Department of Computer Science and Engineering

Subject Name: COMPUTER NETWORKS Subject Code: CS T52

UNIT-V

Application Layer – DNS – Name space – Resource records – name servers – e-mail -
Architecture and Services - The User Agent - Message Formats - Message Transfer - Final
Delivery – WWW – Architecture - Static Web Pages - Dynamic Web Pages and Web
Applications - HTTP– Network Security - Introduction to Cryptography - Substitution
Ciphers - Transposition Ciphers – Public key algorithms – RSA – Authentication Protocols -
Authentication Using Kerberos.

Computer Networks Page 1

 2 MARKS

1. What is Application Layer?

An application layer is an abstraction layer that specifies the shared protocols and
interface methods used by hosts in a communications network.

2. Define DNS?(Nov 2011)

 Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They
maintain a directory of domain names and translate them to Internet Protocol (IP)
addresses. This is necessary because, although domain names are easy for people to
remember, computers or machines, access websites based on IP addresses.
 The naming system on which DNS is based is a hierarchical and logical tree
structure called the domain namespace . This List of DNS record types provides an
overview of types of resource records (database records) stored in the zone files
of the Domain Name System (DNS).

3. Define E-Mail?
 Electronic mail, most commonly referred to as email or e-mail since c 1993, is a
method of exchanging digital messages from an author to one or more recipients.
Modern email operates across the Internet or other computer networks.
 Short for electronic mail, email (or e-mail) is defined as the transmission of
messages over communications networks. Typically the messages are notes entered
from the keyboard or electronic files stored on disk. Most mainframes,
minicomputers, and computer networks have an email system.

4. What is User Agent?

Mail user agent(MUA) The program that allows the user to compose and read electronic
mail messages. The MUA provides the interface between the user and the Message Transfer
Agent

 Plain text This is a format that all email applications support. Plain text messages
don't support bold, italic, colored fonts, or other text formatting. .
 Outlook Rich Text format (RTF) This is a Microsoft format that only the following
email applications support

5. What is Message Transfer?

A message transfer agent receives mail from either another MTA, a mail submission agent
(MSA), or a mail user agent (MUA). The transmission details are specified by the Simple
Mail Transfer Protocol (SMTP).

Computer Networks Page 2

6. What is SMTP?(Nov 2011)
Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-
mail) transmission. First defined by RFC 821 in 1982, it was last updated in 2008 with the
Extended SMTP additions by RFC 5321 - which is the protocol in widespread use today.
SMTP by default uses TCP port 25.

7. What is the function of SMTP?(Nov/Dec 2014)

 SMTP functions in two ways.
Firstly, it verifies the configuration of the computer from where the email
is being sent and grants permission for the process.
Secondly, it sends out the message and follows the successful delivery of the
email. If the email cannot be delivered, it's returned-to-sender or bounces back.

8. What is Message Delivery Agent?

A mail delivery agent or message delivery agent (MDA) is a computer software
component that is responsible for the delivery of e-mail messages to a local recipient's
mailbox. Also called an LDA, or local delivery agent. In the Internet mail architecture,
local message delivery is achieved through a process of handling messages from the
message transfer agent, and storing mail into the recipient's environment.

9. What is the use of Internet Control Message Protocol?(April/May 2014)(Nov/Dec

2014)
The Internet Control Message Protocol (ICMP) is one of the main protocols of the
Internet Protocol Suite. It is used by network devices, like routers, to send error messages
indicating, for example, that a requested service is not available or that a host or router
could not be reached.

10. Define World Wide Web?

The World Wide Web (www, W3) is an information system of interlinked hypertext
documents that are accessed via the Internet and built on top of the Domain Name System.
It has also commonly become known simply as the Web.

11. Define Static Web Page?

A static web page (sometimes called a flat page/stationary page) is a web page that is
delivered to the user exactly as stored, in contrast to dynamic web pages which are
generated by a web application.

Computer Networks Page 3

12. What is Dynamic Web Page?
A server-side dynamic web page is a web page whose construction is controlled by an
application server processing server-side scripts. In server-side scripting, parameters
determine how the assembly of every new web page proceeds, including the setting up of
more client-side processing.

13. What is a CGI?(April/May 2012)

Common Gateway Interface (CGI) is a standard method used to generate dynamic
content on Web pages and Web applications. CGI, when implemented on a Web server,
provides an interface between the Web server and programs that generate the Web
content.

14. Define Web Application?

A web application or web app is any computer program that runs in a web browser. It is
created in a browser-supported programming language (such as the combination of
JavaScript, HTML and CSS) and relies on a web browser to render the application.

15. Define HTTP?

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed,
collaborative, hypermedia information systems. HTTP is the foundation of data
communication for the World Wide Web. Hypertext is structured text that uses logical links
(hyperlinks) between nodes containing text.

16. Why HTTP is said to be stateless protocol?(April/May 2012)

Because a stateless protocol does not require the server to retain session information or
status about each communications partner for the duration of multiple requests. HTTP is a
stateless protocol, which means that the connection between the browser and the server
is lost once the transaction ends.

17. Give the format of HTTP response message?(Nov/Dec 2014 )

Each request message sent by an HTTP client to a server prompts the server to send back a
response message.

Computer Networks Page 4

18. What is meant by Network Security?(May 2013)
Network security consists of the provisions and policies adopted by a network
administrator to prevent and monitor unauthorized access, misuse, modification, or denial
of a computer network and network-accessible resources.

19. Who are the people who cause security problem?(April/May 2012)
 Outside people and hackers
 The people who work for your company
 The applications that your users use to perform their business tasks
 The operating systems that run on your users' desktops and your servers, as well as
the equipment employed
 The network infrastructure used to move data across your network, including
devices such as routers, switches, hubs, firewalls, gateways, and other devices

20. Define Cryptography?(Nov 2011)

Cryptography is the practice and study of techniques for secure communication in the
presence of third parties (called adversaries). Cryptography is a method of storing and
transmitting data in a particular form so that only those for whom it is intended can read
and process it. Cryptography is closely related to the disciplines of cryptology and
cryptanalysis.

