上海交通大学：网络安全 Network Security（PPT讲稿，朱浩瑾）

Networking Overview: Everything " you need to know, in 50 minutes Network Security Prof Haojin Zhu Adopted from David Wagner Uc Berkeley May8,2019

Networking Overview: “Everything” you need to know, in 50 minutes Network Security Prof. Haojin Zhu Adopted from David Wagner @ UC Berkeley May 8, 2019

Local-Area networks A point-to-point hared How does computer Send a message to computer C? 2

Local-Area Networks point-to-point shared How does computerAsend a message to computer C? 2 A C

Local-Area networks: Packets From: A To: C Message: Hello world! A Hello world! A Hello world!

Local-Area Networks: Packets 3 From: A To: C Message: Hello world! A C Hello world! A C Hello world!

Wide Area networks 旦马 router How do we connect two lans 马马马

Wide-Area Networks router How do we connect two LANs? C 4 A

Wide Area networks R C. com Hello world! router R A. com C. com 马马 Hello world A. com C. com Hello world!

Wide-Area Networks 5 router • How do we connect two LANs? C A.com C.com Hello world! A A R R C A.com C.com Hello world! A.com C.com Hello world!

Key Concept #1: Protocols A protocol is an agreement on how to communicate Includes syntax and semantics How a communication is specified structured o Format order messages are sent and received What a communication means o Actions taken when transmitting, receiving, or timer expires EXample: making a comment in lecture? 1. Raise your hand 2. Wait to be called on 3. Or: wait for speaker to pause and vocalize 4. If unrecognized (after timeout): say"excuse me

6 Key Concept #1: Protocols • A protocol is an agreement on how to communicate • Includes syntax and semantics – How a communication is specified & structured o Format, order messages are sent and received – What a communication means o Actions taken when transmitting, receiving, or timer expires • Example: making a comment in lecture? 1.Raise your hand. 2.Wait to be called on. 3.Or: wait for speaker to pause and vocalize 4.If unrecognized (after timeout): say “excuse me

Key Concept #2: Dumb Network Original Internet design interior nodes (routers)have no knowledge* of ongoing connections going through them Not how you picture the telephone system works Which internally tracks all of the active voice calls Instead: the postal system Each Internet message("packet")self-contained Today's Internet is full of hacks that violate this

7 Key Concept #2: Dumb Network • Original Internet design: interior nodes (“ r o u ters” ) h a v e no knowledge* of ongoing connections going through them • Not how you picture the telephone system works – Which internally tracks all of the active voice calls • Instead: the postal system! – Each Internet message (“packet”) self-contained * Today’s Internet is full of hacks that violate this

Self-Contained P Packet format IP= nternet protocol 4-bit4-bit 8-bit Version Header Type of Service 16-bit Total Length(Bytes) Length (TOs) 3-bit 16-bit Identification Flags 13-bit Fragment Offset Header is like a letter envelope 8-bit Time to Live(TTL)8-bit Protocol 16-bit Header Checksum contains all info needed for 32-bit Source P address delivery 32-bit Destination P Address Payload (remainder of message)

Self-Contained IP Packet Format 4-bit Version 4-bit Header Length 8-bit Typeof Service (TOS) 16-bit Total Length (Bytes) 16-bit Identification 3-bit Flags 13-bit Fragment Offset 8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum 32-bit Source IP Address 32-bit Destination IP Address Payload (remainder of message) . . . . . Header is like a letter envelope: contains all info needed for delivery IP = InternetProtocol

Key Concept #2: Dumb Network Original Internet design interior nodes (routers)have no knowledge* of ongoing connections going through them Not: how you picture the telephone system works Which internally tracks all of the active voice calls Instead the postal system Each Internet message ("packet" ) self-contained Interior routers look at destination address to forward If you want smarts, build it"end-to-end, not hop-by-hop Buys simplicity robustness at the cost of shifting complexity into end systems Today's Internet is full of hacks that violate this

9 Key Concept #2: Dumb Network • Original Internet design: interior nodes (“ r o u ters” ) h a v e no knowledge* of ongoing connections going through them • Not: how you picture the telephone system works – Which internally tracks all of the active voice calls • Instead: the postal system! – Each Internet message (“packet”) self-contained – Interior routers look at destination address to forward – If you want smarts, build it “end-to-end” , not “hop-by-hop” – Buys simplicity & robustness at the cost of shifting complexity into end systems * Today’s Internet is full of hacks that violate this

Key Concept #3 Layering Internet design is strongly partitioned into layers Each layer relies on services provided by next layer below and provides services to layer above it Analogy Code You write Consider structure of an application you've written Run-Time Library and the“ services”each System Calls layer relies on/ provides Device Drivers Fully isolated Voltage Levels/ from user Magnetic Domains programs

Key Concept #3: Layering • Internet design is strongly partitioned into layers – Each layer relies on services provided by next layer below … – … and provides services to layer above it • Analogy: – Consider structure of an application you’ve written and the “services” each layer relies on / provides System Calls Device Drivers VoltageLevels / Magnetic Domains 10 } Fully isolated from user programs CodeYou Write Run-Time Library