Computer Networks and Network Security: A Comprehensive Guide, Lecture notes of Data Communication Systems and Computer Networks

Networking and Data Communication and protocols

Typology: Lecture notes

2017/2018

Uploaded on 11/30/2018

Anonymous321
Anonymous321 🇵🇰

1 document

1 / 194

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture Notes:
Computer Networks and Security (2IC60)
T. Ozcelebi and J.I. den Hartog
version 0.2 (2018)
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Computer Networks and Network Security: A Comprehensive Guide and more Lecture notes Data Communication Systems and Computer Networks in PDF only on Docsity!

Lecture Notes:

Computer Networks and Security (2IC60)

T. Ozcelebi and J.I. den Hartog

version 0.2 (2018)

Important Notice:

Students can take their own notes, for example, on lecture slide set PDF documents (available on the course website before each lecture). This document and references in it marked as required reading (provided at the end of each chapter) form a supplement to the lectures. They are meant to give more detail and fill the gaps. In the exam, you are responsible for the lecture content, the lecture notes (this document) and the required reading. Lecture slides will often only contain illustrations of main ideas. Further explanation is provided during the lecture, in the lecture notes and in required reading. Each chapter of this document provides a literature section that describes required reading and suggested reading. The required reading is part of the exam material while the suggested reading is not. The suggested reading is for students who are interested in background information and/or a different perspective on or presentation of the material that is useful to help get a better/deeper understanding of the material. Additional references to related work may be given inside the text. These provide related materials and/or more in-depth discussions. Interested students can learn more reading these; but they are considered to be outside the scope of assessment.

Mandatory reading checklist ( = part of the exam)

  • The lecture slides.
  • The lecture notes (this document).
  • The required reading listed at the end of each chapter.

Optional reading checklist ( = not part of the exam)

  • The suggested reading listed at the end of each chapter.
  • Additional references inside the main text.

This is the first iteration of these notes; some flaws will be present and improvement suggestions are welcome. Please report textual mistakes that you come across to the e-mail address [email protected] and help us improve the quality. End of notice.

Contents

Chapter 1

Introduction

Document structure

  • Chapter 1 provides a general introduction to the concepts of computer networks and (network) security.
  • Chapter 2 explains how protocols govern computer networks and gives an overview of protocol layering and protocol stacks.
  • Chapter 3 introduces application layer concepts and the principles of networked applications.
  • Chapter 4 introduces transport layer services and widely used transport layer protocols of the Internet.
  • Chapter 5 gives an overview of network layer services for end device to end device data delivery.
  • Chapter 6 introduces the data link layer whose task is to transfer data over a single (wired or wireless) link.
  • Chapter 7 discusses key security issues at the network edge; authorization (what resources can be used at the server side) and authentication (who is present on the client side).
  • Chapter 8 focuses more on the security aspects regarding network core by looking at threats and corresponding countermeasures at the different network layers.
  • Chapter 9 discusses in detail an essential tool for network security: cryp- tography.
  • Chapter 10 explains how we can analyze the security properties of proto- cols.

1.1 Networks and Computer Networks

1.1.1 Networks

Before we start our discussion on computer networks, let us take a step back and discuss what a network in general is. The concept of a network is no stranger

8 CHAPTER 1. INTRODUCTION

Figure 1.1: An interconnected configuration of (system) components.

