The document provides an overview of the application layer and several key protocols and concepts:
- It describes the Domain Name System (DNS) and its role in mapping domain names to IP addresses through a distributed database and hierarchy of name servers. The registration process for obtaining domain names is also outlined.
- Resource records are discussed as the basic units of information in the DNS database, with examples given of common record types like A, CNAME, NS, and PTR.
- Name servers are defined as root servers, top-level domain servers, and authoritative servers that host parts of the domain name hierarchy.
- The concepts of zones, which are areas of responsibility for individual name servers, and iterative and
2. Outline
Introduction
Domain Name System (DNS)
DNS
Registration Process
The Name servers
Resource Records
Dynamic DNS
The WWW and HTTP
HTTP Query and Response
The structure of the Query and Response
Persistent connection with HTTP 1.1
Cookies
session Variables
Proxies as gateway
The Dynamic Web
Bluetooth
Introduction
Architecture
Protocol Stack
Pairing Process
Security
8/13/2014 shanti verma 2
3. Introduction: Application Layer
Application layer acts as an interface between the system and its
users.
There is an important difference between application and application
layer.
Browsers and FTP clients are few examples of applications that work at the application
layer.
Applications interact with the transport layer to establish connection
with the other end of application and transfer data as per user
requirements.
Applications are programmed to communicate with TCP or UDP to
get their job done.
Firefox browser is application communicate with TCP.
Application layer is the place where both the clients and servers run.
The application layer’s job is to standardize the communication) i.e.
come out with a protocol) in a way that any arbitrary client can talk to
any arbitrary server.
Firefox browser talks to Apache in one case and IIS in another case.
At the application layer, the protocols are plenty and still counting.
Transport layer has TCP and UDP, Network Layer has IP.
shanti verma 38/13/2014
4. Domain Name System (DNS)
DNS is an application which a normal a normal user does
not encounter unless he uses NSLookup.
NSLookup is an online web tool that queries the DNS to extract he IP
address of websites.
What is need of DNS
◦ addresses are hard for people to remember
◦ sending e-mail to tana@128.111.24.41 means that if Tana's ISP or
organization moves the mail server to a different machine with a different
IP address, her e-mail address has to change
◦ Hence ASCII names were introduced
◦ Nevertheless, the network itself understands only numerical addresses
To map a name onto an IP address,
◦ an application program calls a library procedure called the resolver, passing it the
name as a parameter.
** Revolvers are the routines that take queries from browser-like
applications and start querying the name servers.
◦ The resolver sends a UDP packet to a local DNS server,
◦ which then looks up the name and returns the IP address to the resolver, which then
returns it to the caller
shanti verma 48/13/2014
6. The Domain Namespace
The domain namespace is the representation of domain
names as a part of hierarchy starting from the root
server.
www.google.com is an example of domain name space.
This name represents a hierarchy; .com is the highest level, google
comes under it and ‘www’ is at lowest level.
The domain name either represents a bunch of
computer or single computer.
The top-level domains come in two flavors:
◦ generic.
com (commercial), edu (educational institutions), gov (the U.S.
Federal Government), int (certain international organizations), mil
(the U.S. armed forces), net (network providers), and org (nonprofit
organizations).
◦ Countries
The country domains include one entry for every country, as
defined in ISO 3166.
shanti verma 68/13/2014
7. Domain Namespace
Requirements
Domain names are case insensitive
Component names can be up to 63 characters long,
full path names must not exceed 255 characters
To create a new domain, permission is required of the domain
in which it will be included
Efficient i.e. not take an inordinate amount of time to convert
a domain name to an IP address.
Continue working despite break downs
It should not introduce additional overheads to any part of the
internet by increasing the number of queries or replies in a
region.
Information available from the nearby servers
It should contain a few additional information like official mail
server for a specified organization, the name and mail
address of a person looking after a website etc.
A single server can manage multiple networks.
It should be secure enough (not provided)
shanti verma 78/13/2014
8. DNS poisoning
When the system is poisoned with
incorrect information, the users
faithfully type the specified company’s
URL are switched to some other
place. This is known as DNS
poisoning.
shanti verma 88/13/2014
10. Labels and Domain
Domains are quite generic in nature.
A domain may represent multiple sub domains and
not having any machine attached to it directly.
