final exam review
DESCRIPTION
Final Exam Review. Knowledge questions True or false statement (explain why) Protocol Calculation Cover the contents after midterm coverage Homework 3, 4, security. Knowledge Question Examples. Three classes of switch fabric, speed relationship What is Head-of-the-line (HOL) blocking? - PowerPoint PPT PresentationTRANSCRIPT
Final Exam Review• Knowledge questions
• True or false statement (explain why)
• Protocol
• Calculation
• Cover the contents after midterm coverage– Homework 3, 4, security
Knowledge Question Examples• Three classes of switch fabric, speed relationship
– What is Head-of-the-line (HOL) blocking?• Where can queue occur in router? • TCP header size? IP header size? UDP header size?• How many bits in IP of IPv6? Address space size? Why it is very slow
to be deployed? (enough IP space, hard upgrading and compatible)• Routing: what are Link state, distance vector? • Internet two-level routing? (inter-AS, intra-AS)• RIP, OSPF, BGP? Used where?
– OSPF uses link state, BGP/RIP uses distance vector– RIP, OSPF -> intra-AS, BGP -> inter-AS
• Which is better? pure ALOHA, slotted ALOHA, CSMA/CD?– What are their assumptions? (collision detection, time syn)
• CSMA/CD? CSMA/CA? Why wireless use CSMA/CA?• Ethernet Broadcast MAC addr.? What the broadcast address for?
What is ARP?• Why Ethernet is much better than aloha in efficiency?
– Carrier sense, collision detection, exp. backoff
Knowledge Question Examples
• Hub vs. Switch? • 802.11a, b, g: speed? Working frequency?• 802.15? (personal area network, example: bluetooth)• Wireless no collision detection?
– listen while sending, fading, hidden terminal• Network security three elements:
– Confidentiality, authentication, integrity• What is public/symmetric key cryptography? Pro vs.
con?• Why use “nonce” in security? (replay attack) What is
man-in-the-middle attack?• Usage of firewall? (block outside active traffic to inside)• IP spoofing? SYN flood DoS attack? • What is a botnet? • IPSec vs. SSL? (different layers, tcp vs. udp)
Protocol Problem Examples
• NAT address translation procedure
• Digital signature procedure
• HTTPS connection procedure– CA, public key
• Secure email (assume known public key)– Confidentiality– Integrity
Calculation Examples
• subnet addressing– Figure out subnet based on host’s IP and subnet mask
• link state, distance vector• parity checking• CRC calculation• wireless MAC protocol• Caesar cipher decrypt, Vigenere cipher, one-time pad
decrypt (given the pad)
Three types of switching fabrics
Property? Speed order?
• Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward
• Queue can occur at both input port and output port of a router
Routing Algorithm classification
Global or decentralized information?Global:• all routers have complete topology, link cost info• “link state” algorithms
Decentralized: • router knows physically-connected neighbors, link costs
to neighbors• iterative process of computation, exchange of info with
neighbors• “distance vector” algorithms
NAT: Network Address Translation
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345D: 128.119.40.186, 80
1
10.0.0.4
138.76.29.7
1: host 10.0.0.1 sends datagram to 128.119.40.186, 80
NAT translation tableWAN side addr LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345…… ……
S: 128.119.40.186, 80 D: 10.0.0.1, 3345
4
S: 138.76.29.7, 5001D: 128.119.40.186, 80
2
2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table
S: 128.119.40.186, 80 D: 138.76.29.7, 5001
3
3: Reply arrives dest. address: 138.76.29.7, 5001
4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345
Intra-AS and Inter-AS routing
Host h2
a
b
b
aaC
A
Bd c
A.a
A.c
C.bB.a
cb
Hosth1
Intra-AS routingwithin AS A
Inter-AS routingbetween A and B
Intra-AS routingwithin AS B
– RIP: Routing Information Protocol
– OSPF: Open Shortest Path First– BGP: Border Gateway Protocol (Inter-AS)
ARP protocol: Same LAN (network)
• A wants to send datagram to B, and B’s MAC address not in A’s ARP table.
• A broadcasts ARP query packet, containing B's IP address
– Dest MAC address =
FF-FF-FF-FF-FF-FF– all machines on LAN
receive ARP query
• B receives ARP packet, replies to A with its (B's) MAC address
– frame sent to A’s MAC address (unicast)
• A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out)
– soft state: information that times out (goes away) unless refreshed
• ARP is “plug-and-play”:– nodes create their ARP tables
without intervention from net administrator
What is network security?
Confidentiality: only sender, intended receiver should “understand” message contents– sender encrypts message– receiver decrypts message
Authentication: sender, receiver want to confirm identity of each other – Virus email really from your friends?– The website really belongs to the bank?
Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection– Digital signature
Collision Avoidance: RTS-CTS exchange
APA B
time
RTS(A)RTS(B)
RTS(A)
CTS(A) CTS(A)
DATA (A)
ACK(A) ACK(A)
reservation collision
defer
Textbook Page 522 figure
DIFS
CIFS
CIFS
CIFS
Firewall
• Block outside-initiated traffic to inside of a local network
• Usually do not block any traffic initiated from inside to outside
• Have at least two NICs (two IPs)
administerednetwork
publicInternet
firewall
ap5.0: security holeMan (woman) in the middle attack: Trudy
poses as Alice (to Bob) and as Bob (to Alice)
Difficult to detect: Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) problem is that Trudy receives all messages as well!
large message
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bob’s private
key K B-
+
Bob sends digitally signed message:
Alice verifies signature and integrity of digitally signed message:
KB(H(m))-
encrypted msg digest
KB(H(m))-
encrypted msg digest
large message
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bob’s public
key K B+
equal ?
Digital signature = signed message digest
No confidentiality !No confidentiality !
Secure e-mail
Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and KB(KS) to Bob.
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+
KS(m
)
KB(KS )+
m
KS
KB+
Internet
KS
Secure e-mail
Bob: uses his private key to decrypt and recover KS
uses KS to decrypt KS(m) to recover m
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m
)
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m
)
KB(KS )+
Secure e-mail (continued)• Alice wants to provide message integrity (unchanged, really written by Alice).
• Alice digitally signs message.• sends both message (in the clear) and digital signature.
H( ). KA( ).-
+ -
H(m )KA(H(m))-
m
KA-
Internet
m
KA( ).+
KA+
KA(H(m))-
mH( ). H(m )
compare
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication, message integrity.
Alice uses three keys: her private key, Bob’s public key, newly created symmetric key
H( ). KA( ).-
+
KA(H(m))-
m
KA-
m
KS( ).
KB( ).+
+
KB(KS )+
KS
KB+
Internet
KS
How SSL (https) works?
K B+
ClientServer B
time
Three-way handshake
Request server certificate
K-CA(K+
B)
K+B(KA-B)
KA-B(m)
Symmetric session key
Certificate from CA
Forwarding table
Destination Address Range Link Interface
11001000 00010111 00010000 00000000 through 0 11001000 00010111 00010111 11111111
11001000 00010111 00011000 00000000 through 1 11001000 00010111 00011000 11111111
11001000 00010111 00011001 00000000 through 2 11001000 00010111 00011111 11111111
otherwise 3
Longest prefix matching
Prefix Match Link Interface 11001000 00010111 00010 0 11001000 00010111 00011000 1 11001000 00010111 00011 2 otherwise 3
DA: 11001000 00010111 00011000 10101010
Examples
DA: 11001000 00010111 00010110 10100001 Which interface?
Which interface?
DA: 11001000 00010111 10011000 10101010 Which interface?
Subnet calculation (quiz 2)• Suppose an ISP has a chunk of IP
addresses of 128.119.0.0/17, it allocates this space to three companies. Two companies get equal size space, the third company gets half of the space with higher IP addresses. Show the IP space allocated to the three companies.
CRC ExampleWant:
D.2r XOR R = nG
equivalently:
D.2r = nG XOR R
equivalently:
if we divide D.2r by G, want remainder R
R = remainder[ ]D.2r
G
Dijkstra’s algorithm: example
Step012345
N D(B),p(B) D(C),p(C) D(D),p(D) D(E),p(E) D(F),p(F)
2
2
13
1
1
2
53
5
A 2,A 5,A 1,A infinity,- infinity,-AD 2,A 4,D 1,A 2,D infinity,-
ADE 2,A 3,E 1,A 2,D 4,EADEB 2,A 3,E 1,A 2,D 4,E
ADEBC 2,A 3,E 1,A 2,D 4,EADEBCF 2,A 3,E 1,A 2,D 4,E
ED
CB
FA
x y z
xyz
0 2 7
∞ ∞ ∞∞ ∞ ∞
from
cost to
from
from
x y z
xyz
0 2 3
from
cost tox y z
xyz
0 2 3
from
cost to
x y z
xyz
∞ ∞
∞ ∞ ∞
cost tox y z
xyz
0 2 7
from
cost to
x y z
xyz
0 2 3
from
cost to
x y z
xyz
0 2 3
from
cost tox y z
xyz
0 2 7
from
cost to
x y z
xyz
∞ ∞ ∞7 1 0
cost to
∞2 0 1
∞ ∞ ∞
2 0 17 1 0
2 0 17 1 0
2 0 13 1 0
2 0 13 1 0
2 0 1
3 1 0
2 0 1
3 1 0
time
x z12
7
y
node x table
node y table
node z table
Dx(y) = min{c(x,y) + Dy(y), c(x,z) + Dz(y)} = min{2+0 , 7+1} = 2
Dx(z) = min{c(x,y) + Dy(z), c(x,z) + Dz(z)} = min{2+1 , 7+0} = 3
• Caesar cipher decrypt:– “welcome”, key= +2
• Vigenere cipher– “final exam” key=3,4,-1 (blank space does not change)