How the Internet works

I’m using clips from Jessica McKellar’s How the Internet works

Summary

• DNS (who: name to address mapping)
• Internet Protocol/IP (where: addressing and routing)
• Transmission Control Protocol/TCP (how: reliably deliver data)
• Application: HTTP (what: is requested )
  • Cookies
• Markup: HTML
• Locators: URLs
• Security
  • shared secret for confidentiality
  • public key to exchange secret
  • certificate to authenticate public key

Protocol

DNS

IP

TCP

HTTP

Conclude

Protocol recap

URL Syntax

  http://example.com:8042/over/there?name=ferret#nose
  \_/   \__________/\___/\_________/ \_________/ \__/
   |       |          |       |          |        |
scheme  authority    port    path      query   fragment

• queries are used for dynamic/database websites
• fragments takes you a view of a page (e.g., syllabus)

HTTP Client request

You type:

http://www.example.com/Index.Html

Your browser sends:

GET /Index.Html HTTP/1.1
Host: www.example.com

HTTP Server response

HTTP/1.1 200 OK
Date: Mon, 23 May 2005 22:38:34 GMT
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
ETag: "3f80f-1b6-3e1cb03b"
Content-Type: text/html; charset=UTF-8
Content-Length: 131
Accept-Ranges: bytes
Connection: close

<html>
<head>
  <title>An Example Page</title>
</head>
<body>
  Hello World, this is a very simple HTML document.
</body>
</html>

HTML

<html>
<head>
  <title>An Example Page</title>
</head>
<body>
  Hello World, this is a very simple HTML document.
</body>
</html>

Internet Metaphor

• You want to send a request for a magazine article to Sally, and the envelopes (packets) are small: one sentence per envelope.
• You look up Sally and find her address and zipcode (DNS to find IP number)
• You drop your five packets addressed to Sally in the mailbox; they flow through the postal network (IP)
• Sally gets all but one of your packets, sends a post card asking you to resend it (TCP)
• Once done, she breaks up the article into packets and sends them to you

Request

GET /index.html HTTP/1.1
Host: www.example.org
...

The server won’t know who you are.

Server sets cookie

HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: theme=light
Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT
...

The server asks you to store and resend this information when you next visit.

Next request

GET /spec.html HTTP/1.1
Host: www.example.org
Cookie: theme=light; sessionToken=abc123
...

The server will know your previously set preferences.

Cookie recap

• A cookie is a short bit of information a server asks you to remember and send next time you visit
  • It might be your preferred theme, language, or a unique ID keyed to other info in their database
• Third-party cookies are from sites that you did not intentionally visit, but they served you content embedded in the HTML, like images and ads
  • If the same third-party serves your ads across multiple sites, they will know you were on those different sites

Caesar cipher

What message is this??

the ciphertext “fuxppb” has been shifted forward 3 letters?

Symmetric key encryption

Public key encryption

Private key signature

Crypto recap

Certificates

How do you it’s really Bob’s (public) key?

TLS (Transport Layer Security)

(used by HTTPS and replaces SSL)

Security recap

• symmetric ciphers use shared secrets to encrypt message
• asymmetric public keys allow you to share a secret securely
• certificates assure that a public key really belongs to who it says it does

Malware

worm (autonomous); virus (dependent); Trojan (non-self-replicating); bots (remote controlled)

Protect yourself

Summary

• DNS (who: name to address mapping)
• Internet Protocol/IP (where: addressing and routing)
• Transmission Control Protocol/TCP (how: reliably deliver data)
• Application: HTTP (what: is requested )
  • Cookies
• Markup: HTML
• Locators: URLs
• Security
  • confidentiality: cipher + secret/key
  • exchanging secret: public key
  • authenticate public key: certificate

FAQ

• What is a computer “bug”? (Hopper 1946)

Protocol match

Cookie

1. How can a website keep a lot of data on you but have a small cookie?
2. Where is a 3rd party cookie stored?
3. Where did it come from?

Security

What are the three important components of web security?

• confidentiality: cipher + symmetric secret/key
• exchanging secret: asymmetric public/private keys
• authenticate public key: certificate

What message is this?

The ciphertext “gljlwdo” has been shifted forward 4 letters.

1. gljlwdo
2. fkikvcn
3. ejhjubm
4. digital

▶