For example: most of the sub domains of a top level domain
like com or org do not have any computer attached to them
directly. They are divided in to multiple sub domains.
A domain name can be of two types:
Fully qualified: A fully qualified name for google is
google.com. The last dot is not accidental; it represents an
empty string (root server) coming next to com.
Partially qualified: like abciet.org (without the last dot) or
abciet can also be used if the context is clear.
shanti verma 108/13/2014
11. Domain Hierarchy
Lower level domain are part of higher level domain. Three
different domains are shown here, the in domain, the ac.in
domain and the ABC.ac.in domain. The entire domain name
space consists of various such domains.
shanti verma 118/13/2014
12. Advantages of Hierarchy
Space constraint
Processing time constraint
Congestion near the server
Organized form of information
Efficient resolution of domain names
A comparatively static database is better to be
organized this way
Clear cut controlling infrastructure
Delegation of authority is clearly defined
Autonomous control
shanti verma 128/13/2014
13. The Distributed Database
The information about the domains are not stored
at a central location but distributed across various
servers- root servers, the TLD (Top Level Domain)
server, the Local server deployed at a specific
organizations and ISPs, and other servers in
between.
The distributed organization is better because most
of the queries are resolved locally.
For example: in above figure ABC server contains information
about ABC domain machines only, both of them only have
pointers to their respective sub domains.
shanti verma 138/13/2014
14. Advantages of Distributed
database in DNS
Load on big servers like TLD’s and root servers is
reduced to a large extent.
◦ Most of the queries in DNS are resolved with in the local
server’s scope.
Distributed database reduces the network traffic
◦ Queries are resolved by nearby server and responses do
not have to travel long.
No single point of failure
◦ If a few servers go dawn at the same pointy of time, most
of the internet users remain unaffected.
Easy maintenance
◦ Maintaining a single huge data base is much more difficult
than some comparatively small-sized databases.
Can be easily managed
shanti verma 148/13/2014
15. For the above domain hierarchy figure
database tables are as follows
shanti verma 15
Database for ‘in’
ac Address of ac
mi
l
Address of mil
ed
u
Address of edu
… …
Database for ‘ac’
A Address of ABC
… …
Database for ‘ABC’
ict Address of ict
ibm Address of ibm
Address of
8/13/2014
16. Search Mechanism and Name
Resolution:
Searching an IP address for a given domain is the most important and
most frequent operation on DNS. It is also referred as name resolution.
The resolution process begins when a local server asks any of the
servers for the information.
There are two ways of resolution possible in a DNS
Recursive name resolution Method
First, the client asks for a resolution to a name server and the name
server getting the same name by asking in the hierarchy up if it does
not contain the required value. Thus the client will get the answer
without having to ask anybody else.
Iterative name resolution Method
Second, when the name server does not contain the address, it passes
the address to the next level of the server and then the client contact
the server directly. Here the client must be able to send query again to
a higher level, in case the queried DNS server is unable to answer.
DNS uses both types of name resolution. It also provides clients and
servers to negotiate about their choice of name resolution.
shanti verma 168/13/2014
18. Recursive name resolution
method
The local machine (client) can ask for a recursive
answer from a name server. This means the revolver
expects the server to supply the final answer.
Local machine sends the query about abcict.org.
If the server is the authority fro the domain name, it
checks its database and responds. If not it sends the
request to another server (the parent usually) and wait
for the response.
Local DNS server does not have the address of abcict.org so it
send request to root server and wait for request.
If the parent is the authority, it responds; otherwise, it
sends the query to yet another server.
Root server does not have the address of abcict so it send request
to org server.
When the query is finally resolved, the response travels
back until it finally reaches the requesting client.
shanti verma 188/13/2014
20. Iterative name resolution
method
If the client does not ask for recursive answer, the mapping can
be done iteratively.
If the server (Local DNS server) is an authority for the name, it
sends the answer. If it is not, it returns to the client (local
machine) the IP address of the server (root server) that it thinks
can resolve the query.
Local DNS server does not have the address of abcict.org so it sends IP address of
root server.
The client (Local machine) is responsible for repeating the query
to this second server (root server).
Root server does not have address of abcict so it sends an IP
address of org server. Now the client (Local machine) must
repeat the query to this third server (org server).
