DNS1
DNS1
Application Layer
Domain Name System -
DNS
IP addresses can be used to identify a host
machine on the Internet
As those machines move around, the
addresses need to be changed accordingly as
well.
ASCII names have been used to decouple host
names and their IPs to provide more flexibility.
The network itself still understands only
numerical addresses.
The DNS was invented to manage and resolve
host names into IP addresses.
DNS: Characteristics
Host name conflicts would occur
constantly in a huge international network
due to the load and latency.
Essence of DNS:
Hierarchical
Domain-based naming scheme
A distributed database system
How a resolver looks up
a remote name
To map a name onto an IP address, an
application program:
Calls a library procedure called the resolver,
passing it the name as a parameter.
The resolver sends a UDP packet to a local
DNS server.
DNS server looks up the name and returns
the IP address to the resolver.
Resolver returns it to the application.
Armed with the IP address, the program can
then establish a TCP connection with the
destination or send it UDP packets.
DNS Name Space
A portion of the Internet domain name space.
The domain name space consists of a tree of domain
names.
The leaves of the tree represent domains that have no sub
domains.
A leaf domain may contain a single host, or it may
represent a company and contain thousands of hosts.
DNS naming
Domain names are case insensitive: edu, Edu,
EDU have the same meaning
Component name can be up to 63 characters
Full path names must not exceed 255
characters.
Each domain name server manages its own name space.
It can create sub domain names without asking for
permission from upper server.
Examples: hcmut.edu.vn and cse.hcmut.edu.vn
Resource Records
• Every domain has a set of records
associated with it.
• The principal DNS resource records types.
Resource Records (2)
(a) Sending and reading mail when the receiver has a permanent
Internet connection and the user agent runs on the same machine as
the message transfer agent. (b) Reading e-mail when the receiver has
a dial-up connection to an ISP.
POP3
• Post Office Protocol Version
3
• Uses TCP on port 110
• It is used to download
messages from a mail server
to client computers.
IMAP (Internet Message Access Protocol)
• POP3 is not convenient
when users frequently
use different machines
to read email from
servers, as emails have
to be downloaded to
different computers
more or less random
• IMAP can resolve this
issues as emails will be
always on the servers
• A comparison of POP3
and IMAP.
File Transfer Protocol (FTP)
File Transfer Protocol (FTP) is the standard
mechanism provided by TCP/IP for copying a file
from one host to another.
FTP differs from other client/server applications in
that it establishes two connections between the
hosts.
The control connection uses very simple rules of
communication. We need to transfer only a line
of command or a line of response at a time.
The data connection needs more complex rules
due to the variety of data types transferred.
FTP uses two well-known TCP ports: Port 21 is used for
the control connection, and port 20 is used for the data
connection.
The client has three components: user interface, client
control process, and the client data transfer process.
The server has two components: the server control
process and the server data transfer process.
The control connection is made between the control
processes. The data connection is made between the
data transfer processes.
Fig.FTP
Communication over Control Connection
FTP uses the same approach as SMTP to communicate across the
control connection.
It uses the 7-bit ASCII character set. Communication is achieved
through commands and responses. This simple method is adequate for
the control connection because we send one command (or response)
at a time.
Each command or response is only one short line, so we need not
worry about file format or file structure.
In cryptography,
the encryption/decryption algorithms
are public; the keys are secret.
Traditional Ciphers
Substitution cipher
Monoalphabetic
Polyalphabetic
Transposition ciphers
Permutation:
•The permutation is performed by a permutation box at the bit-level, which
keeps the number of 0s and 1s same at the input and output.
•Although it can be implemented either by hardware or software, the hardware
implementation is faster.
Substitution:
•The substitution is implemented with the help of three building blocks - a decoder,
one p-box and an encoder. For an n-bit input, the decoder produces a 2n bit output
having only one 1, which is applied to the P-box.
•The P-box permutes the output of the decoder and it is applied to the encoder. The
encoder, in turn, produces an n-bit output. For example, if the input to the decoder is
011, the output of the decoder is 00001000. Let the permuted output is 01000000, the
output of the encoder is 011.
This is part of the regular DES algorithm. Data is divided into 64-bit blocks and each
block is encrypted one at a time separately. Separate encryptions with different
blocks are totally independent of each other.
Disadvantages of ECB
• If a message contains two identical blocks of 64-bits, the cipher text corresponding
to these blocks are identical. This may give some information to the eavesdropper
• Someone can modify or rearrange blocks to his own advantage
• Because of these flaws, ECB is rarely used.
RSA