Final Exam Review

1
Final Exam Review

• Knowledge questions
• True or false statement (explain why)
• Protocol
• Calculation
• Cover the second half contents

2
Knowledge Question Examples

• Three classes of switch fabric
• Where can queue occur in router?
• TCP header size? IP header size? (20/20)
• How many bits in IP of IPv6? Address space size?
• Routing Link state vs. distance vector ?
• Internet two-level routing? (inter-AS, intra-AS)
• RIP, OSPF, BGP? Used where?
• OSPF uses link state, BGP uses distance vector
• Which is better? Slotted ALOHA, pure ALOHA,
  CSMA/CD?
• CSMA/CD? CSMA/CA? Why wireless use csma/ca?

3
Knowledge Question Examples

• MAC address bytes? Broadcast MAC addr.? What the
  broadcast address for? What is ARP?
• Why Ethernet is much better than aloha in
  efficiency? (homework 3)
• Hub vs. Switch? (homework 3)
• 802.11a, b, g speed? Working frequency?
• 802.15? (personal area network)
• Wireless no collision detection? (fading, hidden
  terminal)
• Network security three elements
• Confidentiality, authentication, integrity
• What is public key cryptography?
• Why use nonce in security? (replay attack)
• Usage of firewall? (block outside active traffic
  to inside)
• IP spoofing? SYN flood DoS attack?

4
Protocol Problem Examples

• NAT address translation procedure
• Digital signature procedure
• HTTPS connection procedure
• CA, public key
• Secure email (assume known public key)
• Confidentiality
• Integrity

5
Calculation Examples

• Homework 3 prob. 1 (subnet addressing)
• Homework 3, prob. 3-4 (distance vector)
• Homework 3, prob. 7 (parity checking)
• CDMA calculation (textbook fig. 6.5)
• Caesar cipher decrypt, Vigenere cipher, one-time
  pad decrypt (given the pad)

6
Three types of switching fabrics
Property? Speed order?
7
Routing Algorithm classification

• Global or decentralized information?
• Global
• all routers have complete topology, link cost
  info
• link state algorithms
• Decentralized
• router knows physically-connected neighbors, link
  costs to neighbors
• iterative process of computation, exchange of
  info with neighbors
• distance vector algorithms

8
Intra-AS and Inter-AS routing
Host h2
Intra-AS routing within AS B
Intra-AS routing within AS A

• RIP Routing Information Protocol
• OSPF Open Shortest Path First
• BGP Border Gateway Protocol (Inter-AS)

9
ARP protocol Same LAN (network)

• A wants to send datagram to B, and Bs MAC
  address not in As ARP table.
• A broadcasts ARP query packet, containing B's IP
  address
• Dest MAC address
• FF-FF-FF-FF-FF-FF
• all machines on LAN receive ARP query
• B receives ARP packet, replies to A with its
  (B's) MAC address
• frame sent to As MAC address (unicast)

• A caches (saves) IP-to-MAC address pair in its
  ARP table until information becomes old (times
  out)
• soft state information that times out (goes
  away) unless refreshed
• ARP is plug-and-play
• nodes create their ARP tables without
  intervention from net administrator

10
What is network security?

• Confidentiality only sender, intended receiver
  should understand message contents
• sender encrypts message
• receiver decrypts message
• Authentication sender, receiver want to confirm
  identity of each other
• Virus email really from your friends?
• The website really belongs to the bank?
• Message Integrity sender, receiver want to
  ensure message not altered (in transit, or
  afterwards) without detection
• Digital signature

11

• public key cryptography
• sender, receiver do not share secret key
• public encryption key known to all
• private decryption key known only to receiver

Replay Attack
encryppted password
Alices IP addr
record and playback!
Im Alice
12
Firewall

• Block outside-initiated traffic to inside of a
  local network
• Usually do not block any traffic initiated from
  inside to outside

firewall


13

• Denial-of-Service (DoS) attack
• Send many fake requests to congest link or
  consume server resource (CPU, memory)
• SYN flooding
• attacker sends many SYNs to victim victim has to
  allocate connection resource victim has no
  resource left for real connection requests any
  more.
• Usually with spoofed source IP address
• IP spoofing
• Attacker can generate raw IP packets directly
  from application, putting any value into IP
  source address field
• Hide the identity of the traffic initiator

14
NAT Network Address Translation
NAT translation table WAN side addr LAN
side addr
138.76.29.7, 5001 10.0.0.1, 3345

10.0.0.1
10.0.0.4
10.0.0.2
138.76.29.7
10.0.0.3
4 NAT router changes datagram dest addr
from 138.76.29.7, 5001 to 10.0.0.1, 3345
3 Reply arrives dest. address 138.76.29.7,
5001
5001 random generated, Unique, ID for the
connection
15
Distance table gives routing table(problem 3)
cost to destination via
E
Outgoing link to use, cost
D () A B C D
A 13 7 6 4
B 5 8 9 11
A B C D
B,5 A,7 D,4 A,4
D 8 9 4 5
destination
destination
Routing table
Distance table
16
Distance Vector Algorithm example(for problem 4)
17
Digital signature signed message digest

• Alice verifies signature and integrity of
  digitally signed message

Bob sends digitally signed message
H(m)
Bobs private key
Bobs public key
equal ?
No confidentiality !
18
Secure e-mail

• Alice wants to send confidential e-mail, m, to
  Bob.

KS
KS(m )
m
Internet
KS

• Alice
• generates random symmetric private key, KS.
• encrypts message with KS (for efficiency)
• also encrypts KS with Bobs public key.
• sends both KS(m) and KB(KS) to Bob.

19
Secure e-mail

• Alice wants to send confidential e-mail, m, to
  Bob.

• Bob
• uses his private key to decrypt and recover KS
• uses KS to decrypt KS(m) to recover m

20
Secure e-mail (continued)

• Alice wants to provide message integrity
  (unchanged, really written by Alice).

• Alice digitally signs message.
• sends both message (in the clear) and digital
  signature.

21
(No Transcript)
22

• Caesar cipher decrypt
• welcome, key 2 ?
• Vigenere cipher
• final exam key3,4,-1 (blank space does not
  change)