EPFL-logo

Computer Networks - Final Exam

Prof. J.-P. Hubaux and Dr. M. H. Manshaei January 27, 2009 Duration: 3:15 hours, closed book.

Please write your answers on these sheets, at the end of each question; use extra sheets if necessary (put your name on them).

You may write your answers in English or in French.

The total number of points is 60.

This document contains 18 pages.

Student First name: Last name: 2 Communication Systems 2 Other (mention it): . . . . . . . . . 2 Computer Science

Division:

Year:

2 Bachelor Year 2 2 Other (mention it): . . . . . . . . .

2 Bachelor Year 3

(answers to the questions are shown in italic and blue)

1
1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17:

Socket Programming

(6 points)

Consider the following Java program:

public class TCPServer { public static void main(String argv[]) throws Exception { String clientSentence; String capitalizedSentence; ServerSocket welcomeSocket = new ServerSocket(6789); while(true) { Socket connectionSocket = ... BufferedReader inFromClient = new BufferedReader( new InputStreamReader(connectionSocket.getInputStream())); DataOutputStream outToClient = new DataOutputStream( connectionSocket.getOutputStream()); clientSentence = inFromClient.readLine(); capitalizedSentence = clientSentence.toUpperCase() + \n; outToClient.writeBytes(capitalizedSentence); } } }

Question 1: Complete line 7. 7: Socket connectionSocket = welcomeSocket.accept();

Question 2: Extend the server to print the IP address/port of every connecting client. Use line numbers to indicate which lines should be changed/removed and where new code should be added. We add the following line after line number 7: System.out.println("Incoming connection from IP: " + connectionSocket.getInetAddress() + " / port: " + connectionSocket.getPort());

Question 3: Assume that 3 different machines connect to the server (sequentially). As a result, how many Socket objects will be created by the server? How many TCP ports will be assigned to the server (not including the already assigned port 6789)? 3 Sockets objects are created. No additional port is assigned.

Question 4: Complete the code of the TCP client provided below. This client takes one commandline argument, sends it to the server, and displays the answer on the screen. Assume that the address of the server is compnet.epfl.ch. For simplicity, ignore exception handling.
public class TCPClient { public static void main(String argv[]) throws Exception { String clientSentence = argv[0] + \n; Socket connectionSocket = new Socket("compnet.epfl.ch", 6789); BufferedReader inFromServer = new BufferedReader(new InputStreamReader(connectionSocket.getInputStream())); DataOutputStream outToServer = new DataOutputStream(connectionSocket.getOutputStream()); outToServer.writeBytes(capitalizedSentence); String capitalizedSentence = inFromServer.readLine();; System.out.println(capitalizedSentence); connectionSocket.close();

} }

Question 5: Implement a program that lists ports between 4096 and 8192 that are assigned to UDP servers or clients (on the local machine). The information printed on the standard output should be of the following format: UDP Port # is busy. Complete the code below.
public class UDPscanner{ public static void main (String[] args){ for (int i = 4096; i < 8192; i++){ try { DatagramSocket s = new DatagramSocket(i); s.close(); } catch (IOException e) { System.out.println("UDP Port " + i + " is busy"); }

} } }

Transport Layer

(11 points)

Consider the following plot of TCP window size as a function of time for two TCP connections A and B. In this problem we will suppose that both TCP senders are sending large les. We also assume that the packet loss events are independent in connection A and B.

14 12 10 8 6 4 2
Connection A Connection B

Congestion Window (in segments)

8 10 12 Transmission round

14

16

18

20

Figure 1: Evolution of TCPs congestion windows for two TCP connections A and B.

Question 1: Considering the above values of congestion window (CongWin) for these connections, can we identify the type of TCP connections (Reno or Tahoe) that have been used by connection A and B? Justify your answers. Considering the different changes of CongWin in the 6th and 12th transmission rounds, connection A uses TCP Reno, whereas we cannot say that connection B uses TCP Reno or Tahoe.

Question 2: What are the values of the Threshold parameter between the 1st and the 14th transmission rounds for each connection? Connection A: The value of Threshold is 8 between the rst and the sixth transmission round. It is 5 between the sixth and the fourteenth transmission round. Connection B: With the above plot we cannot identify the exact value of Threshold for connection B between the rst and the sixth transmission round. It could have any value larger than 4. From the sixth to the fourteenth transmission round, it is 2 and at the fourteenth transmission round it is 4.

