7-Lecture. Protocols for forming protected channels at the channel and session levels

Channel layer

2

ISO OSI model’s second-layer is the channel layer. This layer frames the data, controls data synchronization, identifies data receivers, and controls the physical layer.

Channel layer

Protocols

Two examples of this layer are point-to-point network protocols (SLIP and PPP) and multi-code address protocols (MAC and ARP).

Channel session – protocols

3

4/12/2021

SDLC (Synchronous Data Link Control) – software protocols for managing data produced by IBM . It operates through the Data Link layer (layer 2) of the OSI model and is designed for protocols that handle data between nodes in a network.

SDLC features:

1. Synchronous protocol – Requires data recovery, i.e., signaling.
2. Bit-oriented protocol – Transmits frames as a sequence of bits.
3. Point-to-Point and Multipoint support – SDLC supports communication from one point to another and from one point to multiple points.
4. Founder of HDLC (High-Level Data Link Control) – The SDLC standard was ISO‑standardized and formed the basis of the HDLC protocol.
5. In network architectures – in IBM’s SNA (Systems Network Architecture) systems. SDLC is a data link protocol developed by IBM for reliable data verification.

Operational modes of the SDLC protocol:

• Normal Response Mode (NRM) – the primary node (first) controls, while secondary nodes (second-level) respond when a request is made.
• Asynchronous Balanced Mode (ABM) – Both nodes can independently transmit information.
• Asynchronous Response Mode (ARM) – The secondary node is managed as the primary node, but can respond independently.

Where the SDLC protocol is used:

• In IBM systems
• In banks and branches
• In telecommunications networks
• In industrial automation systems

HDLC (High-Level Data Link Control) protocol

HDLC (High-Level Data Link Control) is a model and bit‑oriented network protocol developed for ISO, operating at layer 2 (Data Link Layer) of the OSI model. HDLC is a data link control protocol that provides secure, reliable, and efficient data transmission.

Features of the HDLC protocol

1. Bit‑oriented protocol – Data is transmitted as a sequence of bits.
2. Synchronous data transmission – Data is transmitted synchronously, requiring signaling.
3. Inclusion in digital networks – To obtain reliable data exchange between various nodes in the network.
4. Standardized version of SDLC – While SDLC is designed only for IBM systems, HDLC is an open standard that can be implemented in various ways.
5. Frame structure – HDLC transmits and controls data in frames.

Operating modes of the HDLC protocol

HDLC has three operating modes:

1. Normal response mode
1. The primary node (primary) plays the controller role.
2. The secondary node can respond only when the primary node requests.
3. In more centralized devices.
2. Asynchronous balanced mode

Both nodes can send and receive data independently.

• In P2P (peer-to-peer) devices.

3. Asynchronous response mode

• The secondary node can also respond independently of the primary.
• However, the primary node still controls the network.
• Rare mode.

SLIP (Serial Line Internet Protocol) protocol

SLIP (Serial Line Internet Protocol) – Internet Protocol (IP) packets over serial lines – this protocol, created in 1984, was used for transmitting IP packets primarily via modems and serial connections. SLIP is a very simple, but outdated IP packet transmission protocol designed for serial line communication.

Key features of SLIP

1. Simplicity – Very simple structure, used only for transmitting IP packets.
2. Small overhead – Packets add minimal header information, placing little load on the network.
3. IP packets only – Supports only the IP protocol, does not work with other protocols.
4. No error correction – SLIP provides no mechanism for error correction or detection.
5. Operates over serial communication – SLIP works mainly over RS-232 ports and modems.

SLIP protocol

✅ Advantages:

✔ Simple and lightweight – SLIP protocol is very minimalistic and requires no resources. ✔ Supports serial connections Works on modems and RS-232 interfaces. ✔ Low overhead – Because no additional control information is added,

❌ Disadvantages:

❌ Only supports IP – Other protocols such as ARP, ICMP, PPP cannot be used. ❌ No error detection mechanism – Does not check for errors on the IP line, which may lead to data loss. ❌ No dynamic IP addressing or authentication – SLIP cannot automatically assign IP addresses or perform authentication. ❌ Packet security not defined – The receiving side must implement its own mechanisms to understand IP packets.

