CS473: Lecture 5

Networking Background
Spring 2024

Mobin Javed

Slides adapted from Vern Paxson’s CS161 at UC Berkeley

Network Security
 Network Security
• Why study network security?
– Networking greatly extends our overall attack surface
o Networking = the Internet
– Opportunity to see how large-scale design affects
security issues
– Protocols a great example of mindless agents in action

• Complex topic with many facets

– We will omit concepts/details that aren’t very security-
relevant
– By all means, ask questions when things are unclear
o (but we may skip if not ultimately relevant for security,
or postpone if question itself is directly about security)
 Lesson Plan

• Refresh Networking knowledge

• With a security lens

So You Walk Into A Coffee Shop,
Open Up Your Laptop,
And Issue a Google Query ….
1. Join the wireless network

Your laptop shouts:

HEY, DOES WIRELESS
NETWORK X EXIST?
1. Join the wireless network
Wireless access point(s)
continually shout:
HEY, I’M WIRELESS NETWORK
Y, JOIN ME!
1. Join the wireless network

If either match up, your

laptop joins the network.
Optionally performs a
cryptographic exchange.
2. Configure your connection

Your laptop shouts:

HEY, ANYBODY, WHAT
BASIC CONFIG DO I
NEED TO USE?
2. Configure your connection

Some system on the

local network replies:
Here’s your config,
enjoy

2. Configure your connection
192.168.1.14
The configuration includes:
(1) An Internet address (IP address) your
laptop should use; typ. 32 bits
(2) The address of a “gateway” system to
use to access hosts beyond the local
network
(3) The address of a DNS server
(“resolver”) to map names like
google.com to IP addresses
3. Find the address of google.com

Your laptop sends a DNS request

asking: “address for google.com?”

It’s transmitted using the UDP

protocol (lightweight, unreliable).

The DNS resolver might not be on

the local network.

192.168.1.14
 3. Find the address of google.com

gateway

192.168.1.14
 3. Find the address of google.com

gateway

192.168.1.14

resolver
router The Rest of
the Internet
172.217.6.78
 3. Find the address of google.com

google.com?

gateway

192.168.1.14

resolver
router The Rest of
the Internet
172.217.6.78
 3. Find the address of google.com

gateway

192.168.1.14

The Rest of
google.com?
router
resolver

(The resolver now itself uses DNS the Internet

queries to other DNS servers to
figure out the address associated 172.217.6.78

with google.com.)
 3. Find the address of google.com

gateway

192.168.1.14

resolver
router The Rest of
the Internet
google.com’s
address is
172.217.6.78

172.217.6.78
 4. Connect to google.com server

gateway

192.168.1.14

resolver
router The Rest of
the Internet
172.217.6.78
 4. Connect to google.com server

The R
gateway

192.168.1.14

router
the In
resolver

Your laptop now establishes a

connection with the web server at
172.217.6.78. It uses TCP for this 172.217.6.78

rather than UDP, to obtain reliability.

 4. Connect to google.com server

TCP SYN

The R
gateway

192.168.1.14

router
the In
resolver

The first step of establishing the

connection is to send a TCP connection 172.217.6.78
request (“SYN”) to the server.
 4. Connect to google.com server

The R
gateway

192.168.1.14

router
the In
resolver

TCP SYN ACK

172.217.6.78
If the server accepts the connection,
it replies with a “SYN ACK”.
 4. Connect to google.com server

TCP ACK

The R
gateway

192.168.1.14

router
the In
resolver

Your laptop completes the

connection establishment
172.217.6.78
by likewise sending an
acknowledgement.
 4. Connect to google.com server

The R
gateway

192.168.1.14

router
the In
resolver

At this point the connection

is established and data can 172.217.6.78

be (reliably) exchanged.
 I want a confidential
connection with integrity
& authentication

The R
gateway

192.168.1.14

router
the In
resolver

5. Establish a
secure connection 172.217.6.78
using TLS (https)
 The R
gateway

192.168.1.14

the In
Here’s a certificate that
vouches for my public
router
resolver
key, google.com

5. Establish a
secure connection 172.217.6.78
using TLS (https)
 Well if you really possess the
corresponding private key, prove it
by decrypting this blob which we’ll
use to establish shared secret
keys

The R
gateway

192.168.1.14

router
the In
resolver

5. Establish a
secure connection 172.217.6.78
using TLS (https)
 The R
gateway

192.168.1.14

router Here’s your proof

the In
resolver

5. Establish a
secure connection 172.217.6.78
using TLS (https)
 GET /search?query=
great+Spring+Break+beaches …

The R
gateway

192.168.1.14

router
the In
resolver

6. Finally, your laptop can send along

your query! 172.217.6.78
(Using HTTP inside the TLS channel)
 Protocols
• A protocol is an agreement on how to communicate
• Includes syntax and semantics
– How a communication is specified & structured
o Format, order messages are sent and received
– What a communication means
o Actions taken when transmitting, receiving, or timer expires

• E.g.: making a comment in lecture?

