0% found this document useful (0 votes)
7 views74 pages

DNS1

The document discusses the Application Layer of networking, focusing on the Domain Name System (DNS) and Electronic Mail (Email). It explains how DNS resolves host names to IP addresses through a hierarchical, distributed database and outlines the structure and functions of email, including protocols like SMTP, POP3, and IMAP. Additionally, it covers cryptography concepts, emphasizing symmetric and asymmetric key cryptography for secure communication.

Uploaded by

Jayaprasanna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
7 views74 pages

DNS1

The document discusses the Application Layer of networking, focusing on the Domain Name System (DNS) and Electronic Mail (Email). It explains how DNS resolves host names to IP addresses through a hierarchical, distributed database and outlines the structure and functions of email, including protocols like SMTP, POP3, and IMAP. Additionally, it covers cryptography concepts, emphasizing symmetric and asymmetric key cryptography for secure communication.

Uploaded by

Jayaprasanna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 74

UNIT-V

Application Layer
Domain Name System -
DNS

IP addresses can be used to identify a host
machine on the Internet

As those machines move around, the
addresses need to be changed accordingly as
well.

ASCII names have been used to decouple host
names and their IPs to provide more flexibility.

The network itself still understands only
numerical addresses.

The DNS was invented to manage and resolve
host names into IP addresses.
DNS: Characteristics

Host name conflicts would occur
constantly in a huge international network
due to the load and latency.


Essence of DNS:

Hierarchical

Domain-based naming scheme

A distributed database system
How a resolver looks up
a remote name

To map a name onto an IP address, an
application program:

Calls a library procedure called the resolver,
passing it the name as a parameter.

The resolver sends a UDP packet to a local
DNS server.

DNS server looks up the name and returns
the IP address to the resolver.

Resolver returns it to the application.

Armed with the IP address, the program can
then establish a TCP connection with the
destination or send it UDP packets.
DNS Name Space

A portion of the Internet domain name space.

The domain name space consists of a tree of domain
names.

The leaves of the tree represent domains that have no sub
domains.

A leaf domain may contain a single host, or it may
represent a company and contain thousands of hosts.
DNS naming

Domain names are case insensitive: edu, Edu,
EDU have the same meaning

Component name can be up to 63 characters

Full path names must not exceed 255
characters.

Each domain name server manages its own name space.

It can create sub domain names without asking for
permission from upper server.
Examples: hcmut.edu.vn and cse.hcmut.edu.vn
Resource Records
• Every domain has a set of records
associated with it.
• The principal DNS resource records types.
Resource Records (2)

A portion of a possible DNS database for cs.vu.nl.


Resource Records (3)
hcmut.edu.vn. IN SOA hcmut-server.hcmut.edu.vn. webmaster.hcmut.edu.vn. (
2004110800; serial
7200; refresh
3600; retry
604800; expire
86400 ); minimum
hcmut.edu.vn. 86400 IN NS vnuserv.vnuhcm.edu.vn.
hcmut.edu.vn. 86400 IN NS server.vnuhcm.edu.vn.
hcmut.edu.vn. 86400 IN MX 0 webmailserv.hcmut.edu.vn.
hcmut.edu.vn. 86400 IN MX 5 vnuserv.vnuhcm.edu.vn.
hcmut-server.hcmut.edu.vn. 86400 IN A 172.28.2.2
stu-mailserv.hcmut.edu.vn. 86400 IN A 172.28.2.3
webmailserv.hcmut.edu.vn. 86400 IN A 172.28.2.4
pop3.student.hcmut.edu.vn. 86400 IN CNAME stu-mailserv.hcmut.edu.vn.
www.student.hcmut.edu.vn 86400 IN CNAME stu-mailserv.hcmut.edu.vn.
Name Servers
• DNS Name Space is divided into non-overlapping
zones.
• Each zone has Name Servers holding information
about it.
Electronic Mail – Email (or E-

mail)
It is widely used today.

Simple and easy to use.

Fig. Scenario in e-mail system



It has two basic parts:

User agent: a program that accepts a variety of commands for
composing, receiving, and replying to messages, as well as for
manipulating mailboxes.

Message transfer agents(MTA): relaying messages from the originator to
the recipient.

To sent messages through the Internet from Alice's site to Bob's site,
two MTAs are needed: one client and one server.