Usage of the SLIP protocol

SLIP is an outdated protocol and is not used now. However it was widely used in the past :

• Modem and dial‑up internet connections (in the 80s‑90s)
• For small network devices via IP
• Sending IP packets over serial links

Nowadays PPP (Point-to-Point Protocol) has taken the place of SLIP, because PPP: ✔ Has error detection and framing mechanisms ✔ Supports other protocols as well ✔ Provides authentication and encryption.

Comparison of IP and IPX

PPP (Point-to-Point Protocol)

PPP (Point-to-Point Protocol) – a protocol for transmitting data between network nodes and asynchronous, operating at the OSI Layer 2 (Data Link Layer). PPP is a reliable and efficient protocol for carrying IP, IPX and other protocols over serial communication lines.

PPP establishes a connection between network nodes, transmits data and manages the links.

PPP operates in three phases:

1. Link Establishment
1. Establishing the link via LCP (Link Control Protocol).
2. Negotiation of how both PPP frames will cooperate.
2. Network Layer Protocol Configuration
• Configuration of protocols such as IP, IPX, AppleTalk via NCP (Network Control Protocol).
3. Media and devices are configured accordingly.
• Data is transmitted and authentication is performed.
• After the communication ends, the line is closed.

PPP authentication protocols

PPP uses two authentication methods for its operation:

1. PAP (Password Authentication Protocol)
1. Transmits the username and password in clear text.
2. Weak security, but a simple method.
2. CHAP (Challenge Handshake Authentication Protocol)
• It is verified, because the password is encrypted.
• The server sends a "challenge" (problem) to the program, which returns a response encoded with a special hash algorithm.

LCP (Link Control Protocol)

LCP (Link Control Protocol) – is a part of PPP (Point-to-Point Protocol) and serves as the protocol used to configure, control, and terminate PPP connections. LCP operates in the first phase of a PPP connection and ensures that the connection works correctly. It has control over establishing, configuring, managing quality and termination of PPP connections and provides authentication and error control to improve reliability.

Main functions of LCP

✅ Establish and configure PPP connection�✅ Verify compatibility of network devices�✅ Negotiate authentication method �✅ Detect and control errors�✅ Monitor link quality and close broken connections

How does LCP work?

LCP is the initial phase of a PPP connection and operates in three main stages:

1. Establishing the connection

PPP devices start the connection.

• LCP "Configure-Request" frames are sent to negotiate connection parameters.
• If the parameters match, the devices acknowledge with "Configure-Ack".

2. Checking connection quality

• LCP checks the network quality and for any interruptions.
• If the connection is poor, it is terminated via "Terminate Request".

3. Closing the connection

• If the connection needs to be ended, a "Terminate-Request" message is sent.
• When a "Terminate-Ack" is received from the other side, the PPP connection is closed.

LCP's authentication management

LCP defines the following methods for authenticating the user in a PPP connection:

• PAP (Password Authentication Protocol) – Login and password are sent in clear text (not secure).
• CHAP (Challenge Handshake Authentication Protocol) – Password is verified in a hashed form (more secure).

LCP negotiates which authentication method will be used during the connection.

Difference between LCP and PPP

​

LAP (Link Access Procedure)

LAP Access Procedure – this is a family of protocols for implementing data, which operates in the second layer (Data Link Layer) of the OSI model. LAP is a family of data link control protocols based on HDLC.

Protocols belonging to LAP

There are several types of LAP, each with different technology sources:

1. LAPB (link access procedure, balanced)
1. Used in devices in X.25 packet-switched networks.
2. Based on HDLC.
3. Both nodes operate in balanced mode.
4. Includes error control and flow control.
2. LAPD (link access procedure for D channel)
• Used on the D channel of ISDN networks.
• Designed for signaling (control signaling).
• Has mechanisms for error and packet recovery.

​

3. LAPM (Connection establishment procedure for modems)

• Equipment for protecting data transmitted via modems from errors .
• V.42 standard operates based on.
• For error detection and control using the ARQ (Automatic Repeat reQuest) mechanism .

4. LAPF (Connection establishment procedure for Frame Relay)

• In the Frame Relay interface .
• Implemented based on HDLC.
• Designed for fast and efficient data processing .

• LAP is a family of data link control protocols developed based on HDLC.
• Used in various segments such as X.25, ISDN, modem, and Frame Relay networks.
• Functions such as error detection and control, transmission control, and reliable data management.

