DOCSLIB.ORG

CS 356 Internet Security Protocols

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CS 356 Internet Security Protocols CS 356 Internet Security Protocols Fall 2013 Review • Chapter 1: Basic Concepts and Terminology • Chapter 2: Basic Cryptographic Tools • Chapter 3 – User Authentication • Chapter 4 – Access Control Lists • Chapter 5 – Database Security (skipped) • Chapter 6 – Malicious Software • Networking Basics (not in book) • Chapter 7 – Denial of Service • Chapter 8 – Intrusion Detection • Chapter 9 – Firewalls and Intrusion Prevention • Chapter 10 – Buffer Overflow • Chapter 11 – Software Security • Chapter 12 – OS Security • Chapter 22 – Internet Security Protocols Chapter 22 Internet Security Protocols and Standards But First!!!! Question #1: What was the first “killer app” on a PC? Question #1: What was the first “killer app” on a PC? Answer: VISICALC, the world’s 1 st spreadsheet Question #2: What was the first and is still the biggest Internet “killer app”? Facebook? (850 million users) Twitter? (500 million users) YouTube? BitTorrent? World of Warcraft? Something else? Question #2: What was the first and is still the biggest Internet “killer app”? Answer: EMAIL EMAIL Popularity RFC 821 • Codified by Jon Postel in 1982 • Postel laid out the essential messaging framework for Internet-connected computers (what today we’d call ISPs or service providers) to exchange and forward messages. To be sure, the technology was raw and has been updated many times since (attachments and multi-part messages were standardized in the early 1990s, for instance). Question #3 Who’s that MIME? Question #3 Who’s that MIME? But this isn’t the type of MIME used by EMAIL… MIME and S/MIME MIME S/MIME • extension to the old RFC 822 specification of an • Secure/Multipurpose Internet mail format Internet Mail Extension – RFC 822 defines a simple • security enhancement to heading with To, From, the MIME Internet e-mail Subject format – assumes ASCII text format – based on technology from RSA Data Security – provides a number of new header fields that define – provides the ability to sign and/or encrypt e-mail information about the body messages of the message MIME Content Types S/MIME Content Types Typical S/MIME Process Bob's private Alice's public key One-time key session key DhYz949avHVA t5UpjUXn8L79o ADnluV3vpuhE HMEcMBB1K9 This is an This is an Y8ZoJOYAmF2 S/MIME S/MIME BsIpLbjDkNJQR message from message from j98IklSSmju650 Bob to Alice. Bob to Alice. SoDlFkYYtTqw Bob will sign Bob will sign po9812KKlmHx and encrypt the and encrypt the cFGIU8700qQrR message before message before sdfgIUYTp0m8 sending it to sending it to H7G4FF32jkoN NNmj78uqwplH Plaintext message Digital signature Message with Encrypted copy Document converted (unisigned) added signature encrypted of session key to Radix-64 format (DSS/SHA) with one-time added session key (El Gamal) (Triple DES) Figure 22.1 Typical S/MIME Process S/MIME Cryptographic Algorithms • default algorithms used for signing messages are DSS and SHA-1 • RSA public-key encryption algorithm can be used with SHA-1 or the MD5 message digest algorithm for forming signatures • radix-64 or base64 mapping is used to map the signature and message into printable ASCII characters S/MIME Public Key Certificates • default algorithms used for encrypting S/MIME messages are 3DES and EIGamal – EIGamal is based on the Diffie-Hellman public-key exchange algorithm • if encryption is used alone radix-64 is used to convert the ciphertext to ASCII format • basic tool that permits widespread use of S/MIME is the public-key certificate • S/MIME uses certificates that conform to the international standard X.509v3 S/MIME Functions DomainKeys Identified Mail (DKIM) • specification of cryptographically signing e-mail messages permitting a signing domain to claim responsibility for a message in the mail stream • proposed Internet Standard (RFC 4871: DomainKeys Identified Mail (DKIM) Signatures) • has been widely adopted by a range of e-mail providers Message transfer Message transfer Message transfer agent (MTA) agent (MTA) agent (MTA) SMTP SMTP SMTP (SMTP, local) Mail submission Mail delivery agent (MSA) Message handling agent (MDA) system (MHS) (SMTP, SMTP local) Internet Message user Message Message store Mail agent (MUA) author (MS) Architecture (IMAP, POP, local) Message Message user recipient agent (MUA) Figure 22.2 Function Modules and Standardized Protocols Used Between Them SMTP MTA MTA SMTP SMTP DNS Public key query/response Signer Verifier DNS MSA MDA POP, IMAP Example of SMTP DKIM MUA Deployment MUA Mail origination Mail delivery network network DNS = domain name system MDA = mail delivery agent MSA = mail submission agent MTA = message transfer agent MUA = message user agent Figure 22.3 Simple Example of DKIM Deployment Today’s ACTING lesson I need 3 volunteers, preferably someone who can act… You receive this EMAIL It takes you to this web site Or maybe this web site Unknown Web site Certificate Accept Anyway? yes no Secure Sockets Layer (SSL) • one of the most widely used security services • general-purpose service implemented as a