TDC 361 Basic Communications Systems Class 10

1
TDC 361Basic Communications Systems Class 10

• Greg Brewster
• DePaul University

2
Todays Class Topics

• Asynchronous Transfer Mode (ATM)
• Cell Switching
• Classes of Service
• Providing Integrated Voice and Data
• Security
• Concepts
• Viruses
• Firewalls
• Management

3
ATM Features

• 53-byte cells
• Connection Oriented Design (SVC, PVC)
• Scaleable Bandwidth (25, 100, 155, 622 Mbps)
• Hub Backplane Design (Star / Non-Blocking)
• LAN and WAN convergence
• Adaptive to traffic demands (ABR, CBR, VBR)
• Low latency

4
ATM Market

• Major Success Large Carrier Networks
• ATT and MCI have stated that they will convert
  their backbones to ATM within the next few years
  
• Moderate Success Corporate Backbones
• Some large corporations utilize ATM to
  interconnect switched LANs and provide in-house
  video and audio services
  
• Not much Success Desktop
• ATM to the desktop has not been very popular

5
How ATM Works?

• A sender must set up an ATM Virtual Channel to a
  destination before sending data
  
• Two Types Permanent Virtual Channel, Switched
  Virtual Channel
  
• Switched Virtual Channel is set up by sending
  SETUP message using Q.93B
  
• All data going over Virtual Channel follows same
  path
  
• ATM devices transmit all data in fixed-length
  53-byte ATM cells
  
• ATM Cell 5-byte header, 48-bytes data
• Cell header contains Virtual Channel ID
• ATM Switches forward data cells along established
  Virtual Channels.
  
• Each Virtual Channel has Quality-of-Service
  parameters (priority, delays, etc.) associated
  with it.
  

6
How ATM Works?
ATM cells flow continuously
ATM Cell-Switching
ATM
ATM
Cell Data
Cell Data
Cell Data
Cell
Cell
Cell
Cell
Header
Header
Header
Switch
Switch
Header
(48 bytes)
(48 bytes)
(48 bytes)
5 bytes
5 bytes
5 bytes
5 bytes
7
How ATM Works?

• Why 53 Bytes?

United States and Japan
64 Bytes
European Community
32 Bytes
64 32 / 2 53 Byte compromise
5 byte 48 byte payload header
8
ATM Feature QOS

• ATMs distinguishing feature It can provide
  tighter guarantees on QOS parameters than other
  services
  
• Both constant bit-rate and variable bit-rate
  services
  
• Guaranteed Max/Avg/Min Bandwidth
• Implemented via Burst Length and Burst Ratio (max
  to avg)
  
• Guaranteed end-to-end delay
• Guaranteed cell loss rate

9
ATM in the LAN, WAN, and Telco
ATM in the Building/CampusBackbone
ATM Access to the Carrier Network
ATM in the Carrier Network
ATM to the Desktop
10
How ATM Works?

• ATM SVC - Switched Virtual Connection
• (a temporary logical connection between two
  endpoints)

Video Server
A virtual connection that has been established
dynamically in response to a signaling request
message.
11
How ATM Works?

• Call Set-up Example

2.) Switch sends CALL PROCEEDING to calle
r,
SETUP to called device
ATM Switch
1.) SETUP Message
3.) Device replies with CONNECT message
Port 1
312-444-2700
4.) Switch sends CONNECT msg caller ac
ks
Port 11
708-250-9900
12
How ATM Works?

• ATM PVC - Permanent Virtual Connection
• (a permanent logical connection between two
  endpoints)

A virtual channel connection that has been
established by manual methods in advance of its
need.
13

• ATM Classes of Service (COS)
• Every time a Virtual Circuit (VC) is set up, the
  customer specifies a CLASS OF SERVICE desired for
  that VC.
  
• Desired Bandwidth and Class of Service determines
  the price (cost per minute) for using a
  particular VC.
  
• ATM has Classes of Service that are functionally
  equivalent to
  
• Leased Line service
• Frame Relay service
• Internet service

14

• ATM Classes of Service (COS)
• Continuous Bit Rate (CBR)
• Performs like a leased line. Most expensive.
• Variable Bit Rate (VBR)
• Like Frame Relay. Customer specifies CIR.
  Customer must stay within CIR. Network
  guarantees performance. Medium expensive.
  
• Available Bit Rate (ABR)
• Customer sends data as fast as he wants.
  However, if network gets busy, flow control
  messages are sent back to customer site and
  customer equipment must slow down.
• Unspecified Bit Rate (UBR)
• No performance guarantees. Cheapest ATM service
  type.