Now an org server has an IP address of abcict so it returns an IP
address of the abcict.
The client repeats the same query to multiple servers, that’s whyshanti verma 208/13/2014
21. The Zone
What a server is responsible for, or has authority over, is
called a zone.
If a server accepts responsibility for a domain and does not
divide the domain into smaller domains, the domain and the
zone refer the same thing.
The server makes a database called a zone file and keeps all
the information for every node under that domain.
If the server divides its domain into sub domains and
delegates parts of its authority to the other servers, domain
and zone refer to different things.
The information about the nodes in the sub domains is stored
in the servers at the lower levels, with the original server
keeping some sort of reference to these lower level servers.
A server can also divide its domain and delegate
responsibility but still keep part of the domain for it self.
In this case, its zone is made of detailed information for the part of the
domain that is not delegated and references to those parts that are
delegated. shanti verma 218/13/2014
23. The Zone
In the figure shows one server which manages ABC.ac.in
domain also ict. ABC.ac.in, ibm. ABC.ac.in, ica. ABC.ac.in,
thus are under same zone.
Similarly presidentofindia.nic.in, vicepresidentofindia.nic.in are
managed by nic and come under same zone.
Nic also manages some other government websites like
dae.gov.in (department of atomic energy) and cic.gov.in
(central information commission), thus it forms a zone
managed by a different server.
shanti verma 238/13/2014
25. Contd… Registration process is required to register company or institutes and obtain a
suitable domain name.
ICANN (Internet Corporation of Assigned Names and Numbers) makes sure that
anybody who needs a domain name gets a unique one.
The organization that wants to act as a registrar must get an accreditation from
ICANN.
Registrars usually charge some fees for registering a user.
For government and educational institutes, special registrar is appointed.
In India NIC (National Informatics Center) is the registrar for government organizations.
ERNET (Education and Research Network) acts as a registrar for educational institutes (either ac.in
or edu.in)
For registering a domain name, the following steps are taken:
Get a unique domain name under your choice of domain.
Pay a little amount of fee for registering your choice of domain name to the
registrar of your choice.
Register your domain name first and then register your web server and also a
mail server.
Registration involves running the primary and backup name servers. For small
organization ISPs provide their own servers for rent.
The web and mail servers also need to be installed and running for registration.
Additionally, ISPs usually provide an additional service of registering your domain
in search engines. shanti verma 258/13/2014
26. The Name Servers
Root Name servers:
contacted by local name
server that can not resolve
name
root name server:
◦ contacts authoritative name
server if name mapping not
known
◦ gets mapping
◦ returns mapping to local
name server
Top-level domain (TLD)
servers:
◦ responsible for com, org, net, edu,
etc, and all top-level country
domains uk, fr, ca, jp.
◦ Network Solutions maintains
servers for com TLD
◦ Educause for edu TLD
shanti verma 26
The servers that host some part of domain name hierarchy are known
as name servers.
There are three different types of name servers
Root servers
Top Level Domain (TLD) servers
Authoritative servers
8/13/2014
27. The Name Servers
Authoritative DNS
servers:
◦ organization’s DNS servers,
providing authoritative
hostname to IP mappings
for organization’s servers
(e.g., Web, mail).
◦ can be maintained by
organization or service
provider
shanti verma 27
Fig: Name Servers. The ABC server can process queries from ABC.org as well as ABC.ac.in and also the domains
below them. On the contrary, large domains like ‘edu’and ‘in’ need more than one server to handle queries.
8/13/2014
28. Resource Records
The DNS database is stored as resource records
The resource record is a record containing five different
fields describing each of such entries.
Domain name
◦ tells the domain to which this record applies
Time to_live
◦ gives an indication of how stable the record is
◦ 60 to 86400
Class
◦ Which type of info for internet always IN
Type
◦ What kind of record this is.
Value
◦ Value base on Type
shanti verma 288/13/2014
29. Contd…
shanti verma 29
Type Meaning Value
A IPv4 address 32-bit value
AAAA IPv6 address 128-bit value
CNAME Canonical Name Alias name for host
PTR Pointer IP address (IPv4 or IPv6)
NS Name Server Name server(s)
SOA Start of Authority Zone name etc
MX Mail Exchanger mail server/exchanger
HINFO Host Info Optional information
SPF Sender Policy Framework Identify mail servers
TXT Text Text information
DNSKEY DNS Key Public key of domain
RRSIG R R Signature Resource Record Signature
Resource Records may be of many types. Some of the important one are listed below in
table
8/13/2014
30. Contd…
shanti verma 30
The file described in the table below contains few examples of resource
records.