21. What is Cipher Text?(Nov 2012)

Ciphertext is encrypted text. Plaintext is what you have before encryption, and ciphertext is
the encrypted result. The term cipher is sometimes used as a synonym for ciphertext, but it
more properly means the method of encryption rather than the result.

22. Define Substitution cipher?

In cryptography, a substitution cipher is a method of encoding by which units of plaintext
are replaced with ciphertext, according to a regular system; the "units" may be single
letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so
forth

Computer Networks Page 5

23. Define Transposition Cipher?
In cryptography, a transposition cipher is a method of encryption by which the positions
held by units of plaintext (which are commonly characters or groups of characters) are
shifted according to a regular system, so that the ciphertext constitutes a permutation of
the plaintext.

24. Define Public Key Cryptography?

Public-key cryptography, also known as asymmetric cryptography, is a class of
cryptographic protocols based on algorithms that require two separate keys, one of which
is secret (or private) and one of which is public.

25. Define RSA?

RSA is one of the first practical public-key cryptosystems and is widely used for secure data
transmission. In such a cryptosystem, the encryption key is public and differs from the
decryption key which is kept secret.

26. What is Authentication Protocol?

An authentication protocol is a type of cryptographic protocol with the purpose of
authenticating entities wishing to communicate securely. There are different
authentication protocols such as: AKA. CAVE-based_authentication. Challenge-handshake
authentication protocol (CHAP).

27. Define Kerberos?

Kerberos is a secure method for authenticating a request for a service in a computer
network. Kerberos was developed in the Athena Project at the Massachusetts Institute of
Technology (MIT). The name is taken from Greek mythology; Kerberos was a three-
headed dog who guarded the gates of Hades

Computer Networks Page 6

 11 MARKS

1. Discuss the services provided by the Internet’s domain name system(DNS).(Nov

2012,April/May 2014)

Many millions of PCs were connected to the Internet, everyone involved with it realized
that this approach could not continue to work forever. To solve these problems, DNS
(Domain Name System) was invented in 1983. It is primarily used for mapping host
names to IP addresses but can also be used for other purposes. DNS is defined in RFCs
1034, 1035, 2181, and further elaborated in many others.

• The DNS name space

• Domain Resource records

• Name servers

The DNS Name Space

• A hostname consists of the computer name followed by the domain name

• csc.villanova.edu is the domain name

– A domain name is separated into two or more sections that specify the
organization, and possibly a subset of an organization, of which the computer
is a part

– Two organizations can have a computer named the same thing because the
domain name makes it clear which one is being referred to

• The very last section of the domain is called its top-level domain (TLD) name

• Organizations based in countries other than the United States use a top-level
domain that corresponds to their two-letter country codes

• The domain name system (DNS) is chiefly used to translate hostnames into numeric
IP addresses

– DNS is an example of a distributed database

– If that server can resolve the hostname, it does so

– If not, that server asks another domain name server

Computer Networks Page 7

 A portion of the Internet domain name space.

Generic top-level domains

Domain Resource Records

Every domain whether it is a single host or a top level domain can have a set of resource
records associated with it. Whenever a resolver (this will be explained later) gives the
domain name to DNS it gets the resource record associated with it. So DNS can be looked
upon as a service which maps domain names to resource records. Each resource record has
five fields and looks as below:

Domain Name Class Type Time to Live Value

 Domain name: the domain to which this record applies.

 Class: set to IN for internet information. For other information other codes may be
specified.
 Type: tells what kind of record it is.
 Time to live: Upper Limit on the time to reach the destination
 Value: can be an IP address, a string or a number depending on the record type.

Computer Networks Page 8

A Resource Record (RR) has the following:

 owner which is the domain name where the RR is found.

 type which is an encoded 16 bit value that specifies the type of the resource in this
resource record. It can be one of the following:
o A a host address
o CNAME identifies the canonical name of an alias
o HINFO identifies the CPU and OS used by a host
o MX identifies a mail exchange for the domain.
o NS the authoritative name server for the domain
o PTR a pointer to another part of the domain name space
o SOA identifies the start of a zone of authority class which is an encoded 16
bit value which identifies a protocol family or instance of a protocol.
 class One of: IN the Internet system or CH the Chaos system
 TTL which is the time to live of the RR. This field is a 32 bit integer in units of
seconds, an is primarily used by resolvers when they cache RRs. The TTL
describes how long a RR can be cached before it should be discarded.
 RDATA Data in this field depends on the values of the type and class of the RR and
a description for each is as follows:
o for A: For the IN class, a 32 bit IP address For the CH class, a domain name
followed by a 16 bit octal Chaos address.
o for CNAME: a domain name.
o for MX: a 16 bit preference value (lower is better) followed by a host name
willing to act as a mail exchange for the owner domain.
o for NS: a host name.
o for PTR: a domain name.
o for SOA: several fields.

Name Servers

• DNS database is partitioned into zones.

• Each zone contains part of the DNS tree.
• Name servers store information about the name space in units called “zones”
• Zone <-> name server.
– Each zone may be served by more than 1 server.
– A server may serve multiple zones.
• Primary and secondary name servers.

Computer Networks Page 9

 Part of the DNS name space divided into zones (which are circled)

• Application wants to resolve name.

• Resolver sends query to local name server.
o Resolver configured with list of local name servers.
o Select servers in round-robin fashion.
• If name is local, local name server returns matching authoritative RRs.
o Authoritative RR comes from authority managing the RR and is
always correct.
o Cached RRs may be out of date.
• If information not available locally (not even cached), local NS will have to ask
someone else.
o It asks the server of the top-level domain of the name requested.
• Recursive query:
o Each server that doesn’t have info forwards it to someone else.
o Response finds its way back.
• Alternative:
o Name server not able to resolve query, sends back the name of the next
server to try.
o Some servers use this method.
o More control for clients.
• Suppose resolver on flits.cs.vu.nl wants to resolve linda.cs.yale.edu.
o Local NS, cs.vu.nl, gets queried but cannot resolve it.
o It then contacts .edu server.
o .edu server forwards query to yale.edu server.
o yale.edu contacts cs.yale.edu, which has the authoritative RR.
o Response finds its way back to originator.
o cs.vu.nl caches this info.

