# Computer Networks - CS132/EECS148 - Spring

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 5 Deadline : May 30th 9:30pm (hard and soft copies required) Problem 1 (Chapter 6, problem 10-6 points) - Consider the following idealized LTE scenario: The downstream channel (see figure 6.20) is slotted in time, across F frequencies. There are four nodes A,B,C and D, reachable from a base station at rates of 10 Mbps, 5 Mbps, 2.5 Mbps and 1 Mbps, respectively, on the downstream channel. These rates assume that the base station utilizes all time slots available on all F frequencies to send to just one station. The base station has an infinite amount of data to send to each of the nodes, and can send to any one of these four nodes using any of the F frequencies during any timeslot in the downstream sub-frame. a. What is the maximum rate at which the base station can send to the nodes, assuming it can send to any node it chooses during each timeslot? Is your solution fair? Explain and define what you mean by fair. b. If there is a fairness requirement that each node must receive an equal amount of data during each one second interval, what is the average transmission rate by the base station (to all nodes) during the downstream sub-frame? Explain how you arrived at your answer. c. Suppose that the fairness criterion is that any node can receive at most twice as much data as any other node during the sub-frame. What is the average transmission rate by the base station (to all nodes) during the sub-frame? Explain how you arrived at your answer. a. 10 Mbps if it only transmits to node A. This solution is not fair since only A is getting served. By fair it means that each of the four nodes should be allotted equal number of slots. a. For the fairness requirement such that each node receives an equal amount of data during each downstream sub-frame, let n1, n2, n3, and n4 respectively represent the number of slots that A, B, C and D get. Now, data transmitted to A in 1 slot = 10t Mbits (assuming the duration of each slot to be t) Hence, Total amount of data transmitted to A (in n1 slots) = 10t n1

2 Similarly total amounts of data transmitted to B, C, and D equal to 5t n2, 2.5t n3, and t n4 respectively. Now, to fulfill the given fairness requirement, we have the following condition: 10t n1 = 5t n2 = 2.5t n3 = t n4 Hence, n2 = 2 n1 n3 = 4 n1 n4 = 10 n1 Now, the total number of slots is N. Hence, n1+ n2+ n3+ n4 = N i.e. n1+ 2 n1 + 4 n n1 = N i.e. n1 = N/17 Hence, n2 = 2N/17 n3 = 4N/17 n4 = 10N/17 The average transmission rate is given by: (10t n1+5t n2+ 2.5t n3+t n4)/tn = (10N/ * 2N/ * 4N/ * 10N/17)/N = 40/17 = 2.35 Mbps a. Let node A receives twice as much data as nodes B, C, and D during the sub-frame. Hence, 10tn1 = 2 * 5tn2 = 2 * 2.5tn3 = 2 * tn4 i.e. n2 = n1 n3 = 2n1 n4 = 5n1 Again, n1 + n2 + n3 + n4 = N i.e. n 1+ n1 + 2n1 + 5n1 = N i.e. n1 = N/9 Now, average transmission rate is given by: (10t n1+5t n2+ 2.5t n3+t n4)/tn = 25/9 = 2.78 Mbps Similarly, considering nodes B, C, or D receive twice as much data as any other nodes, different values for the average transmission rate can be calculated.