set of protocols that rely on TCP • subsequently became Internet standard RFC2246: Transport Layer Security (TLS) SSL Protocol Stack SSL SSL Change Handshake Cipher Spec SSL Alert HTTP Protocol Protocol Protocol SSL Record Protocol TCP IP Figure 22.4 SSL Protocol Stack SSL Record Protocol Operation Application Data Fragment Compress Add MAC Encrypt Append SSL Record Header Figure 22.5 SSL Record Protocol Operation SSL Change Cipher Spec Protocol • one of three SSL specific protocols that use the SSL Record Protocol • is the simplest • consists of a single message which consists of a single byte with the value 1 • sole purpose of this message is to cause pending state to be copied into the current state • hence updating the cipher suite in use SSL Alert Protocol SSL Handshake Protocol • most complex part of SSL • is used before any application data are transmitted • allows server and client to: • comprises a series of messages exchanged by client and server • exchange has four phases Client Server clie nt_h ello Phase 1 Establish security capabilities, including server_hello protocol version, session ID, cipher suite, compression method, and initial random numbers. certificate server_key_exchange Phase 2 r uest SSL certificate_ eq Server may send certificate, key exchange, and request certificate. Server signals end server_hello_done of hello message phase. Time Handshake ce rtifi cate clien t_ke y_ex cha Phase 3 nge Protocol cert Client sends certificate if requested. Client ifica te_ sends key exchange. Client may send veri fy certificate verification. cha nge _cip her_ spec fini shed Phase 4 change_cipher_spec Change cipher suite and finish handshake protocol. finished Note: Shaded transfers are Figure 22.6 Handshake Protocol Action optional or situation-dependent messages that are not always sent. HTTPS (HTTP over SSL) • combination of HTTP and SSL to implement secure communication between a Web browser and a Web server • built into all modern Web browsers – search engines do not support HTTPS – URL addresses begin with https:// – documented in RFC 2818, HTTP Over TLS – agent acting as the HTTP client also acts as the TLS client – closure of an HTTPS connection requires that TLS close the connection with the peer TLS entity on the remote side, which will involve closing the underlying TCP connection Virtual Private Networks (VPN) A secure tunnel through the internet Before VPNs • Corporations used LEASED LINES to create a WAN among their various geographic sites VPN From Wikipedia IP Security (IPsec) • various application security mechanisms – S/MIME, PGP, Kerberos, SSL/HTTPS • security concerns cross protocol layers • would like security implemented by the network for all applications • authentication and encryption security features included in next-generation IPv6 • also usable in existing IPv4 IPsec • general IP •Provides: security mechanism s • provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet IPsec Uses Benefits of IPsec • when implemented in a firewall or router, it provides strong security to all traffic crossing the perimeter • in a firewall it is resistant to bypass • below transport layer, hence transparent to applications • can be transparent to end users • can provide security for individual users • secures routing architecture The Scope of IPsec Security Associations • a one-way relationship between sender and receiver that affords security for traffic flow – if a peer relationship is needed for two-way secure exchange then two security associations are required • is uniquely identified by the Destination Address in the IPv4 or IPv6 header and the SPI in the enclosed extension header (AH or ESP) Encapsulating Security Payload (ESP) Bit: 0 1624 31 Security Parameters Index (SPI) Sequence Number Payload Data (variable) Authentication Coverage Padding (0 - 255 bytes) ConfidentialityCoverage Pad Length Next Header Authentication Data (variable) Figure 22.7 IPSec ESP Format Transport and Tunnel Modes • transport mode protection • tunnel mode provides protection extends to the payload of an IP to the entire IP packet packet • the entire original packet travels • typically used for end-to-end through a tunnel from one point communication between two of an IP network to another hosts • used when one or both ends of a • ESP in transport mode encrypts security association are a and optionally authenticates the security gateway such as a IP payload but not the IP header firewall or router that implements IPsec • with tunnel mode a number of hosts on networks behind firewalls may engage in secure communications without implementing IPsec Summary • secure E-Mail and S/MIME • HTTPS • DomainKeys Identified Mail – connection initiation – Internet mail architecture – connection closure – DKIM strategy • Virtual Private Networks • Secure Sockets Layer (VPN) (SSL) and Transport Layer • IPv4 and IPv6 security Security (TLS) – IP security overview – SSL architecture – scope of IPsec – SSL record protocol – security associations – change cipher spec – encapsulating security protocol payload – alert protocol – transport and tunnel modes – handshake protocol.
