1. Number of study hours 30
2. Short description of the course This module presents the main issues related to network applications. We detail both the general issues regarding network applications and the specific characteristic related to protocols and technologies used in the Internet. In particular, we focus on two main applications: the World Wide Web and Electronic Mail.
3. Target groups The employers of IT core level professionals are the target sector. The project objectives directly address the promotion of high knowledge and skills standards in IT area and in particular provide an innovative approach to training. The first target group consists of IT students (vocational school IT basic level training and the first courses of colleges and universities) in technology area and IT practitioners not having vocational certificates yet.
4. Prerequisites We assume the knowledge of the concepts introduced in the C3 Module. In particular, we assume the user to understand the concept of the layered architecture for network protocols, and particularly the layered architecture used in the Internet. In particular, we assume basic knowledge of IP, UDP and TCP and related issues.
5. Aim of the course - learning outcomes The user will acquire main principle and basic components of the WWW; in particular we will detail the languages, the technologies and the realization of static and dynamic WWW pages. The user will acquire a basic knowledge for the HTTP, to transfer WWW pages among computational units, and for the DNS, to convert symbolic addresses to IP addresses. We will present the main protocols used for the Electronic Mail, focusing on the SMTP and protocols to access the mail boxes. Finally the user will know main aspects and basic principles for emerging applications and for new requisites that are emerging in common applications. In particular, we will address the issues and adopted solutions related to security and multi-media applications.
C.4.1 Network Security IssuesEdit
C.4.1.1. The Importance of SecurityEdit
Communication network and applications using them should meet various security requirements. The technology evolution allows now to develop applications that deal with huge economic values, such as for example e-commerce, for which it is necessary to guarantee the privacy of information. For example, when users buy goods or services over the internet and provide their credit card details, they must be ensured that the information will be used only by the legitimate receiver. If such information were not private they could be used by intruders to perform malicious operations. E-commerce is only one of the possible applications for which privacy of data transfer is a requirement. Another example is the electronic mail. Privacy is a requirement not only for economic transactions but also for social issues, because privacy of communication is a right which is guaranteed at constitutional level. The privacy of communication requires that no user is able to obtain or derive from the systems information that he/she is not authorized to know or to alter somehow the communication. In particular, if a message protected then a not authorized user that read the message should not be able to understand the message content, or be able to acquire partial information over the message content. Theoretically, an intruder should not be able to understand not even one byte of the message. This objective has been reached by designing specific methods that alter the message content so that it appears completely not understandable. The alteration is performed through a specific transformation on which both the sender and the receiver agree. When the message is received, the receiver is able to transform the message back to its original content.
C.4.1.2 Authenticity, Integrity and User AuthenticationEdit
In many applications, such as for example e-commerce, privacy of transmitted information is not enough, we also need to be able to guarantee the authenticity of the communication. We need to guarantee that transmitted information are truthful to prevent both the seller and the buyer from possible frauds. More precisely, we require that each user can verify that data are authentic and integral. The authenticity of information imply that the transmitted information have actually been sent by the sender. The integrity requires that the information were not modified by not authorized users, malicious intruders or by accidental system failures, such as for example an error in the message transmission. In this case it is necessary to provide tools to verify whether a modification in the message occurred. In many cases, the exchanged information might not need be private, such as for example the electoral results. In this case we need to verify that information are not manipulated but the information is not private. In many cases it is necessary to have guarantees about the identity of the sender, to differentiate between authentic information sent by authorized users from authentic information sent by an intruder. For example let us assume that Alice connects to the Internet from home providing her username and her password. An intruder could have copied the authentic password used by Alice and use it to connect pretending to be Alice. Notice that this example shows that data authenticity and user authenticity are different concepts: the password is always authentic but the intruder is not the authentic user.
Password usage The first part of the Figure shows how the intruder is able to acquire the password yZu456;! that Alice uses to connect to the Internet; the second part of the Figure shows how subsequently, the Intruder uses the acquired password to connect pretending to be Alice. The different ways that can be used by an intruder and that need to be considered when designing and evaluating the security of an application can be divided in two main categories: passive intrusions and active intrusions. In the first case, the intruder is able to read messages that flows over the network; in the second case the intruder can also modify, remove or create new messages. In the first case we say that the user is able to do packet sniffing. To do packet sniffing or simply sniffing is fairly easy in many practical applications. A simple way, called spoofing to insert new packets is to generate false IP packets; i.e. IP packets for which the sender IP address is not the actual sender but the IP address of another users.
C.4.1.3 Data AvailabilityEdit
Requirements of availability demand to provide to each qualified user the information that he /she has the right to access, with pre-specified times and modalities. For IT applications the availability requirement includes efficiency and robustness: if the required information is not always readily available the IT system is usually compromised. To break the availability requirement is the main objective of attacks such as viruses and similar applications. In these cases the objective of the attack is not to obtain private information but to make not available a provided service. This kind of attack is usually carried out using programs such as worms, which introduce malfunctioning in the system: when one of these programs infects a system this is usually not usable anymore or only partially functioning. Usually these kinds of programs reach a system through messages associated to the e-mail or copying an infected program. A very dangerous way to attack the availability of a service with an active intrusion is to attack a system by flooding it with messages. For example, the initial message to require a TCP connection (usually indicated with SYN) is a message that utilizes the computational resources and memory of the receiver, even in a limited way. Those messages are usually composed of few bytes and thus with modern data transmission rates an attacker can send millions of TCP requests every second. If this attack is carried out the receiver system will use all its computational power and memory to answer to the malicious TCP requests denying the service that the system usually provide to the users. This attack is particularly dangerous when the messages come contemporary from different attackers to single router that needs to route all the traffic. In this case the system under attack can be completely blocked and the block will propagate to other connected routers, possibly stopping a significant portion of the Internet. Notice that in this case it not needed that the managers of the systems that initially flood the system under attack are accomplices: the packet flooding could be generated by computers that were infected by viruses. At a given pre-specified date all infected machines carry on the attack running the infected program; when such an attack modality is used it is very difficult to trace back the original attacker.
Denial of service The Figure shows how a denial of service attack could be carried out sending several messages for a TCP connection request from different nodes of the network.
Cryptography’s aim is to assure the message secretiveness making this one meaningless to who he is not authorized. To such purpose, sender changes text of the message before to transmit it; these changes are performed according to a predefined shared procedure between sender and receiver. This procedure transforms the original message (also known as plain message) into a ciphered message (also known as encoded message); after that this one is received by destination, receiver is able to apply the reverse procedure obtaining the plain text. The above procedures are also known as encoding and decoding. These ones depend on both selected cryptographic method (also said cryptographic algorithm) and used key that defines and specifies the transformation applied by encoding and decoding. In order to assure a greater security, it is usually presupposed that intruder has partial informations as an example <plain message, encoded message> pairs. Nonetheless, the intruder does not have to be able to obtain informations about new encoded messages. Computer technology allows trying many possible keys fastly; as an example, a system that has only one million different keys is in every case not suitable. System with 60 billions of keys was suitable twenty years ago but it is not suitable today. Current cryptographic systems use greater number of keys. In particular, one of commonly used system has a number of keys that takes al least 128 bit: in order to estimate the number of possible keys, let us think that the number of machine cycles executed by one billion computers with 3 GHz clock during one thousand years is only one billionth of this number. To increase further the security level they are used method with greater number of keys. The following figure shows several examples of large numbers: the first one is the number of possible Enalotto columns; the second one is the estimated number of the seconds elapsed by universe born. Finally, last number is an evaluation of the possible keys used by one of the most common ciphering method (that is RSA ). We will describe this method later. To increase further the security level we highlight that RSA is often used with greater number of key. Large number description Value Enalotto columns 622.614.630 =1.15229 Seconds elapsed by solar system born 1.38257 Machine cycles of 3 GHz machines within a century 4.1261 Machine cycles of 1 million 2 GHz machines within a century 4.1281 Number of different keys using 512 bit RSA 2.892488
Large numbers The Figure shows several examples of large numbers.
C.4.2.1b Cryptanalysis and security of cryptographic methodEdit
There are several cryptographic methods with many different keys that they do not require a big effort to find the right key using few attempts. The aim of cryptanalysis is to decrypt a ciphered message without knowing the used key. An example of easy cryptanalysis activity is that one that it is possible using any random permutation of the alphabet. If we use the Italian alphabet, this method has more of 900 millions of keys (different permutations of 21 chars). However, this method is not trust as each char is used with different frequency in the Italian language. This analysis allows decreasing a lot the number of possible keys that we need to try and it makes not secure each code based on random char permutation. Let us note that it is not always assured that starting from a given text it is easy to retrieve the key: there are several texts for which the char frequency is very different by that one that the table shows. These texts are usually quite short; if text is quite long (two or more pages), it is rare having meaningful differences by table data. As this method is easy to break starting from the greater part of the texts, it is not secure. Char a b c d e f g h i l Percentage 11,73 0,92 4,51 3,75 11,79 0,94 1,63 1,54 11,29 6,50
Char m n o p q r s t u v z Percentage 2,51 6,88 9,82 3,05 0,51 6,38 4,98 5,62 3,01 2,10 0,49
Chars frequency within an Italian text The figure shows the typical chars frequency within an Italian text. An intruder that intercepts a ciphered message usually may have informations about used encoding mechanism but not about key. Therefore, it is crucial that security of the cryptographic method is only based on key secretiveness and not on method one so key must be stored jealously). Furthermore, a cryptographic method must allow a large number of different keys and, at the same time, it must be hard to retrieve the key using a limited number of attempts. Number of keys is usually a big number but it is not infinite; therefore, as the attacker knows the cryptographic method, he can try all the possible keys to find the right one sooner or later. According to previous concepts, each cryptographic method can be attacked in principle but this does not imply that it is easy to do it in practice. We can conclude that security of one given cryptographic method is valuated according to both time and processing resources needed to retrieve informations about the clear message; generally, we cannot assert if one method is secure or not but we only can evaluate its security level referring to the specific usage context. C.4.2.2a Secret key algorithms Several cryptographic algorithms have been proposed; they can be classified into two main categories: secret key algorithms (also known as symmetric algorithms) and public key algorithms (also known as asymmetric algorithms). Referring to the first ones, two users A and B that want to communicate reservedly share a secret key between them and they use this key to both encode and decode messages. In this case, it is required that only who knows the secret key is able to encode and decode. The required fundamental property is that knowing the encoding key does not provide any information about the decoding key. There are several secret key algorithms currently used. A very common algorithm is known as DES and it has been proposed on years 80’s. DES original release encodes blocks of 64 bit and it uses key of 56 bit. There are about 66 billions of different 56-bit keys. This number of keys was suitable twenty years ago when the processing power was limited; today it is much small in order to resist to the attacks of the current computer. To solve this problem they have been proposed successive releases of the algorithm that use key of 112 or 168 bit; these ones increase the security but they makes the algorithm less efficient. This and other limitations have suggested usage new methods usage. The new standard recently proposed is AES . AES can use keys between 128 and 256 bit and it can be efficiently implemented on devices with limited memory and processing power; this allows using it on devices like smart-card. Secret key algorithms require that both sender and recipient share the same secret key. This places the following problem: how to agree the key especially if the two users are the computers of Alice and Biagio that they are talking in chat and they live in different cities. A secure option is obviously to meet in order to agree the key but this could be not possible due to practical and / or economical reasons. Another limitation is the following: if the user want to communicate with others N users using a secret key method it needs N keys, this places the problem to use every time the appropriate key.