3 Problem 2 (Chapter 6, problem 13-3 points) - In mobile IP, what effect will mobility have on end-to-end delays of datagrams between the source and destination. Because datagrams must be first forward to the home agent, and from there to the mobile, the delays will generally be longer than via direct routing. Note that it is possible, however, that the direct delay from the correspondent to the mobile (i.e., if the datagram is not routed through the home agent) could actually be smaller than the sum of the delay from the correspondent to the home agent and from there to the mobile. It would depend on the delays on these various path segments. Note that indirect routing also adds a home agent processing (e.g., encapsulation) delay. Problem 3 (Chapter 6, problem 15-3 points) - Consider two mobile nodes in a foreign network having a foreign agent. Is it possible for two mobile nodes to use the same care-of in mobile IP? Explain your answer. Two mobiles could certainly have the same care-of-address in the same visited network. Indeed, if the care-of-address is the address of the foreign agent, then this address would be the same. Once the foreign agent decapsulates the tunneled datagram and determines the address of the mobile, then separate addresses would need to be used to send the datagrams separately to their different destinations (mobiles) within the visited network. Problem 4 (Chapter 8, problem 4-6 points) - Consider the block cipher in Figure 8.5. Suppose that each block cipher Ti simply reverses the order of the 8 input bits (so that, for example, becomes ). Further suppose that the 64 bit scrambler does not modify any bits (so that the output value of the mth bit is equal to the input value of the mth bit). (a) With n = 3 and the original 64 bit input equal to repeated 8 times, what is the value of the output? (b) Repeat part a but now change the last bit of the original 64 bit input from a 0 to a 1. (c) Repeat parts a and b but now suppose that the 64 bit scrambler inverses the order of the 64 bits. a. The output is equal to repeated eight times. b. The output is equal to repeated seven times c. We have (ARBRCR)R = CBA, where A, B, C are strings, and R means inverse operation. Thus: 1. For (a), the output is repeated eight times; 2. For (b), the output is repeated seven times.

4 Problem 5 (Chapter 8, problem 8-6 points) - Consider RSA with p=5 and q=11. a. What are n and z? b. Let e be 3. Why is this an acceptable choice for e? c. Find d such that de=1 (mod z) and d < 160. d. Encrypt the message m=8 using the key (n,e). Let c denote the corresponding ciphertext. Show all work. Hint: To simplify the calculations use the fact : [(a mod n). (b mod n)] mod n = (a. b) mod n p = 5, q = 11 a. n = p*q = 55, z = (p-1)(q-1) = 40 b. e = 3 is less than n and has no common factors with z. c. d = 27 d. m = 8, me = 512, Ciphertext c= me mod n = 17 Problem 6 (Chapter 8, problem 9-6 points) - In this problem we explore the Diffie-Hellman (DH) public-key encryption algorithm, which allows two entities to agree on a shared key. The DH algorithm makes use of a large prime number p and another large number g less than p. Both p and g are made public (so that an attacker would know them). In DH, Alice and Bob each independently choose secret keys, SA and SB respectively. Alice then computes her public key, TA, by raising g to SA and then taking mod p. Bob similarly computes his own public key TB by raising g to SB and then taking mod p. Alice and Bob then exchange their public keys over the internet. Alice then calculates the shared secret key S by raising TB to SA and then taking mod p. Similarly Bob calculates shared key S by raising TA to SB and then taking mod p. a. Prove that, in general, Alice and Bob obtain the same symmetric key, that is, prove S = S. b. With p=11 and g=2, suppose Alice and Bob choose private keys SA=5 and SB = 12, respectively. Calculate Alice s and Bob s public keys, TA and TB. Show all work. c. Following up on part b, now calculate S as the shared symmetric key. Show all work. d. Provide a timing diagram that shows how DH can be attacked by a man-in-the-middle. The timing diagram should have three vertical lines, one for Alice, one for Bob, one for the attacker Trudy. Alice Bob secrect key: S A S B public key: T A = (g^s A ) mod p T B = (g^s B ) mod p shared key: S = (T B^S A ) mod p S' = (T A^S B ) mod p

5 a. S = (TB^SA ) mod p = ((g^sb mod p)^sa ) mod p = (g^(sbsa )) mod p = ((g^sa mod p)^sb ) mod p = (TA^SB ) mod p = S' (b and c) p = 11, g = 2 Alice Bob secrect key: S A = 5 S B = 12 public key: T A = (g^s A ) mod p = 10 T B = (g^s B ) mod p = 4 shared key: S = (T B^S A ) mod p = 1 S' = (T A^S B ) mod p = 1 d) T A T T ) T T T B Alice Trudy Bob The Diffie-Hellman public key encryption algorithm is possible to be attacked by man-in-themiddle. 1. In this attack, Trudy receives Alice's public value (T A ) and sends her own public value (T T ) to Bob. 2. When Bob transmits his public value (T B ), Trudy sends her public key to Alice (T T ). 3. Trudy and Alice thus agree on one shared key (S AT ) and Trudy and Bob agree on another shared key (S BT ). After this exchange, Trudy simply decrypts any messages sent out by Alice or Bob by the public keys S AT and S BT.

