1Networking OverviewCS 161 - Computer SecurityProfs. Vern Paxson & David WagnerTAs: John Bethencourt, Erika Chin, Matthew Finifter,Cynthia Sturton, Joel Weinbergerhttp://inst.eecs.berkeley.edu/~cs161/Feb 8, 20102Focus For Todayʼs Lecture• Sufficient background in networking to thenexplore security issues in next 4 lectures– Networking = the Internet• Complex topic with many facets– We will omit concepts/details that aren’t very security-relevant– We’ll mainly look at IP, TCP, DNS and DHCP• Networking is full of abstractions– Goal is for you to develop apt mental models /analogies– ASK questions when things are unclearo (but we may skip if not ultimately relevant for security, or postpone if question itself is directly about security)3Key Concept #1: Dumb Network• Internet design: interior nodes (“routers”) have noknowledge* of ongoing connections going throughthem• Not: how you picture the telephone system works– Which internally tracks all of the active voice calls• Instead: the postal system!– Each Internet message (“packet”) self-contained– Interior “routers” look at destination address to forward– If you want smarts, build it “end-to-end”– Buys simplicity & robustness at the cost of shiftingcomplexity into end systems* Today’s Internet is full of hacks that violate this4Key Concept #2: Layering• Internet design is strongly partitioned into layers– Each layer relies on services provided by next layerbelow …– … and provides services to layer above it• Analogy:– Consider structure of anapplication you’ve writtenand the “services” eachlayer relies on / providesCode You WriteRun-Time LibrarySystem CallsDevice DriversVoltage Levels /Magnetic Domains}Fullyisolatedfrom userprograms5Internet Layering (“Protocol Stack”)ApplicationTransport(Inter)NetworkLinkPhysical743216Layer 1: Physical LayerApplicationTransport(Inter)NetworkLinkPhysical74321Encoding bits to send themover a single physical link e.g. patterns of voltage levels / photon intensities / RF modulation7Layer 2: Link LayerApplicationTransport(Inter)NetworkLinkPhysical74321Framing and transmission of acollection of bits into individualmessages sent across asingle “subnetwork” (onephysical technology)Might involve multiple physicallinks (e.g., modern Ethernet)Often technology supportsbroadcast transmission (every“node” connected to subnetreceives)8Layer 3: (Inter)Network LayerApplicationTransport(Inter)NetworkLinkPhysical74321Bridges multiple subnets toprovide end-to-end internetconnectivity between nodes• Provides global addressingWorks across different linktechnologies}Different for eachInternet “hop”9Layer 4: Transport LayerApplicationTransport(Inter)NetworkLinkPhysical74321End-to-end communicationbetween processesDifferent services provided: TCP = reliable byte stream UDP = unreliable datagrams10Layer 7: Application LayerApplicationTransport(Inter)NetworkLinkPhysical74321Communication of whateveryou wishCan use whatevertransport(s) is convenientFreely structuredE.g.: Skype, SMTP (email), HTTP (Web), Halo, BitTorrent11Internet Layering (“Protocol Stack”)ApplicationTransport(Inter)NetworkLinkPhysical74321}Implemented only at hosts,not at interior routers(“dumb network”)12Internet Layering (“Protocol Stack”)ApplicationTransport(Inter)NetworkLinkPhysical74321}Implemented everywhere13Hop-By-Hop vs. End-to-End LayersHost AHost BHost EHost DHost CRouter 1Router 2Router 3Router 4Router 5Router 6Router 7Host A communicates with Host D14Hop-By-Hop vs. End-to-End LayersHost AHost BHost EHost DHost CRouter 1Router 2Router 3Router 4Router 5Router 6Router 7Host A communicates with Host D Different Physical & Link Layers (Layers 1 & 2)E.g., Wi-FiE.g., Ethernet15Hop-By-Hop vs. End-to-End LayersHost AHost BHost EHost DHost CRouter 1Router 2Router 3Router 4Router 5Router 6Router 7Host A communicates with Host D Same Network / Transport / Application Layers (3/4/7)(Routers ignore Transport & Application layers)E.g., HTTP over TCP over IP16Key Concept #3: Protocols• A protocol is an agreement on how tocommunicate• Includes syntax and semantics– How a communication is specified & structuredo Format, order messages are sent and received– What a communication meanso Actions taken when transmitting, receiving, or timer expires• E.g.: asking a question in lecture?1.Raise your hand.2.Wait to be called on.3.Or: wait for speaker to pause and vocalize4.If unrecognized (after timeout): vocalize w/ “excuse me”Example: IP Packet Header4-bitVersion4-bitHeaderLength8-bitType of Service(TOS)16-bit Total Length (Bytes)16-bit Identification3-bitFlags13-bit Fragment Offset8-bit Time to Live (TTL)8-bit Protocol16-bit Header Checksum32-bit Source IP Address32-bit Destination IP AddressPayload20-byte20-byteheaderheader(Network layer / layer 3)IP = Internet Protocol18IP: “Best Effort” Packet Delivery• Routers inspect destination address, locate “nexthop” in forwarding table– Address = ~unique identifier/locator for the receiving host– (decrements TTL “Time To Live” field, drops packet if = 0)• Only provides a “I’ll give it a try” delivery service:– Packets may be lost– Packets may be corrupted– Packets may be delivered out of ordersourcedestinationIP network19“Best Effort” is Lame! What to do?• It’s the job of our Transport (layer 4) protocols tobuild services our apps need out of IP’s modestlayer-3 service• #1 workhorse: TCP (Transmission Control Protocol)• TCP service:– Connection oriented (explicit set-up / tear-down)o End hosts (processes) can have multiple concurrent long-liveddialog– Reliable, in-order, byte-stream deliveryo Robust detection & retransmission of lost data– Congestion controlo Dynamic adaptation to network path’s capacityo (Also adaptation to receiver’s ability to absorb data)20TCP “Stream of Bytes” ServiceByte 0Byte 1Byte 2Byte 3Byte 0Byte 1Byte 2Byte 3Host AHost BByte 80Byte 80Hosts don’t ever see packet boundaries, lostor corrupted packets, retransmissions, etc.21“Best Effort” is Lame! What to do?• It’s the job of our Transport (layer 4) protocols tobuild services our apps need out of IP’s modestlayer-3 service• #1 workhorse: TCP (Transmission Control Protocol)• TCP service:– Connection oriented (explicit set-up / tear-down)o End hosts (processes) can have multiple concurrent long-liveddialog– Reliable, in-order, byte-stream deliveryo
View Full Document