Key NOSE2 Concepts

Key concept as listen in the NOSE2 revision lecture

what are the OSI layers?

* application
* presentation
* session
* transport
* network
* data link
* physical

physical layer focus

transmission of raw data bits

physical layer service for data link layer

sequence of bits

baseband data encoding

encoding performed by varying the voltage in an electrical cable or the intensity of light in an optical fibre (physical layer)

baseband data encoding scheme examples

* NRZ
* NRZI
* Manchester

carrier modulation

* carrier wave applied to channel at frequency C
* signal modulated onto the carrier
* allows multiple signals on a single channel
* provides carriers spaced greater than bandwidth, H, of the signal
* physical layer

maximum transmission rate of a channel

* depends on the channel’s bandwidth
* subject to noise that corrupts the signal
* can measure channel’s signal power S, and noise floor N, and compute its signal-to-noise ratio (SNR)
* maximum transmission rate grows logarithmically to the SNR
* physical layer

data link layer focus

arbitrate access to the physical

data link layer service for network layer

structured communication (addressing, packets)

addressing

* physical links can be point-to-point or multi-access
* host addresses may be link-local or global scope
* sufficient to be unique only amongst devices connected to a link
* many data link layer protocols use globally unique addresses

framing

* physical layer provides unreliable raw bit stream
* data link layer corrects this
* break the raw bit stream into frames
* transmit and repair individual frames
* limit scope of any transmission errors

error detection and correction

* noise and interference at physical layer can cause bit errors
* error detecting codes can be extended to also correct errors
* transmit error correcting code as additional data within each frame
* data link layer

error detection and correction examples

* parity codes
* internet checksum

data link synchronisation

* how to detect the start of messages
* leave gaps between frame
* problem - physical layer doesn’t guarantee timing
* precede each frame with a length field
* add a special code to beginning of frame

contention based MAC

* contention based means multiple hosts share channel in a way that can lead to collisions
* two stage access to channel
* detect that a collision is occurring/will occur
* send if no collision or back off and/or retransmit data according to some algorithm to avoid/resolve collision
* data link layer

contention based MAC examples

* ALOHA network
* CSMA
* CSMA-CD

network layer focus

responsible for end-to-end delivery of data

the internet

the globally interconnected networks running the internet protocol (IP)

IP service model

* just send - no need to setup a connection first
* network makes its best effort to deliver packets but provides no guarantees
* easy to run over any type of link layer
* network layer

IPv4 addressing

* every network interface on every host is intended to have a unique address
* 32 bits (eg. 130.209.241.197)
* significant problems due to lack of addresses

consideration regarding IPv6 adoption

* will increase the size of the address pace to allow more hosts on the network
* simplifies the protocol and makes high speed implementations easier
* straight-forward to build applications that work with both IPv4 and IPv6

fragmentation

* link layer has a maximum packet size (MTU)
* IPv4 routers will fragment packets that are larger than the MTU

session layer focus

manages transport layer connection

inter-domain routing

find the best route to destination network

routing in the DFZ

* core networks are well connected and must know about every other network
* the default free zone where there is no default route
* route based on policy non necessarily shortest path
* requires complete AS-level topology information

distance vector protocols

* each node maintains a vector containing the distance to every other node in the network
* forward packets along route with least distance to destination

link state routing

* nodes know the link to their neighbours and the cost of using those links - the link state information
* reliably flood this information giving all node complete map of the network
* each node then directly calculates shortest path to every other node locally

distance vector routing advantages

* simple to implement
* routers only store the distance to each other node

distance vector routing disadvantages

suffers from slow convergence

link state routing advantages

faster convergence

link state routing disadvantages

* more complex
* requires each router to store complete network map

transport layer focus

* isolate upper layers from the network layer
* provide a useful, convenient and easy to use service

end-to-end principle

only put functions that are absolutely necessary within the network and leave everything else to end systems

transport layer framing

applications may wish to send structured data

* transport layer responsible for maintaining the boundaries
* transport must frame the original data if this is part of the service model

congestion control

* transport layer controls the application sending rate
* to match rate at which network layer can deliver data

