|
Lesson 7 - The Presentation Layer
Presentation Layer Services
The Presentation Layer provides three main services:
|
Data representation--The Presentation Layer resolves differences between different types of encoding systems. For example, it handles communication between an IBM mainframe that uses Extended Binary Coded Decimal Interchange Code (EBCDIC) character coding, and an IBM or compatible personal computer (PC) that uses the American Standard Code for Information Interchange (ASCII) character code. An encoding system represents each alphabetical character with a binary number; different systems use different numbers to represent the same letter or punctuation mark.
|
|
Data security--The Presentation Layer encrypts and decrypts data so that anyone who covertly accesses the communication channel cannot obtain confidential information, alter information as it is being transferred, or insert false messages into the stream. It authenticates the source of information and confirms that a party to a communication session is indeed the party represented.
|
|
Data compression--The Presentation Layer also represents transmitted data in a compact fashion to make optimal use of the communication channel. It does this by compressing data passed to it by the Application Layer, and decompressing the data before passing it back at the receiving end.
|
Data Representation
Data is represented in different ways on different computers. A computer cannot process data in a form used by another computer if the forms are different. The primary ways in which data vary are:
|
Byte ordering within integers--The first (left-most) byte of an integer can be either most significant or least significant. For IBM mainframes, and the Apple Macintosh and Sun Microsystems Scalable Performance Architecture (SPARC) models, bytes within integers are ordered in an intuitive manner, with the most significant hexadecimal digits to the left, so that the binary number 1 would appear as "00000001" in processor memory. In machines such as the IBM PC, and others based on Intel microprocessors, and in DEC products, the least significant bit is first, thus 1 would be "l0000000."
|
|
Character coding--EBCDIC and ASCII are common codes; however, others exist as well.
|
|
Format of floating point numbers--A floating point number consists of a mantissa field, exponent field, and sign. For example, the number 3-1 is a floating point number, where 3 is the mantissa and -1 is the sign and exponent. Each is represented with some number of bits in a certain order within a word (single precision) or double-length word (double precision). The number of bits for each varies from computer to computer.
|
The way in which data is represented in certain compilers also varies, even for compilers that compile the same programming language. For example, a Boolean value (variable that takes two values, "true" and "false") might be stored as 1 byte on one computer, but occupy a word (2 bytes) on another.
Representation Example: ASN.1- Differences in data representation could, of course, be handled by the application program, and in many networks they are. However, the Presentation Layer of the OSI model provides a generalized way of dealing with these differences called "Abstract Syntax Notation 1, (ASN.1)." With ASN.1, the burden of data translation is removed from the application programmer's shoulders.
ASN.1 provides a standardized format for data transfer between nodes, as illustrated on the Abstract Syntax Notation Diagram. Each node is only concerned with translating to and from ASN.1, and does not need to know anything about the format in which data is stored elsewhere on the network.
ASN.1 data transmission proceeds as follows:
|
1.
|
When the application code is written, the programmer includes a definition of the program data structures.
|
|
2.
|
When the application program needs to communicate, it provides the ASN.1 definition along with the actual data structure to the Presentation Layer process.
|
|
3.
|
The Presentation Layer process converts the data from native format (for example, EBCDIC) to ASN.1 format, and returns the structure into a self-defining bit stream. That is, each data element in the bit stream is preceded with a code that defines its type and, if necessary, its length. The format of this bit stream is called "transfer syntax."
|
|
4.
|
The data, in transfer syntax, is transmitted by means of the lower layers.
|
|
5.
|
The Presentation Layer process at the receiving end uses the corresponding ASN.1 definition (its name is included in the bit stream) to convert the bit stream back into an application data structure in the proper format for the application at that end.
|
 |
LAB
Click the icon to link to the ASCII Representation of Characters lab. |
|
|
LAB
Click the icon to link to the EBCDIC Representation of Characters lab. |
|
Data Security
The security of data within the network falls within the province of the Presentation Layer, which must guard against three main types of threats:
|
Unauthorized use of the network, including false identification. False identification means pretending to be someone else, either by logging on to the network as that person or sending messages falsely attributed to another user of the network.
|
|
Stealing data from the network, such as wiretapping.
|
|
Inserting false messages into the data stream, or removing messages from the stream.
|
The first threat is related to user authentication, which often is the responsibility of the logon process of the OS. OSs have a variety of ways to detect attempts to defeat their user authentication. For example, most systems will not allow more than a few attempts at entering a password. This makes it more difficult to break passwords by repetitive experimentation.
