Present-day Internet communications represent the synthesis of technical developments begun in the 1960s—the development of a system to support communications between different United States military computer networks, and the subsequent development of a system to support the communication between research computer networks at United States universities. These technological developments would subsequently revolutionize the world of computing.
The Internet, like so many other high tech developments, grew from research originally performed by the United States Department of Defense. In the 1960s, Defense Department officials began to notice that the military was accumulating a large collection of computers—-some of which were connected to large open computer networks and others that were connected to smaller closed computer networks. A network is a collection of computers or computer-like devices communicating across a common transmission medium. Computers on the Defense Department's open computer networks, however, could not communicate with the other military computers on the closed systems.
Defense Department officials requested that a system be built to permit communication between these different computer networks. The Defense Department recognized, however, that a single centralized system would be vulnerable to missile attacks or sabotage. Accordingly, the Defense Department mandated that the system to be used for communication between these military computer networks be decentralized and that no critical services be concentrated in a few, vulnerable failure points. In order to achieve these goals, the Defense Department established a decentralized standard protocol for communication between network computers.
A few years later, the National Science Foundation (NSF) wanted to connect network computers at various research institutions across the country. The NSF adopted the Defense Department's protocol for communication, and this combination of research computer networks would eventually evolve into the Internet.
Internet Protocols
The Defense Department's communication protocol governing data transmission between computers on different networks was called the Internet Protocol (IP) standard. The IP standard now supports communications between computers and networks on the Internet. The IP standard identifies the types of services to be provided to users, and specifies the mechanisms needed to support these services. The IP standard also describes the upper and lower system interfaces, defines the services to be provided on these interfaces, and outlines the execution environment for services needed in the system.
A transmission protocol, called the Transmission Control Protocol (TCP), was also developed to provide connection-oriented, end-to-end data transmission between packet-switched computer networks. The combination of TCP with IP (TCP/IP) forms a system or suite of protocols for data transfer and communication between computers on the Internet. The TCP/IP standard has become mandatory for use in all packet switching networks that connect or have the potential for utilizing connectivity across network or sub-network boundaries.
The TCP/IP Protocol
In a typical Internet-based communication scenario, data is transmitted from an applications program in a first computer, through the first computer's network hardware, and across the transmission medium to the intended destination on the Internet. After receipt at a destination computer network, the data is transmitted through the destination network to a second computer. The second computer then interprets the communication using the identical protocols on a similar application program. Because of the standard protocols used in Internet communications, the TCP/IP protocol on the second computer decodes the transmitted information into the original information transmitted by the first computer.
One of the rules in TCP/IP communications is that a computer user does not need to get involved with details of data communication. In order to accomplish this goal, the TCP/IP standard imposes a layered communications system structure. All the layers are located on each computer in the network, and each module or layer is a separate component that theoretically functions independent of the other layers.
TCP/IP and its related protocols form a standardized system for defining how data should be processed, transmitted and received on the Internet. TCP/IP defines the network communication process, and more importantly, defines how a unit of data should look and what information the message should contain so that the receiving computer can interpret the message correctly. Because the standardized layer design of TCP/IP, a consistent conversion of base data is ensured regardless of the version or vendor of the TCP/IP conversion software.
TCP/IP Addressing and Routing
A computer operating on a network is assigned a unique physical address. On a Local Area Network (“LAN”), the physical address of the computer is a number given to computer's network adapter card. Hardware LAN protocols use this physical address to deliver packets of data to computers on the LAN.
On the Internet, the TCP/IP protocol routes information packets using logical addressing. The network software in the Network Layer generates logical addresses. Specifically, a logical address in the TCP/IP network is translated into a corresponding physical address using the ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol) protocols in the Network Layer.
The TCP/IP's logical address is also called an IP address. The IP address can include: (1) a network ID number identifying a network, (2) a sub-network ID number identifying a sub-network on the network, and, (3) a host ID number identifying a particular computer on the sub-network. The header data in the information packet will include source and destination addresses. The IP addressing scheme imposes a sensible addressing scheme that reflects the internal organization of the network or sub-network.
A computer network is often subdivided into smaller sub-networks. The computer network is divided in this manner to increase data transmission efficiency and reduce overall network traffic. Routers are used to regulate the flow of data into and out of designated sub-networks of the computer network.
A router interprets the logical address information of a data packet, such as an IP address, and directs the data packet across the network to its intended destination. Data addressed between computers on the sub-network does not pass through the router to the greater network, and therefore does not clutter the transmission lines of the greater network. If data is addressed to a computer outside the sub-network, however, the router forwards the data onto the larger network.
The TCP/IP network includes protocols that define how routers will determine the path for data through the network. Routing decisions are based upon information in the IP packet header and entries in each router's routing table. A routing table possesses sufficient information for a router to make a determination on whether to accept the communicated information on behalf of a destination computer, or pass the information onto another router in the network. The routing table also permits the router to determine where the information should be forwarded within the network or sub-network.
The routing table can be configured manually with routing table entries or a dynamic routing protocol that can accommodate changing network topologies—network architecture or network layouts, routers, and interconnections between hosts and routers. In a dynamic routing protocol, a router advertises reachability when it sends updated routing information to a second router claiming that the first router is capable of reaching one or more destination addresses. Advertising accessibility is important to the process of receiving, directing and re-directing data packets on the Internet.
Confidential Communications Over a Public Network
Because information packets are routed over the public networks that make up the Internet, cryptographic security systems are used to send communications in a confidential manner. These security systems maintain the confidentiality of the information packet by encoding, or encrypting, the information in the information packet. The encryption process can only be reversed, or decoded, by an authorized person. Other activities performed by the security system include authentication (you are who you say you are), integrity checking (the information packet was sent in the decoded form) and non-repudiation (identification of person sending the information packet).
A cryptographic security system consists of two fundamental components—a complicated mathematical algorithm for encrypting the information, and one or more values, called keys, known to parties authorized to transmit or receive the information packet. The greater the complexity of the algorithm, the stronger the cryptographic level of security in the cryptographic system. Because of its complexity, the algorithm can be kept secret or publicly disclosed without undermining the strength of the security system.
As an example of the encryption process, let's examine the situation where Party A intends to communicate confidentially with Party B using the cryptographic security system. First, Party A uses the algorithm and a key to transform the information in the transmitted information packet into encrypted information. In order to maintain the confidentiality of the transmitted information, the encrypted information does not resemble the information in the information packet, and the encrypted information cannot be easily decoded into its original form without the use of the algorithm and a key.
As such, the encrypted information is transmitted over the public networks on the Internet to Party B without disclosing the content of the original information packet. After receiving the encrypted information packet, Party B decodes the encrypted information using the algorithm and a key. When the encrypted information is decoded, the original information should be disclosed in the decoded information packet.
Key-Based Cryptographic Systems
It is preferable that the key be known only to the appropriate or authorized parties to the communication. This type of key is known as a “secret key”, and the sender and receiver of the information packet use the same secret key to encrypt and decode information packets with the algorithm. Public key encryption is also supported by cryptographic security systems where the sender has a public key and a private key, and the receiver has a public key and a private key. Messages may be encoded by the sender using the receiver's public key, and decoded by the receiver using the receiver's private key. Hybrid security systems are also used to encrypt and decode information in information packets. Accordingly, key-based security systems rely on the use of some type of secret key to support confidential communications.