Not authoritative (since may be out-of-date).

Computer Networks Page 10

  RR TTL determines how long RR should be cached.

How a resolver looks up a remote name in eight steps.

2. Explain the basic function of Electronic Mail (e-mail) system.(April/May

2012 ,April /May 2014) (Apr 2015)

 Many user applications use client-server architecture

 Electronic mail client accepts mail from user and delivers to server on destination
computer
 Many variations and styles of delivery

Electronic mail paradigm

 Electronic version of paper-based office memo

o Quick, low-overhead written communication

o Dates back to time-sharing systems in 1960s
 Because e-mail is encoded in an electronic medium, new forms of interaction are
possible
o Fast
o Automatic processing - sorting, reply
o Can carry other content

• Architecture and services

• The user agent

• Message formats

• Message transfer

• Final delivery

Computer Networks Page 11

Architecture and Services

It consists of two kinds of subsystems:

 The user agents, which allow people to read and send email.
 The message transfer agents, which move the messages from the source to the
destination. Refer to message transfer agents informally as mail servers.
 The user agent is a program that provides a graphical interface, or sometimes a text-
and command based interface that lets users interact with the email system.
 The act of sending new messages into the mail system for delivery is called mail
submission.
 Their job is to automatically move email through the system from the originator to
the recipient with SMTP (Simple Mail Transfer Protocol).
 Mailboxes store the email that is received for a user. They are maintained by mail
servers. User agents simply present users with a view of the contents of their
mailboxes.
 A key idea in the message format is the distinction between the envelope and its
contents.
 The envelope encapsulates the message. It contains all the information needed for
transporting the message, such as the destination address, priority, and security
level, all of which are distinct from the message itself.
 The message inside the envelope consists of two separate parts: the header and the
body. The header contains control information for the user agents. The body is
entirely for the human recipient.

Fig. Architecture of the email system

The User Agent

 A user agent is a program (sometimes called an email reader) that accepts a variety
of commands for composing, receiving, and replying to messages, as well as for
manipulating mailboxes.

Computer Networks Page 12

  There are many popular user agents, including Google gmail, Microsoft Outlook,
Mozilla Thunderbird, and Apple Mail. They can vary greatly in their appearance.
 Most user agents have a menu- or icon driven graphical interface that requires a
mouse, or a touch interface on smaller mobile devices.

Message Formats

 Lines of text in format keyword: information

 keyword identifies information; information can appear in any order
 Essential information:
o To: list of recipients
o From: sender
o Cc: list of copy recipients
 Useful information:
o Reply-to: different address than From:
o Received-by: for debugging
 Frivolous information:
o Favorite-drink: lemonade
o Phase-of-the-moon: gibbous

E-mail example

E-mail headers

 Mail software passes unknown headers unchanged

 Some software may interpret vendor-specific information

Computer Networks Page 13

Data in e-mail

 Original Internet mail carried only 7-bit ASCII data

 Couldn't contain arbitrary binary values; e.g., executable program
 Techniques for encoding binary data allowed transport of binary data
 uuencode: 3 8-bit binary values as 4 ASCII characters (6 bits each)
o Also carries file name and protection information
o Incurs 33% overhead
o Requires manual intervention

MIME (Multipurpose Internet Mail Extensions)

 Extends and automates encoding mechanisms - Multipart Internet Mail Extensions

 Allows inclusion of separate components - programs, pictures, audio clips - in a
single mail message
 Sending program identifies the components so receiving program can automatically
extract and inform mail recipient
o Header includes:

MIME-Version: 1.0
Content-Type: Multipart/Mixed; Boundary=Mime_separator

o Separator line gives information about specific encoding

o Plain text includes:

Content-type: text/plain
 MIME is extensible - sender and receiver agree on encoding scheme

 MIME is compatible with existing mail systems

Computer Networks Page 14

 o Everything encoded as ASCII
o Headers and separators ignored by non-MIME mail systems
 MIME encapsulates binary data in ASCII mail envelope

Programs as mail recipients

 Can arrange for e-mailbox to be associated with a program rather than a user's mail
reader
 Incoming mail automagically processed as input to program
 Example - mailing list subscription administration
 Can be used to implement client-server processing
o Client request in incoming mail message
o Server response in returned mail reply

Message Transfer

 E-mail communication is really a two-part process:

o User composes mail with an e-mail interface program
o Mail transfer program delivers mail to destination

Waits for mail to be placed in outgoing message queues

Picks up message and determines recipient(s)

Becomes client and contacts server on recipient's computer

Passes message to server for delivery

SMTP

 Simple Mail Transfer Protocol (SMTP) is standard application protocol for delivery
of mail from source to destination
 Provides reliable delivery of messages
 Uses TCP and message exchange between client and server

Computer Networks Page 15

  Other functions:
o E-mail address lookup
o E-mail address verification

Multiple recipients on one computer

 E-mail addresses can be attached to programs as well as electronic mailboxes

 Mail exploder or mail forwarder resends copies of message to e-mail addresses in
mailing list
o UNIX mail program sendmail provides simple mail aliases
o Mailing list processor, e.g., listserv, can also interpret subscription
management commands

Mail gateways

 Mailing list processing may take significant resources in large organization

 May be segregated to a dedicated server computer: mail gateway
o Provides single mail destination point for all incoming mail
o e.g., bucknell.edu
o Can use MX records in DNS to cause all mail to be delivered to gateway

Computer Networks Page 16

Mail gateways and forwarding

 Users within an organization may want to read mail on local or departmental

computer
 Can arrange to have mail forwarded from mail gateway
 Message now makes multiple hops for delivery
 Hops may be recorded in header
 Forwarded mail may use proprietary (non-SMTP) mail system

Mail gateways and e-mail addresses

 Organization may want to use uniform naming for external mail

 Internally, may be delivered to many different systems with different naming
conventions
 Mail gateways can translate e-mail addresses

Ralph_Droms droms@regulus.eg.bucknell.edu
Dan_Little dlittle@mail.bucknell.edu
Ruth_Miller miller@charcoal.eg.bucknell.edu
Mailbox access

 Where should mailbox be located?

 Users want to access mail from most commonly used computer
 Can't always use desktop computer as mail server
o Not always running
o Requires multitasking operating system
o Requires local disk storage
 Can TELNET to remote comptuer with mail server

Internet Mail access protocols

 Instead of TELNET, use prtocl that accesses mail on remote computer directly
 TCP/IP protocol suite includes Post Office Protocol (POP) for remote mailbox access
o Computer with mailboxes runs POP server
o User runs POP client on local computer
o POP client can access and retrieve messages from mailbox
o Requires authentication (password)
o Local computer uses SMTP for outgoing mail

Computer Networks Page 17

Final Delivery

 Our mail message is almost delivered. It has arrived at Bob’s mailbox.

 All that remains is to transfer a copy of the message to Bob’s user agent for display.
 When the user agent and mail transfer agent ran on the same machine as different
processes.
 The mail transfer agent simply wrote new messages to the end of the mailbox file,
and the user agent simply checked the mailbox file for new mail.

3. Explain in detail about World Wide Web?

• Architectural overview

• Static web pages

• Dynamic web pages, web applications

• The hypertext transfer protocol

Architectural Overview

• The Web consists of a vast, worldwide collection of content in the form of Web
pages, often just called pages for short.
• Each page may contain links to other pages anywhere in the world. Users can follow
a link by clicking on it, which then takes them to the page pointed to.
• This process can be repeated indefinitely. The idea of having one page point to
another, now called hypertext, generally viewed with a program called a browser.
• This page shows text and graphical elements (that are mostly too small to read).

Computer Networks Page 18

 • A piece of text, icon, image, and so on associated with another page is called a
hyperlink.

Architecture of the Web.

 Here the browser is displaying a Web page on the client machine.

 When the user clicks on a line of text that is linked to a page on the abcd.com server,
the browser follows the hyperlink by sending a message to the abcd.com server
asking it for the page.
 When the page arrives, it is displayed. If this page contains a hyperlink to a page on
the xyz.com server that is clicked on, the browser then sends a request to that
machine for the page.

The Client side

When an item is selected, the browser follows the hyperlink and fetches the page selected.
Therefore, the embedded hyperlink needs a way to name any other page on the Web. Pages
are named using URLs (Uniform Resource Locators).
URLs have three parts:
This URL consists of three parts: the protocol (http), the DNS name of the host
(www.cs.washington.edu), and the path name (index.html).
• The protocol (also known as the scheme),
• The DNS name of the machine on which the page is located, and the path uniquely
indicating the specific page (a file to read or program to run on the machine).
• In the general case, the path has a hierarchical name that models a file directory
structure.
As an example, the URL http://www.cs.washington.edu/index.html
The steps that occur at the client side are:

Computer Networks Page 19

  The browser determines the URL
 The browser asks DNS for the IP address
 DNS replies with the IP address
 The browser makes a TCP connection to port 80 on the IP address
 It sends a request asking for file
 The site server sends the file
 The TCP connection is released.
 The browser fetches and displays all the text and images in the file.
 Web pages are written in standard HTML language to make it understandable by all
browsers.

MIME TYPES

 A plug-in is a third-party code module that is installed as an extension to the

browser, as illustrated
 A plugin is a piece of software that acts as an add-on to a web browser and gives
the browser additional functionality. Plugins can allow a web browser to
display additional content it was not originally designed to display.

 A helper application is an external viewer program launched to display content

retrieved using a web browser. Some examples include JPEGview, Windows
Media Player, QuickTime Player Real Player and Adobe Reader.

(a) A browser plug-in. (b) A helper application.

The Server side

The server is given the name of a file to look up and return via the network. In both cases,
the steps that the server performs in its main loop are:
 Accept a TCP connection from a client (a browser).

Computer Networks Page 20

  Get the path to the page, which is the name of the file requested.
 Get the file (from disk).
 Send the contents of the file to the client.
 Release the TCP connection.

Many servers each processing module performs a series of steps. The front end passes each
incoming request to the first available module, which then carries it out using some subset
of the following steps.These steps occur after the TCP connection and any secure transport
mechanism (such as SSL/TLS,) have been established.
 Resolve the name of the Web page requested.
 Perform access control on the Web page.
 Check the cache.
 Fetch the requested page from disk or run a program to build it.
 Determine the rest of the response (e.g., the MIME type to send).
 Return the response to the client.
 Make an entry in the server log.

A multithreaded Web server with a front end and processing modules.

Cookies

• Cookies are usually small text files, given ID tags that are stored on your computer's
browser directory or program data subfolders.
• Cookies are created when you use your browser to visit a website that uses cookies
to keep track of your movements within the site, help you resume where you left off,
remember your registered login, theme selection, preferences, and other
customization functions.

There are two types of cookies: session cookies and persistent cookies.

 Session cookies are created temporarily in your browser's subfolder while you are
visiting a website. Once you leave the site, the session cookie is deleted.

Computer Networks Page 21

  On the other hand, persistent cookie files remain in your browser's subfolder and
are activated again once you visit the website that created that particular cookie. A
persistent cookie remains in the browser's subfolder for the duration period set
within the cookie's file.

Some examples of cookies

HTML-Hypertext Markup Language

HTML is a markup language for describing web documents (web pages).

 HTML stands for Hyper Text Markup Language
 A markup language is a set of markup tags
 HTML documents are described by HTML tags
 Each HTML tag describes different document content

A Small HTML Document

<!DOCTYPE
html> <html>
<head>
<title>Page
Title</title> </head>
<body>
<h1>My First Heading</h1>
<p>My first paragraph.</p>
</body>
</html>

Example Explained

 The DOCTYPE declaration defines the document type to be HTML

 The text between <html> and </html> describes an HTML document
 The text between <head> and </head> provides information about the document
 The text between <title> and </title> provides a title for the document
 The text between <body> and </body> describes the visible page content
 The text between <h1> and </h1> describes a heading
 The text between <p> and </p> describes a paragraph

Computer Networks Page 22

HTML Tags

HTML tags are keywords (tag names) surrounded by angle brackets:

<tagname>content</tagname>
 HTML tags normally come in pairs like <p> and </p>
 The first tag in a pair is the start tag, the second tag is the end tag
 The end tag is written like the start tag, but with a slash before the tag name
The start tag is often called the opening tag. The end tag is often called the closing tag.

Web Browsers

The purpose of a web browser (Chrome, IE, Firefox, Safari) is to read HTML documents and
display them. The browser does not display the HTML tags, but uses them to determine
how to display the document:

Input And Forms

Input form is an online form which ActionApps users use to manually add data into a slice..
Any input forms a collection (or sequence) of input elements, which correspond to slice
Fields. There are various types of input elements, like textarea, select box, simple text box.

The formatted page

Computer Networks Page 23

Cascading Style Sheets (CSS) is a style sheet language used for describing the look and
formatting of a document written in a markup language.

Web Page

web page is a document available on world wide web. Web Pages are stored on web
server and can be viewed using a web browser.

A web page can cotain huge information including text, graphics, audio, video and hyper
links. These hyper links are the link to other web pages.

Collection of linked web pages on a web server is known as website. There is unique
Uniform Resource Locator (URL) is associated with each web page.

Static Web page

Static web pages are also known as flat or stationary web page. They are loaded on the
client’s browser as exactly they are stored on the web server. Such web pages contain only
static information. User can only read the information but can’t do any modification or
interact with the information.

Static web pages are created using only HTML. Static web pages are only used when the
information is no more required to be modified.

Computer Networks Page 24

Dynamic Web page

Dynamic web page shows different information at different point of time. It is possible
to change a portaion of a web page without loading the entire web page. It has been made
possible using Ajax technology.

Server-side dynamic web page

It is created by using server-side scripting. There are server-side scripting parameters that
determine how to assemble a new web page which also include setting up of more client-
side processing.

Client-side dynamic web page

It is processed using client side scripting such as JavaScript. And then passed in to
Document Object Model (DOM).

4. Explain about Hyper Text Transfer Protocol(HTTP).(Nov 2013)

 The Hypertext Transfer Protocol (HTTP) is an application protocol for

distributed, collaborative, hypermedia information systems. HTTP is the
foundation of data communication for the World Wide Web.

 HTTP is based on the client-server architecture model and a stateless

request/response protocol that operates by exchanging messages across a
reliable TCP/IP connection.

 HTTP makes use of the Uniform Resource Identifier (URI) to identify a given
resource and to establish a connection.
 Once the connection is established, HTTP messages are passed in a format similar
to that used by the Internet mail [RFC5322] and the Multipurpose Internet Mail
Extensions (MIME) [RFC2045].

Computer Networks Page 25

  These messages include requests from client to server and responses from
server to client which will have the following format:
 HTTP-message = <Request> | <Response> ; HTTP/1.1 messages

Connections

 Let us consider a Web page with two embedded images on the same server. The
URLs of the images are determined as the main page is fetched, so they are fetched
after the main page.
 The page is fetched with a persistent connection. That is, the TCP connection is
opened at the beginning, then the same three requests are sent, one after the other
as before, and only then is the connection closed.
 There is one persistent connection and the requests are pipelined. Specifically, the
second and third requests are sent in rapid succession as soon as enough of the
main page has been retrieved to identify that the images must be fetched.
 This method cuts down the time that the server is idle, so it further improves
performance.

HTTP with (a) multiple connections and sequential requests.

(b) A persistent connection and sequential requests.

(c) A persistent connection and pipelined requests.

Methods

HTTP - Requests

An HTTP client sends an HTTP request to a server in the form of a request message which
includes following format:

 A Request-line

Computer Networks Page 26

  Zero or more header (General|Request|Entity) fields followed by CRLF
 An empty line (i.e., a line with nothing preceding the CRLF)
 indicating the end of the header fields
 Optionally a message-body

Request-Line

The Request-Line begins with a method token, followed by the Request-URI and the
protocol version, and ending with CRLF. The elements are separated by space SP
characters.

Request-Line = Method SP Request-URI SP HTTP-Version CRLF

Request Method

The request method indicates the method to be performed on the resource identified by
the given Request-URI. The method is case-sensitive and should always be mentioned
in uppercase. The following table lists all the supported methods in HTTP/1.1.

GET
 The GET method is used to retrieve information from the given server using a given
URI. Requests using GET should only retrieve data and should have no other effect
on the data.
HEAD
 Same as GET, but transfers the status line and header section only.
POST
 A POST request is used to send data to the server, for example, customer
information, file upload, etc. using HTML forms.
PUT
 Replaces all current representations of the target resource with the
uploaded content.
DELETE
 Removes all current representations of the target resource given by a URI.
CONNECT
 Establishes a tunnel to the server identified by a given URI.
OPTIONS
 Describes the communication options for the target resource.
TRACE
 Performs a message loop-back test along the path to the target resource.

Computer Networks Page 27

HTTP - Status Codes
The Status-Code element in a server response, is a 3-digit integer where the first digit of the
Status-Code defines the class of response and the last two digits do not have any
categorization role. There are 5 values for the first digit:

Code and Description

1xx: Informational:It means the request has been received and the process is continuing.
2xx: Success:It means the action was successfully received, understood, and accepted.
3xx: Redirection:It means further action must be taken in order to complete the request.
4xx: Client Error:It means the request contains incorrect syntax or cannot be fulfilled.
5xx: Server Error:It means the server failed to fulfill an apparently valid request.