Domain Time-to-live Class Type Value
207.118.130.194 / 24 172800 IN PTR abcict.org.
ftp.abcict.org. 172800 IN CNAME Vishwanath.abcict.org.
abcict.org. 172800 IN NS ns2.webmastersindia.com.
abcict.org. 172800 IN NS ns1.webmastersindia.com.
abcict.org. 172800 IN A 207.118.130.194
abcict.org. 172800 IN MX (10) mail.abcict.org.
172800 IN MX (20) Vishwanath.abcict.org
172800 IN MX (30) Ponting.abcict.org
mail.abcict.org. 172800 IN A 207.118.130.194
www.abcict.org. 172800 IN CNAME Ponting.abcict.org
www.abcict.org. 172800 IN CNAME abcict.org.
Ponting.abcict.org. 172800 IN A 208.118.130.194
Ponting.abcict.org. 172800 IN HINFO HP laptop with RHEL 9
Vishwanath.abcict.org. 172800 IN A 209.118.130.194
172800 IN HINFO HP I3
laser.abcict.org 172800 IN A 210.118.130.194
172800 IN HINFO The laser printer
Table: The zone files of ‘abcict’
8/13/2014
31. Dynamic DNS
DDNS is a system which allows the
domain name to be updated in real
time instead of in a few days
The most common use for this is in
allowing a domain name to be assigned
to a computer with a varying IP address
This makes it possible for other sites on
the Internet to establish connections to
the machine without needing to track the
IP address themselves
shanti verma 318/13/2014
33. Why Use DDNS?
Make your server accessible on the
Internet even though it has a dynamic
IP address
Make your domain name point to your
PC even though its IP address
changes
Run your own servers at home –
Internet, E-Mail, FTP
shanti verma 338/13/2014
34. How Does DDNS Work?
Sign up for a DDNS account
Enter your DDNS registration
information in your router or use
DDNS client software
Set up your router and Web service to
use the DDNS configuration
shanti verma 348/13/2014
35. DNSSEC Mechanisms
New Resource Records
Setting Up a Secure Zone
Delegating Signing Authority
35shanti verma8/13/2014
37. What does DNSSEC provide
provides message authentication and integrity
verification through cryptographic signatures
◦ You know who provided the signature
◦ No modifications between signing and validation
It does not provide authorization
It does not provide confidentiality
It does not provide protection against DDOS
37shanti verma8/13/2014
38. WWW Background
1989-1990 – Tim Berners-Lee invents
the World Wide Web at CERN
◦ Means for transferring text and graphics
simultaneously
◦ Client/Server data transfer protocol
Communication via application level protocol
System ran on top of standard networking
infrastructure
◦ Text mark up language
Not invented by Bernes-Lee
Simple and easy to use
Requires a client application to render text/graphics
shanti verma 388/13/2014
39. WWW Components
Structural Components
◦ Clients/browsers – to dominant implementations
◦ Servers – run on sophisticated hardware
◦ Caches – many interesting implementations
◦ Internet – the global infrastructure which facilitates data
transfer
Semantic Components
◦ Hyper Text Transfer Protocol (HTTP)
◦ Hyper Text Markup Language (HTML)
eXtensible Markup Language (XML)
◦ Uniform Resource Identifiers (URIs)
shanti verma 398/13/2014
40. WWW Structure
Clients use browser application to send URIs via
HTTP to servers requesting a Web page
Web pages constructed using HTML (or other
markup language) and consist of text, graphics,
sounds plus embedded files
Servers (or caches) respond with requested Web
page
◦ Or with error message
Client’s browser renders Web page returned by
server
◦ Page is written using Hyper Text Markup Language (HTML)
◦ Displaying text, graphics and sound in browser
◦ Writing data as well
The entire system runs over standard networking
protocols (TCP/IP, DNS,…)
shanti verma 408/13/2014
41. HTTP Request and its
Response
shanti verma 41
Web
Browser
SearchEngines
Servlet
“I want to search for
Bill Gates on Google”
“Go to Google”
“I want to search for
Bill Gates on Google”
“Your results…”
Google
8/13/2014
42. Client Request Data
When a user submits a browser request to
a web server, it sends two categories of
data:
◦ Form Data: Data that the user explicitly typed
into an HTML form.
