DOCSLIB.ORG

Ipsec and SSL/TLS Cryptography 2, Part 2, Lecture 5

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ipsec and SSL/TLS Cryptography 2, Part 2, Lecture 5 IPsec and SSL/TLS Cryptography 2, Part 2, Lecture 5 Ruben Niederhagen June 2nd, 2014 / department of mathematics and computer science I application layer security (SSH, S-MIME, PGP, ::: ) I transport layer security (TLS/SSL, ::: ) I network layer security (IPsec, ::: ) I data-link layer security (WEP, WPA, WPA2, ::: ) Cryptography in the TCP/IP stack 2/38 application layer application data (HTTP, SMTP...) application layer transport layer session (TCP, UDP, ...) transport layer network layer IP packets network layer data-link layer frames data-link layer physical layer physical layer Alice Bob / department of mathematics and computer science Cryptography in the TCP/IP stack 2/38 application layer application data (HTTP, SMTP...) application layer transport layer session (TCP, UDP, ...) transport layer network layer IP packets network layer data-link layer frames data-link layer physical layer physical layer Alice Bob I application layer security (SSH, S-MIME, PGP, ::: ) I transport layer security (TLS/SSL, ::: ) I network layer security (IPsec, ::: ) I data-link layer security (WEP, WPA, WPA2, ::: ) / department of mathematics and computer science data-link layer security Data-Link Layer Security 3/38 I encrypt all network packets between network links, e.g., WAP2 I point-to-point security between network interfaces I transparent encryption and decryption for higher layers I authentication between endpoints / department of mathematics and computer science Data-Link Layer Security 3/38 data-link layer security I encrypt all network packets between network links, e.g., WAP2 I point-to-point security between network interfaces I transparent encryption and decryption for higher layers I authentication between endpoints / department of mathematics and computer science network layer security Network Layer Security 4/38 Internet LAN router ISP router I encrypt IP packets, main protocol IPsec I point-to-point security between entities identified by IP addresses, e.g. routers, firewalls I routers encrypt and decrypt unnoticed by higher layers I authentication of routers to each other / department of mathematics and computer science Network Layer Security 4/38 network layer security Internet LAN router ISP router I encrypt IP packets, main protocol IPsec I point-to-point security between entities identified by IP addresses, e.g. routers, firewalls I routers encrypt and decrypt unnoticed by higher layers I authentication of routers to each other / department of mathematics and computer science transport layer security Transport Layer Security 5/38 Internet web server application server I encrypt sessions and messages, e.g. TLS/SSL I communication between web browser and server, or email clients and servers I entities identified by connections, port numbers I encrypt and authenticate sessions / department of mathematics and computer science Transport Layer Security 5/38 transport layer security Internet web server application server I encrypt sessions and messages, e.g. TLS/SSL I communication between web browser and server, or email clients and servers I entities identified by connections, port numbers I encrypt and authenticate sessions / department of mathematics and computer science Transport Layer Security 5/38 transport layer security Internet web server application server I encrypt sessions and messages, e.g. TLS/SSL I communication between web browser and server, or email clients and servers I entities identified by connections, port numbers I encrypt and authenticate sessions / department of mathematics and computer science SMTP transport layer security IMAP transport layer security Transport Layer Security 6/38 mail server Internet mail server / department of mathematics and computer science Transport Layer Security 6/38 SMTP transport layer security mail server Internet IMAP transport layer security mail server / department of mathematics and computer science Transport Layer Security 6/38 SMTP transport layer security mail server Internet IMAP transport layer security mail server / department of mathematics and computer science application layer security Application Layer Security 7/38 Internet mail server mail server I add security to standard message formats (e.g. S/MIME) I for email: entire link between two user mail clients is protected I authentication of sender and data I end users have control over their keys (but need to know what they are doing, how to use PKI) I end-to-end security / department of mathematics and computer science Application Layer Security 7/38 application layer security Internet mail server mail server I add security to standard message formats (e.g. S/MIME) I for email: entire link between two user mail clients is protected I authentication of sender and data I end users have control over their keys (but need to know what they are doing, how to use PKI) I end-to-end security / department of mathematics and computer science 8/38 Network Layer Security IPsec / department of mathematics and computer science IPsec 9/38 IP packet: IP header IP data (payload) IPsec was mandatory for IPv6 and is now optional; optional for IPv4. IPsec provides cryptographic functionality to protect IP packets: I packet integrity, I packet origin authentication, I confidentiality, I some traffic flow confidentiality, I protection against replay attacks. IPsec protocols I AH - Authentication Header, I ESP - Encapsulating Security Payload. / department of mathematics and computer science I Message authentication/integrity: Hash-based Message Authentication Code (HMAC), Must have: • HMAC-SHA1-96. May have: • HMAC-MD5-96. These are symmetric algorithms, need a pre-shared secret key. IPsec - crypto algorithms 10/38 See RFC4835 I Encryption: block ciphers in Cipher Block Chaining (CBC) mode. Must have: • no encryption, • AES-CBC with 128-bit keys, • TripleDES-CBC (168-bit keys). / department of mathematics and computer science These are symmetric algorithms, need a pre-shared secret key. IPsec - crypto algorithms 10/38 See RFC4835 I Encryption: block ciphers in Cipher Block Chaining (CBC) mode. Must have: • no encryption, • AES-CBC with 128-bit keys, • TripleDES-CBC (168-bit keys). I Message authentication/integrity: Hash-based Message Authentication Code (HMAC), Must have: • HMAC-SHA1-96. May have: • HMAC-MD5-96. / department of mathematics and computer science IPsec - crypto algorithms 10/38 See RFC4835 I Encryption: block ciphers in Cipher Block Chaining (CBC) mode. Must have: • no encryption, • AES-CBC with 128-bit keys, • TripleDES-CBC (168-bit keys). I Message authentication/integrity: Hash-based Message Authentication Code (HMAC), Must have: • HMAC-SHA1-96. May have: • HMAC-MD5-96. These are symmetric algorithms, need a pre-shared secret key. / department of mathematics and computer science SA parameters: I sequence number, sequence number overflow, I anti-replay window, I AH information: authentication algorithm, key, key lifetime, etc., I ESP information: encryption algorithm, key, key lifetime, etc., I lifetime of the SA, I IPsec protocol mode (tunnel, transport, see below), I maximal packet size. IPsec – Security Associations 11/38 I Concept to formalize unidirectional security relationships between two parties. I Enforce security policy defined in Security Policy Database (SPDB). I Security Association Database (SADB) contains list of active security associations (SA). / department of mathematics and computer science IPsec – Security Associations 11/38 I Concept to formalize unidirectional security relationships between two parties. I Enforce security policy defined in Security Policy Database (SPDB). I Security Association Database (SADB) contains list of active security associations (SA). SA parameters: I sequence number, sequence number overflow, I anti-replay window, I AH information: authentication algorithm, key, key lifetime, etc., I ESP information: encryption algorithm, key, key lifetime, etc., I lifetime of the SA, I IPsec protocol mode (tunnel, transport, see below), I maximal packet size. / department of mathematics and computer science A security association can be used I for one communication direction (bidirectional needs two SAs), I for AH or ESP; can be combined, e.g. ESP then AH. SAs are negotiated by public-key mechanisms (see below). IPsec – Security Associations 12/38 The Security Policy Database describes how to treat certain IP packets (BYPASS, DISCARD, PROTECT). Which SA to use for certain traffic is derived from selectors such as I destination IP address, I source IP address, I transport layer protocol, I source and destination ports. Most selectors are read off from the IP packet (headers). / department of mathematics and computer science IPsec – Security Associations 12/38 The Security Policy Database describes how to treat certain IP packets (BYPASS, DISCARD, PROTECT). Which SA to use for certain traffic is derived from selectors such as I destination IP address, I source IP address, I transport layer protocol, I source and destination ports. Most selectors are read off from the IP packet (headers). A security association can be used I for one communication direction (bidirectional needs two SAs), I for AH or ESP; can be combined, e.g. ESP then AH. SAs are negotiated by public-key mechanisms (see below). / department of mathematics and computer science Tunnel mode: I entire IP packet is protected (i.e. IP header and data), I becomes the payload of a new IP packet, I may contain different source and destination addresses, I provides data flow confidentiality to some extent, I can be used between hosts, gateways
Load more

Recommended publications
  • Solutions to Chapter 2
    CS413 Computer Networks ASN 4 Solutions Solutions to Assignment #4 3. What difference does it make to the network layer if the underlying data link layer provides a connection-oriented service versus a connectionless service? [4 marks] Solution: If the data link layer provides a connection-oriented service to the network layer, then the network layer must precede all transfer of information with a connection setup procedure (2). If the connection-oriented service includes assurances that frames of information are transferred correctly and in sequence by the data link layer, the network layer can then assume that the packets it sends to its neighbor traverse an error-free pipe. On the other hand, if the data link layer is connectionless, then each frame is sent independently through the data link, probably in unconfirmed manner (without acknowledgments or retransmissions). In this case the network layer cannot make assumptions about the sequencing or correctness of the packets it exchanges with its neighbors (2). The Ethernet local area network provides an example of connectionless transfer of data link frames. The transfer of frames using "Type 2" service in Logical Link Control (discussed in Chapter 6) provides a connection-oriented data link control example. 4. Suppose transmission channels become virtually error-free. Is the data link layer still needed? [2 marks – 1 for the answer and 1 for explanation] Solution: The data link layer is still needed(1) for framing the data and for flow control over the transmission channel. In a multiple access medium such as a LAN, the data link layer is required to coordinate access to the shared medium among the multiple users (1).
