CSI315Web Development TechnologiesWeb Development Technologies

ContinuedContinued

Communication Layer

• information needs to get from one place to another

– Computer- Computer– Software- Software

• data needs to get there in one piece, in the right order, and with no parts of that data changed or corrupted.

• Every computer (software and hardware) is required to follow very rigorous standards of communications called protocols.

Types of web protocols • Computer to computer

communication - This is handled by the IP protocol .

• Software to software communication - Generally, TCP will move data from the hardware level to the software level. Once the data has been moved to the software level, the software packages themselves will provide their own protocols for communication. Usually handled by HTTP or SSL in the case of encrypted communication.

• Encryption of plain text over the wires - This is handled by a motley of technologies but most commonly involve some form of public key encryption

TCP/IPTransmission Control

Protocol/Internet Protocol is the protocol suite that drives the Internet. Specifically, TCP/IP handles network communications between network nodes (computers, or nodes, connected to the net). The suite is actually composed of several protocols including– IP which handles the movement of data

between host – TCP which manages the movement of data

between applications,– UDP which also manages the movement of

data between applications but is less complex and reliable than TCP

– ICMP which transmits error messages and network traffic

Internet protocol suite  

Application"layer 7"

e.g. HTTP , HTTPS, FTP, DNS

4 Transport e.g. TCP, UDP RTP, SCTP

3 Network Internet Protocol (IPv4, IPv6) ,ICMP

2 Data Link e.g. Ethernet, Token Ring, etc.

1 Physical e.g. physical media,

• The Physical layer describes the physical characteristics of the communication, such as

• The Data Link layerThe Data Link layer specifies how packets are transported over the physical layer, including the framing

• the Network layer solved the problem of getting packets across a single network.

• Transport layer protocols can solve problems like reliability ("did the data reach the destination?") and ensure that data arrives in the correct order.

• Application layer is the layer that most common network-aware programs interface use in order to communicate across a network with other programs. Processes that occur in this layer are application specific;

Example of a TCP/IP connection

                                                                                                                                                                                        

Let's

IP Protocol

• IP handles the routing of data between networks and nodes on those networks and paths to those networks.

• Connectionless Protocol • Handles the transmission of data

from an originating computer to the computer specified by the IP address or Domain Name

IP AddressesNumerical Counterpart of domain name e.g.

www.debian.mopipi.ub.bw

IP addresses are unique sets of four period delimited octets that represent individual hosts on specific networks. The first part identifies the network on which a host resides and the second part a particular host on a given network : A two level hierarchy

A TCP/IP octet is a number between 0 and 255. Valid addresses 0.0.0.0 to 255.255.255.255 = 4.3 billion addresses

IP AddressingThus, an IP Address might look

something like: 167.168.14.30 (IPv4)

It might read like "computer named 30, on network 14, on host 168, of network 167."

Transport Control Protocol

• TCP assures that the data gets sucked off the network connected computer and delivered to the receiving application and that the data is delivered in the correct sequence.

• Handles errors such that if any errors occur during transport, e.g message degradation or the loss of some packets, the sender will know to resend

User Datagram Protocol

• UDP allows applications to transfer individual blocks of user information using datagram's. UDP takes the information, appends appropriate info that identifies the application in the destination host and uses IP to transfer the datagram across the internet

• Simple and fast but provides no guarantee in delivery and or sequence addressing

Internet Control Message Protocol

• Carries messages such as control data, information data and error recovery data. Typical messages

• Destination unreachable, Redirection,• Echo requests/ Echo reply• Time exceeded Message• Source Quelch

• Sent within an IP header with a version field, source, destination IP addresses etc.

HTTP   • HTTP is a stateless, "request/response"

protocol that specifies the means of transport as well as the process for maintaining the integrity of web documents.

• TCP/IP drives the internet, HTTP drives the web.

• Browsers and Servers speak the HTTP protocol to exchange web documents

• Since the web consists of millions of hyperlinked files, HTTP uses Multipurpose Internet Mail Extensions (MIME) specification to describe the transfer and format of files.

HTTP Request MethodsGet Retrieves the information that is specified in

the request URI e.g get /info/dept/courses.html

Head Tells the server not to return the URI, clients wants to read only the header of the web page

Post requests that the server accepts the entity enclosed in the URI request

Put Request that the enclosed enitity is stored under the supplied request URI

Delete the server must delete the resource identified by the request URI

HTTP ResponseResponse Code Description Examples• 1xx Informational Seldom used code for

information to be supplied to the browser. e.g continue

• 2xx Success The client or server successfully received the instructions and could perform the actions requested e.g 200 OK, 201 POST Success, 202 Request Accepted

• 3xx Redirection The client or server needs to do something else to finish the request e.g 301 Resource has moved

• 4xx Client Error There has been a problem on the client side (usually syntax) e.g 401 Unauthorized Request, 402 Payment Required for Request, 404 Resource not Found

• 5xx Server Error The server could not deal with the request correctly e.g. 500 Internal Server Error, 501 Method Not Implemented

Internet Security

Security Threats: eavesdropping, imposters, server overload, man in the middle, un-authorized server access

Security requirements:– Privacy and Confidentiality– Intergrity– Authentication– Nonrepudiation

Approaches to Security– Cryptography– Security Protocols

Cryptography

The science of manipulating messages to make them secure.

Plain text: original messageCiphertext: message after transformationEncryption: the process of conversion from

plain to ciphertextDecryption: the reverse of encryptionA Cipher: An algorithm used in the processSecret key: A technique that would make it

difficult or impossible for an unauthorized party to understand

Security Protocols

A set of rules that govern the interaction between peer processes to provide a certain type of security service

• SSL Secure Socket Layer• HTTPS HyperText Transport Protocol

Secure) • TLS Transport Layer Security

SSL Secure Socket Layer

• SSL was designed by Netscape is perhaps the most common way of providing encrypted transmission of data between web browsers and web servers

• provides data encryption, server authentication, message integrity, and client authentication for any TCP/IP connection.

• private key encryption technology

(HTTP-S). • The protocol for accessing a secure Web

server. Using HTTPS in the URL instead of HTTP directs the message to a secure port number rather than the default Web port number of 80. The session is then managed by a security protocol such as SSL.

• Instead of using plain text socket communication, HTTPS encrypts the data using either a version of the SSL protocol or the Transport Layer Security protocol, thus ensuring reasonable protection from eavesdroppers, and man in the middle attacks