Secret key encoding and decoding The figure shows both encoding and decoding procedures using a secret key algorithm; let us note that it uses the same key to encode and decode
C.4.2.2b Public key algorithmsEdit
A public key algorithm associates to each user A two distinct keys: a public key KP_A used to encode and a secret key KS_A used to decode. These keys are distinct and they are generated at the same time. Public key can be published and used by anyone wants to communicate with A. Only A, that knows the secret key KS_A, is able to decode messages that have been encoded using KP_A. A public key algorithm corresponds to a particular padlock that uses 2 keys, one to close and another one to open the padlock. Closing key is distributed publicly and anyone is able to close the padlock; opening key is unique and only one subject, which is the message recipient, has the key able to open the padlock.
Security of one public key method is based on the following property: knowing user’s public key does not provide any information about user’s private secret key. From a mathematical point of view, decoding function inverts the encoding one. Therefore, a public key method requires that decoding function is easy to calculate knowing private key. If private key is unknown, the decoding function can be found only trying all the possible keys even if the encoding function is known. Actually, the most common public key algorithm is RSA. RSA uses a variable length key: currently, the most common values ranges between 512 and 4096 bit. RSA encodes data blocks whose size is equal to key size. We remember that increasing key size also increases both encoding and decoding duration.
Using public key methods requires the absolute certainly about knowing of the used public keys. Therefore, it is needed a mechanism to avoid that intruder provides a false information about recipient’s public key. To solve this question, certification authorities are used. These ones carry out a notarial activity and they assure the correctness of the user’s pubic keys. When Alice needs the Biagio’s public key, she asks it to the certification authority. This one replays to the request assuring the information correctness. When Alice needs the public key of another user, she repeats the procedure. In addition, it is needed that communication between Alice and certification authority must be protected by eventual wiretap.
Public key encoding and decoding The figure shows both encoding and decoding procedures using a public key algorithm; let us note that it uses different keys to encode and decode.
C.4.2.3a Digital signingEdit
Message sign unequivocally certifies that subscriber has signed the document and this one is authentic. In case of autograph signs, the main method to certify the sign authenticity uses a secure authority (a notary as an example) that attests that sign is authentic. Appending authentic digital signs over electronic documents allows a significative increase of Internet usage. In fact, it is possible to assure the legal validity of one document as an example signing agreements without notaries. Digital signing of one given electronic document is separated by document itself like to autograph signs. However, unlike these ones the sign is a bits or chars sequence. Digital sign of one given message must depend on both subject that signs and message itself. In fact, digital sign appended by others subjects over the same document must be different (otherwise, how to identify the subscriber?). Furthermore, if the sign is always the same independently by document to sign it is easy replay it on whichever document. For these reasons, digital sign must be satisfy the following properties: only the subject that signs must be able to sign but anyone must be able to check the sign validity. These properties imply that it is not possible that both an intruder can fake a digital sign and repudiating the sign. In this mode, in case of legal argument about sign authenticity, judge is able to establish this one with certainly. Digital sign calculating and checking require both processing activities executed by subject that signs and one that checks. In particular, we will analyze in the sequel case of Alice that signs a message m; in order to simplify, we will assume that Alice wants to sign the message without requiring message secretiveness (she does not need a cryptographic encoding). Alice uses a signing function that makes a chars string f that will be the Alice’s sign appended to the message. The sign f depends on both message and a secret information that only Alice knows. Biagio receives both the message m and its sign f; in order to check the sign authenticity, he applies the checking procedure to both message and sign. Results of this check are only two: sign valid o sign false.
C.4.2.3b Message digestEdit
Digital signing is made using a public key cryptographic system. We will suppose to have a public key cryptographic method with KP_Alice and KS_Alice the public and secret keys of Alice respectively; also, digital signing is based on message “digest” calculation; to sign the document, only the message digest is encoded and not all the message. Digital sign is the message digest that has been decoded by sender’s private key; message recipient encodes the received sign using the sender’s public key. Usually, message digests are lengths of few hundred of bits (as an example, the SHA standard uses digest of 160 bit). In this mode, message sign is short (one row, as an example). There are several methods to calculate message digests; these ones are also known as hash methods. An hash method takes as input a variable length message and calculates fixed length bit sequence that depends on all the message and appears as a random sequence. To allow sign checking, the calculation method of message digest must be public and known by anyone. Now we will analyze the requirements of message digest calculation. First, message digest calculation must be quick in order to sign also large documents in a short time. The aim of the second requirement is to avoid sign faking. Let us observe that if two documents have the same digest they have the same sign. Therefore, an intruder that knows the sign appended to the document will be able to fake the sign of another document that has the same digest. Referring to a method that calculates message digest, we have a collision when two documents have the same digest. As signs of two documents that have the same digest are the identical, digest calculation methods are designed to make very unlikely for the intruder to find a collision using a finite time (as an example 100 years ). In particular, digest calculation methods must base the calculus on the entire message; furthermore, it is required that two similar documents must have not similar digests. SHA method is a standard to calculate digest; it uses 160-bits digests and there are not known collisions.
Signing using message digest The figure shows the two steps of the signing procedure. Initially, it is calculated the message digest using an appropriate hash method. Then, sender encodes this digest using his private key; also in this case the figure assumes RSA as public key cryptographic protocol.
Sign checking using message digest The figure shows checking procedure about digital sign correctness in case of message digest usage. Message recipient receives message and its sign; he encodes this one using sender’s public key and the same cryptographic method obtaining digest of the original message. Furthermore, he calculates the digest of the received message. Sign is valid if and only if the signed digest is equal to the calculated one.
C.4.2.3c Sign faking attacksEdit
We discuss now a possible attack placed to fake the signs obtaining a false document that has the same digest of the original one; therefore, the documents will have the same sign. For each digest calculation method always exist two documents that have the same sign. In fact, the number of possible digests is finite (using 160 bits this number is 2160). As the number of possible documents is infinite, the number of documents the have the same digest is necessarily infinite. An intruder wants that Alice signs an unfavourable agreement; he can place the following attack: 1. He prepares 2 versions of the agreement: M favourable to Alice and M’ unfavourable to Alice 2. M’ is altered using little changes (e.g. adding spaces, using synonyms, changing punctuation marks,…) until then intruder obtains a document F that has the same M’s digest; F is an agreement that is unfavourable to Alice 3. Sign that Alice appends to M is also usable for F: the intruder has reached his aim! Let us note that if the intruder makes random documents he must make many documents; in fact, choosing randomly two documents the probability that they have the same digest depends on digest size: using 160-bits digest this probability is 1/2160. Let us note that this attack can be placed independently by digest calculation method. For this reason, it is required that it must be very hard to find two documents with the same digest and not that it must be impossible to find them. We now discuss the possible number of messages that the intruder must averagely generate to reach his aim. A problem analysis based on probability calculus, shows that using 160-bits digest the intruder has a good probability to obtain the two document copies G and F with the same digest if he makes 280 copies of M and 280 copies of M’. In this mode, the intruder makes 281 documents. Applying the same analysis on 64-bits digests (in place of 160 bits) then he must make only 233 documents (averagely; they are about 8 billions of documents). Although this number of documents is very high, it can be generated in a short time using automatic tools. For this reason, in addition to the difficulty to find two documents with the same digest, it is also required that digest has a sufficient length. C.4.2.3b Message duplication issue Signing method that we have previously described has the following property: only who knows the private key is able to calculate the message sign but anyone that know the public key can check the sign. In other words, only one subject is able to sign but anyone is potentially able to check the sign. Therefore, we could assert that this method can be used “as is” without additional changes. However, if the method is applied “as is” it does not avoid the possibility for the intruder to send multiple copies of the same encoded message. Let us suppose that Alice sends to her bank the following message: “please transfer 10 Euros from Alice’s account to Mario’s account”. The message is signed using the Alice’s private key so only Alice has been able to sign it and the bank can execute the Alice money transfer order. Let us consider what happens if bank receives two copies of the same message. In this case it must transfer 10 Euros or 20 Euros from Alice’s account? If it transfers 20 Euros then the intruder could transfer a large amount of money to the Mario’s account simply replying several times both message and sign. Let us note that the intruder does not make the message sign as he only resend it. It is possible to solve the issue previously described avoiding that two equal documents will be signed; in this mode, we will avoid to have two documents with the same sign. There are several complex methods designed to this aim, but the analysis of these ones is out of the scope of this learning object. Here we will show a simple method that allows avoiding equal messages to sign: we require that each message to sign includes both sending date and time (timestamp, with minutes and seconds); in this mode, each equal messages pairs will differ on timestamp field. Therefore, we avoid the possibility to send two identical messages, as they will differ almost on exact sending time. Taking account of the digest properties, digests of two messages that differ almost on sending time will be different; therefore, also their signs will be different.
