters cannot be passed directly to the operating
system because the remote operating system is not designed to
receive characters from a TELNET server; it is designed to
receive characters from a terminal driver.
 The solution is to add a piece of software called a pseudoterminal
driver, which pretends that the characters are coming from a
terminal.
 The operating system then passes the characters to the appropriate
application program.
 The mechanism to access a remote computer is complex. This is
because every computer and its operating system accepts a special
combination of characters as tokens.
 Heterogeneous systems are dealt with across networks.
 If we want to access any remote computer in the world, we must first
know what type of computer we will be connected to, and we must also
install the specific terminal emulator used by that computer.
 TELNET solves this problem by defining a universal interface called
the Network Virtual Terminal (NVT) character set.
 Via this interface, the client TELNET translates characters (data or
commands) that come from the local terminal into NVT form and
delivers them to the network.
 The server TELNET, on the other hand, translates data and commands
from NVT form into the form acceptable by the remote computer.
Concept of NVT
 User Interface
 The operating system (UNIX, for example) defines an interface
with user-friendly commands.

Table: Examples of interface commands

 To identify an entity, TCP/IP protocols use the IP address, which uniquely
identifies the connection of a host to the Internet.
 However, people prefer to use names instead of numeric addresses.
Therefore, the Internet needs to have a directory system that can map a name to
an address.
 A central directory system can hold all the mapping.
 But, if the central computer fails, the whole communication network will
collapse.
 A better solution is to distribute the information among many computers in the
world.
 In this method, the host that needs mapping can contact the closest computer
holding the needed information.
 This method is used by the Domain Name System (DNS).
 How TCP/IP uses a DNS client and a DNS server to map a name to an address.
 A user wants to use a file transfer client to access the corresponding file transfer
server running on a remote host.
 The user knows only the file transfer server name, such as a filesource.com.
 However, the TCP/IP suite needs the IP address of the file transfer server to
make the connection.

Fig: Purpose of DNS

The following six steps map the host name to an IP address:
1. The user passes the host name to the file transfer client.
2. The file transfer client passes the host name to the DNS client.
3. Each computer, after being booted, knows the address of one DNS server. The
DNS client sends a message to a DNS server with a query that gives the file
transfer server name using the known IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer server.
5. The DNS server passes the IP address to the file transfer client.
6. The file transfer client now uses the received IP address to access the file
transfer server.
-Here at least two connections are needed in this case. The first is for mapping
the name to an IP address; the second is for transferring files.
-In iterative resolution, each server that does not know the mapping sends
the IP address of the next server back to the one that requested it
 SNMP is an application-level protocol in which a few manager stations control
a set of agents.
 The protocol is designed at the application level so that it can monitor devices
made by different manufacturers and installed on different physical networks.
 SNMP is a framework for managing devices in an internet using the TCP/IP
protocol suite.
 It provides a set of fundamental operations for monitoring and maintaining an
internet.
 SNMP uses the concept of manager and agent. That is, a manager, usually a
host, controls and monitors a set of agents, usually routers or servers.
 A management station, called a manager, is a host that runs the SNMP client
program.
 A managed station, called an agent, is a router (or a host) that runs the SNMP
server program.
 Management is achieved through simple interaction between a manager and an
agent.
 The management with SNMP is based on three basic ideas:
1. A manager checks an agent by requesting information that reflects the behavior
of the agent.
2. A manager forces an agent to perform a task by resetting values in the agent
database.
3. An agent contributes to the management process by warning the manager of an
unusual situation.
 Management Components
 Management on the Internet is done through the cooperation of three
protocols: SNMP, SMI (Structure of Management Information) , and
MIB (Management Information Base).

