Last class - PowerPoint PPT Presentation

About This Presentation
Title:

Last class

Description:

Collision domains are transferred into one large, common domain ... scans channels, listening for beacon frames containing AP's name (SSID) and MAC address ... – PowerPoint PPT presentation

Number of Views:20
Avg rating:3.0/5.0
Slides: 36
Provided by: dont256
Category:

less

Transcript and Presenter's Notes

Title: Last class


1
Last class
  • Ethernet
  • Hubs and Switches
  • Mobile and wireless networks, CDMA
  • Today
  • CDMA and IEEE 802.11 wireless LANs
  • Network security

2
10BaseT and 100BaseT Ethernet
  • Uses CSMA/CD
  • 10/100 Mbps rate latter called fast ethernet
  • T stands for Twisted Pair
  • Nodes connect to a hub star topology 100 m
    max distance between nodes and hub

3
Interconnecting with hubs
  • Pros
  • Enables interdepartmental communication
  • Extends max distance btw. nodes
  • If a hub malfunctions, the backbone hub can
    disconnect it
  • Cons
  • Collision domains are transferred into one large,
    common domain
  • Cannot interconnect 10BaseT and 100BaseT hubs

hub
hub
hub
hub
4
Switch traffic isolation
  • switch installation breaks subnet into LAN
    segments
  • switch filters packets
  • same-LAN-segment frames not usually forwarded
    onto other LAN segments
  • segments become separate collision domains

collision domain
collision domain
collision domain
5
Wireless network characteristics
  • Multiple wireless senders and receivers create
    additional problems (beyond multiple access)
  • Hidden terminal problem
  • B, A hear each other
  • B, C hear each other
  • A, C can not hear each other
  • means A, C unaware of their interference at B
  • Signal fading
  • B, A hear each other
  • B, C hear each other
  • A, C can not hear each other interferring at B

6
Overview
  • CDMA and IEEE 802.11 wireless LANs
  • Network security

7
Code Division Multiple Access (CDMA)
  • used in several wireless broadcast channels
    (cellular, satellite, etc) standards
  • unique code assigned to each user i.e., code
    set partitioning
  • all users share same frequency, but each user has
    own chipping sequence (i.e., code) to encode
    data
  • encoded signal (original data) X (chipping
    sequence)
  • decoding inner-product of encoded signal and
    chipping sequence
  • allows multiple users to coexist and transmit
    simultaneously with minimal interference (if
    codes are orthogonal)

8
CDMA Encode/Decode
channel output Zi,m
Zi,m di.cm
data bits
sender
slot 0 channel output
slot 1 channel output
code
slot 1
slot 0
received input
slot 0 channel output
slot 1 channel output
code
receiver
slot 1
slot 0
9
CDMA two-sender interference
10
Overview
  • CDMA and IEEE 802.11 wireless LANs
  • Network security

11
IEEE 802.11 Wireless LAN
  • 802.11b
  • 2.4-5 GHz unlicensed radio spectrum
  • up to 11 Mbps
  • direct sequence spread spectrum (DSSS) in
    physical layer
  • all hosts use same chipping code
  • widely deployed, using base stations
  • 802.11a
  • 5-6 GHz range
  • up to 54 Mbps
  • 802.11g
  • 2.4-5 GHz range
  • up to 54 Mbps
  • All use CSMA/CA for multiple access
  • All have base-station and ad-hoc network versions

12
802.11 LAN architecture
  • wireless host communicates with base station
  • base station access point (AP)
  • Basic Service Set (BSS) (aka cell) in
    infrastructure mode contains
  • wireless hosts
  • access point (AP) base station
  • ad hoc mode hosts only

hub, switch or router
BSS 1
BSS 2
13
802.11 Channels, association
  • 802.11b 2.4GHz-2.485GHz spectrum divided into 11
    channels at different frequencies
  • AP admin chooses frequency for AP
  • interference possible channel can be same as
    that chosen by neighboring AP!
  • host must associate with an AP
  • scans channels, listening for beacon frames
    containing APs name (SSID) and MAC address
  • selects AP to associate with
  • may perform authentication Chapter 8
  • will typically run DHCP to get IP address in APs
    subnet

14
IEEE 802.11 multiple access
  • avoid collisions 2 nodes transmitting at same
    time
  • 802.11 CSMA - sense before transmitting
  • dont collide with ongoing transmission by other
    node
  • 802.11 no collision detection!
  • difficult to receive (sense collisions) when
    transmitting due to weak received signals
    (fading)
  • cant sense all collisions in any case hidden
    terminal, fading
  • goal avoid collisions CSMA/C(ollision)A(voidance
    )

15
IEEE 802.11 MAC Protocol CSMA/CA
  • 802.11 sender
  • 1 if sense channel idle for DIFS then
  • transmit entire frame (no CD)
  • 2 if sense channel busy then
  • - start random backoff time
  • - timer counts down while channel idle
  • - transmit when timer expires
  • - if no ACK, increase random backoff interval,
    repeat 2
  • 802.11 receiver
  • - if frame received OK
  • return ACK after SIFS (ACK needed due to
    hidden terminal problem)

sender
receiver
16
Avoiding collisions (more)
  • idea allow sender to reserve channel rather
    than random access of data frames avoid
    collisions of long data frames
  • sender first transmits small request-to-send
    (RTS) packets to BS using CSMA
  • RTSs may still collide with each other (but
    theyre short)
  • BS broadcasts clear-to-send CTS in response to
    RTS
  • RTS heard by all nodes
  • sender transmits data frame
  • other stations defer transmissions

