October 13, 2013

1.4.7 TCP/IP

TCP/IP

TCP/IP stands for Transmission Control Protocol / Internet Protocol. It is a communication protocol for computers on the Internet (it also operates on intranets and extranets).

TCP/IP is a suite of protocols of which the Transmission Control Protocol and the Internet Protocol are two of the most prominent. Others include: UDP (User Datagram Protocol) – lightweight, “unreliable” communication between applications, ICMP (Internet Control Message Protocol) – for statistics and tracking errors, DHCP (Dynamic Host Configuration Protocol) – for dynamic configuration of devices.

The Internet data communications model is also known as the TCP/IP model.

Like other data communication models, TCP/IP makes it possible for two nodes to exchange information.

TCP

The Transmission Control Protocol works essentially like a two-way virtual pipe. It allows you to both read from and write to the pipe. TCP uses the underlying network infrastructure to connect two end-points (or sockets) together allowing for the reliable exchange of information via the pipe.

TCP is a "reliable" protocol, also known as “connection-oriented”. It is responsible for the delivery of data from source to destination. It detects errors and uses acknowledgements and retransmissions to ensure correct data delivery. Other layers can focus on other things besides reliability, e.g. IP focuses on how to route the packet between nodes.

Here are a list of services that TCP provides:
  • a reliable character stream
  • packages data into segments
  • acknowledges and retransmits to recover lost packets
  • allows multiple connections to a TCP socket
It provides for guaranteed delivery of packets, flow control via ‘window size’ – sequence acknowledgement, avoids data corruption by incorporating checksums, packets re-assembled if the arrive out of order.

Common TCP applications include: HTTP (web), SMTP (email), FTP (file transfer), SSH, IMAP.

IP

Internet Protocol (IP) is a datagram, or connectionless, internetwork service and includes provision for addressing, type-of-service specification, fragmentation and reassembly, and security (via IPSec).

The Internet Protocol's main task is to find the best route over which to send a packet. To that end it adds source and destination addresses to every "datagram", creating an IP packet. It uses protocols such as ARP, RARP, ICMP and RIP to figure out the best route.

Here are a list of features that IP WILL provide:
  • assigning addresses to individual datagrams
  • communicating with nodes and gateways to find the best route
Here are a list of features that IP does NOT provide:
  • a reliable communication facility
  • data delivery or loss acknowledgement
  • error correction or detection for data
  • retransmission of lost datagrams
  • flow control 
So what happens when a datagram is corrupted? Or a network buffer at the destination overflows? With respect to IP, it does not care. The datagram is simply discarded. It is up to the other layers to deal with error correction or retransmission or acknowledgements.

For example, if using TCP at the Transport Layer, it's up to the TCP module at the source to recognize that it didn't receive an acknowledgement for a particular packet or series of packets. If using UDP at the Transport Layer, then we either do not care if a few packets are lost or some other layer, e.g. Application, will be called to resolve the issue.

TCP and IP: Work Better Together

  • TCP takes care of the communication between application software at the source and destination.
  • TCP is responsible for breaking data down into IP packets before they are sent, and for assembling the packets when they arrive back into the original data.
  • TCP checks packets for errors and submits requests for re-transmissions if errors are found.
  • TCP is responsible for verifying the correct delivery of data from source to final destination.
  • IP is responsible for sending the packets to the correct destination.
  • IP takes care of the communication with other computers.
  • IP adds addresses to each packet such that it can be individually routed to the final destination.
  • IP forwards each packet based on a four byte destination (IP) address. IP operates on gateway machines that move data from department to organization to region and then around the world.

References:

1.4.4 SSL

SSL

Secure Sockets Layer (SSL) (and its successor Transport Layer Security), is a cryptographic protocol designed to secure communications over the Internet. They use X.509 digital certificates, asymmetric cryptography and the exchange of a symmetric key to secure the message transmission.