Question 3: At the 12th transmission round for connection A, is segment loss detected by a triple duplicate ACK or by timeout? Justify your answer. It is detected by timeout, because CongWin has dropped to 1 at the 13th transmission round.

Question 4: Draw (on Figure 1) the CongWin values of both connections up to the 20th transmission round, considering that there is neither timeout nor duplicate ACK for any of the connections. Question 5: Assume that the segment size is 1460 bytes and that a total of 87600 bytes have been successfully transmitted over connection A before the 13th transmission round. At which transmission round the cumulative amount of the successful transmitted data is equal to 163520 bytes? Again we assume that there is neither timeout nor duplicate ACK after the 13th transmission round. 87600 is equal to 87600 = 60 segments. We would like to know at which transmission round the 1460 163520 1460 = 112 segment will be transmitted. Thus we have to nd x such that: 1 + 2 + 4 + 5 + 6 + 7 + 8 + + x = 112 60 = 52 x(x + 1)/2 3 = 52 x = 10. This means that in the 21nd transmission round 163520 bytes will be transmitted.

Network Layer

(11 points)

Consider the network in the gure below. The numbers on links between the nodes represent the costs corresponding to these links. Assume that nodes initially know only the costs to their neighbors.

D 2 C

E
3

7
1 B

Figure 2: A computer network.

Question 1: Using the distance-vector algorithm, show the distance tables at node E. Assume that the algorithm works in a synchronous manner, where all nodes simultaneously receive distance vectors from their neighbors, compute their new distance vectors, and inform their neighbors if their distance vectors have changed.

from

A B D E

A 3

cost to B C 9 cost to B C 7 0 1 2 9 7 cost to B C 7 8 0 1 3 2 8 7 cost to B C 7 8 0 1 3 2 8 7

D 5

E 0

from

A B D E

A 0 7 3

D 0 5

E 3 9 5 0

from

A B D E

A 0 7 8 3

D 8 3 0 5

E 3 9 5 0

from

A B D E

A 0 7 8 3

D 8 3 0 5

E 3 8 5 0

Question 2: Create a routing loop between the nodes B and C by changing the cost of the link between the nodes C and D. What is the minimum change in link cost that creates the routing loop? What is this problem alternatively called? Increase the link cost to at least 4. Count-to-innity problem.

Question 3: How does RIP solve this problem? If RIP were used for routing in the above network, what is the nite number that would play the role of ? Using poisoned reverse. 16.

Question 4: If OSPF were used in the above network, how would it handle the routing loop? How do nodes learn the link costs in OSPF? OSPF uses link-state routing, a global routing algorithm. Hence, the problem does not arise. Linkstate broadcast.

Question 5: How does BGP solve this problem? The AS-PATH attribute.

Question 6: Assume the IP addresses of the 5 nodes A, B, C, D, and E are 130.132.5.32, 130.132.5.33, . . . , 130.132.5.36. Assume that the network in Fig. 2 is an autonomous system in the Internet with AS number 0. Node A is the BGP gateway of the AS. If A announces 130.132.5.0/28 as the prex of the network, is it valid? If no, please propose a valid one. Please note that this AS should be assigned as few IP addresses as possible. No. 130.132.5.32/29

Link Layer

(10 points)

Suppose three active nodes nodes n1 , n2 , and n3 are competing for access to a channel using slotted ALOHA. The channel is capable of transmitting a given frame at the full channel rate of R Mbps. Assume each node has an innite number of packets to send. Each node attempts to transmit in each slot with probability pi , i {1, 2, 3}. Question 1: What is the probability Ps , as a function of p1 , p2 , and p3 , that in a given slot a frame is transmitted successfully? How is this probability related to the network throughput? Ps = p1 (1 p2 )(1 p3 ) + p2 (1 p1 )(1 p3 ) + p3 (1 p1 )(1 p2 ) The network throughput is equal to Ps R, where R is the channel bit-rate.

Question 2: What is the probability of successful transmission for node n1 ? What is the value of p1 that maximizes throughput of node n1 ?
1 Ps = p1 (1 p2 )(1 p3 ).

