Will release at 10:00am Dec. 4th, Due on Webcourse at 11:59pm the next day
CSMA/CD? CSMA/CA? Why wireless use CSMA/CA instead of CSMA/CD? Ethernet Broadcast MAC addr.? What the broadcast address for? What is ARP? Why Ethernet is much better than aloha in efficiency?
Carrier sense, collision detection, exp. backoff
Network security three elements: Confidentiality, authentication, integrity What is public/symmetric key cryptography? Pro vs. con? According to the textbook notation, how to represent a node As digital signature? Digital certificate? Message digest? What is a Session key? Usage of firewall? (block outside active traffic to inside) IP spoofing? SYN flood DoS attack?
Calculation Examples
link state, distance vector parity checking CRC calculation wireless MAC protocol Caesar cipher decrypt, Vigenere cipher, one-time pad decrypt (given the pad) Slotted ALOHA probability calculation (chapter5part1.ppt)
1
10.0.0.4
S: 128.119.40.186, 80 D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
138.76.29.7
10.0.0.3 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345
a Host h1
A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out) soft state: information that times out (goes away) unless refreshed nodes create their ARP tables without intervention from net administrator
ARP is plug-and-play:
AP
reservation collision
CIFS
CIFS
DATA (A)
defer
CIFS
Firewall
Block outside-initiated traffic to inside of a local network Usually do not block any traffic initiated from inside to outside Have at least two NICs (two IPs)
administered network
firewall
public Internet
B
SYN SYN
H(m)
digital signature (encrypt) encrypted msg digest
KB
large message m
H: Hash function
KB(H(m))
KB
KB(H(m))
H(m)
H(m)
No confidentiality !
equal ?
Secure e-mail
KS(m )
+
KS
K B( ) KB
Internet
KB(KS )
Alice:
generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bobs public key. sends both KS(m) and KB(KS) to Bob.
Secure e-mail
KS(m )
KS(m ) Internet
KS( )
+
KS
K B( ) KB
KB(KS )
KS
K B( ) KB
KB(KS )
Bob:
uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m
H(.)
K A( )
KA(H(m))
KA(H(m))
Internet
KA KA( )
H(m )
+
m
compare H( )
H(m )
message integrity.
KA
H( )
KA( )
KA(H(m))
KS
+
m KS
KS( )
+
K B( ) KB
Internet
KB(KS )
Alice uses three keys: her private key, Bobs public key, newly created symmetric key
K-CA(K+B) Client A
Cert Request
K-CA(K+B)
K+B(KAB, R) KAB(R)
KAB(m)
Network Security
7-22
Forwarding table
Destination Address Range 11001000 00010111 00010000 00000000 through 11001000 00010111 00010111 11111111 11001000 00010111 00011000 00000000 through 11001000 00010111 00011000 11111111 11001000 00010111 00011001 00000000 through 11001000 00010111 00011111 11111111 otherwise Link Interface
CRC Example
Want: D.2r XOR R = nG equivalently: D.2r = nG XOR R equivalently: if we divide D.2r by G, want remainder R
R = remainder[ D.2r G
]
B
2
3 3 1
C
1
A
1
F
2
Dx(y) = min{c(x,y) + Dy(y), c(x,z) + Dz(y)} = min{2+0 , 7+1} = 2 cost to x y z x 0 2 3 y 2 0 1 z 7 1 0 cost to x y z from from cost to x y z x 0 2 3 y 2 0 1 z 3 1 0 cost to x y z
x 0 2 7 y 2 0 1 z 7 1 0
cost to x y z x 0 2 7 y 2 0 1 z 3 1 0
x 0 2 3 y 2 0 1 z 3 1 0
cost to x y z x 0 2 3 y 2 0 1 z 3 1 0 time
from
from
from
from
y
7
Vigenere cipher
final exam key=3,4,-1
(blank space does not change)
Subnet calculation
Remember each subnet is represented by a.b.c.d/x A network of 128.119.0.0/16 has 216 IPs (2x), first address is 128.119.0.0; last address is 128.119.255.255 Dont use 128.119.0.0 to 128.119.0.255 to represent a subnet!