Network &

Computer Security

Data Link Layer

Ir. Jusin, MTI

[email protected]
 Outline
• Data Link Layer – Protocols
– Media Access Control • Async
• Controlled Access • SDLC & HDLC
• Contention Access • Ethernet
• PPP
– Error Control
• Transmission Efficiency
• Prevention and Throughput
• Detection
• Correction
• Implications for Cyber
Security
 Data Link Layer
• Layer 2 in the Internet model Internet Model
• Responsible for moving messages
from one device to another Application
• Controls the way messages are
sent on media
• Organizes physical layer bit
Transport
streams into coherent messages
for the network layer Network
• Major functions of a data link
layer protocol
– Media Access Control Data Link
– Error Control
– Message Delineation Physical
 Data Link Layer
• The Data Link layer performs two main
functions and therefore is often devided
into two sublayer
– Logical Link Control (LLC) sublayer
– Media Access Control (MAC) sublayer

LLC Packet  Frame

MAC Frame  stream of bits

 Media Access Control
• Controls which device transmits and when
• Important on
– Multipoint (shared) circuits
– Half-duplex point-to-point circuits
• Two approaches to control
1. Contention access
2. Controlled access
 Media Access Control
• Contention
– Transmit whenever circuit is available with no centralized
control
– Common in Ethernet LANs
– When devices transmit at the same time, a collision occurs
– Devices must be “polite” and follow these steps:
1. “Listen” for traffic
2. If another device is transmitting, wait to transmit
3. Otherwise, transmit (and keep listening)
4. If another device begins to transmit, stop and wait
 Media Access Control
• Controlled access
– Common in wireless LANs
– Access Request
• Each device must get “permission” to transmit, similar to raising a
hand
– Polling
• Roll-call polling
– Central device (controller) determines which devices can transmit
– Each client is checked periodically to see if it needs to transmit
• Hub Polling (token passing)
– One device begins the poll and then passes it to another device until
it reaches them all
Media Access Control
 Error Control
• Network errors
– Types
• Corrupted data
• Lost data
– Caused by problems in transmission (not humans)
• Networks should be designed with:
– Error prevention
– Error detection
– Error correction
 Sources of Network Errors
• Line noise and distortion
– Major reason for errors and caused by several sources
– More likely on electrical media
– Undesirable electrical signal
– Degrades performance of a circuit
– Manifestation
• Extra bits
• “Flipped” bits
• Missing bits
 Error Prevention
Source of Error What Causes It How to Prevent or Fix

White Noise Movement of electrons Increase signal strength

Impulse Noise Sudden increases in electricity (e.g.,
Shield or move the wires
lightning)
Cross-talk Multiplexer guardbands too small or Increase the guardbands or
wires too close together move or shield the wires
Echo Fix the connections or tune
Poor (misaligned) connections
equipment
Attenuation Gradual decrease in signal over distance Use repeaters
Intermodulation noise Signals from several circuits combine Move or shield the wires
 Error Detection
• Receivers need to know when the data transmitted is
not correct
• Add “check value” (error detection value) to message
Check
Message Value

• Check value produced by mathematical formula

 Error Detection
• Both sender and receiver calculate check value
• Receiver tests whether the check values match
Sender Receiver

Check Check
Message Message
Value Value

Mathematical Mathematical
Calculations Calculations
 Error Detection
• Parity check
– 1-bit check value
– Based on the number of 1’s in the message
• Even parity: number of 1’s remains even
• Odd parity: number of 1’s remains odd
– Simple, but only detects 50% of errors
Example (Even Parity)

Sender Receiver
Character: ‘A’ Character: ‘C’
Binary: 010000010 Binary: 010000110
Parity Bit: 0 (even) Parity Bit: 1 vs 0 ?
 Error Detection
• Parity check
 Error Detection
• Checksum
– 1-byte (typically) check value
– Checksum algorithms vary in the creation of check values
– Detects 95% of errors

