250 likes | 339 Views
Final Exam Review. Knowledge questions True or false statement (explain why) Protocol Calculation Cover the contents after midterm coverage. Knowledge Question Examples. Three classes of switch fabric, speed relationship What is Head-of-the-line (HOL) blocking?
E N D
Final Exam Review • Knowledge questions • True or false statement (explain why) • Protocol • Calculation • Cover the contents after midterm coverage
Knowledge Question Examples • Three classes of switch fabric, speed relationship • What is Head-of-the-line (HOL) blocking? • Where can queue occur in router? • TCP header size? IP header size? UDP header size? • How many bits in IP of IPv6? Address space size? Why it is very slow to be deployed? (enough IP space, hard upgrading and compatible) • Routing: what are Link state, distance vector? • Internet two-level routing? (inter-AS, intra-AS) • RIP, OSPF, BGP? Used where? • OSPF uses link state, BGP/RIP uses distance vector • Which is better? pure ALOHA, slotted ALOHA, CSMA/CD? • What are their assumptions? (collision detection, time syn) • CSMA/CD? CSMA/CA? Why wireless use CSMA/CA?
Knowledge Question Examples • Ethernet Broadcast MAC addr.? What the broadcast address for? What is ARP? • Why Ethernet is much better than aloha in efficiency? (homework 3) • Hub vs. Switch? (homework 3) • 802.11a, b, g: speed? Working frequency? • 802.15? (personal area network, example: bluetooth) • Wireless no collision detection? • listen while sending, fading, hidden terminal • Network security three elements: • Confidentiality, authentication, integrity • What is public/symmetric key cryptography? Pro vs. con? • Why use “nonce” in security? (replay attack) What is man-in-the-middle attack? • Usage of firewall? (block outside active traffic to inside) • IP spoofing? SYN flood DoS attack? UDP flood? • What is a botnet? • Different between email virus vs. worm? • Vulnerability, user interaction to propagate, speed • IPSec vs. SSL? (different layers, tcp vs. udp)
Protocol Problem Examples • NAT address translation procedure • Digital signature procedure • HTTPS connection procedure • CA, public key • Secure email (assume known public key) • Confidentiality • Integrity
Calculation Examples • Homework 3 prob. 7 (subnet addressing) • Homework 2, prob. 9-11 (link state, distance vector) • Homework 3, prob. 4 (parity checking) • Homework 3, prob. 5 (CRC calculation) • Homework 3, prob. 11 (wireless MAC protocol) • Caesar cipher decrypt, Vigenere cipher, one-time pad decrypt (given the pad)
Three types of switching fabrics Property? Speed order?
Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward • Queue can occur at both input port and output port of a router
Inter-AS routing between A and B b c a a C b B b c a d Host h1 A A.a A.c C.b B.a Intra-AS and Inter-AS routing Host h2 Intra-AS routing within AS B Intra-AS routing within AS A • We’ll examine specific inter-AS and intra-AS Internet routing protocols shortly
Global or decentralized information? Global: all routers have complete topology, link cost info “link state” algorithms Decentralized: router knows physically-connected neighbors, link costs to neighbors iterative process of computation, exchange of info with neighbors “distance vector” algorithms Routing Algorithm classification
3 1 2 4 S: 10.0.0.1, 3345 D: 128.119.40.186, 80 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 1: host 10.0.0.1 sends datagram to 128.119.40.186, 80 2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table S: 128.119.40.186, 80 D: 10.0.0.1, 3345 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 NAT: Network Address Translation NAT translation table WAN side addr LAN side addr 138.76.29.7, 5001 10.0.0.1, 3345 …… …… 10.0.0.1 10.0.0.4 10.0.0.2 138.76.29.7 10.0.0.3 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345 3: Reply arrives dest. address: 138.76.29.7, 5001
