lOMoARcPSD|3336559

Lecture Notes - FIT1047

Introduction to Computers, Networks and Security (Monash University)

StuDocu is not sponsored or endorsed by any college or university

Downloaded by fizz 2win (fizzz2win@gmail.com)
 lOMoARcPSD|3336559

Week 1: Bits, bytes and words

ASCII – 7 bit alphabet
EXTENDED ASCII – 8 bit alphabet
UNICODE – 16 bit alphabet
Bit = single unit consisting of either 0 or 1
Byte = eight bits
Word = any collection of bits. Typical word length is 32 or 64 bit for computers

A word of size n, can represent the numbers from 0 to 2^n-1.

Binary = base 2 numbering system
Decimal = base 10 system
Hexadecimal = base 16 numbering system
A 4-bit binary code can represent hexadecimal as 2^3 = 16
Giga =10003, tera =10004 , peta =10005, kibi =1024, mebi =1024 2, gibi = 1024 3

HEX DECIMAL 4-BIT BINARY

0 0 0000

1 1 0001

F 15 1111

Tasks:
3.a Convert the base 16 number 123C9F to base 10 using both methods
Fast method = place base number, multiply by base, proceed to add next base
number, then multiply by base, until add final base number.
E.g. 1 * 16 5 + 2 * 16 4 + 3 * 16 3 + 12 * 16 2 + 9 * 161 + 15 * 16 0 = 1,195,167
Convert 1286 from base 10 to base 16

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Division Result Remainder Base 16

number
1286/16 =80.375 .375 = 6 6
80/16 =5 0 0
5/16 =.3125 16*.3125 = 5 5

3.c Convert the hexadecimal (base 16) number AFC934B2D to binary without the
use of addition, subtraction, multiplication, or division
Simply convert every specific hexadecimal digit into a 4 line bit to solve.
Negative binary numbers
Sign and magnitude
Use one bit as the sign bit. The leftmost bit represents its sign, 0 means positive,
1 means negative. E.g. 8-bit number 11010110 is -86, as leftmost bit 1 is
negative, and the seven bits represent 86.

One’s complement
Simply by flipping all bit values. If leftmost bit is 0, the number is positive
Important rule with adding/subtracting, If the final carry (leftmost bit) is 1, carry it
to the end.

Adding in one’s complement is easy.

If you want to do 2 – 1, this can be done with 2 + (-1).
Which equals 010 + 110 = 1000
Final carry is 1, so carry it to end.
Answer is 001
Two’s complement
Simply by flipping all bit values then adding 1
Simple rule:
Table Overfows can Two positive number add up
Note that with 3 bits, we happen e.g. to negative = overfow E.g.
cannot represent 4, 3 + 2 = 5 = 101
3+2=5
Two negative number result
011 + 010 =
in positive = overfow E.g. -
101
4-3 = 100 + 101 = 1001,
However 101 ignoring carry bit is 001,
= -3 which is 1

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

because binary would be 100, and this would be represented as a negative

number.
Adding in Two’s complement is straightforward. Just ignore carry bits.
1. 2 + 1 = 3
010 + 001 = 011
2. 3 – 1 = 2
3 + (-1) = 2
011 + 111 = 010
3. 2 – 4 = -2
2 + (-4) = -2
010 + 100 = 110
Decimal One’s Complement Two’s Complement
0 000 000
1 001 001
2 010 010
3 011 011
-0 111 n.a
-1 110 111
-2 101 110
-3 100 101
-4 n.a 100

Floating Point Numbers

Scientific notation
X * base 10 of some exponent
E.g. 300,000 = 3 * 10^5
Scientific notation has precision issues.
1/3 in base 10 is 0.33333333333
2/3 in base 10 is 0.666666666666
But 1/3 + 2/3 = 1
Floating point representation = a x 2^b

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Error Detection – Binary data is just strings of bits, if there is an error we need
to check
Methods:
Parity bits – adding a parity bit to binary data is to detect that one single bit has
changed. Usually at the end of a byte.
E.g. Electrical signal causes a byte data transmission to send wrong data.
1 1 0 0 1 1 0 1
= 205
1 1 1 0 1 1 0 1
= 237
In order for a computer to determine if a byte transmission is correct, it would
initiate an even parity check or an odd parity check
For an even parity check, the parity bit would be a zero
E.g. 00110110
For an odd parity check, the parity bit would be a one
E.g. 00111011
This allows so that any distortion in the byte will immediately notify the computer
that its wrong. However, if two bit’s have been altered, then the computer
recognizes it’s the same even/odd result, hence a problem.
Checksum – Counting the number of bits
A specific number is agreed upon.

Example for a checksum (16 is the agreed number):

43 52 43 30 31 30

Add up all numbers 43+52+43+30+31+30=229 and divide by the agreed number:

229/16=14 with a remainder 5. Thus, the message including the checksum looks
like this:

43 52 43 30 31 30 5

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Errors can be detected easily by any change e.g.

43 52 43 29 31 30 5 = 228/16 = 14 remainder 4

There is a small problem however as there can be a chance that multiple errors
can cancel each other out e.g.

43 54 43 28 31 30 5 = 229/16 = 14 remainder 5

Cyclic Redundancy Check (CRC) – Concatenates the entire sequence of

numbers e.g. 43 54 43 28 31 30 becomes 435443283130

And divides by a agreed number. E.g. 16

Remainder = 10

So when messages are transmitted the Remainder should be 10 otherwise there

is a problem.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 2 From logic to algebra

Boolean logic – The simplest possible logic based on TRUE and FALSE.
Usually TRUE = 1, FALSE = 0
1. A and B can be presented as A * B, or AB
4. A or B can be presented as A + B
5. NOT A can be presented as A’ or A with a line above it.

