University of Sydney · FACULTY OF COMPUTER SCIENCE

INFO2222 · Computing 2 Usability and Security

- one subject, every graph, every model, every mark
Computer Science14 Chapters9-page Bible
Our own words - no uploaded lecturer files
Updated for this semester
Chapter 9 of 12 · INFO2222

Network Security: TCP/IP and TLS

Weeks 8-9 build secure communication over an unreliable network: IP packets and TCP's reliable delivery via the three-way handshake, then HTTPS = HTTP + TLS and the confidentiality, integrity and server authentication it delivers. Tracing sequence and acknowledgement numbers, ordering the TLS handshake, and explaining SYN flooding are recurring exam items.

In this chapter

What this chapter covers

  • 01IP delivers addressed packets that may arrive out of order, corrupted or lost; UDP is lightweight and unreliable
  • 02TCP gives reliable, ordered, error-checked delivery: sequence and acknowledgement numbers, flags, window size, retransmission
  • 03The three-way handshake (SYN / SYN-ACK / ACK) establishing sequence numbers, and the four-way close (FIN/ACK/FIN/ACK)
  • 04SYN flooding: many half-open connections fill the SYN queue and block legitimate clients (a classic DoS)
  • 05HTTPS = HTTP over TLS, delivering confidentiality (encryption), integrity, and server authentication via certificates
  • 06TLS handshake phases (hello/randoms/cipher suite → certificate/key exchange → client key exchange → change-cipher/finished)
  • 07Forward-secret key exchange (ephemeral ECDHE) vs RSA key transport; TLS 1.3 is simpler and 1-RTT
  • 08Certificate chain of trust (Root → Intermediate → Server), certificate pinning, and the Heartbleed over-read bug
Worked example · free

Trace TCP sequence and acknowledgement numbers, then explain SYN flooding

Q [4 marks]. A client opens a TCP connection to a server. The client's initial sequence number is x = 1000; the server's is y = 3000. (a) Give the three handshake messages with their sequence/acknowledgement numbers. (b) Immediately after the handshake the client sends 200 bytes of data (starting at sequence 1001). What acknowledgement number does the server return? (c) Explain how a SYN-flood attack turns this handshake into a denial of service. (4 marks)
  • +1(a) Message 1 — Client → Server SYN, seq = 1000 ('start; my sequence number is 1000'). Message 2 — Server → Client SYN-ACK, ack = 1001 (x + 1), seq = 3000 ('I acknowledge up to 1001; my sequence number is 3000').
  • +1Message 3 — Client → Server ACK, ack = 3001 (y + 1). The ACK number is always the next byte the sender expects, so it increments by one past the received SYN. The connection is now established.
  • +1(b) The 200 bytes occupy sequence numbers 1001 through 1200, so the next byte the server expects is 1201. The server returns acknowledgement number = 1001 + 200 = 1201 — the ACK number increases by the number of bytes received.
  • +1(c) In a SYN flood the attacker sends many SYNs (often with spoofed source IPs) but never returns the final ACK. The server allocates half-open connection state for each and keeps retransmitting SYN-ACKs, filling the SYN queue until legitimate clients can no longer connect — a denial of service that exhausts connection resources rather than bandwidth.
(a) SYN seq=1000; SYN-ACK ack=1001, seq=3000; ACK ack=3001. (b) The server acknowledges 1001 + 200 = 1201. (c) SYN flooding sends many SYNs with no final ACK, so the server holds many half-open connections and its SYN queue fills, blocking real clients.
Sia tip — The acknowledgement number is the NEXT byte expected: it is x+1 / y+1 after a SYN (the SYN counts as one), then it grows by the number of data bytes received. Keep client and server sequence spaces separate — each side numbers its own bytes.
Glossary