    [Show full text]
  • Logical Link Control and Channel Scheduling for Multichannel Underwater Sensor Networks
    ICST Transactions on Mobile Communications and Applications Research Article Logical Link Control and Channel Scheduling for Multichannel Underwater Sensor Networks Jun Li ∗, Mylene` Toulgoat, Yifeng Zhou, and Louise Lamont Communications Research Centre Canada, 3701 Carling Avenue, Ottawa, ON. K2H 8S2 Canada Abstract With recent developments in terrestrial wireless networks and advances in acoustic communications, multichannel technologies have been proposed to be used in underwater networks to increase data transmission rate over bandwidth-limited underwater channels. Due to high bit error rates in underwater networks, an efficient error control technique is critical in the logical link control (LLC) sublayer to establish reliable data communications over intrinsically unreliable underwater channels. In this paper, we propose a novel protocol stack architecture featuring cross-layer design of LLC sublayer and more efficient packet- to-channel scheduling for multichannel underwater sensor networks. In the proposed stack architecture, a selective-repeat automatic repeat request (SR-ARQ) based error control protocol is combined with a dynamic channel scheduling policy at the LLC sublayer. The dynamic channel scheduling policy uses the channel state information provided via cross-layer design. It is demonstrated that the proposed protocol stack architecture leads to more efficient transmission of multiple packets over parallel channels. Simulation studies are conducted to evaluate the packet delay performance of the proposed cross-layer protocol stack architecture with two different scheduling policies: the proposed dynamic channel scheduling and a static channel scheduling. Simulation results show that the dynamic channel scheduling used in the cross-layer protocol stack outperforms the static channel scheduling. It is observed that, when the dynamic channel scheduling is used, the number of parallel channels has only an insignificant impact on the average packet delay.