AND Table
A B A*B
0 0 0
0 1 0
1 0 0
1 1 1
OR Table
A B A+B
0 0 0
0 1 1
1 0 1
1 1 1

NOT Table
A ¬A
0 1
1 0

Computer Gate Symbols

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Universal gates:
NAND gates
´ .
NAND is AB

NOR gates
A B ´B.
A+
0 0 1
0 1 0
1 0 0
1 1 0

Boolean algebra Laws

 Identity Law
AND Form OR Form
1*A=A 0+A=A

 Null Law
AND Form OR Form
0*A=0 1+A=1

 Idempotent Law
AND Form OR Form
A*A=A A+A=A
 Complement Law
AND Form OR Form
A ∗ Á = 0 A+ Á = 1

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

 Commutative Law
AND Form OR Form
A*B=B*A A+B=B+A

 Associative Law
AND Form OR Form
(AB)C = A(BC) A+(B+C) = (A+B)+C

 Distributive Law
AND Form OR Form
A+(BC) = (A+B)(A+C) A(B+C) = AB+AC

 Absorption Law
AND Form OR Form
A(A+B) = A A + AB = A

 DeMorgans Law
AND Form OR Form
A´. B = Á+ B́ ´ B ) = Á ∗ B́
( A+

 Double complement Law: Two nots = positive, NOT(NOT A) = A

Karnaugh maps
A way to minimize the solution to a Boolean function.
E.g. for 3 variable map (A+B) C
A B C X
0 0 0 0
0 0 1 0
0 1 1 1
0 1 0 1
1 0 0 1
1 0 1 0
1 1 1 1
1 1 0 1

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

A K-Map can simplify the above into

00 01 11 10
0 0 0 1 1
1 1 0 1 1

There is one large group with 4 1s that is covering the complete space for A=1
There is another group for the two 1’s, where C = 1 and B = 0
Hence we can simplify the function to F(A,B,C) = A + B́C
Rules of K-Maps:
1. No group can contain 0
2. Groups must be horizontal/vertical/square but never diagonal
3. Groups must be in power of 2’s
4. Groups must be as large as possible
5. Groups can overlap
6. Groups can overlap around the map

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 3 + 4: Von Neumann Architecture + Memory & I/O

Basis for a modern CPU,

consists CPU, memory,

input/output devices.

CPU can be devided into

the Arithmetic Logic Unit

(ALU), a number of

registers, and the Control

Unit (CU).

Registers – store temporary results and move instructions and data around

ALU – performs calculations in the CPU

CU – manages execution of program instructions by fetching instructions from

memory.

CPU's

6. Built out of logic gates

7. Executes instructions

8. Connected to memory and I/O devices

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Compilers

CPU’s are unable to execute/interpret high-level languages. CPUs can only

execute machine code. A compiler takes a program and translates it into a lower

level language. C++ translates into machine code. Java translates into byte code.

Interpreters

A program that executes high-level languages. Advantage is that can be run

everywhere. Disadvantage is that slower to execute than compilers.

Machine code

A very low-level programming language. Program is a sequence of individual

instructions, each line being just a sequence of bits. The program is stored in

memory.

Each line in machine code is a 16-bit word, e.g.

0001000000000100

0001000000000100

A protocol that a CPU uses to understand machine code is called the Instruction

Set Architecture (ISA). Different CPUs have different ISA’s. A CPU must be able

to do 3 things:

 Perform math’s (add, subtract, multiply, compare)

 Move data between memory, CPU and I/O devices

 Execute conditionals and loops

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

CPU COMPONENTS

Memory

Main memory is like a sequence of locations, each of which can store one value.

Each value has a fixed width, a fixed number of bits. A program can read the

value stored in the location, and change it. In order to determine that, programs

need to be able to know which memory location they want to read or change.

That is why each location gets an address, by labelling the locations, starting

from 0. One memory location stores one byte, this is byte-addressable memory.

In MARIE, one memory location stores one word. In order to address 2n memory

locations, we always need n bits for the addresses.

Registers

A very fast memory location inside the CPU. Can only store a single word. There

are general-purpose registers used by programmers and special purpose

registers used by the CPU. Two special purpose registers are the

 Program Counter – continually stores the address of the next instruction to

execute from CPU

 Instruction Register – Stores the current instruction that the CPU is

executing

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

ALU, Control Unit and the Bus

Arithmetic logic unit (ALU) – Responsible for performing basic computations like

addition and multiplication, as well as Boolean logic operations like AND and OR.

Control Unit (CU) – Responsible for coordinating all components of the CPU. E.g.

it can switch the memory into “read” or “write” mode, select a certain register for

reading or writing, and tell the ALU what kind of operation to perform. All this is

based on the current instruction in the IR.

Fetch, Decode, Execute Cycle

The process in the Control unit:

1. Fetch – CU transfers instructions from main memory into the IR, then

increments the PC by one, taking one sequence each time

2. Decode – CU looks at instructions in IR and decode what it “means”

3. Execute – CU performs instructions after decoding instructions

4. Repeat – Starts fetching next instruction from the PC (program counter)

Bus(s) – Responsible for connecting the components inside the CPU, as well as

to I/O devices.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

The MARIE architecture

1. 16 bit words

2. Only 16 instructions

3. One single general-purpose register

4. Instructions are one 16-bit word, composed of a 4-bit opcode and a 12-bit

address

Registers

 AC –The only general-purpose register

 MAR (Memory Address Register)– Holds a memory address of a word

that needs to be read or written to memory

 MBR (Memory Buffer Register)– Holds the data read from or written to

memory

 IR (Instruction Register) – Contains the instructions that is currently being

executed

 PC (Program Counter)– Contains the address of the next instruction

Instructions

Each instruction in MARIE is a 16-bit word. The leftmost 4 bits represents the

opcode, which tells us what kind of instruction it is. The remaining 12 bits

contains an address of a memory location the instruction should work with.

E.g., the opcode 0001 means “Load the value stored at the address mentioned in

the remaining 12 bits of the register

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

OPCODE MNEMONIC EXPLANATION

0001 Load X Load value from locationXintoAC

Jns X Jumps to location X+1 and stores next address

below Jns into value of X

Jump I X is used to exit subroutine

0010 Store X Store value fromACinto locationX

0011 Add X Add value stored at locationXto current value inAC

0100 Subt X Subtractvalue stored at locationXfrom current value

inAC

0101 Input Read user input intoAC

0110 Output Output current value ofAC

0111 Halt Stop execution

1010 Clear SetACto0

Notice how instructions use the AC register as temporary storage. Now we can

write a simple program.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Load number from memory address 4 into AC register

Add number from memory address 5 to AC register
Store result from AC register into memory address 6
Stop execution
=

Load 4
Add 5
Store 6
Halt

Two more special Opcode’s are used to perform stronger programming. They
allow jumping to different parts of the program depending on certain conditions.

OPCODE MNEMONIC EXPLANATION

1000 SkipCond X Skip next instruction under certain condition

(depends on X)

1001 Jump X Continue execution at location X

The jump instruction sets the PC register number to X.

