Application Layer

1
Application Layer

• Overall objective
• Facilitate end-user requirements
• Case Study Internet
• E-mail
• WWW
• Multimedia
• Remote Login
• File transfer
• Require support protocols to assist applications.

2
Issues

• Security
• Network Complexity
• Network Mgt.
• Global Naming System

3
Security

• Increasingly important Issue
• Multi-faceted
• Can be built into all layers
• Phy Fibre optic
• Network Firewall
• App. Layer
• Cryptography/ Encyyption
• Anti-virus protection
• Intrusion Detection Products (Anti-hacking)

4
Cryptography

• E? ?D
  
• EEncryption
• D Decryption
• C EK (P) k encr. key
• P DK (C) k decr. key

Plaintext
Ciphertext
Plaintext
5
(No Transcript)
6
Encryption Methods

• Substitution vs Transposition Ciphers
• Substitution Cipher (SC)
• Replace each plaintext entity with another
• Eg. abcdef.. repl with qwerty
• Can use statistical properties of language to
  break
• deduce that e ? t etc..

7
Encryption Methods

• Transposition Cipher (TC)
• reorder plaintext entities
• use of key
• easy to detect a TC by stats. ? need to guess key
  length

8
(No Transcript)
9
Encryption algorithms

• Secret vs Public Key.
• Secret Key
• End users share a secret key
• Same key used for encr./decr.
• Secure key distribution is main concern
• Eg. DES (Data Encryption Standard), IDEA
• Use of Product Ciphers (P-box, S-box)

10
Product Ciphers

• P-box
• Transposition stage
• Eg. 11000000 ? 00101000 (reorder)
• S-box
• Substitution using decoder/P-box/encoder
• Eg. 111 ? 011
• Can be implemented v. quickly

11
(No Transcript)
12
DES

• 64 bit blocks
• 56 bit key
• 16 iterations each uses a diff section of the
  key
• iteration
• (left input XOR fn(right input and key
  section))

13
(No Transcript)
14
Successor to DES ?

• DES adopted by US in 1977
• Modifications to improve performance (Triple DES)
• Inadequate due to computing power
• 2001 New Advanced Encryption Standard (AES)
  standard (Dept. Commerce NIST)
• Based on Rijndael algorithm
• Rijmen Daemem
• 128,192 256 bit keys
• Faster than Triple DES
• www.nist.gov/aes

15
Public Key

• Different keys used for encr./decr.
• encr. key public
• decr. key private
• gt no key distribution security concerns
• but difficult to satisfy reqds.
• Eg. RSA (Rivest, Shamir and Adleman)

16
RSA

• C Pe mod n (e,n) public key
• P Cd mod n (d,n) private key
• Based on factoring of large numbers
• Computationally intensive gt slow to impl.
• Used a lot to distribute Secret KeysSecret Key
  then used for data transfer.

17
(No Transcript)
18
http///www.rsasecurity.com
19
PKI Public Key Infrastructure

• System of components to secure online
  transactions
• Authentication
• Encryption
• Based on Digital Certificates Public-key
  encryption
• PKI System Components
• Registration Authority
• Certificate Authority
• Directory

20
PKI

• Digital Certificate
• Attachment to Transaction
• Authenticate identity of sender
• Authenticate Certificate issuer
• Provide Public encryption keys

21
PKI

• Registration Authority
• Filters certificate requests
• If OK passes onto CA
• Certificate Authority
• Issues certificates from a directory
• Directory
• Database of certificates and public keys

22
PKI

• Different vendors
• Baltimore Technologies/ RSASecurity/ VeriSign
• Interoperability issues
• Different Standards
• X.509 (www.itu.int/itudoc/itu-t/rec/x/x500up/x509.
  html)
• PKIX (www.ietf.org/html.charters/pkix-charter.html
  )
• Security of Private Key critical
• Potential Use of Smart Card technology

23
Global naming system

• Internet ?00 million hosts
• Unique IP address..need for IPv6
• Also require unique hostname for
  user-friendliness gt danger of name
  conflict/clash on global scale
• Require Mgt. of naming system
• DNS (Domain Name System)

24
DNS

• Hierarchical domain based sys.
• Distributed database
• Maps host names, e-mail addresses and URLs to
  Resource Records which includes IP address
• Typically gt 1 DNS Server
• Windows
• Control Panel gt Network gt Protocols gt
  Properties gt DNS
• Also ipconfig /all

25
Hierarchical Domain Sys.

• Top level generic or country
• .com commercial
• .edu educational
• .org non-profit organisation
• .ie Ireland

26
(No Transcript)
27
Distributed Database (Directory Info. Base DIB)

• Distributed sys. of name servers
• Local name servers maintain records for local
  domain..and redirects queries (using UDP) for
  remote hosts
• Resource records
• IP address
• Time-to-live (caching) ..etc

28
(No Transcript)
29
(No Transcript)
30
Internet Applications

• WWW/HTTP
• FTP
• Telnet
• E-mail
• Internet based Multimedia
• Webcast
• MBone
• Protocols RTP, UDP, SIP,RSVP

31
WWW (World Wide Web)

• Application that runs on the Internet
• client-server system
• Client Browser fetches pages, interprets
  formatting and displays page on screen. Fetches
  page by establishing a TCP connection to the
  machine where page is located (web page server).

32
WWW

• Web server Server process listens to port 80 for
  incoming TCP connections from clients.
• HTTP Hyper Text Transfer Protocol .. protocol
  that defines the format of requests and replies
  in the client/server model..

33
(No Transcript)
34
(No Transcript)
35
URL

• Uniform Resource Locator
• Each web page must be individually named
  (worldwide)
• Each page assigned an URL
• 3 parts
• Where page is locatedDNS of machine that
  contains the web page
• What page is locally called
• How to access it HTTP protocol

36
URL

• Course notes on Geminga
• HOW WHERE WHAT
• http//www.it.nuigalway.ie/staff/h_melvin/hm_main.
  html

37
Example netstat -r

• Active Connections
• Proto Local Address Foreign Address
  State
• TCP bibio1651 geminga.nuigalway.ie
  telnet ESTABLISHED
• TCP bibio1693 standards.ieee.org8
  0 ESTABLISHED
• TCP bibio1688 bodkin.nuigalway.ie
  pop3 TIME_WAIT
• TCP bibio1699 geminga.nuigalway.ie
  80 ESTABLISHED

• Two TCP Geminga connections (Telnet/WWW)
• One WWW connection to IEEE (port 80)
• TCP email connection to bodkin