C.4.2.3d Authentication ScenariosEdit
User authentication is important because allows for differentiating between authorized and not authorized users. In this way we can grant the access to data for authorized users but prevent intruder to access system. In the following we consider a scenario where a user, Alice, authenticate herself with another user Bob. This scenario clearly includes also the case where Alice authenticates herself with an information system. It is very important to individuate the adequate tools in order to authenticate users even when intruders can execute operations such as sniffing or spoofing of messages (see the learning unit on network security). To better understand the issues related to user authentication we report some of the solutions that are not adequate for user authentication. Clearly the user can not auto-certify his/her own identity, otherwise an intruder that can do spoofing could easily send messages with a false sender address. Therefore, we will see that it is necessary to use private information and proof the knowledge of such information, without revealing information that could be used by an intruder. The authentication procedures that we present here use private information. If Alice wants to be authenticated by Bob, then we assume that Alice and Bob use private password or a cryptographic system based on public keys. In the first case we assume that the private key is shared by both Alice (that wants to be authenticated) and Bob (that wants to authenticate). When using a public key Alice is authenticated when she shows to know the private key associated to her public key. In this case we assume that the public key is shared by both Alice and Bob, therefore we need to define the modalities that guarantee that users know with certainty the public keys. Both for methods using private key and public key it is necessary to individuate methods that allow to show the knowledge of the private key without revealing the key itself to intruders.
C.4.2.3e Use of challenges for AuthenticationEdit
We assume that the knowledge of the private key is a sufficient evidence for user authentication, However, a main problem is how a user can prove his/her knowledge of the private key without revealing information that intruders could use. A possible solution to this issue is based on the concept of challenges. Let us suppose that Alice and bob share the same private key KAB, which can be used in a specified cryptographic system. A possible authentication procedure is the following: when Alice requests to be authenticated by Bob, Bob sends her a number R that represents the challenge that Bob poses to Alice; if Alice is able to code the number R with the correct private key then Alice prove her knowledge of the private key.
The steps for the procedure are the following:
1. Alice requests to be authenticated 2. Bob sends her a challenge R 3. Alice sends Bob KAB(R) (the challenge R coded with the private key KAB)
In this case an intruder does not know the private key but only the coding of the challenge with the private key. If for any Alice’s authentication request Bob sends a different challenge to code (i.e. the number R is different) then also the challenge coding will be different and thus the intruder can not pretend to be Alice as before. In the following we consider the scenario of user identification with public keys. In this case, we assume that KP_Alice and KS_Alice are, respectively, the public and private (secret) key for Alice. The challenge based procedure presented above can be adapted in this case requiring Alice to sign with her private key the challenge that Bob sent. In particular the procedure is the following: 1. Alice requests to be authenticated 2. Bob sends to Alice a challenge R 3. Alice sends to Bob KS_Alice(R) (the challenge R coded with Alice’s private key); let M be the message that Alice sends to Bob. 4. Bob receives M and uses Alice’s public key (KP_Alice) to code the message KP_Alice(M) (the coding of the received message with Alice’s public key); if KP_Alice(M) = R then Alice is authenticated.
The coding KS_Alice(R) represents Alice’s digital signature of the challenge R. Only a user knowing the secret key can perform such coding. If for every authentication request Bob sends different challenges (i.e. the number R is different each time) then also the corresponding coding will be different, thus an intruder is not able to pretend being Alice.
C.4.2.3f Certification of the Public KeyEdit
A fundamental requirement for the correctness of the above authentication procedure is that the user public keys need to be known with certainty by all other users. For example, assume that Bob does not know Alice’s public key. In this case he is not able to verify Alice’s digital signature to his challenge. A naïve way to solve the problem is for Bob to ask Alice for her public key. This procedure can be easily attacked by an intruder. When the authentication is performed using a public key it is necessary to define the modalities ensuring that all users know with certainty the public keys of other users. X.509 is the standard for authentication. It defines architecture to supply its users with authentication services ensuring the security and authenticity of public keys. In particular X.509 defines the characteristics for a directory to store public keys certifications. Each certification contains various information such as: a serial number for the certification a unique identifier for the user that the certification refers to (the holder of the certification) the public key for the certification holder the identifier of the authority that emits the certification information related to the cryptographic protocols used
The certification is signed with the private key of a certification authority that guarantees the validity of the certification. As discussed in the learning unit on cryptography and digital signature, the issue of public key certification is solved using a central authorization authority that emits certifications for public keys and whose public key is known to the users. The certification authority is a trusted party that guarantees the truthfulness of the information contained in the certification; in other word the certification authority provides the functionality of a notary public.
C.4.2.3g Certificate verificationEdit
The verification of certifications requires the knowledge of the public key of the certification authority. Notice that, in this way, the use of a certification authority implies that the certified knowledge of a single public key allows verifying the public keys of every other user. When a user needs to know the public key of another user, he/she sends the request to the certification authority that emitted the certification. Since the certification is signed with the authority’s private key the certifications can be verified by any user that knows the public key of the certification authority. Moreover, only the certification authority can modify the certifications. Since, we assume that the certification authority is a trusted party we can assume that the information provided in the certification (among which the public key of the user) are correct. Certifications have a limited valid time after which they do not hold anymore. The certification authority can decide to revoke a certification; the reasons for this action can be many, the more significant case is when the privacy of the private key for the user can not be no more guaranteed. X.509 defines, in addition to the management of the public key directory, also authentication protocols. The simplest case is unidirectional authentication. We saw that a method that allows Alice to prove her knowledge of the private key without revealing it is to sign a message containing a challenge sent by Bob. X.509 includes an authentication protocol that uses this concept.
Such authentication protocol comprises the following steps: 1. Alice sends to Bob the authentication request 2. Bob reply providing a challenge R 3. Alice answers to Bob reply signing the message: “I am Alice and I want to be authenticated by Bob at time X of date Y,R” 4. Bob uses Alice’s public key to verify the correctness of message signature, of the time and date and of the challenge he sent.
It is important to use different numbers for each authentication request; to this end usually a random number is used, therefore the message is also called nonce. X.509 provides also a bidirectional authentication protocol. This protocol is based on previously discussed techniques and uses both a challenge and the message sending date.
C.4.2.3h Security LayerEdit
The need to use secure services as user authentication and information privacy is common to several applications. For this reason, a common system called Secure Socket Layer (SSL) was introduced. SSL operates on the transport layer and allows realizing secure applications that uses TCP . In this way, secure services are provided following a standard for all the applications that uses TCP. The services that SSL provides are user authentication, privacy and integrity of messages. In addition, SSL provides tools to signal anomalous situations that could rise when attacks are carried out to security, and, in such cases, stop the communication. The security primitives are used, sometimes only partially, from applications depending on the specific issues that each application addresses. In particular, SSL is integrated in several browsers for navigating the WWW , in applications for secure file exchange. SSL services can be used when developing new applications. SSL is used in client server application scenarios. In particular, the client represents a user that requires a service and that could preliminary ask for the server authentication because it could be damaged if the service it need is provided by a not authentic server. Once the authentication phase has been successfully carried out, the client and the server can use SSL to send private information and/or use the mechanisms to verify messages integrity. In particular, SSL allows the use of many cryptographic protocols based on private key. After the authentication phase, if the client and the server want to use a cryptographic protocol to exchange the following messages they reach an agreement on which protocol to use. To use a cryptographic system based on private keys it is necessary to define the key to use. To do this the client can define a private key, which is valid only for the current session, it code the private key with the public key of the server, and send the message to the server. When the server receives the message it decodes the proposed private key (using its private key) and it now knows the private key to use for the current session. Alternative methods are available, where the private key is jointly decided by the client and the server using an appropriate algorithm.
C.4.3 Domain Name SystemEdit
C.4.3.1 The Domain Name SystemEdit
As mentioned previously, each network node (more precisely, the node’s network card) is identified by an IP address composed by 32 bits. However, users that daily access the Internet identify nodes based on symbolic links, for example www.uniroma1.it, which identifies the Web server of the university of Rome “La Sapienza”. A mnemonic address is clearly easier to remember than a 32 bits string; however, routers can manage and manipulate only IP addresses. The Domain Name System implements a system, based on a distributed database, which translates from symbolic addresses to corresponding IP addresses. Assignment of symbolic names to hosts follows a hierarchical structure. This structure allows an efficient distributed translation of symbolic names to IP addresses. Each symbolic name is a sequence of strings separated by the character ‘.’, for example www.google.it. The substrings are assigned following a hierarchical structure from right to left. Such assignment is usually represented with a tree resembling a file system, such as the one shown in the Figure. In the Figure, the labels in the upper levels (corresponding to rightmost substrings in the symbolic name) are assigned from an international authority the IANA . Such labels identify the main domains. Regional or national organizations are responsible for the sub-divisions of such domains in sub domains and so forth. For example the domain .edu refers to US universities. Under the .edu domain the sub domain nyu.edu refers to the sub domain of the New York University, .brown.edu identifies the sub domain for Brown University etc.
The DNS is a complex system comprising the following main components: • A distributed database that contains the associations among symbolic names and IP addresses, organized in a DNS server hierarchy. • A protocol (the DNS protocol) used by the hosts to query DNS servers and obtain IP addresses from symbolic names.
Each DNS server contains a database of associations among symbolic names and IP addresses. Each association is described by a resource descriptor, which contains, among other information, the symbolic name and the corresponding IP address. Notice that the generic DNS server does not contain all possible associations, while this is true for the whole Domain Name System.
