Final Exam Review Will release at 10:00am Dec. 11 ,
advertisement
Final Exam Review
Will release at 10:00am Dec. 11th,
Due on Webcourse at 10:00am
the next day
Final Exam Review
• Knowledge questions
• True or false statement (explain why)
• Protocol
• Calculation
• Cover the contents after midterm coverage
Knowledge Question Examples
• Three classes of switch fabric, speed relationship
• Where can queue occur in router?
• TCP header size? IP header size? UDP header size?
• How many bits in IP of IPv6? Address space size? Why it is very slow
to be deployed? (enough IP space, hard upgrading and compatible)
• What is DHCP? NAT? Their pros and cons?
• Routing: what are Link state, distance vector?
• Internet two-level routing? (inter-AS, intra-AS)
• RIP, OSPF, BGP? Used where?
– OSPF uses link state, BGP/RIP uses distance vector
– RIP, OSPF -> intra-AS, BGP -> inter-AS
• Which is better? pure ALOHA, slotted ALOHA, CSMA/CD?
– What are their assumptions? (collision detection, time syn)
• CSMA/CD? CSMA/CA? Why wireless use CSMA/CA instead of
CSMA/CD?
• Ethernet Broadcast MAC addr.? What the broadcast address for? What
is ARP?
• Why Ethernet is much better than aloha in efficiency?
– Carrier sense, collision detection, exp. backoff
Knowledge Question Examples
•
•
•
•
Hub vs. Switch?
802.11a, b, g: speed? Working frequency?
802.15? (personal area network, example: bluetooth)
Wireless no collision detection?
– listen while sending, fading, hidden terminal
• Network security three elements:
– Confidentiality, authentication, integrity
• What is public/symmetric key cryptography? Pro vs. con?
• According to the textbook notation, how to represent a
node A’s digital signature? Digital certificate? Message
digest?
• What is a “Session key”?
• Usage of firewall? (block outside active traffic to inside)
• IP spoofing? SYN flood DoS attack?
Protocol Problem Examples
• NAT address translation procedure
• Digital signature procedure
• HTTPS connection procedure
– CA, public key
• Secure email (assume known public key)
– Confidentiality
– Integrity
Calculation Examples
•
•
•
•
•
link state, distance vector
parity checking
CRC calculation
wireless MAC protocol
Caesar cipher decrypt, Vigenere cipher, one-time pad
decrypt (given the pad)
• Slotted ALOHA probability calculation (chapter5part1.ppt, Page 25-26)
Slotted ALOHA probability
calculation example
• If two nodes have two packets to send at
the same time, what is the probability that
both packets can be successfully sent
within the first 2 time slots?
Three types of switching fabrics
Property? Speed order?
Routing Algorithm classification
Global or decentralized information?
Global:
• all routers have complete topology, link cost info
• “link state” algorithms
Decentralized:
• router knows physically-connected neighbors, link costs
to neighbors
• iterative process of computation, exchange of info with
neighbors
• “distance vector” algorithms
NAT: Network Address Translation
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
2
NAT translation table
WAN side addr
LAN side addr
1: host 10.0.0.1
sends datagram to
128.119.40.186, 80
138.76.29.7, 5001 10.0.0.1, 3345
……
……
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3: Reply arrives
dest. address:
138.76.29.7, 5001
3
1
10.0.0.4
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
Intra-AS and Inter-AS routing
C.b
a
Host
h1
C
b
A.a
Inter-AS
routing
between
A and B
A.c
a
d
c
b
A
Intra-AS routing
within AS A
B.a
a
c
B
Host
h2
b
Intra-AS routing
within AS B
– RIP: Routing Information Protocol
– OSPF: Open Shortest Path First
– BGP: Border Gateway Protocol (Inter-AS)
ARP protocol: Same LAN
(network)
•
•
•
A wants to send datagram to B,
and B’s MAC address not in A’s
ARP table.
A broadcasts ARP query packet,
containing B's IP address
– Dest MAC address =
FF-FF-FF-FF-FF-FF
– all machines on LAN
receive ARP query
B receives ARP packet, replies
to A with its (B's) MAC address
– frame sent to A’s MAC address
(unicast)
•
A caches (saves) IP-to-MAC
address pair in its ARP table until
information becomes old (times
out)
– soft state: information that
times out (goes away) unless
refreshed
• ARP is “plug-and-play”:
– nodes create their ARP tables
without intervention from net
administrator
What is network security?
Confidentiality: only sender, intended receiver should
“understand” message contents
– sender encrypts message
– receiver decrypts message
Authentication: sender, receiver want to confirm identity of
each other
– Virus email really from your friends?
– The website really belongs to the bank?
