comp2221 networks in organisations richard henson february 2014
TRANSCRIPT
COMP2221COMP2221
Networks in OrganisationsNetworks in Organisations
Richard HensonRichard Henson
February 2014February 2014
Session 3:Session 3: Communications ProtocolsCommunications Protocols
• By the end of this session, you should be able By the end of this session, you should be able to:to:describe the various cabled topologies for digital dataexplain the communications issues that need resolving
when data could be sent through multiple pathsexplain how/why protocols should be designed and
built according to proven engineering principles and the catastrophic effect of not doing so
name the popular communications protocols in use today
Getting the message Getting the message across…across…
• Humans:Humans: waving flagswaving flags smoke & fire signalssmoke & fire signals more recently: morse codemore recently: morse code
• Each has a set of rules… a protocolEach has a set of rules… a protocol
CommunicatCommunication between ion between Digital DevicesDigital Devices
• Protocol for point-point digital Protocol for point-point digital communication covered separatelycommunication covered separatelylinklink
• If a network is involvedIf a network is involvedthe protocol becomes much more the protocol becomes much more
complicatedcomplicatedNEEDS TO BE TRUSTWORTHY!!!NEEDS TO BE TRUSTWORTHY!!!
5
2012-12-07]
TSK-100-2 Concepts of Trustworthy Concepts of Trustworthy
Software Software
© Copyright TSI 2003-2012
Generic BSc CoursewareGeneric BSc Courseware
DRAFT v0.BDRAFT v0.B
•A new government-sponsored body with A new government-sponsored body with responsibility for coordinating principles for responsibility for coordinating principles for developing trustworthy softwaredeveloping trustworthy software
•The UK’s leading professional bodies for ICT The UK’s leading professional bodies for ICT are supporting the provision of course are supporting the provision of course material for all relevant UK University Coursesmaterial for all relevant UK University Courses
• British Computer Society (BCS)British Computer Society (BCS)• Institute of Engineering & Technology (IET)Institute of Engineering & Technology (IET)• Royal Academy of Engineering (RAEng)Royal Academy of Engineering (RAEng)• Engineering Council (EC)Engineering Council (EC)
[TSI/2012/183]© Copyright 2003-2012
6
Trusted Software Initiative Trusted Software Initiative T$I)T$I)
Why Trustworthy Why Trustworthy Software?Software?
• The growth and prosperity of economies around The growth and prosperity of economies around the world are driven by ICT…the world are driven by ICT… organisations and individuals need to have trust in the organisations and individuals need to have trust in the
systems they use and the software that runs on them to systems they use and the software that runs on them to benefit from the all that ICT and the Internet have to offerbenefit from the all that ICT and the Internet have to offer
• Undesirable consequences of current - Undesirable consequences of current - untrustworthy - software has major impact on untrustworthy - software has major impact on organisations, and countries, from political, organisations, and countries, from political, economic, financial and security perspectiveseconomic, financial and security perspectives
• Yet – until now – little consensus on what Yet – until now – little consensus on what constitutes trustworthy software, and how to constitutes trustworthy software, and how to achieve it!achieve it!
TSI & TSFTSI & TSF• Minister for the Cabinet Office Francis Maude, Minister for the Cabinet Office Francis Maude,
“Future Plans for UK’s Cyber Security Strategy”:“Future Plans for UK’s Cyber Security Strategy”:
““We support and fund the We support and fund the Trustworthy Software Trustworthy Software Initiative (TSI)Initiative (TSI), which aims to improve cyber , which aims to improve cyber security by making software more secure, dependable security by making software more secure, dependable and reliable, and to educate on why trustworthy and reliable, and to educate on why trustworthy software is important”software is important”
• Trustworthy Software Framework (TSF) provides Trustworthy Software Framework (TSF) provides means for anyone to quickly find the means for anyone to quickly find the information and advice they need to build, information and advice they need to build, procure or work with trustworthy softwareprocure or work with trustworthy software
Protocol for sending data Protocol for sending data across a Networkacross a Network
• Needs point-point transmission protocolNeeds point-point transmission protocol
• TTwo further issues wo further issues immediately arise when immediately arise when there are two or more possible receivers for there are two or more possible receivers for the data:the data: 1. identifying the receiver1. identifying the receiver 2. navigating a route between sender and receiver2. navigating a route between sender and receiver
• Software duly developed and very thoroughly Software duly developed and very thoroughly tested… tested…
Supply
Chain
Wetware
Types of Software Types of Software currently being usedcurrently being used
[TSI/2013/306 | Draft 0.B | 2014-02-10]
SoftwareHardware
e.g. VDHL
Software Supply Chain Software Supply Chain (reuse of code…?)(reuse of code…?)