Avoid data frame collisions completely using
small reservation packets!
17
Collision Avoidance RTS-CTS exchange
A
B
AP
defer
time
18
802.11 frame addressing
Address 4 used only in ad hoc mode
Address 1 MAC address of wireless host or AP to
receive this frame
Address 3 MAC address of router interface to
which AP is attached
Address 2 MAC address of wireless host or AP
transmitting this frame
19
802.11 frame addressing
H1
R1
20
802.11 mobility within same subnet
  • H1 remains in same IP subnet IP address can
    remain same
  • switch which AP is associated with H1?
  • self-learning (Ch. 5) switch will see frame from
    H1 and remember which switch port can be used
    to reach H1

hub or switch
BBS 1
AP 1
AP 2
H1
BBS 2
21
Network Security
  • What is network security?
  • Principles of cryptography
  • Authentication
  • Access control firewalls
  • Attacks and counter measures

22
What is network security?
  • Confidentiality only sender, intended receiver
    should understand message contents
  • sender encrypts message
  • receiver decrypts message
  • Authentication sender, receiver want to confirm
    identity of each other
  • Message Integrity sender, receiver want to
    ensure message content not altered (in transit,
    or afterwards) without detection
  • Access and Availability services must be
    accessible and available to users

23
Friends and enemies Alice, Bob, Trudy
  • well-known in network security world
  • Bob, Alice (lovers!) want to communicate
    securely
  • Trudy (intruder) may intercept, delete, add
    messages

Alice
Bob
data, control messages
channel
secure sender
secure receiver
data
data
Trudy
24
Who might Bob, Alice be?
  • well, real-life Bobs and Alices!
  • Web browser/server for electronic transactions
    (e.g., on-line purchases)
  • on-line banking client/server
  • DNS servers
  • routers exchanging routing table updates
  • other examples?

25
There are bad guys (and girls) out there!
  • Q What can a bad guy do?
  • A a lot!
  • eavesdrop intercept messages
  • actively insert messages into connection
  • impersonation can fake (spoof) source address in
    packet (or any field in packet)
  • hijacking take over ongoing connection by
    removing sender or receiver, inserting himself in
    place
  • denial of service prevent service from being
    used by others (e.g., by overloading resources)

more on this later
26
Overview
  • What is network security?
  • Principles of cryptography
  • Authentication
  • Access control firewalls
  • Attacks and counter measures

27
The language of cryptography
Alices encryption key
Bobs decryption key
encryption algorithm
decryption algorithm
ciphertext
plaintext
plaintext
  • symmetric key crypto sender, receiver keys
    identical
  • public-key crypto encryption key public,
    decryption key secret (private)

28
Symmetric key cryptography
  • substitution cipher substituting one thing for
    another
  • monoalphabetic cipher substitute one letter for
    another

plaintext abcdefghijklmnopqrstuvwxyz
ciphertext mnbvcxzasdfghjklpoiuytrewq
E.g.
Plaintext bob. i love you. alice
ciphertext nkn. s gktc wky. mgsbc
  • Q How hard to break this simple cipher?
  • brute force (how hard?)
  • other?

29
Symmetric key cryptography
encryption algorithm
decryption algorithm
ciphertext
plaintext
plaintext message, m
K (m)
A-B
  • symmetric key crypto Bob and Alice share know
    same (symmetric) key K
  • e.g., key is knowing substitution pattern in mono
    alphabetic substitution cipher
  • Q how do Bob and Alice agree on key value?

A-B
30
Symmetric key crypto DES
  • DES Data Encryption Standard
  • US encryption standard NIST 1993
  • 56-bit symmetric key, 64-bit plaintext input
  • How secure is DES?
  • DES Challenge 56-bit-key-encrypted phrase
    (Strong cryptography makes the world a safer
    place) decrypted (brute force) in 4 months
  • no known backdoor decryption approach
  • making DES more secure
  • use three keys sequentially (3-DES) on each datum
  • use cipher-block chaining

31
Symmetric key crypto DES
  • initial permutation
  • 16 identical rounds of function application,
    each using different 48 bits of key
  • final permutation

32
AES Advanced Encryption Standard
  • new (Nov. 2001) symmetric-key NIST standard,
    replacing DES
  • processes data in 128 bit blocks
  • 128, 192, or 256 bit keys
  • brute force decryption (try each key) taking 1
    sec on DES, takes 149 trillion years for AES

33
Public Key Cryptography
  • symmetric key crypto
  • requires sender, receiver know shared secret key
  • Q how to agree on key in first place
    (particularly if never met)?
  • public key cryptography
  • radically different approach Diffie-Hellman76,
    RSA78
  • sender, receiver do not share secret key
  • public encryption key known to all
  • private decryption key known only to receiver

34
Public key cryptography

Bobs public key
K
B
-
Bobs private key
K
B
encryption algorithm
decryption algorithm
plaintext message
plaintext message, m
ciphertext
35
Public key encryption algorithms
Requirements
.
.

-
  • need K ( ) and K ( ) such that

B
B

given public key K , it should be impossible to
compute private key K
B
-
B
RSA Rivest, Shamir, Adelson algorithm
Write a Comment
User Comments (0)
About PowerShow.com