C.4.3.2 DNS: Address ResolutionEdit
The DNS uses several servers for addresses translation. The servers are organized according to a hierarchical structure and are distributed across the whole world. No single server can translate every possible symbolic name, while this can be guaranteed by the whole system. We can distinguish three main types of name server: - Local name server: each ISP has a local name server. When a host needs to translate a symbolic name it first sends a query to the local name server. The local name server is always able to translate at least all the symbolic names associated with hosts that are managed by the same ISP. - Root Name Server: when a local name server fails to resolve a symbolic name, it queries a root name server. A root name server might not be able to resolve the requested symbolic name but will know how to channel the query to other servers so that eventually the query will reach an authoritative name server which will be able to resolve the address. - Authoritative name server: each host is registered under an authoritative name server, which is always able to resolve the symbolic name for the host. This is usually the local name server for the ISP that the host refers to. The address resolution process follows a client-server model. Initially, the host that needs a name resolution acts as the client, sending a DNS query to its local name server, using UDP . If the local name server is able to resolve the symbolic name immediately send back an answer to the host with the corresponding IP address. Otherwise, the local name server sends a DNS query message to root name server. The root name server will be now responsible for the address resolution, and will send back the answer to the local name server that will then channel the information to the originating host. To resolve the address the root name server might need to query an authoritative name server. Each time a name server receives a symbolic name association that was unknown before it stores a copy into its local database. In this way, the name server will be able to directly serve future queries for that symbolic name.
Symbolic name resolution The Figure shows an example where a host (lynx.pavia.libero.it) needs to resolve a symbolic name (www.dis.uniroma1.it). This can happen, for example, when a user for the host points the browser to the web page www.dis.uniroma1.it/index.html. In this case, the browser generates a DNS query to resolve the URL name (www.dis.uniroma1.it). In the example, neither the local name server nor the contacted root name server are able to resolve the name. The local name server contacts the root name server, which, in turns, contacts the authoritative name server to resolve the symbolic name. Arrows and numbers show the order and the direction of query and answer messages. In particular, in the example, odd numbers correspond to query messages while even numbers correspond to answer messages. Finally, the host lynx.pavia.libero.it receives the required IP address: www.dis.uniroma1.it --> 184.108.40.206
C.4.4 The World-Wide-WebEdit
C.4.4.1a World Wide WebEdit
One network is made by interconnected computers that are able to communicate. Networks may have different extensions according to both number of users and their geographical locations (as an example, the expression “local network” refers to a network that interconnects computers that are near, very often in the same building). Internet represents the worldwide public computers network and it is based on IP protocol usage as network layer protocol. A computer that is connected to Internet is able to communicate with any other connected computer. Number of connected computers is continuously growing and it is greater than one billion when this page has been written. Internet provides several services to the connected computers (electronic mail, chat services, documents transfer, etc…). The World Wide Web (or simply Web) is the most common of these services. Often, it is improperly used as Internet synonym. The expression “World Wide Web” (or simply “Web”) is commonly used to point many objects indifferently that are often very different among them. It represents an Internet service. Although this service has been recently proposed, its simplicity and usage scopes are make it the most common Internet service. World Wide Web is a distribute application that allows both documents exchanging and viewing using a computer program said browser. These documents are also known as “pages” and remote computers that are connected to Internet host them. Using the browser, user can access to a page (also known as home page) specifying its address. This page is stored on computer memory and usually contains either the organization name or the subject name that is responsible for page contents. Usually, the page contains several hypertext links (also known as links) that allow accessing to other pages that can be stored on different computers (even if very far among them). The “Web” term is sometimes used to point the set of both pages and hypertexts links among them. Web involves many elements; the most important are: a standard that specifies the documents format (that is defined by HTML language; an applicative protocol to exchange pages between remote computers (HTTP ) a method (URL ) to assign to each page a unique address allowing easily access to the page
C.4.4.1b Network applications and client-server modelEdit
C.4.4.4a HTTP The HTTP (described in RFC 1945 and RFC 2616) is the protocol used to exchange web pages. A web page comprises a series of objects, where each object is a file. The files that constitute the web pages are usually images, audio or video files and HTML files. Usually, all the objects contained in the web pages are referenced by an HTML file through an URL . Using the HTTP web pages can be transferred from a server to a client. The HTTP client is a browser, i.e. an application that is able to interpret web pages showing them to the user. The HTTP server is the web server that provides the web pages requested by the clients. The HTTP regulates the exchange of information between server and client, defining how the client requests the web pages to the server and how the transfer is carried out. The HTTP is based upon TCP. The client opens a TCP connection with the server and sends messages requiring the web pages. The server receives the client requests, and transfers the required web pages. The data transfer between server and client is managed by the TCP that guarantees a reliable data transfer. This means that the HTTP does not need to consider the possibility that a message might be lost during the data transfer, but rather delegates the TCP to manage such issues, assuming that a message sent by a computer will always reach the other computer without any error. The HTTP is stateless; this means that the server does not maintain any trace of the client requests. Let us suppose that a client request the same page twice, the server will behave exactly in the same way for both requests. Being stateless the HTTP is a very simple and easy to implement. There exist two main versions for the HTTP: HTTP/1.0 and HTTP/1.1. The main difference between the two versions is that HTTP/1.0 always a not persistent connection between the server and the client. A single web object is sent for each TCP connection. On the other hand the HTTP/1.1 uses a persistent connection.
Message exchange between a server and a client The Figure shows the phases for information exchange using the HTTP. The RTT is the time interval that goes from when the client sends a message to when it receives the reply from the server. When a new TCP connection is opened there will always be an initial RTT.
C.4.4.4b The different versions of the HTTP Let us focus on the steps that underline the web page exchange when using HTTP/1.0, i.e. using a not persistent connection. Let us assume that the client requests a web page referenced by the URL www.uniroma1.it/studenti/index.html. The web page comprises an HTML file and 5 figures referenced in the HTML file. 1. The HTTP client opens a TCP connection with the server www.uniroma1.it using port 80. 2. Using the TCP connection, the client send an HTTP request message that contains the path /studenti/index.html 3. The HTTP server receives the message through the TCP connection, retrieves the object /studenti/index.html, encapsulates the object within an HTTP message and sends the message to the client using the TCP connection. The server now closes the TCP connection. 4. The HTTP client receives the message, opens the HTML file and finds the references to the 5 images contained in the web page. 5. The first 3 steps are now repeated for each of the 5 objects to download. After all the transactions have been carried out the client received all the objects contained in the web page. The connection used is not persistent because the server always closes the connection as soon as it sends an HTTP reply message to the client. For each object a new TCP connection is established. The requests to transfer the 5 images could be sent in parallel, i.e. without waiting for the complete transfer of each image. Using a not persistent connection has the significant drawback to open a new TCP connection for each object to be transferred. This implies a higher data transfer time for the object due to the time needed to open the TCP connection. Moreover, each TCP connection has to be managed by the computer. Therefore, if the server needs to manage many parallel requests by several clients it can be easily overloaded. HTTP/1.1 uses a persistent connection to avoid the aforementioned problems. Using a persistent connection the server does not close the TCP connection after sending a reply, but waits until the connection is not active for a given amount of time. The client sends all the requests for the same server on the same TCP connection. In this way, the management overhead for the TCP connection is much less, allowing the server to manage more requests in more efficiently.
C.4.4.4c Additional features of the HTTP HTTP is a stateless protocol; the server does not store any information regarding the clients for which it manages the requests. This results in a very simple protocol and allows the server to manage many requests from several clients. However, in many cases it can be useful to keep track of the client that access web pages, for example to limit the access to private data. To handle such cases, two main modalities can be used: 1. Authorization 2. Cookie
Authorization is based on a username and a password that the server requests to the client in order to grant the access to specific pages. Cookies (defined in RFC 2109) are an alternative way to keep track of user requests. When a server, using the Cookies mechanism, receives a request from a client, it creates an identification number for the user (e.g. 1786543), and it inserts in the reply message a heading line that requires the client to register the created Cookie. The browser will then register the Cookie in a specific file that it manages. The registration comprises the name of the server and the identification number created by the server. Each time the user access a site, the browser checks the Cookie file and insert into the HTTP requests a heading line that specifies the Cookie assigned to the user by the server. To make HTTP data transfer faster a very frequently used mechanism is caching. When caching is used the browser stores locally the object downloaded from the server. The browser checks whether the user wants to access objects that have already been stored, and if it is the case, it retrieves the objects from the local cache without sending HTTP requests to the server, thus avoiding generating useless traffic over the connection. A very important point is that objects stored on the server might change over time. HTTP includes a specific mechanism that allows for caching maintaining updated information. In the reply message the server specifies the last date of modification for the object that it is sending to the client. The client stores the object registering the last modification date. When accessing again the same page the client specifies the last date when it downloaded the object. The server checks whether the object was modified after the date specified by the client. If this is the case it sends the object in the reply message. C.4.4.4d The Web pages Accessing web pages is one of the most important activities for Internet user, because if offers a simple and interactive way to retrieve information which are distributed over the whole world. A web page is a document written in a particular language, HTML, which is accessible over the Internet using an URL. Web pages are accessed using the browsers. Browses are programs that connect to the Web server and visualize the Web page content. The URL represents the information that allow locating the page; in particular a URL contains the address of the page and the protocol type that the browsers have to use. The web page can contain information of different types: text, images and other multi-media data, links to other web pages. The HTML language specifies the modalities that the browsers must use to visualize the page. Web pages can contain URLs of other web pages; in this way web pages can point the users to logically connected pages, in a very fast and simple way; this important aspect makes a web page a hyper text. In the following we examine, in detail, URL and the HTML. A URL specifies a resource (such as for example a web page or a file) that is available over the Internet providing the address of the resource and how the resource should be accessed. In particular a URL provides three main information: 1. where the resource is located; 2. the resource that the URL locates; 3. which transfer protocol can be used to access the resource. Most of the time the required resource is a web page and the browser can access the web page that the URL locates and visualize it. Every web page has only one URL. In particular, when the URL of a web page is selected, the browser retrieves the IP address of the computer, specified in the URL, using the DNS. The browser sends a request to establish a TCP connection with the computer that hosts the resource; the browser is the client of the TCP transaction that requires the access to the resource that the URL locates and the resource host is the server. When the TCP connection is established the server sends the file specified in the URL. The file is transferred using the protocol specified in the URL; for web pages the protocol used is the HTTP. C.4.4.5 Universal Resource Locators A generic example for the URL of a web page is the following: http://www.dis.uniroma1.it:80/index.html The first part http:// specifies that http is the protocol to use to download the resource. The second part www.dis.uniroma1.it specifies the Internet address of the desired page, indicating the domain name dis.uniroma1.it and the domain host www. The third part :80 represents the port to which the browser connects. Finally, the fourth part, index.html, specifies the name of the page. This last part can be more complex and requires the specification of a path to locate the resource within the specified domain such as http://www.dis.uniroma1.it/research/ai.html. Notice that, it is not always necessary to provide a complete specification and we can omit some information. In that case the missing information are assumed to have a default value. In particular, with respect to the previous example, we can omit www that is the default host, the port specification, because 80 is default port for the HTTP, and index.html, default name for web pages. Therefore the URL http://dis.uniroma1.it is equivalent to the previous one. In most of the case the URL are used to obtain web pages, but this is not the only possible use of URL. We can define URL for different types of data which are available over the Internet. The URL can specify different communication protocol that the client needs to use to obtain the specified resource. A drawback of the URL mechanism is related to the intense traffic of web pages requests that millions of users can easily generate. A single always URL refers to a specific file on a specific computer. If there are many URL that refers to the same resource (as it is frequently the case), there can be a very high number of accesses to the computer that hosts the resource. This can create congestion problems with unavoidable delays for user accessing the resource. The problem is that it is not possible for a single URL to specify only the resource without specifying where the resource can be found. To avoid this there exist ad-hoc mechanism, which are external to the URL mechanism, such as for example redirecting users to different computers. C.4.4.6a The HTML HTML is a universal standard to visualize (or to format) documents over the web: specific commands specified inside the document allow to the browser to correctly visualize the document. HTML is a language that uses marks (or tags) to describe the text format. The term “mark” or “mark up” derives from the common practice in traditional publishing to “marking up” a manuscript, with annotations that describes printing instructions. In HTML tags represent instructions on how the document should be visualized. For example the tag indicates that the following text should be visualized in bold, while specifies the end of the bold visualization modality. All the text inserted between and will be shown in bold by the HTML interpreter. In particular if inside an HTML document we write:
..... The HTML language uses tags to specify the text format ....