SkipCond is a conditional instruction:

 SkipCond 000: If the value in AC is smaller than 0, then skip the next
instruction.
 SkipCond 400: If the value in AC is equal to 0, then skip the next
instruction.
 SkipCond 800: If the value in AC is greater than 0, then skip the next
instruction.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

In most cases, we want to use a combination of SkipCond and Jump to

implement conditional code. To implement a if-then-else construct, we do:

SkipCond skips the next instruction if the condition is true, so ‘else’ part should

go right after the skipCond, and the ‘then’ part comes after.

Input / Get user input into AC

SkipCond 800 / Skip next instruction if AC>0
Halt / Halt (if AC not greater than 0!)
Output / Output AC
Jump 0 / Jump back to beginning of the program

Indirect addressing

Instead of accessing the value stored at location x, we can use the value stored

at x as the address at which the actual value we want to use is stored. E.g.

ADDRESS VALUE
Now a Load 102 instruction = look into

100 3 address 102, find the value 100, and load the

value into the AC.

101 2
But the instruction Load I 102, would look
102 100
into address 102, use the value of 100 there

103 101 as an address, then looks into the address

100, and loads the value of 3 into the AC.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

OPCODE MNEMONIC EXPLANATION

1011 Add I X Add value pointed to by X to AC

1100 Jump I X Continue execution at location pointed to by X

1101 Load I X Load from address pointed to by X into AC

1110 Store I X Store AC into address pointed to by X

From Instructions to Circuits

Data Paths- Describes how all functional units are connected together

Blue data bus – Transports words of data

between the memory, registers, and ALU. The
MBR is required to transfer data between
memory and register.

Green address bus – Connects the memory

with the MAR. Responsible for selecting the
memory address that the CPU reads or writes
to. E.g., Load 005 puts value 005 into MAR,

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Register Transfer Language- A type of language that defines an even lower-

level language used for the fetch-decode-execute cycle.

Process Steps Description RTL

Fetch 1 Address stored in PC copies into the MAR ← PC

MAR

2 Address stored in MAR copies into MBR ← M[MAR]

MBR

3 Address stored in MBR copies into IR IR ← MBR

4 PC increments by 1 PC ← PC+1

Decode 5 CU looks at instruction in IR and MAR ← X

performs action

6 If instruction needs to read, then data is MBR ← M[MAR]

read from memory into the MBR

7 This instruction depends on the task

being executed

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Final step 7 execute RTL

instructions in RTL
Load X 7. AC ← MBR
Store X 6. MBR ← AC

7. M[MAR] ← MBR
Add X 7. AC ← AC + MBR
Subt X 7. AC ← AC – MBR
SkipCond X 6. If MAR = 0x800 and AC>0 then PC ← PC + 1

If MAR = 0x400 and AC=0 then PC ← PC + 1

If MAR = 0x000 and AC<0 then PC ← PC + 1

Jump X 6. PC ← MBR
Clear 5. AC ← 0
AddI X 7. MAR ← MBR

8. MBR ← M[MAR]

9. AC ← AC + MBR
JumpI X 7. PC ← MBR
LoadI X 7. MAR ← MBR

8. MBR ← M[MAR]

9. AC ← MBR
StoreI X 7. MAR ← MBR

8. MBR ← AC

9. M[MAR] ← MBR
JnS X 6. MBR ← PC

7. AC ← MBR

8. AC ← MAR

9. PC ← AC + 1

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Control Signals – An extra layer of information to the RTL, located on the

control bus through wires, it signals to the control unit what controls need to be
used for the current operation.

Signal Signal wires Number of bits Possible values

Register read P2P1P0 3 000 (None)
001 (MAR)
010 (PC)
011 (MBR)
100 (AC)
111 (IR)
Register write P5P4P3 3 000 (None)
001 (MAR)
010 (PC)
011 (MBR)
100 (AC)
111 (IR)
Memory read Mr 1 0 or 1
Memory write Mw 1 0 or 1
ALU operations A2A1A0 3 000 (nothing)
010 (add)
001 (subtract)
011 (clear)
100 (increment 1)

Combining both RTL and Control signals, The Add X instruction will look like this

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Combinational Circuits

Circuits are collections of Boolean gates connected by wires. They include inputs

and outputs.

Adders - Adding two bits A and B.

A B Carr Resul

y t
0 0 0 0

0 1 0 1

1 0 0 1
AND GATE
1 1 1 0
XOR GATE

Half Adders – In order to construct a circuit that implements the function above

we look at the outputs. For Carry, we can see that it is 1 only when both inputs

are 1, hence an AND gate. For Result, we can see that it is 1 only if one of the

inputs is 1, hence an XOR gate.

Full Adders – A half adder is only half-useful. It can only add up two bits and

produce two new bits as output, so it cannot construct adders for larger numbers.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

A B Carry-in Resul Carry-out

t
0 0 0 0 0

0 1 0 1 0

1 0 0 1 0

1 1 0 0 1

0 0 1 1 0

0 1 1 0 1

1 0 1 0 1

1 1 1 1 1

ALU

Inputs:

Two n-bit operands

Op-code (which operation?)

Outputs:

n-bit result and status flag (overflow? Error?)

Input/Output and the CPU

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Memory-mapped I/O architecture – I/O registers are mapped into the address

space of the CPU

Instruction-based I/O architectures – CPU has special instructions to read from or

write to particular I/O devices

Programmed I/O

How does the program get notified that new input is available? Through a

process called polling

Program is used that goes through an infinite loop to check if the I/O registers

has new data to read, and if it does, it calls a subroutine to process the new data.

If polling is too fast, will waste computing power, if too slow, system will feel

laggy.

Disadvantage is that CPU has to constantly be running at 100% capacity.

Interrupts

Modern approach, makes the hardware notify the CPU when new data is

available. The CPU interrupts its current activity and jumps into a special

subroutine to process the I/O request.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 5: BIOS, UEFI, FIRMWARE

 Know the steps in a computer's start process

 Be able to explain the role of the different components in a computer
 Understand the difference between BIOS, UEFI, operating system,
drivers, etc.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Components of a computer

Computer start process ( BIOS STEPS)

Turn on power – power good signal
1. Initial software
 BIOS or UEFI controls start-up steps, providing system configuration like
power saving, security.
2. POST check:
 Check if system is OK
 System clock/timer is running
 Processor is okay
 BIOS is not corrupted
 Display is working
3. Video Card check – check if present, runs video card BIOS program to start it

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

4. Other hardware check – checks other devices ROM’s and starts it

5. Find Operating system
6. Boot sector – Boot sector takes over BIOS now.

BIOS vs UEFI
BIOS has very limited space, only 1024 kilobytes, and only works with specific
hard-drives up to 2.2 terabytes. Cannot work with future and current technology.
UEFI is Unified Extensible Firmware Interface, a programmable interface. It
works as a non-volatile memory, but is a software, acting as a BIOS.