Key terms

IP / UDP / TCP
IP splits messages into addressed packets that may arrive out of order, corrupted or lost. UDP is a thin, unreliable layer over IP (checksum only). TCP adds reliable, ordered, error-checked delivery using sequence and acknowledgement numbers, flags, a window and retransmission.
Three-way handshake
TCP connection setup: Client → SYN (seq x), Server → SYN-ACK (ack x+1, seq y), Client → ACK (ack y+1). It establishes both sides' sequence numbers before data flows; the connection later closes with a four-way FIN/ACK/FIN/ACK exchange.
SYN flooding
A denial-of-service attack sending many SYNs without completing the handshake, so the server keeps half-open connection state and retransmits SYN-ACKs until the SYN queue fills and legitimate clients are blocked.
HTTPS = HTTP + TLS
HTTPS is HTTP carried over TLS. TLS provides confidentiality (encryption), integrity, and server authentication via certificates. A request runs DNS lookup → TCP three-way handshake → TLS handshake → encrypted HTTP over the secure tunnel.
TLS handshake / forward secrecy
The TLS handshake negotiates the protocol version, cipher suite and random nonces, authenticates the server via its certificate, and establishes session keys. Ephemeral ECDHE key exchange gives forward secrecy; TLS 1.3 permits only forward-secret exchange and completes in one round trip.
Certificate chain of trust / pinning
A certificate binds a public key to an identity, signed up a chain Root CA → Intermediate CA → Server certificate that browsers/OSes trust at the root. Certificate pinning locks an app to one expected certificate/key for a server, so even a compromised CA cannot substitute another.
FAQ

Network Security: TCP/IP and TLS FAQ

How does TCP guarantee ordered, reliable delivery over IP?

IP alone can lose, duplicate, corrupt or reorder packets. TCP numbers every byte with a sequence number and has the receiver acknowledge the next byte it expects, so the sender knows exactly what arrived and can retransmit anything missing. Out-of-order packets are reassembled by sequence number, corruption is caught by a checksum, and a window controls how much may be in flight before an acknowledgement is required.

What does HTTPS actually add over HTTP?

HTTPS runs HTTP inside a TLS tunnel, which provides three things: confidentiality (the traffic is encrypted so eavesdroppers cannot read it), integrity (tampering is detected via a MAC or AEAD), and server authentication (the server proves its identity with a certificate signed by a trusted CA, defeating a man-in-the-middle who would otherwise substitute their own key). The handshake sets up the session keys before any HTTP data is sent.

Why is TLS 1.3 considered better than TLS 1.2?

TLS 1.3 is simpler, faster and more secure. It removes weak and error-prone pieces (the ChangeCipherSpec step and the Heartbeat extension that caused Heartbleed), permits only forward-secret key exchange so past sessions stay safe even if a long-term key leaks, encrypts most of the handshake early including the certificate, and needs only one round trip instead of two, reducing connection latency.

Can AI help me with network security in INFO2222?

Yes, as a study aid. Sia can trace TCP sequence and acknowledgement numbers through a handshake and data transfer, order the TLS handshake messages and explain what each carries, and walk through SYN flooding, certificate chains and Heartbleed. Use it to rehearse the protocol details for the security quizzes and exam; it does not do graded assessment for you, and the University of Sydney academic-integrity policy applies.

Study strategy

Exam move

Make the handshakes muscle memory. Draw the TCP three-way handshake and label seq/ack numbers from arbitrary starting values (SYN seq x; SYN-ACK ack x+1, seq y; ACK ack y+1), then continue a data transfer and confirm the acknowledgement grows by the bytes received — this exact tracing is examinable. Learn SYN flooding as the half-open-connection DoS. On TLS, memorise the handshake in phases (hello and randoms and cipher suite → certificate and key exchange → client key exchange → change-cipher and finished), which message authenticates the server, and that ephemeral ECDHE gives forward secrecy while TLS 1.3 is 1-RTT and drops ChangeCipherSpec/Heartbeat. Keep the certificate chain of trust, pinning, and the Heartbleed over-read (request more than you send, read adjacent memory) as one-liners. Confirm the exam scope on Canvas.

Working through Network Security: TCP/IP and TLS in INFO2222? Sia is AskSia’s AI Computer Science tutor — ask any INFO2222 Network Security: TCP/IP and TLS question and get a clear, step-by-step explanation grounded in how INFO2222 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.

A+Everything unlocked
Unlocks this Bible + all 38 of your University of Sydney subjects - and 1,000+ Bibles across every Australian university.
Sia - your INFO2222 tutor, unlimited, worked the way the exam marks it
The full 9-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
Unlock the full INFO2222 Bible + 38 University of Sydney subjects解锁完整 INFO2222 Bible + University of Sydney 38 门科目
$25/mo