The browser will visualize the word tag in bold and all the remaining text in normal font. HTML is a specialization of SGML . SGML is a meta-language to specify language based on tags, it provides the directives to define a language based on tags that respects specified standards.
Let us see now, how to create a simple html document. The name of the document is foo.html. Initially, using any text editor, we insert the text shown in the Figure; then we save the file with an extension .html or .htm (for example foo.html). Notice that all the text which is between <html> and </html> represents the web page. The web page can be divided in a heading and a body. The heading is specified using the tags <head> and </head>. The text inserted between these tags will be visualized in the upper bar of the browser. The body of the web page is specified is specified using the tags <body> and </body>. In most cases the HTML tags are <x> and </x> (where x specifies the tags) and indicates to the HTML interpreter respectively the beginning and the end of a specific formatting modalities. However, the ending tags are not necessarily present for all the formatting modalities
First example of a HTML page The page comprises a heading and a body. The heading is specified using the formatting tags <head> and </head>: all the text that is contained between these two tags will be visualized on the top bar of the browser. The page body is contained between the two formatting tags <body> and </body>.
C.4.4.6b Main formatting instruction for the HTML The body of an HTML page can contain many formatting instructions; in the following we describe the most important. On of the main characteristics for HTML pages is the possibility to refer to other HTML pages using links. For example, the text <a href="http://www.google.com"> Google </a> defines a link to a web site and can be visualized in the web page as www.google.com. In particular, the URL for the web site is specified as an attribute of the formatting tag <a> that indicates the formatting instruction for a link. An attribute for a formatting tag comprises the attribute name and the attribute value (name = value). The attribute name for a link is href and the value is the URL for the web page the link is referring. The text “Google.com” is visualized by the browser and formatted as a link. The text can be clicked by the user. When the user clicks on the text the browser is pointed to the URL indicated in the link, and therefore the user can visualize the referred page.The HTML allows defining different types of lists. For example, the formatting tag for an unordered list is
- that begins the list formatting and
Finally, it is possible to specify images inside HTML pages. The formatting tag to specify where an image should be loaded is <IMG>. The image to visualize is specified using the attribute SRC = image-path. SRC is an attribute of the formatting tag IMG and the value is the path to the image file. It is possible to specify other attributes for the formatting tag IMG, such as WIDTH and HEIGTH that specifies respectively the width and the height of the image to visualize. For example, the following formatting instruction: <img src=” images/mylogo.gif” width=”200” height=”100”> inserts the image specified in the file mylogo.gif, using a window 200 pixels wide and 100 pixels high. C.4.4.6c HTML Forms The formatting tags that we saw up to now, allow writing web pages that can be visualized by HTML interpreters. In this way the communication between the HTML page writer and reader can be only in one direction. In many situations it is necessary to have a bidirectional communication. HTML allows realizing a bidirectional data exchange between writer and reader using the form instruction: the form instruction allow the user inserting data in a HTML page and sending the data to the web server. The user can insert information in two main modalities:
• Filling predefined fields; the predefined fields are part of the web page, and the user can insert text in the corresponding fields. • Selecting a button that signal an option; the options are present in the page and the user selects a specific option clicking on the corresponding button
Data inserted into forms must be sent back somehow to the web page designer. The data transfer modality is specified by using attributes of the <FORM> formatting instruction. The METHOD attribute specifies the data transmission method, while the attribute ACTION specifies the URL to send the data. When the user submits the data, by pushing the submit button, the browser establishes a TCP connection to the address specified in the URL indicated by the attribute ACTION. If the GET value is specified for the attribute METHOD, data are simply appended to the URL. Data are separated from the previous URL string by using the character “?”. The attribute NAME of the <INPUT> formatting instruction is used to separate the different inserted data. The different field values are separated using the character “&”. A drawback for the GET method is that the URL string can quickly become very long; despite this problem GET is very frequently used because it is extremely simple. Another data transfer modality can be specified by using the method POST. When the POST method is used, a message is sent to the address specified in the URL indicated inside the ACTION attribute. The message body contains the specified data, using a text standard. For example, the “&” character is used to separate the fields.
C.4.4.7a Dynamic applications Previous sections have been introduced simplest service available within WWW : a particular application (browser) running on user host uses HTTP protocol in order to request a specific resource (e.g. a file with HTML code, an image, a videoclip,…) to another application (web server) typically running on a remote host. Server application, after resource retrieving, forwards back this one to the browser using again HTTP protocol. Browser uses the server-retrieved resources in order to generate (locally) page visualization (rendering); in particular, it interprets HTML code in order to define both page structure and its graphical items. In this section, we will show several extensions to this base service.
The service model that we have showed previously is substantially static: web server simply retrieves resource from file system and forwards back it to the browser without any additional logic; on the other hand, browser simply graphically shows the resource to the user using specifics modules (plug-in) to handle specific objects (e.g. Macromedia Flash® animations, Java applet...) In order to extend the potentialities of the service provided by both browser and web server, it has been introduced the possibility to bring applicative code execution on client and / or server machine within a request / response HTTP transaction; page structure and its content will generally depend on this additional pre-processing activity (web mail applications, home banking,..). Client application (browser) can be programmed to execute applicative code before, during and after page visualization; in the following, we will refer to this possibility using client side programming expression. Server application can be programmed to generate the page requested by user dynamically allowing both contents and offered services customization; in the following, we will refer to this possibility using server side programming expression.
The expression “server side programming” refers to the development of applications for the dynamic contents generation in order to distribute them using a Web server. Server side programming is most commonly used to access to databases through a Web interface, to authenticate users and to customize the associated contents.
An example of browser – web server interaction The figure shows the operations sequence activated by both browser and web server after that the first one requests a HTML page. It refers to the simplest case: server forwards back the requested page retrieving this one from file system without any additional processing; client simply requests all the page’s objects and after shows it.
C.4.4.7b Server side programming Main idea is the following: after each HTTP browser request, Web server does not simply retrieve the resource from file system to forward it to the client but it executes a pre-processing activity in order to either fulfil or fully create the resource to forward back. In other words, the HTML returned to the client by Web server, as well as statically retrieved from file system can be: retrieved by file system and fulfilled by an additional Web server pre-processing activity that it runs before page forwarding [dynamic service]. The following technologies are solutions examples that refer to this model: JSP , PHP e ASP (server side scripting); fully generated at request time [dynamic service]: usually Web server runs external program to generate the data flow expected by client (HTML code, images,…). The following technologies are solutions examples that refer to this model: CGI scripts and Java servlets. We have above described two server-side programming techniques that differ not only on the interaction model between web server and contents generator module but also on logical position of the applicative code.
CGI was one of the first adopted standards to interface a Web server with an external program; CGI programs, also known as CGI scripts, are independent by the underlying particular software platform. Its specifics describe a standard interface that Web server has to use to forward browser requests to the CGI script and to return responses from this one. When Web server recognizes that request refers to CGI script invocation, it runs the script passing it the needed parameters; these ones are in part obtained from HTTP browser request and in part calculated by Web server. CGI program’s output (e.g. HTML page, image,…) is sent to the standard output flow and from here is forwarded to the browser.
Servlet is a Java class that has complete methods to handle both HTTP requests and responses; one servlet fully handles the request generating the corresponding resources (HTML pages, image,…) like to CGI script.
JSP technology integrates the servlet concept with the server-side scripting techniques. One JSP page is HTML code that contains Java sections code that are delimited by pseudo-tag <%>; at first request, containers compiles automatically the JSP page into a servlet that has the same behaviour and it is more efficient from the computational point of view.
An example of JSP page The example shows a simple example of JSP page; it is possible to observer that Java code is directly integrated into HTML page and it is delimited by pseudo-tag <%>; container will replace it with HTML code at request time. A fraction of the rendered page will be static while the remaining contents will be generated at request time dynamically.