6 Problem 7 (Chapter 8, problem 15-6 points) - Consider our authentication protocol in Figure 8.18, in which Alice authenticate herself to Bob, which we saw works well (i.e. we found no flaws in it). Now suppose that while Alice is authenticating herself to Bob, Bob must authenticate himself to Alice. Give a scenario by which Trudy, pretending to be Alice, can now authenticate herself to Bob as Alice. (Hint: consider that the sequence of operations of the protocol, one with Trudy initiating and one with Bob initiating, can be arbitrarily interleaved. Pay particular attention to the fact that both Bob and Alice will use a nonce, and that if care is not taken, the same nonce can be used maliciously) Bob does not know if he is talking to Trudy or Alice initially. Bob and Alice share a secret key K A-B that is unknown to Trudy. Trudy wants Bob to authenticate her (Trudy) as Alice. Trudy is going to have Bob authenticate himself, and waits for Bob to start: 1. Bob-to-Trudy: I am Bob Commentary: Bob starts to authenticate himself. Bob s authentication of himself to the other side then stops for a few steps. 2. Trudy-to-Bob: I am Alice Commentary: Trudy starts to authenticate herself as Alice 3. Bob-to-Trudy: R Commentary: Bob responds to step 2 by sending a nonce in reply. Trudy does not yet know K A-B (R) so she can not yet reply. 4. Trudy-to-Bob: R Commentary: Trudy responds to step 1 now continuing Bob s authentication, picking as the nonce for Bob to encrypt, the exact same value that Bob sent her to encrypt in Step Bob-to-Trudy: K A-B (R) Bob completes his own authentication of himself to the other side by encrypting the nonce he was sent in step 4. Trudy now has K A-B (R). (Note: she does not have, nor need, K A-B Trudy-to-Bob: K A-B (R) Trudy completes her authentication, responding to the R that Bob sent in step 3 above with K A-B (R). Since Trudy has returned the properly encrypted nonce that Bob send in step 3, Bob thinks Trudy is Alice! Problem 8 (Chapter 8, problem 21-4 points) - Suppose Alice and Bob are communicating over an SSL session. Suppose an attacker, who does not have any of the shared keys, inserts a bogus TCP segment into a packet stream with correct TCP checksum and sequence numbers (and correct IP addresses and port numbers). Will SSL at the receiving side accept the bogus packet and pass the payload to the receiving application? Why or why not? No, the bogus packet will fail the integrity check (which uses a shared MAC key). Problem 9 (Chapter 8, problem 22-8 points) - The following True/False questions pertain to Figure 8.28 of your book. a. When a host in /24 sends a datagram to an Amazom.com server, the router R1 will encrypt the datagram using IPsec.

7 b. When a host in /24 sends a datagram to a host in /24, the router R1 will change the source and destination address of the IP datagram. c. Suppose a host in /24 initiates a TCP connection to a Web server in /24. As part of this connection, all datagrams sent by R1 will have protocol number 50 in the left-most IPv4 header field. d. Consider sending a TCP segment from a host in /24 to a host in /24. Suppose the ACK for this segment gets lost, so that TCP resends the segment. Because IPsec uses sequence numbers, R1 will not resend the TCP segment. a) F b) T c) T d) F Problem 10 (Chapter 8, problem 24-8 points) - Consider the following pseudo-wep protocol. The key is 4 bits and the IV is 2 bits. The IV is appended to the end of the key when generating the keystream. Suppose that the shared secret key is The keystreams for the four possible inputs are as follows: : : : : Suppose all messages are 8 bits long. Suppose ICV (integrity check) is 4 bits long, and is calculated by XORing the first 4 bits of the data with the last 4 bits of the data. Suppose the pseudo-wep packet consists of three fields: first the IV field, then the message field and last the ICV field, with some of these fields encrypted. a. We want to send a message m= using the IV = 11 and using WEP. What will be the values in the three WEB fields? b. Show that when the receiver decrypts the WEP packet, it recovers the message and the ICV. c. Suppose Trudy intercepts a WEP packet (not necessarily with IV = 11) and wants to modify it before forwarding to the receiver. Suppose Trudy flips the first ICV bit. Assuming that Trudy does not know the keystreams for any of the IVs, what other bit(s) must Trudy also flip so that the received packet passes the ICV check? d. Justify your answer by modifying the bits in the WEP packet in part (a), decrypting the resulting packet, and verifying the integrity check.