The TLS/SSL protocol is divided into two layers operating at both the Session and Presentation layers of the OSI 7 Layer Model. At the session layer, TLS/SSL uses a handshake protocol to establish a session including cipher settings and a shared key. At the presentation layer, asymmetric and symmetric cryptography is used to create a secure communication session for the rest of the transmission.
“The SSL handshake protocol, allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data.”
OSI Model Equivalence

SSL Architecture

Application Layer
HTTP, POP3 and Other Application Layer Protocols

Presentation Layer SSL Handshake SSL Alert Change Cipher Spec SSL Handshake Layer
Session Layer
Fragmentation
Compression
Authentication
Encryption
SSL Record Layer
Transport Layer
TCP

Network Layer
IP

SSL enables an encrypted channel to be established between a server and a client. Data sent over that channel is secured, allowing the transmission of sensitive data over an unsecured network. A web browser such as Google Chrome and web server or a mail client such as Outlook and a mail server can securely exchange data.

SSL allows a transmission to meet the requirements of confidentiality - ensuring the secrecy of data from unauthorized access (via asymmetric and symmetric encryption), integrity - the assurance that data has not been modified during transmission (via message authentication code) and authentication - the validation of the communication partner (via certificates).

SSL enables users to trust the authenticity of the webserver (website) and the security of the communication channel between your browser and the website.

SSL helps website owners comply with industry and government regulations for data security and privacy such as PCI (Payment Card Industry) and HIPAA. It also provides the website’s users peace of mind that their information is protected as it travels across the Internet between the client and server.

SSL extends the trust mechanisms of the physical world into the digital world. In the physical world, if you wanted to buy a pair of shoes, you would go to a shoe store. Why would you trust that physical store enough to give them your cash, hand them your credit card or trust that if the shoe fell apart on first use you could return it? It might be that the store has a recognizable name, the inventory is displayed in a physical building (not the back of a truck), the store sign is not written with a marker and that the store did not just appear overnight. These are some of the things that would engender trust in the physical world.

SSL through the use of SSL certificates and Certificate Authorities (CA) vouch for the authenticity of a website and through the use of encryption protocols meets the confidentiality, integrity and even non-repudiation needs of a secure transaction in the digital world.

The browser has a visual indicator that a website is secured via TLS/SSL:




Notice the padlock icon and the use of the HTTPS protocol.

By The Way:
  1. Good security is a layered security. SSL is not a panacea for security. It will secure the communication channel between two parties. It will confirm that you are connected to the site you entered into your browser for example. And it will ensure that the message sent between you is not changed. However it cannot stop you from or detect that you are connected to a malevolent website that can then download viruses and other malicious software. A malevolent website would actually prefer to communicate via SSL as its actions would be invisible to normal detection systems.
  2. The most up-to-date version of SSL is 3.0 and it is documented in RFC 6101. Note: this protocol is labeled as “historic”. TLS should be used instead.
  3. The differences between this TSL 1.0 and SSL 3.0 are not dramatic, however they are significant enough that they do not interoperate.
  4. TLS 1.0 incorporates a mechanism by which a TLS implementation can back down to SSL 3.0. TLS 1.0 is sometimes known as SSL 3.1.
  5. The latest version of TLS is TLS 1.2 which is documented in RFC 5246.
  6. TLS/SSL at the session layer of the OSI 7 Layer Model. It can be used to secure any TCP-based application.
  7. SSL was developed by Netscape Corporation and became the de facto standard for securing Internet communication until it was succeeded by TLS (Transport Layer Security).
  8. An advantage of SSL is that it is application protocol independent. Examples of TCP application secured using TLS/SSL include: HTTP, FTP, NNTP, IMAP, POP3.
  9. Sample TCP Applications and Port Numbers:
  10. Application Port Number Application Over TLS/SSL Port Number
    FTP (data) 20 FTPS (data) 989
    FTP (control) 21 FTPS (control) 990
    TELNET 23 TELNET 992
    HTTP 80 HTTPS 443
    POP3 110 POP3S 995
    IRC 194 IRCS 994
    NNTP 119 NNTPS 563
    IMAP 143 IMAPS 993
    LDAP 389 LDAPS 636
    SMTP 25/587* SMTPS 465/587*
    * STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication.
    Port 465 for secure SMTP is now deprecated.
References: