Lecture Overview

Network Protocols

Network Protocols.

TCP/IP and the kernel provide an API where we specify the destination address, destination port, and an arbitrary data payload. It is up to the individual program like our python program to format the bits in the payload so that the recipient understands what we are trying to send. A network protocol is a set of rules for how messages are encoded into bits and what their meaning is. A network protocol consists of two things. A syntax which is the set of rules for how messages are encoded to bits and a semantics which are the meanings of each message.

For example, SMTP is the protocol for sending email. It is instructive to glance through the example: the lines starting with S are what is sent by the server and the lines starting with C are what is sent by the client. Each line is a single message and will usually be sent in a single packet. The protocol rules list the syntax of each message and what each message means. In python, the smtplib module implements the SMTP protocol.

Another important protocol is DNS. The kernel and TCP/IP only deal with addresses, not names like www.math.uic.edu. DNS is the protocol used to lookup names to addresses. Again DNS lookup is the responsibility of the program like our python program, but in python (and most languages) we can take advantage of modules to do it for us. Indeed, the smtplib module will first send a DNS packet requesting the address before sending the actual SMTP packets.

HTTP

The main protocol of the internet is HTTP. It is a document/resource request-response protocol.

• The client (which is some program like a python program) can request a document by sending a message with a request to obtain some path.
• The server (which is also some program and could also be written in python) responds with the contents of the document or resource with the given path. The document or resource could be computed on the fly by code running in the server and this is how dynamic webpages are built.
• Resources are identified by their URL, which contains the protocol, the domain name which will be looked up to an IP address, the port, and the path to the resource.
• The contents of the resource can be anything: images, movies, CSV, JSON, etc. But for the world wide web, the main document format is HTML. Hint: a good exam problem is what is the difference between HTTP and HTML?
• See the example
• In python, a HTTP client is implemented by the urllib module and the urllib.request module. The main function is urlopen, which is given an URL and returns a file-like object. In particular, the file-like object can be passed to the csv or json modules or many other modules to interpret the data.

HTTPS

Recall the encryption schemes I talked about a few weeks ago:

• Symmetric encryption uses a shared secret key to encrypt messages and is very fast. The main symmetric encryption algorithm is AES.

• Asymetric encryption (also called public-key cryptography). Alice has a public and private key with two properties. First, using Alice's public key anyone can send encrypted messages to Alice. Secondly, using Alice's private key, she can create a signature of any document. Anyone can then verify Alice's signature if they have the document and the public key. This is the basis for HTTPS.

HTTPS is a protocol which specifies that the bits transmitted in the payload are AES encrypted HTTP requests and responses (the encryption part is specified under the name SSL). But that leaves open the question of how does Firefox and the web server obtain the shared secret key for AES? The danger is what we call a man in the middle attack. Say Alice is browsing with Firefox and Eve is attempting to eavesdrop on the transmitted messages. If Eve can intercept the packets between Firefox and the web server, she can modify them in the following way. When Alice and the web-server are initially transmitting the AES secret key, Eve can intercept Alice's packets and pretend to be the web-server. Eve can then send packets to the actual web server pretending to be Alice. So Alice sets up an AES secret key she shares with Eve, and Eve sets up an AES secret key she shares with the webserver. Now whenever a HTTPS request comes from Alice, Eve decrypts it using the shared secret with Alice and then re-encrypts it with the shared secret Eve has with the web-server. In this way Eve sees the contents of all messages.

SSL protects against this attack via the following technique:

• There are a large number of certificate authorities, which are organizations that have a public key which is included as part of the browser or operating system. You can see Firefox's list here.
• When setting up a web server, the web server owner (say Bob) creates a public-private key pair.
• Bob sends the public key to a certificate authority and the certificate authority creates a signature of the public key plus a message with Bob's name and such. This signature is sent back to Bob. Bob combines his public key and the signature into a certificate (which is just a bunch of bits in some format).
• Now say Alice connects to Bob's server using Firefox. The first thing Bob's server sends is his public key plus the certificate. Alice, using the certificate authority's public key stored inside Firefox, verifies the signature is correct. You can actually see the certificate inside Firefox if you right click, go to "View Page Info", go to security tab, and click view certificate.
• Now that Alice is confident that this public key is actually Bob's key (and not Eve's), Alice picks a random AES secret key, encrypts the secret key using Bob's public key, and sends it to the web server.
• Alice and the web-server now have a shared secret key for AES so the actual HTTP request-response now takes place encrypted via AES.

Exercises

• Send yourself an email to your uic.edu address using the example code from the stmtplib example. You can copy the code exactly, except on line reading server = smtplib.SMTP('localhost') you must change to server = smtplib.SMTP('bcuda-east.cc.uic.edu'). This server bcuda-east.cc.uic.edu will only accept message sent to uic.edu addresses. If you are interested, I found bcuda-east.cc.uic.edu by going to this page and entered uic.edu.

• You don't have to do it for the homework, but If you want to send to arbitrary addresses, you would have to change to use SMTP_SSL, call login, and use these settings which is mail.uic.edu on port 465. You could give it a try. Most servers require login before sending to arbitrary addresses in an effort to cut down on spam (or at least be able to track where spam is coming from). Also, it is very normal design is to have a server which requires login (mail.uic.edu) and a different server accepting email without login (in fact uic has four) but only for uic.edu addresses.

• Update your earthquake solution from from Day 18 to use urllib.request.urlopen to download the CSV data directly instead of opening it from a file. The result from urlopen can be passed to csv using code like:

with urlopen(...) as webpage:
    reader = csv.reader(webpage.read().decode('utf-8').splitlines())

This decodes the webpage as UTF-8, splits it into lines, and passes that result to the csv reader function.