D.

THE TCP/IP REFERENCE MODEL

Aims and Learning Outcomes
That students can:
1. Define the TCP/IP reference model
2. Enumerate layers of TCP/IP model and explain the function of
each layer.
3. Explain how the data flow from sender to receiver in each Layer
of the TCP/IP model.
4. Explain the difference between OSI and TCP/IP model.
5. Identify the different computer network security threats that
affects the network data privacy.

There are two common models or "sets of standards" used in our

common network today. This is the OSI and TCP / IP. The OSI reference
model and the TCP/IP model are two open standard networking models that
are very similar.
Now, it only focuses on TCP / IP model because it is the standard
used in network communication today (especially on the internet). But we
need to understand first OSI model to make it easier and faster for us to
understand TCP / IP model.

The purpose of TCP/IP model is to allow communication over large

distances. TCP/IP stands for Transmission Control Protocol/ Internet
Protocol. It is developed by ARPANET (Advanced Research Project
Agency Network).

Like the OSI model, TCP / IP also consists of different layers or sets
of standards to organize and make communication easier for vendors and
manufacturers.

Vendors and manufacturers follow this standard so that networking

devices "meet and talk" even from different manufacturers or vendors.

For example, a computer running on Windows operating system

(from Microsoft) has the ability to communicate with a Mac computer
(manufactured by Apple).They can be connected in the network through a
network switch. They can be connected via cable or wireless where they
are also compatible even if they were created by different vendors. They
can communicate, meet and understand each other by following certain
standards and protocols such as TCP / IP.
 TCP/IP 4 Layers

Figure: Comparison between TCP/IP and OSI models

Layer 4: Application Layer

The Application Layer of the TCP/IP Model consists of various

protocols that perform all the functions of the upper layer of the OSI model
(Application, Presentation and Session layers). This includes interaction
with the application, data translation and encoding, dialogue control and
communication coordination between systems.

The following are few of the most common Application Layer protocols used today:

HTTP: HTTP stands for Hypertext transfer protocol, it allows the user to
interact with World Wide Web through the browser application. It is used to
transfer Webpages and such resources from the Web Server or HTTP
server to the Web Client or the HTTP client. When you use a web browser
such as Internet Explorer or Firefox, you are using a web client. It uses
HTTP to transfer web pages that you request from the remote servers.
 FTP: FTP stands for File Transfer Protocol. This protocol is used for
transmitting files from one system to another system. Just like telnet and
HTTP, one host runs the FTP server application (or daemon) and is called
the FTP server while the FTP client runs the FTP client application. A client
connecting to the FTP server may be required to authenticate before being
given access to the file structure. Once authenticated, the client can view
directory listings, get and send files, and perform some other file related
functions. Just like telnet, the FTP client application available in most
operating systems is called ftp.

TELNET: TELNET is a client-server protocol. It is a reliable connection

oriented protocol. This protocol is used on internet or on LAN to provide a
bidirectional (both ways) text based communication through a virtual
terminal connection. A host, called the Telnet server, runs a telnet server
application (or daemon in Unix terms) that receives a connection from a
remote host called the Telnet client. This connection is presented to the
operating system of the telnet server as though it is a terminal connection
connected directly

DNS: DNS stands for Domain Name System. Each computer on a network
has different IP address, a computer is known by its IP address. DNS
provides a mapping to a name to the IP Address so a name can be used to
identify a system on network rather than IP address itself.

SNMP: SNMP stands for Simple Network Management Protocol. It

managers the devices connected to the internet using TCP/IP protocol.

SMTP: SMTP stands for Simple mail transfer protocol. It is used for email
services, using this protocol a email containing data can be sent to another
email address.

DHCP – As you know, every host requires a logical address such as an IP

address to communicate in a network. The host gets this logical address
either by manual configuration or by a protocol such as Dynamic Host
Configuration Protocol (DHCP). Using DHCP, a host can be provided with
an IP address automatically. To understand the importance of DHCP,
imagine having to manage 5000 hosts in a network and assigning them IP
address manually! Apart from the IP address, a host needs other
information such as the address of the DNS server it needs to contact to
resolve names, gateways, subnet masks, etc. DHCP can be used to provide
all these information along with the IP address.

Layer 3: Transport Layer

The transport layer is responsible for the reliability, flow control, and
correction of data which is being sent over the network.
 Transport layer in TCP/Model can be represented by three protocols:
Transmission control protocol (TCP), User data gram protocol (UDP) and
Stream Control Transmission Protocol (SCTP).
These three protocols in transport layer are responsible for delivery
of messages from one process to another. The SCTP protocol was later
introduced to meet the needs of newer applications.

User Datagram protocol (UDP)

1. UDP is a process to process protocol used for data transmission.
2. It takes the data from upper layer of TCP/IP Model and adds
following information to the data:

a) Port Address – Source port address of 16 bits and

destination port address of 16 bits added to the data so that it
reaches to correct destination and displays the correct source
of data.
b) Checksum error control – 16 bits of checksum data is
added to the data received from upper layer, this is used for
error control.
c) Length of data – Length defines the total bytes of data in
datagram.
3. Although this protocol finds the error in the transmission of
data, it doesn’t specify the error which makes it hard to identify
the actual error in transmission.