TSILogo
[TSI/2013/306 | Draft 0.B | 2014-02-10]
e.g. ECU e.g. RefinerySensor
e.g. SMSC e.g. DBMS e.g. WebApp
Prerequisites Prerequisites for Trustworthinessfor Trustworthiness
TSILogo
TrustworthyPractitioners
TrustworthyOrganisations
TrustworthyComponents
TrustworthySoftware
[TSI/2013/306 | Draft 0.B | 2014-02-10]
““Appropriate Conduct” Appropriate Conduct” (for developers?)(for developers?)
•Nothing new…Nothing new…
• Babylonian Code Babylonian Code of Hammurabi (~1780BCE)of Hammurabi (~1780BCE) earliest known example of code of conduct for earliest known example of code of conduct for
craftsmen, engineers and builderscraftsmen, engineers and builders
• Hippocrates lays out the Hippocrates lays out the OathOath (late 5 (late 5thth Century BCE)Century BCE) a moral framework for the conduct of doctors and a moral framework for the conduct of doctors and
other healthcare professionalsother healthcare professionals
[TSI/2012/183]© Copyright 2003-2012
13
Do People Learn?Do People Learn?
•Old knowledge, New context… Old knowledge, New context… apparently they don’t!apparently they don’t!
•e.g. Tay Railway Bridge (1880s)…e.g. Tay Railway Bridge (1880s)…The Court of Inquiry report concluded The Court of Inquiry report concluded
that, that,
"The fall of the bridge was occasioned by "The fall of the bridge was occasioned by the insufficiency of the cross bracing the insufficiency of the cross bracing and its fastenings to sustain the force and its fastenings to sustain the force of the gale.” of the gale.” http://taybridgedisaster.co.uk
Prerequisites Prerequisites for Trustworthinessfor Trustworthiness
TSILogo
TrustworthyPractitioners
TrustworthyOrganisations
TrustworthyComponents
TrustworthySoftware
[TSI/2013/306 | Draft 0.B | 2014-02-10]
ContextContextTrustworthinessTrustworthiness
TSILogo
Trustworthiness
Safety
The ability of the system to
operate without harmful states
Reliability
The ability of the system to deliver
services as specified
Availability
The ability of the system to deliver
services when requested
Resilience
The ability of the system to transform, renew, and
recover in timely response to
events
Security
The ability of the system to remain protected against
accidental or deliberate
attacks
[TSI/2013/306 | Draft 0.B | 2014-02-10]
Engineering PrinciplesEngineering Principles
•Royal Academy of Engineering & Engineering Royal Academy of Engineering & Engineering
Council: Council: Statement of Ethical PrinciplesStatement of Ethical Principles
• Includes: Includes: acting in a acting in a reliablereliable and and trustworthytrustworthy manner manner Giving due weight to all relevant facts and Giving due weight to all relevant facts and
published guidance, and the wider public interestpublished guidance, and the wider public interest Identifying, evaluating, and quantifying Identifying, evaluating, and quantifying risksrisks Being alert to ways in which work might affect Being alert to ways in which work might affect
others, holding health and others, holding health and safetysafety paramount paramount
[TSI/2012/183]© Copyright 2003-2012
17
Software & EngineeringSoftware & Engineering
•Creativity v PracticalityCreativity v Practicality
•Bridges & software… look good? Bridges & software… look good? also need to be trustworthy:also need to be trustworthy: safesafe reliablereliable availableavailable resilientresilient secure…secure…
Software problems: Software problems: Incident Impact (1)Incident Impact (1)
•High cost to economy…High cost to economy…
US Government National Institute of Standards & Technology (NIST) ~$60 US Government National Institute of Standards & Technology (NIST) ~$60 billion/year billion/year to US alone to US alone
[TSI/2012/183]© Copyright 2003-2012
19
Software: Incident Impact Software: Incident Impact (2)(2)
•Software a major source of IT project Software a major source of IT project failure:failure: University of Oxford Saïd Business School / University of Oxford Saïd Business School /
McKinsey 2011McKinsey 2011 ESSU (European Services Strategy Unit) 2007ESSU (European Services Strategy Unit) 2007 Tata Consultancy 2007 Tata Consultancy 2007 Standish Chaos Reports 2004 onwardsStandish Chaos Reports 2004 onwards Rand 2004Rand 2004
•Software bugs “source of 90% of ICT Software bugs “source of 90% of ICT Incidents”Incidents” (GovCERT-UK, 2012-09)(GovCERT-UK, 2012-09)
ICT & AdversityICT & Adversity
Source: UK TSI / US DOD (2012)
Few practitioners treat Adversity holistically
Information Security community model has problems handling Known, Unknown and Unknowable (KuU) factors, and often ignores Hazards
System Reliability / Safety community model usually ignores Threat
[TSI/2012/183]© Copyright 2003-2012
21
Software Fault Case Study Software Fault Case Study (1)(1)
• Availability…Availability…
[TSI/2012/183]© Copyright 2003-2012
22
NatWest bank systems failure,
2012
Software Fault Case Study Software Fault Case Study (2)(2)
• Safety…Safety…
[TSI/2012/183]© Copyright 2003-2012
23
National Cancer
Institute, Panama City
(2000)
Software Fault Case Study Software Fault Case Study (3)(3)
• Security... (hacked!)Security... (hacked!)