C.4.4.8 Client side programming An important extension of the browser base functionalities is the possibility to run applicative code received as page component; the expression client side programming refers to development of applications designed to be run within browser environment. This involve important security issues evidently: the actions set that this class of applications can execute must be necessarily controlled and limited in order to avoid that bad code is easy propagated on WWW. Two approaches are commonly used about client side programming: using script languages(client side scripting); using browser extensions (plug-in) to execute applicative code.
Referring to browser extensions, the applicative code is not run directly by browser but using additional and specifics software modules that extending its potentiality. In particular, code to run is handled by browser as any other page object: however, when it is retrieved the corresponding plug-in is invoked in order to handle it. The HTML tag that allows identifying this type of object within page code is <OBJECT> (with the exception of Java applets). Some examples about this approach are the ActiveX controls within Microsoft Windows® environment and the of Java applets. Referring to the last ones, browser uses the Java Virtual Machine as executing plug-in and the corresponding HTML tag is <APPLET>. Applets are Java applications running within Web pages: if browser shows a page that contains an applet, this one is run by Java Virtual Machine (JVM ) and its visual output is enclosed within a browser rendering area.
An applet example The figure shows the code of a simple applet, the HTML code that takes in the applet and page rendering. The applet is compiled into AppletExample.class. HTML code calls the applect execution using tag <APPLET> specifying both size of applet visualization area (using the attributes HEIGTH and WIDTH) and the initial value of the parameter “text” (using the attributes PARAM); in particular, the applet prints value of this parameter that is set by browser.
C.4.5.1 The Electronic Mail serviceEdit
Electronic mail (e-mail) is of the most important and widely used Internet applications. Using e-mail users can exchange messages in a very similar way to conventional mail. With respect to conventional mail e-mail has significant benefit such as the fast delivery and the extreme low cost of message distribution. The main components for an e-mail service are shown in the Figure: E-mail client (or user agent); E-mail server ;
Each e-mail client always interacts with an e-mail server. An e-mail server can interact with one or more clients and with other e-mail servers. Clients and servers interact among them using specified protocols, the main protocols are: SMTP POP IMAP
SMTP is the first developed e-mail protocol (identified by RFC 821) SMTP allows for exchanging e-mail messages both between a client and a server and between two servers. Therefore it constitutes the main building block for the e-mail service. The other protocols (POP and IMAP) are used together with SMTP to exchange messages between a client and a server. In particular, POP and IMAP manage only transaction from the server to the client. An e-mail client is essentially a program providing an interface between an e-mail server and the user. The main functionalities that an e-mail client must have are connecting to an e-mail server, sending and receiving e-mail messages, composing, editing and displaying e-mail messages. The interaction with the server is realized using the following protocols: 1) SMTP, to send messages to the server; 2) POP3 and/or IMAP to receive messages from the server;
As for message management the client can provide the user with a GUI or a text interface. An e-mail server is an application that manages message delivery to users. A serve delivers an e-mail message by sending it to another appropriate e-mail server. The main components for an e-mail server are the users’ mailboxes and the message queue of messages to be delivered. Mailboxes are used to store messages received by users, each user has his/her own mailbox. The outgoing message queue temporary stores messages that need to be sent to other e-mail servers. The protocols that an e-mail server must implement are: 1) SMTP to send messages to other e-mail servers and to receive messages from e-mail clients. 2) POP3 and/or IMAP to send messages to the client.
Protocols used for the e-mail service The client uses SMTP to send e-mail messages to the server; it uses POP and IMAP to receive messages. Interactions between servers are always been carried out using SMTP.
C.4.5.2 E-mail message formatEdit
E-mail messages, to be correctly managed, must conform to a standard format. The format standardization allows the e-mail servers to obtain the information necessary for the message delivery, and the e-mail client to visualize the message to the user more conveniently. The standard format used in the Internet (identified by the RFC 822) indicates that each message must be divided into a message header and a message body. The message header contains fields that mainly specify information for the message delivery and information on the message itself. Each field comprises a field name, followed by column, and the field value. For example the field To and From, specify information for the delivery of the message, and, in particular, they specify the sender and the receiver of the message respectively. The field Subject contains additional information related to the message, such information is used for example by the client to better visualize the message to the user. Finally the message body contains the data for the message coded using the ASCII coding. The two message parts (header and body) are separated by a blank line The previously specified format is suited to manage ASCII coded messages, but it is not sufficient to send messages with non ASCII character. This is a significant limitation because the format does not allow sending e-mail messages with special characters and does not allow sending messages with multi-media extensions, such as pictures, movies or audio files. The proposed solution to this is MIME. MIME comprises additional fields in the message header, defining rules for coding not ASCII messages. The additional fields for MIME are: 1) MIME-version: identifies the MIME version used; 2) Content-Transfer-Encoding: identifies the transfer modalities for the message; 3) Content-Type: identifies the type of the message;
Message with MIME fields The Figure shows a message with MIME fields. MIME fields indicate the MIME version used the Content-Transfer-Encoding and the Content-Type. The Figure highlight that MIME fields are an extension of the message header.
C.4.5.3a Multipurpose Internet Mail ExtensionEdit
Two main fields for MIME are the Content-Type and the Content-Encoding-Type. The Content-Type is used by the e-mail client to decide the correct actions to take in order to visualize the message. For example, if the Content-Type of the message is JPEG , the client can start a JPEG visualization routine and correctly visualize the image. The field Content-Transfer-Encoding is used to specify to the client which decoding it needs to use on the message before performing other actions. In fact, even the multi-media extensions must be coded in ASCII with 7 bits in order to bit transmitted with the SMTP protocol. Any message that is not in ASCII format needs to be coded before sending it and decoded when received. One of the most used coding methods is the base64, which transform a message into an ASCII 7 bits format by considering the original data as a binary stream of data. The base64 method processes the data dividing them in groups of 24 bit. Each group is the divided in 4 nits of 6 bits each. Each 6 bit unit is then coded and sent as an ASCII character. Since ASCII coding requires 7 bits some of the ASCII characters will never be used to code the message data. Some of these characters can then be used to represent specific information about the message. For example the ASCII sequence “==” is used to represent the fact that the last group contains only 8 bits. The Content-Type field has the following syntax: content-type: type/subtype;parameters, where parameters are optional. The type specifies the nature of the data, for example image for images, while the subtype specifies a particular subclass to which data belong, for example GIF o JPEG. When MIME was designed seven main types were defined, among them the most interesting are text, image and application. The type text/plain is used for simple text that need no coding and can be directly visualized by the client, while the subtype HTML specifies a message that needs an HTML interpreter to be correctly visualized. The type image indicates that the data represent an image and thus specific visualization procedures must be used. The type application is used for data types that can be visualize by the user using other applications, such as for example executable files. Finally, the type multipart indicates that the message is composed of various sub-parts. The subparts can be distinguished thanks to a specific string used as a delimiter for the different sub-parts; the delimiter string is defined in the same message, and is specified by adding a parameter called Boundary to the MIME heading line that specifies the message type. Each message sub-part contains the MIME fields necessary for the correct visualization.
Example of a message with MIME multipart The message contains a text part and an image. The MIME is specified for each message sub-part. The delimiter for the sub-parts is the string –-NextPart specified in the MIME header line using the appropriate parameter.
C.4.5.4a The SMTPEdit
The SMTP is the core protocol for the e-mail service. SMTP uses TCP to transfer e-mail messages, in this way SMTP is very simple and effective because it delegates the low level management of reliable packet transfer to the TCP. SMTP realizes a direct data transfer between sender and receiver, the receiver has the server role and the sender has the client role. SMTP can be divided in three main phases: 1) hand-shacking, when client and server identifies each other; 2) message transfer; 3) connection closing. The interaction between client and server is carried out with command messages sent by the client and replies sent by the server. Command messages are coded using the ASCII coding while replies are coded as state codes. The main commands for the SMTP are: 1) HELO; 2) MAIL FROM; 3) RCPT TO; 4) DATA; 5) QUIT. HELO is an initial message used to identify the client to the server. MAIL FROM and RCPT TO are respectively used to identify to the server the sender and receiver e-mail addresses. DATA is a message that indicates the beginning of data transfer, after this command the message data will be sent. Data transfer is terminated by a special character sequence: a line containing only a dot. Finally the QUIT command declare that the connection between client and server is terminated. The SMTP uses a permanent connection from the client to the server, in this way the client can send several messages that are addressed to the same server using the same connection. To do this the client, after the data for the first message have been sent, sends to the server another MAIL FROM command and repeat the transaction for the second message. Since the protocol uses a special character sequence (namely a line containing only one dot) to indicate the termination of the data sending phase, the messages need to be coded. Usually messages are coded using the base-64 coding which will be explained in the following of this learning unit. Coding the message is necessary to avoid that the server interprets a line with a single dot that might be written inside the message body as the data termination command, thus incurring into possible message transmission errors.
C.4.5.4b Execution example for the SMTPEdit
Let us analyze a detailed example of execution for the SMTP. The execution is related to a scenario where Alice sends a message to Bob. The users’ mailboxes are managed by different e-mail servers; in particular Alice has her own mailbox on the e-mail server cs.cmu.edu, and thus her e-mail address is Alice@cs.cmu.edu. Bob has his own mailbox on the e-mail server dis.uniroma1.it, and thus his e-mail address is Bob@dis.uniroma1.it. The SMTP protocol uses TCP to manage the communication between the two computers. Since Alice is the user that sends the message in this case the e-mail server cs.cmu.edu will take on the client role for the SMTP transaction. The e-mail server dis.uniroma1.it will take on the role of server for the SMTP transaction. The Figure shows a possible execution of the SMTP for the described scenario. The SMTP message exchange starts when the TCP connection between the SMTP client (cs.cmu.edu) and the SMTP server (dis.uniroma1.it) is established. The client establishes the TCP connection and the server replies to the client introducing itself (line S1), then the client declares its identity (line C2). The numbers contained in the server’s replies represent a coding of protocol states. The client interprets the coding and sends commands based on the current protocol state. The hand-shaking phase of the protocol terminates when the client has communicated to the server both the sender (line C4) and receiver (line C6) e-mail address. Notice that the handshaking phase described is for the SMTP protocol and not for the TCP. All the operations that the TCP carries out to transfer messages are completely transparent to the SMTP. After the hand-shacking phase, the client can start the message data transfer (line C8). The termination of the data transfer is communicated by the client with a line containing only one dot. After the data transfer phase is terminated the client can decide to close the connection with the server sending the QUIT message (line C15).
