Application Layer - National University of Ireland, Galway
Download
Report
Transcript Application Layer - National University of Ireland, Galway
Application Layer
• Overall objective
– Facilitate end-user requirements
• Case Study: Internet
• E-mail
WWW
Multimedia
Remote Login
File transfer
Require support protocols to assist applications.
Hugh Melvin, Dept. IT, NUI,G
1
Issues
• Security
Network Complexity
Network Mgt.
Global Naming System
Hugh Melvin, Dept. IT, NUI,G
2
Security
• Increasingly important Issue
– Multi-faceted
Can be built into all layers
Phy : Fibre optic
Network : Firewall
App. Layer:
Cryptography/ Encyyption
Anti-virus protection
Intrusion Detection Products (Anti-hacking)
Hugh Melvin, Dept. IT, NUI,G
3
Cryptography
Plaintext
•
•
•
•
E Ciphertext
D
Plaintext
E:Encryption
D: Decryption
C = EK (P) …k = encr. key
P = DK (C) …k = decr. key
Hugh Melvin, Dept. IT, NUI,G
4
Hugh Melvin, Dept. IT, NUI,G
5
Encryption Methods
• Substitution vs Transposition Ciphers
Substitution Cipher (SC)
Replace each plaintext entity with another
Eg.
abcdef….. repl with qwerty…
Can use statistical properties of language to break
deduce that e t etc..
Hugh Melvin, Dept. IT, NUI,G
6
Encryption Methods
Transposition Cipher (TC)
reorder plaintext entities
use of key
easy to detect a TC by stats. need to guess
key length
Hugh Melvin, Dept. IT, NUI,G
7
Hugh Melvin, Dept. IT, NUI,G
8
Encryption algorithms
• Secret vs Public Key.
Secret Key
End users share a secret key
Same key used for encr./decr.
Secure key distribution is main concern
Eg. DES (Data Encryption Standard), IDEA
Use of Product Ciphers (P-box, S-box)
Hugh Melvin, Dept. IT, NUI,G
9
Product Ciphers
P-box
Transposition stage
Eg. 11000000 00101000 (reorder)
S-box
Substitution using decoder/P-box/encoder
Eg. 111 011
Can be implemented v. quickly
Hugh Melvin, Dept. IT, NUI,G
10
Hugh Melvin, Dept. IT, NUI,G
11
DES
•
64 bit blocks
56 bit key
16 iterations : each uses a diff section of the key
iteration :
(left input XOR fn(right input and key section))
Hugh Melvin, Dept. IT, NUI,G
12
Hugh Melvin, Dept. IT, NUI,G
13
Successor to DES ?
• DES adopted by US in 1977
– Modifications to improve performance (Triple DES)
– Inadequate due to computing power
• 2001: New Advanced Encryption Standard (AES)
standard (Dept. Commerce NIST)
– Based on Rijndael algorithm
• Rijmen & Daemem
• 128,192 & 256 bit keys
• Faster than Triple DES
– www.nist.gov/aes
Hugh Melvin, Dept. IT, NUI,G
14
Public Key
• Different keys used for encr./decr.
encr. key public
decr. key private
=> no key distribution security concerns
but… difficult to satisfy reqds.
Eg. RSA (Rivest, Shamir and Adleman)
Hugh Melvin, Dept. IT, NUI,G
15
RSA
• C = Pe mod n … (e,n) = public key
P = Cd mod n … (d,n) = private key
Based on factoring of large numbers
Computationally intensive => slow to impl.
Used a lot to distribute Secret Keys…Secret Key then
used for data transfer.
