Lecture

M. Z. Siddiqi
Computer communications & Networks

• Computers and networks only work with binary digits, i.e. “0” and “1”
• All of our data is stored and transmitted as a series of bits.
• The term bit is an abbreviation of “binary digit”
• Humans interpret words and pictures, computers interpret only patterns of
bits.
• A bit is stored and transmitted as one of two possible discrete states.
• Examples: two distinct voltage or current levels, two distinct levels of light
intensity, or any other physical system of two discrete states.
• A light switch can be either On or Off; in binary representation, these
states would correspond to 1 and 0 respectively.
Data communications

• Data communications are the exchange of data between two devices via some form
of transmission medium such as a wire cable. For data communications to occur, the
communicating devices made up of hardware (physical equipment) and software
(programs).
Fundamentals characteristics

• The effectiveness of a data communication system depend on four

fundamental characteristics:
• Delivery- system must deliver data to the correct destination (intended
receiver)
• Accuracy- The system must deliver the data accurately. Data that have been
altered in transmission and left uncorrected are unusable
• Timelines - The system must deliver data in a timely manner. Data delivered
late are useless. In the case of video and audio, timely delivery means
delivering data as they are produced, in the same order that they are
produced, and without significant delay. This kind of delivery is called real-
time transmission.
• Jitter- Jitter refers to the variation in the packet arrival time (audio/video data)
Components of data communications

• Message (original data), Sender (transmitter), Receiver

• Medium (physical path (UTP/STP/Ethernet)), Protocol (rules or guidelines)
Data flow

Simplex

Half Duplex

Full Duplex
Networks

• Network criteria
• Performance: can be measured in transmit time and response time
• Transmit time: Time required for a message to travel from one device to another
• Response time: is the elapsed time between an inquiry and a response
• Common metrics: throughput and delay (both are contradictory why?)
• Reliability:
• The frequency of failure, the time it takes a link to recover from a failure
• Data transmitted should be received as it is
• Security
• Protecting data from unauthorized access
• protecting data from damage and development,
• implementing policies and procedures for recovery from breaches and data
losses.
Network Criteria

• A network layout/design
• Relationship of links and devices
• Goal: high throughput, high network energy efficiency, and low latency
• Throughput: maximum amount of information (bits/second) that can be
transmitted along a channel
• Energy efficiency: is the ratio of high spectral efficiency to total power
consumption
• Latency: trans maximum amount of information (bits/second) that can be
transmitted along a channel mission time from one point to another
Network Criteria

• What Influences Latency in A Network?

❑Propagation delay: Distance/Propagation speed
❑Transmission delay: Message size/bandwidth
❑Queuing time: Time to hold a packet
❑ Processing time: Time to process a packet
Example:

• What is the propagation time and the transmission time for a 2.5 KB message (email) if
the bandwidth of the network is 1 Gbps? Assume that the distance between the sender
and receiver is 12,000 km, and the light travels at 2.4 x 108 m/s.

Solution: Given: distance: 12000 km, message size = 2.5 KB = 2500 Byte
a) Propagation speed: 2.4 x 108 m/s
Propagation time: = distance / speed
12000×1000 12×106 12
= = =
2⋅4×108 2⋅4×108 2⋅4×102
12
= = 50 msec
240
b) transmission time = message size/ bandwidth
= (2500 x 8)/1 x 109
= 0.020 msec
Example

• A network with bandwidth of 10 Mbps can pass only an average of 15,000

frames per minute with each frame carrying an average of 8,000 bits. What
is the throughput of this network?

• Solution:
Given: Bw = 10 Mbps, frames = 15000 pminute
and one frame = 8000 bits,
This implies that Bits data = 15000 x 8000 = 120 x 10 ^6 bits per minute
And bits data = 120 x 10^6 / 60 = 2 Mbps
Example:

• A line has a signal-to-noise ratio of 1000 and a bandwidth of 4000 KHz. What is the maximum data rate
supported by this line?

Solution: SNR = 1000, B = 4000 KHz, C=?