Load more

Recommended publications
  • The Transport Layer: Tutorial and Survey SAMI IREN and PAUL D
    The Transport Layer: Tutorial and Survey SAMI IREN and PAUL D. AMER University of Delaware AND PHILLIP T. CONRAD Temple University Transport layer protocols provide for end-to-end communication between two or more hosts. This paper presents a tutorial on transport layer concepts and terminology, and a survey of transport layer services and protocols. The transport layer protocol TCP is used as a reference point, and compared and contrasted with nineteen other protocols designed over the past two decades. The service and protocol features of twelve of the most important protocols are summarized in both text and tables. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General—Data communications; Open System Interconnection Reference Model (OSI); C.2.1 [Computer-Communication Networks]: Network Architecture and Design—Network communications; Packet-switching networks; Store and forward networks; C.2.2 [Computer-Communication Networks]: Network Protocols; Protocol architecture (OSI model); C.2.5 [Computer- Communication Networks]: Local and Wide-Area Networks General Terms: Networks Additional Key Words and Phrases: Congestion control, flow control, transport protocol, transport service, TCP/IP 1. INTRODUCTION work of routers, bridges, and communi- cation links that moves information be- In the OSI 7-layer Reference Model, the tween hosts. A good transport layer transport layer is the lowest layer that service (or simply, transport service) al- operates on an end-to-end basis be- lows applications to use a standard set tween two or more communicating of primitives and run on a variety of hosts. This layer lies at the boundary networks without worrying about differ- between these hosts and an internet- ent network interfaces and reliabilities.
    [Show full text]
  • Solutions to Chapter 2
    CS413 Computer Networks ASN 4 Solutions Solutions to Assignment #4 3. What difference does it make to the network layer if the underlying data link layer provides a connection-oriented service versus a connectionless service? [4 marks] Solution: If the data link layer provides a connection-oriented service to the network layer, then the network layer must precede all transfer of information with a connection setup procedure (2). If the connection-oriented service includes assurances that frames of information are transferred correctly and in sequence by the data link layer, the network layer can then assume that the packets it sends to its neighbor traverse an error-free pipe. On the other hand, if the data link layer is connectionless, then each frame is sent independently through the data link, probably in unconfirmed manner (without acknowledgments or retransmissions). In this case the network layer cannot make assumptions about the sequencing or correctness of the packets it exchanges with its neighbors (2). The Ethernet local area network provides an example of connectionless transfer of data link frames. The transfer of frames using "Type 2" service in Logical Link Control (discussed in Chapter 6) provides a connection-oriented data link control example. 4. Suppose transmission channels become virtually error-free. Is the data link layer still needed? [2 marks – 1 for the answer and 1 for explanation] Solution: The data link layer is still needed(1) for framing the data and for flow control over the transmission channel. In a multiple access medium such as a LAN, the data link layer is required to coordinate access to the shared medium among the multiple users (1).
