DCN 5th Unit
DCN 5th Unit
DCN 5th Unit
UDP provides connectionless, unreliable, datagram service. Connectionless service means that
there is no logical connection between the two ends exchanging messages. Each message is an
independent entity encapsulated in a datagram.
UDP does not see any relation (connection) between consequent datagram coming from the same source
and going to the same destination.
User Datagram
UDP packets, called user datagram, have a fixed-size header of 8 bytes made of four fields, each
of 2 bytes (16 bits).
The 16 bits can define a total length of 0 to 65,535 bytes. However, the total length needs to be
less because a UDP user datagram is stored in an IP datagram with the total length of 65,535 bytes. The
last field can carry the optional checksum
UDP Services
Process-to-Process Communication
UDP provides process-to-process communication using socket addresses, a combination of IP
addresses and port numbers.
Connectionless Services
As mentioned previously, UDP provides a connection less service. This means that each user datagram
sent by UDP is an independent datagram. There is no relationship between the different user data grams even if
they are coming from the same source process and going to the same destination program.
Flow Control
UDP is a very simple protocol. There is no flow control, and hence no window mechanism. The receiver
may overflow with incoming messages.
Error Control
There is no error control mechanism in UDP except for the checksum. This means that the sender does
not know if a message has been lost or duplicated.
Checksum
UDP checksum calculation includes three sections: a pseudo header, the UDP header, and the data
coming from the application layer. The pseudo header is the part of the header of the IP packet in which the
UDP does not provide error control; it provides an unreliable service. Most applications expect
reliable service from a transport-layer protocol. Although a reliable service is desirable.
Typical Applications
The following shows some typical applications that can benefit more from the services of UDP
UDP is suitable for a process that requires simple request-response communication with little
concern for flow and error control
UDP is suitable for a process with internal flow- and error-control mechanisms. For example, the
Trivial File Transfer Protocol (TFIP)
UDP is a suitable transport protocol for multicasting. Multicasting capability is embedded in the
UDP software
UDP is used for management processes such as SNMP
UDP is used for some route updating protocols such as Routing Information Protocol (RIP)
UDP is normally used for interactive real-time applications that cannot tolerate uneven delay
between sections of a received message
TCP Protocol
Transmission Control Protocol (TCP) is a connection-oriented, reliable protocol. TCP explicitly
defines connection establishment, data transfer, and connection teardown phases to provide a connection-
oriented service.
TCP Services
Process-to-Process Communication
As with UDP, TCP provides process-to-process communication using port numbers. We have
already given some of the port numbers used by TCP.
TCP, on the other hand, allows the sending process to deliver data as a stream of bytes and allows the
receiving process to obtain data as a stream of bytes.
TCP creates an environment in which the two processes seem to be connected by an imaginary
"tube" that carries their bytes across the Internet.
At the sender, the buffer has three types of chambers. The white section contains empty chambers
that can be filled by the sending process (producer).
The colored area holds bytes that have been sent but not yet acknowledged.
The TCP sender keeps these bytes in the buffer until it receives an acknowledgment. The shaded
area contains bytes to be sent by the sending TCP.
The operation of the buffer at the receiver is simpler. The circular buffer is divided into two areas
(shown as white and colored).
The white area contains empty chambers to be filled by bytes received from the network.
The colored sections contain received bytes that can be read by the receiving process. When a byte
is read by the receiving process, the chamber is recycled and added to the pool of empty chambers.
Segments
Although buffering handles the disparity between the speed of the producing and consuming
Processes, we need one more step before we can send data.
The network layer, as a service provider for TCP, needs to send data in packets, not as a stream
of bytes. At the transport layer, TCP groups a number of bytes together into a packet called a
segment.
The segments are encapsulated in an IP datagram and transmitted. This entire operation is
transparent to the receiving process.
Format
The segment consists of a header of 20 to 60 bytes, followed by data from the application
program.The header is 20 bytes if there are no options and up to 60 bytes if it contains options.
Source port address This is a 16-bit field that defines the port number of the application program in the
host that is sending the segment.
Destination port address This is a 16-bit field that defines the port number of the application program
in the host that is receiving the segment.
Sequence number This 32-bit field defines the number assigned to the first byte of data contained in
this segment.
Acknowledgment number This 32-bit field defines the byte number that the receiver of the segment is
expecting to receive from the other party.
Header length This 4-bit field indicates the number of 4-byte words in the TCP header. The length of
the header can be between 20 and 60 bytes.
A TCP Connection
TCP is connection-oriented. a connection-oriented transport protocol establishes a logical path
between the source and destination.
All of the segments belonging to a message are then sent over this logical path.
TCP operates at a higher level. TCP uses the services of IP to deliver individual segments to the
receiver, but it controls the connection itself.
In TCP, connection-oriented transmission requires three phases: connection establishment, data
transfer, and connection termination.
Connection Establishment
TCP transmits data in full-duplex mode. When two TCPs in two machines are connected, they are able
to send segments to each other simultaneously.
The connection establishment in TCP is called three-way handshaking. an application program, called
the client, wants to make a connection with another application program, called the server,
using TCP as the transport-layer protocol The process starts with the server. The server program tells its
TCP that it is ready to accept a connection. This request is called a passive open.
Although the server TCP is ready to accept a connection from any machine in the world, it
cannot make the connection itself.