Difference between LAPB and LAPD

​

NCP (Network Control Protocol)

NCP (Network Control Protocol) – is PPP (Point-to-Point Protocol) within one of the main protocols, for configuring and managing network layer (Network Layer) protocols securely.

LCP (Link Control Protocol) manages the PPP connection, while NCP enables the execution of network-layer protocols. NCP is a software protocol for configuring and managing network protocols over PPP. LCP controls the connection, NCP manages the protocols on the network.

NCP's protocols

​

Difference between NCP and LCP

​

Data

Data reception

Maʼlumotlarni qabul qilish

Kanal sathi orqali umumiy malumotlar oqimi

maʼlumotlarni uzatish va qabul qilishning to‘rt bosqichli jaraѐni sifatida namoѐn bo‘ladi.

General use

4/12/2021

5

Point-to-Point

Networks

Frame Relay

Channel layer in the neighboring nodes between reliable data transmission provides. This layer separate networks connecting effort does not both different various physical network media covers it. Channel layer protocols for

usage includes the following:

Bridges

Access restriction

Switches

Point-to-Point Protocol (PPP) and Serial Link Internet Protocol (SLIP)

Multihost

Networks

unicast multicast broadcast

ISDN, F-T1

Parallel traffic Multiple addresses

10Base-2 100Base-T

SP

Channel layer protocol levels

6

From point‑to‑point networks, a single protocol of the data layer, like SLIP, can perform all necessary functions; however, several Channel layer protocols cover the entire layer. Instead, the Channel layer usually includes several protocols that together provide the full data link function. Lower protocols manage physical layer connections. Middle layer protocols manage routing and addressing, while upper layer protocols manage network

Low-Level Protocols

FDDI, LAPF, PPP, Carrier

Sense Multiple Access/Collision Detection

Middle-Level Protocols

MAC and LLC

High-Level

Protocols

AppleTalk Address Resolution Protocol (AARP) and the multilink protocol (MP)

Unusual use

4/12/2021

7

Plaintext, Reconnaissance, Hijacking, Detection

Channel layer usually physical layer interface provides the and network two nodes between

data secure transmission ensured;

ARP, ICMP, DNS using detection

Tcpdump (http://www.tcpdump.org/), Snort (http://www.snort.org/), Ngrep (http://ngrep.sourceforge.net/):, Wireshark/Ethereal (http://www.ethereal.com/)

Irregular mode attacks

Irregular mode networks analysis of widely

distributed tools

Irregular mode detection

Address attacks provide the ability to effectively change many address scheme routes in the network

possible

Carrying out attacks

29

1

Covert Channels

Addressing Information, Invalid Frames, Frame Size, Protocol Specific

3

Out-of-Frame Data

Information outside the frame affects network throughput

or data consumption

can be delivered in a non‑standard (hidden) manner.

2

Physical Layer Risks

May eavesdrop on the traffic of malicious data transmission to the physical layer.

possible

4

SLIP

Error Detection

Maximum Transmission Units

No Network

Service

Parameter

Negotiations

PPP

Authentication

Transmission Error Detection

Replay Attack Transmission

30

SLIP and PPP vulnerabilities

4/12/2021

10

Authentication

Bidirectional Communication

User Education

PPP and SLIP's biggest threats are related to authentication, bidirectional communication and user education.

Although eavesdropping, replay and injection attacks may be possible, these attacks require physical layer

Since a point‑to‑point network contains only two nodes, physical‑level threats are usually not of

jismoniy darajadagi tahdidlar odatda muhim ahamiyatga ega emas.

MAC

11

Media access control (MAC) lower layer two

main function

provides: transmission control and

network address management.

• Transmission Control
• Network Addressing

Authentication

Transmission Error Detection

Self imitation for to

Replay Attack

Transmission.

