Computer Science:

Protocols
Objectives

Familiarity Students are able to give an introduction to prtocols in their own words

Protocols Students are able to give an introduction to the 5 protocols discussed in their own words

Protocols: In-Depth Students are able to explain how the 5 protocols work in their own words

Protocols: Keen-Eye Students are able to Idnetify the Reliabilities, Limitations, and Vulnerablities of the 5 Protocols
discussed

GROUP
AFSHEEN | SHAZA | SHAYA | WAAIL | ZAINEE
 Lesson Overview

01 Introduction 02 Types

03 Content 04 Activity
Protocols!
Protocols are rules that define how data
is sent, received, and understood
between devices in a network. They
ensure different systems can
communicate effectively and maintain
consistency in data transfer.
 Types Covered!

The following types of Protocols are to be covered

within this presentation

● TCP Transmission Control Protocol

● HTTP HyperText Transfer Protocol
● SSL Secure Socket Layer
● TLS Transfer Layered Security
● HTTPS HyperText Transfer Protocol Secure
0
1
TCP
Transfer Control Protocol
What is TCP?
TCP [Transfer Control Protocol] is a key Internet
protocol that ensures reliable communication
between devices. It guarantees that data
packets are delivered correctly and in order,
resending any lost packets.
 Features

Connection-oriented
Establishes a connection before data is sent.

Reliable Error Checking Flow control

Ensures data is Includes checksums for data integrity. Manages data transmission
delivered in order and rate to prevent network
without errors. congestion
 Connection Establishment
Three-Way Handshake

1 2 3 Data is
transmitted in
ordered
segments.

SYN SYN-ACK ACK Each segment includes

sequence numbers for
Client sends a Server responds Client sends ordering and
SYN packet to with a SYN-ACK an ACK packet acknowledgments.
the server to packet to back to
initiate a acknowledge confirm the
connection. receipt and connection.
request a
connection
 Connection Termination
Four-Way Handshake

1 3
ACK ACK
Server Client acknowledges the
acknowledges the server’s FIN packet,
FIN packet. completing the closure.

FIN FIN
Client sends a FIN Server sends its own
packet to indicate it FIN packet.
wants to close the
connection. 2 4
 RLV

Reliability Limitations Vulnerabilty

 Error-checking ensures data  Higher latency due to  Can be exploited for DoS
integrity through connection attacks by sending excessive
checksums. establishment connection requests.
 Retransmission of lost mechanisms.  Vulnerable to session hijacking
packets ensures complete  Resource-intensive, through interception of TCP
data delivery. limiting performance sessions.
“A reliable protocol that ensures
data sent over the internet arrives
intact and in order. It’s vital for
applications where accuracy is
crucial, such as web browsing and
email.”
~ Mr. Transmission Control Protocol
0
2
SSL
Secure Socket Layer
What Is SSL?
SSL [Secure Socket Layer] is a standard security
technology that establishes an encrypted link between
a server and a client, ensuring that all data passed
between them remains private and integral.
 Features

Session
Management
Establishes secure sessions
between client and server

Authentication Encryption
Verifies server identity. Secures data in transit.
 Procedural Step By Step

1 3
Initiation 2 Certificate
Client sends a "ClientHello" Server sends its SSL
message to initiate a secure
connection.
Response certificate for
verification.
Server responds with
a "ServerHello"
 Procedural Step By Step

4 6
Verification 5 SessionKeys
The client verifies the client and server
certificate PMS generates session
keys from PMS
and sends an
encrypted "pre-
master secret" to the
server
 Procedural Step By Step
Communication
client and server communicate
securely using the session keys to
encrypt and decrypt all transmitted
data.
7 9
FIN-Client 8 Closure
The client sends a FIN Either party can initiate a
message encrypted FIN-Server closure alert to terminate
with the session key, server sends its own the connection
FIN message
 RLV

Reliability Limitations Vulnerabilty

 Established standard for  Older versions are outdated and  Vulnerable to known exploits if
encrypting data between not recommended for use. not properly configured.
client and server.  Requires management of  Can be subject to attacks on the
 Ensures the integrity of the
certificates, adding complexity. certificate authority system
transmitted data.
“ SSL is essential for securing online communications
by encrypting data between clients and servers,
ensuring confidentiality and integrity. It authenticates
identities, protecting against fraud and impersonation.
Commonly used in e-commerce and email security, it
safeguards sensitive information while enhancing user
trust through visible indicators like the padlock icon in
web browsers. ”

~ Mr. Secure Socket Layer

03
TLS
Transfer Layer Security
What Is TLS?
TLS [Transport Layer Security] is a cryptographic
protocol that provides secure communication over a
network. Evolving from SSL, TLS encrypts data
between clients and servers, ensuring confidentiality,
integrity, and authenticity..
 Features

Security Support FW-Secrecy

Improved encryption Used across various Protects past sessions against
compared to SSL. protocols (HTTP, FTP, etc.). future compromises..
Breaking News !!!

