UNIT V

Transport Layer protocol

UDP Protocol

UDP provides connectionless, unreliable, datagram service. Connectionless service means that
there is no logical connection between the two ends exchanging messages. Each message is an
independent entity encapsulated in a datagram.

UDP does not see any relation (connection) between consequent datagram coming from the same source
and going to the same destination.

UDP has an advantage: it is message-oriented. It gives boundaries to the messages exchanged. An

application program may be designed to use UDP if it is sending small messages and the simplicity and
speed is more important for the application than reliability.

User Datagram

UDP packets, called user datagram, have a fixed-size header of 8 bytes made of four fields, each
of 2 bytes (16 bits).

The 16 bits can define a total length of 0 to 65,535 bytes. However, the total length needs to be
less because a UDP user datagram is stored in an IP datagram with the total length of 65,535 bytes. The
last field can carry the optional checksum
UDP Services
Process-to-Process Communication
UDP provides process-to-process communication using socket addresses, a combination of IP
addresses and port numbers.
Connectionless Services

As mentioned previously, UDP provides a connection less service. This means that each user datagram
sent by UDP is an independent datagram. There is no relationship between the different user data grams even if
they are coming from the same source process and going to the same destination program.

Flow Control
UDP is a very simple protocol. There is no flow control, and hence no window mechanism. The receiver
may overflow with incoming messages.

Error Control
There is no error control mechanism in UDP except for the checksum. This means that the sender does
not know if a message has been lost or duplicated.

Checksum
UDP checksum calculation includes three sections: a pseudo header, the UDP header, and the data
coming from the application layer. The pseudo header is the part of the header of the IP packet in which the

user datagram is to be encapsulated with some fields filled with 0s.

UDP Applications
UDP Features
Connectionless Service
As we mentioned previously,

UDP is a connectionless protocol. Each UDP packet is independent from other packets sent by
the same application program. This feature can be considered as an advantage or disadvanta8e
depending on the application requirements.


UDP does not provide error control; it provides an unreliable service. Most applications expect
reliable service from a transport-layer protocol. Although a reliable service is desirable.

Typical Applications


The following shows some typical applications that can benefit more from the services of UDP
UDP is suitable for a process that requires simple request-response communication with little
concern for flow and error control

UDP is suitable for a process with internal flow- and error-control mechanisms. For example, the
Trivial File Transfer Protocol (TFIP)

UDP is a suitable transport protocol for multicasting. Multicasting capability is embedded in the
UDP software

UDP is used for management processes such as SNMP

UDP is used for some route updating protocols such as Routing Information Protocol (RIP)

UDP is normally used for interactive real-time applications that cannot tolerate uneven delay
between sections of a received message
TCP Protocol
Transmission Control Protocol (TCP) is a connection-oriented, reliable protocol. TCP explicitly
defines connection establishment, data transfer, and connection teardown phases to provide a connection-
oriented service.

TCP Services
Process-to-Process Communication
As with UDP, TCP provides process-to-process communication using port numbers. We have
already given some of the port numbers used by TCP.

Stream Delivery Service

In UDP, a process sends messages with predefined boundaries to UDP for delivery. UDP adds its
own header to each of these messages and delivers it to IP for transmission.

TCP, on the other hand, allows the sending process to deliver data as a stream of bytes and allows the
receiving process to obtain data as a stream of bytes.

TCP creates an environment in which the two processes seem to be connected by an imaginary
"tube" that carries their bytes across the Internet.

Sending and Receiving Buffers

Because the sending and the receiving processes may not necessarily write or read data at the same rate,
TCP needs buffers for storage.
There are two buffers, the sending buffer and the receiving buffer, one for each direction.


At the sender, the buffer has three types of chambers. The white section contains empty chambers
that can be filled by the sending process (producer).

The colored area holds bytes that have been sent but not yet acknowledged.


The TCP sender keeps these bytes in the buffer until it receives an acknowledgment. The shaded
area contains bytes to be sent by the sending TCP.


The operation of the buffer at the receiver is simpler. The circular buffer is divided into two areas
(shown as white and colored).

The white area contains empty chambers to be filled by bytes received from the network.


The colored sections contain received bytes that can be read by the receiving process. When a byte
is read by the receiving process, the chamber is recycled and added to the pool of empty chambers.
Segments


Although buffering handles the disparity between the speed of the producing and consuming
Processes, we need one more step before we can send data.


