technology 101 - fuqua school of businesscharvey/teaching/...communication systems to exchange data...

Lee Jacobs and Campbell R. Harvey

Technology 101

Innovation and Cryptoventures

What is a computer?• Electronic device that has the ability to store, retrieve, and process data• Hardware

• Memory – volatile (RAM) and non-volatile (ROM, NVRAM, flash, solid-state)• Processor • Peripheral devices – keyboard, monitor, etc.

• Software – instructions that can be stored and run by hardware• Virtual Machine – emulation of a computer run on virtualized hardware

Computer vs Network• The value of computing has nearly been tapped out. Value in the

information economy is driven by the networked connection of computers.• Computers enabled us to more efficiently store, retrieve, and process data.• Networked connections enable the efficient sharing of information

between billions of devices.

VS.

How does data travel between sources?

OSI TCP/IP

7 - Application

4 - Application6 - Presentation

5 - Session

4 - Transport 3 - Transport

3 - Network 2 - Internet

2- Data Link

1 – Network Interface

1- Physical

•Open Systems Interconnect (OSI) Model•Internet Protocol Suite (TCP/IP)•Conceptual models for communication systems

– Standard protocols that enable communication between diverse computing functions

– Partitions systems into abstraction layers – Each layer serves the needs of the layers directly above

and below it– Data from each layer needs not be aware of those

layers not directly above or below

How does data travel between sources?

OSI TCP/IP

7 - Application

4 - Application6 - Presentation

5 - Session

4 - Transport 3 - Transport

3 - Network 2 - Internet

2- Data Link

1 – Network Interface

1- Physical

•User computer has data to be sent.

•Data is processed through protocol stack layers.

•Binary data is converted to electrical signals on a wire.

Network Interface – Physical Layer

• Physical media connection between devices (e.g. ethernet, wifi)• Data is transformed into binary values (1’s and 0’s) that correspond to

electrical signals

OSI TCP/IP7 - Application

4 - Application6 - Presentation5 - Session

4 - Transport 3 - Transport3 - Network 2 - Internet2- Data Link

1 – Network Interface1- Physical

Digital Signaling





Binary Data

Amplitude-Shift Keying

Frequency-Shift Keying

Phase-Shift Keying

• Electrical signal that represents a sequence of discrete values

• Binary 0 and 1 digits (aka “bits”) represented by alternation of discrete waveforms

• Alternations occur in amplitude, frequency, or phase of waves

Binary Addressing• Binary numbers are represented by 0’s and 1’s• Decimal numbers represented by digits 0 through 9

• IPv4 Addresses are 32 bits and are represented in four blocks of 8 bits in decimal notation, e.g., 192.168.0.1 (note maximum 8 bit number is 255)*

• Hexadecimal numbers represented by 16 digits (0-9, a-e)• MAC Addresses use 8 bit hexadecimal octet notation (e.g. a0:99:9b:1b:87:33)

• Addresses are used to determine traffic destinations across networksOSI TCP/IP

7 - Application4 - Application6 - Presentation

5 - Session4 - Transport 3 - Transport3 - Network 2 - Internet2- Data Link


*Maximum number of addresses = 232 = 4,294,967,296

Decimal Notation• Each bit represents a different decimal value• 8 bits in each dotted decimal byte• Each byte sums to a decimal value 0 through 255





192.168.155.1

Hexadecimal Notation• 8 bits in each hexadecimal octet byte• Each byte represents two hexadecimal digits





a0:99:9b:1b:87:33

1 0 0 1 1 0 1 1

Network Interface – Data Link Layer

• Media Access Control (MAC) • Unique identification address of a computer’s network interface• 48 bit address divided into 6 groups of 2 hexadecimal digits • e.g. a0:99:9b:1b:87:33 = 1010 0000 1001 1001 1001 1011 0001 1011 1000

0111 0011 0011• Determines destination of traffic on local network

• Each host on a segment has a unique MAC address and knows its neighbors addresses• Traffic destined for local neighbors addressed directly to that neighbor• Traffic destined outside local segment is sent to default gateway router





Network Interface – Data Link Layer





Network – Internet Layer

• Host Addressing and Identification• IPv4

• 32 bit addresses (e.g., 192.168.0.1)• 4.3 billion usable addresses

• 32 possible binary values = 232

• Less reserved addresses – private, link-local, loopback, multicast, and testing• Public IP addressing – exhausted in 2011• Private IP addressing

• IPv6 • 128 bit addresses (e.g. 2001:db8:85a3:8d3:1319:8a2e:370:7348) • Solution to exhaustion of IPv4 public address space• 42 undecillion* usable addresses (4.2 x 1037)

• 128 possible binary values = 2128

• Less reserved addresses – private, link-local, loopback, multicast, and testing





*Trillion, Quadrillion, Quintillion, Sextillion, Septillion, Octillion, Nonillion, Decillion, Undecillion

Network – Internet Layer• Packet Routing – Various routing protocols used to route packets across best

possible path from source to destination





Routing Protocols• Specify how routers communicate with each other to determine best path

for traffic between any two nodes on a network• Each router has only knowledge of its directly connected neighbors• Routing protocol shares network topology first among immediate

neighbors then throughout the entire network• Interior Gateway Protocols

• Share routing information within a local network• Examples – Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path

First (OSPF), Routing Information Protocol (RIP)• Exterior Gateway Protocols

• Share routing information between local networks, i.e. across internet• Border Gateway Protocol (BGP)





Transport Layer• Basic channel for data exchange

• Type of traffic protocol is defined and marked with a port number by upper layers.

