INFO2222 · Computing 2 Usability and Security
Network Security: TCP/IP and TLS
Weeks 8-9 build secure communication over an unreliable network: IP packets and TCP's reliable delivery via the three-way handshake, then HTTPS = HTTP + TLS and the confidentiality, integrity and server authentication it delivers. Tracing sequence and acknowledgement numbers, ordering the TLS handshake, and explaining SYN flooding are recurring exam items.
What this chapter covers
- 01IP delivers addressed packets that may arrive out of order, corrupted or lost; UDP is lightweight and unreliable
- 02TCP gives reliable, ordered, error-checked delivery: sequence and acknowledgement numbers, flags, window size, retransmission
- 03The three-way handshake (SYN / SYN-ACK / ACK) establishing sequence numbers, and the four-way close (FIN/ACK/FIN/ACK)
- 04SYN flooding: many half-open connections fill the SYN queue and block legitimate clients (a classic DoS)
- 05HTTPS = HTTP over TLS, delivering confidentiality (encryption), integrity, and server authentication via certificates
- 06TLS handshake phases (hello/randoms/cipher suite → certificate/key exchange → client key exchange → change-cipher/finished)
- 07Forward-secret key exchange (ephemeral ECDHE) vs RSA key transport; TLS 1.3 is simpler and 1-RTT
- 08Certificate chain of trust (Root → Intermediate → Server), certificate pinning, and the Heartbleed over-read bug
Trace TCP sequence and acknowledgement numbers, then explain SYN flooding
- +1(a) Message 1 — Client → Server SYN, seq = 1000 ('start; my sequence number is 1000'). Message 2 — Server → Client SYN-ACK, ack = 1001 (x + 1), seq = 3000 ('I acknowledge up to 1001; my sequence number is 3000').
- +1Message 3 — Client → Server ACK, ack = 3001 (y + 1). The ACK number is always the next byte the sender expects, so it increments by one past the received SYN. The connection is now established.
- +1(b) The 200 bytes occupy sequence numbers 1001 through 1200, so the next byte the server expects is 1201. The server returns acknowledgement number = 1001 + 200 = 1201 — the ACK number increases by the number of bytes received.
- +1(c) In a SYN flood the attacker sends many SYNs (often with spoofed source IPs) but never returns the final ACK. The server allocates half-open connection state for each and keeps retransmitting SYN-ACKs, filling the SYN queue until legitimate clients can no longer connect — a denial of service that exhausts connection resources rather than bandwidth.
Key terms
- IP / UDP / TCP
- IP splits messages into addressed packets that may arrive out of order, corrupted or lost. UDP is a thin, unreliable layer over IP (checksum only). TCP adds reliable, ordered, error-checked delivery using sequence and acknowledgement numbers, flags, a window and retransmission.
- Three-way handshake
- TCP connection setup: Client → SYN (seq x), Server → SYN-ACK (ack x+1, seq y), Client → ACK (ack y+1). It establishes both sides' sequence numbers before data flows; the connection later closes with a four-way FIN/ACK/FIN/ACK exchange.
- SYN flooding
- A denial-of-service attack sending many SYNs without completing the handshake, so the server keeps half-open connection state and retransmits SYN-ACKs until the SYN queue fills and legitimate clients are blocked.
- HTTPS = HTTP + TLS
- HTTPS is HTTP carried over TLS. TLS provides confidentiality (encryption), integrity, and server authentication via certificates. A request runs DNS lookup → TCP three-way handshake → TLS handshake → encrypted HTTP over the secure tunnel.
- TLS handshake / forward secrecy
- The TLS handshake negotiates the protocol version, cipher suite and random nonces, authenticates the server via its certificate, and establishes session keys. Ephemeral ECDHE key exchange gives forward secrecy; TLS 1.3 permits only forward-secret exchange and completes in one round trip.
- Certificate chain of trust / pinning
- A certificate binds a public key to an identity, signed up a chain Root CA → Intermediate CA → Server certificate that browsers/OSes trust at the root. Certificate pinning locks an app to one expected certificate/key for a server, so even a compromised CA cannot substitute another.
Network Security: TCP/IP and TLS FAQ
How does TCP guarantee ordered, reliable delivery over IP?
IP alone can lose, duplicate, corrupt or reorder packets. TCP numbers every byte with a sequence number and has the receiver acknowledge the next byte it expects, so the sender knows exactly what arrived and can retransmit anything missing. Out-of-order packets are reassembled by sequence number, corruption is caught by a checksum, and a window controls how much may be in flight before an acknowledgement is required.
What does HTTPS actually add over HTTP?
HTTPS runs HTTP inside a TLS tunnel, which provides three things: confidentiality (the traffic is encrypted so eavesdroppers cannot read it), integrity (tampering is detected via a MAC or AEAD), and server authentication (the server proves its identity with a certificate signed by a trusted CA, defeating a man-in-the-middle who would otherwise substitute their own key). The handshake sets up the session keys before any HTTP data is sent.
Why is TLS 1.3 considered better than TLS 1.2?
TLS 1.3 is simpler, faster and more secure. It removes weak and error-prone pieces (the ChangeCipherSpec step and the Heartbeat extension that caused Heartbleed), permits only forward-secret key exchange so past sessions stay safe even if a long-term key leaks, encrypts most of the handshake early including the certificate, and needs only one round trip instead of two, reducing connection latency.
Can AI help me with network security in INFO2222?
Yes, as a study aid. Sia can trace TCP sequence and acknowledgement numbers through a handshake and data transfer, order the TLS handshake messages and explain what each carries, and walk through SYN flooding, certificate chains and Heartbleed. Use it to rehearse the protocol details for the security quizzes and exam; it does not do graded assessment for you, and the University of Sydney academic-integrity policy applies.
Exam move
Make the handshakes muscle memory. Draw the TCP three-way handshake and label seq/ack numbers from arbitrary starting values (SYN seq x; SYN-ACK ack x+1, seq y; ACK ack y+1), then continue a data transfer and confirm the acknowledgement grows by the bytes received — this exact tracing is examinable. Learn SYN flooding as the half-open-connection DoS. On TLS, memorise the handshake in phases (hello and randoms and cipher suite → certificate and key exchange → client key exchange → change-cipher and finished), which message authenticates the server, and that ephemeral ECDHE gives forward secrecy while TLS 1.3 is 1-RTT and drops ChangeCipherSpec/Heartbeat. Keep the certificate chain of trust, pinning, and the Heartbleed over-read (request more than you send, read adjacent memory) as one-liners. Confirm the exam scope on Canvas.
Working through Network Security: TCP/IP and TLS in INFO2222? Sia is AskSia’s AI Computer Science tutor — ask any INFO2222 Network Security: TCP/IP and TLS question and get a clear, step-by-step explanation grounded in how INFO2222 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.