15
Congestion Management

• CBR, VBR guarantee service levels
• If network is too heavily loaded, new connection
  requests will be rejected (busy signal)
  
• ABR guarantees service level if flow control
  messages from network are obeyed
  
• If network is too heavily loaded, current
  connections are told to throttle back
  
• UBR provides no service guarantee

16
How ATM Works?

• Adaptive to traffic demands (ABR, VBR, CBR)

Available Bit Rate Traffic e.g. e-mail
Variable Bit Rate Traffic e.g. LAN Traffic
Constant Bit Rate Traffic e.g. Voice, Video
17
Constant Bit Rate
18
Packet Switching via ATM
19
Voice/Data Integration

• So, ATM can carry
• Voice, Audio or Video at pre-reserved fixed
  bandwidths
  
• Packetized Data by using whatever bandwidth is
  dynamically available at any given moment
  
• Prioritized Data by assigning appropriate
  priority level to data packets
  
• It will provide the appropriate quality of
  service (QOS) for each of these over the same
  transmission facilities
  

20
Data Communications and Computer Networks
Chapter 13

Introduction While computer systems today have so
me of the best security systems ever, they are
more vulnerable than ever before.
This vulnerability stems from the world-wide
access to computer systems via the Internet.
Computer and network security comes in many
forms, including encryption algorithms, access to
facilities, digital signatures, and using
fingerprints and face scans as passwords.
21
Data Communications and Computer Networks
Chapter 13

Basic Security Measures The basic security measur
es for computer systems fall into eight
categories External security Operational secu
rity Surveillance Passwords Auditing Acces
s rights Standard system attacks Viruses
22
Data Communications and Computer Networks
Chapter 13

External Security Protection from environmental d
amage such as floods, earthquakes, and heat.
Physical security such as locking rooms, locking
down computers, keyboards, and other devices.
Electrical protection from power surges.
Noise protection from placing computers away from
devices that generate electromagnetic
interference.
23
Data Communications and Computer Networks
Chapter 13

Operational Security Deciding who has access to w
hat. Limiting time of day access. Limiting day o
f week access. Limiting access from a location, s
uch as not allowing a user to use a remote login
during certain periods or any time.
24
Data Communications and Computer Networks
Chapter 13

25
Data Communications and Computer Networks
Chapter 13

Surveillance Proper placement of security cameras
can deter theft and vandalism.
Cameras can also provide a record of activities.
Intrusion detection is a field of study in which
specialists try to prevent intrusion and try to
determine if a computer system has been
violated.
26
Data Communications and Computer Networks
Chapter 13

• Passwords and ID Systems
• Passwords are the most common form of security
  and the most abused.
  
• Simple rules help support safe passwords,
  including
  
• Change your password often.
• Pick a good, random password (minimum 8
  characters, mixed symbols).
  
• Dont share passwords or write them down.
• Dont select names and familiar objects as
  passwords.

27
Data Communications and Computer Networks
Chapter 13

28
Data Communications and Computer Networks
Chapter 13

• Passwords and ID Systems
• Many new forms of passwords are emerging
• Fingerprints
• Face prints
• Retina scans and iris scans
• Voice prints
• Ear prints

29
Data Communications and Computer Networks
Chapter 13

Auditing Creating a computer or paper audit can h
elp detect wrongdoing. Auditing can also be used
as a deterrent. Many network operating systems al
low the administrator to audit most types of
transactions. Many types of criminals have been c
aught because of computer-based audits.
30
Data Communications and Computer Networks
Chapter 13

31
Data Communications and Computer Networks
Chapter 13

Access Rights Two basic questions to access right
who and how? Who do you give access right to?
No one, group of users, entire set of users?
How does a user or group of users have access?
Read, write, delete, print, copy, execute?
Most network operating systems have a powerful
system for assigning access rights.
32
Data Communications and Computer Networks
Chapter 13

33
Data Communications and Computer Networks
Chapter 13

Viruses Many different types of viruses, such as
parasitic, boot sector, stealth, polymorphic, and
macro. A Trojan Horse virus is a destructive piec
e of code that hides inside a harmless looking
piece of code. Sending an e-mail with a destructi
ve attachment is a form of a Trojan Horse virus.
34
Data Communications and Computer Networks
Chapter 13

Viruses Signature-based scanners look for particu
lar virus patterns or signatures and alert the
user. Terminate-and-stay-resident programs run in
the background constantly watching for viruses
and their actions. Multi-level generic scanning i
s a combination of antivirus techniques including
intelligent checksum analysis and expert system
analysis.
35
Data Communications and Computer Networks
Chapter 13

Standard System Attacks Denial of service attacks
, or distributed denial of service attacks,
bombard a computer site with so many messages
that the site is incapable of answering valid
request. In e-mail bombing, a user sends an exces
sive amount of unwanted e-mail to someone.
Smurfing is a nasty technique in which a program
attacks a network by exploiting IP broadcast
addressing operations. Ping storm is a condition
in which the Internet Ping program is used to
send a flood of packets to a server.
36
Data Communications and Computer Networks
Chapter 13

Standard System Attacks Spoofing is when a user c
reates a packet that appears to be something else
or from someone else. Trojan Horse is a malicious
piece of code hidden inside a seemingly harmless
piece of code. Stealing, guessing, and intercepti
ng passwords is also a tried and true form of
attack.
37
Data Communications and Computer Networks
Chapter 13