The client program issues a request for an active open. A client that wishes to connect to
an open server tells its TCP to connect to a particular server.
A SYN segment cannot carry data, but it consumes one sequence number.
A SYN + ACK segment cannot carry data, but it does consume one sequence number.
An ACK segment, if carrying no data, consumes no sequence number.
Cryptography
Basic Concepts
Cryptography The art or science encompassing the principles and methods of transforming
an intelligible message into one that is unintelligible, and then retransforming that message
back to its original form
Cipher An algorithm for transforming an intelligible message into one that is unintelligible by
transposition and/or substitution methods
Key Some critical information used by the cipher, known only to the sender& receiver
Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key
Decipher (decode) the process of converting cipher text back into plaintext using a
cipher and a key
Cryptography
All the encryption algorithms are based on two general principles: substitution, in which
each element in the plaintext is mapped into another element, and transposition, in which
elements in the plaintext are rearranged.
If the sender and receiver uses same key then it is said to be symmetric key (or)
If the sender and receiver use different keys then it is said to be public key encryption.
A block cipher processes the input and block of elements at a time, producing output
block for each input block.
A stream cipher processes the input elements continuously, producing output element
one at a time, as it goes along.
Cryptanalysis
Cipher text only – A copy of cipher text alone is known to the cryptanalyst.
Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext.
Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. They
cannot open it to find the key, however; they can encrypt a large number of suitably chosen
plaintexts and try to use the resulting cipher texts to deduce the key.
Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses
it to decrypt several string of symbols, and tries to use the results to deduce the key.
STEGANOGRAPHY
A plaintext message may be hidden in any one of the two ways. The methods of
steganography conceal the existence of the message, whereas the methods of cryptography render
the message unintelligible to outsiders by various transformations of the text.
A simple form of steganography, but one that is time consuming to construct is one in
which an arrangement of words or letters within an apparently innocuous text spells out the real
message.
e.g., (i) the sequence of first letters of each word of the overall message spells out the real
(Hidden) message.
(ii) Subset of the words of the overall message is used to convey the hidden
message.
Various other techniques have been used historically, some of them are
Character marking – selected letters of printed or typewritten text are overwritten in pencil. The
marks are ordinarily not visible unless the paper is held to an angle to bright light. Invisible ink – a
number of substances can be used for writing but leave no visible trace until heat or some
chemical is applied to the paper.
Pin punctures – small pin punctures on selected letters are ordinarily not visible unless
the paper is held in front of the light. Typewritten correction ribbon – used between the
lines typed with a black ribbon, the results of typing with the correction tape are visible
Drawbacks of steganography
SECURITY SERVICES
Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating and
delaying or replaying of transmitted messages.
Non repudiation: Requires that neither the sender nor the receiver of a message be able to
deny the transmission.
Access control: Requires that access to information resources may be controlled by or the
target system.
Availability: Requires that computer system assets be available to authorized parties when
needed.
NETWORK SECURITY
SECURITY MECHANISMS
1 Encipherment
2 Digital Signature
3 Access Control
Encipherment
Encipherment is a security mechanism that involves the transformation of data into some unreadable
form. Encipherment which is performed on cleartext (intelligible data) to produce ciphertext (encrypted
data whose semantic content is not available)
The use of mathematical algorithms to transform data into a form that is not readily intelligible. The
transformation and subsequent recovery of the data depend on an algorithm and zero or more
encryption keys.
Digital Signature
The Digital Signature is a technique which is used to validate the authenticity and integrity of the
message. We know that there are four aspects of security: privacy, authentication, integrity, and non-
repudiation. We have already discussed the first aspect of security and other three aspects can be
achieved by using a digital signature.
The basic idea behind the Digital Signature is to sign a document. When we send a document
electronically, we can also sign it. We can sign a document in two ways: to sign a whole document and
to sign a digest.
o In Digital Signature, a public key encryption technique is used to sign a document. However,
the roles of a public key and private key are different here. The sender uses a private key to
encrypt the message while the receiver uses the public key of the sender to decrypt the message.
o In Digital Signature, the private key is used for encryption while the public key is used for
decryption.
o Digital Signature cannot be achieved by using secret key encryption.
Access Control
Network Access Control (NAC) is an approach to computer security that attempts to unify end
point security technology (such as antivirus, host intrusion prevention, and vulnerability assessment),
user or system authentication and network security enforcement.
Network Access Control aims to do exactly what the name implies—control access to a network with
policies, including pre-admission endpoint security policy checks and post-admission controls over
where users and devices can go on a network and what they can do.
SECURITY ATTACKS
There are four general categories of attack which are listed below.
Interruption
An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on
availability e.g., destruction of piece of hardware, cutting of a communication line or
Disabling of file management system.
Interception
computer.e.g., wire tapping to capture data in the network, illicit copying of files
Sender Receiver
Eavesdropper or forger
Modification
An unauthorized party not only gains access to but tampers with an asset. This is an attack on
integrity. e.g., changing values in data file, altering a program, modifying the contents of
messages being transmitted in a network.
Sender Receiver
Eavesdropper or forger
Fabrication
An unauthorized party inserts counterfeit objects into the system. This is an attack on
authenticity. e.g., insertion of spurious message in a network or addition of records to a file.