OS- Operating system

1. Manages peripherals
2. Manages files
3. Manages Memory- Virtual and secondary
4. Manages interface

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 6: Security

Learning Objectives:

 Introduction to Cryptography

 Symmetric vs public key cryptography

 Access control, passwords, user authentication

Cryptography: The encoding and decoding of secret messages

Symmetric Encryption: A cryptographic key is shared between 2 or more

principals.

The same key is used for encryption and decryption. Most symmetric algorithms

work with a mix of substitutions and permutations. Substitutions are defined by S-

boxes.

Public key cryptography (Asymstric Encryption): Utilizes a “hard” mathematical

problem and a large random number, a key-pair is generated, so that the private

key cannot be derived from the public key without solving the mathematical

problem. Every principal owns a unique pair of keys.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Example, RSA

Hash function for security:

S-boxes and permutations: Replacing a

hex number based on its position in an

array with first digit on side and second

digit on top. E.g. hex 31 will be replaced

by c7.

AES (Advanced Encryption Standard): The newest form of symmetric encryption

algorithm. Symmetric key recommended for 128 bits.

Disadvantages of Symmetric Cryptograhy:

 Key distribution – one needs to establish a shared secret

 Scalability – Each pair of sender and receiver needs a unique secret key.

With 12 participants, there needs 66 key. This grows exponentially.

Public Message Authentication Codes:

Piece of code used to authenticate a message, confirm that the message can

from the stated sender and has not been changed. Verifiers possess a secret key

to detect changes.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Cryptographic hash functions:

A algorithm that maps data of any size to a bit string of a fixed size which is

designed to be a one-way function, that is, a function which is infeasible to invert.

The only way to recreate the input data from a hash function's output is to

attempt a brute-force search of possible inputs to see if they produce a match.

They are used in digital signatures for storing and comparing passwords.

Ideal cryptographic hash functions should have the properties

 Computing hash value should be quick

 Deterministic, the same message always results in the same hash

 Infeasible to generate a message from its hash except by trying all

possible messages

 A small change to a message should change the hash value so much that

it does not look correlated at all with the old hash value

 Infeasible to find two different message with the same hash

Example hash functions:

 MD5

 SHA1 – not recommended anymore

 SHA-256 - recommended

 SHA-384

 SHA-512 - recommended

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 7: Operating Systems

OS is a level of abstraction between hardware and software

Overview What does an OS do?

1. Process management (a process is a running program)

2. Memory management

3. I/O (it does more but that’s what we’ll cover)

The notion of process is quite important, and you need to know what the

difference is between a process and a program.

 A program is the code that you write, the sequence of instructions (and

possibly data). ∙

 A process is an instance of the program that is currently being executed

by a computer.

An important difference is that there can be multiple processes executing the

same program, e.g. some web browsers start a process for each open window.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Abstraction in OS

Virtualisation:

 Provide virtual form of each physical resource for each process.

This means you can code as if your program

 has the entire CPU to itself ∙

 has a large, contiguous memory just for itself

 can use system resources through library functions (e.g. keyboard,

graphics, disk, network)

The OS kernel

Modern operating systems have many different functions. The core functions is

controlled specifically by a part called the kernel.

The kernel implements process called ‘Timesharing’, this allows a single CPU to

run many processes. OS kernel switches between processes, Switching is so

fast it creates illusion that two process running at same time

Cooperative timesharing – OS gains control when user mode process makes a

system call. OS checks whether to switch process from A to B, if yes, put

process A into Ready state and switch B into Running state, else, just handle

system call and return to process A.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Preemptive timesharing - OS sets up timer interrupts. Interrupt switches to

kernel mode and calls interrupt handler in the OS. OS can then switch processes

or kill processes. E.g. in Windows task manager if program not responding, can

just kill it. You cannot do this in a cooperative timesharing system.

Managing processes

Mechanisms: virtualising the CPU

Processes: Created by loading code into memory. Can

be in one of 3 states

Challenges:

Performance:

1. CPU virtualisation should not create huge

overhead

Control:

1. OS must stay in control

2. Enable fair scheduling

3. Protect against malicious or buggy code

Requires hardware support!

Limited Direct Execution – Limiting access to the CPU as well as the I/O

devices, but not limiting access to memory.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

But what is the main reason for virtualizing the memory in Limited Direct

Execution?

1. Enable protection of a process’s memory against malicious or buggy

processes

2. Make programming easier as programmer does not need to know exactly

how memory in target computer is organized

3. To enable processes to use more memory than is physically installed as

RAM, by using external storage as temporary memory.

When application code runs directly on the CPU. This creates problems like

“How to restrict what the program can do without affecting efficiency?” or “How to

stop a process and switch to another process?” The solution is process

switching. CPU has 2 modes.

Kernel mode: code is run without any restrictions. OS runs in kernel mode.

Interrupts trigger switch to kernel mode

User mode: Only a limited subset of instructions can be used, E.g. no I/O

instructions. Normal applications run in user mode.

Without I/O instructions, a process cannot simply access parts of the computer

e.g. the network, record sound, manipulate mouse, access hard disk.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

System calls:

Special CPU instructions that let user mode call OS functions e.g.

 Perform file I/O

 Access the network interface

 Communicate with other processes

 Allocate memory

Software Interrupts

 Hardware triggers flag in CPU

 CPU jumps to special code and returns to running program

 Context switch makes sure program can continue as if no interrupt had

happened

Summary of mechanisms for process switching

1. CPU has user and kernel mode in order to control I/O and memory access

for applications, which use system calls in the OS to access privileged

operations

2. Interrupts cause the CPU to switch into kernel mode

3. These can be I/O interrupts, software interrupts (system calls), or timer

interrupts

4. The latter is preemptive timesharing, where the OS always regains

control of the system several times per second.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Process Scheduling

Policies that the OS uses in order to switch between processes. The OS needs

to decide how long each process gets to use the CPU before it switches to a

different process.

