De La Salle University Science and Technology Complex

Gokongwei College of Engineering

Electronics Engineering

RECENT PROTOCOLS IN TCP/IP

LAYERS
Project in DATCOMU

Submitted By:
Diane Aclo
Jerome Cansado
Ed Lorence De Guzman
Christian Glenn Hatol
Sean Francis Natividad
Aeysol Rosaldo

APPLICATION LAYER
Simple Sensor Interface Protocol
The SSI protocol is asynchronous and stateless. The SSI protocol command
structure consists of three parts:
Header
Payload
Optional CRC checksum.
The header structure and length may change from case to case, but the
payload structure is always the same. Here are presented two different five
byte header structures; UART (point-to-point) connection and embedded
networking (nanoIP). The SSI protocol byte order is Big Endian (most
significant byte first).

SSI UART Protocol

SSI UART protocol is based on command messages as shown in figure 3
below. All messages use the same frame format with a header, a message
body and an optional two byte CRC checksum.

Figure 1: SSI UART protocol command structure

Each message frame contains a 5-byte header and a varying size payload.
Message header contains

A start byte equal to 0xFE

Length of the message in bytes
Bitwise NOT of the length, to help identifying frame start
Payload (Device address, Command code (a-z, A-Z), etc.)
CRC checksum (optional)

The optional CRC checksum is present in the message frame only when the
command code is written in lower case (a-z). The CRC checksum is

calculated over the payload part. If the CRC is not correct, the message has
to be ignored.

Figure 2: An example of the SSI UART protocol message

SSI Networking Protocol

The SSI protocol also has the capability to be used over layer 3 networking
protocols such as TCP/IP or nanoIP. The nanoIP is a minimal networking
protocol for use with very limited devices over a single subnet. The nanoIp
development work is done in the University of Oulu, CWC center.

Figure 3: SSI nanoUDP message format

In the nanoIP case the five byte header consists of

A protocol and flag byte for nanoIP usage only

LenH msb byte of the payload and CRC length
LenL lsb byte of the payload and CRC length
Source port number
Destination port number (0x28)

When a node sends a packet using the SSI protocol over nanoIP, the SSI
protocol frame will be encapsulated in a nanoUDP header (5 bytes), which
contains the length and 40 (0x28) for the source and destination ports.
Session Initiation Protocol

SIP, the session initiation protocol, is the IETF protocol for VOIP and other text
and multimedia sessions, like instant messaging, video, online games and
other services.

Figure 4: Client-to-client Link using SIP

SIP is very much like HTTP, the Web protocol, or SMTP. Messages consist of
headers and a message body. SIP message bodies for phone calls are defined
in SDP -the session description protocol. SIP is a text-based protocol that
uses UTF-8 encoding. It uses port 5060 both for UDP and TCP.
SIP offers all potentialities of the common Internet Telephony features like:
call or media transfer
call conference
call hold

Figure 5: SIP being used for Voice over wireless network

Since SIP is a flexible protocol, it is possible to add more features and keep
downward interoperability. However, it also does suffer from NAT or firewall
restrictions.
SIP can be regarded as the enabler protocol for telephony and voice over IP
(VoIP) services. The following features of SIP play a major role in the
enablement of IP telephony and VoIP:
Name Translation and User Location: Ensuring that the call reaches the
called party wherever they are located. Carrying out any mapping of
descriptive information to location information. Ensuring that details of
the nature of the call (Session) are supported.
Feature Negotiation: This allows the group involved in a call (this may
be a multi-party call) to agree on the features supported
recognizing that not all the parties can support the same level of
features. For example video may or may not be supported; as any form
of MIME type is supported by SIP, there is plenty of scope for
negotiation.
Call Participant Management: During a call a participant can bring
other users onto the call or cancel connections to other users. In
addition, users could be transferred or placed on hold.
Call feature changes: A user should be able to change the call
characteristics during the course of the call. For example, a call may
have been set up as 'voice-only', but in the course of the call, the users
may need to enable a video function. A third party joining a call may

require different features to be enabled in order to participate in the

call
Media negotiation: The inherent SIP mechanisms that enable
negotiation of the media used in a call, enable selection of the
appropriate codec for establishing a call between the various devices.
This way, less advanced devices can participate in the call, provided
the appropriate codec is selected.

TRANSPORT LAYER
Hybrid Transport Layer Security Protocol
TLS (Transport Layer Security) protocol supports reliable transport layer
protocols (e.g. TCP, Multipath TCP, SCTP, RUDP) is made up of two main
components:

Record protocol for data transfer

Handshake protocol provides private and reliable data transmission and
connection security.