UDP applications

* useful for application that prefer timeliness to reliability
* voice-over-IP
* streaming video
* must be able to tolerate some loss of data
* must be able to adapt to congestion in the application layer

TCP applications

* useful for applications that require reliable data delivery and can tolerate some timing variations
* file transfer
* email
* instant messaging

TCP connection setup

* 3 way handshake
* the SYN and ACK flags the TCP header signal connection progress
* initial packet has SYN bit set, includes randomly chosedn initial seq number
* reply also has SYN bit set and randomly chosen sequence number ACKnowledges initial packet
* handshake completed by ACKnowledgement of second packet

loss detection

* triple duplicate ACK → some packets lost but later packets arriving
* timeout → send data but acknowledgements stop returning

reordering of packets

* TCP will retransmit the missing data transparently to the application
* a recv() for missing data will block until it arrives

TCP congestion control

can implement congestion control at either the network or the transport layer

conservation of packets

* the network has a certain capacity
* when in equilibrium at that capacity send one packet for each acknowledgement received

addictive increase multiplicative decrease (AIMD)

* start slowly increase gradually to find equilibrium
* respond to congestion rapidly
* faster reduction than increase → stability

network address translation (NAT)

suppose an internet service provider owns an IP address prefix

* an address is assigned for a single host but when an additional host is added they get the previous address
* ISP assigns a new range of IP addresses to customer and gives each host an address from that range
* hides a private network behind a single public IP address

content negotiations

* many protocols negotiate the media formats used
* ensures sender and receiver have common format both understand
* the offer lists supported formats in order of preference
* receiver picks highest preference format it understands
* negotiates common format in one round trip time

text data transfers

* flexible and extensible
* high-level application layer protocols
* email, web, instant messaging….

binary data transfers

* highly optimised and efficient
* audio and video data
* low-level or multimedia protocols

DNS zones

* hierarchy of zones
* one logical server per zone
* delegation follows hierarchy
* hop-by-hop name look-up, follows hierarchy via root

presentation layer focus

manages the presentation, representation and conversion of data

uniform resource identifier (USI)

consists of 4 parts


1. protocol (eg. https)
2. hostname (IP address or DNS domain name)
3. port number (if omitted, the protocol’s default port is used)
4. path and filename (location of requested resource)

application layer focus

user application protocols

CIA triad

* confidentiality - who is allowed to access what?
* integrity - data to not be tampered by unauthorised party
* availability - data protected but available when needed

symmetric encryption

* function converts plain text into cipher text
* conversion is protected by a secret key
* fast - suitable for bulk encryption
* key distribution problem

asymmetric encryption

* public key cryptography
* public key - widely distributed
* private key - must be kept secret
* encrypt using public key → need private key to decrypt
* problem → very slow to encrypt and decrypt

transport layer security (TLS)

* de facto standard/protocol for internet security
* enables privacy and data integrity between two communicating applications
* reliable in terms of CIA

TLS handshake

IPSec

* a set of protocols
* resides on network layer
* can encrypt from network layer and above

ISAKMP

* part of IPSec
* establishing security associations
* procedures for
* authentication
* creation/management of SAs
* key generation/key transport techniques
* threat mitigation

IPSec modes

* gateway-to-gateway
* end device-to-gateway
* gateway-to-server

IKE

internet key exchange → provides perfect forward secrecy

ESP

payload encryption

AH

packet header encryption

GDPR principles

* lawfulness, fairness and transparency
* purpose limitation
* data minimisation
* accuracy
* storage limitation
* integrity and confidentiality
* accountability

privacy criteria

* anonymity
* pseudonymity
* unlinkability
* unobservability

man-in-the-middle examples

* ARP poisoning
* port stealing
* SSL stripping

storage/memory hierarchy

* registers
* cache
* main memory
* solid-state disk
* magnetic disk
* optical disk
* magnetic tapes

main components of a processor

* cache memory
* control unit
* arithmetic/logic unit (ALU)

instruction set architecture (ISA)

the interface of the processor for programs running on that processor

operating system roles

* acts as a resource allocator
* manages all resources
* acts as a control program
* try to prevent errors and improper use of computer system

direct memory access (DMA)