• A virtual channel is created between two hosts based off of this protocol marking. Traffic marked with a protocol is considered “interesting” to each session channel. Uninteresting traffic can be ignored by that channel.

• Most familiar protocols have a TCP or UDP port #• Email: SMTP (25), POP3 (110), IMAP (143)• Domain Name Service (53)• HTTP (80), HTTPS (443)





Application Layer

• Application layer protocols are sets of standards for diverse communication systems to exchange data and provide user services

• Applications are unaware of and indifferent to lower OSI or TCP/IP layers other than the transport layer connection (i.e. network, data link, and physical layers). All that is necessary for applications to communicate is a session established by transport layer.

• Examples of Protocols• Domain Name Service (DNS)• Email• Hypertext Transfer Protocol (HTTP)• Virtual Private Network (VPN)





Composition and Transfer of Information









Application Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Data

Data Header

Segment Header

Packet Header

0 1 1 0 0 1 0 1 1 1 0 1 0 0 0 1 1 1 0 1 1 0 1 0

A single message is broken down into many digestible size pieces of application data and encapsulated at each protocol stack layer to be passed along to the next layer then forwarded to its destination.

Segment

Packet

Frame

Public Key Infrastructure (PKI)





• Set of roles, policies and procedures to manage the use of public-key encryption and digital certificates

• Almost all secure internet services use PKI (e.g., email, HTTPS, TLS, VPN)

• Authentication – public key used to verify identity of message sender• Confidentiality – only holder of the private key can decrypt message

encrypted with public key, once encrypted message can not be tampered with

• Non-repudiation – recipient is not able to deny the receipt of message






• Public-Key Encryption• Unique public-private key pair created by each user• Private key encrypts and public key decrypts • Private key is held only by its creator• Public key is held by a trusted certificate authority to be used by those

communicating with the owner of the key pair

• Digital Certificate• Certificate authority verifies the identity of the owner of the certificate• Certificate is signed by private key, so only its legitimate owner

can use it

Source: https://en.wikipedia.org/wiki/Public-key_cryptography






Source: http://another-soa-blog.blogspot.com/2009_07_01_archive.html






Domain Name Service (DNS)

• “Phonebook” for the internet, translates human-friendly domain names into computer-friendly IP addresses

• Plays a role in just about every internet service we use





Domain Name Service (DNS)

• DNS Servers exist in a hierarchy with root servers controlling each type of top-level domain (e.g., .com, .edu, .gov)

• Subordinate publicly and privately controlled ”resolvers” accept requests from hosts for internet addresses





Email

• Simple Mail Transfer Protocol (SMTP) used to send email from host to local mail server and between mail servers

• Post Office Protocol (POP3) or Internet Message Access Protocol (IMAP) used to deliver email from mail server to destination host

• POP3 delivers message and deletes from server• IMAP stores message on server, as used in webmail

• Public Key Infrastructure (PKI) provides authentication via digital signatures and confidentiality via encryption





Email





1. Bob generates SMTP format message to Alice and sends to his local mail server.

Email





2. Local mail server resolves destination domain name (unc.edu) and sends to remote mail server using SMTP.

Email





3. Remote server stores message in Alice’s mailbox.

Email





4. Alice picks up message from mail server when she logs on using POP3 or IMAP.

Hypertext Transfer Protocol (HTTP)• Request-response protocol in client-server computing model• Client identifies website host using DNS then requests resources from

host IP address• Foundation protocol for data transmission over the worldwide web





Virtual Private Network (VPN)





• Provides confidentiality, integrity, and authentication of information exchanged over network

• Point-to-point VPN• Secure connection (“tunnel”) established between two network appliances, often using IPSec• Tunnel serves similar to transport layer connection

• Client-Based VPN (SSL/TLS/HTTPS)• Terms often used synonymously• Secure Sockets Layer

• Predecessor to current protocols, less secure due to support for only older key exchange algorithms (e.g., RSA)• Transport Layer Security

• Tunnel serves as connection similar to transport layer channel • Accessed via client-based application such as AnyConnect• Supports modern key exchange algorithms (e.g., elliptic curve cryptography)

• HTTPS • “HTTP over SSL/TLS”• Traditional HTTP communication takes place over a secure channel created by TLS • ”Clientless” application accessed via web browser

Virtual Private Network (VPN)

• TLS “Handshake”





technology 101 - fuqua school of businesscharvey/teaching/...communication systems to exchange data...

Documents