Nevertheless, complete end-to-end security is not given in wireless

telecommunication networks even if the data is encrypted. WLTS, which is based on
TLS, provides this missing element of TLS for WAP applications. It is composed of
the record protocol which,

takes messages to be transmitted,

optionally compresses data,
Applies MACs (message authentication code), encrypts and transmits
data, and the opposite.

Four record sub-protocols exist such as

The handshake protocol produces the cryptographic parameters;

The change cipher spec protocol deals with ciphering strategies;
The alert protocol is used to inform the peers that the secure connection is
ending. It also determines the level of error in the secure connection and
provides a description of the error to the peers in the termination of the
connection;
The application data protocol is used to exchange data between peers.

Based on TLS and WTLS, HTLS is also a layered protocol which basically has to
functions:

accepts data for transmission and

compresses and encrypts the said data

Same as WTLS, HTLS is also composed of HTLS record protocol which is further
divided into six sub-protocols; the handshake protocol, the cipher protocol,
the alert protocol,
the
group control protocol ,
the
encryption synchronization protocol and the application data protocol.
In the record protocol, the end applications share a secret key and public key
pair and are identified as either client or server. Data can be encrypted using either
single or multiple encryptions when symmetric and asymmetric key algorithms are
chosen. MAC and compression algorithms are defined and random bytes are
assigned to both client and server. The HTLS record protocol parameters are
received by the handshake protocol.
Record fragmentation, compression, decompression and data protection follow
the same principle as in WTLS. However, the HTLS record protocol supports multiple
encryptions at this level. Messages can be encrypted with symmetric and
asymmetric key encryption when there is high sensitivity of data. In such
circumstances, the message is first encrypted with a symmetric key algorithm and
then with an asymmetric key algorithm, similar to the certificate
generation/verification process.
The HTLS handshake protocol is responsible for negotiating a secure session.
It is composed of four sub protocols, which are used to allow both parties to agree
upon security parameters for the record layer, to authenticate each other and to
report error conditions to each other. The parameters are as shown in Table 1.

Table 1: HTLS Handshake Protocol Security Parameters

The start messages are used by the client and the server to agree on a protocol
version, session identification, authentication type and exchange information such
as random numbers, public and secret keys, and performance parameters.

Figure 6: HTLS Handshake Protocol and Cipher Protocol

The cipher protocol consists of a single encrypted message (or cipher spec)
which is sent to the end application either by the client or the server. It can be sent
during the handshake or the data transfer phase. When it arrives, the sender waits
for a response and the receiver initializes or updates the secure parameters.
The alert protocol translates the severity of messages and gives a description
of the alert. It consists of two parameters:

alert type (fatal and critical)

alert description

Figure 7: HTLS Alert Protocol

Alert messages results in the immediate termination of the secure connection as
shown in the figure above. In the case of fatal alert, the session identifier must be
invalidated, to avoid failed secure session from being used to establish new secure
connections while critical alerts may preserve session identifiers to be used for new
secure connections.
The group control protocol enables HTLS to support real time secure audio or
video transmission among three or more parties and can be used to identify
possible group sessions that can be established later on assuming that a secure
connection has been established. When a third party wishes to join a secure
session, the start, group and end messages are exchanged between the client and
server, as shown in the figure below.

Figure 8: HTLS Group Control Protocol

Initially, the server is synchronized to an incoming encrypted data stream.

During transmission, the encryption synchronization protocol maintains
synchronization to the incoming encrypted data stream after the initial
synchronization. It consists of a single message, synchronization which is sent
periodically to the server as shown in the figure below.

Figure 9: HTLS Encryption Synchronization Protocol

When the client wishes to resume a secure session, it sends a client start
message using the session ID. The server then checks its secure session cache for a
match. If a match is found and the session is can be resumed, then the server could
re-establish the secure session by sending the server start message with the same
session ID. The server sends a cipher spec message. Once the re-establishment is
complete, the client and server can start the exchange application data.
The application data protocol will be responsible for delivering correct
information to the end applications and for identifying changes to it. Unlike TLS and
WTLS, HTLS performs integrity check on the sent or received information even on
established secure connections.
Allowing anonymous connections to be established can be very risky
because anonymous authentication increases the chances for intruder-in-the-middle
attacks. Both the client and the server should always authenticate each other
before a key exchange for intruder attacks. Currently, in WTLS request for certificate
of authentication is optional for the client unlike in HTLS which needs authentication
from both client and server.

INTERNET LAYER
The Internet layer in the TCP/IP reference model is responsible for
transferring data between the source and destination computers. The
Internet layer accepts data from the Transport layer and passes the data to
the Network Interface layer. The following are the functions of the Internet
layer:

Transmitting data to the Network Interface layer.