    [Show full text]
  • Is QUIC a Better Choice Than TCP in the 5G Core Network Service Based Architecture?
    DEGREE PROJECT IN INFORMATION AND COMMUNICATION TECHNOLOGY, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2020 Is QUIC a Better Choice than TCP in the 5G Core Network Service Based Architecture? PETHRUS GÄRDBORN KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE Is QUIC a Better Choice than TCP in the 5G Core Network Service Based Architecture? PETHRUS GÄRDBORN Master in Communication Systems Date: November 22, 2020 Supervisor at KTH: Marco Chiesa Supervisor at Ericsson: Zaheduzzaman Sarker Examiner: Peter Sjödin School of Electrical Engineering and Computer Science Host company: Ericsson AB Swedish title: Är QUIC ett bättre val än TCP i 5G Core Network Service Based Architecture? iii Abstract The development of the 5G Cellular Network required a new 5G Core Network and has put higher requirements on its protocol stack. For decades, TCP has been the transport protocol of choice on the Internet. In recent years, major Internet players such as Google, Facebook and CloudFlare have opted to use the new QUIC transport protocol. The design assumptions of the Internet (best-effort delivery) differs from those of the Core Network. The aim of this study is to investigate whether QUIC’s benefits on the Internet will translate to the 5G Core Network Service Based Architecture. A testbed was set up to emulate traffic patterns between Network Functions. The results show that QUIC reduces average request latency to half of that of TCP, for a majority of cases, and doubles the throughput even under optimal network conditions with no packet loss and low (20 ms) RTT. Additionally, by measuring request start and end times “on the wire”, without taking into account QUIC’s shorter connection establishment, we believe the results indicate QUIC’s suitability also under the long-lived (standing) connection model.
    [Show full text]
  • Medium Access Control Layer
    Telematics Chapter 5: Medium Access Control Sublayer User Server watching with video Beispielbildvideo clip clips Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller Data Link Layer Data Link Layer Data Link Layer Computer Systems and Telematics (CST) Physical Layer Physical Layer Physical Layer Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Metropolitan Area Networks ● Network Topologies (MAN) ● The Channel Allocation Problem ● Wide Area Networks (WAN) ● Multiple Access Protocols ● Frame Relay (historical) ● Ethernet ● ATM ● IEEE 802.2 – Logical Link Control ● SDH ● Token Bus (historical) ● Network Infrastructure ● Token Ring (historical) ● Virtual LANs ● Fiber Distributed Data Interface ● Structured Cabling Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.2 Design Issues Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.3 Design Issues ● Two kinds of connections in networks ● Point-to-point connections OSI Reference Model ● Broadcast (Multi-access channel, Application Layer Random access channel) Presentation Layer ● In a network with broadcast Session Layer connections ● Who gets the channel? Transport Layer Network Layer ● Protocols used to determine who gets next access to the channel Data Link Layer ● Medium Access Control (MAC) sublayer Physical Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.4 Network Types for the Local Range ● LLC layer: uniform interface and same frame format to upper layers ● MAC layer: defines medium access ..