For example: registration information.
◦ HTTP Request Header Data: Data that is
automatically appended to the HTTP Request
from the client.
For example: cookies, browser type, etc,
shanti verma 428/13/2014
43. Uniform Resource Identifiers
Web resources need names/identifiers – Uniform
Resource Identifiers (URIs)
◦ Resource can reside anywhere on the Internet
URIs are a somewhat abstract notion
◦ A pointer to a resource to which request methods can be applied
to generate potentially different responses
A request method is eg. fetching or changing the object
Instance: http://www.foo.com/index.html
◦ Protocol, server, resource
Most popular form of a URI is the Uniform Resource
Locator (URL)
◦ Differences between URI and URL are beyond scope
◦ RFC 2396
shanti verma 438/13/2014
44. HTTP Basics
Protocol for client/server communication
◦ The heart of the Web
◦ Very simple request/response protocol
Client sends request message, server replies with response
message
◦ Stateless
◦ Relies on URI naming mechanism
Three versions have been used
◦ 09/1.0 – very close to Berners-Lee’s original
RFC 1945 (original RFC is now expired)
◦ 1.1 – developed to enhance performance, caching,
compression
RFC 2068
◦ 1.0 dominates today but 1.1 is catching up
shanti verma 448/13/2014
45. HTTP Request Messages
GET – retrieve document specified by URL
PUT – store specified document under given
URL
HEAD – retrieve info. about document specified
by URL
OPTIONS – retrieve information about available
options
POST – give information (eg. annotation) to the
server
DELETE – remove document specified by URL
TRACE – loopback request message
CONNECT – for use by caches
shanti verma 458/13/2014
46. HTTP Request Format
First type of HTTP message: requests
◦ Client browsers construct and send
message
Typical HTTP request:
◦ GET http://www.cs.wisc.edu/index.html
HTTP/1.0
shanti verma 46
request-line ( request request-URI HTTP-version)
headers (0 or more)
<blank line>
body (only for POST request)
8/13/2014
47. HTTP Response Format
Second type of HTTP message: response
◦ Web servers construct and send response
messages
Typical HTTP response:
◦ HTTP/1.0 301 Moved Permanently
Location: http://www.wisc.edu/cs/index.html
shanti verma 47
status-line (HTTP-version response-code
response-phrase)
headers (0 or more)
<blank line>
body
8/13/2014
48. HTTP Response Codes
1xx – Informational – request received,
processing
2xx – Success – action received,
understood, accepted
3xx – Redirection – further action
necessary
4xx – Client Error – bad syntax or cannot
be fulfilled
5xx – Server Error – server failed
shanti verma 488/13/2014
49. HTTP Headers
Both requests and responses can contain a
variable number of header fields
◦ Consists of field name, colon, space, field value
◦ 17 possible header types divided into three
categories
Request
Response
Body
Example: Date: Friday, 27-Apr-01 13:30:01
GMT
Example: Content-length: 3001
shanti verma 498/13/2014
50. HTTP/1.0 Network Interaction
Clients make requests to port 80 on servers
◦ Uses DNS to resolve server name
Clients make separate TCP connection for each
URL
◦ Some browsers open multiple TCP connections
Netscape default = 4
Server returns HTML page
◦ Many types of servers with a variety of implementations
◦ Apache is the most widely used
Freely available in source form
Client parses page
◦ Requests embedded objects
shanti verma 508/13/2014
51. HTTP/1.1 Performance
Enhancements
HTTP/1.0 is a “stop and wait” protocol
◦ Separate TCP connection for each file
Connect setup and tear down is incurred for each file
Inefficient use of packets
Server must maintain many connections in
TIME_WAIT
◦ Resulted in HTTP/1.1 specification focused on
performance enhancements
Persistent connections
Pipelining
Enhanced caching options
Support for compression
shanti verma 518/13/2014
52. Persistent Connections and
Pipelining
Persistent connections
◦ Use the same TCP connection(s) for transfer of
multiple files
◦ Reduces packet traffic significantly
◦ May or may not increase performance from client
perspective
Load on server increases
Pipelining
◦ Pack as much data into a packet as possible
◦ Requires length field(s) within header
◦ May or may not reduce packet traffic or increase
performance
Page structure is critical
shanti verma 528/13/2014
54. HTML Basics
Hyper-Text Markup Language
◦ A subset of Standardized General Markup Language (SGML)
◦ Facilitates a hyper-media environment
Embedded links to other documents and applications
Documents use elements to “mark up” or identify
sections of text for different purposes or display
characteristics
Mark up elements are not seen by the user when
page is displayed
Documents are rendered by browsers
NOTE: Not all documents in the Web are HTML!
