Mohsenian-Rad: Network Security
Download
Report
Transcript Mohsenian-Rad: Network Security
Summer Workshop on Cyber Security
Computer Networks Security (Part 1)
Dr. Hamed Mohsenian-Rad
University of California at Riverside and Texas Tech University
July 14- 18, 2014
Supported by National Science Foundation
Overview of Computer Networks
Internet: Millions of
connected computing devices:
•
End systems / Hosts
(Running Net Apps)
•
Communication Links
(Wired or Wireless)
•
Routers and Switches
(Forward “Packets”)
mobile network
global ISP
home
network
regional ISP
institutional
network
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
2
Overview of Computer Networks
Network of Networks
•
•
•
•
ISPs
Institutional Networks
Home Networks
Mobile Networks
mobile network
global ISP
home
network
regional ISP
Internet Protocols:
•
Control Sending &
Receiving of Messages
•
E.g.: TCP, IP, HTTP, 802.11
institutional
network
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
3
What is a Protocol?
Human Protocol:
•
“What time is it?”, “I have a question.”, …
Network Protocols:
•
Machines instead of humans.
Protocols define format and order of messages sent and
received among network entities, and actions taken on
message transmission and message receipt.
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
4
What is a Protocol?
Protocols define the interaction sequences over time:
Hi
TCP connection
request
Hi
TCP connection
response
Got the
time?
Get http://www.awl.com/kurose-ross
2:00
<file>
Time
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
5
Protocol Layers
Networks are complex with many “pieces”:
•
•
•
•
•
•
•
•
•
Hosts
Routers
Wired Links
Wireless Links
Applications
Protocols
Hardware
Software
…
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
6
Protocol Layers
Networks are complex with many “pieces”:
•
•
•
•
•
•
•
•
•
Hosts
Routers
Wired Links
Wireless Links
Applications
Protocols
Hardware
Software
…
Q: How can we organize
the structure of networks?
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
7
Example: Organization of Air Travel
A
series of steps are taken at different “layers” :
ticket (purchase)
ticket (complain)
baggage (check)
baggage (claim)
gates (load)
gates (unload)
runway takeoff
runway landing
airplane routing
airplane routing
airplane routing
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
8
Example: Organization of Air Travel
Each layer implements a “service”:
Via its own “internal-layer” actions.
ticket (purchase)
ticket (complain)
ticket
baggage (check)
baggage (claim
baggage
gates (load)
gates (unload)
gate
runway (takeoff)
runway (land)
takeoff/landing
airplane routing
airplane routing
airplane routing
departure
airport
airplane routing
airplane routing
intermediate air-traffic
control centers
arrival
airport
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
9
Internet Protocol Stack
Application
There are five layers in Internet
Protocol Stack with different
functionalities and protocols.
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
10
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
11
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
12
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
13
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport: Process-to-process
data transfer
TCP, UDP
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
14
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport: Process-to-process
data transfer
Transport
TCP, UDP
Network
Link
They all use TCP Protocol for
“reliable” data transmission.
(Socket Programming)
(Each socket has a port #)
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
Physical
15
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport: Process-to-process
data transfer
TCP, UDP
Network: Routing from source to destination
IP, Routing Protocols
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
16
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport: Process-to-process
data transfer
TCP, UDP
Network: Routing from source to destination
IP, Routing Protocols
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
17
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport: Process-to-process
data transfer
TCP, UDP
Network: Routing from source to destination
IP, Routing Protocols
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
18
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport: Process-to-process
TCP, UDP
Network: Routing from source to destination
data transfer
IP, Routing Protocols
Link: Routing from source to destination
Transport
Network
Link
Physical
Ethernet, IEEE 802.11 (WiFi)
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
19
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport: Process-to-process
TCP, UDP
Network: Routing from source to destination
data transfer
IP, Routing Protocols
Link: Routing from source to destination
Transport
Network
Link
Physical
Ethernet, IEEE 802.11 (WiFi)
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
20
Internet Protocol Stack
Application: Supporting
network apps
FTP, HTTP, SMTP, Skype
Application
Transport: Process-to-process
IP, Routing Protocols
Link: Routing from source to destination
TCP, UDP
Network: Routing from source to destination
data transfer
Transport
Network
Link
Physical
Ethernet, IEEE 802.11 (WiFi)
Physical: Bit-by-bit transmission
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
21
Packets
Network communications are essentially 0-1 bit streams:
But we break down bit streams to small bit chunks = packets.
The
packet at each layer:
Can have different names (frame, segment, etc.)
Can have different sizes
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
22
Packets
Application
Transport
Network
Link
Physical
Message
Segment
Datagram
Frame
Application
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
23
Packet Headers
Protocol at each layer adds its own “headers” for “control data”.
Application
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
24
Packet Headers
Protocol at each layer adds its own “headers” for “control data”.
Application
Message
Transport
Network
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
25
Packet Headers
Protocol at each layer adds its own “headers” for “control data”.
Application
Transport
Network
Segment
Message
HT
Used by TCP and UDP
Link
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
26
Packet Headers
Protocol at each layer adds its own “headers” for “control data”.
Application
Transport
Network
Link
Datagram
Message
HT HN
Used by IP, Routing
Physical
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
27
Packet Headers
Protocol at each layer adds its own “headers” for “control data”.
Application
Transport
Used by Ethernet, …
Network
Link
Physical
Message
HT HN HL
Frame
Summer Workshop on Cyber Security July 14 - 18 , 2014 – Network Security, UCR & TTU
28