[TSI/2012/183]© Copyright 2003-2012
24
North East US power blackout
(2003)
Routing protocols Routing protocols (also see (also see previous lecture))•Two routing methods…Two routing methods…
connection-oriented (circuit switching)connection-oriented (circuit switching)• all data goes the same wayall data goes the same way
connectionless (packet switching)connectionless (packet switching)• data chopped up into “packets”data chopped up into “packets”• each packet finds its own way…each packet finds its own way…• routers provide direction signs…routers provide direction signs…
Analogy: Analogy: Circuit Switching andCircuit Switching and Packet SwitchingPacket Switching
• Group of students need to get from Group of students need to get from City Campus to Riverside for a City Campus to Riverside for a lecture…lecture…circuit switching: all go together on the buscircuit switching: all go together on the bus
• everyone goes the same way…everyone goes the same way…packet switching: just agree to meet at the packet switching: just agree to meet at the
destination addressdestination address• everyone goes their own sweet way…everyone goes their own sweet way…
Why Circuit Switching?Why Circuit Switching?
• UseUsed for very many years by analogue d for very many years by analogue telephone networks (CCITT standard!):telephone networks (CCITT standard!): system of relays and wiressystem of relays and wires when the required number is dialed, a series of when the required number is dialed, a series of
electrical switches are openedelectrical switches are opened result…result… direct communication channel between direct communication channel between
sender and receiver sender and receiver
• As with point-point, cAs with point-point, communication ommunication channel channel created by the sendercreated by the sender
Circuit-Switching Circuit-Switching & computer networks& computer networks
• Protocol (on sender)…Protocol (on sender)…1.1. Data input: Data input:
a)a) name/address of receivername/address of receiverb)b) map of the networkmap of the network
2.2. networking software on sender navigates a route networking software on sender navigates a route through the network through the network with the aid of a routing with the aid of a routing algorithm (algorithm (e.g. e.g. DijkstraDijkstra’s Routing Algorithm’s Routing Algorithm))
Circuit-Switching Circuit-Switching & computer networks& computer networks
• Continued…Continued…4.4. further software tests the route to receiver for further software tests the route to receiver for
carrying datacarrying data5.5. network “channel” openednetwork “channel” opened6.6. data all transmitted along same route, using data all transmitted along same route, using
point-point protocolpoint-point protocol7.7. channel closes!channel closes!
Packet SwitchingPacket Switching• Devised byDevised by British and French research British and French research
scientists scientists in the in the early days of computer early days of computer networkingnetworking each packet also contained each packet also contained a header, with “source” a header, with “source”
and “destination” and “destination” addressaddresses and TTL informationes and TTL information
• First practical use of packet-switching to route First practical use of packet-switching to route data data around tharound the ARPAe ARPAnet, net, back back in in Dec Dec 19691969...... by 1980s, managed reliably by TCP/IP protocolby 1980s, managed reliably by TCP/IP protocol
Packet v Circuit switchingPacket v Circuit switching
• No need forNo need for relay relaying devices!ing devices!probably be too slow, in any caseprobably be too slow, in any case
• Each node “intelligent”Each node “intelligent”can participate dynamically in the routingcan participate dynamically in the routing
• All nodes… (not just sender)All nodes… (not just sender)need to access an up-to-date record of need to access an up-to-date record of
network addresses for routing purposesnetwork addresses for routing purposes
• Adv: Adv: Much greater max. network trafficMuch greater max. network traffic
Problem with Small PacketsProblem with Small Packets• Original TCP/IP:Original TCP/IP:
IP packet was 53 bytes (48 data + 5 header)IP packet was 53 bytes (48 data + 5 header)
• For sending longer messages, For sending longer messages, this becomes this becomes inefficientinefficient header information makes up a significant portion header information makes up a significant portion
of the data sentof the data sent
• Possible solution:Possible solution: sstringtring several packets together several packets together (multiplexing) (multiplexing) take them apart again at the receiving endtake them apart again at the receiving end
(demultiplexing)(demultiplexing)
• Perfected TCP/IP typically uses 768 bytesPerfected TCP/IP typically uses 768 bytes
What is a “Packet”?What is a “Packet”?