The network layer, as a service provider for TCP, needs to send data in packets, not as a stream
of bytes. At the transport layer, TCP groups a number of bytes together into a packet called a
segment.


The segments are encapsulated in an IP datagram and transmitted. This entire operation is
transparent to the receiving process.
Format
The segment consists of a header of 20 to 60 bytes, followed by data from the application
program.The header is 20 bytes if there are no options and up to 60 bytes if it contains options.

Source port address This is a 16-bit field that defines the port number of the application program in the
host that is sending the segment.

Destination port address This is a 16-bit field that defines the port number of the application program
in the host that is receiving the segment.

Sequence number This 32-bit field defines the number assigned to the first byte of data contained in
this segment.

Acknowledgment number This 32-bit field defines the byte number that the receiver of the segment is
expecting to receive from the other party.

Header length This 4-bit field indicates the number of 4-byte words in the TCP header. The length of
the header can be between 20 and 60 bytes.

A TCP Connection

TCP is connection-oriented. a connection-oriented transport protocol establishes a logical path
between the source and destination.

All of the segments belonging to a message are then sent over this logical path.

TCP operates at a higher level. TCP uses the services of IP to deliver individual segments to the
receiver, but it controls the connection itself.

In TCP, connection-oriented transmission requires three phases: connection establishment, data
transfer, and connection termination.

Connection Establishment
TCP transmits data in full-duplex mode. When two TCPs in two machines are connected, they are able
to send segments to each other simultaneously.

Three- Way Handshaking

The connection establishment in TCP is called three-way handshaking. an application program, called
the client, wants to make a connection with another application program, called the server,
using TCP as the transport-layer protocol The process starts with the server. The server program tells its
TCP that it is ready to accept a connection. This request is called a passive open.

Although the server TCP is ready to accept a connection from any machine in the world, it
cannot make the connection itself.

The client program issues a request for an active open. A client that wishes to connect to
an open server tells its TCP to connect to a particular server.


A SYN segment cannot carry data, but it consumes one sequence number.

A SYN + ACK segment cannot carry data, but it does consume one sequence number.


An ACK segment, if carrying no data, consumes no sequence number.

Cryptography

Basic Concepts

Cryptography The art or science encompassing the principles and methods of transforming
an intelligible message into one that is unintelligible, and then retransforming that message
back to its original form

Plaintext The original intelligible message

 Cipher text The transformed message

Cipher An algorithm for transforming an intelligible message into one that is unintelligible by
transposition and/or substitution methods

Key Some critical information used by the cipher, known only to the sender& receiver

Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key

Decipher (decode) the process of converting cipher text back into plaintext using a
cipher and a key

Cryptanalysis The study of principles and methods of transforming an unintelligible

message back into an intelligible message without knowledge of the key. Also called
code breaking Cryptology Both cryptography and cryptanalysis

Code An algorithm for transforming an intelligible message into an unintelligible one

using a code-book

Cryptography

Cryptographic systems are generally classified along 3 independent dimensions:

Type of operations used for transforming plain text to cipher text

All the encryption algorithms are based on two general principles: substitution, in which
each element in the plaintext is mapped into another element, and transposition, in which
elements in the plaintext are rearranged.

The number of keys used

If the sender and receiver uses same key then it is said to be symmetric key (or)

single key (or) conventional encryption.

If the sender and receiver use different keys then it is said to be public key encryption.

The way in which the plain text is processed

A block cipher processes the input and block of elements at a time, producing output
block for each input block.

A stream cipher processes the input elements continuously, producing output element
one at a time, as it goes along.

Cryptanalysis

The process of attempting to discover X or K or both is known as cryptanalysis. The

strategy used by the cryptanalysis depends on the nature of the encryption scheme and the
information available to the cryptanalyst.
There are various types of cryptanalytic attacks based on the amount of information known to the
cryptanalyst.

Cipher text only – A copy of cipher text alone is known to the cryptanalyst.

Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext.

Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. They
cannot open it to find the key, however; they can encrypt a large number of suitably chosen
plaintexts and try to use the resulting cipher texts to deduce the key.

Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses
it to decrypt several string of symbols, and tries to use the results to deduce the key.

STEGANOGRAPHY

A plaintext message may be hidden in any one of the two ways. The methods of
steganography conceal the existence of the message, whereas the methods of cryptography render
the message unintelligible to outsiders by various transformations of the text.