Message Integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards) without
detection
– Digital signature
Collision Avoidance: RTS-CTS
exchange
A
B
AP
DIFS
reservation collision
CIFS
CIFS
DATA (A)
defer
CIFS
time
Textbook Page 522 figure
Firewall
• Block outside-initiated traffic to inside of a local
network
• Usually do not block any traffic initiated from
inside to outside
• Have at least two NICs (two IPs)
public
Internet
administered
network
firewall
Internet security threats
Denial of service (DOS):
– flood of maliciously generated packets
“swamp” receiver
– Distributed DOS (DDOS): multiple
coordinated sources swamp receiver
– e.g., C and remote host SYN-attack A
C
A
SYN
SYN
SYN
SYN
SYN
B
SYN
SYN
Digital signature = signed message
digest
Bob sends digitally signed
message:
large
message
m
H: Hash
function
Bob’s
private
key
+
-
KB
Alice verifies signature and
integrity of digitally
signed message:
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
large
message
m
H: Hash
function
No confidentiality !
KB(H(m))
Bob’s
public
key
+
KB
digital
signature
(decrypt)
H(m)
H(m)
equal
?
Secure e-mail
Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
KS(m )
+
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Alice:
generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and KB(KS) to Bob.
Secure e-mail
Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
+
KS
+
.
K B( )
+
KS(m )
KS(m )
+
KB(KS )
-
Internet
+
KB(KS )
KB
Bob:
.
KS( )
uses his private key to decrypt and recover KS
uses KS to decrypt KS(m) to recover m
KS
-
.
K B( )
-
KB
m
Secure e-mail (continued)
• Alice wants to provide message integrity
(unchanged, really written by Alice).
+
-
KA
m
H(.)
-
.
KA( )
-
-
KA(H(m))
KA(H(m))
+
Internet
m
• Alice digitally signs message.
KA
+
.
KA( )
m
H(m )
compare
.
H( )
H(m )
• sends both message (in the clear) and digital signature.
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Alice uses three keys: her private key, Bob’s public
key, newly created symmetric key
Internet Web Security Architecture
Web Server B
CA
K+B
K-CA(K+B)
Client A
Cert Request
K-CA(K+B)
K+B(KAB, R)
KAB(R)
KAB(m)
Network Security
7-22
Forwarding table
Destination Address Range
Link Interface
11001000 00010111 00010000 00000000
through
11001000 00010111 00010111 11111111
0
11001000 00010111 00011000 00000000
through
11001000 00010111 00011000 11111111
1
11001000 00010111 00011001 00000000
through
11001000 00010111 00011111 11111111
2
otherwise
3
Longest prefix matching
Prefix Match
11001000 00010111 00010
11001000 00010111 00011000
11001000 00010111 00011
otherwise
Link Interface
0
1
2
3
Examples
DA: 11001000 00010111 00010110 10100001
Which interface?
DA: 11001000 00010111 00011000 10101010
Which interface?
DA: 11001000 00010111 10011000 10101010
Which interface?
CRC Example
Want:
D.2r XOR R = nG
equivalently:
D.2r = nG XOR R
equivalently:
if we divide D.2r
by G, want
remainder R
R = remainder[
D.2r
G
]
Dijkstra’s algorithm: example
Step
N
0
A
1
AD
2
ADE
3
ADEB
4 ADEBC
5 ADEBCF
D(B),p(B) D(C),p(C) D(D),p(D) D(E),p(E) D(F),p(F)
2,A
5,A
1,A
infinity,infinity,2,A
4,D
1,A
2,D
infinity,2,A
3,E
1,A
2,D
4,E
2,A
3,E
1,A
2,D
4,E
2,A
3,E
1,A
2,D
4,E
2,A
3,E
1,A
2,D
4,E
5
A
1
2
B
2
D
3
C
3
1
5
F
1
E
2
Dx(y) = min{c(x,y) + Dy(y), c(x,z) + Dz(y)}
= min{2+0 , 7+1} = 2
node x table
cost to
x y z
x ∞∞ ∞
y ∞∞ ∞
z 71 0
from
from
from
from
x 0 2 7
y 2 0 1
z 7 1 0
cost to
x y z
x 0 2 7
y 2 0 1
z 3 1 0
x 0 2 3
y 2 0 1
z 3 1 0
cost to
x y z
x 0 2 3
y 2 0 1
z 3 1 0
cost to
x y z
from
from
from
x ∞ ∞ ∞
y 2 0 1
z ∞∞ ∞
node z table
cost to
x y z
x 0 2 3
y 2 0 1
z 7 1 0
cost to
x y z
cost to
x y z
from
from
x 0 2 7
y ∞∞ ∞
z ∞∞ ∞
node y table
cost to
x y z
cost to
x y z
Dx(z) = min{c(x,y) +
Dy(z), c(x,z) + Dz(z)}
= min{2+1 , 7+0} = 3
x 0 2 3
y 2 0 1
z 3 1 0
time
x
2
y
7
1
z
• Caesar cipher decrypt:
– “welcome”, key= +2
• Vigenere cipher
– “final exam” key=3,4,-1
(blank space does not change)
Subnet calculation
• Remember each subnet is represented by
a.b.c.d/x
• A network of 128.119.0.0/16 has 216 IPs
(2x), first address is 128.119.0.0; last
address is 128.119.255.255
• Don’t use “128.119.0.0 to 128.119.0.255”
to represent a subnet!