Data = ABCDE
= (65 + 66 + 67 + 68 + 69) % 255
= 70  Checksum
 Error Detection
• Cyclic redundancy check (CRC)
– Treats message as a single binary number
– Divides by a preset number
– Uses remainder as the check value
• Preset number is chosen so that remainder is
the correct number of bits
• Modes:
– CRC-16 (~99.998% error detection rate)
– CRC-32 (>99.99999% error detection rate)
 Cyclic Redundancy Check (CRC)
Example:
P = 58
P/G=Q+R/G G=8
Q=7
R =2
Message Quotient Remainder:
(treated as (whole –added to the message
one long number) as EDV
binary –could be 8 bits, 16 bits,
number) A fixed number 24 bits, or 32 bits long
(determines the –CRC16 has R of 16 bits
length of the R)
 Error Correction
• Once detected, errors must be corrected
• Error correction techniques
– Retransmission (or backward error correction)
• Layer Transport (layer 4) is responsible for retransmission
– Forward error correction
• Receiving device can correct messages without retransmission
 Error Correction
• Forward error correction
– Includes a certain level of redundancy in transmitted data
so that receiving device can correct errors
– Does not require retransmission
– Used only when retransmission is impossible, very costly,
or time consuming (e.g., satellite connections)
Error Correction - Hamming Code

Each data bit figures

into three EVEN parity
bit calculations
Only
If any one bit (parity or works for
data) changes  one bit
change in data bit can errors
be detected and
corrected
 Error Correction
• Error control in practice
– On wired connections, errors are quite rare
– Most data link layer software today does not correct
errors, only detect them and discard frames with errors
– Error correction must then be done at a higher layer
(Transport)
 Data Link Protocols
• Classification
– Asynchronous transmission
– Synchronous transmission
• Protocols differ by
– Message delineation
frame k-1 frame k frame k+1
– Frame length
– Frame field structure
 Data Link Protocols
• Asynchronous serial transmission (async)
– Old protocol (e.g., used in teletype)
– Transmits one character at a time
– Delineation indicated by start and stop bits
Start Bit Message Parity Stop Bit
(1 bit) (7 or 8 bits) (1 bit) (1 bit)

0 1
 Data Link Protocols
• Synchronous transmission
– Data sent in a large block called a frame
– Includes addressing information
– Includes synchronization characters to let the receiver
know when data transmission begins
– Example protocols: SDLC, HDLC, Ethernet, PPP
 Data Link Protocols
• Synchronous Data Link Control (SDLC)
– Synchronous bit-oriented protocol developed by IBM
– Uses bit stuffing (zero insertion) to overcome transparency
problem

Flag Address Control Data CRC-32 Flag

(8 bits) (8 bits) (8 bits) (variable) (32 bits) (8 bits)

01111110 01111110

Send Seq. Receive Seq. Supervisory Receive Seq.

0 Poll/Fin 1 0 Code (2 bits)
Poll/Fin Num (3 bits)
Num (3 bits) Num (3 bits)

information supervisory
 Data Link Protocols
• High-level Data Link Control (HDLC)
– Formal standard developed by the ISO
– Often used in WANs
– Essentially the same as SDLC, except that the address and
control fields can be longer.

CRC-32
Flag Address Control Data Flag
(16 or 32
(8 bits) (8 or 16 bits) (8 or 16 bits) (variable) (8 bits)
bits)
 Data Link Protocols
• Ethernet
– IEEE 802.3 standard and Ethernet II
– Most widely used LAN protocol
– Uses contention media access control
– Ethernet IEEE 802.3ac Frame
 Data Link Protocols
• Point-to-point protocol (PPP)
– Common WAN protocol
– Commonly use on dial-up line from home PCs
– Designed mainly for point-to-point phone line (can be used
for multipoint lines as well)

Flag Address Control Protocol Data CRC Flag

(1 byte) (1 byte) (1 byte) (2 bytes) (variable) (2 or 4 bytes) (1 byte)
Transmission Efficiency
 Transmission Efficiency
Interframe
Gap
(12 bytes)

Preamble
Destination
& Source Address Type Data CRC
Address
Delimiter (6 bytes) (2 bytes) (46-1500 bytes) (4 bytes)
(6 bytes)
(8 bytes)

IEEE 802.3 Ethernet II Frame

Data Link Protocols
 Throughput
• More complicated than simple protocol efficiency
because it depends on the retransmission rate,
transmission rate, and delay
• Transmission Rate of Information Bits (TRIB) is a
measure of the effective # of bits transmitted in a
unit of time
Throughput
Throughput
 Implications for Cyber Security
• The MAC address is assigned to a computer network interface card in a
factory and is therefore hardcoded on the network interface card (NIC)
and cannot be changed.
• MAC address filtering will create a list of MAC addresses that are
allowed to connect to a Wi-Fi network or to a switch in corporate
networks.
– This feature allows for some degree of security. However, MAC address
filtering can offer a false sense of security because of MAC address spoofing.
• MAC address spoofing is a software-enabled technique that can
change the hardcoded MAC address to any MAC address and thus
overcome MAC address filtering.
– Keep in mind that while MAC address spoofing is not illegal, what you do with
it may be.