For any given value of p2 and p3 , p = 1 maximizes the throughput of n1 . 1

Question 3: Now assume that node n3 always transmits its packets with p3 = 0.2 and that node n1 and n2 decide to cooperate with each other and send their packets with probability p (i.e., p = p1 = p2 ). What is the value of p that maximizes the throughput of this network? What is the value of p that maximizes the throughput of nodes n1 and n2 ? Ps = 1.6p(1 p) + 0.2(1 p)2 . = 1.2(1 p) 1.6p = 0, 3 then p = 7 . The probability of successful transmission for n1 and n2 are equal and can be written as q = p(1 p)(1 0.2) = 0.8p(1 p). Hence, p = 0.5 maximizes the throughput of n1 and n2 .
Ps p

Question 4: Solve Question 3, assuming that nodes use pure ALOHA instead of slotted ALOHA. Nodes use the pure ALOHA protocol. So, Ps should be rewritten by: Ps = p(1 p)2 (1 0.2)2 + p(1 p)2 (1 0.2)2 + 0.2(1 p)2 (1 p)2 = 1.28p(1 p)2 + 0.2(1 p)4 = 1.28(1 p)2 0.8(1 p)3 2.56(1 p)p = 0.8(1 p)(0.2 + p)(3 + p), then p = 0.2. The probability of successful transmission for n1 and n2 is: q = 0.64p(1 p)2 . The optimum probability of transmission for these nodes is p = 1 . 3
Ps p

Question 5: Consider a host A that is connected to a local network through a network interface with an IP address 1.1.1.10 and a MAC address AA-AA-AA-AA-AA-AA. At some point in time, a new host B is connected to the same local network, through a network interface with an IP address 1.1.1.11 and a MAC address BB-BB-BB-BB-BB-BB. Assume that host A knows the IP address of host B. List, in the table below, all the link layer frames that are exchanged between A and B, assuming that A sends two IP packets to B immediately after B connects to the local network. Preserve the frame order. Note: The length of the table does not necessarily match the actual number of frames exchanged. MAC address Frame 1. 2. 3. 4. 5. 6. 7. Type ARP ARP IP IP source AA-AA-AA-AA-AA-AA BB-BB-BB-BB-BB-BB AA-AA-AA-AA-AA-AA AA-AA-AA-AA-AA-AA destination FF-FF-FF-FF-FF-FF AA-AA-AA-AA-AA-AA BB-BB-BB-BB-BB-BB BB-BB-BB-BB-BB-BB source 1.1.1.10 1.1.1.11 1.1.1.10 1.1.1.10 IP address destination 1.1.1.11 1.1.1.10 1.1.1.11 1.1.1.11

Network Security

(7 points)

Host A wants to send a large le of F bits to host B securely (i.e., protect the condentiality and integrity of packets). A and B are connected by two routers R1 and R2 (Figure 3). A TCP ow is initiated by A towards B and all packets are forwarded by routers R1 and R2 . We assume that A and B never exchanged information in the past and that there is no other communication channel between A and B.
A R1 R2 B

Figure 3: Host A and host B are connected by R1 and R2 .

Question 1: Is it possible for the routers (R1 or R2 ) to inject content in the TCP ow without causing a loss of any original packets sent from A to B? If yes, explain how. If no, explain why. Yes, it is possible for a router to inject content by doing a Man-in-the-Middle attack. A router can either add packets to the TCP ow, or add bits into a packet of the TCP ow. To do so, a router must also alter the TCP sequence numbers to take into account the extra information. Consider for example that a router injects 2 Bytes in a packet of 100 Bytes. After the injection of the 2 Bytes, the router updates the TCP sequence number of all subsequent packets in both directions (i.e., data and acks).

Question 2: Host A decides to establish an SSH connection with host B using public key authentication. We assume that both hosts A and B self-generate a public/private key pair. Is it still possible for the routers (R1 or R2 ) to inject content in the TCP ow without losing any of the original packets sent from A to B? If yes, explain how. If no, explain why. Yes, it is still possible by doing another Man-in-the-Middle attack. SSH public keys are not certied by a trusted central authority and there is no secure side channel to verify the ngerprints of the public keys. Hence, it is possible for a router to impersonate either host A or B. Then, the same attack as in question 1 can be used.