A simple form of steganography, but one that is time consuming to construct is one in
which an arrangement of words or letters within an apparently innocuous text spells out the real
message.

e.g., (i) the sequence of first letters of each word of the overall message spells out the real
(Hidden) message.

(ii) Subset of the words of the overall message is used to convey the hidden
message.

Various other techniques have been used historically, some of them are

Character marking – selected letters of printed or typewritten text are overwritten in pencil. The
marks are ordinarily not visible unless the paper is held to an angle to bright light. Invisible ink – a
number of substances can be used for writing but leave no visible trace until heat or some
chemical is applied to the paper.

Pin punctures – small pin punctures on selected letters are ordinarily not visible unless

the paper is held in front of the light. Typewritten correction ribbon – used between the

lines typed with a black ribbon, the results of typing with the correction tape are visible

only under a strong light.

Drawbacks of steganography

Requires a lot of overhead to hide a relatively few bits of information.

Once the system is discovered, it becomes virtually worthless.

SECURITY SERVICES

The classification of security services are as follows:

 Confidentiality: Ensures that the information in a computer system and transmitted
information are accessible only for reading by authorized parties. E.g. Printing, displaying and
other forms of disclosure.

Authentication: Ensures that the origin of a message or electronic document is correctly

identified, with an assurance that the identity is not false.

Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating and
delaying or replaying of transmitted messages.

Non repudiation: Requires that neither the sender nor the receiver of a message be able to
deny the transmission.

Access control: Requires that access to information resources may be controlled by or the
target system.

Availability: Requires that computer system assets be available to authorized parties when
needed.

NETWORK SECURITY

SECURITY MECHANISMS

One of the most specific security mechanisms in use is cryptographic techniques.

Encryption or encryption-like transformations of information are the most common means of
providing security. Some of the mechanisms are

1 Encipherment
2 Digital Signature
3 Access Control

Encipherment

Encipherment is a security mechanism that involves the transformation of data into some unreadable
form. Encipherment which is performed on cleartext (intelligible data) to produce ciphertext (encrypted
data whose semantic content is not available)

The use of mathematical algorithms to transform data into a form that is not readily intelligible. The
transformation and subsequent recovery of the data depend on an algorithm and zero or more
encryption keys.

Digital Signature

The Digital Signature is a technique which is used to validate the authenticity and integrity of the
message. We know that there are four aspects of security: privacy, authentication, integrity, and non-
repudiation. We have already discussed the first aspect of security and other three aspects can be
achieved by using a digital signature.
The basic idea behind the Digital Signature is to sign a document. When we send a document
electronically, we can also sign it. We can sign a document in two ways: to sign a whole document and
to sign a digest.

Signing the Whole Document

o In Digital Signature, a public key encryption technique is used to sign a document. However,
the roles of a public key and private key are different here. The sender uses a private key to
encrypt the message while the receiver uses the public key of the sender to decrypt the message.
o In Digital Signature, the private key is used for encryption while the public key is used for
decryption.
o Digital Signature cannot be achieved by using secret key encryption.

Access Control

Network Access Control (NAC) is an approach to computer security that attempts to unify end
point security technology (such as antivirus, host intrusion prevention, and vulnerability assessment),
user or system authentication and network security enforcement.

Network Access Control aims to do exactly what the name implies—control access to a network with
policies, including pre-admission endpoint security policy checks and post-admission controls over
where users and devices can go on a network and what they can do.

SECURITY ATTACKS

There are four general categories of attack which are listed below.

Interruption
 An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on
availability e.g., destruction of piece of hardware, cutting of a communication line or
Disabling of file management system.

Interception

An unauthorized party gains access to an asset. This is an attack on confidentiality.

Unauthorized party could be a person, a program or a

computer.e.g., wire tapping to capture data in the network, illicit copying of files

Sender Receiver

Eavesdropper or forger

Modification

An unauthorized party not only gains access to but tampers with an asset. This is an attack on
integrity. e.g., changing values in data file, altering a program, modifying the contents of
messages being transmitted in a network.

Sender Receiver

Eavesdropper or forger

Fabrication

An unauthorized party inserts counterfeit objects into the system. This is an attack on
authenticity. e.g., insertion of spurious message in a network or addition of records to a file.

Sender Eavesdropper or forger