Routing the data to the correct destination. This layer takes care
of sending the data through the shortest route if more than one
route is available. In addition, if a route through which a
datagram is to be sent has problems, the datagram is sent
through an alternate route.

The IP (Internet Protocol) is a protocol that uses datagrams to communicate

over a packet-switched network. The IP protocol operates at the network
layer protocol of the OSI reference model and is a part of a suite
of protocols known as TCP/IP. Today, with over 1.5 billion users worldwide, the

current Internet is a great success in terms of connecting people and

communities. Even though the current Internet continues to work and is
capable of fulfilling its current missions, a condition where technological
innovation meets natural resistance, as exemplified by the current lack of
wide deployment of technologies such as multicast or Internet Protocol
version 6 (IPv6).
The Internetwork Protocol (IP) [RFC791] provides a best effort network layer
service for connecting computers to form a computer network. Each
computer is identified by one or more globally unique IP addresses. The
network layer PDUs are known as either "packets" or "datagrams". Each
packet carries the IP address of the sending computer and also the address
of the intended recipient or recipients of the packet. Other management
information is also carried.
The IP network service transmits datagrams between intermediate nodes
using IP routers. The routers themselves are simple, since no information is
stored concerning the datagrams which are forwarded on a link. The most
complex part of an IP router is concerned with determining the optimum link
to use to reach each destination in a network. This process is known as
"routing". Although this process is computationally intensive, it is only
performed at periodic intervals.
An IP network normally uses a dynamic routing protocol to find alternate
routes whenever a link becomes unavailable. This provides considerable
robustness from the failure of either links or routers, but does not
guarantee reliable delivery. Some applications are happy with this basic
service and use a simple transport protocol known as the User Datagram
Protocol (UDP) to access this best effort service.
Most Internet users need additional functions such as end-to-end error and
sequence control to give a reliable service (equivalent to that provided by
virtual circuits). This reliability is provided by the Transmission Control
Protocol (TCP) which is used end-to-end across the Internet.
In a LAN environment, the protocol is normally carried by Ethernet, but for
long distance links, other link protocols using fibre optic links are usually
used. Other protocols associated with the IP network layer are the Internet
Control Message Protocol (ICMP) and the Address Resolution Protocol (ARP).

Figure 10: Internet protocols span the complete range of OSI model layers.

Internet Protocol Version 6 (IPv6)

IPv6 is the next generation protocol for the Internet. It addresses the main
problem of IPv4 (Internet Protocol Version 4) which is the exhaustion of
addresses to connect computers or host in a packet-switched network. IPv6
has a very large address space and consists of 128 bits as compared to 32
bits in IPv4.
Therefore, it is now possible to support 2^128 unique IP addresses, a
substantial increase in number of computers that can be addressed with the
help of IPv6 addressing scheme. In addition, this addressing scheme will also
eliminate the need of NAT (network address translation) that causes several
networking problems (such as hiding multiple hosts behind pool of IP
addresses) in end-to-end nature of the Internet.

Quality of Service (QoS)

IPv6 brings quality of service that is required for several new applications
such as IP telephony, video/audio, interactive games or ecommerce.
Whereas IPv4 is a best effort service, IPv6 ensures QoS, a set of service
requirements to deliver performance guarantee while transporting traffic
over the network.
For networking traffic, the quality refers to data loss, latency (jitter) or
bandwidth. In order to implement QoS marking, IPv6 provides a traffic-class
field (8 bits) in the IPv6 header. It also has a 20-bit flow label.
Mobile IPv6
This feature ensures transport layer connection survivability and allows a
computer or a host to remain reachable regardless of its location in an IPv6
network and, in effect, ensures transport layer connection survivability.
With the help of Mobile IPv6, even though the mobile node changes locations
and addresses, the existing connections through which the mobile node is
communicating are maintained. To accomplish this, connections to mobile
nodes are made with a specific address that is always assigned to the mobile
node, and through which the mobile node is always reachable. This feature is
documented in RFC 3775.

NETWORK INTERFACE / NETWORK ACCESS

LAYER
The Network Access Layer of the TCP/IP model is associated with the Physical
Layer (Layer 1) and the Data Link layer (Layer 2) of the OSI model. The
Network Access Layer's function is to move bits (0s and 1s) over the network
medium.
The Network Access Layer is often ignored by users. The design of TCP/IP
hides the function of the lower layers, and the better known protocols (IP,
TCP, UDP, etc.) are all higher-level protocols. As new hardware technologies
appear, new Network Access protocols must be developed so that TCP/IP
networks can use the new hardware. Consequently, there are many access
protocols - one for each physical network standard.