C = B*log2(1 + SNR),
C = 4M * log2(1+1000)
= 4M* log2(1001)
= 4M* 9.967 = 39.8689 ≈ 40 M bps
Criteria
B-D important,
when we need to
• Bandwidth-delay product send the data in
bursts and wait for
• Bandwidth and delay are two performance metrics of a link ACK to transmit
next one
Network topology

• Categories
Network configurations

Bus

Mesh

Star Ring
Network types

• Local area network

• Single office, building, or campus
• Allow resource sharing between personal computers
• Resources can include hardware (e.g., a printer), software (e.g., an application program), or
data.
• Speeds are normally 100 or 1000 Mbps
• Metropolitan area network
• Moderate in size
• normally covers the area inside a town or a city
• Example: telephone company network that can provide a high-speed DSL line to the customer
cable TV network
• Wide area network
• Provides long-distance transmission of data, image, audio, and video information
• Can provide connection between different LANs/MANs
• E.g. ISP (Pakistan PTCL), X.25, ATM, Frame relay, MPLS
Interconnection of networks

• LAN, a MAN, or a LAN are connected to one another

• Two or more networks are connected, they become an internetwork, or internet.
• E.g. an organization has two offices, one on the east coast and the other one the
west coast. The established office on the west coast has a bus topology LAN; the
east coast has a star topology LAN. The president of the company lives
somewhere in the middle and needs to have control over the company from his
home. To create a backbone WAN for connecting these three entities (two
LANs and the president's computer), a switched WAN (operated by a service
provider such as a telecom company) has been leased. To connect the LANs to
this switched WAN, however, three point-to-point WANs are required. These
point-to-point WANs can be a high-speed DSL line offered by a telephone
company or a cable modern line offered by a cable TV provider as shown in
Figure.
Interconnection of networks
Protocols and Standards

• Two entities cannot simply send bit streams to each other and expect to be understood. For
communication to occur, the entities must agree on a protocol.
• A protocol is a set of rules to govern communications, it defines what is communicated, how it is
communicated, and when it is communicated.
• Key elements of a protocol are syntax, semantics, and timing.
• Syntax
• Refers to the structure or format of the data (order in which they are presented)
• For example, the first 8 bits of data represents the address of the sender, the second 8 bits to
be the address of the receiver, and the rest of the stream to be the message itself
• Semantics
• Refers to the meaning of each section of bits
• How is a particular pattern to be interpreted, and what action is to be taken based on that
interpretation?
• For example, does an address identify the route to be taken or the final destination of the
message?
Protocols and Standards

• Timing
• Refers to two characteristics: when data should be sent and how fast they can be sent.
• For example, if a sender produces data at 100 Mbps but the receiver can process data at
only 1 Mbps, the transmission will overload the receiver and some data will be lost
• Standards
• Essential in creating and maintaining an open and competitive market for equipment
manufacturers
• Guaranteeing national & international interoperability of data & telecommunication technology
& process.
• Standards committees: IEEE, ITU-T, ISO, ANSI
• Regulatory agency/ies
• Purpose of these agencies is to protect the public interest by regulating radio,
television, and wire/cable communications.
• FCC (Federal communications commissions)
Network Operations
Protocol Layering

• Protocol: Rules and regulations that a sender, receiver and intermediate

devices follow to govern communication. Simple communication, one
protocol enough. For complex, divide the task between different layers
• Daily life example: Postel mail
• Sender
• Carrier
• Receiver

Hierarchi
cal y?
Layered Tasks

• A Job is performed in hierarchy

• Reduces complexity as it reduces the task per layer
• Task is done in the order given in hierarchy
• Upper layer coordinate with the lower layer
• Layered model dominated before 1990s was open system interconnection
(OSI)
• Everyone used to believe that OSI will become standard of data
communication, but this did not happen
• TCP/IP protocol suite became the dominant commercial model as it was used
and tested extensively
OSI Model

