final exam review n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Final Exam Review PowerPoint Presentation
Download Presentation
Final Exam Review

Loading in 2 Seconds...

play fullscreen
1 / 28

Final Exam Review - PowerPoint PPT Presentation


  • 115 Views
  • Uploaded on

Final Exam Review. Knowledge questions True or false statement (explain why) Protocol Calculation Cover the contents after midterm coverage Homework 3, 4, security. Knowledge Question Examples. Three classes of switch fabric, speed relationship What is Head-of-the-line (HOL) blocking?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Final Exam Review' - emerson-morin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
final exam review
Final Exam Review
  • Knowledge questions
  • True or false statement (explain why)
  • Protocol
  • Calculation
  • Cover the contents after midterm coverage
    • Homework 3, 4, security
knowledge question examples
Knowledge Question Examples
  • Three classes of switch fabric, speed relationship
    • What is Head-of-the-line (HOL) blocking?
  • Where can queue occur in router?
  • TCP header size? IP header size? UDP header size?
  • How many bits in IP of IPv6? Address space size? Why it is very slow to be deployed? (enough IP space, hard upgrading and compatible)
  • Routing: what are Link state, distance vector?
  • Internet two-level routing? (inter-AS, intra-AS)
  • RIP, OSPF, BGP? Used where?
    • OSPF uses link state, BGP/RIP uses distance vector
    • RIP, OSPF -> intra-AS, BGP -> inter-AS
  • Which is better? pure ALOHA, slotted ALOHA, CSMA/CD?
    • What are their assumptions? (collision detection, time syn)
  • CSMA/CD? CSMA/CA? Why wireless use CSMA/CA?
  • Ethernet Broadcast MAC addr.? What the broadcast address for? What is ARP?
  • Why Ethernet is much better than aloha in efficiency?
    • Carrier sense, collision detection, exp. backoff
knowledge question examples1
Knowledge Question Examples
  • Hub vs. Switch?
  • 802.11a, b, g: speed? Working frequency?
  • 802.15? (personal area network, example: bluetooth)
  • Wireless no collision detection?
    • listen while sending, fading, hidden terminal
  • Network security three elements:
    • Confidentiality, authentication, integrity
  • What is public/symmetric key cryptography? Pro vs. con?
  • Why use “nonce” in security? (replay attack) What is man-in-the-middle attack?
  • Usage of firewall? (block outside active traffic to inside)
  • IP spoofing? SYN flood DoS attack?
  • What is a botnet?
  • IPSec vs. SSL? (different layers, tcp vs. udp)
protocol problem examples
Protocol Problem Examples
  • NAT address translation procedure
  • Digital signature procedure
  • HTTPS connection procedure
    • CA, public key
  • Secure email (assume known public key)
    • Confidentiality
    • Integrity
calculation examples
Calculation Examples
  • subnet addressing
    • Figure out subnet based on host’s IP and subnet mask
  • link state, distance vector
  • parity checking
  • CRC calculation
  • wireless MAC protocol
  • Caesar cipher decrypt, Vigenere cipher, one-time pad decrypt (given the pad)
three types of switching fabrics
Three types of switching fabrics

Property? Speed order?

slide7
Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward
  • Queue can occur at both input port and output port of a router
routing algorithm classification
Global or decentralized information?

Global:

all routers have complete topology, link cost info

“link state” algorithms

Decentralized:

router knows physically-connected neighbors, link costs to neighbors

iterative process of computation, exchange of info with neighbors

“distance vector” algorithms

Routing Algorithm classification
nat network address translation

3

1

2

4

S: 10.0.0.1, 3345

D: 128.119.40.186, 80

S: 138.76.29.7, 5001

D: 128.119.40.186, 80

1: host 10.0.0.1

sends datagram to

128.119.40.186, 80

2: NAT router

changes datagram

source addr from

10.0.0.1, 3345 to

138.76.29.7, 5001,

updates table

S: 128.119.40.186, 80

D: 10.0.0.1, 3345

S: 128.119.40.186, 80

D: 138.76.29.7, 5001

NAT: Network Address Translation

NAT translation table

WAN side addr LAN side addr

138.76.29.7, 5001 10.0.0.1, 3345

…… ……

10.0.0.1

10.0.0.4

10.0.0.2

138.76.29.7

10.0.0.3

4: NAT router

changes datagram

dest addr from

138.76.29.7, 5001 to 10.0.0.1, 3345

3: Reply arrives

dest. address:

138.76.29.7, 5001

intra as and inter as routing

Inter-AS

routing

between

A and B

b

c

a

a

C

b

B

b

c

a

d

Host

h1

A

A.a

A.c

C.b

B.a

Intra-AS and Inter-AS routing

Host

h2

Intra-AS routing

within AS B

Intra-AS routing

within AS A

  • RIP: Routing Information Protocol
  • OSPF: Open Shortest Path First
  • BGP: Border Gateway Protocol (Inter-AS)
arp protocol same lan network
A wants to send datagram to B, and B’s MAC address not in A’s ARP table.

A broadcasts ARP query packet, containing B's IP address

Dest MAC address =

FF-FF-FF-FF-FF-FF

all machines on LAN receive ARP query

B receives ARP packet, replies to A with its (B's) MAC address

frame sent to A’s MAC address (unicast)

A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out)

soft state: information that times out (goes away) unless refreshed

ARP is “plug-and-play”:

nodes create their ARP tables without intervention from net administrator

ARP protocol: Same LAN (network)
what is network security
What is network security?

Confidentiality: only sender, intended receiver should “understand” message contents

  • sender encrypts message
  • receiver decrypts message

Authentication: sender, receiver want to confirm identity of each other

  • Virus email really from your friends?
  • The website really belongs to the bank?

Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

  • Digital signature
collision avoidance rts cts exchange

RTS(B)

RTS(A)

reservation collision

RTS(A)

CTS(A)

CTS(A)

DATA (A)

ACK(A)

ACK(A)

Collision Avoidance: RTS-CTS exchange

B

A

AP

DIFS

CIFS

CIFS

defer

CIFS

time

Textbook Page 522 figure

firewall

public

Internet

administered

network

Firewall
  • Block outside-initiated traffic to inside of a local network
  • Usually do not block any traffic initiated from inside to outside
  • Have at least two NICs (two IPs)

firewall

ap5 0 security hole
ap5.0: security hole

Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)

  • Difficult to detect:
  • Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation)
  • problem is that Trudy receives all messages as well!
slide16

Digital signature = signed message digest

H: Hash

function

H: Hash

function

large

message

m

large

message

m

+

-

digital

signature

(decrypt)

digital

signature

(encrypt)

K

K

B

B

encrypted

msg digest

encrypted

msg digest

+

-

-

KB(H(m))

KB(H(m))

H(m)

H(m)

Bob sends digitally signed message:

Alice verifies signature and integrity of digitally signed message:

H(m)

Bob’s

private

key

Bob’s

public

key

equal

?

No confidentiality !

secure e mail

.

KS( )

+

+

KB(KS )

KB

+

.

+

KB( )

Secure e-mail
  • Alice wants to send confidential e-mail, m, to Bob.

KS

KS(m )

m

Internet

KS

  • Alice:
  • generates random symmetric private key, KS.
  • encrypts message with KS (for efficiency)
  • also encrypts KS with Bob’s public key.
  • sends both KS(m) and KB(KS) to Bob.
secure e mail1

.

.

KS( )

KS( )

+

+

+

-

KB(KS )

KB(KS )

KB

KB

+

-

KS

KS(m )

KS(m )

m

m

KS

Internet

KS

.

.

+

-

KB( )

KB( )

Secure e-mail
  • Alice wants to send confidential e-mail, m, to Bob.
  • Bob:
  • uses his private key to decrypt and recover KS
  • uses KS to decrypt KS(m) to recover m
secure e mail continued

+

-

KA

KA

+

-

.

.

+

-

KA( )

KA( )

.

.