Hugh Melvin, Dept. IT, NUI,G
16
Hugh Melvin, Dept. IT, NUI,G
17
http:///www.rsasecurity.com
Hugh Melvin, Dept. IT, NUI,G
18
PKI: Public Key Infrastructure
• System of components to secure online
transactions
– Authentication
– Encryption
• Based on Digital Certificates & Public-key
encryption
• PKI System Components
– Registration Authority
– Certificate Authority
– Directory
Hugh Melvin, Dept. IT, NUI,G
19
PKI
• Digital Certificate
– Attachment to Transaction
• Authenticate identity of sender
• Authenticate Certificate issuer
• Provide Public encryption keys
Hugh Melvin, Dept. IT, NUI,G
20
PKI
• Registration Authority
– Filters certificate requests
– If OK passes onto CA
• Certificate Authority
– Issues certificates from a directory
• Directory
– Database of certificates and public keys
Hugh Melvin, Dept. IT, NUI,G
21
PKI
• Different vendors
– Baltimore Technologies/ RSASecurity/ VeriSign
– Interoperability issues
• Different Standards
– X.509 (www.itu.int/itudoc/itu-t/rec/x/x500up/x509.html)
– PKIX (www.ietf.org/html.charters/pkix-charter.html)
• Security of Private Key critical
– Potential Use of Smart Card technology
Hugh Melvin, Dept. IT, NUI,G
22
Global naming system
• Internet: ?00 million hosts
• Unique IP address..need for IPv6
• Also require unique hostname for user-friendliness
=> danger of name conflict/clash on global scale
Require Mgt. of naming system
DNS (Domain Name System)
Hugh Melvin, Dept. IT, NUI,G
23
DNS
• Hierarchical domain based sys.
Distributed database
Maps host names, e-mail addresses and URLs to
Resource Records which includes IP address
Typically > 1 DNS Server
Windows
Control Panel => Network => Protocols => Properties => DNS
Also ipconfig /all
Hugh Melvin, Dept. IT, NUI,G
24
Hierarchical Domain Sys.
Top level: generic or country
– .com = commercial
– .edu = educational
– .org = non-profit organisation
– .ie = Ireland
Hugh Melvin, Dept. IT, NUI,G
25
Hugh Melvin, Dept. IT, NUI,G
26
Distributed Database (Directory Info.
Base DIB)
Distributed sys. of name servers
Local name servers maintain records for local
domain..and redirects queries (using UDP) for
remote hosts
Resource records:
IP address
Time-to-live (caching) ..etc
Hugh Melvin, Dept. IT, NUI,G
27
Hugh Melvin, Dept. IT, NUI,G
28
Hugh Melvin, Dept. IT, NUI,G
29
Internet Applications
•
•
•
•
•
WWW/HTTP
FTP
Telnet
E-mail
Internet based Multimedia
– Webcast
– MBone
– Protocols: RTP, UDP, SIP,RSVP
Hugh Melvin, Dept. IT, NUI,G
30
WWW (World Wide Web)
• Application that runs on the Internet
client-server system
Client Browser : fetches pages, interprets
formatting and displays page on screen. Fetches
page by establishing a TCP connection to the
machine where page is located (web page server).
Hugh Melvin, Dept. IT, NUI,G
31
WWW
Web server: Server process listens to port 80 for
incoming TCP connections from clients.
HTTP : Hyper Text Transfer Protocol .. protocol
that defines the format of requests and replies in
the client/server model..
Hugh Melvin, Dept. IT, NUI,G
32
Hugh Melvin, Dept. IT, NUI,G
33
Hugh Melvin, Dept. IT, NUI,G
34
URL
Uniform Resource Locator
Each web page must be individually named
(worldwide)
Each page assigned an URL
3 parts
– Where page is located…DNS of machine that
contains the web page …
– What page is locally called …
– How to accessHugh
it…
HTTP
protocol
Melvin, Dept. IT, NUI,G
35
URL
• Course notes on Geminga
HOW
WHERE
WHAT
http://www.it.nuigalway.ie/staff/h_melvin/hm_main.html
Hugh Melvin, Dept. IT, NUI,G
36
Example netstat -r
Active Connections
Proto
TCP
TCP
TCP
TCP
Local Address
bibio:1651
bibio:1693
bibio:1688
bibio:1699
Foreign Address
State
geminga.nuigalway.ie:telnet ESTABLISHED
standards.ieee.org:80
ESTABLISHED
bodkin.nuigalway.ie:pop3 TIME_WAIT
geminga.nuigalway.ie:80
ESTABLISHED
• Two TCP Geminga connections (Telnet/WWW)
• One WWW connection to IEEE (port 80)
• TCP email connection to bodkin
Hugh Melvin, Dept. IT, NUI,G
37