Transmission control protocol (TCP)

1. Unlike UDP which is a connectionless protocol, the TCP is a
connection oriented protocol.
2. A connection must be made between sender and receiver
before the transmission of data.
3. TCP protocol divides the data in small units called segments.
Each segment contains the sequence number which makes it
possible to rearrange the segments in correct order at the
receiver side to make the complete data.
4. It also adds acknowledgement number to the segments to
verify that the data is actually reached its destination or not.
5. Unlike UDP which is unable to specify the exact error in
transmission, this protocol does error control and specifies the
exact error which makes TCP a reliable protocol.
Stream Control Transmission Protocol (SCTP)
1. This protocol combines the best features of TCP and UDP
protocols.
2. It was discovered later to support newer applications such as
voice data transmission over the internet.
Layer 2: Internet Layer

Once TCP and UDP have segmented the data and have added their
headers, they send the segment down to the Network layer. The internet
layer handles the logical addresses IP address used by routers to determine
the path from sending device to the receiving device. Using the source and
destination IP addresses, routers know where to drop or where to send data
or 'packets "from the source to the destination. It is the task of the Internet
Layer to ensure that the segment is moved across the networks to the
destination network.

The Internet layer of the TCP/IP model corresponds to the Network

layer of the OSI reference model in function. It provides logical addressing,
path determination and forwarding.

The Internet Protocol (IP) is the most common protocol that provides
these services. Also working at this layer are routing protocols which help
routers learn about different networks they can reach and the Internet
Control Message Protocol (ICMP) that is used to send error messages
across at this layer. Address Resolution Protocol (ARP) is a network layer
protocol which is used to find the physical address from the IP address.

Layer 1: Network Access layer

The Network Access layer of the TCP/IP model corresponds with the Data
Link and Physical layers of the OSI reference model. It defines the protocols and
hardware required to connect a host to a physical network and to deliver data
across it. Packets from the Internet layer are sent down the Network Access layer
for delivery within the physical network. The destination can be another host in the
network, itself, or a router for further forwarding. So the Internet layer has a view
of the entire Internetwork whereas the Network Access layer is limited to the
physical layer boundary. It defines how the data should be sent physically through
the network. This layer is mainly responsible for the transmission of the data
between two devices on the same network.
COMPUTER NETWORK SECURITY
During initial days of internet, its use was limited to military and universities
for research and development purpose. Later when all networks merged together
and formed internet, the data used to travel through public transit network.
Common people may send the data that can be highly sensitive such as their bank
credentials, username and passwords, personal documents, online shopping
details, or confidential documents.
All security threats are intentional i.e. they occur only if intentionally
triggered. Security threats can be divided into the following categories:
Interruption
Interruption is a security threat in which availability of resources is
attacked.
For example, a user is unable to access its web-server or the web-
server is hijacked.
Privacy-Breach
In this threat, the privacy of a user is compromised. Someone, who
is not the authorized person is accessing or intercepting data sent or
received by the original authenticated user.
Integrity
This type of threat includes any alteration or modification in the
original context of communication. The attacker intercepts and receives the
data sent by the sender and the attacker then either modifies or generates
false data and sends to the receiver. The receiver receives the data
assuming that it is being sent by the original Sender.
Authenticity
This threat occurs when an attacker or a security violator poses as a
genuine person and accesses the resources or communicates with other
genuine users.
No technique in the present world can provide 100% security. But
steps can be taken to secure data while it travels in unsecured network or
internet. The most widely used technique is Cryptography.
Cryptography is a technique to encrypt the plain-text data which
makes it difficult to understand and interpret. There are several
cryptographic algorithms available present day as described below:
 Secret Key
 Public Key
 Message Digest

 Secret Key Encryption

Both sender and receiver have one secret key. This secret
key is used to encrypt the data at sender’s end. After the data is
encrypted, it is sent on the public domain to the receiver. Because
the receiver knows and has the Secret Key, the encrypted data
packets can easily be decrypted.
 Example of secret key encryption is Data Encryption
Standard (DES). In Secret Key encryption, it is required to have a
separate key for each host on the network making it difficult to
manage.
 Public Key Encryption
In this encryption system, every user has its own Secret Key
and it is not in the shared domain. The secret key is never revealed
on public domain. Along with secret key, every user has its own but
public key. Public key is always made public and is used by Senders
to encrypt the data. When the user receives the encrypted data, he
can easily decrypt it by using its own Secret Key.
Example of public key encryption is Rivest-Shamir-Adleman (RSA)..

 Message Digest
In this method, actual data is not sent; instead a hash value is
calculated and sent. The other end user, computes its own hash
value and compares with the one just received. If both hash values
are matched, then it is accepted; otherwise rejected.
Example of Message Digest is MD5 hashing. It is mostly used
in authentication where user password is cross checked with the one
saved on the server.