    [Show full text]
  • Chapter 3 Transport Layer
    Chapter 3 Transport Layer A note on the use of these Powerpoint slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: Computer § If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!) Networking: A Top § If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this Down Approach material. 7th edition Thanks and enjoy! JFK/KWR Jim Kurose, Keith Ross All material copyright 1996-2016 Pearson/Addison Wesley J.F Kurose and K.W. Ross, All Rights Reserved April 2016 Transport Layer 2-1 Chapter 3: Transport Layer our goals: § understand principles § learn about Internet behind transport transport layer protocols: layer services: • UDP: connectionless • multiplexing, transport demultiplexing • TCP: connection-oriented • reliable data transfer reliable transport • flow control • TCP congestion control • congestion control Transport Layer 3-2 Chapter 3 outline 3.1 transport-layer 3.5 connection-oriented services transport: TCP 3.2 multiplexing and • segment structure demultiplexing • reliable data transfer 3.3 connectionless • flow control transport: UDP • connection management 3.4 principles of reliable 3.6 principles
    [Show full text]
  • Guidelines for the Secure Deployment of Ipv6
    Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
    [Show full text]
  • QUIC Record Layer
    A Security Model and Fully Verified Implementation for the IETF QUIC Record Layer Antoine Delignat-Lavaud∗, Cédric Fournet∗, Bryan Parnoy, Jonathan Protzenko∗, Tahina Ramananandro∗, Jay Bosamiyay, Joseph Lallemandz, Itsaka Rakotonirinaz, Yi Zhouy ∗Microsoft Research yCarnegie Mellon University zINRIA Nancy Grand-Est, LORIA Abstract—Drawing on earlier protocol-verification work, we investigate the security of the QUIC record layer, as standardized Application Application by the IETF in draft version 30. This version features major HTTP/2 HTTP/3 differences compared to Google’s original protocol and early IETF drafts. It serves as a useful test case for our verification TLS QUIC methodology and toolchain, while also, hopefully, drawing atten- tion to a little studied yet crucially important emerging standard. TCP UDP We model QUIC packet and header encryption, which uses IP IP a custom construction for privacy. To capture its goals, we propose a security definition for authenticated encryption with Fig. 1: Modularity of current networking stack vs. QUIC semi-implicit nonces. We show that QUIC uses an instance of a generic construction parameterized by a standard AEAD-secure scheme and a PRF-secure cipher. We formalize and verify the it is possible to combine both features in a single message, security of this construction in F?. The proof uncovers interesting saving a full network round-trip. limitations of nonce confidentiality, due to the malleability of short From a security standpoint, a fully-integrated secure trans- headers and the ability to choose the number of least significant port protocol offers the potential for a single, clean security bits included in the packet counter.
    [Show full text]
  • Congestion Control Tuning of the QUIC Transport Layer Protocol Spring 2018
    Congestion Control Tuning of the QUIC Transport Layer Protocol Spring 2018 Wendi Qu Director: Llorenç Cerdà-Alabern Departament d'Arquitectura de Computadors Degree: Bachelor Specialization: Information Technologies Facultat d’Informatica de Barcelona (FIB) Universitat Politecnica de Catalunya (UPC) - BarcelonaTech April 2018 UNIVERSITAT POLITÈCNICA DE CATALUNYA (UPC) Abstract The QUIC protocol is a new type of reliable transmission protocol based on UDP. Its establishment is mainly to solve the problem of network delay. It is efficient, fast, and takes up less resources. The QUIC gathers the advantages of both TCP and UDP. The first part of this thesis studies the development background of the QUIC protocol in terms of characteristics and perspectives of what they can do and how they work. Because it adds the congestion control algorithm used by TCP based on the UDP protocol, we have conducted further research and analysis of the Cubic algorithm to investigate the impact of its parameters on the behavior. The second part includes performance and fairness tests for QUIC and TCP implementations. The simulation framework Mininet is used to perform these tests using controlled network properties. In this process we verified the reliability of the mininet. This work shows how Mininet builds a test system to analyze the implementation of the transport protocol. QUIC's tests show that the performance of QUIC has improved, and the test of fairness have identified specific areas that may require further analysis. In the third part, we test the influence of the parameter on the behavior of the algorithm in the congestion control algorithm. We present an initial experimental evaluation of the newly proposed Cubic-TCP algorithm.
    [Show full text]
  • Computer Network Transport Layer.Pdf
    The Transport Layer Chapter 6 Transport Layer • It is the heart of the whole protocol hierarchy. • Its task is to provide reliable, cost-effective data transport from the source machine to the destination machine, independently of the physical network or networks currently in use. • It provides service to the application layer. • Transport layer makes use of the services provided by the network layer. • The hardware and/or software within the transport layer that does the work is called the transport entity. • It provides both connectionless and connection oriented service. • Connections have three phases: establishment, data transfer, and release. Services Provided to the Upper Layers The relationship of network, transport, and application layers Transport Service Primitives The primitives for a simple transport service Transport Service Primitives • To see how these primitives might be used, consider an application with a server and a number of remote clients. To start with, the server executes a LISTEN primitive, typically by calling a library procedure that makes a system call to block the server until a client turns up. When a client wants to talk to the server, it executes a CONNECT primitive. The transport entity carries out this primitive by blocking the caller and sending a packet to the server. Encapsulated in the payload of this packet is a transport layer message for the server's transport entity. Transport Service Primitives Nesting of TPDUs, packets, and frames. Elements of Transport Protocols • Addressing • Connection establishment • Connection release • Error control and flow control • Multiplexing • Crash recovery Addressing How a user process in host 1 establishes a connection with a mail server in host 2 via a process server.