First-come first serve – Processes take turns, average turnaround time high, as

short process may need to wait in line for a long time

Shortest job first – More optimal schedule

Round-robin scheduling – fair schedule. During a certain time interval, all

processes get roughly equal access to the CPU. Problem however, some

processes may be more important than others and is more important, e.g.

playing a video.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 8: TCP/IP Basics and Application Layer

Learning Objectives:

1. Name and describe the functions of the different layers of the Internet

Model

2. Identify different application architectures

3. Understand and analyze the HTTP and SMTP application layer protocols

Network Components:

1. Client – a device that enables users to access the network

2. Server – a device that provides services to clients. E.g. act as a storage,

printing server, web server

3. Switch – Device that connects multiple clients to form a LAN

4. Router – Device to connect different networks

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Types of networks:

 LAN (Local Area Network) – A group of clients or servers that share a

local circuit, connected through switches and cables. Devices in a LAN

can communicate with each other without going through a router. Speed

usually 1Gbps (gigabit per second).

 BN (Backbone Network) – A network that connects multiple LAN’s using

routers. Usually does not contain clients or servers, it is used to transfer

network traffic between LAN’s, e.g. connect different floors, or campuses

of a building. Speed usually 10 Gbps.

 MAN (Metropolitan Area Network) – Large network that connects LANs

and BNs across locations, e.g. across a country. This network is usually

leased to a third-party company to handle the network connection.

 WAN (Wide Area Network) – Similar to MAN except that it connect

networks across large geographical locations. E.g. country to country.

Network application architectures:

In most cases, a client will communicate with a server, and they together provide

an application to the user. There are four main tasks application to perform:

 Presentation logic – application providing user interface

 Application logic – define how application behaves, e.g. what happens

when user performs a certain action

 Data access logic – how application manages its data. E.g. updating data

whenever user makes changes or retrieving information when user does

something

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

 Data storage – where data is kept.

In a server-based application architecture, almost all processing is done by the

server. The client is just a “dumb terminal”.

Client-based server, client does everything besides data storage

In a client-server based architecture, there is a central file storage facility,

allowing multiple users to work on the same files together. In this architecture,

the client performs the presentation and application logic, while the server

performs data access and storage.

A thin-client architecture is where the client performs only presentation logic,

while the server performs the rest. This is common is web applications where

webpages renders the page to users screens, but any action the user does is

handled by the server.

A multi-tier archictecture is where multiple servers are used to handle specific

tasks of the application.

A peer-to-peer architecture is where no server is used at all. Clients connect to

each other with each client implementing all aspects of the application.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Layers and protocols

The Internet Model:

1. Hardware layer - concerns with hardwire like cables, plugs sockets,

antennas. Specifies the signals that are transmitted

2. Data link layer - defines the interface between hardware and software.

Specifies how devices in a LAN can exchange packets.

3. Network layer – responsible for routing, decides which path a packet takes

through the network

4. Transport layer – establishes a logical connection between an application

sending a message and receiving application.

5. Application layer – Actual application software that a user interacts with.

Protocol Data Units – A formal language that defines how two applications talk to

each other during each layer.

 Hardware layer PDU is a bit

 Data link layer PDU is a frame

 Network layer PDU is a packet

 Transport layer PDU is a segment or a datagram

 Application layer its messages

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

The World Wide Web – The largest application layer besides electronic mail

URL – The address of a document of the WWW

HTTP – a standard set of commands that is understood by all web browsers and

servers

Request-response cycle

HTTP operates in this cycle

HTML – the document format for web pages

Electronic Mail

Client-server approach to email – two-tier client-server application

Simple Mail Transfer protocol (SMTP) – sender uses the protocol to send a

message to a mail server. This forwards to the recipients mail server. The

recipient then uses either the Post Office Protocol (POP) or the Internet Message

Access Protocol (IMAP) to access their emails on the server.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 9: TCP/IP Physical and Data link Layer

Learning Objectives:

 Understand how messages can be transmitted over physical media such

as copper cables, optical fibres or radio waves

 Look at Media Access Control (Data Link layer): when is a device allowed

to transmit?

 Study the basic structure of Ethernet and Wi-Fi networks

Network interface card (NIC):

Implements physical and data

link layer:

 Includes unique data link

layer address (MAC

address)

 Provides physical connection to the network (socket or antenna)

 Implements protocols (error detection, construction of frames, modulation)

 Often built into motherboard

 Or connected via USB, PCI express

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Network Cables:

UTP is the most common modern cable

Physical Layer:

We transmit information using physical signals via a medium e.g. electrical

signals (copper wires), radio waves (air), and light signals (optical fibre).

Digital data: Discrete values like 0 and 1, or alphabets. Steps from one symbol to

the next. Signal In the form of discrete states

Analog data: Range of possible values like temperature or air pressure.

Continuous variation over time. Signal continuous, like a sin wave.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Transmission types:

 Analog signal for analog data

Analog FM radio

 Digital signals for digital data

Old Ethernet, USB, bus in computer

 Analog signals for digital data

Modems, ADSL, Ethernet, Wi-Fi, 4G

Digital transmission:

Digital signals are typically transmitted through copper cables. It encodes 0s and

1s into different voltage levels on the cable, resulting in a square wave.

Unipolar encoding – Use only

positive voltage

Bipolar encoding – Use both positive and negative voltage to achieve bigger

difference in signal

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Analog transmission:

Frequency = how many oscillations (waves) per second

Amplitude = volume

In order to transmit data using analog waves, we can simply modify each of

these parameters.

Frequency Modulation technique (FM): Using frequency to send a 1 or 0.

A high frequency

is interpreted as

‘1’ and low as ‘0’.

Amplitude modulation technique (AM): Using amplitude to send a 1 or 0. High

amplitude interpreted as ‘1’, low amplitude as ‘0’.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Multiple different amplitudes and phases allow for packing of more data. By using

four different amplitudes and two different phases, we can now encode a unit

number between 0 and 7 rather than just 0 or 1. E.g., the second-highest

amplitude combined with the downward phase represents the number 3.

Meaning we can now transmit four times the amount of data

Modems

The process of turning digital data into analog signals is called modulation, the

reverse process is demodulation. A device that does these tasks is called a

modem.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Data Link Layer:

 Controls access to the physical layer

 Encodes/decodes between frames and signals

 Implements error detection

 Interfaces to the network layer

Media Access Control

MAC tries to solve the problem that only one device is allowed to transmit at the

same time. There are two approaches to MAC.