Message Access Agent(MAA): client sends a request to the MAA server,
which is running all the time, and requests the transfer of the messages.
Electronic Mail
E-mail has its own conventions and styles.
Many people also use little ASCII symbols called
smileys or emoticons in their e-mail.
Some smileys :-).
Architecture and Services
Basic email functions:
 Composition
 Transfer
 Reporting
 Displaying
 Disposition

Fig. Architecture and Services of e-mail


Some email terms
mailbox – storage where incoming emails are
saved for later processing
mailing list – a representative email address
of a group of people. Email sent to this
address will be forwarded to all of its
participants CC, BCC ...
E-mail address
Email Message Structure
 A key idea in e-mail systems is the distinction between the envelope
and its contents. The envelope encapsulates the message.
 The message inside the envelope consists of two parts: the header
and the body. The header contains control information for the user
agents. The body is entirely for the human recipient.

Envelopes and messages. (a) Paper mail. (b) Electronic mail.


Sending E-mail
To send an e-mail message, a user must provide
the message, the destination address, and
possibly some other parameters.
Many user agents expect addresses of the form
use@dns-address.
X.400 addresses look radically different from DNS
addresses.
They are composed of attribute = value pairs
separated by slashes, for example,
/C=US/ST=MASSACHUSETTS/L=CAMBRIDGE/
PA=360 MEMORIAL DR. /CN=KEN SMITH/
This address specifies a country, state, locality,
personal address and a common name (Ken
Smith).
Reading E-mail
Address format: user@dns-address
An example display of the contents of a
mailbox.
Message Formats
 Messages consist of a primitive envelope,
some number of header fields, a blank line,
and then the message body.
 Each header field (logically) consists of a
single line of ASCII text containing the field
name, a colon, and, for most fields, a value.
 RFC 822 header fields related to message
transport.
MIME – Multipurpose Internet Mail
Extensions
• In the early days of the ARPANET, e-mail consisted exclusively of
text messages written in English and expressed in ASCII.
• Nowadays, on the worldwide Internet, this approach is no longer
adequate. The problems include sending and receiving.
• Some problems when using ASCII formatted messages:
 Languages with accents (French, German).
 Languages in non-Latin alphabets(Hebrew, Russian).
 Languages without alphabets (Chinese, Japanese).
 Messages not containing text at all (audio or images).
• MIME adds structure to the message body and defines encoding
rules for non-ASCII messages.
• E mail send messages only in 7 bit ASCII format.
• MIME – supporting protocol – allows non ASCII data to be sent
through e-mail.
• MIME – transforms non ASCII to ASCII.
MIME

RFC 822 headers added by MIME.

Message headers added by MIME


MIME
The MIME types and subtypes defined in RFC
2045.
Message Transfer

Message transfer
agents are daemons
running on mail
servers.

For that we can use
Simple Mail Transfer
Protocol(SMTP).

It uses TCP on port 25.

Transferring a message
from [email protected]
to [email protected]
using SMTP.
Final Delivery

(a) Sending and reading mail when the receiver has a permanent
Internet connection and the user agent runs on the same machine as
the message transfer agent. (b) Reading e-mail when the receiver has
a dial-up connection to an ISP.
POP3
• Post Office Protocol Version
3
• Uses TCP on port 110
• It is used to download
messages from a mail server
to client computers.
IMAP (Internet Message Access Protocol)
• POP3 is not convenient
when users frequently
use different machines
to read email from
servers, as emails have
to be downloaded to
different computers
more or less random
• IMAP can resolve this
issues as emails will be
always on the servers
• A comparison of POP3
and IMAP.
File Transfer Protocol (FTP)
 File Transfer Protocol (FTP) is the standard
mechanism provided by TCP/IP for copying a file
from one host to another.
 FTP differs from other client/server applications in
that it establishes two connections between the
hosts.
­ The control connection uses very simple rules of
communication. We need to transfer only a line
of command or a line of response at a time.
­ The data connection needs more complex rules
due to the variety of data types transferred.
 FTP uses two well-known TCP ports: Port 21 is used for
the control connection, and port 20 is used for the data
connection.
 The client has three components: user interface, client
control process, and the client data transfer process.
 The server has two components: the server control
process and the server data transfer process.
 The control connection is made between the control
processes. The data connection is made between the
data transfer processes.