Execution example for the SMTP Alice’s e-mail server sends a message to Bob’s e-mail server. The first phase is hand-shacking, and the two servers identify each other. In the second phase Alice’s server sends transfer the message to Bob’s server. Finally Alice’s server closes the connection.
C.4.5.5 Access Protocol for E-MailEdit
Up to now, we saw how an e-mail message can be send to from the e-mail client of the sender to the e-mail server of the receiver. This process would be sufficient if each user read the e-mail on the computer that run the e-mail server application. However, this is not the common scenario; usually the e-mail server application is executed on a remote computer that manages the e-mail messages for several users. Each user executes the e-mail client on their own computers and accesses the remote e-mail server using the Internet. Therefore we need a method to download the e-mail messages from the server to the user’s computer. To this end several protocols have been developed with distinctively different features: 1) POP3; 2) IMAP; 3) HTTP. The first two protocols are explicitly designed to access an e-mail server; HTTP is a more generic protocol, which only recently has been used for such purpose. The Post Office Protocol (POP, RFC 1939) is a very simple protocol to access the e-mail and has quite limited functionalities. POP is similar to SMTP, because it is a client-server based application and uses TCP connection for message exchange. Messages are text commands coded in ASCII. The client sends keywords that can be followed by one or more arguments, the server replies sending data or state code, which can be followed by optional indications. The protocol can be divided in three main phases: 1) Authentication; 2) Data Transfer; 3) Update. During the authentication phase, which starts as soon as the TCP connection is established, the client must authenticate with the server by sending username and password. Once the authentication phase is finished, the data transfer phase commences; in this phase the client sends a series of commands to manage the e-mail messages, such as commands to download messages and commands to mark messages for deletion. The data transfer phase is terminated when the client closes the connection; now the server starts the update phase, in this phase the server executes pending commands, such as eliminating messages previously marked for deletion.
C.4.5.6 IMAP and Web E-mailEdit
The IMAP is much more sophisticated than the POP. It allows managing the e-mail messages directly in the server. The user can create several directories, move messages from one directory to the other, search among the messages specifying various research keys (e.g., sender, subject, date, etc.). IMAP allows user to manage the e-mail messages running their clients on different computers, maintaining the hierarchical message organization that they created. Also IMAP, such as POP and SMTP, is based on a TCP connection. An IMAP session starts as soon as the client establishes a connection to the server. The protocol comprises a preliminary identification phase between the client and the server. Then the client sends request commands to the server that replies with data transmission and with a notification for the command outcome. E-mail service is daily used by millions of people for their professional activities; therefore being able to access the e-mail is today a necessity for many people wherever they are. To this end the HTTP is conveniently used to transfer e-mal messages between the user e-mail client and the e-mail server. The main benefit for using HTTP to access the e-mail is the e-mail client can be a simple web browser and thus the users are able to access the e-mail from every computer connected to the Internet. Usually the e-mail application uses an HTTP server that interacts with an e-mail server. Message sending and receiving is managed between the HTTP server and the e-mail server, and use standard protocols for e-mail applications (SMTP, POP and/or IMAP). The e-mail client and the HTTP server interact using only HTTP.
C.4.6 System Infrastructure DimensioningEdit
C.4.6.1 Multimedia impactEdit
The information exchanged among several users that communicate between them, can use several representation mediums each defined by an encoding procedure; a communication that uses only one representation medium is also known as mono-media (e.g. telephony call); vice versa, a communication is said multi-media if the used representation mediums are two or more (e.g. video call). Analogous attributes can be used referring to either one service or one application. Last times have showed a remarkable growth of multimedia networking applications often indicated as continuous media applications; some significative examples are IP telephony (based on Voice over IP technology), teleconference, some WWW content types, internet TV / radio and training at distance. In this section we will not only refer to the canonical multimedia applications but to all the other ones (also mono-media) whose service requirements are such that they are not placeable into the classical data oriented applications. In fact, for the last ones, it is critical the reliability of the information transport service between source and destination while they are generally more tolerant about both the overall transfer delay and its time variability (jitter). Referring to the internet services, the following services are examples of data oriented applications: e-mail, file transfer and browsing; instead, audio/video streaming is a classical example of multimedia application: multimedia contents playing takes place during the content downloading and it is generally allowed the interactive playback control. The streaming term refers to the continuous and uninterrupted data transfer. Unlike classical data oriented applications, multimedia ones are more tolerant about occasional information loss but their requirements about end-to-end overall delay are more strictly: for this class of applications, information that reaches the destination without errors but with a large delay (higher than an upper bound) can be considered in many cases useless.
Service requirements of some typical internet applications The figure shows reliability, bandwidth and synchronization requirements about several common internet applications
C.4.6.2a Internet and multimedia applicationsEdit
At each given time, an internet application receives the network performance level that this one is able to offer currently [best effort service] (e.g. end to end packets delay and losses level); for this reason, it is not suitable for multimedia applications. Several proposals have been introduced during recent years in order to face this question and the different approaches can be classified as follow: don’t change network layer introducing specifics techniques at transport and/or application level; this end to end approach prefers the implementation simplification quitting the performance assurances offering; to introduce architectural changes regarding network layer in order to provide a more or less explicit support to the multimedia applications. This approach naturally requires network layer changes; in fact, this one will have to include al least additional routing policies as well as classical best effort so network traffic can be differentiated distinguishing applications and users. Referring to first one approach, the main idea is to introduce protocols variations regarding application and / or transport layer in order to remove or compensate, as it is possible, the negative features of the classical data oriented architecture referring to the multimedia context. However, these classes of changes do not aim to provide explicit multimedia applications support but rather to remove negative factors from the performance point of view; the remarkable advantage is that changes complexity are placed on network edge (user hosts). An approach like this typically uses the UDP transport protocol in order to avoid the congestion control executed by TCP. Retransmission mechanisms and flow-congestion controls implemented by TCP cause a latency that is often unacceptable for multimedia applications: an information unit the reaches destination without errors but with a large delay (greater that an upper bound) is, de facto, unusable. . Service (unreliable) offered by internet network layer based on IP protocol The figure shows a series of six IP packets; in order to simplify, the correspondent order number identifies each of them. A source host sends them over the network at regular time interval and they are bounded for a destination host. The example shows that network delivers to destination only 5 packets (packet 4 is lost) each with a different delay; furthermore, packet 6 is delivered before packet 5.
Service (reliable) offered by TCP transport protocol The figure shows a series of 6 user data units identified by the corresponding order number. Source host delivers them to own TCP transport service at regular time interval; furthermore, each of them is bounded for the same destination host. Remote TCP service delivers all the sent data units to the application process hiding eventually losses, duplications, errors or out of sequence due to network layer unreliability. However, each data unit is delivered with a different delay.
Service (unreliable) offered by UDP transport protocol The figure shows a series of 6 user data units identified by the corresponding order number. Source host delivers them to own UDP transport service at regular time interval; furthermore, each of them is bounded for the same destination host. Remote UDP service delivers them to the application process according to the arrival order; data units 3 is lost and each data units is delivered with a different delay (data unit 4 is delivered after data unit 5).
C.4.6.2b Multimedia applications and transport protocolsEdit
TCP protocol offers a reliable delivery service that instead it is not assured by UDP protocol; however, this assurance is obtained against both greater protocol complexity and slower transfer. The following table lists several common applications along with the typical transport and application layer protocols that they use; as you can see, UDP transport service is not only used by multimedia applications. In some scenarios, although the transport reliability is a requirement (e.g. DNS ), the service model is already strong regarding the occasional information loss (e.g. a timed out DNS query is resent) so the aim is to reduce the overhead lightening the transport service using UDP in place of TCP.
Several typical network applications and the corresponding transport protocols The figure shows several typical network applications and the corresponding transport protocols
Referring to audio/video streaming applications, a very common technique is to delay the play out time instant of the received data using a buffering mechanism in order to redress packets jitter masking the delays variability to the user. Play out time choosing must strike a balance between contents usability and the reasonable quality of the same ones. Others techniques that also refer to the end-to-end approach are: to adapt dynamically the contents quality (compression level) to the available bandwidth; to provide a real time interactive control about contents play out using an out-of-band signalling; if signalling would be transmitted along data over the same channel (in-band signalling) we not would really obtain an interactive and efficient control. to use intermediate application level protocols that implement in standard mode some of the above described techniques (e.g. RTP / RTCP, RTSP ); to add controlled redundancy on transported data units eventually distributing it using interleaving mechanisms in order to decrease packets loss due to both network and transport services unreliability (e.g. UDP/IP). This approach generally decreases the burst errors probability.
Constant play out delay The example refers to a streaming application (e.g. internet radio) and it shows a sequence of 5 information units delivered by the source application process to the transport layer starting from time t1 at regular interval of T size; each information units will be delivered to the destination process (that it will play it) with a different delay. Furthermore, we will suppose that each information unit is playable (e.g. MP3 ). First information unit has Δ1 as overall end-to-end delay. Referring to the first scenario (S1), play out starting time is equal to the receiving time of the first information unit (t2); as the distance between samples during play out process must be unchanged (α angle), samples 2,4 and 5 cannot be played in useful time. Referring to the second scenario (S2), play out starting time (t3) is delayed by τ1 buffering meaning time the received samples: in this mode, only sample 4 cannot be played in useful time. Referring to the third scenario (S3), play out delay is increased to τ2 and all the samples will be played in useful time.