to the common person. It typically refers to an “interconnected” configuration of individuals. Similarly, the term networking refers to communicating either with or within a group. Among humans, wherever there is communication, there is a network. Examples are many, e.g. a network of neighbors (neighborhood watch), a network of intelligence (spy networks), a network of gossip among close friends, a news network, a broadcast network, a book club or giant social media platforms like Facebook, Twitter and Instagram. The history of networks goes way back; even to the very early periods of the civilization. The concept of a network is not limited to the human context and it is well-known to the animal kingdom, to plants and even to bacteria. A good example, which inspires many modern networks of wireless embedded devices by the way, is a colony of ants searching for food. Each worker ant has a very simple behavior, which by itself (without communication and collaboration between ants) cannot accomplish much. A worker ant’s behavior is leaving a trail of pheromone wherever it goes and following this trail back in the opposite direction once it finds food, carrying some of the food back to the nest, making the trail of pheromone (almost) twice as strong. Without forming a network, this is very inefficient as each ant needs to find food separately and there is a non-negligible risk of getting lost. What ants do instead is that they stop their random walk and join existing trails of pheromone that are relatively stronger as they come across these, adding their pheromone to make it even stronger. As a result, a lot of ants make up crowded highways of food traffic. Successful implementation of such emergent behavior by means of this simple protocol is a matter of life and death for ants.

“An important observation so far is that very simple network protocols can result in a collective behavior of impressive complexity.”

More generally, a network is an interconnected set of components as shown in Figure 1.1.

1.1.2 Computer Networks

Computer networks play a key role in modern society. We define a computer network from two perspectives: physically (hardware) and logically (software and data).

10 CHAPTER 1. INTRODUCTION

Figure 1.2: To this day, the number of transistors that fit in an integrated circuit follows Moore’s law closely. (Figure source: intel.com)

1.2. PUSH BEHIND NETWORKS 11

Figure 1.3: The number of devices connected to the Internet and their types across years, with a projection until 2018. (Figure source: Cisco)

Moore’s law has an important result. It implies that devices that are just not capable enough to connect to the Internet due to lack of computational power will be powerful enough soon. A recent report by Cisco indicates that we are rapidly moving from the Internet of personal computers to an Internet of smart phones, tablets and machine-to-machine (M2M) communications. All projections are towards a future of the Internet that is dominated by data traffic that does not involve any humans. Figure 1.3 by Cisco shows the profiles of the devices connected to the Internet with projection until 2018.

1.2.2 Industrial Development

The Internet has started with only 4 hosts in 1969, and only in 1983 the number of Internet hosts increased to 500. Today, there are more machines connected to the Internet than there are humans on the planet. Internet usage is rapidly spreading to all classes of the society, in most countries, especially in the developed countries. According to the International Telecommunications Union (ITU), the percentage of Internet users among inhabitants in different parts of the world is as given in Figure 1.4. The increasing reach to the end user also means an increase of the Internet technology demand for the industry. Metcalfe’s law, named after the Ethernet co-inventor Robert Metcalfe, gives an explanation for the industry boom in and around the Internet technology.

Metcalfe’s Law: “The value, usefulness, or utility of a network equals the square of the number of users (or connected devices).”

1.3. STANDARDS AND REGULATIONS ON NETWORKS 13

Figure 1.6: Worldwide B2C e-commerce sales volumes. The years marked with a * are projections based on previous data. (Figure source: statista.com)

often does not result in user acceptance. For example, Wireless Application Protocol (WAP) was advertised with the words “Internet made mobile”, when in fact it was just a new protocol that did not really have a big impact either socially or economically. The Multimedia Messaging Service (MMS) was advertised as a better replacement for Short Message Service (SMS), but it never could really replace or even come close to SMS. Multimedia integration into text messages became huge only after services like Whatsapp, for which the convenience factor is substantial.

1.3 Standards and Regulations on Networks

Metcalfe’s law indicates that the value of a network depends on the size of community it can reach. The Internet can reach a global community thanks to standardization. Standardization (of hardware and protocols) is crucial for device interoperability between different vendors. In this way, there are more suppliers of devices, leading to more competition between suppliers, which results in lower prices for the end user. There are three major standardization bodies for the Internet:

  • International Telecommunication Union (ITU)
  • Internet Engineering Task Force (IETF)
  • Institute of Electrical and Electronic Engineers (IEEE)

The Internet is an important means for communication (also of sensitive data) and even broadcasting. In the Netherlands, a vast majority of the citizens have access to high speed (broadband) Internet connection. In some countries,