    [Show full text]
  • Physical Layer Overview
    ELEC3030 (EL336) Computer Networks S Chen Physical Layer Overview • Physical layer forms the basis of all networks, and we will first revisit some of fundamental limits imposed on communication media by nature Recall a medium or physical channel has finite Spectrum bandwidth and is noisy, and this imposes a limit Channel bandwidth: on information rate over the channel → This H Hz is a fundamental consideration when designing f network speed or data rate 0 H Type of medium determines network technology → compare wireless network with optic network • Transmission media can be guided or unguided, and we will have a brief review of a variety of transmission media • Communication networks can be classified as switched and broadcast networks, and we will discuss a few examples • The term “physical layer protocol” as such is not used, but we will attempt to draw some common design considerations and exams a few “physical layer standards” 13 ELEC3030 (EL336) Computer Networks S Chen Rate Limit • A medium or channel is defined by its bandwidth H (Hz) and noise level which is specified by the signal-to-noise ratio S/N (dB) • Capability of a medium is determined by a physical quantity called channel capacity, defined as C = H log2(1 + S/N) bps • Network speed is usually given as data or information rate in bps, and every one wants a higher speed network: for example, with a 10 Mbps network, you may ask yourself why not 10 Gbps? • Given data rate fd (bps), the actual transmission or baud rate fb (Hz) over the medium is often different to fd • This is for
    [Show full text]
  • Telematics Chapter 3: Physical Layer
    Telematics User Server watching with video Chapter 3: Physical Layer video clip clips Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Data Link Layer Data Link Layer Data Link Layer Physical Layer Physical Layer Physical Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller Computer Systems and Telematics (CST) Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Theoretical Basis for Data Communication ● Analog Data and Digital Signals ● Data Encoding ● Transmission Media ● Guided Transmission Media ● Wireless Transmission (see Mobile Communications) ● The Last Mile Problem ● Multiplexing ● Integrated Services Digital Network (ISDN) ● Digital Subscriber Line (DSL) ● Mobile Telephone System Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 3: Physical Layer 3.2 Design Issues Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 3: Physical Layer 3.3 Design Issues ● Connection parameters ● mechanical OSI Reference Model ● electric and electronic Application Layer ● functional and procedural Presentation Layer ● More detailed ● Physical transmission medium (copper cable, Session Layer optical fiber, radio, ...) ● Pin usage in network connectors Transport Layer ● Representation of raw bits (code, voltage,…) Network Layer ● Data rate ● Control of bit flow: Data Link Layer ● serial or parallel transmission of bits Physical Layer ● synchronous or asynchronous transmission ● simplex, half-duplex, or full-duplex transmission mode Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 3: Physical Layer 3.4 Design Issues Transmitter Receiver Source Transmission System Destination NIC NIC Input Abcdef djasdja dak jd ashda kshd akjsd asdkjhasjd as kdjh askjda Univ.-Prof.
    [Show full text]
  • Ipv6-Ipsec And
    IPSec and SSL Virtual Private Networks ITU/APNIC/MICT IPv6 Security Workshop 23rd – 27th May 2016 Bangkok Last updated 29 June 2014 1 Acknowledgment p Content sourced from n Merike Kaeo of Double Shot Security n Contact: [email protected] Virtual Private Networks p Creates a secure tunnel over a public network p Any VPN is not automagically secure n You need to add security functionality to create secure VPNs n That means using firewalls for access control n And probably IPsec or SSL/TLS for confidentiality and data origin authentication 3 VPN Protocols p IPsec (Internet Protocol Security) n Open standard for VPN implementation n Operates on the network layer Other VPN Implementations p MPLS VPN n Used for large and small enterprises n Pseudowire, VPLS, VPRN p GRE Tunnel n Packet encapsulation protocol developed by Cisco n Not encrypted n Implemented with IPsec p L2TP IPsec n Uses L2TP protocol n Usually implemented along with IPsec n IPsec provides the secure channel, while L2TP provides the tunnel What is IPSec? Internet IPSec p IETF standard that enables encrypted communication between peers: n Consists of open standards for securing private communications n Network layer encryption ensuring data confidentiality, integrity, and authentication n Scales from small to very large networks What Does IPsec Provide ? p Confidentiality….many algorithms to choose from p Data integrity and source authentication n Data “signed” by sender and “signature” verified by the recipient n Modification of data can be detected by signature “verification”
    [Show full text]
  • Data Link Layer