-

-

KA(H(m))

KA(H(m))

H(m )

m

H( )

H( )

compare

Internet

m

H(m )

m

Secure e-mail (continued)
  • Alice wants to provide message integrity (unchanged, really written by Alice).
  • Alice digitally signs message.
  • sends both message (in the clear) and digital signature.
secure e mail continued1

.

KS( )

+

+

-

KB(KS )

KA

KB

+

+

KS

m

.

-

KA( )

.

-

KA(H(m))

H( )

m

Internet

KS

.

+

KB( )

Secure e-mail (continued)
  • Alice wants to provide secrecy, sender authentication, message integrity.

Alice uses three keys: her private key, Bob’s public key, newly created symmetric key

how ssl https works

+

K

B

How SSL (https) works?

Three-way handshake

Request server certificate

K-CA(K+B)

Server B

Client

Certificate from CA

K+B(KA-B)

Symmetric session key

KA-B(m)

time

forwarding table
Forwarding table

Destination Address RangeLink Interface

11001000 00010111 00010000 00000000

through 0

11001000 00010111 00010111 11111111

11001000 00010111 00011000 00000000

through 1

11001000 00010111 00011000 11111111

11001000 00010111 00011001 00000000

through 2

11001000 00010111 00011111 11111111

otherwise 3

longest prefix matching
Longest prefix matching

Prefix MatchLink Interface

11001000 00010111 00010 0

11001000 00010111 00011000 1

11001000 00010111 00011 2

otherwise 3

Examples

Which interface?

DA: 11001000 00010111 00010110 10100001

Which interface?

DA: 11001000 00010111 00011000 10101010

Which interface?

DA: 11001000 00010111 10011000 10101010

subnet calculation quiz 2
Subnet calculation (quiz 2)
  • Suppose an ISP has a chunk of IP addresses of 128.119.0.0/17, it allocates this space to three companies. Two companies get equal size space, the third company gets half of the space with higher IP addresses. Show the IP space allocated to the three companies.
crc example
CRC Example

Want:

D.2r XOR R = nG

equivalently:

D.2r = nG XOR R

equivalently:

if we divide D.2r by G, want remainder R

D.2r

G

R = remainder[ ]

dijkstra s algorithm example

2,A 5,A 1,A infinity,- infinity,-

A

2,A 4,D1,A2,D infinity,-

AD

2,A 3,E1,A2,D4,E

ADE

2,A 3,E 1,A2,D 4,E

ADEB

2,A3,E1,A2,D 4,E

ADEBC

2,A3,E1,A2,D4,E

ADEBCF

A

D

B

E

F

C

Dijkstra’s algorithm: example

D(B),p(B)

D(D),p(D)

D(C),p(C)

D(E),p(E)

Step

0

1

2

3

4

5

N

D(F),p(F)

5

3

5

2

2

1

3

1

2

1

slide27

cost to

x y z

x

0 2 7

y

from

z

2

1

7

z

x

y

Dx(z) = min{c(x,y) + Dy(z), c(x,z) + Dz(z)}

= min{2+1 , 7+0} = 3

Dx(y) = min{c(x,y) + Dy(y), c(x,z) + Dz(y)} = min{2+0 , 7+1} = 2

node x table

cost to

cost to

x y z

x y z

x

0 2 3

x

0 2 3

y

from

2 0 1

y

from

2 0 1

z

7 1 0

z

3 1 0

node y table

cost to

cost to

cost to

x y z

x y z

x y z

x

x

0 2 7

2 0 1

x

0 2 3

y

y

from

2 0 1

y

from

from

2 0 1

z

z

7 1 0

z

3 1 0

node z table

cost to

cost to

cost to

x y z

x y z

x y z

x

0 2 7

x

0 2 3

x

∞ ∞ ∞

y

y

2 0 1

from

from

y

2 0 1

from

z

z

z

3 1 0

3 1 0

7

1

0

time

slide28
Caesar cipher decrypt:
    • “welcome”, key= +2 
  • Vigenere cipher
    • “final exam” key=3,4,-1 (blank space does not change)