1. Raise your hand.
2. Wait to be called on.
3. Or: wait for speaker to pause and vocalize
4. If unrecognized (after timeout): vocalize w/ “excuse me”
Internet Layering
 Layering
• Internet design is strongly partitioned into layers
– Each layer relies on services provided by next layer below
…
– … and provides services to layer above it
• Analogy:
– Consider structure of an Code You Write
application you’ve written
and the “services” each Run-Time Library

}
layer relies on / provides System Calls
Device Drivers Fully
isolated
Voltage Levels / from user
Magnetic Domains programs
Internet Layering (“Protocol Stack”)

Note on a point of potential confusion: these

diagrams are always drawn with lower layers
below higher layers …
7 Application
But diagrams showing the layouts of packets are
4 Transport often the opposite, with the lower layers at the
top since their headers precede those for higher
3 (Inter)Network layers
2 Link

1 Physical
Horizontal View of a Single Packet

First bit transmitted

(Inter)Network Transport
Link Layer Application Data: structure
Layer Header Layer
Header depends on the application …
(IP) Header
 Vertical View of a Single Packet
Link Layer Header
First bit transmitted
(Inter)Network Layer
Header (IP)

Transport Layer Header

Application Data:
structure depends on the
application
.
.
.
.
.
.
.
Internet Layering (“Protocol Stack”)

7 Application
4 Transport
3 (Inter)Network
2 Link

1 Physical
Layer 1: Physical Layer

7 Application
4 Transport Encoding bits to send them
3 (Inter)Network over a single physical link
e.g. patterns of
2 Link
voltage levels /
1 Physical photon intensities /
RF modulation
Layer 2: Link Layer
Framing and transmission of a
collection of bits into individual
messages sent across a single
7 Application “subnetwork” (one physical
4 Transport technology)
3 (Inter)Network Might involve multiple physical
2 Link links (e.g., modern Ethernet)

1 Physical Often technology supports

broadcast transmission (every
“node” connected to subnet
receives)
Layer 3: (Inter)Network Layer (IP)
Bridges multiple “subnets” to
provide end-to-end internet
connectivity between nodes
7 Application • Provides global addressing

4 Transport
Works across different link

}
3 (Inter)Network technologies
2 Link
Different for each
Internet “hop”
1 Physical
Layer 4: Transport Layer
End-to-end communication
between processes

7 Application Different services provided:

4 Transport TCP = reliable byte stream
UDP = unreliable datagrams
3 (Inter)Network
2 (Datagram = single packet message)
Link

1 Physical
Layer 7: Application Layer
Communication of whatever
you wish

7 Application Can use whatever

4 Transport
transport(s) is convenient
3 (Inter)Network Freely structured
2 Link
E.g.:
1 Physical Skype, SMTP (email),
HTTP (Web), Halo, BitTorrent
Internet Layering (“Protocol Stack”)

7
4
Application
Transport
} Implemented only at hosts,
not at interior routers
(“dumb network”)
3 (Inter)Network
2 Link

1 Physical
Internet Layering (“Protocol Stack”)

7 Application

}
4 Transport
3 (Inter)Network
2 Link Implemented everywhere
1 Physical
Internet Layering (“Protocol Stack”)

7 Application
4 Transport
}
}
3 (Inter)Network ~ Same for each Internet “hop”
2 Link
Different for each
Internet “hop”
1 Physical
Hop-By-Hop vs. End-to-End Layers
Host A communicates with Host D
Host C

Host A Host D

Router 1 Router 2
Router 3

Router 5

Host B
Router 7 Host E
Router 6
Router 4
Hop-By-Hop vs. End-to-End Layers
Host A communicates with Host D
Host C