    Data link layer Goals: ❒ Principles behind data link layer services ❍ Error detection, correction ❍ Sharing a broadcast channel: Multiple access ❍ Link layer addressing ❍ Reliable data transfer, flow control: Done! ❒ Example link layer technology: Ethernet Link layer services Framing and link access ❍ Encapsulate datagram: Frame adds header, trailer ❍ Channel access – if shared medium ❍ Frame headers use ‘physical addresses’ = “MAC” to identify source and destination • Different from IP address! Reliable delivery (between adjacent nodes) ❍ Seldom used on low bit error links (fiber optic, co-axial cable and some twisted pairs) ❍ Sometimes used on high error rate links (e.g., wireless links) Link layer services (2.) Flow Control ❍ Pacing between sending and receiving nodes Error Detection ❍ Errors are caused by signal attenuation and noise. ❍ Receiver detects presence of errors signals sender for retrans. or drops frame Error Correction ❍ Receiver identifies and corrects bit error(s) without resorting to retransmission Half-duplex and full-duplex ❍ With half duplex, nodes at both ends of link can transmit, but not at same time Multiple access links / protocols Two types of “links”: ❒ Point-to-point ❍ PPP for dial-up access ❍ Point-to-point link between Ethernet switch and host ❒ Broadcast (shared wire or medium) ❍ Traditional Ethernet ❍ Upstream HFC ❍ 802.11 wireless LAN MAC protocols: Three broad classes ❒ Channel Partitioning ❍ Divide channel into smaller “pieces” (time slots, frequency) ❍ Allocate piece to node for exclusive use ❒ Random
    [Show full text]
  • Mist Teleworker ME
    MIST TELEWORKER GUIDE ​ ​ ​ ​ ​ Experience the corporate network @ home DOCUMENT OWNERS: ​ ​ ​ ​ Robert Young – [email protected] ​ Slava Dementyev – [email protected] ​ Jan Van de Laer – [email protected] ​ 1 Table of Contents Solution Overview 3 How it works 5 Configuration Steps 6 Setup Mist Edge 6 Configure and prepare the SSID 15 Enable Wired client connection via ETH1 / Module port of the AP 16 Enable Split Tunneling for the Corp SSID 17 Create a Site for Remote Office Workers 18 Claim an AP and ship it to Employee’s location 18 Troubleshooting 20 Packet Captures on the Mist Edge 23 2 Solution Overview Mist Teleworker solution leverages Mist Edge for extending a corporate network to remote office workers using an IPSEC secured L2TPv3 tunnel from a remote Mist AP. In addition, MistEdge provides an additional RadSec service to securely proxy authentication requests from remote APs to provide the same user experience as inside the office. WIth Mist Teleworker solution customers can extend their corporate WLAN to employee homes whenever they need to work remotely, providing the same level of security and access to corporate resources, while extending visibility into user network experience and streamlining IT operations even when employees are not in the office. What are the benefits of the Mist Teleworker solution with Mist Edge compared to all the other alternatives? Agility: ● Zero Touch Provisioning - no AP pre-staging required, support for flexible all home coverage with secure Mesh ● Exceptional support with minimal support - leverage Mist SLEs and Marvis Actions Security: ● Traffic Isolation - same level of traffic control as in the office.
    [Show full text]
  • Configuring Secure Shell
    Configuring Secure Shell The Secure Shell (SSH) feature is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures sessions using standard cryptographic mechanisms, and the application can be used similarly to the Berkeley rexec and rsh tools. Two versions of SSH are available: SSH Version 1 and SSH Version 2. • Finding Feature Information, page 1 • Prerequisites for Configuring Secure Shell, page 1 • Restrictions for Configuring Secure Shell, page 2 • Information about SSH, page 2 • How to Configure Secure Shell, page 5 • Configuration Examples for Secure Shell, page 16 • Additional References for Secure Shell, page 18 • Feature Information for SSH, page 18 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required. Prerequisites for Configuring Secure Shell The following are the prerequisites for configuring the switch for secure shell (SSH): • For SSH to work, the switch needs an Rivest, Shamir, and Adleman (RSA) public/private key pair. This is the same with Secure Copy Protocol (SCP), which relies on SSH for its secure transport.
    [Show full text]
  • OSI Data Link Layer
    OSI Data Link Layer Network Fundamentals – Chapter 7 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Explain the role of Data Link layer protocols in data transmission. Describe how the Data Link layer prepares data for transmission on network media. Describe the different types of media access control methods. Identify several common logical network topologies and describe how the logical topology determines the media access control method for that network. Explain the purpose of encapsulating packets into frames to facilitate media access. Describe the Layer 2 frame structure and identify generic fields. Explain the role of key frame header and trailer fields including addressing, QoS, type of protocol and Frame Check Sequence. © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 2 Data Link Layer – Accessing the Media Describe the service the Data Link Layer provides as it prepares communication for transmission on specific media © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 3 Data Link Layer – Accessing the Media Describe why Data Link layer protocols are required to control media access © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 4 Data Link Layer – Accessing the Media Describe the role of framing in preparing a packet for transmission on a given media © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 5 Data Link Layer – Accessing the Media Describe the role the Data Link layer plays in linking the software and hardware layers © 2007 Cisco Systems, Inc. All rights reserved. Cisco Public 6 Data Link Layer – Accessing the Media Identify several sources for the protocols and standards used by the Data Link layer © 2007 Cisco Systems, Inc.