1. Control access MAC

Only one device has permission to send at any time

 Central authority assigns permission to send

 Or the permission gets passed from device to device

2. Contention-based MAC

Any device can transmit at any time

 FIFO (First come first serve)

Collisions: two devices transmitting at the same time

Usually devices would avoid starting a transmission through carrier sensing.

 However it is inevitable that sometimes two devices may transmit at the

same time, this causes packet damage.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

 Because of this, a social protocol is implemented, with the network self-

organizing whoever goes first.

Ethernet

Original Ethernet technology is implemented through a single large cable that all

devices were connected to. Nowadays Ethernet mostly uses UTP cables

connected to switches. LAN technology today utilizes MAC technology. MAC in

Ethernet is based on the CSMA/CD method:

 CS means carrier sense – A devices “listens” to the network and only

starts transmission when no other device is transmitting

 MA means multiple access – multiple devices share the same medium

(cable)

 CD means collision detection – While a device is sending, it will monitor

the network, if it detects any other signal other than its own signal, it

knows a collision has occurred. It then immediately stops transmission of

the frame and transmits a jam signal instead, telling all other devices that

a collision has happened. It then starts re-transmitting the frame.

To solve the problem of two devices both detecting a collision and start a signal

and starting a collision again, a randomizer effect is implemented so that a

device waits a random amount of time before re-transmitting, allowing the latter

to go first.

Ethernet as a Shared Bus

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Original Ethernet LAN was implemented through a shared bus topology where all

devices share a single bus. A consequence of this approach is that all devices

receive all messages, even the ones that were not meant for them. Because of

this, each device needs a destination address, when all devices receive the

message, each device checks whether the destination address equals its own

address. Only the intended recipient will process the message and other devices

discard it. Each LAN would use a unique address, a MAC address, usually

written as six hexadecimals numbers separated by colons.

Shared bus topology is comparatively cheap, but maintenance is difficult, as if

something happens, the entire network would be affected, hence a star topology

is created. The central component was a hub. This made the network behave as

if all computers

were still

connected to a

shared cable. This

makes it so the

hub repeats any

signal it receives

via one socket to

all other sockets.

This create problems when computers start transmitting simultaneously.

Damaging frames.

Disadvantages of shared-bus Ethernet:

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

 Half-duplex, only one device can send at a time

 Network broadcasts all messages, all messages gets delivered to all

devices rather than specific destination

 Reliance on collision detection limits size of the network

Modern Ethernet networks work around these limitations by replacing hubs

with switches.

Switched Ethernet

Solution to hub-based Ethernet is to move from logical bus topology to logical

star topology, this mean that the circuit is no longer shared, and messages are

sent directly from one device to another, rather that broadcasting them to the

entire network. The device that enables this kind of networking is called a switch.

A switch is a true data link layer

device. It reads an incoming

frame, checks its destination

MAC address, and then sends

the frame to the correct port that

is connected to the device with

that address. To do this a switch

must know who to send it to. A switch works by first sending a broadcast

message to all ports, but before broadcasting the frame with the destination MAC

address, it also broadcasts the source MAC address. The switch stores this info

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

in a forwarding table and learns that A is connected to 0. If B replies to A’s

message, B delivers its source MAC address as well, allowing the switch to know

that B is connected to port 1. This way after a single frame from each connected

device, the switch has learnt all the MAC addresses and does not have to use

broadcasting anymore.

Wireless Local Area Networks

Radio waves are used to communicate, There are 2 main bands that WLAN

devices use, 2.4 GHz, and 5GHz. Higher frequencies mean higher transmission

rates, however that have stronger attenuation, meaning that they become weaker

with distance much more quickly than lower frequencies.

WLAN Topology

The simplest possible setup for a wireless network is just a number of devices

that can talk to each other; this is called an independent network, or an

independent Basic Service Set (BSS). An independent BSS behaves like an

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

original shared Ethernet besides having no central hub. A device sends a frame

into the network, and the receiver identifies the frame by checking the destination

MAC address. However most wireless networks use a central Access Point (AP):

This is an infrastructure BSS. The access point is connected to the rest of the

network using cable-based Ethernet. All communication is done through the AP.

This means if clients want to communicate, they have to send the frame to the

AP which then relays to the latter, like a hub. Still, all devices can hear all

messages, but they will only react to messages from AP.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

We can connect multiple BSS to form an Extended Service Set (ESS). Multiple

access points work together. They are all connected to the same cable-based

network, and have been installed so that the areas that they cover overlap. They

also have the same identifier of the network (Wi-Fi name).

Each access point can cover an area of maybe 50x50 meters depending on the

technology, frequency used, material of walls etc. As soon as the signal is too

weak between an AP, the laptop will switch connections automatically. This

occurs entirely on the data link layer, meaning that higher layers wouldn’t even

realize anything has changed.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

WLAN MAC

MAC in wireless LANs is

similar to MAC in a shared

Ethernet. We’re sharing a

common medium again,

except this time its radio

frequencies rather than a

shared cable. The laptop in

the top left sends a frame to

the AP in middle. The laptop

in the bottom detects the

carrier, and so waits with its

own transmission until the other transmission has finished. However, there is a

problem with this. If two laptops are on the opposite side, the AP in the middle

receives no problem, however the opposite laptop signal has become too weak

to carrier sense the other laptop

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

WLAN therefore needs to be a bit more proactive than Ethernet, Instead of

CSMA/CD; it uses CSMA/CA, where the CA stands for collision avoidance.

There are two different CA mechanisms:

 Automatic Repeat Request (ARQ): After sending a frame to the AP, a

WLAN device will wait for an acknowledgement from the AP that the frame

was received correctly. That way, if the AP doesn’t acknowledge a frame,

the device knows something has gone wrong. If both devices keep re-

colliding, with every unsuccessful transmission, they will wait a little

longer.

 Controlled access. The device can send a short request to send (RTS)

message to the AP, after getting a clear to send (CTS), the device will

start transmitting a frame.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 10: TCP/IP, network and transport layers, and the Internet

Learning Objectives:

 Understand how messages can be transmitted over physical media such

as copper cables, optical fibres or radio waves

 Look at Media Access Control (Data Link layer): when is a device allowed

to transmit?

 Study the basic structure of Ethernet and Wi-Fi networks

The network layers function is to

 Enable routing

 Provide core functionality for building large networks

IP addresses

Every device that needs to send/receive or route messages require at least one

IP address for its NIC.