Message Types

HTTP messages consist of requests from client to server and responses from server to
client.

HTTP-message = Request | Response ; HTTP/1.1 messages

Request and Response messages use the generic message format of RFC 822 [9] for
transferring entities (the payload of the message).

Both types of message consist of a start-line, zero or more header fields (also known as
"headers"), an empty line (i.e., a line with nothing preceding the CRLF) indicating the end of
the header fields, and possibly a message body.

generic-message = start-line
*(message-header CRLF)
CRLF
[ message-body ]
start-line = Request-Line | Status-Line

Message Headers

HTTP - Header Fields

HTTP header fields provide required information about the request or response, or about the
object sent in the message body. There are four types of HTTP message headers:

Computer Networks Page 28

  General-header: These header fields have general applicability for both request
and response messages.
 Client Request-header: These header fields have applicability only for
request messages.
 Server Response-header: These header fields have applicability only for response
messages.
 Entity-header: These header fields define meta information about the entity-
body or, if no body is present, about the resource identified by the request.

Caching

People often return to Web pages that they have viewed before, and related Web pages
often have the same embedded resources. It would be very wasteful to fetch all of these
resources for these pages each time they are displayed because the browser already has a
copy. Squirreling away pages that are fetched for subsequent use is called caching.
 The first strategy is page validation (step 2).
 The cache is consulted, and if it has a copy of a page for the requested URL that is
known to be fresh (i.e., still valid), there is no need to fetch it a new from the server.
 It is to ask the server if the cached copy is still valid. This request is a conditional
GET, and it is shown in Fig( step 3).
 If the server knows that the cached copy is still valid, it can send a short reply to say
so (step 4a).
 Otherwise, it must send the full response (step 4b).

HTTP caching.

5. Write short note on network security.(Nov 2011) (OR)

Explain in detail about the principles of cryptography?(Nov 2011,May 2013)

Cryptography

• Introduction
• Substitution ciphers
• Transposition ciphers

Computer Networks Page 29

Introduction To Cryptography
 Cryptography comes from the Greek words for ‘‘secret writing.’’
 A cipher is a character-for-character or bit-for-bit transformation, without regard
to the linguistic structure of the message. In contrast, a code replaces one word with
another word or symbol.
 The messages to be encrypted, known as the plaintext, are transformed by a
function that is parameterized by a key.
 The output of the encryption process, known as the ciphertext, is then transmitted,
often by messenger or radio.
 Sometimes the intruder can not only listen to the communication channel (passive
intruder) but can also record messages and play them back later, inject his own
messages, or modify legitimate messages before they get to the receiver (active
intruder).
 The art of breaking ciphers, known as cryptanalysis, and the art of devising them
(cryptography) are collectively known as cryptology.

It will often be useful to have a notation for relating plaintext, ciphertext, and keys. We will
use C =EK(P) to mean that the encryption of the plaintext P using key K gives the ciphertext
C. Similarly, P=DK(C) represents the decryption of C to get the plaintext again. It then
follows that
DK(EK(P)) =P
This notation suggests that E and D are just mathematical functions, to distinguish it from
the message.

The encryption model (for a symmetric-key cipher)

Computer Networks Page 30

Substitution Ciphers

• Substitution Cipher
– Changes characters in the plaintext to produce the ciphertext.
– where letters of plaintext are replaced by other letters or by numbers or
symbols
– or if plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with ciphertext bit patterns
• Examples
– Caesar Cipher
– Vigenere Cipher
– One Time Pad
• Caesar Cipher
– Consider the plaintext to be the letters A,B,C,...,Z.
– Now shift the sequence, say, by 3 to get D,E,F,...Z,A,B,C.
– Then the cipher text becomes D for A, E for B, and so on.
– If each letter is represented by integers 0,1,...,25, we can describe this process
as C=(M + K) mod 26, where the key is K=3.
– earliest known substitution cipher
– by Julius Caesar
– first attested use in military affairs
– replaces each letter by 3rd letter on
example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
• can define transformation as:
abcdefghijklmnopqrstuvwxyz
DEFGHIJKLMNOPQRSTUVWXYZABC
• mathematically give each letter a number
abcdefghijklm
0 1 2 3 4 5 6 7 8 9 10 11 12
nopqrstuvwxyZ
13 14 15 16 17 18 19 20 21 22 23 24 25
• then have Caesar cipher as:
C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)

Cryptanalysis of Caesar Cipher

• only have 26 possible ciphers
– A maps to A,B,..Z

Computer Networks Page 31

 • could simply try each in turn
• a brute force search
• given ciphertext, just try all shifts of letters
• do need to recognize when have plaintext
• eg. break ciphertext "GCUA VQ DTGCM"

Monoalphabetic Cipher
• rather than just shifting the alphabet
• could shuffle (jumble) the letters arbitrarily
• each plaintext letter maps to a different random ciphertext letter
• hence key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

Monoalphabetic Cipher Security

• now have a total of 26! = 4 x 1026 keys
• with so many keys, might think is secure
• but would be !!!WRONG!!!
• problem is language characteristics

Playfair Cipher
• not even the large number of keys in a monoalphabetic cipher provides security
• one approach to improving security was to encrypt multiple letters
• the Playfair Cipher is an example
• invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair

Playfair Key Matrix

• a 5X5 matrix of letters based on a keyword
• fill in letters of keyword (sans duplicates)
• fill rest of matrix with other letters
• eg. using the keyword MONARCHY
MONAR
CHYBD
EFGIK
LPQST
UVWXZ

Computer Networks Page 32

Polyalphabetic Ciphers
• another approach to improving security is to use multiple cipher alphabets
• called polyalphabetic substitution ciphers
• makes cryptanalysis harder with more alphabets to guess and flatter frequency
distribution
• use a key to select which alphabet is used for each letter of the message
• use each alphabet in turn
• repeat from start after end of key is reached

Vigenère Cipher
– The Vigenère cipher chooses a sequence of keys, represented by a string.
– Key letters are applied to successive plaintext.
– When the end of the key sequence is reached, the key starts over again.
– The length of the key is called the period of the cipher.
– simplest polyalphabetic substitution cipher is the Vigenère Cipher
– effectively multiple caesar ciphers
– key is multiple letters long K = k1 k2 ... kd
– ith letter specifies ith alphabet to use
– use each alphabet in turn
– repeat from start after d letters in message
– decryption simply works in reverse
Example
• write the plaintext out

• write the keyword repeated above it

• use each key letter as a caesar cipher key

• encrypt the corresponding plaintext letter

• eg using keyword deceptive

key: deceptivedeceptivedeceptive

plaintext: wearediscoveredsaveyourself

– ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
One-Time Pad
– A variant of the Vigenère cipher.
– The key is chosen at random.
– The length of the key is at least as long as that of the message, and so it does
not repeat.