When user authentication is the responsibility of the application, the application must provide user authentication safeguards similar to those the OSs provide. These safeguards lie within the province of the application, rather than the OS or network.
Theft of data and insertion of false messages are network issues. The threat of both can be minimized by encrypting messages at their source, and decrypting them at their destination. The application header data that authenticates and sequences messages must be encrypted, as well as the data itself, to prevent false messages or deletion of messages.
There are many good methods of data encryption. In general, they all use a series of mathematical operations, called "encryption algorithms," to either reorder the bits, bytes, or words of a message (transposition method), or substitute one or more encryption bytes or words for the "plaintext" bytes or words of the message (substitution method). A numeric value or "key" is used to guide the encryption algorithm. This means that if the same message is encrypted with two different keys, it will yield two different blocks of encrypted text, called "ciphertext," even if the same algorithm was used both times.
At the receiving end, the same encryption key is used to unscramble or decrypt the received ciphertext. There are two main methods of encryption:
|
Single-key or symmetric encryption uses the same key to both encrypt and decrypt a message. Therefore, both the sender and recipient must have the same key before they can exchange coded messages. Symmetric encryption systems include Data Encryption Standard (DES), triple DES (3DES), RC5, International Data Encryption Algorithm (IDEA), and other algorithms that are extremely fast. Their strength lies in the length of the key and the difficulty of analyzing the encrypted data.
Because DES is a standard, and it is quite computer-intensive to encode and decode data using the DES algorithm, the DES process has been built into a specific computer chip. As shown on the DES Encryption Diagram, the DES chip accepts a 64-bit block of plaintext and the key; it then outputs the ciphertext that represents that block of data. The same chip can be used to reverse the process by inputting the ciphertext and key to produce the plaintext.
|
|
Public-key encryption uses a pair of encryption keys for each party that needs to receive encrypted information. Each key in the pair acts as a one-way channel. One key (either one) is used to encrypt the data; the other is used to decrypt the data. Data encrypted with one key cannot be decrypted with the same key, only with its corresponding "partner" key. To use public-key encryption, a person or organization freely distributes its public encryption key and safeguards the corresponding private key. Anyone may use the public key to encrypt messages to a recipient, who uses the private key to decrypt them. Public-key encryption is very central processing unit (CPU)-intensive. It is typically used for small amounts of data where strong security is required, such as Internet e-commerce applications.
|
Data Compression
Data transmitted between nodes of a network can be quite repetitive. Financial data and bitmapped images, for example, often contain long sequences of zeros. Many messages contain far more printable characters than unprintable characters, and more blanks, vowels, and numeric characters than consonants and signs.
The number of bits actually transmitted between nodes in a network ultimately governs the cost of operating the network and the network's capacity to do useful work. Thus, it is often desirable to "compress" data before transmitting it. Data compression reduces the number of bytes that must be transmitted by translating the data into a more efficient form that requires less storage.
If data is compressed by the sender, it must be expanded by the recipient; thus, a variety of data compression protocols have been defined. For example, a technique called "run length encoding" represents a set of repeated bits by a count of the bits followed by the encoded bit, as illustrated on the Run Length Encoding Diagram. In this example, the "+" character is used to mark the start of a length-encoded field. Thus, the characters "+70" represent a series of seven zeroes.
If the "+" character actually appears in the input message, the recipient could mistake it for the start of a compressed field. This problem is avoided by coding each "+" in the source message as "++."
Run length encoding takes advantage of data that has repetitive adjacent elements. A number of other techniques take advantage of other characteristics of data. The decision as to which technique to use depends on the specific application and characteristics of the data.
Why is it important to compress data before sending it across a network?
Activities
See the Activities and Extended Activities section in Unit 4 Lesson 7 in your textbook Introduction to Networking to test what you have learned so far.
|
LAB
Click the icon to link to the Conversion Between ASCII and EBCDIC lab. |
[ Previous Section ] [ Unit Contents ] [ Next Lesson ]
|