38
Data Communications and Computer Networks
Chapter 13

Basic Encryption and Decryption
Cryptography is the study of creating and using
encryption and decryption techniques.
Plaintext is the the data that before any
encryption has been performed.
Ciphertext is the data after encryption has been
performed. The key is the unique piece of informa
tion that is used to create ciphertext and
decrypt the ciphertext back into plaintext.
39
Data Communications and Computer Networks
Chapter 13

40
Data Communications and Computer Networks
Chapter 13

Monoalphabetic Substitution-based Ciphers
Monoalphabetic substitution-based ciphers replace
a character or characters with a different
character or characters, based upon some key.
Replacing abcdefghijklmnopqrstuvwxyz
With POIUYTREWQLKJHGFDSAMNBVCXZ
The message how about lunch at noon
encodes into EGVPO GNMKN HIEPM HGGH
41
Data Communications and Computer Networks
Chapter 13

Polyalphabetic Substitution-based Ciphers
Similar to monoalphabetic ciphers except multiple
alphabetic strings are used to encode the
plaintext. For example, a matrix of strings, 26 r
ows by 26 characters or columns can be used.
A key such as COMPUTERSCIENCE is placed
repeatedly over the plaintext.
COMPUTERSCIENCECOMPUTERSCIENCECOMPUTER
thisclassondatacommunicationsisthebest
42
Data Communications and Computer Networks
Chapter 13

Polyalphabetic Substitution-based Ciphers
To encode the message, take the first letter of
the plaintext, t, and the corresponding key
character immediately above it, C. Go to row C
column t in the 26x26 matrix and retrieve the
ciphertext character V. Continue with the other
characters in the plaintext.
43
Data Communications and Computer Networks
Chapter 13

44
Data Communications and Computer Networks
Chapter 13

Transposition-based Ciphers In a transposition-ba
sed cipher, the order of the plaintext is not
preserved. As a simple example, select a key such
as COMPUTER. Number the letters of the word COMP
UTER in the order they appear in the alphabet.
1 4 3 5 8 7 2 6 C O M P U T E R
45
Data Communications and Computer Networks
Chapter 13

Transposition-based Ciphers Now take the plaintex
t message and write it under the key.
1 4 3 5 8 7 2 6 C O M P U T E R t h i s i s t h
e b e s t c l a s s i h a v e e v e r t a k e n
46
Data Communications and Computer Networks
Chapter 13

Transposition-based Ciphers Then read the ciphert
ext down the columns, starting with the column
numbered 1, followed by column number 2.
TESVTLEEIEIRHBSESSHTHAENSCVKITAA
47
Data Communications and Computer Networks
Chapter 13

Public Key Cryptography Very powerful encryption
technique in which two keys are used the first
key (the public key) encrypts the message while
the second key (the private key) decrypts the
message. Not possible to deduce one key from the
other. Not possible to break the code given the p
ublic key. If you want someone to send you secure
data, give them your public key, you keep the
private key. Secure sockets layer on the Internet
is a common example of public key cryptography.
48
Data Communications and Computer Networks
Chapter 13

Data Encryption Standard Created in 1977 and in o
peration into the 1990s, the data encryption
standard took a 64-bit block of data and
subjected it to 16 levels of encryption.
The choice of encryption performed at each of the
16 levels depends on the 56-bit key applied.
Even though 56 bits provides over 72 quadrillion
combinations, a system using this standard has
been cracked. Larger keys is the answer to better
security.
49
Data Communications and Computer Networks
Chapter 13

50
Data Communications and Computer Networks
Chapter 13

Digital Signatures Verifying the Sender
Document to be signed is sent through a complex
mathematical computation that generates a hash.
Hash is encoded with the owners private key.
To prove future ownership, the hash is decoded
using the owners public key and the hash is
compared with a current hash of the document.
If the two hashes agree, the document belongs to
the owner. The U.S. has just approved legislation
to accept digitally signed documents as legal
proof.
51
Data Communications and Computer Networks
Chapter 13

Public Key Infrastructure The combination of encr
yption techniques, software, and services that
involves all the necessary pieces to support
digital certificates, certificate authorities,
and public key generation, storage, and
management. A certificate, or digital certificate
, is an electronic document, similar to a
passport, that establishes your credentials when
you are performing transactions.
52
Data Communications and Computer Networks
Chapter 13

• Public Key Infrastructure
• Applications that could benefit from PKI
• World Wide Web transactions
• Virtual private networks
• Electronic mail
• Client-server applications
• Banking transactions

53
Firewalls

• Firewalls are filters that can be placed between
  internal networks and the public Internet
  
• Watches all data packets going in both
  directions
  
• Filters packets by IP subnet, TCP port, etc.
• Acts as proxy web server, such that internal
  users must pass all web requests to firewall for
  inspection before they are passed to outside
  
• Acts as auditor by recording all packet activity
  in and out of the organization

54
Data Communications and Computer Networks
Chapter 13

55
(No Transcript)
56
Data Communications and Computer Networks
Chapter 13

Security Policy Design Issues What is the company
s desired level of security? How much money is t
he company willing to invest in security?
If the company is serious about restricting
access through an Internet link, what about
restricting access through all other entry ways?
The company must have a well-designed security
policy.