Most people use WYSIWYG editors (MS Word) to
generate HTML
shanti verma 548/13/2014
55. HTML Example
shanti verma 55
<HTML>
<HEAD>
<TITLE> PB’s HomePage </TITLE>
</HEAD>
<BODY>
<CENTER><IMG SRC = “bad_picture.gif” ALT = “
“><BR></CENTER>
<P><CENTER><H1>UW Computer Science
Department</H1></CENTER>
Welcome to my goofy HomePage!
…
<A HREF = http://www.cs.wisc.edu/~pb/mydogs_page.html> Spot’s
Page </A>
</BODY>
</HTML>
8/13/2014
60. Cookies & Sessions
Cookies
◦ Cookies are a mechanism for storing data in
the remote browser and thus tracking or
identifying return users.
Sessions
◦ Session support in PHP consists of a way to
preserve certain data across subsequent
accesses. This enables you to build more
customized applications and increase the
appeal of your web site.
60shanti verma8/13/2014
61. What is a Cookie?
A cookie is a small file that the
server embeds on the user's
computer. Each time the same
computer requests for a page
with a browser, it will send the
cookie too. With PHP, you can
both create and retrieve cookie
values.
61shanti verma8/13/2014
63. How to Create a Cookie
The setcookie() function is used to
create cookies.
Note: The setcookie() function must
appear BEFORE the <html> tag.
setcookie(name, [value], [expire], [path],
[domain], [secure]);
This sets a cookie named "uname" - that expires after
ten hours.
<?php setcookie("uname", $name, time()+36000); ?>
<html> <body> …
63shanti verma8/13/2014
64. How to Retrieve a Cookie Value
To access a cookie you just refer to the
cookie name as a variable or use
$_COOKIE array
Tip: Use the isset() function to find out if a
cookie has been set.
<html> <body>
<?php
if (isset($uname))
echo "Welcome " . $uname . "!<br />";
else
echo "You are not logged in!<br />"; ?>
</body> </html>
64shanti verma8/13/2014
65. How to Delete a Cookie
It will expire
or
Cookies must be deleted with the
same parameters as they were set
with. If the value argument is an
empty string (""), and all other
arguments match a previous call to
setcookie, then the cookie with the
specified name will be deleted from
the remote client.
65shanti verma8/13/2014
66. What is a Session?
The session support allows you to
register arbitrary numbers of variables
to be preserved across requests.
A visitor accessing your web site is
assigned an unique id, the so-called
session id. This is either stored in a
cookie on the user side or is
propagated in the URL.
66shanti verma8/13/2014
67. How to Create a Session
The session_start() function is
used to create cookies.
<?php
session_start();
?>
67shanti verma8/13/2014
68. How to Retrieve a Session Value
Register Session variable
session_register('var1','var2',...); // will also create a
session
PS:Session variable will be created on using even if you will not
register it!