• Each header contains:Each header contains: destination IP addressdestination IP address (so it can be routed to the (so it can be routed to the
right noderight node source IP address source IP address (in case it gets lost, and so (in case it gets lost, and so
that the receiver knows where it came from)that the receiver knows where it came from) message “chunk” number, so packets that are part message “chunk” number, so packets that are part
of a message can be reassembled into the correct of a message can be reassembled into the correct order as they arrive at the receiverorder as they arrive at the receiver
A TTL (Time To Live, e.g. 5 days)A TTL (Time To Live, e.g. 5 days)
• Payload contains… dataPayload contains… data
Mechanism ofMechanism ofPacket switchingPacket switching
• Packets go to an adjacent nodePackets go to an adjacent nodereceiver node uses packet header receiver node uses packet header
information to route to next node (closer to information to route to next node (closer to destination node)destination node)
if if the intended receiver becomes inactivethe intended receiver becomes inactive “en route”“en route”……
Then Then source address used to “return to source address used to “return to sender”sender”• c.f. letter that has been incorrectly addressedc.f. letter that has been incorrectly addressed
Mechanism ofMechanism ofPacket switchingPacket switching
• Eventually (less than a second, or up to Eventually (less than a second, or up to several days…) the packets should all arrive several days…) the packets should all arrive at the destination nodeat the destination node
• Problem – packets may well be navigated Problem – packets may well be navigated along different routes, and the order of along different routes, and the order of delivery may be quite different from the order delivery may be quite different from the order of sending…of sending… packet numbering, found in “header data”packet numbering, found in “header data” software to re-organise packets into the correct software to re-organise packets into the correct
orderorder
Resolving Issues with Resolving Issues with Connectionless Communication Connectionless Communication
(1)(1)
• No prior “hand shaking”… (unlike No prior “hand shaking”… (unlike connection-orientated communication)connection-orientated communication)so receiver doesn’t necessarily expect the so receiver doesn’t necessarily expect the
packetpacketneeds to include a mechanism for needs to include a mechanism for
acknowledging safe receipt of each packetacknowledging safe receipt of each packet
Resolving Issues with Resolving Issues with Connectionless Communication Connectionless Communication
(2) (2)• If If the packet doesn’t find its destination, it If If the packet doesn’t find its destination, it
could wander around for a long time…could wander around for a long time…
• Sender will not know if that packet is “lost”Sender will not know if that packet is “lost”
• The packet is taking up valuable bandwidth The packet is taking up valuable bandwidth on the networkon the network
• So each packet has a TTL (time to live)So each packet has a TTL (time to live)
• After this time has elapsed, no further routing After this time has elapsed, no further routing will take place and the receiving node will will take place and the receiving node will delete (“kill”) itdelete (“kill”) it
Issues (3): Identifying the Issues (3): Identifying the receiver ~ receiver ~ network addressingnetwork addressing
• Sending data not a non-existent nodeSending data not a non-existent node could be sending to any one of thousands (on a could be sending to any one of thousands (on a
large network) of large network) of potential potential receiverreceiver nodes nodes all nodesall nodes must have a unique identifier, generally must have a unique identifier, generally
known as a network addressknown as a network address – analogous to a – analogous to a telephone numbertelephone number
all nodes must also have access to a database of all nodes must also have access to a database of network nodes, so that it can be quickly network nodes, so that it can be quickly established whether or not the receiving node established whether or not the receiving node actually existsactually exists
A Packet Switching protocolA Packet Switching protocol(OSI layers 3 & 4)(OSI layers 3 & 4)
• Assumptions:Assumptions:the network infrastrucure (layers 1 & 2) is the network infrastrucure (layers 1 & 2) is
operating normalloperating normally & the establishment y & the establishment and management of open channels isand management of open channels is managed separately by a further protocol managed separately by a further protocol ((known as known as CSMA/CDCSMA/CD - more on this later) - more on this later)
all channels are “open” for communicationall channels are “open” for communicationpackets are numbered, sopackets are numbered, so they can be they can be
correctly assembled at the receiving endcorrectly assembled at the receiving end
Stage 1Stage 1• When the first packet of the message leaves When the first packet of the message leaves