* used by high-speed I/O devices
* direct transfer from device controller buffer’s storage to main memory region
* use of a single purpose processor

system calls

provides a programming interface to the service provided by the OS

system call parameter passing

* pass the parameters in registers
* parameters stored in memory and address passed as a parameter in a register
* placed/pushed onto the stack by the program and popped off the stack by the OS

process

a program in execution

threads and processes differences

* threads share memory and resources by default
* threads are faster/more economical to create
* in older operating systems, it was much faster to context switch between threads than processes
* can have different schedulers for processes and threads
* if a single thread in a process crashes, the whole process crashes as well

multiprogramming

have some program/process running at all times

time-sharing

switch among (concurrently running) processes quickly enough to give the impression of parallel execution

concurrency vs parallelism

* concurrency: multiple tasks make progress over time
* time-sharing system, requiring scheduling and synchronization
* parallelism: multiple tasks (threads/processes) execute at the same time
* requires multiple execution units (CPUs, CPU cores, CPU vCores, etc.)

process control block (PCB)

information associated with each process

* also known as process table entry

process creation

parent process → child processes

* a “process tree”

process states

message passing

requires a “communication link” between communicating processes

direct communication

* processes must name each other explicitly (symmetric)
* or only the recipient is names (asymmetric)
* communication links are established by the OS
* exactly one link between a pair of communicating processes
* links may be unidirectional but are usually bidirectional

indirect communication

* messages are directed and received from mailboxes
* mailboxes are dedicated memory managed by the OS for the communication
* links between processes are established only if processes share a common mailbox
* a mailbox may be associated with many processes
* each pair of processes may share several communication links that may be unidirectional or bi-directional

synchronous communication

* blocking send → sender blocked until the message is received by the recipient
* blocking receive → receiver blocked until the message is available

asynchronous communication

* non-blocking send → sender enqueues the message and continues operation
* non-blocking receive → receiver receives either a valid message or a null

critical section problem

1. mutual exclusion: no two processes in their critical section at the same time
2. progress: entering one’s critical section should only be decided by its contenders in due time; a process cannot immediately re-enter its critical section if other processes are waiting for their turn
3. bounded waiting: it should be impossible for a process to wait indefinitely to enter its critical section

starvation

processes/threads unable to enter their critical section because of “greedy” contenders

livelock

special case of starvation where competing parties both try to “avoid” each other at the same time

priority inversion

special case where lower priority processes can keep higher priority processes waiting

deadlock

all parties of a group are waiting indefinitely for another party to take action (but no one can)

cycle of a process

CPU burst → IO burst

long term scheduler

loads programs into memory (turns a program into a process)

medium term scheduler

freezes and unloads (swaps out) a process, to be reintroduced at a later stage

short-term scheduler

selects which process to execute next

non pre-emptive scheduling

let the process give up the CPU

preemptive scheduling

the scheduler decides when a process yields the CPU

dispatcher

gives control of the CPU to the process selected by the short-term scheduler

dispatcher tasks

* switch context
* switch to user mode
* jump to proper instruction in the user program to continue execution

first come first served (FCFS)

* processes are added to a queue in order of arrival
* algorithm picks the first process in the queue and executes it
* if the process needs more time to complete, it places it at the end of the queue again

shortest job first (SJF)

* non-preemptive
* processes are added to a queue; queue is kept ordered by remaining CPU burst time
* algorithm picks the first process in the queue and executes it