Fig.FTP
Communication over Control Connection
 FTP uses the same approach as SMTP to communicate across the
control connection.
 It uses the 7-bit ASCII character set. Communication is achieved
through commands and responses. This simple method is adequate for
the control connection because we send one command (or response)
at a time.
 Each command or response is only one short line, so we need not
worry about file format or file structure.

Fig. Using the control connection


Communication over Data Connection
The purpose of the data connection is different
from that of the control connection.
File transfer occurs over the data connection
under the control of the commands sent over
the control connection.

Fig. Communication over Data Connection


However, we should remember that file
transfer in FTP means one of three things:
1.A file is to be copied from the server to the
client. This is called retrieving a file. It is done
under the supervision of the RETR command,
2.A file is to be copied from the client to the
server. This is called storing a file. It is done
under the supervision of the STOR command.
3.A list of directory or file names is to be sent
from the server to the client. This is done
under the supervision of the LIST command.
Note that FTP treats a list of directory or file
names as a file. It is sent over the data
connection.
Anonymous FTP
To use FTP, a user needs an account (user
name) and a password on the remote
server.
Some sites have a set of files available for
public access, to enable anonymous FTP.
To access these files, a user does not need
to have an account or password.
Instead, the user can use anonymous as
the user name and guest as the password.
Security
Cryptography

33 Unit-5 : Application Layer 06/29/25


Introduction to cryptography
 Cryptography means secret writing.
 It refers to the tools and techniques used to make messages
secure for communication between the participants.
 For private communication through public network,
cryptography plays a very crucial role.
 The message to be sent through an unreliable medium is
known as plaintext, which is encrypted before sending over
the medium.
 The encrypted message is known as cipher text, which is
received at the other end of the medium and decrypted to
get back the original plaintext message.
 There are two cryptographic algorithms. They are
 Symmetric key (Secret-key)cryptography
 Asymmetric key (Public key cryptography)cryptography
Cryptography components

Fig. A simple cryptography model

35 Unit-5 : Application Layer 06/29/25


 The cipher, an algorithm that is used for converting the plaintext
to cipher text, operates on a key, which is essentially a specially
generated number (value).
 To decrypt a secret message (cipher text) to get back the original
message (plaintext), a decrypt algorithm uses a decrypt key.
 In symmetric key cryptography, same key is shared, i.e. the same
key is used in both encryption and decryption.
 The algorithm used to decrypt is just the inverse of the algorithm
used for encryption. For example, if addition and division is used
for encryption, multiplication and subtraction are to be used for
decryption.
 Symmetric key cryptography algorithms are simple requiring
lesser execution time. As a consequence, these are commonly
used for long messages.
 However, these algorithms suffer from the following limitations:
 Requirement of large number of unique keys. For example for n users
the number of keys required is n (n-1)/2.
 Distribution of keys among the users in a secured manner is difficult.
Figure :Encryption and decryption

37 Unit-5 : Application Layer 06/29/25


Note:

In cryptography,
the encryption/decryption algorithms
are public; the keys are secret.

38 Unit-5 : Application Layer 06/29/25


Figure :Symmetric-key cryptography

39 Unit-5 : Application Layer 06/29/25


Note:

In symmetric-key cryptography, the


same key is used by the sender (for
encryption) and the receiver (for
decryption). The key is shared.

40 Unit-5 : Application Layer 06/29/25


Note:

In symmetric-key cryptography, the


same key is used in both directions.

41 Unit-5 : Application Layer 06/29/25


Note:

Symmetric-key cryptography is often


used for long messages.

42 Unit-5 : Application Layer 06/29/25


Symmetric-Key Cryptography

Traditional Ciphers
 Substitution cipher
 Monoalphabetic
 Polyalphabetic
 Transposition ciphers

43 Unit-5 : Application Layer 06/29/25


Substitution cipher(substitutes one symbol
with another)
Monoalphabetic Substitution
One simple example of symmetric key
cryptography is the Monoalphabetic substitution.
(a symbol in plaintext is always changed to the
same character)
In this case, the relationship between a character
in the plaintext and a character in the cipher text
is always one-to-one.
An example Monoalphabetic substitution is the
Caesar cipher. In this approach a character in the
cipher text is substituted by another character
shifted by three places, e.g. A is substituted by D.
Key feature of this approach is that it is very
simple but the code can be attacked very easily.
Figure :Caesar cipher

45 Unit-5 : Application Layer 06/29/25


Note:

In monoalphabetic substitution, the


relationship between a character in the
plaintext to the character in the cipher
text is always one-to-one.

