HW9soln

advertisement
CSC 249
HW 9 Solutions
Dec 1, 2014
Chapter 6 Discussion Questions
1. Path loss is due to the attenuation of the electromagnetic signal when it travels
through matter. Multipath propagation results in blurring of the received signal at
the receiver and occurs when portions of the electromagnetic wave reflect off objects
and ground, taking paths of different lengths between a sender and receiver (like an
echo). Interference from other sources occurs when the other source is also
transmitting in the same frequency range as the wireless network.
2. The increased risk of packet loss in wireless 802.11 transmission makes the use of
bandwidth for the small ACK packets worthwhile. Packet loss and bit errors occur
more frequently for wireless 802.11 than wired Ethernet. Collisions often cannot be
detected with 802.11 communications, as discussed above in question 1. Since wired
Ethernet has lower loss rates, implements collision detection, and end-to-end loss
(reliability) is addressed via the reliability service of TCP, the addition of ACKs with
Ethernet is not considered to be worthwhile.
3. Access points, Aps, transmit beacon frames, that contain the AP’s SSID and MAC
address. An AP’s beacon frames will be transmitted over one of the 11 channels. The
beacon frames are a signal to nearby wireless stations (i.e., your laptop) to discover
and identify with the AP.
4. RTS and CTS are used to AVOID collisions (rather than trying to detect them as with
Ethernet). A host with a large data frame to transmit will first send an RTS frame. If it
receives the CTS frame from the AP, it knows it is “clear to send” and so transmits
the entire data frame. Each wireless station can set an RTS threshold such that the
RTS/CTS sequence (request to send / clear to send) is used only when the data frame
to be transmitted is longer than the threshold. This ensures that RTS/CTS mechanism
is used only for large frames, and the small bandwidth used by the RTS/CTS packets
is an efficient tradeoff for the decreased collision rate if the frames are large. If the
frames are small, a collision of the actual data frames would waste no more
bandwidth that would a collision of simultaneous RTS frames (see below also).
5. No, there wouldn’t be any advantage. Suppose there are two stations that want to
transmit at the same time, and they both use RTS/CTS. If the RTS frame is as long as
a DATA frames, the channel would be wasted for as long as it would have been
wasted for two colliding DATA frames. Thus, the RTS/CTS exchange is only useful
when the RTS/CTS frames are significantly smaller than the DATA frames.
Chapter 8 Discussion Questions
6. A public-key signed message digest (or hash of the entire message) is “better” in that
one need only encrypt (using the private key) a short message digest, rather than the
entire message. Since public key encryption with a technique like RSA is expensive,
it’s desirable to have to sign (encrypt) a smaller amount of data than a larger amount
of data.
CSC 249
HW 9 Solutions
Dec 1, 2014
7. For a MAC-based scheme, Alice would have to establish a shared key with each
potential recipient. With digital signatures, she uses the same digital signature for
each recipient; the digital signature is created by signing the hash of the message with
her private key. Digital signatures are clearly a better choice here, since they avoid
the thousands of individualized secure messages that would be required to have a
unique shared secret with each recipient.
8. The purpose of the nonce is to defend against the replay (or play-back) attack.
9. Once in a lifetime means that the entity sending the nonce will never again use that
value to check whether another entity is “live”.
10. Alice provides a digital signature, from which Bob can verify that message came
from Alice, but using her public key to decrypt the private key encrypted message.
PGP uses digital signatures, not MACs, for message integrity.
11. Bob will know that Trudy has intervened at the stage in which his client generates a
pre-master secret (PMS). This will be encrypted with Alice’s public key, and then
sent to Trudy. Trudy will not be able to decrypt the PMS, since she does not have
Alice’s private key. Thus Trudy will not be able to determine the shared
authentication key. She may instead guess one by choosing a random key. During the
last step of the handshake, she sends to Bob a MAC of all the handshake messages,
using the guessed authentication key. When Bob receives the MAC, the MAC test
will fail, and Bob will end the TCP connection.
12. The figure below shows the operations that Alice must perform with PGP to provide
confidentiality, authentication, and integrity. Diagram the corresponding operations
that Bob must perform on the package received from Alice.
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
KB( )
K+
B
+
KB(KS )
Internet
CSC 249
HW 9 Solutions
Dec 1, 2014
-
KS(m,KA (H(m))
+
-
-
KS ( )
KB ( KS ), KS(m,KA (H(m)))
Internet
-
KS
+
KA ( )
m
-
+
KB ( K S )
KB ( )
H( )
compare
Figure: Operations performed by Bob for confidentiality, integrity, and
authentication
Download