14 CHAPTER 1. INTRODUCTION

Figure 1.7: Communication network types. (Figure by Igor Radovanovic)

like Finland, citizens legally have a right to broadband Internet. That is, in these developed countries, high speed access to the Internet is a civil right, just like getting education and health care. Given this significant penetration into societies, in every country (some more strict than others), the government wants to regulate the use and the utilization of the Internet. In doing so, their goals are many. Government regulations can be, for example, for the sake of:

  • fighting digital crimes (e.g. protecting intellectual property, fighting piracy)
  • facilitating open market competition (e.g. to eliminate monopoly)
  • practicing censorship (in some countries)

On top of these country-wide (or sometimes near-global) regulations, there can also be local regulations enforced by network administrators (e.g. institution or company regulations). Most institutions and companies would not allow Bit-Torrent clients to be used in their networks and they enforce this typically by monitoring network traffic and detecting “unusual” traffic behaviors. In this course, we discuss how this can be done in detail.

1.4 Network Physical Infrastructure

A taxonomy of communication networks is given in Figure 1.7. A computer network infrastructure consists of leaf nodes that are connected to the network core (a sea of interconnected routers) through access networks as shown in Figure 1.8. This section gives an overview of the computer network physical infrastructure as well as the two basic methods to realize data transfer over the infrastructure: (virtual) circuit switching and packet switching.

16 CHAPTER 1. INTRODUCTION

Figure 1.9: Smart spaces are advanced computer networks where the user is in the center of all, i.e. smart space applications are there to satisfy the user. Many applications with various characteristics can be realized by devices that surround the user. These can be provided by individual devices or collaboratively.

1.4.1 End Devices and Access Networks

At the edge of a network there are networked end devices, also called hosts, where network applications reside. Examples of hosts running networked ap- plications are clients and servers. In typical computer networks terminology, a client is the party that initiates a connection while a server is the one that continuously awaits incoming connections. The importance and the structural complexity of computer networks are only growing with new concepts of ‘smart X’. Smart phones ensure people can be online whenever and wherever. Smart grid infrastructures and smart metering enable remote monitoring and control over the electricity grid, and similarly for other critical infrastructures. Other upcoming technologies such as smart cars and roads make traffic an interconnected moving and evolving network. Nowadays, there is immense research effort all around the world, especially in developed countries, on smart spaces, where the idea is that the space covered by a network of computers and connected embedded systems adapts its behavior to facilitate the goals of its user(s). There are various sizes and scopes of smart space implementations such as smart cities, smart buildings and smart homes, each containing many embedded systems.

Definition 1.4.1.1 Embedded System An embedded system is a special purpose computer on hardware dedicated to that purpose. These systems range from very simple sensors to complex machines.

Embedded systems vary in their networking capabilities. The evolution of embedded systems and their use in networks over the years is illustrated in Figure 1.10.

  • Standalone embedded systems have a standalone functionality and they do not communicate to other systems.
  • Network-aware embedded systems allow access of some (typically limited) internal functionality from outside. They come with proprietary (private) network protocols dedicated for this purpose. Simple data retrieval

1.4. NETWORK PHYSICAL INFRASTRUCTURE 17

Figure 1.10: The evolution of embedded networking (Figure by Johan Lukkien).

(sensing, diagnostics) is possible. Software updates over the network are possible, but typically not straight-forward (expert knowledge is needed).

  • Network-connected embedded systems are ‘on-line’ using standard protocols that are open to the public. Networks of these typically go by the name “machine-to-machine networks”. An example is a body sensor node that monitors posture of a person, warns when the posture is not right and stores the data on a remote server for the access of the physiotherapist.
  • Network-central embedded systems have some standalone function but the design of both hardware and software aim at operation in a networked context. Examples are with many smart phone apps, television sets and intelligent lighting (e.g. Philips Hue).
  • Fully networked embedded systems do not have a meaningful stan- dalone function when they are disconnected from the network. These are mostly cheap devices with elementary behavior. Very low resource devices are typically fully networked. Examples are with applications of simple sensing and actuating and elementary computing.