• First introduced in 1970s

• An open system is a set of protocols that allows any two different systems
to communicate regardless of their underlying architecture.
• Purpose of the OSI model is to facilitate communication between different
systems without requiring changes to the logic of the underlying hardware
and software
• The OSI model is a model for understanding and designing a network
architecture that is flexible, robust, and interoperable
• Seven (7) layer model
• Each layer performs a well define function
OSI Layers

• Error correction
• Flow control
• Addressing
• Multiplexing
• Naming
• Congestion control
• Mobility
• Routing
• Fragmentation
• Security
Exchange of Data Communication
Exchange of Data Communication

• TCP/IP: reduced to 4 layers/5layers

Exchange of Data Communication

• From source to destination

communication
OSI Layers

• Physical Layer
• Bits transmission from one node to another
• type of the transmission media (twisted-pair, coax, optical fiber, air)
• bit representation (voltage levels of logical values)
- data rate (speed)
- synchronization of bits (time synchronization)
OSI Layers

• Data link layer

• Takes packet from the upper layer, transforms it to a frame
• Flow control mechanism
• Access control of the link
• Applies MAC addressing/physical addressing
• Error control
OSI layer

• Data link layer

• Hop-to-hop delivery
• Responsible to transport frames from one hop to another
OSI Layer

• Network Layer
• Network addressing
• IP tagging
• Source and destination IP addressing
• Transforms segments in packets
OSI Layer

• Transport layer
• Data converted in segments
• Reliable/unreliable delivery
• TCP / UDP
• Process to process delivery
• Congestion control
• Error control
• Delivery of message from
One process to another
OSI Layer

• Session layer is used for dialog control and synchronization

• Presentation layer is responsible for the presentation of the data: Data
format, data encryption, compression
• Application layer
• Responsible to provide services to the users
• Enables user to access the network
• Provides services to a user
• E-mail
• Remote file access and transfer (Telnet,
FTP)
• Access to WWW (HTTP)
Network Security
Network Protocol Stack

• TCP/IP protocol stack

Addressing types in protocol stack

• Medium Access Control addressing (layer-2 addressing)

• Associated with NIC card
• 48 bits
• Command: show mac-address-table
• Network layer addressing
• IP addressing (logical addressing)
• 32 bits
• Example: 192.168.0.1
• Transport layer addressing
• Socket addressing (IP addressing plus port number)
• E.g. 192.168.0.1:80
• Application layer addressing
• Domain name: www.gik.edu.pk
Threats in Networking

• Confidentiality
• Packet sniffing
• Integrity
• Session hijacking
• Availability
• Denial of services
• Common
• Address translation poisoning attack
• Routing attacks
Concrete Security Problems

• ARP is not authenticated

• ARP spoofing
• Network packets pass by untrusted hosts
• Packet sniffing
• TCP state can be easy to guess
• TCP spoofing attack
• Open access
• Vulnerable to DoS attack
• DNS is not authenticated
• DNS poisoning attack
Address Resolution Protocol

• Primarily used to translate IP addresses to Ethernet MAC addresses

• Broadcast message is sent by the source to know the MAC information of the destined
devices
• The device drive for Ethernet NIC needs to do this to send a packet
• Command: #Show arp
• Each host maintains a table of IP to MAC addresses
ARP Format
• Message types
• ARP request
• ARP reply
• ARP announcement
Address Resolution Protocol Operation
ARP spoofing

• ARP spoofing: is an attack in which a malicious actor sends falsified ARP

messages over a local area network. This results in the linking of an attacker's
MAC address with the IP address of a legitimate computer or server on the
network.
ARP Spoofing Mitigations

• Defenses
• Static ARP table
• DHCP snooping ((security feature at layer 2 devices, prevents unauthorized
DHCP server to access the network)
• Detection: Arpwatch (sending email when updates occur),
• Legitimate use
• Redirect a user to a registration page before
allow usage of the network
Internet Protocol

• IP packet format
• Additional information included in TCP/IP format
IP Traffic

• Internet traffic routing

• Several hosts to reach destination
Packet Sniffing

• Promiscuous Network Interface Card reads all packets

• Read all unencryp ( g , g p ) ted data (e.g., “ngrep”)
• FTP, Telnet send passwords in clear!