IPv4 addresses is version 4 of the internet protocol and is 32 bits long and

written in dotted-decimal notation as four decimals representing four bytes.

130.194.66.43 can be converted into 32 bits

10000010110000100100001000101011. IP addresses are organized. The first

two bytes identify a network. The next two bytes identify the subnet. Subnet

mask is a way to tell us how many bits of an IP address are used for the network

plus subnet identifier. E.g. for our example, 24 bits identify the network and

subnet, so we can write the AP including its subnet mask as 130.194.66/24. The

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

subnet mask tells us which part of an IP address identifies the network and

subnet, and which part identifies the device inside the subnet.

Subnets and LANs

In general, each subnet corresponds to a single LAN, meaning all devices inside

a LAN should belong to the same subnet. Let us assume that all the subnet

masks below are /24. If client 130.194.76.192 wants to send a packet to

130.194.76.191, it can see that the first 24 bits with the destination address is the

same, meaning they have the same subnet, in this case the client sends the

packet directly to the destination. A different case would be if 130.194.76.192

wants to send a packet to 130.194.66.42. The first 24 bits are different, the client

must then send the packet to a router in the .76 subnet, making it the routers job

to deliver the packet. This kind of network structure is very common, where

different

LAN’s are

connected

using

routers to a

backbone

network.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

IPv4 addresses are not enough to hold the world’s addresses in the future, so

IPv6 are created and are 128 bits. The first 23 bits identify a Regional Internet

Registry, responsible for allocating address in a specific region.

When an ISP requires a new block of addresses, the RIR provides this. The ISP

has to use the first 32 bits (23+9) it was given, then it can freely choose the next

16 bits to identify a customer/organization. The next 16 bits can be used to

identify subnets within its organization. The complete second half of the address

is reserved to identify a device it its subnet.

Address Resolution

How do we map a higher-layer address to a lower-layer address? E.g. how to go

to www.google.com to find out the corresponding IP address? Or when a

computer needs to send a packet to its gateway router, how does it find out the

routers MAC address? Address Resolution in DNS.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

The Domain Name System

An application layer protocol for address resolution. A large distributed database

responsible for mapping human-readable addresses to IP addresses. Does the

following sequences, a user sends a DNS request to a DNS server, basically

asking “What is the IP address for x.y.z?” and answers in options

 Error message if no IP address was found for the human-readable

address

 IP address of another DNS server that can handle the request

 IP address that was registered for the human-readable address query

Many root servers delegate requests to servers for every top-level domain like

(.edu, .au, .com)

Iterative DNS is a method where servers constantly push requests to another

server until one of them knows the answer or can tell us that the name does not

exist.

Mapping IP addresses to MAC addresses

This method is only required within a LAN. The MAC address is required

whenever we want to send a packet to a device inside our LAN. The Address

Resolution Protocol (ARP) comes in. The laptop sends an ARP request packet

as a broadcast; the router will then receive the packet and send a reply with its

MAC address.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Routing

The main function of the network layer. A router is a device that is connected to

multiple networks, and routing means to forward a packet from one network into

another. Without routers, internet would not function as there would just be a

huge collection of individual networks that cannot communicate with each other.

Interior routing – packets are transmitted inside an Autonomous system (single

network organization). Protocols can be different

Exterior routing – packets are transmitted outside an Autonomous system, must

use Border Gateway Protocol.

Routing Tables

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Routers use routing tables to make the decisions where to send packets. A

routing table contains entries for different networks, and for each network it would

tell the router which other router can handle that network. Below is a network with

5 routers and their corresponding routing tables. Router A just contains a default

gateway, meaning it needs to send to gateway C for any packet whose location

is outside its own LAN. For A to send a packet to H, iterative DNS occurs where

C looks at its table for H, and passes to E, then so on until F passes to H.

Real routing tables cannot contain a list of all possible destination addresses (this

means routers would have to know EVERY single computer in the internet).

Instead, they map entire networks to destination routers. Routers use hierarchies

inside the IP addresses to make decisions. E.g. laptop has address

130.194.66.43. A router may check only the first two bytes 130.194.x.y and see

that any address with this 130.194 entry should be sent to router X. router X may

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

then look the next 8 bits and say any packet with prefix 130.194.66 should be

sent to router Y but 130.194.44 should be sent to router B.

Static routing - Mechanism set up by either human operator or remote

configuration protocol to create routing tables for routers.

Dynamic routing – mechanism where routers exchange information so that they

can accurately build up routing tables automatically, and change tables

dynamically when the network changes. There are two types of dynamic routing

protocol:

 Distance vector routing – routers exchange information about the distance

to a network and the target router for that network. Router chooses the

path with fewest ‘hops’ through other routers. Protocols include EIGRP

and BGP(Border gateway protocol)

 Link state routing – routers exchange distance plus quality of link of

network, measuring speed. So may choose path with more ‘hops’ but

faster network. Protocol include OSPF (open Shortest Path First).

Transport Layer

Transmission Control Protocol (TCP) provides a virtual circuit to create the

illusion of a reliable point-to-point connection between two applications. TCP

splits up application layer messages into short segments, making sure the

segments arrive correctly, and reassembles them in the correct order into the

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

original message at the destination. TCP is used by many major application layer

protocols like HTTP,SMTP,IMAP,SSH

Addressing applications

In order to distinguish between applications when sending a packet, there needs

to be an address at the transport layer too. Each application has a port number,

which together with the IP address, lets us uniquely identify a connection

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

between a server and a client. The client picks a random port number for its

browser. Fixed server port is used to identify a web server application e.g. 80

TCP error and session management

How does TCP set up a reliable channel, by splitting up large application layer

messages into short chunks and to make sure these packets arrive correctly?

The basic mechanism is Automatic Repeat Request (ARQ), used similarly in

Data Link Layer, meaning that the receiver must acknowledge every packet, and

if it is not acknowledged within a certain time-out, the sender will send it again.

A typical TCP session between a client and a server consists of three phases.

1. First in the “three-way handshake”, client and server exchange sequence

numbers to set up connection

2. Transmit actual data

3. Four-way handshake to cleanly lose down the connection

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Client send a special SYN (synchronize) packet to the server with a completely

random sequence number, 3185 and an acknowledge number of 0. The server

replies with a special “SYN, ACK” (Synchronize and acknowledge) packet,

choosing its own random sequence number, 734 and the clients sequence

number +1. Finally, the 3-way handshake ends with client sending an ACK back

indicating it received it, and adding 1 to the server’s number. During the actual

transmission, both client and server can send data at any time.