In general, devices can be classified (as of today) as shown in Figure 1.11, where each row corresponds to a different device class.

Access Networks: An access network connects the network edge to a router in the network core. These are typically shared networks where multiple end points can connect to the (rest of the) Internet. Access networks can be of variety of sorts, e.g. mobile access networks, wireless and wired access networks for residences, businesses and institutional areas. For many years, Digital Subscriber Line (DSL) over the household’s telephone line and Cable Internet access over the household’s cable television network connection have been the dominating access technologies for homes. The vast majority of broadband connections in the world are through DSL.

1.4. NETWORK PHYSICAL INFRASTRUCTURE 19

Figure 1.12: The sea of routers forming the network core (Figure by Kurose & Ross).

place. A comparison of DSL, cable Internet and FTTH is given in Table 1.1.

1.4.2 Network Core

The network core consists of a sea of interconnected routers that can transfer data between hosts (clients, servers and peers) as shown in Figure 1.12. It facilitates data transfer between end-devices connected to different access networks. In practice, it can do this in two ways: i) (virtual) circuit switching, and ii) packet switching.

Circuit Switching: This scheme provides a dedicated (virtual) circuit per call or session. The resources on the links (e.g. link bandwidth, switch capacity) all the way on the path between the communicating entities are reserved (in both directions) for a session and these resources are not shared with any other sessions. That means, via circuit switching, there is an upper limit to the number of sessions that can be supported over a network. This gives circuit-switched sessions a guarantee on the session quality (circuit-like performance), just like the session quality guaranteed by a phone connection, to some degree at least (e.g. when you are close enough to the nearest cell tower). In order to be able to give such guarantees, your phone operator will not admit the call if the needed resources are not free. This is the same reason why it is difficult to make cellular phone calls at a concert or stadium where there are a lot of active calls using the same cell tower (we will cover wireless communication later in detail). In a given session, the amount of resources needed can fluctuate a lot. For example, parties do not generate audio data continuously during a phone call and

20 CHAPTER 1. INTRODUCTION

Figure 1.13: Resources allocated to four different senders (color coded) in FDM, TDM and a combination of FDM with TDM.

they pause between sentences and while listening to the other party. Resource reservation is typically done (by means of a call setup procedure) considering the maximum amount of resources needed at any given instance during a session. This in combination with not sharing resources brings the disadvantage that the resources that are not used by the current session remain idle, which is a waste. By dividing the network resources among sessions, what circuit switching does is indeed dividing the network into logical pieces, each of which is accessible to only one session. But how can we divide a link (e.g. a wire) into logical pieces? This can be done, for example, using Frequency Division Multiplexing (FDM), Time Division Multiplexing (TDM), Code Division Multiplexing (CDM) or a combination of these. In FDM, a different frequency subband is allocated to every session. Part of the allocated frequency band is used for receiving (downlink) while the remaining part is used for sending (uplink). In TDM, a different time slice of a (fixed) time period is allocated to every session. Resources allocated to different senders in FDM, TDM and a combination of FDM with TDM is visualized in Figure 1.13. In CDM, every session uses a signal code which is orthogonal to all the other codes that are used by other transmitters, such that the multiplication by the session’s own code will return zero for all transmissions except for the transmissions of this specific session.

Packet Switching: In packet switching channel resources are not reserved. The available network bandwidth is not divided into logical pieces. Data packets share network resources in a statistically multiplexed manner and a packet uses the entire link bandwidth when it is put on the link. This is illustrated by Figure 1.14. Since resources are used as needed, idling of channel resources is not the case as opposed to circuit switched networks. However, different packets compete for channel resources. In case there is too much demand, i.e. too many packets are sent in a short time (e.g. by many senders), the available bandwidth may not be sufficient, causing the phenomenon known as network congestion. In packet switching packets move one hop (a single link) at a time. This is known as the store and forward behavior and means that the entire packet must arrive at router before it can be transmitted on next link. It takes L/R seconds to transmit (push out) packet of size L bits onto a link at a rate of R