    [Show full text]
  • OSI Model and Network Protocols
    CHAPTER4 FOUR OSI Model and Network Protocols Objectives 1.1 Explain the function of common networking protocols . TCP . FTP . UDP . TCP/IP suite . DHCP . TFTP . DNS . HTTP(S) . ARP . SIP (VoIP) . RTP (VoIP) . SSH . POP3 . NTP . IMAP4 . Telnet . SMTP . SNMP2/3 . ICMP . IGMP . TLS 134 Chapter 4: OSI Model and Network Protocols 4.1 Explain the function of each layer of the OSI model . Layer 1 – physical . Layer 2 – data link . Layer 3 – network . Layer 4 – transport . Layer 5 – session . Layer 6 – presentation . Layer 7 – application What You Need To Know . Identify the seven layers of the OSI model. Identify the function of each layer of the OSI model. Identify the layer at which networking devices function. Identify the function of various networking protocols. Introduction One of the most important networking concepts to understand is the Open Systems Interconnect (OSI) reference model. This conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, describes a network architecture that allows data to be passed between computer systems. This chapter looks at the OSI model and describes how it relates to real-world networking. It also examines how common network devices relate to the OSI model. Even though the OSI model is conceptual, an appreciation of its purpose and function can help you better understand how protocol suites and network architectures work in practical applications. The OSI Seven-Layer Model As shown in Figure 4.1, the OSI reference model is built, bottom to top, in the following order: physical, data link, network, transport, session, presentation, and application.
    [Show full text]
  • Medium Access Control Layer
    Telematics Chapter 5: Medium Access Control Sublayer User Server watching with video Beispielbildvideo clip clips Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller Data Link Layer Data Link Layer Data Link Layer Computer Systems and Telematics (CST) Physical Layer Physical Layer Physical Layer Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Metropolitan Area Networks ● Network Topologies (MAN) ● The Channel Allocation Problem ● Wide Area Networks (WAN) ● Multiple Access Protocols ● Frame Relay (historical) ● Ethernet ● ATM ● IEEE 802.2 – Logical Link Control ● SDH ● Token Bus (historical) ● Network Infrastructure ● Token Ring (historical) ● Virtual LANs ● Fiber Distributed Data Interface ● Structured Cabling Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.2 Design Issues Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.3 Design Issues ● Two kinds of connections in networks ● Point-to-point connections OSI Reference Model ● Broadcast (Multi-access channel, Application Layer Random access channel) Presentation Layer ● In a network with broadcast Session Layer connections ● Who gets the channel? Transport Layer Network Layer ● Protocols used to determine who gets next access to the channel Data Link Layer ● Medium Access Control (MAC) sublayer Physical Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.4 Network Types for the Local Range ● LLC layer: uniform interface and same frame format to upper layers ● MAC layer: defines medium access ..
    [Show full text]
  • The OSI Model: Understanding the Seven Layers of Computer Networks
    Expert Reference Series of White Papers The OSI Model: Understanding the Seven Layers of Computer Networks 1-800-COURSES www.globalknowledge.com The OSI Model: Understanding the Seven Layers of Computer Networks Paul Simoneau, Global Knowledge Course Director, Network+, CCNA, CTP Introduction The Open Systems Interconnection (OSI) model is a reference tool for understanding data communications between any two networked systems. It divides the communications processes into seven layers. Each layer both performs specific functions to support the layers above it and offers services to the layers below it. The three lowest layers focus on passing traffic through the network to an end system. The top four layers come into play in the end system to complete the process. This white paper will provide you with an understanding of each of the seven layers, including their functions and their relationships to each other. This will provide you with an overview of the network process, which can then act as a framework for understanding the details of computer networking. Since the discussion of networking often includes talk of “extra layers”, this paper will address these unofficial layers as well. Finally, this paper will draw comparisons between the theoretical OSI model and the functional TCP/IP model. Although TCP/IP has been used for network communications before the adoption of the OSI model, it supports the same functions and features in a differently layered arrangement. An Overview of the OSI Model Copyright ©2006 Global Knowledge Training LLC. All rights reserved. Page 2 A networking model offers a generic means to separate computer networking functions into multiple layers.
    [Show full text]