10

Question 3: Host A decides to use SSL. Hosts A and B, as well as routers R1 and R2 are assigned a public/private key pair together with its corresponding certicate signed by a common certication authority. All nodes know the public key of the certication authority. a. In this example, even though SSL is used, all packets going through the routers are not encrypted. Explain how is this possible. In SSL, data encryption is optional. Hence, during the SSL negotiation phase, host B (because it is malicious or miscongured) can downgrade the security of the SSL session. For example, B can ask not to encrypt communications and only do integrity checks.

b. Assuming that all packets are now properly encrypted with SSL, is it possible for the routers (R1 or R2 ) to inject content in the TCP ow without losing any of the original packets sent from A to B? Is it possible to eavesdrop communications? Justify your answers. No, it is not possible to inject data anymore. It is possible to eavesdrop communications but routers will only observe encrypted packets.

Question 4: Assume that host A and B want to protect the anonymity of their communications from the routers. To do so, the routers forwarding the packets between A and B should not know the entire communication pattern: R1 should only know the source of communications, whereas R2 should only know the destination. Explain how A can protect the anonymity of the packets it sends to B with SSL. (Hint: assume that the packet format is [source||destination||payload] and that packets can be encrypted several times.) A must repeatedly encrypt the packet it send to B. Each router on the path to B will remove a layer of encryption before forwarding the message to the following router. This prevents the routers from knowing the origin and destination of messages. (Note: This technique is called Onion routing and is used by Tor to anonymize web trafc). For example, [A||R1||KR1 ([R1 ||R2 ||KR2 ([R2 ||B||KB (A||B||message)])])] where KRi creates a messages encrypted with the public key of Ri . (1)

11

Wireless and Mobile Networks

(5 points)

Question 1: TDMA Assume that two hosts share a base station to access the infrastructure. They use a TDMA frame with 2 time slots of duration T1 and T2 to share the spectrum: Each node i {1, 2} transmits during Ti and has a transmission rate Ri . What is the total throughput? What happens if T1 = T2 ? L1 + L2 R1 T1 + R2 T2 = T1 + T2 T1 + T2

th =

(2)

where L1 and L2 are the packet lengths of host 1 and 2. If T1 = T2 , we have: th = In other words, the channel is equally shared. R1 + R2 2 (3)

Question 2: Channel Allocation Consider that there are 4 apartments on the same oor in your building. In each apartment, there is an IEEE 802.11b wireless access point to connect to the Internet. Assume that their SSIDs are home1, home2, home3, and home4. The distance between the access points home1 and home4 is the highest among distances between access points, but they are all in the transmission range of each other. a. If all APs have been congured to operate over channel 8, can anybody use its wireless connection? Justify your answer. Yes, it is possible to use the wireless connection but with bad performances. All APs will compete on the same channel and there will be many collisions.

12

b. What is the optimum design for channel allocation in this problem such that at least two AP do not interfere with each other? There are 3 orthogonal channels (1, 6, 11) in IEEE 802.11b. Any answer of the following form is correct: home1=home4, and home2, home3 have the remaining orthogonal channels. For example, home1=1, home2=6, home3=11, home4=1.

Question 3: Mobile IP a. In mobile IP with indirect routing, will the end-to-end delays of datagrams increase? Justify your answer. What if direct routing is used? Yes, with both routing types, it will increase the end-to-end delay.

b. What are the advantages and disadvantages of direct routing over indirect routing? Advantages: Avoid triangle routing, reduces delay with respect to indirect routing. Disadvantages: More packets exchanged, higher complexity.

13

The Web

(10 points)

Recently in the UK, the major UK ISPs blocked its users from viewing a particular entry of Wikipedia (more precisely, a URL). This was done after the request from the Internet Watch Foundation, which found this particular entry offensive. The action, aside from igniting a debate on Internet censorship, had an interesting side-effect. Quoting an administrative noticeboard on Wikipedia: Due to the way the block was created (via transparent proxies), users from the affected ISPs now share a small number of IP addresses. This means that a user committing vandalism cannot be distinguished from all the other people on the same ISP. Unfortunately, the effect of this is that all users from the affected ISPs are temporarily blocked from editing Wikipedia. Simply viewing the site is not affected, aside from the blocked composition and image. Based on this text, and your networking knowledge, answer the following questions: Question 1: Does Wikipedia block any users from viewing its content? If yes, in what way? No.

Question 2: Does Wikipedia block any users from editing its content? If yes, in what way? Yes, based on the IP address.

