Final Exam Review Knowledge questions True or false statement (explain why) Protocol Calculation Cover the second half contents

Knowledge Question Examples Three classes of switch fabric Where can queue occur in router? TCP header size? IP header size? (20/20) How many bits in IP of IPv6? Address space size? Routing: Link state vs. distance vector ? Internet two-level routing? (inter-AS, intra-AS) RIP, OSPF, BGP? Used where? –OSPF uses link state, BGP uses distance vector Which is better? Slotted ALOHA, pure ALOHA, CSMA/CD? CSMA/CD? CSMA/CA? Why wireless use csma/ca?

Knowledge Question Examples MAC address bytes? Broadcast MAC addr.? What the broadcast address for? What is ARP? Why Ethernet is much better than aloha in efficiency? (homework 3) Hub vs. Switch? (homework 3) a, b, g: speed? Working frequency? ? (personal area network) Wireless no collision detection? (fading, hidden terminal) Network security three elements: –Confidentiality, authentication, integrity What is public key cryptography? Why use “nonce” in security? (replay attack) Usage of firewall? (block outside active traffic to inside) IP spoofing? SYN flood DoS attack?

Protocol Problem Examples NAT address translation procedure Digital signature procedure HTTPS connection procedure –CA, public key Secure (assume known public key) –Confidentiality –Integrity

Calculation Examples Homework 3 prob. 1 (subnet addressing) Homework 3, prob. 3-4 (distance vector) Homework 3, prob. 7 (parity checking) CDMA calculation (textbook fig. 6.5) Caesar cipher decrypt, Vigenere cipher, one-time pad decrypt (given the pad)

Three types of switching fabrics Property? Speed order?

Routing Algorithm classification Global or decentralized information? Global: all routers have complete topology, link cost info “ link state ” algorithms Decentralized: router knows physically-connected neighbors, link costs to neighbors iterative process of computation, exchange of info with neighbors “ distance vector ” algorithms

Intra-AS and Inter-AS routing Host h2 a b b a a C A B d c A.a A.c C.b B.a c b Host h1 Intra-AS routing within AS A Inter-AS routing between A and B Intra-AS routing within AS B –RIP: Routing Information Protocol –OSPF: Open Shortest Path First –BGP: Border Gateway Protocol (Inter-AS)

ARP protocol: Same LAN (network) A wants to send datagram to B, and B ’ s MAC address not in A ’ s ARP table. A broadcasts ARP query packet, containing B's IP address –Dest MAC address = FF-FF-FF-FF-FF-FF –all machines on LAN receive ARP query B receives ARP packet, replies to A with its (B's) MAC address –frame sent to A ’ s MAC address (unicast) A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out) –soft state: information that times out (goes away) unless refreshed ARP is “ plug-and-play ” : –nodes create their ARP tables without intervention from net administrator

What is network security? Confidentiality: only sender, intended receiver should “ understand ” message contents –sender encrypts message –receiver decrypts message Authentication: sender, receiver want to confirm identity of each other –Virus really from your friends? –The website really belongs to the bank? Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection –Digital signature

public key cryptography sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver record and playback! “I’m Alice” Alice’s IP addr encryppted password OK Alice’s IP addr “I’m Alice” Alice’s IP addr encrypted password Replay Attack

Firewall Block outside-initiated traffic to inside of a local network Usually do not block any traffic initiated from inside to outside firewall

–Denial-of-Service (DoS) attack: Send many fake requests to congest link or consume server resource (CPU, memory) –SYN flooding: attacker sends many SYNs to victim; victim has to allocate connection resource; victim has no resource left for real connection requests any more. Usually with spoofed source IP address IP spoofing: –Attacker can generate “ raw ” IP packets directly from application, putting any value into IP source address field –Hide the identity of the traffic initiator

NAT: Network Address Translation S: , 3345 D: , : host sends datagram to , 80 NAT translation table WAN side addr LAN side addr , , 3345 …… S: , 80 D: , S: , 5001 D: , : NAT router changes datagram source addr from , 3345 to , 5001, updates table S: , 80 D: , : Reply arrives dest. address: , : NAT router changes datagram dest addr from , 5001 to , : random generated, Unique, ID for the connection

Distance table gives routing table (problem 3) D () A B C D A B D8945D8945 E cost to destination via destination ABCD ABCD B,5 A,7 D,4 A,4 Outgoing link to use, cost destination Distance table Routing table

Distance Vector Algorithm: example (for problem 4) X Z Y D (Y,Z) X c(X,Z) + min {D (Y,w)} w = = 7+1 = 8 Z D (Z,Y) X c(X,Y) + min {D (Z,w)} w = = 2+1 = 3 Y

large message m H: Hash function H(m) digital signature (encrypt) Bob’s private key K B - + Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: K B (H(m)) - encrypted msg digest K B (H(m)) - encrypted msg digest large message m H: Hash function H(m) digital signature (decrypt) H(m) Bob’s public key K B + equal ? Digital signature = signed message digest No confidentiality !

Secure Alice:  generates random symmetric private key, K S.  encrypts message with K S (for efficiency)  also encrypts K S with Bob’s public key.  sends both K S (m) and K B (K S ) to Bob.  Alice wants to send confidential , m, to Bob. K S ( ). K B ( ). + + K S (m ) K B (K S ) + m KSKS KBKB + Internet KSKS

Secure Bob:  uses his private key to decrypt and recover K S  uses K S to decrypt K S (m) to recover m  Alice wants to send confidential , m, to Bob. K S ( ). K B ( ) K S (m ) K B (K S ) + m KSKS KSKS KBKB + Internet K S ( ). K B ( ). - KBKB - KSKS m K S (m ) K B (K S ) +

Secure (continued) Alice wants to provide message integrity (unchanged, really written by Alice). Alice digitally signs message. sends both message (in the clear) and digital signature. H( ). K A ( ) H(m ) K A (H(m)) - m KAKA - Internet m K A ( ). + KAKA + K A (H(m)) - m H( ). H(m ) compare

Caesar cipher decrypt: –“welcome”, key= +2  Vigenere cipher –“final exam” key=3,4,-1 (blank space does not change)