Now the client sends 9 bits worth of data from 3186 and 3195. The server sends

an ACK packet when it received the 18 bytes, so it uses 3186+19 = 3204 as the

ACK number. The server knows it received all the data so sends a “thanks!”

message to the client, which is 7 bytes. The client acknowledges this by replying

ACK with 735+7 = 742 and sends FIN (finalize) packet. The server

acknowledges this by adding 1 to the FIN number, then replies with FIN packet

back, which the client acknowledges by adding 742+1 = 743.

The internet

The internet is a collection of all devices running the TCP/IP protocol connected

via routers. It is made up of autonomous systems (AS) which are networks

operated by a single organization.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Week 11-12: Security

Learning Objectives:

 Be able to explain the role of TLS and HTTPS in the TCP/IP stack

 Understand the role, functionality and restrictions of a packet firewall

 Be able to correctly place a firewall in an enterprise network

 Know different ways how systems can be attacked

 Privacy and privacy enhancing technology

 Malware

Security Protocol

Every layer in the Internet model consists of a main protocol. There is a security

protocol layer above the transport layer.

Protocol Layer
HTTP Application
TLS- Transport Layer Security
TCP Transport
IP Network
Ethernet Data Link
Physical

SSL/TLS

Transport Layer Security (TLS), and its predecessor Secure Sockets Layer

(SSL), are cryptographic protocols that provide communications security over a

computer network. Main aim is to provide privacy and data integrity between

two communicators.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Performed through establishing a unique shared key (symmetric cryptography).

To create the shared key, process called “Diffie –Hellman key exchange” is used

Transport Layer Security Phases

1. TLS Handshake – authenticates server and client, results in a shared key

and session ID or session ticket

2. TLS Record – After exchange of messages, all traffic after is encrypted

3. TLS Alert – Closes session

Certificate-Based Authentication – New way to identify a user, matching or

device before granting access to a resource, network, application etc. The

certificate contains

 Owner of the private key

 Expiration date and time

 Subject name

 Issuer name

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Trusted Certificates

Digitally signed by a known certification authority. Chrome, Firefox, Safari,

automatically reveals websites with these certificates when browsing the internet.

Problems with digital certificates

 Certification revocation

 Users are used to accept certificates with errors

 New policies are stricter, inefficient

VPN – Virtual Private Network

Logically connects a client to a

network via an encrypted channel.

VPN routes packets between

different networks. Tunnels are

established through VPN protocols

like TLS, IPsec.

IPSec – A protocol for IP packets

 Can authenticate and encrypt data for each IP packet

 Transport mode: IP packets are encrypted, integrity is protected

 Tunneling mode: IP packets are encrypted and contained in a new IP

packet with a new header.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Firewall – Form of security that filters traffic, defines what can get through and

what is blocked

Packet filter firewall – Operates on Network layer, filters traffic based on source

and destination IP addresses, protocols, ports, current stage of connection.

Works by inspecting the first few bytes TCP in an IP packet and identifies

application protocol and port.

Which traffic to permit?

 Depends on application/services running behind the firewall

 Different rules for existing connections and new connections

One needs to define the source IP address, destination IP address, and

destination port.

1. Source IP address – Any address should be able to connect to a web

server, however management access should be restricted to specific IP

address

2. Destination IP address – IP address of the server running a server should

be accessible. Never allow any IP address

3. Destination port – Specifies the service accessed via a particular port.

Never allow any port

Where to place a firewall?

In a home network, the router usually also acts as a firewall, in a company

network, proper placing is crucial

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Simple company network should have:

1. Internal network with PCs, servers, printers etc.

2. Services such as mail server, webserver, VPN gateway

The internal network should not be directly accessible, but web server or mail

server needs to be accessible, hence

DMZ- demilitarized zone

Create a zone that is less

secure than the internal

network, but still protected

from direct access

Filtering traffic examples:

 Prevent malicious software

 Block IP spoofing (packets with a false source IP address, used by

attackers to hide their identity and gain trusted access)

 Block outbound traffic from critical areas or computers

 Only allow outbound http traffic through a proxy

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

Firewalls also provide

 Network and port-address translation (NAT) – Internal network uses

internal IP addresses not visible to the outside

 Proxies, can hide individual devices in the internal network

These are not direct security functions, but hides information from outside

attackers

Why firewalls are not sufficient

More and more applications connect internal networks to the internet

 Social networks

 Remote access (TeamViewer)

 Unified messaging (Skype, WeChat)

 Collaboration tools (Google Docs)

 Port hopping – Applications change their ports during a session

 Hiding in TLS encryption – TLS can mask application traffic

 Don’t use standard ports

 Tunnel in other services – E.g. P2P file-sharing

Firewalls do not help against internal attackers. Once an attack is successful,

firewalls cannot help.

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

New security tools

IDS and IPS

IDS – Intrusion Detection Sysytem

Monitors networks and system activities. Alert when potentially malicious activity

is found. Logs information about activities.

IPS – Intrusion Prevention System

IDS with additional active functionality. Attempts to block or stop malicious

activities

Monitoring examples

 Detect port scans

 Detect OS fingerprinting attempts

 Detect buffer overflow attacks (overflowing memory into a space)

 Find and block known malware

 Find anomalies

Reaction examples

 Drop malicious packets and send alarm

 Block traffic from some IP addresses

 Correct fragmentation in packet streams

 Raise alerts, trigger human intervention team

Downloaded by fizz 2win (fizzz2win@gmail.com)

 lOMoARcPSD|3336559

IDS/IPS should use anomaly-based detection as well as signature-based

detection. Signature-based is fast, generally less false alarms, and does not

need a learning phase. Anomaly-based can detect known attacks.

Next Generation Firewalls (NGFs)

 Promise of an integrated security approach

 Proxy for all traffic (even encrypted)

 Look at applications, roles, services, users

Potential issues of NGFs

 Policy rules get too complex

 Privacy issues

 Single point of attack with full access to decrypted data

Virus scanner/Anti-virus software

1. Can efficiently prevent infections with known malware.

2. But can also be manipulated by malware

3. Unable to detect new malware

Downloaded by fizz 2win (fizzz2win@gmail.com)