the sender, it is picked up by a “network the sender, it is picked up by a “network names” database, which is dynamically names” database, which is dynamically updatedupdated may well be held on the network “host“ or server may well be held on the network “host“ or server
computercomputer
• Server uses the database to “ping” the Server uses the database to “ping” the destination address to check it is “active” (destination address to check it is “active” ( i.i.ee.. has an open communications channel)has an open communications channel) information sent back to the senders IP addressinformation sent back to the senders IP address
Stage 2Stage 2
• If the sender receives a positive responseIf the sender receives a positive response:: the routing algorithm will calculate a route round the routing algorithm will calculate a route round
the network, taking account of the network the network, taking account of the network topologytopology
the first packet, complete with error checking the first packet, complete with error checking information, will be sent out to the address of the information, will be sent out to the address of the first “hop”first “hop”
• This in turn should route the packet to the This in turn should route the packet to the next address, and so on, until the packet next address, and so on, until the packet reaches its destinationreaches its destination
Stage 3Stage 3
• Subsequent packets can followSubsequent packets can follow immediately immediately, , whether or not the first packet has arrived at whether or not the first packet has arrived at its destinationits destination routing algorithm may chart a different route routing algorithm may chart a different route
through the networkthrough the network
• When a packet arrives at its destination, it is When a packet arrives at its destination, it is processed for errors, and an appropriate processed for errors, and an appropriate message routed back to the sendermessage routed back to the sender:: either an acknowledgement of safe deliveryeither an acknowledgement of safe delivery or a resend request in the event of errors being or a resend request in the event of errors being
detected)detected)
Stage 4Stage 4
• All packets receivedAll packets received? Then…? Then… they are sorted into the correct order using packet they are sorted into the correct order using packet
numbersnumbers a message a message is is sent back to the receiver indicating sent back to the receiver indicating
that the whole message has been satisfactorily that the whole message has been satisfactorily sentsent
• What if a packet is “lost” on the network?What if a packet is “lost” on the network? a “timeout” signal from the router that fails to pass a “timeout” signal from the router that fails to pass
it on will trigger a request to resend that packetit on will trigger a request to resend that packet
Other Protocols Other Protocols and packet switchingand packet switching
• IBM was the biggest player in computer IBM was the biggest player in computer networksnetworks when OSI (and later TCP/IP) became accepted as when OSI (and later TCP/IP) became accepted as
an International standard…an International standard… came up with their own proprietary implementationcame up with their own proprietary implementation whole new operating system based on Unix:whole new operating system based on Unix:
• known as AIXknown as AIX
More about More about TCP/IPTCP/IP• Protocol suite?Protocol suite?
family of (communication) protocols that work family of (communication) protocols that work together in a consistent fashiontogether in a consistent fashion
• Or Or protocol “stack”?protocol “stack”? 7 stacked up software layers that make it compliant 7 stacked up software layers that make it compliant
with the ISO/OSI open systems modelwith the ISO/OSI open systems model TCP makes up level 4 (transport)TCP makes up level 4 (transport) IP makes up level 3 (network)IP makes up level 3 (network)
• Designed Designed to dto deal with all issues that may eal with all issues that may arise during network communicationarise during network communication, so , so unlikely to fail (engineering, trustworthiness…)unlikely to fail (engineering, trustworthiness…)
Who managed TCP/IP Who managed TCP/IP development?development?
•Design of Design of all all Internet software “de Internet software “de jure”:jure”:via RFC (Request for Comments)via RFC (Request for Comments)
•Overseen by IETF (Internet Engineering Overseen by IETF (Internet Engineering Task Force) Task Force) http://www.ietf.org made sure implementation followed best made sure implementation followed best
engineering principles engineering principles
•Over budget, late, and very expensive… who Over budget, late, and very expensive… who paid? Was it worth it? What if it was rushed? paid? Was it worth it? What if it was rushed? (e.g. fixed/tighter deadline?)(e.g. fixed/tighter deadline?)
After class…After class…
•What other protocols were available for What other protocols were available for digital communication besides TCP/IP?digital communication besides TCP/IP?
•Why did TCP/IP become so successful?Why did TCP/IP become so successful?