1Networking OverviewCS 161: Computer SecurityProf. Vern PaxsonTAs: Devdatta Akhawe, Mobin Javed& Matthias Vallentinhttp://inst.eecs.berkeley.edu/~cs161/February 1, 20112Focus For Todayʼs Lecture• Sufficient background in networking to thenexplore security issues in next 3 lectures– Networking = the Internet• Complex topic with many facets– We will omit concepts/details that aren’t very security-relevant– We’ll mainly look at IP, TCP, DNS and DHCP• Networking is full of abstractions– Goal is for you to develop apt mental models /analogies– ASK questions when things are unclearo (but we may skip if not ultimately relevant for security, or postpone if question itself is directly about security)3Key Concept #1: Protocols• A protocol is an agreement on how tocommunicate• Includes syntax and semantics– How a communication is specified & structuredo Format, order messages are sent and received– What a communication meanso Actions taken when transmitting, receiving, or timer expires• E.g.: asking a question in lecture?1.Raise your hand.2.Wait to be called on.3.Or: wait for speaker to pause and vocalize4.If unrecognized (after timeout): vocalize w/ “excuse me”Example: IP Packet Header4-bitVersion4-bitHeaderLength8-bitType of Service(TOS)16-bit Total Length (Bytes)16-bit Identification3-bitFlags13-bit Fragment Offset8-bit Time to Live (TTL)8-bit Protocol16-bit Header Checksum32-bit Source IP Address32-bit Destination IP AddressPayload20-byte20-byteheaderheaderIP = Internet Protocol5Key Concept #2: Dumb Network• Original Internet design: interior nodes (“routers”)have no knowledge* of ongoing connections goingthrough them• Not: how you picture the telephone system works– Which internally tracks all of the active voice calls• Instead: the postal system!– Each Internet message (“packet”) self-contained– Interior “routers” look at destination address to forward– If you want smarts, build it “end-to-end”– Buys simplicity & robustness at the cost of shiftingcomplexity into end systems* Today’s Internet is full of hacks that violate this6Key Concept #3: Layering• Internet design is strongly partitioned into layers– Each layer relies on services provided by next layerbelow …– … and provides services to layer above it• Analogy:– Consider structure of anapplication you’ve writtenand the “services” eachlayer relies on / providesCode You WriteRun-Time LibrarySystem CallsDevice DriversVoltage Levels /Magnetic Domains}Fullyisolatedfrom userprograms7Internet Layering (“Protocol Stack”)ApplicationTransport(Inter)NetworkLinkPhysical743218Layer 1: Physical LayerApplicationTransport(Inter)NetworkLinkPhysical74321Encoding bits to send themover a single physical link e.g. patterns of voltage levels / photon intensities / RF modulation9Layer 2: Link LayerApplicationTransport(Inter)NetworkLinkPhysical74321Framing and transmission of acollection of bits into individualmessages sent across asingle “subnetwork” (onephysical technology)Might involve multiple physicallinks (e.g., modern Ethernet)Often technology supportsbroadcast transmission (every“node” connected to subnetreceives)10Layer 3: (Inter)Network LayerApplicationTransport(Inter)NetworkLinkPhysical74321Bridges multiple “subnets” toprovide end-to-end internetconnectivity between nodes• Provides global addressingWorks across different linktechnologies}Different for eachInternet “hop”11Layer 4: Transport LayerApplicationTransport(Inter)NetworkLinkPhysical74321End-to-end communicationbetween processesDifferent services provided: TCP = reliable byte stream UDP = unreliable datagrams12Layer 7: Application LayerApplicationTransport(Inter)NetworkLinkPhysical74321Communication of whateveryou wishCan use whatevertransport(s) is convenientFreely structuredE.g.: Skype, SMTP (email), HTTP (Web), Halo, BitTorrent13Internet Layering (“Protocol Stack”)ApplicationTransport(Inter)NetworkLinkPhysical74321}Implemented only at hosts,not at interior routers(“dumb network”)14Internet Layering (“Protocol Stack”)ApplicationTransport(Inter)NetworkLinkPhysical74321}Implemented everywhere15Internet Layering (“Protocol Stack”)ApplicationTransport(Inter)NetworkLinkPhysical74321}Different for eachInternet “hop”~Same for each Internet “hop”}16Hop-By-Hop vs. End-to-End LayersHost AHost BHost EHost DHost CRouter 1Router 2Router 3Router 4Router 5Router 6Router 7Host A communicates with Host D17Hop-By-Hop vs. End-to-End LayersHost AHost BHost EHost DHost CRouter 1Router 2Router 3Router 4Router 5Router 6Router 7Host A communicates with Host D Different Physical & Link Layers (Layers 1 & 2)E.g., Wi-FiE.g., Ethernet18Hop-By-Hop vs. End-to-End LayersHost AHost BHost EHost DHost CRouter 1Router 2Router 3Router 4Router 5Router 6Router 7Host A communicates with Host D Same Network / Transport / Application Layers (3/4/7)(Routers ignore Transport & Application layers)E.g., HTTP over TCP over IP19Layer 3: (Inter)Network LayerApplicationTransport(Inter)NetworkLinkPhysical74321Bridges multiple “subnets” toprovide end-to-end internetconnectivity between nodes• Provides global addressingWorks across different linktechnologiesIP Packet Structure4-bitVersion4-bitHeaderLength8-bitType of Service(TOS)16-bit Total Length (Bytes)16-bit Identification3-bitFlags13-bit Fragment Offset8-bit Time to Live (TTL)8-bit Protocol16-bit Header Checksum32-bit Source IP Address32-bit Destination IP AddressOptions (if any)PayloadIP Packet Structure4-bitVersion4-bitHeaderLength8-bitType of Service(TOS)16-bit Total Length (Bytes)16-bit Identification3-bitFlags13-bit Fragment Offset8-bit Time to Live (TTL)8-bit Protocol16-bit Header Checksum32-bit Source IP Address32-bit Destination IP AddressOptions (if any)Payload22IP Packet Header Fields• Version number (4 bits)– Indicates the version of the IP protocol– Necessary to know what other fields to expect– Typically “4” (for IPv4), and sometimes “6” (for IPv6)• Header length (4 bits)– Number of 32-bit words in the header– Typically “5” (for a 20-byte IPv4 header)– Can be more when IP options are used• Type-of-Service (8 bits)– Allow packets to be treated differently based on needs– E.g., low delay for audio, high bandwidth for bulk transferIP Packet Structure4-bitVersion4-bitHeaderLength8-bitType of Service(TOS)16-bit Total Length (Bytes)16-bit Identification3-bitFlags13-bit Fragment Offset8-bit Time to
View Full Document
Unlocking...