Final Exam Review

Will release at 10:00am Dec. 4th, Due on Webcourse at 11:59pm the next day

Final Exam Review

Knowledge questions

True or false statement (explain why)

Protocol Calculation Cover the contents after midterm coverage

Knowledge Question Examples

Three classes of switch fabric, speed relationship Where can queue occur in router? TCP header size? IP header size? UDP header size? How many bits in IP of IPv6? Address space size? Why it is very slow to be deployed? (enough IP space, hard upgrading and compatible) What is DHCP? NAT? Their pros and cons? Routing: what are Link state, distance vector? Internet two-level routing? (inter-AS, intra-AS) RIP, OSPF, BGP? Used where?
OSPF uses link state, BGP/RIP uses distance vector RIP, OSPF -> intra-AS, BGP -> inter-AS

Which is better? pure ALOHA, slotted ALOHA, CSMA/CD?

What are their assumptions? (collision detection, time syn)

CSMA/CD? CSMA/CA? Why wireless use CSMA/CA instead of CSMA/CD? Ethernet Broadcast MAC addr.? What the broadcast address for? What is ARP? Why Ethernet is much better than aloha in efficiency?
Carrier sense, collision detection, exp. backoff

Knowledge Question Examples

Hub vs. Switch? 802.11a, b, g: speed? Working frequency? 802.15? (personal area network, example: bluetooth) Wireless no collision detection?
listen while sending, fading, hidden terminal

Network security three elements: Confidentiality, authentication, integrity What is public/symmetric key cryptography? Pro vs. con? According to the textbook notation, how to represent a node As digital signature? Digital certificate? Message digest? What is a Session key? Usage of firewall? (block outside active traffic to inside) IP spoofing? SYN flood DoS attack?

Protocol Problem Examples

NAT address translation procedure Digital signature procedure HTTPS connection procedure
CA, public key

Secure email (assume known public key)

Confidentiality Integrity

Calculation Examples
link state, distance vector parity checking CRC calculation wireless MAC protocol Caesar cipher decrypt, Vigenere cipher, one-time pad decrypt (given the pad) Slotted ALOHA probability calculation (chapter5part1.ppt)

Slotted ALOHA probability calculation example

There are two nodes and each of them has one packet to send at the same time, what is the probability that both packets can be successfully sent within the first 2 time slots? Suppose the transmission probability is p.

Three types of switching fabrics

Property? Speed order?

Routing Algorithm classification

Global or decentralized information?
Global: all routers have complete topology, link cost info link state algorithms Decentralized: router knows physically-connected neighbors, link costs to neighbors iterative process of computation, exchange of info with neighbors distance vector algorithms

NAT: Network Address Translation

2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table NAT translation table WAN side addr LAN side addr

138.76.29.7, 5001 10.0.0.1, 3345

1: host 10.0.0.1 sends datagram to 128.119.40.186, 80

S: 10.0.0.1, 3345 D: 128.119.40.186, 80

S: 138.76.29.7, 5001 D: 128.119.40.186, 80

1
10.0.0.4
S: 128.119.40.186, 80 D: 10.0.0.1, 3345

10.0.0.1
10.0.0.2

138.76.29.7

3: Reply arrives dest. address: 138.76.29.7, 5001

S: 128.119.40.186, 80 D: 138.76.29.7, 5001

10.0.0.3 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345

Intra-AS and Inter-AS routing

C.b
b A.a a Inter-AS routing between A and B A.c B.a a c Host h2 b

a Host h1

d c b A Intra-AS routing within AS A

Intra-AS routing within AS B

RIP: Routing Information Protocol

OSPF: Open Shortest Path First BGP: Border Gateway Protocol (Inter-AS)

ARP protocol: Same LAN (network)

A wants to send datagram to B, and Bs MAC address not in As ARP table. A broadcasts ARP query packet, containing B's IP address Dest MAC address = FF-FF-FF-FF-FF-FF all machines on LAN receive ARP query B receives ARP packet, replies to A with its (B's) MAC address
frame sent to As MAC address (unicast)

A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out) soft state: information that times out (goes away) unless refreshed nodes create their ARP tables without intervention from net administrator

ARP is plug-and-play:

What is network security?

