Internet 101
Joseph Reagle
Internet
How the Internet works
I’m using clips from Jessica McKellar’s How the Internet works
Summary
- DNS (who: name to address mapping)
- Internet Protocol/IP (where: addressing and routing)
- Transmission Control Protocol/TCP (how: reliably deliver data)
- Application: HTTP (what: is requested )
- Cookies
- Markup: HTML
- Locators: URLs
- Security
- shared secret for confidentiality
- public key to exchange secret
- certificate to authenticate public key
Protocol
DNS
IP
TCP
HTTP
Conclude
Protocol recap
Web
URL Syntax
http://example.com:8042/over/there?name=ferret#nose
\_/ \__________/\___/\_________/ \_________/ \__/
| | | | | |
scheme authority port path query fragment- queries are used for dynamic/database websites
- fragments takes you a view of a page (e.g., syllabus)
HTTP Client request
You type:
http://www.example.com/Index.HtmlYour browser sends:
GET /Index.Html HTTP/1.1
Host: www.example.comHTTP Server response
HTTP/1.1 200 OK
Date: Mon, 23 May 2005 22:38:34 GMT
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
ETag: "3f80f-1b6-3e1cb03b"
Content-Type: text/html; charset=UTF-8
Content-Length: 131
Accept-Ranges: bytes
Connection: close
<html>
<head>
<title>An Example Page</title>
</head>
<body>
Hello World, this is a very simple HTML document.
</body>
</html>HTML
<html>
<head>
<title>An Example Page</title>
</head>
<body>
Hello World, this is a very simple HTML document.
</body>
</html>Internet Metaphor
- You want to send a request for a magazine article to Sally, and the envelopes (packets) are small: one sentence per envelope.
- You look up Sally and find her address and zipcode (DNS to find IP number)
- You drop your five packets addressed to Sally in the mailbox; they flow through the postal network (IP)
- Sally gets all but one of your packets, sends a post card asking you to resend it (TCP)
- Once done, she breaks up the article into packets and sends them to you
Cookies
Request
GET /index.html HTTP/1.1
Host: www.example.org
...The server won’t know who you are.
Server sets cookie
HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: theme=light
Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT
...The server asks you to store and resend this information when you next visit.
Next request
GET /spec.html HTTP/1.1
Host: www.example.org
Cookie: theme=light; sessionToken=abc123
...The server will know your previously set preferences.
Cookie recap
- A cookie is a short bit of information a server asks you to remember
and send next time you visit
- It might be your preferred theme, language, or a unique ID keyed to other info in their database
- Third-party cookies are from sites that you did not intentionally
visit, but they served you content embedded in the HTML, like
images and ads
- If the same third-party serves your ads across multiple sites, they will know you were on those different sites
Security
The Greeks
Histiaeus is said to have tattooed a message on a slave’s head and let the hair grow in.
Caesar cipher
What message is this??
the ciphertext “fuxppb” has been shifted forward 3 letters?
fuxppbetwooadsvnnzcrummy
Symmetric key encryption
Public key encryption
Private key signature
Crypto recap
Certificates
How do you it’s really Bob’s (public) key?
TLS (Transport Layer Security)
(used by HTTPS and replaces SSL)
Security recap
- symmetric ciphers use shared secrets to encrypt message
- asymmetric public keys allow you to share a secret securely
- certificates assure that a public key really belongs to who it says it does
Threats
Malware
worm (autonomous); virus (dependent); Trojan (non-self-replicating); bots (remote controlled)
Protect yourself
Conclusion
Summary
- DNS (who: name to address mapping)
- Internet Protocol/IP (where: addressing and routing)
- Transmission Control Protocol/TCP (how: reliably deliver data)
- Application: HTTP (what: is requested )
- Cookies
- Markup: HTML
- Locators: URLs
- Security
- confidentiality: cipher + secret/key
- exchanging secret: public key
- authenticate public key: certificate
Ask Dr. Reagle!
FAQ
- What is a computer “bug”? (Hopper 1946)
Review
Protocol match
| a. DNS | 1. location of Web resource |
| b. IP | 2. reliably deliver data |
| c. TCP | 3. addressing and routing |
| d. HTTP | 4. marked up Webpage content |
| e. HTML | 5. requesting Web resource |
| f. URL | 6. name to IP mapping |
Cookie
- How can a website keep a lot of data on you but have a small cookie?
- Where is a 3rd party cookie stored?
- Where did it come from?
Security
What are the three important components of web security?
- confidentiality: cipher + symmetric secret/key
- exchanging secret: asymmetric public/private keys
- authenticate public key: certificate
What message is this?
The ciphertext “gljlwdo” has been shifted forward 4 letters.
gljlwdofkikvcnejhjubmdigital