46 Unit-5 : Application Layer 06/29/25


Polyalphabetic Substitution
 This is an improvement over the Caesar cipher. Here
the relationship between characters in the plaintext
and a character in the cipher text is always one-to-
many.
 Example of polyalphabetic substitution ( each
occurrence of symbol can have a different
substitute)is the Vigenere cipher.
 In this case, a particular character is substituted by
different characters in the cipher text depending on
its position in the plaintext.
 In figure, the top row shows different characters in the
plaintext and the characters in different bottom rows
show the characters by which a particular character is
to be replaced depending upon its position in different
rows from row-0 to row-25.
 Key feature of this approach is that it is more complex
and the code is harder to attack successfully.
Figure 29.6 Vigenere cipher

48 Unit-5 : Application Layer 06/29/25


Note:

In polyalphabetic substitution, the


relationship between a character in the
plaintext and a character in the cipher
text is one-to-many.

49 Unit-5 : Application Layer 06/29/25


Transpositional Cipher
The transpositional cipher, the characters remain
unchanged but their positions are changed to create
the cipher text.
It illustrates how five lines of a text get modified using
transpositional cipher.
The characters are arranged in two-dimensional matrix
and columns are interchanged according to a key is
shown in the middle portion of the diagram.
The key defines which columns are to be swapped. As
per the key, character of column is to be swapped to
column 3, character of column 2 is to be swapped to
column 6, and so on. Decryption can be done by
swapping in the reverse order using the same key.
Transpositional cipher is also not a very secure
approach. The attacker can find the plaintext by trial
and error utilizing the idea of the frequency of
occurrence of characters.
Figure :Transpositional cipher

51 Unit-5 : Application Layer 06/29/25


Symmetric Key Algorithms:
Block Ciphers
Block ciphers use a block of bits as the unit of
encryption and decryption.
To encrypt a 64-bit block, one has to take each
of the 264 input values and map it to one of
the 264 output values.
The mapping should be one-to-one.
Some operations, such as permutation and
substitution, are performed on the block of bits
based on a key (a secret number) to produce
another block of bits.
In the decryption process, operations are
performed in the reverse order based on the
same key to get back the original block of bits.
Figure :Block cipher

53 Unit-5 : Application Layer 06/29/25


Figure: P-box

Permutation:
•The permutation is performed by a permutation box at the bit-level, which
keeps the number of 0s and 1s same at the input and output.
•Although it can be implemented either by hardware or software, the hardware
implementation is faster.

54 Unit-5 : Application Layer 06/29/25


Figure :S-box

Substitution:
•The substitution is implemented with the help of three building blocks - a decoder,
one p-box and an encoder. For an n-bit input, the decoder produces a 2n bit output
having only one 1, which is applied to the P-box.
•The P-box permutes the output of the decoder and it is applied to the encoder. The
encoder, in turn, produces an n-bit output. For example, if the input to the decoder is
011, the output of the decoder is 00001000. Let the permuted output is 01000000, the
output of the encoder is 011.

55 Unit-5 : Application Layer 06/29/25


A block Cipher: A block cipher realized by
using substitution and permutation
operations is shown in Fig.
It performs the following steps:
Step-1: Divide input into 8-bit pieces
Step-2: Substitute each 8-bit based on
functions derived from the key
Step-3: Permute the bits based on the key
All the above three steps are repeated for an
optimal number of rounds.
Data Encryption Standard (DES)
 One example of the block cipher is the Data Encryption
Standard (DES). Basic features of the DES algorithm are given
below:
 A monoalphabetic substitution cipher using a 64-bit character.
 It has 19 distinct stages.
 Although the input key for DES is 64 bits long, the actual key
used by DES is only 56 bits in length.
 The decryption can be done with the same password; the
stages must then be carried out in reverse order.
 DES has 16 rounds, meaning the main algorithm is repeated
16 times to produce the cipher text.
 As the number of rounds increases, the security of the
algorithm increases exponentially.
 Once the key scheduling and plaintext preparation have been
completed, the actual encryption or decryption is performed
with the help of the main DES algorithm.
Figure :DES

58 Unit-5 : Application Layer 06/29/25


Figure :General scheme of DES

59 Unit-5 : Application Layer 06/29/25


Figure :Iteration block

60 Unit-5 : Application Layer 06/29/25


Figure :Triple DES
Triple DES
Triple DES, popularly known as 3DES, is used to make DES more secure by
effectively increasing the key length. Its operation is explained below:
• Each block of plaintext is subjected to encryption by K1, decryption by K2 and
again encryption by K1 in a sequence as shown in Fig.
• CBC is used to turn the block encryption scheme into a stream encryption scheme.