Confidentiality: only sender, intended receiver should understand message contents sender encrypts message receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Virus email really from your friends? The website really belongs to the bank? Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Digital signature

Collision Avoidance: RTS-CTS exchange

A
DIFS

AP

reservation collision
CIFS

CIFS

DATA (A)

defer
CIFS

time Textbook Page 522 figure

Firewall
Block outside-initiated traffic to inside of a local network Usually do not block any traffic initiated from inside to outside Have at least two NICs (two IPs)

administered network
firewall

public Internet

Internet security threats

Denial of service (DOS):
flood of maliciously generated packets swamp receiver Distributed DOS (DDOS): multiple coordinated sources swamp receiver e.g., C and remote host SYN-attack A
A C
SYN SYN SYN SYN SYN

B
SYN SYN

Digital signature = signed message digest

Bob sends digitally signed message:
large message m
H: Hash function

Alice verifies signature and integrity of digitally signed message:

encrypted msg digest

H(m)
digital signature (encrypt) encrypted msg digest

Bobs private key

KB

large message m
H: Hash function

KB(H(m))

Bobs public key

KB

digital signature (decrypt)

KB(H(m))

H(m)

H(m)

No confidentiality !

equal ?

Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.

KS m
K (. )
S

KS(m )

+
KS
K B( ) KB

Internet

KB(KS )

Alice:

generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bobs public key. sends both KS(m) and KB(KS) to Bob.

Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.

KS
K (. )
S

KS(m )

KS(m ) Internet

KS( )

+
KS
K B( ) KB

KB(KS )

KS
K B( ) KB

KB(KS )

Bob:

uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m

Secure e-mail (continued)

Alice wants to provide message integrity

(unchanged, really written by Alice).

KA

H(.)

K A( )

KA(H(m))

KA(H(m))
Internet

KA KA( )

H(m )

+
m

compare H( )

H(m )

Alice digitally signs message.

sends both message (in the clear) and digital signature.

Secure e-mail (continued)

Alice wants to provide secrecy, sender authentication,

message integrity.
KA

H( )

KA( )

KA(H(m))

KS

+
m KS

KS( )

+
K B( ) KB

Internet

KB(KS )

Alice uses three keys: her private key, Bobs public key, newly created symmetric key

Internet Web Security Architecture Web Server B

CA K+B

K-CA(K+B) Client A

Cert Request
K-CA(K+B)
K+B(KAB, R) KAB(R)

KAB(m)

Network Security

7-22

Forwarding table
Destination Address Range 11001000 00010111 00010000 00000000 through 11001000 00010111 00010111 11111111 11001000 00010111 00011000 00000000 through 11001000 00010111 00011000 11111111 11001000 00010111 00011001 00000000 through 11001000 00010111 00011111 11111111 otherwise Link Interface

Longest prefix matching

Prefix Match 11001000 00010111 00010 11001000 00010111 00011000 11001000 00010111 00011 otherwise Examples DA: 11001000 00010111 00010110 10100001 DA: 11001000 00010111 00011000 10101010 DA: 11001000 00010111 10011000 10101010 Which interface? Which interface? Which interface? Link Interface 0 1 2 3

CRC Example
Want: D.2r XOR R = nG equivalently: D.2r = nG XOR R equivalently: if we divide D.2r by G, want remainder R
R = remainder[ D.2r G
]

Dijkstras algorithm: example

Step N 0 A 1 AD 2 ADE 3 ADEB 4 ADEBC 5 ADEBCF D(B),p(B) D(C),p(C) D(D),p(D) D(E),p(E) D(F),p(F) 2,A 5,A 1,A infinity,infinity,2,A 4,D 1,A 2,D infinity,2,A 3,E 1,A 2,D 4,E 2,A 3,E 1,A 2,D 4,E 2,A 3,E 1,A 2,D 4,E 2,A 3,E 1,A 2,D 4,E
5
2

B
2

3 3 1

C
1

A
1

F
2

node x table cost to x y z from

Dx(y) = min{c(x,y) + Dy(y), c(x,z) + Dz(y)} = min{2+0 , 7+1} = 2 cost to x y z x 0 2 3 y 2 0 1 z 7 1 0 cost to x y z from from cost to x y z x 0 2 3 y 2 0 1 z 3 1 0 cost to x y z

Dx(z) = min{c(x,y) + Dy(z), c(x,z) + Dz(z)}

= min{2+1 , 7+0} = 3

x 0 2 7 y z node y table cost to x y z

x y 2 0 1 z node z table cost to x y z

from x y z 71 0 from

x 0 2 7 y 2 0 1 z 7 1 0
cost to x y z x 0 2 7 y 2 0 1 z 3 1 0

x 0 2 3 y 2 0 1 z 3 1 0
cost to x y z x 0 2 3 y 2 0 1 z 3 1 0 time

from

from

from

from

y
7

 Caesar cipher decrypt:

welcome, key= +2

Vigenere cipher
final exam key=3,4,-1
(blank space does not change)

Subnet calculation
Remember each subnet is represented by a.b.c.d/x A network of 128.119.0.0/16 has 216 IPs (2x), first address is 128.119.0.0; last address is 128.119.255.255 Dont use 128.119.0.0 to 128.119.0.255 to represent a subnet!