Computer Networks Page 33

 – if a truly random key as long as the message is used, the cipher will be secure

– called a One-Time pad

– is unbreakable since ciphertext bears no statistical relationship to the

plaintext

– since for any plaintext & any ciphertext there exists a key mapping one to
other

– can only use the key once though

– have problem of safe distribution of key

Transposition Ciphers

• now consider classical transposition or permutation ciphers

• these hide the message by rearranging the letter order

• without altering the actual letters used

• can recognise these since have the same frequency distribution as the original text

Rail Fence cipher

• write message letters out diagonally over a number of rows

• then read off cipher row by row

• eg. write message out as:

mematrhtgpr

yetefeteoaat

• giving ciphertext

MEMATRHTGPRYETEFETEOAAT

Row Transposition Ciphers

• a more complex scheme

• write letters of message out in rows over a specified number of columns

• then reorder the columns according to some key before reading off the rows

Computer Networks Page 34

Key: 3421567

Plaintext: a t t a c k p

ostpone

duntiltw

oamxyz

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

7. Discuss briefly about Public-key Algorithms(RSA).

RSA(Rivest,Shamir,adleman)

RSA Algorithm
 It was developed by Rivest, Shamir and Adleman. This algorithm makes use of an
expression with exponentials.
 Plaintext is encrypted in blocks, with each block having a binary value less than
some number n.
 That is, the block size must be less than or equal to log2 (n); in practice, the block
size is k-bits, where 2k < n < 2k+1.
 Encryption and decryption are of the following form, for some plaintext block M and
ciphertext block C:
C = Me mod n
M = Cd mod n = (Me mod n) mod n
= (Me) d mod n
= Med mod n

Both the sender and receiver know the value of n. the sender knows the value of e and only
the receiver knows the value of d. thus, this is a public key encryption algorithm with a
public key of KU = {e, n} and a private key of KR = {d, n}.

For this algorithm to be satisfactory for public key encryption, the following requirements
must be met:

It is possible to find values of e, d, n such that Med = M mod n for all M<n.

 It is relatively easy to calculate Me and Cd for all values of M<n.

 It is infeasible to determine d given e and n.

Computer Networks Page 35

Let us focus on the first requirement. We need to find the relationship of the

Med = M mod n
A corollary to Euler’s theorem fits the bill: Given two prime numbers p and q and two
integers, n and m, such that n=pq and 0<m<n, and arbitrary integer k, the following
relationship holds

mkФ(n) +1 = mk(p-1)(q-1) +1 = m mod n

where Ф(n) – Euler totient function, which is the number of positive integers less than n
and relatively prime to n.

we can achieve the desired relationship,

if ed = kФ(n)+1
This is equivalent to saying:
ed ≡ 1 mod Ф(n)
d = e-1 mod Ф(n)

That is, e and d are multiplicative inverses mod Ф(n). According to the rule of modular
arithmetic, this is true only if d (and therefore e) is relatively prime to Ф(n). Equivalently,
gcd(Ф(n), d) = 1.
The steps involved in RSA algorithm for generating the key are
 Select two prime numbers, p = 17 and q = 11.

 Calculate n = p*q = 17*11 = 187

 Calculate Ф(n) = (p-1)(q-1) = 16*10 = 160.

 Select e such that e is relatively prime to Ф(n) = 160 and less than Ф(n); we choose e
= 7.

 Determine d such that ed ≡ 1 mod Ф(n) and d<160. the correct value is d = 23,
because 23*7 = 161 = 1 mod 160.

The RSA algorithm is summarized below.

Key Generation
 Select p, q p ,q both prime p!=q
 Calculate n = p x q
 Calculate Ф (n) = (p -l)(q - 1)
 Select integer e gcd(Ф (n), e) = 1; 1< e< Ф (n)

Computer Networks Page 36

  Calculate d d= e-1mod Ф (n)

Public key KU = { e,n}

Private key KR = {d,n}
Encryption
Plaintext M<n
Ciphertext C = Me (mod n)
Decryption
Ciphertext C
Plaintext M = Cd (mod n)

Security of RSA
There are three approaches to attack the RSA:
 brute force key search (infeasible given size of numbers)
 mathematical attacks (based on difficulty of computing ø(N), by factoring modulus
N)
 timing attacks (on running time of decryption)

8. What is Authentication? How it is different from authorization? Explain in brief

about different authentication protocols.(April/May 2012)

Authentication

Authentication is any process by which a system verifies the identity of a User who wishes
to access it. Since Access Control is normally based on the identity of the User who requests
access to a resource, Authentication is essential to effective Security.

Authorization

Authorization is the process of giving someone permission to do or have something.

Authorization or authorisation is the function of specifying access rights to resources

Computer Networks Page 37

related to information security and computer security in general and to access control in
particular.

Authentication Protocol-Kerberos

Kerberos was created by Massachusetts Institute of Technology as a solution to many

network security problems. It is being used in the MIT campus for reliability. The basic
features of Kerberos may be put as:

 It uses symmetric keys.