Load Attacks

Device profile attacks

ARP and RARP

4/12/2021

12

ARP Poisoning

ARP Poisoning attacks

ARP packets are required only when searching for a new IP-address (or MAC-address) is necessary. However, these truncated entries expose the system to ARP poisoning, and here an invalid or intentionally

Resource Attack, Denial of Service (DoS), Man-in-the-

Middle (MitM)

ARP hard coding tables, setting ARP entry lifetimes, filtering ARP

ARP tables can be temporarily blocked. In this case, an established connection (e.g., IP-connection) blocks the ARP table entry

new ARP replies cannot write to a blocked table entry - this ensures that during the establishment of the connection and mitigation of

Address Resolution Protocol (ARP) is an example of a service access protocol. Reverse Address Resolution Protocol (RARP)

Vulnerabilities

ARP Poisoning attack

mitigation

Locking ARP tables

NETWORK PATHS

13

like

Switches and bridges

network devices usually ARP

use them.

devices ARP

Especially from packets, these responses

pays attention.

Unfortunately, these

systems ARP

attacks vulnerable,

for example, and switch

switch poisoning

flooding.

1

Switch Poisoning Attacks

2

Switch Flooding Attacks

Session layer

35

Session layer

Long‑term sessions called “sessions” between the session user and the session provider

Designed for managing dialogues

These high‑level connections are lower‑layer transport, network, and data communication

layered transport, network ѐki

data communication

Compared to other connections, they last considerably longer

continue

Session layer

Protocol

Network File System (NFS), X‑WINDOWS system and AppleTalk Session Protocol (ASP)

7 - Application - A

4/12/2021

6 - Presentation - Person

5 - Session - Sent

4 - Transport - Through 3 - Network - Network 2 - Data Link - Data

1 - Physical - Packets

Physical - Please Data Link - Do Network - Not Transport - Throw Session - Sausage Presentation - Pizza Application - Away

General risks

36

Authentication and Authorization DNS; NFS; SMB

Session Hijacking

If session

identifier is not encoded, the attacker can obtain the session identifier and steal the session.

Blind Session

Attacks If the session is used without being bound to the transport service,

it becomes defenseless against blind session attacks.

bo‘ladi.

Man-in-the- Middle (MitM)

Session layer

protocols

are unprotected

qarshi himoyasiz.

Information Leakage and Privacy

Session layer

standards define session and state

but they do not support authentication or confidentiality.

qo‘llab-

quvvatlamaydi

4/12/2021

DNS protocol

37

Unverified

DNS session for correlating requests with responses

uses its identifier, but the session identifier does not provide authentication. An

Domain Name System (DNS) is an extended, distributed information management system [RFC1034]. It supports dynamic updates, mapping of host names and network addresses, and additional information about hosts and domains. DNS was designed for large networks. The existing DNS infrastructure distributes load easily and supports millions of computers on the Internet. DNS allows

Direct threats

4/12/2021

DNS protocol risks

38

DNS Poisoning

DNS trust-based attacks use a method similar to ARP poisoning and are carried out

DNS Cache Poisoning

Unsolicited responses to requester directed if DNS cache with poisoning

how caching DNS server targets . Attacker DNS query monitors and to DNS fake response gives The response appears legitimate and of the cache’s

Blind ID Attack

Unsolicited responses and cache poisoning usually require the attacker to monitor DNS queries and

Executing the request is not always necessary. The attacker chooses a generic domain name and

When it appears the

4/12/2021

Technical risk-hazards

39

DNS Domain Hijacking

1

3

5

4

2

DNS System Compromise

Dynamic DNS

Hijacking

DNS Server Hijacking

DNS IP Hijacking

4/12/2021

Social risks

40

Similar host names

Automatic name filling

Social engineering

DNS plays a crucial role for the Internet. The ability to compromise or hijack a host name directly leads to DoS, MitM, and other system attacks. Direct threats and technical attacks exist on DNS servers, but other methods are available to compromise a host or domain. These threats target the human factor. For DNS, similar host names to social risks, automatic name filling, social engineering, and domain updating are involved.

to‘ldirish, ijtimoiy muhandislik va domenni yangilash kiradi.

Domain update

4/12/2021

Threat Mitigation

• Harden Servers, Firewall
• Impose restrictions on transfers, Restrict privileges, Remove reverse lookups, Internal and external domains
• separate, Remove excess data, Update software
• Monitor similar domains, Lock domains, Use real contacts, 24/7 support, Self-Hosting

41

Direct

Threat Reduction

Technical Threat Reduction

Patch, separating internal and external domains, creating restricted zone transfers, authenticating the transfer zone, limiting cache duration, rejecting incorrect responses

4/12/2021

Intelligence Threat Reduction

Social Threat Reduction

Thank you for your attention