Use it
<?php
session_start();
if (!isset($_SESSION['count']))
$_SESSION['count'] = 0;
else
$_SESSION['count']++;
?>
68shanti verma8/13/2014
69. How to Delete a Session Value
session_unregister(´varname´
);
How to destroy a session:
session_destroy()
69shanti verma8/13/2014
70. Proxy Servers
Part of an overall Firewall strategy
Sits between the local network and the external network
◦ Originally used primarily as a caching strategy to minimize
outgoing URL requests and increase perceived browser
performance
◦ Primary mission is now to insure anonymity of internal users
Still used for caching of frequently requested files
Also used for content filtering
Acts as a go-between, submitting your requests to the
external network
◦ Requests are translated from your IP address to the Proxy’s IP
address
◦ E-mail addresses of internal users are removed from request
headers
◦ Cause an actual break in the flow of communications
70shanti verma8/13/2014
71. TCP Connection Termination
Both the outgoing and incoming TCP connections are
terminated
prevents a hacker from hijacking a stale connection on a service
that is being proxied
ex . HTTP page request
Use
r
Proxy Serve
r
request
packet
request
packet’
response packet’response
packet
Connection left open until
the proxy closes it after
receiving response packet
and sending it back to user
Connection only left open
until server closes the
connection after sending the
response packet 71shanti verma8/13/2014
72. Performance Aspects
Caching
◦ By keeping local copies of frequently accessed file the proxy can
serve those files back to a requesting browser without going to
the external site each time, this dramatically improves the
performance seen by the end user
◦ Only makes sense to implement this at the ISP rather than the
small business level because of the number of pages available
◦ Because of dynamic content many pages are invalidated in the
cache right away
Load balancing
◦ A proxy can be used in a reverse direction to balance the load
amongst a set of identical servers (servers inside the firewall and
users outside)
◦ Used especially with web dynamic content (.asp, .php,.cfm,.jsp)
72shanti verma8/13/2014
73. Proxy Liabilities
Single point of failure
◦ if the proxy dies , no one can get to the external network
Client software must usually be designed to use a proxy
Proxies must exist for each service
Doesn’t protect the OS
◦ proxies run at the application level
Usually optimized for performance rather than security
◦ WINGATE was installed to be easy to configure; opened a winsock
proxy to the external interface, which let hackers essentially hijack
the machine
Create a service bottleneck
◦ solved via parallelism (more proxies, and load balance)
73shanti verma8/13/2014
74. This Proxy designed according to the client/server-programming
model. It consists of six modules:
Architecture - Overview
• Manager - a configuration module.
• Syntaxer - responsible for HTTP support: generation,
parsing and modification of HTTP messages.
• Server - a module that interacts with proxy clients.
• Mediator - an interface layer between Server and
Client.
• Client - accepts requests from Mediator and executes
them.
• Cache - a part of mediator that keeps copies of
received data.
74shanti verma8/13/2014
75. Architecture – Data flow diagram
PROXY
Server
Module
Client
Module
Mediator
Module
Cache
Module
User
Remote
Host
Request
Response
Request Request
Response
75shanti verma8/13/2014
78. What is Bluetooth?
A cable-replacement technology that can
be used to connect almost any device to
any other device
Radio interface enabling electronic
devices to communicate wirelessly via
short range (10 meters) ad-hoc radio
connections
a standard for a small , cheap radio chip
to be plugged into computers, printers,
mobile phones, etc
78shanti verma8/13/2014
79. What is Bluetooth?
Uses the radio range of 2.45 GHz
Theoretical maximum bandwidth is 1
Mb/s
Several Bluetooth devices can form an ad
hoc network called a “piconet”
◦ In a piconet one device acts as a master (sets
frequency hopping behavior) and the others as
slaves
◦ Example: A conference room with many
laptops wishing to communicate with each
other
79shanti verma8/13/2014
80. History
Harald Bluetooth : 10th century Danish King,
managed to unite Denmark and Norway
Bluetooth SIG (Special Interest Group) :
◦ Founded in 1998 by : Ericsson, Intel, IBM, Toshiba
and Nokia
◦ Currently more than 2500 adopter companies
◦ Created in order to promote, shape an define the
specification and position Bluetooth in the market
place Current specification : Bluetooth 2.1
80shanti verma8/13/2014
81. Bluetooth Architecture
Piconet
◦ Each piconet has one master and up to 7 simultaneous
slaves
Master : device that initiates a data exchange.
Slave : device that responds to the master
Scatternet
◦ Linking of multiple piconets through the master or slave
devices
◦ Bluetooth devices have point-to-multipoint capability to
engage in Scatternet communication.