61 Unit-5 : Application Layer 06/29/25


Note:

The DES cipher uses the same concept


as the Caesar cipher, but the
encryption/decryption algorithm is
much more complex due to the sixteen
48-bit keys derived from a 56-bit key.

62 Unit-5 : Application Layer 06/29/25


Operation Modes
DES can encrypt a block of 64 bits.
However, to encrypt blocks of larger size,
there exist several modes of operation as
follows:
Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
Cipher Feedback Mode (CFB)
Output Feedback Mode (OFB)
Figure :ECB mode

This is part of the regular DES algorithm. Data is divided into 64-bit blocks and each
block is encrypted one at a time separately. Separate encryptions with different
blocks are totally independent of each other.
Disadvantages of ECB
• If a message contains two identical blocks of 64-bits, the cipher text corresponding
to these blocks are identical. This may give some information to the eavesdropper
• Someone can modify or rearrange blocks to his own advantage
• Because of these flaws, ECB is rarely used.

64 Unit-5 : Application Layer 06/29/25


Figure :CBC mode

2. Cipher Block Chaining (CBC)


In this mode of operation, encrypted cipher text of each block of ECB is XORed
with the next
plaintext block to be encrypted, thus making all the blocks dependent on all the
previous blocks. The initialization vector is sent along with data

65 Unit-5 : Application Layer 06/29/25


Figure: CFM

3. Cipher Feedback Mode (CFB)


• In this mode, blocks of plaintext that is less than 64 bits long can be
encrypted.
• This is commonly used with interactive terminals
• It can receive and send k bits (say k=8) at a time in a streamed manner

66 Unit-5 : Application Layer 06/29/25


Figure :CSM

4. Output Feedback Mode (OFB)


Key features of this mode are mentioned below:
•OFB is also a stream cipher
•Encryption is performed by XORing the message with the one-time pad
•One-time pad can be generated in advance
•If some bits of the cipher text get garbled, only those bits of plaintext get
garbled
•The message can be of any arbitrary size
•Less secure than other modes

67 Unit-5 : Application Layer 06/29/25


Public-Key Cryptography

RSA

Choosing Public and Private Keys

68 Unit-5 : Application Layer 06/29/25


Figure :Public-key cryptography

Public key Cryptography


In public key cryptography, there are two keys: a private key and a public key.
•The public key is announced to the public; where as the private key is kept by
the receiver.
•The sender uses the public key of the receiver for encryption and the receiver
uses his private key for decryption as shown in Fig.

69 Unit-5 : Application Layer 06/29/25


Advantages:
The pair of keys can be used with any other
entity .
The number of keys required is small .
Disadvantages:
It is not efficient for long messages .
Association between an entity and its
public key must be verified .
Note:

Public-key algorithms are more


efficient for short messages.

71 Unit-5 : Application Layer 06/29/25


RSA Algorithm
 The most popular public-key algorithm is the RSA (named after
their inventors Rivest, Shamir and Adleman) as shown in Fig. Key
features of the RSA algorithm are given below:
 Public key algorithm that performs encryption as well as
decryption based on number theory
 Variable key length; long for enhanced security and short for
efficiency (typical 512 bytes)
 Variable block size, smaller than the key length
 The private key is a pair of numbers (d, n) and the public key is
also a pair of numbers (e, n)
 Choose two large primes p and q (typically around 256 bits)
 Compute n = p x q and z = (p-1)x(q-1)
 Choose a number d relatively prime to z
 Find e such that e x d mod (p-1)x(q-1) = 1
 For encryption: C = Pe (mod n)
 For decryption: P = Cd (mod n)
Figure :RSA

73 Unit-5 : Application Layer 06/29/25


END
(Effort Never
Dies)
74 Unit-5 : Application Layer 06/29/25

You might also like