The Step By Step of SSL and

TLS is Almost the same.
 Procedural Step By Step

1 3
Initiation 2 Certificate
Client sends a "ClientHello" Server sends its CA
message to initiate a secure
connection.
Response certificate for
verification.
Server responds with
a "ServerHello"
 Procedural Step By Step

4 6
Verification 5 SessionKeys
The client verifies the client and server
certificate PMS generates session
keys from PMS
and sends an
encrypted "pre-
master secret" to the
server
 Procedural Step By Step
Communication
client and server communicate
securely using the session keys to
encrypt and decrypt all transmitted
data.
7 9
FIN-Client 8 Closure
The client sends a FIN Either party can initiate a
message encrypted FIN-Server closure alert to terminate
with the session key, server sends its own the connection
FIN message
 TLS V/S SSL

Cipher Suites Alert

Supports modern and More comprehensive
more secure cipher suites alert messages { More
Detailed }

Handshake Security
Implements a more
TLS real-time certificate
complex handshake verification and
enhanced error reporting
mechanisms.
FW-Secrecy Rec-Protocol
past sessions remain
More efficient with
secure even if the
improved packet
server's private key is
handling and
compromised.
compression.
 RLV

Reliability Limitations Vulnerabilty

 Established standard for  Older versions are outdated and  Vulnerable to known exploits if
encrypting data between not recommended for use. not properly configured.
client and server.  Requires management of  Can be subject to attacks on the
 Ensures the integrity of the
certificates, adding complexity. certificate authority system
transmitted data.
“TLS is essential for securing online communications,
protecting sensitive data across various applications.
It is widely used in web browsing (HTTPS) to encrypt
user information, ensuring the safety of credentials
and payment details. TLS also secures virtual private
networks (VPNs) and is integral to secure messaging
apps. By providing robust encryption and
authentication, TLS enhances user trust and protects
against eavesdropping and tampering, making it vital
for safe digital interactions. ”

~ Mr. Transport Layer Security

 04
HTTP
HyperText Transfer Protocol
What is HTTP?
HTTP [Hypertext Transfer Protocol] is defined as
a protocol used for transferring hypertext
requests and information on the internet. It
allows clients, such as web browsers, to
communicate with servers to request and
retrieve resources. Operating on a request-
response model, HTTP enables efficient data
exchange for web browsing and application
interaction.
 Features

Stateless Text-based REQ-RES Model

Each request is Uses plain text for Client requests resources;

independent communication server responds.
Procedural Step By Step
 1
Client
Request
Initiation
The client [Browser]
initiates an HTTP request by
entering a URL. This triggers
a request to the server
hosting the desired resource.
 2

DNS Resolution
The browser uses the Domain
Name System [DNS] to
resolve the domain name
into an IP address, allowing it
to locate the server.
 3
Establishing a
TCP Connection
The client establishes a TCP
connection to the server using the
resolved IP address. This involves a
three-way handshake process:

1 2 3

SYN SYN-ACK ACK

Client sends a Server responds Client sends
SYN packet to with a SYN-ACK an ACK
the server to packet to packet back
initiate a acknowledge to confirm
connection. receipt and the
request a connection.
connection
 4
Sending the
HTTP
Request
Once the TCP connection is
established, the client sends
an HTTP request message to
the server.
 4:1

Parts Of an HTTP Request

Message

Request Line Body Headers

Specifies the HTTP method, Contains data sent with Additional information
the resource path, and the methods like POST. about the request, such as
HTTP version. user agent, accepted
content types, and cookies
5
Sending the
HTTP
Response
The server constructs and
sends an HTTP response
message
 5:1

Parts Of an HTTP Request

Message

Status Line Body Headers

Indicates the HTTP version, Additional information Contains the requested
status code about the response resource or an error
such as type and length message.
 6

Receiving the Response

The client receives the response from the
server. The browser processes the response
based on the status code and content type.
 7

Rendering the Content

If the response is successful, the browser
renders the content. This may involve
parsing HTML, executing JavaScript, and
loading any referenced resources
 8

Closing the
Connection

The client and server may

close the TCP connection
after the response is fully
transmitted. Alternatively,
they might keep the
connection open for further
requests
 9

Handling
Errors
If the response indicates an
error the client can display an
error message or take other
appropriate actions.
 RLV