C.4.6.3a RTP protocolEdit
A multimedia application generally adds a header field to audio-video data that it wants to transmit before delivering it to the transport layer; these control informations usually contain sequence numbers, timestamp labels needed by synchronization above all that is useful to the particular application. As several multimedia network applications need these type of informations in order provide an acceptable service, it is defined a standard packet structure allowing interoperability among different vendors; the corresponding protocol is RTP that is intermediate between properly defined application and transport layers. RTP provides to the applications a specific “transport” service that is suitable to real time information transmission without offering assurances about quality of service. RTP generally uses UDP as transport service and for this reason it extends the minimal service model offered by this protocol; RTP offers to the applications an informations set that is useful to reconstruct the source stream on receiver side without offering any assurances about both information units delivering and out of sequence. RTP assigns to each source (e.g. video camera or microphone) an independent packets flow (stream); as an example, during a video conference between two users they would come opened 4 RTP streams, two to transport audio data (one for each direction) and two to transport video data. Many encoding techniques, as MPEG1 , MPEG2 ed MPEG4 , merge both audio and video data in a single flow so only one RTP flow is opened for each direction. RTP uses an out-of-band signalling protocol that is known as RTCP. RTP supports the following service typologies: point-to-point (unicast): source sends a copy of the contents to each destination; point – multi point (multicast): source sends the contents once and the service takes care to transmit them to each single destination. RTP has been integrated into H.323, an important standard about internet audio-video conference.
RTP protocol and internet protocol architecture RTP protocol usually uses UDP as transport protocol so it can be considered an application layer protocol. However, applications that use RTP encapsulate their information units into RTP data units before to deliver them to the UDP protocol so RTP can be also considered as a transport layer sub layer.
C.4.6.3b Network layer supportEdit
Main idea is to introduce protocol changes about network layer to provide additional classes of services as well as the classical best effort provided by classical IP networks. One first choice could be defining a set of service classes assigning to each of them a priority level; IP packets would be labelled by source with one service class and they would be routed by routers according to their priority level.
FCFS routing policy The figure shows a generic router’s input link that uses the traditional routing policy FCFS; packets that arrive through the link are queued on the corresponding input buffer and they are processed by router according to their arrival order: therefore, first arrived packet will be routed firstly
An example of traffic differentiation based on a simple priority mechanism The figure shows a simple traffic differentiation strategy based on a priority mechanism: the priority classes are 3 where P1 is greater than P2 and P2 greater than P3; each packet is labelled by source using the opportune priority class. When packet reaches the router, an opportune selection mechanism forwards it towards the waiting queue that corresponds to its priority class. A simple routing policy could be the following: to route firstly packets belonging to higher priority queues; of course, packets belonging to lower priority queues could wait indefinitely. Let us note that policy above described would need an Internet network layer changing; furthermore, if we use a single priority class, we obtain, as particular case, the FCFS policy previously described. IntServ is network architecture that it was proposed in order to provide support for quality assured services (bandwidth, delay, losses); it uses a flow-based resources reservation mechanism controlled by RSVP signalling protocol. Simpler and more scalable network architecture is instead DiffServ that does not use resources reservation mechanisms and does not offer quality assured services; however, it requires that each router both handles a differentiated service according to distinct traffic classes. Referring to the multimedia applications, server side is usually known as media server. In addition to the server side implementation of the application protocols, both media server application and the hardware platform that runs it would have to satisfy several additional requirements in order to provide a quality acceptable service: effective and efficient handing of the play out interactive control using out-of-band signalling; server side would not have to receive with excessive delay a play out command from client (e.g. play, stop, forward, rewind, pause…) appropriate availability of both processing resources and transmission bandwidth according to the previewed traffic; some media server systems run real time content encoding e this can require not negligible processing resources; moreover, multimedia contents storing generally needs large memory space to use, if supported by used protocols, adapting mechanisms of the contents quality according to client and server resources availability
7. Links to additional materials: [AT03] Tanenbaum, A. W. S. Computer networks, 4th Edition, Prentice Hall, 892 pages, 2003 [JK07] Kurose, J. F. and Ross, K. W. Computer Networking: A Top-Down Approach, 4th Edition, Addison-Wesley, 2007 [AR95] Roveri A., Reti di Telecomunicazioni - principi generali. Scuola Superiore G. Reiss Romoli, L'Aquila, 1995 [JJ20] Jaworski J., Java2. Apogeo]
8. Test Questions Question 1. Which of the following statements is true? A. A cryptographic method does not allow to who does not known the key to retrieve informations about plain text B. An encoding cryptographic method is not secure if the intruder knows it. C. An encoding cryptographic method must be assuring the message authenticity. D. A cryptographic method is secure if the intruder never knows the pairs (plain message, ciphered message).
Question 2. Which of the following statements is true? A. The certification authority certifies the correctness of the users’ public keys B. The certification authority assures the communication secretiveness. C. Before starting a public key cryptographic method, it is mandatory to contact preliminarily the certification authority. D. We can submit a request to the certification authority also if a secret key cryptographic method having the certainly to use the right key.
Question 3. Digital signing of one given document depends on which of the following statements is true? A. Both subject that signs and signed document. B. Subject that signs and not on signed document C. Signed document and not on subject that signs D. Both subject that signs and part of signed document
Question 4. Alice wants to send a classified and signed message to Biagio. Which of the following keys Alice does she use? A. Alice’s private key and Biagio’s public key B. Alice’s private key and Biagio’s private key C. Alice’s public key and Biagio’s private key D. Alice’s public key and Biagio’s public key
Question 5. When a host needs to resolve a symbolic name: A. It contacts the local name server first. B. It directly contacts the authoritative name server for that host C. It contacts all the root name servers first D. None of the above answers because a host never needs to resolve symbolic names
Question 6. Referring to a Client-Server application: A. It is always the client that starts the communication sending a request to the server. B. It is always the server that starts the communication sending a notification to the server. C. It is always active a connection among client and server so it is not needed to start one communication explicitly. D. Either client and server can start the communication and this dependo on use protocol.
Question 7. What is HTML? A. A MarkUp language. B. A meta-language to specify MarkUp languages. C. A connection oriented data transfer protocol. D. A connectionless data transfer protocol.
Question 8. An e-mail server must implement POP and IMAP in order to: A. Transfer messages to the clients. B. Send messages to other servers. C. To receive messages from other servers. D. False: To receive messages from the clients the SMTP protocol is used.
Question 9. Is it true that to access the web e-mail the browser must implement the standard protocol for the e-mail service (POP, IMAP and SMTP)? A. No, the browser needs only to interact with the HTTP server; is the HTTP server that needs to interact with the e-mail server. B. Yes, otherwise messages could not be delivered. C. No browser is needed for web e-mail. D. The browser is required to implement at least the SMTP protocol.
Question 10. What agrees for “best effort” network service? A. Network makes its best in order to transport packets to destination but it does not offer any assurances. B. Network makes its best in order to transport packets to destination and it offers a minimum quality of service level. C. Network makes its best in order to transport packets to destination and it offers at least integrity assurance about transported information. D. Network implements a traffic control policy: if it is not able to assure a given service level it does not accept additional traffic.
8.1 Answers (correct and falses) Question 1 answers A. True: a cryptographic method is secure if the intruder is not able to retrieve informations about plain text if he both knows the ciphered message and does not known the used key. B. False: a cryptographic method must be assuring the message secretiveness and it cannot protect by message repeating without additional solutions. C. False: a cryptographic method is secure if the intruder is not able to retrieve informations about plain text if he both knows the ciphered message and does not known the used key. D. False: if the cryptographic method is secure, knowing pairs (plain message, ciphered message) does not allow to retrieve new informations about others messages.
Question 2 answers A. True: the certification authority has exactly this aim: it helps us when we do not know with certainty the recipient’s public key. B. False: the communication secretiveness is assured by used cryptographic method. The certification authority assures the public keys correctness. C. False: if we know with certainly the recipient’s public key, it is non needed to contact the certification authority. D. False: using a secret key mechanism, users agree the secret key among them before starting the communication. It is not needed to request the secret key to an external entity. Even if this entity is trusted, this behaviour can cause security issues.
Question 3 answers A. True: in fact, signs of two different subject over the same document are different; furthermore, signs of the same subject over two different documents are different. B. False: it depends on both subject that signs and signed document. C. False: it depends on both subject that signs and signed document. D. False: it depends on both subject that signs and signed document.
Question 4 answers A. True: Alice uses her private key to sign the message; instead, she uses Biagio’s public key to send classified message. B. False: Alice uses her private key to sign the message; instead, she uses Biagio’s public key to send classified message. C. False: Alice uses her private key to sign the message; instead, she uses Biagio’s public key to send classified message. D. False: Alice uses her private key to sign the message; instead, she uses Biagio’s public key to send classified message.
Question 5 answers A. True. B. False: It contacts the local name server first. C. False: It contacts the local name server first. D. False: Such activity is actually necessary for a host.
Question 6 answers A. True. B. False: the contrary is true. C. False: this is only an opportunities moreover few frequent. D. False: Always the client starts the communication.
Question 7 answers A. True. B. False: HTML is a specific MarkUp language; SGML is a meta-language to specify MarkUp languages. C. False: HTML is a MarkUp language; it is not a transfer protocol. D. False: HTML is a MarkUp language; it is not a transfer protocol. Question 8 answers A. True: both POP and IMAP are used to transfer messages to the clients. B. False: To send messages to other servers the SMTP protocol is used. C. False: To receive messages from other servers the SMTP protocol is used. D. Receive messages from the clients.
Question 9 answers A. True: the browser takes care only of the message visualization. B. False: the browser needs only to interact with the HTTP server; is the HTTP server that needs to interact with the e-mail server and thus it must implements the aforementioned protocols. C. False: the browser takes care of the message visualization and data exchange with the HTTP server. D. False: the browser needs only to interact with the HTTP server; is the HTTP server that needs to interact with the e-mail server and thus it must implements the aforementioned protocols.
Question 10 answers A. True: the performance level that network is able to offer currently (as an example, the end-to-end packets delay end losses level) depends on both current networks loading conditions and functionality level. B. False: “Best effort” network service does not offer any assurance about service level. C. False: “Best effort” network service does not offer any assurance about service level. D. False: “Best effort” network service requires that traffic is accepted by network also if this one is in congestion conditions.