Title: Final Exam Review
1Final Exam Review
- Knowledge questions
- True or false statement (explain why)
- Protocol
- Calculation
- Cover the second half contents
2Knowledge Question Examples
- Three classes of switch fabric
- Where can queue occur in router?
- TCP header size? IP header size? (20/20)
- How many bits in IP of IPv6? Address space size?
- Routing Link state vs. distance vector ?
- Internet two-level routing? (inter-AS, intra-AS)
- RIP, OSPF, BGP? Used where?
- OSPF uses link state, BGP uses distance vector
- Which is better? Slotted ALOHA, pure ALOHA,
CSMA/CD? - CSMA/CD? CSMA/CA? Why wireless use csma/ca?
3Knowledge Question Examples
- MAC address bytes? Broadcast MAC addr.? What the
broadcast address for? What is ARP? - Why Ethernet is much better than aloha in
efficiency? (homework 3) - Hub vs. Switch? (homework 3)
- 802.11a, b, g speed? Working frequency?
- 802.15? (personal area network)
- Wireless no collision detection? (fading, hidden
terminal) - Network security three elements
- Confidentiality, authentication, integrity
- What is public key cryptography?
- Why use nonce in security? (replay attack)
- Usage of firewall? (block outside active traffic
to inside) - IP spoofing? SYN flood DoS attack?
4Protocol Problem Examples
- NAT address translation procedure
- Digital signature procedure
- HTTPS connection procedure
- CA, public key
- Secure email (assume known public key)
- Confidentiality
- Integrity
5Calculation Examples
- Homework 3 prob. 1 (subnet addressing)
- Homework 3, prob. 3-4 (distance vector)
- Homework 3, prob. 7 (parity checking)
- CDMA calculation (textbook fig. 6.5)
- Caesar cipher decrypt, Vigenere cipher, one-time
pad decrypt (given the pad)
6Three types of switching fabrics
Property? Speed order?
7Routing Algorithm classification
- Global or decentralized information?
- Global
- all routers have complete topology, link cost
info - link state algorithms
- Decentralized
- router knows physically-connected neighbors, link
costs to neighbors - iterative process of computation, exchange of
info with neighbors - distance vector algorithms
8Intra-AS and Inter-AS routing
Host h2
Intra-AS routing within AS B
Intra-AS routing within AS A
- RIP Routing Information Protocol
- OSPF Open Shortest Path First
- BGP Border Gateway Protocol (Inter-AS)
9ARP protocol Same LAN (network)
- A wants to send datagram to B, and Bs MAC
address not in As ARP table. - A broadcasts ARP query packet, containing B's IP
address - Dest MAC address
- FF-FF-FF-FF-FF-FF
- all machines on LAN receive ARP query
- B receives ARP packet, replies to A with its
(B's) MAC address - frame sent to As MAC address (unicast)
- A caches (saves) IP-to-MAC address pair in its
ARP table until information becomes old (times
out) - soft state information that times out (goes
away) unless refreshed - ARP is plug-and-play
- nodes create their ARP tables without
intervention from net administrator
10What is network security?
- Confidentiality only sender, intended receiver
should understand message contents - sender encrypts message
- receiver decrypts message
- Authentication sender, receiver want to confirm
identity of each other - Virus email really from your friends?
- The website really belongs to the bank?
- Message Integrity sender, receiver want to
ensure message not altered (in transit, or
afterwards) without detection - Digital signature
11- public key cryptography
- sender, receiver do not share secret key
- public encryption key known to all
- private decryption key known only to receiver
Replay Attack
encryppted password
Alices IP addr
record and playback!
Im Alice
12Firewall
- Block outside-initiated traffic to inside of a
local network - Usually do not block any traffic initiated from
inside to outside
firewall
13- Denial-of-Service (DoS) attack
- Send many fake requests to congest link or
consume server resource (CPU, memory) - SYN flooding
- attacker sends many SYNs to victim victim has to
allocate connection resource victim has no
resource left for real connection requests any
more. - Usually with spoofed source IP address
- IP spoofing
- Attacker can generate raw IP packets directly
from application, putting any value into IP
source address field - Hide the identity of the traffic initiator
14NAT Network Address Translation
NAT translation table WAN side addr LAN
side addr
138.76.29.7, 5001 10.0.0.1, 3345
10.0.0.1
10.0.0.4
10.0.0.2
138.76.29.7
10.0.0.3
4 NAT router changes datagram dest addr
from 138.76.29.7, 5001 to 10.0.0.1, 3345
3 Reply arrives dest. address 138.76.29.7,
5001
5001 random generated, Unique, ID for the
connection
15Distance table gives routing table(problem 3)
cost to destination via
E
Outgoing link to use, cost
D () A B C D
A 13 7 6 4
B 5 8 9 11
A B C D
B,5 A,7 D,4 A,4
D 8 9 4 5
destination
destination
Routing table
Distance table
16Distance Vector Algorithm example(for problem 4)
17Digital signature signed message digest
- Alice verifies signature and integrity of
digitally signed message
Bob sends digitally signed message
H(m)
Bobs private key
Bobs public key
equal ?
No confidentiality !
18Secure e-mail
- Alice wants to send confidential e-mail, m, to
Bob.
KS
KS(m )
m
Internet
KS
- Alice
- generates random symmetric private key, KS.
- encrypts message with KS (for efficiency)
- also encrypts KS with Bobs public key.
- sends both KS(m) and KB(KS) to Bob.
19Secure e-mail
- Alice wants to send confidential e-mail, m, to
Bob.
- Bob
- uses his private key to decrypt and recover KS
- uses KS to decrypt KS(m) to recover m
20Secure e-mail (continued)
- Alice wants to provide message integrity
(unchanged, really written by Alice).
- Alice digitally signs message.
- sends both message (in the clear) and digital
signature.
21(No Transcript)
22- Caesar cipher decrypt
- welcome, key 2 ?
- Vigenere cipher
- final exam key3,4,-1 (blank space does not
change)