Prevention: Encryption, IP sec, TLS

TCP Connection

• Transmission control protocol

• Major internet applications such as world wide web, emails, and file
transfer rely on TCP
• Connection-oriented
• Sender
• Breaks data in packets
• Attach sequence number
• Receiver
• Acknowledge receipt, lost packets are resent
• Reassemble packets in correct order
TCP connection

• Transmission control protocol packet information

TCP Sequence Numbers

• Sequence number
• If the SYN flag is set, then this is the initial sequence number. The sequence number
of the actual first data byte is this sequence number plus 1.
• If the SYN flag is clear, then this is the accumulated sequence number of the first data
byte of this packet for the current session.
• Acknowledgement number
• If the ACK flag is set then this the next sequence number that the receiver is
expecting.
• This acknowledges receipt of all prior bytes (if any).
TCP Hand Shake
TCP Sequence Prediction Attack

• Predict the sequence number used to identify the packets in a TCP

connection, and then counterfeit packets.
• Adversary: Do not have full control over the network but , but can inject
packets with fake source IP addresses
• E.g, control a computer on the local network
• TCP sequence numbers are used for authenticating packets
• Initial seq# needs high degree of unpredictability
• If attacker knows initial seq # and amount of traffic sent, can estimate
likely current values
• Some implementations are vulnerable
TCP Session Hijacking

• A, B trusted connection
• Send packets with predictable seq numbers
• E impersonates B to A
• Open connection to A to get initial sequence number
• DoS B’s queue
• Sends packets to A that resemble B’s transmission
• E cannot receive, but may execute commands on A

Prevention: Firewall
Risk from Session Hijacking

• Inject data into an unencrypted server-to-server traffic, such as an e-mail

exchange, DNS zone transfers, etc.
• Inject data into an unencrypted client-to-server traffic, such as ftp file
downloads, http responses.
• IP addresses often used for preliminary checks on firewall or at the service
level
• Hide origin of malicious attacks.
• Carry out MITM attacks on weak cryptographic protocols.
• often result in warnings to users that get ignored
• Denial of service attacks, such as resetting the connection.
DoS vulnerability caused by session hijacking

• Suppose attacker can guess seq. number for an existing connection:

• Attacker can send Reset packet to close connection. Results in DoS.
• Naively, success prob is 1/232, (32-bit seq. #’s).
• Most systems allow for a large window of acceptable seq #’s
• Much higher success probability.

• Attack is most effective against long lived connections, e.g. BGP.

Categories of DoS
Syn flooding

• Attacker can send many connection requests

• – Spoofed source addresses
• Victim allocates resources for each request
• Connection requests exist until timeout
• Old implementations have a small
and fixed bound on half-open connections
• Resources exhausted, hence requests rejected
• No more effective than other channel
Capacity based attack today
Internet control message protocol

• Provides feedback about network operation

• Error reporting
• Reachability testing
• Congestion Control

• Example message types

• Destination unreachable
• Time-to-live exceeded
• Parameter problem
• Redirect to better gateway
• Echo/echo reply - reachability test
• Timestamp request/reply - measure transit delay
DDoS
Hiding DDoS attack

• Reflection
• Find big sites with lots of resources, send packets with spoofed source address,
response to victim
• PING => PING response
• SYN => SYN-ACK
• Pulsing zombie floods
• Each zombie active briefly, then goes dormant
• Zombies taking turns attacking
• Making tracing difficult
Hiding DDoS attack solution

• Solutions above the transport layer

• Examples: SSL and SSH
• Protect against session hijacking and injected data
• Do not protect against denial-of-service attacks caused by spoofed packets
• Solutions at network layer
• Use cryptographically random ISNs [RFC 1948]
• More generally: IPsec
• Can protect against
• session hijacking and injection of data
• denial-of-service attacks using session resets