The Session Layer
The session layer allows users on different machines to establish sessions
between them. A session allows ordinary data transport, as does the transport layer, but it
also provides some enhanced services useful in a some applications. A session might be
used to allow a user to log into a remote time-sharing system or to transfer a file between
two machines.
One of the services of the session layer is to manage dialogue control. Sessions
can allow traffic to go in both directions at the same time, or in only one direction at a
time.
A related session service is token management. For some protocols, it is essential
that both sides do not attempt the same operation at the same time. To manage these
activities, the session layer provides tokens that can be exchanged. Only the side holding
the token may perform the critical operation.
Another session service is synchronization. Consider the problems that might occur
when trying to do a two-hour file transfer between two machines on a network with a 1
hour mean time between crashes. After each transfer was aborted, the whole transfer
would have to start over again, and would probably fail again with the next network
crash. To eliminate this problem, the session layer provides a way to insert checkpoints
into the data stream, so that after a crash, only the data after the last checkpoint has to be
repeated.
The Presentation Layer
The presentation layer performs certain functions that are requested sufficiently
often to warrant finding a general solution for them, rather than letting each user solve the
problems. In particular, unlike all the lower layers, which are just interested in moving
bits reliably from here to there, the presentation layer is concerned with the syntax and
semantics of the information transmitted.
SERVICES:
1. Encoding data
2.Exchange things names, dates, amounts of money, and invoices are represented as
character strings, integers, floating point numbers, and data structures composed of
several simpler items.
Different computers have different codes for representing character strings, integers
and so on. In order to make it possible for computers with different representation to
communicate, the data structures to be exchanged can be defined in an abstract way,
along with a standard encoding to be used "on the wire". The job of managing these
abstract data structures and converting from the representation used inside the computer
to the network standard representation is handled by the presentation layer.
3.Data compression can be used here to reduce the number of bits that have to be
transmitted and cryptography is frequently required for privacy and authentication.
Encryption
The purpose of coding: security. We have only considered coding as a
mechanism for improving the integrity of the communication system in the presence of
noise. The use of coding for security has a different name: encryption. The use of digital
computers has made highly secure communication a normal occurrence. It is very much
easier to encrypt than it is to decipher. The principle is just that of a combination lock.
With a computer, the number of the digits in the lock can be very large. Of course, one
still has to keep the combination secure!
The most commonly used encryptions algorithms are block ciphers. This means
that the algorithm splits the plaintext (message to be encrypted) into (usually) fixed
size blocks which these are subjected to various functions to produce a block of
ciphertext. The most common functions are permutations based on expansion and
compression and straight "shuffling" transformations. In a straight permutation, the
bits of an n bit block are simply reordered. In expansion, as well as being reordered, the
group of n bits is converted to m bits (m > n), with some bits being duplicated. In
compression, the n bit block in converted to a p bit block (p < n), with some of the
original bits unused (Figure
).
Figure: Examples of block cipher permutations
The most widely used form of encyrption is defined by the National Bureau
of Standards and is known as the data encryption standard (DES). The DES is a block
cipher, splitting the data stream into 64-bit blocks that are enciphered separately. A
(probably) unique key of 56 bits is then used to perform a succession of transposition
and substitution operations. A 56 bit key has
Assuming a powerful computer could attempt
possible combinations.
combinations per second, it would
still take over 20 years to break the code. If the code is changed once per year, there is
little possibility of it being broken, unless the code breaker has additional information.
The DES converts 64 bits of plaintext into 64 bits of ciphertext. The receiver uses the
same key to decipher the ciphertext into plaintext.
The difficulty with this method is that each block is independent. This
permits an interceptor in possession of the key to introduce additional blocks without
the recipient being aware of this fact. In addition, the same plaintext will generate the
same ciphertext, a fact of great value to someone attempting to break the code. These
disadvantages are removed by chaining. Chaining describes the process of EOR-ing the
plaintext of one block with the ciphertext of the previous block. In this way it is not
possible to introduce blocks in a transparent fashion, and repetitions of the same
plaintext generates different ciphertexts.
Like the combination of a lock, the system is only secure if the key is
secure. If the key is changed often, the security of the key becomes a problem, because
the transfer of the key between sender and receiver may not be secure. This is avoided
by the use of matched keys. In a matched key scheme, the encryption is not reversible
with the same key. The message is encrypted using one key, and decrypted with a
second, matched key. The receiver makes available the first, public key. This key is
used by the sender to encrypt the message. This message is unintelligible to anyone not
in possession of the second, private key. In this way the private key need not be
transferred. The most famous of such schemes is the Public Key mechanism using the
work of Rivest, Shamir and Adleman (RSA). It is based on the use of multiplying
extremely large numbers and, with current technology, is computationally very
expensive.
COMMON MANAGEMENT INFORMATION PROTOCOL
Common Management Information Protocol (CMIP) is an Open Systems Interconnection (OSI)1 based network management protocol that supports information exchange between network
management applications and management agents. CMIP is part of the X.700 (CCITT2 number
for the OSI Management Framework, also designated as ISO/IEC 7498-43) OSI series of
management standards. Its design is similar to the Simple Network Management Protocol
(SNMP). CMIP was developed and funded by government and corporations to replace and
makeup for the deficiencies in SNMP, thus improving the capabilities of network management
systems.
CMIP uses an ISO reliable connection-oriented transport mechanism and has built in security that supports
access control, authorization and security logs. The management information is
exchanged between the network management application and management agents thru
managed objects. Managed objects are a characteristic of a managed device that can be
monitored, modified or controlled and can be used to perform tasks.
CMIP does not specify the functionality of the network management application, it only
defines the information exchange mechanism of the managed objects and not how the
information is to be used or interpreted.
The major advantages of CMIP over SNMP are:



CMIP variables not only relay information, but also can be used to perform tasks.
This is impossible under SNMP.
CMIP is a safer system as it has built in security that supports authorization,
access control, and security logs.
CMIP provides powerful capabilities that allow management applications to
accomplish more with a single request.

CMIP provides better reporting of unusual network conditions
Access to managed information in the managed objects is provided by the
Common Management Information Service Element (CMISE) that uses CMIP
(Common Management Information Protocol) to issue requests for management
services. The management services provided by CMIP/CMISE can be organized
into two distinct groups, management operation services initiated by a manager
to request that an agent provide certain services or information, and notification
services, used by the management agents to inform the managers that some
event or set of events have occurred.
File Transfer Protocol (FTP)
•
•
•
•
set of rules (program) that dictate the format in which data will moved from one
computer to another
full-duplex = data can be sent in both directions at the same time
uploading files = sending files
downloading files = copying files