Fig: Components of network management on the

Internet
An analogy

Fig: Comparing computer programming

and network management
 SMI is a guideline for SNMP. It emphasizes three attributes to handle an
object: name, data type, and encoding method. Its functions are:
 To name objects.
 To define the type of data that can be stored in an object.
 To show how to encode data for transmission over the network.
Table: Data types
SMI
-SMI uses another
standard,
Basic Encoding
Rules (BER), to
encode data to be
transmitted
over the network.
BER specifies that
each piece of data
be encoded in
triplet format
Fig: Encoding format
Table: Codes for data types
 Each agent has its own MIB2, which is a collection of all the objects that
the manager can manage.
 The objects in MIB2 are categorized under several groups: system,
interface, address translation, ip, icmp, tcp, udp, egp, transmission, and
snmp.

Fig: Some mib-2 groups

 SNMP uses both SMI and MIB in Internet network management. It is an
application program that allows:
 A manager to retrieve the value of an object defined in an agent.
 A manager to store a value in an object defined in an agent.
 An agent to send an alarm message about an abnormal situation to the
manager.

Fig: SNMP PDUs(Protocol data unit)

SNMP PDU format

Table: PDU types

SNMP PDU Format

Fig: Types of errors

 Goals
Authentication
Confidentiality
Integrity

[Ref] “Report on Lightweight Cryptography” NIST US department of commerce

DRAFT NIST 8114 2016
 There are three security goals: confidentiality, integrity, and
availability.
 Confidentiality is the most common aspect of information
security. We need to protect our confidential information. An
organization needs to guard against those malicious actions that
endanger the confidentiality of its information
 Information has to be concealed during transmission.
 Integrity means that changes need to be done only by authorized
entities and through authorized mechanisms.
 Integrity violation is not necessarily the result of a malicious act;
an interruption in the system, such as a power surge, may also
create unwanted changes in some information.
 The third component of information security is Availability. The
information created and stored by an organization needs to be
available to authorized entities.
Security attacks
 Some security services can be implemented using cryptography to
achieve security goals and prevent attacks.
 In the past cryptography referred only to the encryption and
decryption of messages using secret keys, today it is defined as
involving three distinct mechanisms: symmetric-key
encipherment, asymmetric-key encipherment, and hashing.
 The third component of information security is Availability. The
information created and stored by an organization needs to be
available to authorized entities.
 Confidentiality can be achieved using ciphers.
 Ciphers can be divided into two broad categories: symmetric key
and asymmetric-key.
 Symmetric-Key Ciphers
 A symmetric-key cipher uses the same key for both encryption and
decryption, and the key can be used for bidirectional communication,
which is why it is called symmetric.
 The original message is called plaintext; the message that is sent
through the channel is called ciphertext. To create the ciphertext from
the plaintext, uses an encryption algorithm and a shared secret key.
 To create the plaintext from ciphertext, uses a decryption algorithm
and the same secret key. We refer to encryption and decryption
algorithms as ciphers. A key is a set of values (numbers) that the cipher,
as an algorithm, operates on.
Symmetric-key cipher

Fig: General idea of a symmetric-key cipher

 A substitution cipher replaces one symbol with another. If the
symbols in the plaintext are alphabetic characters, we replace one
character with another.
 A substitution cipher replaces one symbol with another.

Fig: Representation of plaintext and

ciphertext characters in modulo 26
 Transposition cipher does not substitute one symbol for another;
instead it changes the location of the symbols. A symbol in the
first position of the plaintext may appear in the tenth position of
the ciphertext.
 A transposition cipher reorders symbols.
Transposition cipher
 Stream Cipher In a stream cipher, encryption and decryption are done one
symbol (such as a character or a bit) at a time.
 Block Ciphers In a block cipher, a group of plaintext symbols of size m (m > 1)
are encrypted together, creating a group of ciphertext of the same size.
 Modern Block Ciphers
 A symmetric-key modern block cipher encrypts an n-bit block of plaintext or
decrypts an n-bit block of ciphertext. The encryption or decryption algorithm
uses a k-bit key.
 To provide an attack-resistant cipher, a modern block cipher is made of a
combination of transposition units (sometimes called P-boxes), substitution
units (sometimes called S-boxes), and exclusive-OR (XOR) operations, as well
as shifting elements, swapping elements, splitting elements, and combining
elements.

Fig: A modern block cipher

Components of a modern block cipher
 DES: is an example of a modern block cipher.
 At the encryption site, DES takes a 64-bit plaintext and creates a 64-bit
ciphertext; at the decryption site, DES takes a 64-bit ciphertext and creates a 64-
bit block of plaintext.
 The same 56-bit cipher key is used for both encryption and decryption.
 The initial permutation takes a 64-bit input and permutes them according to a
predefined rule. The final permutation is the inverse of the initial permutation.
These two permutations cancel the effect of each other. In other words, if the
rounds are eliminated from the structures, the ciphertext is the same as the
plaintext.
 Rounds: DES uses 16 rounds. Each round of DES is an invertible (Feistel)
transformation.
 The DES function applies a 48-bit key to the rightmost 32 bits (Ri−1) to
produce a 32-bit output.
 Key Generation The round-key generator creates sixteen 48-bit keys out of a
56-bit cipher key.
General structure of DES
DES function
Key generation
 At the network layer, security is applied between two hosts, two routers, or a
host and a router.
 The purpose of network-layer security is to protect those applications that use
the service of the network layer directly, such as routing protocols.
 Those applications that use the service of UDP can also benefit from this service
because UDP is a connectionless protocol and transport-layer security protocols,
cannot be applied to UDP.
 IP Security(IPSec) is a collection of protocols designed by the Internet
Engineering Task Force (IETF) to provide security for a packet at the network
level.
 IPSec helps create authenticated and confidential packets for the IP layer.
 IPSec operates in one of two different modes: transport mode or tunnel mode.
 IPSec in transport mode does not protect the IP header; it only protects the
payload coming from the transport layer.
 Transport mode is normally used when we need host-to-host (end-to-end)
protection of data.

Fig: IPSec in transport mode

Transport mode in action
 In tunnel mode, IPSec protects the entire IP packet. It takes an IP
packet, including the header, applies IPSec security methods to the
entire packet, and then adds a new IP header.
 IPSec in tunnel mode protects the original IP header.

Fig: IPSec in tunnel mode

Tunnel mode in action
Transport mode versus tunnel
mode
 IPSec defines two protocols ⎯the Authentication Header (AH) Protocol and
the Encapsulating Security Payload (ESP) Protocol⎯ to provide authentication
and/or encryption for packets at the IP level.
 Authentication Header (AH)
 The AH protocol provides source authentication and data
integrity, but not privacy.
 The Authentication Header (AH) protocol is designed to authenticate the
source host and to ensure the integrity of the payload carried in the IP packet.
 The protocol uses a hash function and a symmetric (secret) key to create a
message digest; the digest is inserted in the authentication header. The AH is
then placed in the appropriate location, based on the mode (transport or tunnel).
Authentication Header (AH) protocol
 Next Header. The 8-bit next header field defines the type of payload
carried by the IP datagram (such as TCP, UDP, ICMP, or OSPF).
 Payload Length. It does not define the length of the payload; it defines
the length of the authentication header in 4-byte multiples.
 Security Parameter Index. The 32-bit security parameter index (SPI)
field plays the role of a virtual circuit identifier and is the same for all
packets sent during a connection.
 Sequence Number. A 32-bit sequence number provides ordering
information for a sequence of datagrams.
 Authentication Data. Finally, the authentication data field is the result of
applying a hash function to the entire IP datagram
 The AH protocol does not provide confidentiality, only source authentication
and data integrity.
 IPSec later defined an alternative protocol, Encapsulating Security Payload
(ESP), that provides source authentication, integrity, and confidentiality.
 Note that ESP’s authentication data are added at the end of the packet, which
makes its calculation easier.
 The ESP procedure follows these steps:
1. An ESP trailer is added to the payload.
2. The payload and the trailer are encrypted.
3. The ESP header is added.
4. The ESP header, payload, and ESP trailer are used to create the authentication
data.
5. The authentication data are added to the end of the ESP trailer.
6. The IP header is added after changing the protocol value to 50.
Encapsulating Security Payload
(ESP)
 The fields for the header and trailer are as follows:
 Security Parameter Index. The 32-bit security parameter index field is similar
to the one defined for the AH protocol.
 Sequence Number. The 32-bit sequence number field is similar to the one
defined for the AH protocol.
 Padding. This variable-length field (0 to 255 bytes) of 0s serves as padding.
 Pad Length. The 8-bit pad-length field defines the number of padding bytes.
The value is between 0 and 255.
 Next Header. The 8-bit next-header field is similar to that defined in the AH
protocol.It serves the same purpose as the protocol field in the IP header before
encapsulation.
 Authentication Data. Finally, the authentication data field is the result of
applying an authentication scheme to parts of the datagram.
 Note: 1.IPSec supports both IPv4 and IPv6. In IPv6, however, AH and ESP are
part of the extension header.
 2.ESP does whatever AH does with additional functionality (confidentiality).
Services Provided by IPSec
 Security at the transport layer provides security for the application
layer, which uses the services of TCP (or SCTP) as a connection-
oriented protocol.
 Before the messages of these applications are encapsulated in TCP,
they are encapsulated in the security protocol packets.
 Those applications that use the services of UDP cannot benefit
from these security services because the nature of security
requires connection establishment between the two entities.
 Two protocols are dominant today for providing security at the
transport layer: the Secure Sockets Layer (SSL) protocol and the
Transport Layer Security (TLS) protocol.
 Some of the goals of these protocols(SSL,TLS) are to provide
server and client authentication, data confidentiality, and data
integrity.
 Application-layer client/server programs such as HTTP, that use
the services of TCP can encapsulate their data in SSL packets
(HTTPS).