 Every user has a password ( key from it to the Authentication Server )
 Every application server has a password.
 The passwords are kept only in the Kerberos Database.
 The Servers are all physically secure.(No unauthorized user has access to them.)
 The user gives the password only once.
 The password is not sent over the network in plain text or encrypted form.
 The user requires a ticket for each access.

1. Authentication Server (AS): Verifies users during login.

2. Ticket-Granting Server (TGS): Issues ‘‘proof of identity tickets.’’
3. Bob the server: Actually does the work Alice wants performed.

A diagrammatic representation of the interfaces involved in Kerberos may be put as:

Computer Networks Page 38

The exchanges of information between the want of transaction by a User with the
application server and the time that they actually start exchanging data may be put as:

1. Client to the Authentication Server(AS): The following data in plain text form are
sent:
o Username.
o Ticket Granting Server(TGS) name.
o A nonce id 'n'.
2. Response from the Authentication Server(AS) to the Client: The following data in
encrypted form with the key shared between the AS and the Client is sent:
o The TGS session key.
o The Ticket Granting Ticket. This contains the following data encrypted
with the TGS password and can be decrypted by the TGS only.

Username.

The TGS name.

The Work Station address.

The TGS session key.
o The nonce id 'n'.
3. Client to the Ticket Granting Server: This contains the following data
o The Ticket Granting ticket.
o Authenticator.
o The Application Server.
o The nonce id 'n'
4. Ticket Granting Server to the Client: The following data encrypted by the
TGS session key is sent:
o The new session key.
o Nonce id 'n'
o Ticket for the application server- The ticket contains the following data
encrypted by the application servers' key:

Username

Server name

The Workstation address

The new session key.

After these exchanges the identity of the user is confirmed and the normal exchange of data
in encrypted form using the new session key can take place. The current version of
Kerberos being developed is Kerberos V5.

Computer Networks Page 39

Types of Tickets
1. Renewable Tickets: Each ticket has a timer bound , beyond that no authentication
exchange can take place . Applications may desire to hold tickets which can be valid
for long periods of time.
2. Post Dated Tickets: Applications may occasionally need to obtain tickets for use
much later, e.g., a batch submission system would need tickets to be valid at the time
the batch job is serviced. Proxiable Tickets: At times it may be necessary for a
principal to allow a service to perform an operation on its behalf. The service must
be able to take on the identity of the client, but only for a particular purpose
3. Forwardable Tickets: Authentication forwarding is an instance of the proxy case
where the service is granted complete use of the client's identity.

Time Stamps:
 Authentication: This is the time when i first authenticated myself .
 Start: This is the time when valid period starts.
 End: This is the time when valid period ends.
 Renewal time: This is the time when ticket is renewed.
 Current time: This time is for additional security. This stops using old packets. Here
we need to synchronize all clocks.

Cross Realm Authentication

 The Kerberos protocol is designed to operate across organizational boundaries. A
client in one organization can be authenticated to a server in another.
 Each organization wishing to run a Kerberos server establishes its own "realm".
 The name of the realm in which a client is registered is part of the client's name, and
can be used by the end-service to decide whether to honor a request.

Limitations of Kerberos
 Password Guessing: Anyone can get all privileges by cracking password.
 Denial-of-Service Attack: This may arise due to keep sending request to invalid
ticket.
 Synchronization of Clock: This is the most significant limitation to the kerberos.

Computer networks Page 40

 PONDICHERRY UNIVERSITY QUESTIONS
2 MARKS
1.Define DNS?(Nov 2011) (Pg. No.2 )(Qn. No.2)
2.What is SMTP?(Nov 2011) (Pg. No.3 )(Qn. No.6)
3. What is the function of SMTP?(Nov/Dec 2014) (Pg. No.3 )(Qn. No.7)
4.What is the use of Internet Control Message Protocol?(April/May 2014)(Nov/Dec
2014) (Pg. No.3 )(Qn. No.4)
5.What is a CGI?(April/May 2012) (Pg. No.4 )(Qn. No.13)
6.Why HTTP is said to be stateless protocol?(April/May 2012)(Pg. No.4 )(Qn. No.16)
7.Give the format of HTTP response message?(Nov/Dec 2014 )(Pg.No.4 )(Qn. No.17)
8.What is meant by Network Security?(May 2013) (Pg. No.5)(Qn. No.18)
9.Who are the people who cause security problem?(April/May 2012)(Pg. No.5 )(Qn.
No.19)
10.Define Cryptography?(Nov 2011) (Pg. No.5 )(Qn. No.20)
11.What is Cipher Text?(Nov 2012) (Pg. No.5)(Qn. No.21)

11MARKS

1.Explain the two fundamental cryptography principles.(Nov/Dec 2011) (Pg. No.43)(Qn.

No.6)
2. Write short note on network security.(Nov /Dec 2011) (Pg. No.43)(Qn. No.5)

1.Describe the various fields in a DNS message?(April/May 2012(Pg.No.7)(Qn. No.1)

2.Explain the basic function of Electronic Mail (e-mail) system.(April/May 2012) (Pg.
No.12)(Qn. No.2)
3.What is Authentication? How it is different from authorization? Explain in brief about
different authentication protocols.(April/May 2012) (Pg. No.48)(Qn. No.8)

1.Describe the services provided by DNS.(Nov 2012) (Pg. No.7)(Qn. No.6)

1.Explain in detail about the principles of cryptography?(April/May 2013)(Pg.

No.43)(Qn. No.6)
Nov/Dec 2013
1.Explain about Hyper Text Transfer Protocol(HTTP).(Nov/Dec2013)(Pg. No.35)(Qn.
No.4)

1.Explain the function of three major components used in the internet Electronic Mail (e-
mail) system.(April/May 2014) (Pg. No.12)(Qn. No.2)
2.Discuss the services provided by the Internet’s domain name system(DNS). (April/May
2014)(Pg.No.7)(Qn. No.1)

1. What is MIME in email? Describe in detail the use of different agents involved for
transmitting an email message from a source to a destination.(April 2015) (Pg.
No.11)(Qn. No.2)

Computer Networks Page 41