For many years we have seen the growth of internet and its good and bad use. This article is not commenting on that, but on the paper "The Design Philosophy of the DARPA Internet Protocols" David D. Clark* SIGCOMM ‘88.
I did this as a part of my course work, but felt to make it available for others also. Feel free to comment on my review, so that I can improve it.
DARPA started the project of ARPANET on 1966 for reliable communication between two geographically separated “hosts”. They came up with packet switching instead of circuit switching, which uses store and forward technique for reliability compared to dedicated circuit switching. In 1970’s it was aimed to use services remotely using Telecommunication Networks protocol (TELNET) which ran above a 3 layer ARPANET protocol.(HOST/IMP, HOST/HOST and ICP) . The architecture proposed in 1974 by Robert Kahn and Vinton G Cerf used the term TCP as a protocol which used to mask any heterogeneity present in the underlying network architecture. The TCP has to address fragmentation, reassembly, reliable delivery with retransmission, routing and multiplexing. Notion of Gateway is used to transmit data between heterogeneous networks and unique addressing scheme was proposed to address end host nodes. It does not contain the notion of IP or internet protocol.
The paper by Clark describes the incorporation of “IP” or internet protocol which is used for unreliable packet transmission through available route. The end to end addressing is done by IP. Fragmentation and reassembly and virtual end to end connection retained in TCP. The reason of split was TCP will handle reliable sequencing of streams while IP attempt to provide basic building block “packet” to incorporate various service offered by higher layers.
The assumption was that TCP/IP is not suitable for real time data transmission systems such as voice traffic, since network does not define maximum end to end delay. Also the cross network debugger was removed from TCP/IP since it is not feasible through the unreliable IP with heterogeneous networks. Thus it’s the application designer’s job to do the debugging.
The idea of fate sharing, describes how “best effort” algorithm works. The design says, IP or intermediate gateway should not have any information about connections made by upper layer. Thus, the fragmented packets are reassembled by TCP at end host to deliver to an application.
The TCP/IP protocol architecture was evolved from practical issues faced during its development in ARPANET and later NSFNET. Thus it avoided the overhead caused by the 7 layer architecture. Comparing the same with 7 layer OSI, the visible difference in session and presentation logic as a full stack of protocols does not exist. Instead session management and presentation logic is made part of application layer. Thus TCP/IP was optimized in design which proved to be successful over other competing technologies of that age such as SNA by IBM and X.25.
However the design had a set of assumptions which ignored the end to end security. It is highly unlikely for a military application framework ignored such an important issue. There was no thought of implementing security at application level, since the applications Telnet, SMTP POP or FTP which was applications designed at that time, never had any security mechanisms. Anyone can wiretap the information, do any damage, still can hide since route information is never preserved. According to the design, the TCP uses sequence numbers, which can be generated using API creating. The IP source routing method was another flaw which make an attacker to re route the traffic to his machine. The routing protocol does not check the authenticity of the route information received. The management services in TCP/IP were poor in design which made it practically difficult to manage huge networks.
If the TCP/IP had incorporated a kernel level security module which uses PKI(Public Key Infrastructure) which can be used if an application needs security, it might have been much better. PKI was proposed in 1976 and in 1977 RSA algorithm was proposed. This paper and TCP/IP development was in 1982-87 where there were enough methodologies available to at least propose a security layer.
The architecture could have standardization in the service offered such as ISP and gateway should check, the ip forwarded is of its own network, which could have saved much threats including DoS and DDoS. Instead, for faster growth with competition the TCP/IP did not do it. The design goals does not took the fact who could be future users, when they expected faster growth in this kind of communication technology. Thus even now the SMTP and FTP servers run with plain text mechanisms
--------------------------------------
Other References:
CERF and Kahn : A Protocol for Packet network inter communication IEEE 1974
S M Bellovin Security problems in TCP/IP protocol suite ACM 1989
Davidson et al The ARPANET TELNET protocol IEEE 1974
No comments:
Post a Comment