Inter-AS routing between A and B b c a a C b B b c a d Host h1 A A.a A.c C.b B.a Intra-AS and Inter-AS routing Host h2 Intra-AS routing within AS B Intra-AS routing within AS A • RIP: Routing Information Protocol • OSPF: Open Shortest Path First • BGP: Border Gateway Protocol (Inter-AS)
A wants to send datagram to B, and B’s MAC address not in A’s ARP table. A broadcasts ARP query packet, containing B's IP address Dest MAC address = FF-FF-FF-FF-FF-FF all machines on LAN receive ARP query B receives ARP packet, replies to A with its (B's) MAC address frame sent to A’s MAC address (unicast) A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out) soft state: information that times out (goes away) unless refreshed ARP is “plug-and-play”: nodes create their ARP tables without intervention from net administrator ARP protocol: Same LAN (network)
What is network security? Confidentiality: only sender, intended receiver should “understand” message contents • sender encrypts message • receiver decrypts message Authentication: sender, receiver want to confirm identity of each other • Virus email really from your friends? • The website really belongs to the bank? Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection • Digital signature
RTS(B) RTS(A) reservation collision RTS(A) CTS(A) CTS(A) DATA (A) ACK(A) ACK(A) Collision Avoidance: RTS-CTS exchange B A AP DIFS CIFS CIFS defer CIFS time Textbook Page 522 figure
public Internet administered network Firewall • Block outside-initiated traffic to inside of a local network • Usually do not block any traffic initiated from inside to outside firewall
Digital signature = signed message digest H: Hash function H: Hash function large message m large message m + - digital signature (decrypt) digital signature (encrypt) K K B B encrypted msg digest encrypted msg digest + - - KB(H(m)) KB(H(m)) H(m) H(m) Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: H(m) Bob’s private key Bob’s public key equal ? No confidentiality !
. KS( ) + + KB(KS ) KB + . + KB( ) Secure e-mail • Alice wants to send confidential e-mail, m, to Bob. KS KS(m ) m Internet KS • Alice: • generates random symmetric private key, KS. • encrypts message with KS (for efficiency) • also encrypts KS with Bob’s public key. • sends both KS(m) and KB(KS) to Bob.
. . KS( ) KS( ) + + + - KB(KS ) KB(KS ) KB KB + - KS KS(m ) KS(m ) m m KS Internet KS . . + - KB( ) KB( ) Secure e-mail • Alice wants to send confidential e-mail, m, to Bob. • Bob: • uses his private key to decrypt and recover KS • uses KS to decrypt KS(m) to recover m
+ - KA KA + - . . + - KA( ) KA( ) . . - - KA(H(m)) KA(H(m)) H(m ) m H( ) H( ) compare Internet m H(m ) m Secure e-mail (continued) • Alice wants to provide message integrity (unchanged, really written by Alice). • Alice digitally signs message. • sends both message (in the clear) and digital signature.
+ K B How SSL (https) works? Three-way handshake Request server certificate K-CA(K+B) Server B Client Certificate from CA K+B(KA-B) Symmetric session key KA-B(m) time
Distance table gives routing table cost to destination via E Outgoing link to use, cost D () A B C D A 3 5 6 4 A B C D A,3 B,4 D,4 A,4 B 5 4 9 11 D 8 9 4 5 destination destination Routing table Distance table
2 1 7 Y Z X X c(X,Y) + min {D (Z,w)} c(X,Z) + min {D (Y,w)} D (Y,Z) D (Z,Y) = = w w = = 7+1 = 8 2+1 = 3 X Z Y Distance Vector Algorithm: example
CRC Example Want: D.2r XOR R = nG equivalently: D.2r = nG XOR R equivalently: if we divide D.2r by G, want remainder R D.2r G R = remainder[ ]
2,A 5,A 1,A infinity,- infinity,- A 2,A 4,D1,A2,D infinity,- AD 2,A 3,E1,A2,D4,E ADE 2,A 3,E 1,A2,D 4,E ADEB 2,A3,E1,A2,D 4,E ADEBC 2,A3,E1,A2,D4,E ADEBCF A D B E F C Dijkstra’s algorithm: example D(B),p(B) D(D),p(D) D(C),p(C) D(E),p(E) Step 0 1 2 3 4 5 N D(F),p(F) 5 3 5 2 2 1 3 1 2 1
Caesar cipher decrypt: • “welcome”, key= +2 • Vigenere cipher • “final exam” key=3,4,-1 (blank space does not change)