Functions performed at this level include encapsulation of IP datagrams into

the frames transmitted by the network, and mapping of IP addresses to the
physical addresses used by the network. One of TCP/IP's strengths is its
universal addressing scheme. The IP address must be converted into an
address that is appropriate for the physical network over which the datagram
is transmitted.
The OSI Physical layer is responsible for converting the frame into a stream
of bits suitable for the transmission medium. The OSI Physical layer manages
and synchronizes signals for the actual transmission. On the destination
device, the Physical layer reassembles these signals into a data frame.
The OSI Data Link layer is again subdivided into the following two sub layers
according to their function:
Media Access Control (MAC) Sublayer: MAC sublayer provides an
interface with the network adapter.
Logical Link Control (LLC) Sublayer: LLC sublayer is responsible for
error-checking functions for frames delivered also responsible for
managing links between communicating devices.
Structure of an Ethernet Frame
The data packets from Internet Layer are moved to Network Access Layer as
it moves down the TCP/IP protocol stack. There is a size limitation for
Ethernet Frame. The total size of the ethernet frame must be between 64
bytes and 1,518 bytes (not including the preamble). Network Access Layer
Breaks Internet Layer data (IP Datagram) into smaller chunks, if necessary,
which will become the payload of ethernet frames. A Frame includes data to
be transmitted and also a header and a trailer which contain information that
the network adapters on the ethernet need to process the frame.

The total size of the ethernet frame must be between 64 bytes and 1,518
bytes (not including the preamble). A frame shorter than the minimum 64
bytes but with a valid CRC is called as a runt. In most cases, such frames
arise from a collision. Any frame which is received and which is greater than
the maximum frame size, is called a "giant". A "giant" is longer than 1518
bytes yet have a valid CRC. Both runts and giants are considered as invalid.

Figure
11: Structure of an Ethernet Frame

Preamble: A sequence of 56 bits having alternating 1 and 0 values that are

used for synchronization. They serve to give components in the network time
to detect the presence of a signal, and being reading the signal before the
frame data arrives.
SFD (Start Frame Delimiter): A sequence of 8 bits having the bit configuration
10101011 that indicates the start of the frame.
Source and Destination MAC Addresses: The Source MAC Address is the MAC
Address of the device this frame is coming from. The Destination MAC
Address is the MAC Address of the device which is going to receive this
frame. Both of these fields are 6 bytes long.
MAC address (Layer 2 addresses, physical address or hardware address) is a
universally unique identifier, permanently burned in the network card. For
Ethernet and Token Ring, these addresses are 48 bits, or six octets (bytes).
MAC Addresses are represented in hexadecimal characters because
hexadecimal format is easier for humans to read when compared with the
binary format. One hexadecimal digit resembles a group of four contiguous
binary bits, called a nibble. An example representation of MAC address is
AA.F0.C1.E8.13.40.
Length/Type: A 2-byte (16-bit) field contains the number of bytes in the Data
field or the nature of the MAC client protocol.
Data: This field contains the actual data transferred from the source device
to the destination device. The maximum size of this field is 1500 bytes. If the
size of this field is less than 46 bytes, then use of the subsequent "Pad" field
is necessary to bring the frame size up to the minimum length.
Two examples of RFCs that define network access layer protocols are:

RFC 826, Address Resolution Protocol (ARP), which maps IP addresses

to Ethernet addresses

RFC 894, A Standard for the Transmission of IP Datagrams over

Ethernet Networks, which specifies how IP datagrams are encapsulated
for transmission over Ethernet networks

Address Resolution Protocol:

ARP stands for Address Resolution Protocol. When you try to ping an IP
address on your local network, say 192.168.1.1, your system has to turn the
IP address 192.168.1.1 into a MAC address. This involves using ARP to
resolve the address, hence its name.
Systems keep an ARP look-up table where they store information about what
IP addresses are associated with what MAC addresses. When trying to send a
packet to an IP address, the system will first consult this table to see if it
already knows the MAC address. If there is a value cached, ARP is not used.
A Standard for the Transmission of IP Datagrams over Ethernet Networks:
This RFC specifies a standard method of encapsulating Internet Protocol (IP)
datagrams on an Ethernet. This RFC specifies a standard protocol for the
ARPA-Internet community.

Sources:
http://www.janding.fi/iiro/papers/SSI%20protocol
%20specification_12.pdf
http://www.voip-info.org/wiki/view/SIP
http://moodle.cs.ucy.ac.cy/pluginfile.php?file=
%2F7468%2Fmod_resource%2Fcontent%2F0%2FHTLS.pdf
http://fab.cba.mit.edu/classes/MIT/961.04/people/neil/ip.pdf
http://www.omnisecu.com/tcpip/network-access-layer.php
http://www.tummy.com/articles/networking-basics-how-arp-works/