Reliability Limitations Vulnerabilty

 Works well for basic web  No built-in encryption; sensitive  can you say Easily susceptible
page requests. data is at risk during to XSS and CSRF attacks if not
 Support for caching improves transmission. properly sanitized.
performance and reduces  Not ideal for transferring large  Man-in-the-middle attacks can
server load. intercept unencrypted traffic.
files
“ HTTP (Hypertext Transfer Protocol) is the foundation
of data communication on the World Wide Web,
enabling web browsers to retrieve and display web
pages from servers. Its significance lies in providing a
standardized method for transmitting data, facilitating
interoperability across different systems. HTTP is
widely used for various applications, from loading
simple web pages to powering complex web
applications and APIs, making it essential for
accessing online resources. ”

~ Mr. HyperText Transmission Protocol

 05
HTTPS
HyperText Transfer Protocol Secure
What is
HTTPS?
HTTPS is an extension of HTTP that adds a
layer of security by using encryption through
TLS/SSL. It ensures that the data transferred
between the client and the server is secure,
protecting it from eavesdroppers and
attackers.
 Features

Encryption Authentication Data Integrity

Data is encrypted during server presents a HTTPS checks that data has
transmission. certificate, ensuring not been altered during
legitimacy. transit.
Breaking News !!!

HTTPS is just HTTP + TLS/SSL

:)
Procedural Step By Step
 1
Client
Request
Initiation
The client [Browser]
initiates an HTTP request by
entering a URL. This triggers
a request to the server
hosting the desired resource.
 2

DNS Resolution
The browser uses the Domain
Name System [DNS] to
resolve the domain name
into an IP address, allowing it
to locate the server.
 3
Establishing a
TCP Connection
The client establishes a TCP
connection to the server using the
resolved IP address. This involves a
three-way handshake process:

1 2 3

SYN SYN-ACK ACK

Client sends a Server responds Client sends
SYN packet to with a SYN-ACK an ACK
the server to packet to packet back
initiate a acknowledge to confirm
connection. receipt and the
request a connection.
connection
 4:1

1 3
Initiation 2 Certificate
Client sends a "ClientHello" Server sends its SSL
message to initiate a secure
connection.
Response certificate for
verification.
Server responds with
a "ServerHello"
 4:2

4 6
Verification 5 SessionKeys
The client verifies the client and server
certificate PMS generates session
keys from PMS
and sends an
encrypted "pre-
master secret" to the
server
 5

Secure Encrypted
Connection Established

The client and server confirm that the

handshake is complete and that the session
keys are working. They can now securely
exchange data using symmetric encryption.
 6
Sending the
HTTP
Request
Once the TCP connection is
established, the client sends
an HTTP request message to
the server.
 6:1

Parts Of an HTTP Request

Message

Request Line Body Headers

Specifies the HTTP method, Contains data sent with Additional information
the resource path, and the methods like POST. about the request, such as
HTTP version. user agent, accepted
content types, and cookies
7
Sending the
HTTP
Response
The server constructs and
sends an HTTP response
message
 7:
1
Parts Of an HTTP Request
Message

Status Line Body Headers

Indicates the HTTP version, Additional information Contains the requested
status code about the response resource or an error
such as type and length message.
 8

Receiving and Decrypting the Response

The client receives encrypted response from

the server. The client decrypts response
using session keys.
 9

Rendering the Content

If the response is successful, the browser
renders the content. This may involve
parsing HTML, executing JavaScript, and
loading any referenced resources
 10

Closing the
Connection

The client and server may

close the TCP connection
after the response is fully
transmitted. Alternatively,
they might keep the
connection open for further
requests
 1
1
Handling
Errors
If the response indicates an
error the client can display an
error message or take other
appropriate actions.
 RLV

Reliability Limitations Vulnerabilty

 Encrypts data to protect  Higher computational overhead  If weak cipher suites are used,
against eavesdropping and can affect performance. the encryption can be
tampering.  Requires management of SSL compromised.
 Maintains data integrity,  Vulnerable to SSL stripping
certificates, including renewal
ensuring that the data sent attacks if not configured
and revocation.
and received is unaltered
correctly
“ HTTPS is an extension of HTTP that adds security
through encryption TLS/SSL. This ensures that data
exchanged between a user's browser and a web
server remains confidential and protected from
eavesdroppers. The significance of HTTPS lies in
safeguarding sensitive information, enhancing user
trust during online transactions. It is essential for e-
commerce sites, banking platforms, and any website
that collects personal information, promoting a safer
online experience. ”
~ Mr. HyperText Trasmission Protocol Secure
THE
END
Do you have any questions?

CREDITS: This presentation template was created by

Slidesgo, including icons by Flaticon and
infographics & images by Freepik