Host A Host D

Router 1 E.g., Ethernet

Router 2
Router 3

E.g., Wi-Fi
Router 5

Host B
Router 7 Host E
Router 6
Router 4

Different Physical & Link Layers (Layers 1 & 2)

Hop-By-Hop vs. End-to-End Layers
Host A communicates with Host D
Host C

Host A Host D

Router 1 Router 2
Router 3

Router 5

E.g., HTTP over TCP over IP

Host B
Router 7 Host E
Router 6
Router 4

Same Network / Transport / Application Layers (3/4/7)

(Routers ignore Transport & Application layers)
Layer 3: (Inter)Network Layer (IP)
Bridges multiple “subnets” to
provide end-to-end internet
connectivity between nodes
7 Application • Provides global addressing

4 Transport
Works across different link
3 (Inter)Network technologies
2 Link

1 Physical
IP Packet Structure

4-bit 4-bit 8-bit

Version Header Type of Service 16-bit Total Length (Bytes)
Length (TOS)

3-bit
16-bit Identification Flags 13-bit Fragment Offset

8-bit Time to
Live (TTL) 8-bit Protocol 16-bit Header Checksum

32-bit Source IP Address

32-bit Destination IP Address

Options (if any)

Payload
IP Packet Structure

4-bit 4-bit 8-bit

Version Header Type of Service 16-bit Total Length (Bytes)
Length (TOS)

3-bit
16-bit Identification Flags 13-bit Fragment Offset
Specifies the length of the entire
8-bit Time to
Live (TTL) 8-bit Protocol IP packet:
16-bit bytes in this header
Header Checksum
plus bytes in the Payload
32-bit Source IP Address

32-bit Destination IP Address

Options (if any)

Payload
IP Packet Structure

4-bit 4-bit 8-bit

Version Header Type of Service 16-bit Total Length (Bytes)
Length (TOS)

3-bit
16-bit Identification Flags 13-bit Fragment Offset
Specifies how to interpret the start
8-bit Time to of the Payload, which is the header
8-bit Protocol 16-bit
Live (TTL) of aHeader Checksum
Transport Protocol such as
TCP (6) or UDP (17)
32-bit Source IP Address

32-bit Destination IP Address

Options (if any)

Payload
IP Packet Structure

4-bit 4-bit 8-bit

Version Header Type of Service 16-bit Total Length (Bytes)
Length (TOS)

3-bit
16-bit Identification Flags 13-bit Fragment Offset
Specifies how to interpret the start
8-bit Time to of the Payload, which is the header
6 16-bit
Live (TTL) of aHeader Checksum
Transport Protocol such as
TCP (6) or UDP (17)
32-bit Source IP Address

32-bit Destination IP Address

Options (if any)

Start of TCP Header

IP Packet Structure

4-bit 4-bit 8-bit

Version Header Type of Service 16-bit Total Length (Bytes)
Length (TOS)

3-bit
16-bit Identification Flags 13-bit Fragment Offset

8-bit Time to
Live (TTL) 8-bit Protocol 16-bit Header Checksum

32-bit Source IP Address

32-bit Destination IP Address

Options (if any)

Payload
IP Packet Header (Continued)
• Two IP addresses
– Source IP address (32 bits in main IP version)
– Destination IP address (32 bits, likewise)
• Destination address
– Unique identifier/locator for the receiving host
– Allows each node to make forwarding decisions
• Source address
– Unique identifier/locator for the sending host
– Recipient can decide whether to accept packet
– Enables recipient to send reply back to source
IP Packet Header (Continued)
• Two IP addresses
– Source IP address (32 bits in main IP version)
– Destination IP address (32 bits, likewise)
• Destination address
– Unique identifier/locator for the receiving host
– Allows each node to make forwarding decisions
• Source address
– Unique identifier/locator for the sending host
– Recipient can decide whether to accept packet
– Enables recipient to send reply back to source
Postal Envelopes:

(Post office doesn’t

look at the letter inside
the envelope)
Analogy of IP to Postal Envelopes:

IP source
address

IP destination
address

(Routers don’t look at

the payload beyond the
IP header)
 IP: “Best Effort ” Packet Delivery
• Routers inspect destination address, locate “next hop”
in forwarding table
– Address = ~unique identifier/locator for the receiving host
• Only provides a “I’ll give it a try” delivery service:
– Packets may be lost
– Packets may be corrupted
– Packets may be delivered out of order

source destination

IP network