Fig: Location of SSL and TLS in the Internet model

 SSL is designed to provide security and compression services to data generated
from the application layer.
 Typically, SSL can receive data from any application-layer protocol, but usually
the protocol is HTTP.
 The data received from the application is compressed(optional), signed, and
encrypted. The data is then passed to a reliable transport-layer protocol such as
TCP.
 Services: SSL provides several services on data received from the application
layer.
 Fragmentation. First, SSL divides the data into blocks of 214 bytes or less.
 Compression. Each fragment of data is compressed using one of the lossless
compression methods negotiated between the client and server. This service is
optional.
 Services: SSL provides several services on data received from the application
layer.
 Fragmentation. First, SSL divides the data into blocks of 214 bytes or less.
 Compression. Each fragment of data is compressed using one of the lossless
compression methods negotiated between the client and server. This service is
optional.
 Message Integrity. To preserve the integrity of data, SSL uses a keyed-hash
function to create a MAC.
 Confidentiality. To provide confidentiality, the original data and the MAC are
encrypted using symmetric-key cryptography.
 Framing. A header is added to the encrypted payload. The payload is then
passed to a reliable transport-layer protocol.
 Key Exchange Algorithms
 To exchange an authenticated and confidential message, the client and the server
each need a set of cryptographic secrets. However, to create these secrets, one
pre-master secret must be established between the two parties.
Encryption/Decryption Algorithms
The client and server also need to agree to a set of encryption and decryption
algorithms.
 Hash Algorithms
SSL uses hash algorithms to provide message integrity (message authentication).
Several hash algorithms have been defined for this purpose.
 Cipher Suite
The combination of key exchange, hash, and encryption algorithms defines a
cipher suite for each SSL session.
 Compression Algorithms
Compression is optional in SSL.
 Cryptographic Parameter Generation
To achieve message integrity and confidentiality, SSL needs six cryptographic
secrets: four keys and two IVs (initialization vectors).
 Extractions of cryptographic secrets from key material
Calculation of master secret from pre-master
secret
 Calculation of key material from master secret
Four SSL protocols
 The Record Protocol is the carrier. It carries messages from
three other protocols as well as the data coming from the
application layer. Messages from the Record Protocol are payloads
to the transport layer, normally TCP.
 The Handshake Protocol provides security parameters for the
Record Protocol. It establishes a cipher set and provides keys and
security parameters.
 It also authenticates the server to the client and the client to the
server if needed.
 The ChangeCipherSpec Protocol is used for signalling the
readiness of cryptographic secrets.
 The Alert Protocol is used to report abnormal conditions.
 The Handshake Protocol uses messages to negotiate the cipher
suite, to authenticate the server to the client and the client to the
server if needed, and to exchange information for building the
cryptographic secrets.
 The handshaking is done in four phases:

Fig: Handshake Protocol

 Handshake Protocol provides cipher suite and other secure parameters.
 The question now is: When can the two parties use these parameters or
secrets?
 SSL mandates that the parties cannot use these parameters or secrets
until they have sent or received a special message, the
ChangeCipherSpec message, which is exchanged during the Handshake
Protocol and defined in the ChangeCipherSpec Protocol.
 The sender and the receiver need two states, not one.
 One state, the pending state, keeps track of the parameters and secrets.
 In other state, the active state, holds parameters and secrets used by the
Record Protocol to sign/verify or encrypt/decrypt messages.
 In addition, each state holds two sets of values: read (inbound) and write
(outbound).
 SSL uses the Alert Protocol for reporting errors and abnormal
conditions.
 It uses only one message that describes the problem and its level
(warning or fatal).
 Record Protocol
 The Record Protocol carries messages from the upper layer
(Handshake Protocol, ChangeCipherSpec Protocol, Alert Protocol,
or application layer).
 The message is fragmented and optionally compressed; a MAC is
added to the compressed message using the negotiated hash
algorithm.
 The compressed fragment and the MAC are encrypted using the
negotiated encryption algorithm.
 Finally, the SSL header is added to the encrypted message.
Record Protocol

Fig: Processing done by the Record Protocol

 The HyperText Transfer Protocol (HTTP) is used to define how the client-
server programs can be written to retrieve web pages from the Web.
 An HTTP client sends a request; an HTTP server returns a response. The server
uses the port number 80; the client uses a temporary port number.to respond to
the message received.
 HTTP uses the services of TCP i.e is a connection-oriented and reliable
protocol.
 It implies before any transaction between the client and the server can take
place, a connection needs to be established between them. After the transaction,
the connection should be terminated.
 Nonpersistent versus Persistent Connections
 The hypertext concept embedded in web page documents may require several
requests and responses.
 Non-persistent Connections
 In a nonpersistent connection, one TCP connection is made for
each request/response.
 The following lists the steps in this strategy:
 1. The client opens a TCP connection and sends a request.
 2. The server sends the response and closes the connection.
 3. The client reads the data until it encounters an end-of-file
marker; it then closes the connection.
 In this strategy, if a file contains links to N different pictures in
different files (all located on the same server), the connection
must be opened and closed N + 1 times.
 The non-persistent strategy imposes high overhead on the server
because the server needs N + 1 different buffers each time a
connection is opened.
Non-persistent Connections
Persistent Connections
 HTTP version 1.1 specifies a persistent connection by default. In a persistent
connection, the server leaves the connection open for more requests after
sending a response.
 The server can close the connection at the request of a client or if a time-out
has been reached.
 The sender usually sends the length of the data with each response.
 When the sender does not know the length of the data(for dynamic or active
documents), the server informs the client that the length is not known and
closes the connection after sending the data so the client knows that the end of
the data has been reached.
 Time and resources are saved using persistent connections.
 Only one set of buffers and variables needs to be set for the connection at each
site.
 The round trip time for connection establishment and connection termination is
saved.
HTTP:Message Formats

Fig: Formats of the request and response messages

HTTP:Request Message
The method field defines the request types.

Table:Several methods defined in HTTP

HTTP:Request messages
It contains the comment to be sent or the file to be published on the
website when the method is PUT or POST.
Table: Request header names
HTTP:Response messages

Table: Response header names