81shanti verma8/13/2014
82. Piconet
All devices in a piconet hop together
◦ Master gives slaves its clock and device ID
Non-piconet devices are in standby
MS
S
S
P
P
SB
SB
M=Master P=Parked
S=Slave SB=Standby
82shanti verma8/13/2014
83. Scatternet
Devices can be slave in one piconet and master
of another
MS
S
SP
P
SB
SB
M
S
S
SB
P
83shanti verma8/13/2014
84. Physical links
Between master and slave(s), different
types of links can be established. Two link
types have been defined:
◦ Synchronous Connection-Oriented (SCO) link
◦ Asynchronous Connection-Less (ACL) link
84shanti verma8/13/2014
85. Physical links
Synchronous Connection Oriented (SCO)
◦ Support symmetrical, circuit-switched, point-to-point
connections
◦ Typically used for voice traffic.
◦ Data rate is 64 kbit/s.
Asynchronous Connection-Less (ACL)
◦ Support symmetrical and asymmetrical, packet-
switched, point-to-multipoint connections.
◦ Typically used for data transmission .
◦ Up to 433.9 kbit/s in symmetric or 723.2/57.6 kbit/s in
asymmetric
85shanti verma8/13/2014
86. Bluetooth Protocol Stack
Bluetooth Radio
Baseband
LMP
L2CAP
Audio
RFCOMM
PPP
IP
UDP TCP
WAP
WAE
OBEX
vCard/vCal
AT-
Commands
TCS BIN
Host Controller Interface (HCI)
Bluetooth Core Protocol
Adopted Protocol
Cable Replacement Protocol
SDP
Telephony Protocol
86shanti verma8/13/2014
87. Bluetooth Protocol Stack
Bluetooth Radio : specifics details of the air interface,
including frequency, frequency hopping, modulation
scheme, and transmission power.
Baseband: concerned with connection establishment
within a piconet, addressing, packet format, timing and
power control.
Link manager protocol (LMP): establishes the link
setup between Bluetooth devices and manages ongoing
links, including security aspects (e.g. authentication and
encryption), and control and negotiation of baseband
packet size
87shanti verma8/13/2014
88. Bluetooth Protocol Stack
Logical link control and adaptation protocol
(L2CAP): adapts upper layer protocols to the baseband
layer. Provides both connectionless and connection-
oriented services.
Service discovery protocol (SDP): handles device
information, services, and queries for service
characteristics between two or more Bluetooth devices.
Host Controller Interface (HCI): provides an interface
method for accessing the Bluetooth hardware
capabilities. It contains a command interface, which acts
between the Baseband controller and link manager
88shanti verma8/13/2014
89. Bluetooth Protocol Stack
TCS BIN (Telephony Control Service): bit-oriented
protocol that defines the call control signaling for the
establishment of voice and data calls between Bluetooth
devices.
OBEX(OBject EXchange) : Session-layer protocol for the
exchange of objects, providing a model for object and
operation representation
RFCOMM: a reliable transport protocol, which provides
emulation of RS232 serial ports over the L2CAP protocol
WAE/WAP: Bluetooth incorporates the wireless application
environment and the wireless application protocol into its
architecture.
89shanti verma8/13/2014
90. Connection Establishment States
Standby
◦ State in which Bluetooth device is inactive, radio not
switched on, enable low power operation.
Page
◦ Master enters page state and starts transmitting paging
messages to Slave using earlier gained access code
and timing information.
Page Scan
◦ Device periodically enters page state to allow paging
devices to establish connections.
90shanti verma8/13/2014
91. Connection Establishment States
Inquiry
◦ State in which device tries to discover all Bluetooth
enabled devices in the close vicinity.
Inquiry scan
◦ Most devices periodically enter the inquiry scan state
to make themselves available to inquiring devices.
91shanti verma8/13/2014
93. Bluetooth Security
There are three modes of security for Bluetooth
access between two devices.
◦ non-secure
◦ service level enforced security
◦ link level enforced security
Device security level
◦ Trusted
◦ untrusted
Service security level
◦ Authorization and Authentication
◦ Authentication only
◦ Open to all devices
93shanti verma8/13/2014
94. Bluetooth Security
The following are the three basic security
services specified in the Bluetooth standard:
◦ Authentication
verifying the identity of communicating devices. User
authentication is not provided natively by Bluetooth.
◦ Confidentiality
preventing information compromise caused by eavesdropping
by ensuring that only authorized devices can access and view
data.
◦ Authorization
allowing the control of resources by ensuring that a device is
authorized to use a service before permitting it to do so.
94shanti verma8/13/2014