    [Show full text]
  • Medium Access Control Sublayer
    Telematics Chapter 5: Medium Access Control Sublayer User Server watching with video Beispielbildvideo clip clips Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Prof. Dr. Mesut Güneş Data Link Layer Data Link Layer Data Link Layer Computer Systems and Telematics (CST) Physical Layer Physical Layer Physical Layer Distributed, embedded Systems Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Metropolitan Area Networks ● Network Topologies (()MAN) ● The Channel Allocation Problem ● Wide Area Networks (WAN) ● Multiple Access Protocols ● Frame Relay ● Ethernet ● ATM ● IEEE 802.2 – Logical Link Control ● SDH ● Token Bus ● Network Infrastructure ● Token Ring ● Virtual LANs ● Fiber Distributed Data Interface ● Structured Cabling Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.2 Design Issues Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.3 Design Issues ● Two kinds of connections in networks ● Point-to-point connections OSI Reference Model ● Broadcast (Multi-access channel, Application Layer Random access channel) Presentation Layer ● In a network with broadcast Session Layer connections ● Who gets the channel? Transport Layer Network Layer ● PtProtoco ls use dtdtd to determ ine w ho gets next access to the channel Data Link Layer ● Medium Access Control (()MAC) sublay er Phy sical Laye r Prof. Dr. Mesut Güneş ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.4 Network Types for the Local Rang e ● LLC layer: uniform interface and same frame format to upper layers ● MAC layer: defines medium access - LLC IEEE 802.2 Logical Link Control ..
    [Show full text]
  • TS 102 636-3 V1.1.1 (2010-03) Technical Specification
    ETSI TS 102 636-3 V1.1.1 (2010-03) Technical Specification Intelligent Transport Systems (ITS); Vehicular Communications; GeoNetworking; Part 3: Network architecture 2 ETSI TS 102 636-3 V1.1.1 (2010-03) Reference DTS/ITS-0030004 Keywords addressing, ITS, network, point-to-multipoint, point-to-point, protocol ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media.
    [Show full text]
  • The Network Layer
    TheThe NetworkNetwork LayerLayer • Concerned with getting packets from the source all the way to the destination: Routing through the subnet, load balancing, congestion control. • Protocol Data Unit (PDU) for network layer protocols = packet • Types of network services to the transport layer: – Connectionless: Each packet carries full destination address. – Connection-oriented: • Connection is set up between network layer processes on the sending and receiving sides. • The connection is given a special identifier until all data has been sent. • Internal organization of the network layer (in the subnet): – Datagram: Packets are sent and routed independently with each carrying the full destination address (TCP/IP) – Virtual circuit: A virtual circuit is set up to the destination using a circuit number stored in tables in routers along the way. Packets only carry the virtual circuit number. All packets follow the same route (ATM). EECC694 - Shaaban #1 Final Review Spring2000 5-11-2000 RoutingRouting AlgorithmsAlgorithms To decide which output line an incoming packet should be transmitted on. • Static Routing (Nonadaptive algorithms): – Shortest path routing: • Build a graph of the subnet with each node representing a router and each arc representing a communication link. • The weight on the arcs represents: a function of distance, bandwidth, communication costs mean queue length and other performance factors. • Several algorithms exist including Dijkstra’s shortest path algorithm. – Selective flooding: Send the packet on all output lines going in the right direction to the destination. – Flow-based routing: Based on known capacity and link loads. EECC694 - Shaaban #2 Final Review Spring2000 5-11-2000 StaticStatic Routing:Routing: ShortestShortest PathPath RoutingRouting • First five steps of an example using Dijktra’s algorithm EECC694 - Shaaban #3 Final Review Spring2000 5-11-2000 StaticStatic Routing:Routing: Flow-BasedFlow-Based RoutingRouting • A routing matrix is constructed; used when the mean data flow in network links is known and stable.
    [Show full text]