How the Internet Works

Packets, TCP, TLS, proxies, and security

What is the Internet?

What is the Internet?

"The internet is a copy machine. At its most foundational level, it copies every action, every character, every thought we make while we ride upon it."

- Kevin Kelly

Designing the Internet

Early computers looked like this:

​

Designing the Internet

Imagine you are a programmer in 1970 who wants to share information between 10 computers spread around the country.

• How would you send the information?
• How could the computer on the other side understand it?

​

Early Modems

Message Passing Activity

Twitter Server

Wikipedia Server

Users

Everyone else is a router

Message Passing Activity

Router Rules

1. No talking
2. Can only have one envelope at a time
3. Must pass the envelope to a neighbor

How this works on the Internet

Information is broken into packets, and addressed with a header (IP Address)

Packets are sent to routers, who send them to other routers they are connected to

Finally, the packets reach their destination, and are assembled

Different packets may take different routes

• Traceroute shows the path taken to get from A to B

​

From https://en.wikipedia.org/wiki/Packet_switching

Making things more interesting

We're going to run the simulation again, this time with a few routers that have different rules.

For everyone else, the rules are the same:

• No talking
• Must pass packets to an adjacent "machine"

Questions

• What information did routers need?
• How did routers deal with broken nodes or congestion?
• Who decided to change the path you used?
• What problems did we have?

Transport Layer

In groups of 3-4, discuss:�

How could we fix the problem of broken/missing routers?

Hints:

1. No router or endpoint can tell when/whether another will stop working.
2. Messages are really just "copies" - and can be sent multiple times

​

How TCP works

Solves 2 problems: transportation and assembly

• Each packet is numbered
• When an endpoint receives a packet, it sends back an ACK (acknowledgement) with the next packet it expects
• If it receives a packet out of order, it resends the last ACK to notify that a packet was lost
• Sending nodes then resend the packet again
• Once all packets are received, they can be assembled based on the numbering

Note: TCP guarantees that all packets are received; other protocols like UDP prioritize speed over completeness

Uploading a Picture, now with ACKs

Security

User A requests User B's photo on Instagram, but they aren't friends

What happens? Where in the network are those decisions made?

Server-side Security

The server makes decisions about who gets what data

Authentication: You are who you say you are

Authorization: You are allowed to see what you requested

​

Users send their user name and password, and then sites send them an “authentication cookie”, which they send with subsequent packets.

Downloading with cookies!

Is Server-side Security all we need?

Is Server-side Security all we need?

• What were the vulnerabilities?
• How could we avoid them?

SSL/TLS

If two nodes had a box and two locks, how could they send messages privately?

They need to:

• Know who sent the message
• Be sure that no one else saw or copied it along the way

One More Problem

There is still one problem with this system that we haven't solved. What is it?

​

The addresses on an envelope can be compromising, even if you don't know what's in it

​

What are some potential solutions?

Proxies, VPN, and Tor

Proxies - deal between you and a router to rewrite the "return" address to their address, and then forward packets back to you

VPN - similar to a proxy, but traffic is encrypted before it's sent to the proxy

Tor - many proxies in the middle, with a random route chosen between them, and multiple layers of encryption

Other Internet Tech

With our intuitive understanding of how the underlying internet works, we can grasp how these work:

DDOS

HTTP

HTML/CSS

More Layers!

​

​

​

​

​

​

​

From Wikipedia

The Final Problem

There is still a major security flaw with the modern Internet, that even Tor can't solve�

PEBKAC

Instead of attacking the infrastructure or protocols, attackers focus on people.

​

Examples

• Password Hacking
• Spam
• Phishing
• Fraud
• Disinformation