We have seen in the lecture and the TPs that to use a web proxy, a user needs to specically congure his web browser. This is not the case for the transparent proxies deployed by the ISPs in this example: The http trafc of every user is handled by the transparent proxy. In the next 4 questions, we are going to investigate how such a proxy could be implemented, such that its behavior would be consistent with the behavior described in the Wikipedia noticeboard. For simplicity we ignore the TCP connection and acknowledgement mechanisms. NOTE: There is more than one solution that will be considered correct. We assume that the ISP congures its network such that every TCP/IP packet with destination port 80 originated at a user is routed to the transparent proxy. We further assume that the IP address of Wikipedia is IP wiki , and the URL to be blocked is U RLblock = hostname(U RLblock ) + pathname(U RLblock ). A following TCP/IP packet carrying an HTTP message arrives at the transparent proxy: source IP destination IP . . . source port destination port ... IP user IP webserver portuser portwebserver = 80 GET pathname(URL) HTTP/1.1 Host: hostname(URL)

14

Question 3: Dene a condition based on which the transparent proxy decides to block the HTTP request or allow it through. Version 1: Block if IP webserver = IP wiki and U RL = U RLblock Version 2: Block if U RL = U RLblock

Question 4: If the transparent proxy decided to block the request, it is going to immediately reply to the client. Describe (ll in all the elds in the table below) the packet that the transparent proxy is going to reply with. For simplicity, assume that the reply ts in a single IP packet. Give an overview of the HTTP payload, not an actual HTTP message. source IP destination IP ... source port destination port ... IP webserver IP user error message, e.g., HTTP 404 80 portuser

Question 5: If the transparent proxy decided to allow the request through, it is going to be routed to the web server. Describe the packet that the transparent proxy sends to the web server, and the packet with which the web server replies. If the reply packet is modied by the transparent proxy before reaching the client, describe the reply packet that the proxy send to the client. For simplicity, assume that the reply ts in a single IP packet. Give an overview of the HTTP payload, not an actual HTTP message. source IP destination IP ... source port destination port ... IP proxy IP webserver copy payload from arriving packet p = new port 80

source IP IP webserver response of the server

destination IP IP proxy

...

source port 80

destination port p

...

source IP

destination IP

...

source port 80

destination port portuser

...

IP webserver IP user copy response of the server

15

Question 6: Does the the transparent proxy operate differently if the arriving packet contains a POST or a PUT request, instead of a GET request? If yes, how? No. The proxy can either allow every POST/PUT packet through (as in Question 5), or extend the blocking lter (Question 3) and block packets (Question 4) containing the offending URL.

NOTE: Questions 7 and 8 must be answered based on the proxy implementation you proposed in questions 3-6. Question 7: Consider a user of one of the blocking UK ISPs that congures his browser to use a web proxy located in Switzerland. Would such a user be able to edit Wikipedia? Would such a user be able to view the blocked Wikipedia entry? Explain. If the Swiss proxy accepts requests at a port different than 80 (e.g., 8080), the request will not be routed via the transparent proxy, and both viewing and editing are possible. Otherwise, the user would be able to edit Wikipedia, as from Wikipedias point of view the trafc would be coming from the IP address of the Swiss proxy. (Assuming that the Swiss proxy would no be blocked from editing by Wikipedia.) For viewing, the answer depends on the proxy implementation: Version 1: Yes, as the destination IP address in the HTTP request would no match the condition. Version 2: No, it would be blocked based on the blocked URL.

Question 8: Consider a user of one of the UK ISPs that is accessing the ISP network from behind a NAT. Would such a user be able to edit Wikipedia? Would such a user be able to view the offending Wikipedia entry? Explain. No, neither view or edit, as after traversing the NAT, the users packet would be still routed towards the transparent proxy.

16

Question 9: Would it be possible for the ISPs to block only the offending Wikipedia entry, without preventing their users from editing Wikipedia? If yes, explain how. If no, explain why not. Yes. In the proxy implementation, if the blocking condition is not satised, the proxy could act as a router and simply forward the packet without modifying IP addresses.

Question 10: Assume, hypothetically, that communication with Wikipedia would be done over HTTPS (with correctly deployed certicates). Could the ISPs block only the offending Wikipedia entry, but allow access to other Wikipedia entries? Explain. No. With https, the trafc would be (most likely) encrypted, and the ISP would not be able to understand the HTTP trafc, and thus it would be unable to block only the offending entry. Note that with correctly deployed certicates, a man-in-the-middle attack is not possible.

17

18