8 a. Since IV = 11, the key stream is Given, m = Hence, ICV = 1010 XOR 0000 = 1010 The three fields will be: IV: 11 Encrypted message: XOR = Encrypted ICV: 1010 XOR 0000 = 1010 a. The receiver extracts the IV (11) and generates the key stream XORs the encrypted message with the key stream to recover the original message: XOR = XORs the encrypted ICV with the keystream to recover the original ICV: 1010 XOR 0000 = 1010 The receiver then XORs the first 4 bits of recovered message with its last 4 bits: 1010 XOR 0000 = 1010 (which equals the recovered ICV) a. Since the ICV is calculated as the XOR of first 4 bits of message with last 4 bits of message, either the 1st bit or the 5th bit of the message has to be flipped for the received packet to pass the ICV check. a. For part (a), the encrypted message was Flipping the 1st bit gives, Trudy XORs this message with the keystream: XOR = If Trudy flipped the first bit of the encrypted ICV, the ICV value received by the receiver is 0010 The receiver XORs this value with the keystream to get the ICV: 0010 XOR 0000 = 0010 The receiver now calculates the ICV from the recovered message: 0010 XOR 0000 = 0010 (which equals the recovered ICV and so the received packet passes the ICV check) Problem 11 (Chapter 8, problem 25-4 points) - Provide a filter table and a connection table for a stateful firewall that is as restrictive as possible but accomplished the following: a. Allows all internal users to establish Telnet sessions with external hosts. b. Allows external users to surf the company Web site at c. But otherwise blocks all inbound and outbound traffic.

9 The internal network is 2/16. In your solution, suppose that the connection table is currently caching three connections, all from inside to outside. You ll need to invent appropriate IP addresses and port numbers. Filter Table: Sour Dest Actio ce addr n Addr ess ess Prot ocol Sour ce port Dest port Flag bit Chec k conn ectio n outsi allow de of 2/16 allow outsi de of 2/16 2/16 TCP > any 2/16 TCP 23 > 1023 ACK x Allo w outsi de of 2/ TCP > Any Allo w outsi de of /16 TCP 80 >102 3 Any deny All all all all all All Connection Table:

### Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

### Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

### Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication

### New York University Computer Science Department Courant Institute of Mathematical Sciences

New York University Computer Science Department Courant Institute of Mathematical Sciences Course Title: Data Communication & Networks Course Number: g22.2662-001 Instructor: Jean-Claude Franchitti Session:

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

### Chapter 10. Network Security

Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

### Client Server Registration Protocol

Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

### First Semester Examinations 2011/12 INTERNET PRINCIPLES

PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

### Protocol Security Where?

IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos

### Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

### Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

### Network Security. HIT Shimrit Tzur-David

Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

### Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

### Chapter 9. IP Secure

Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

### Security in Computer Networks

Security in Computer Networks Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@wustl.edu Audio/Video recordings of this lecture are available on-line at: http://www.cse.wustl.edu/~jain/cse473-10/

### Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Network Security Chapter 15 Security of Wireless Local Area Networks Network Security WS 2002: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control MAC and physical characteristics

### EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computer Science

EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computer Science Examination Computer Networks (2IC15) on Monday, June 22 nd 2009, 9.00h-12.00h. First read the entire examination. There

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

### Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

### Internet Ideal: Simple Network Model

Middleboxes Reading: Ch. 8.4 Internet Ideal: Simple Network Model Globally unique identifiers Each node has a unique, fixed IP address reachable from everyone and everywhere Simple packet forwarding Network

### 12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Review Final Exam 12/10/2015 Thursday 5:30~6:30pm Science S-3-028 IT443 Network Security Administration Instructor: Bo Sheng True/false Multiple choices Descriptive questions 1 2 Network Layers Application

### CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012

CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012 Important: The solutions to the homework problems from the course book have been provided by the authors.

### Netzwerksicherheit: Anwendungen

Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks

### APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

### 12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

### Chapter 8 Network Security

Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and

### Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

### CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why

### Chapter 8. Network Security

Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

### CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

### Chapter 7: Network security

Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

### Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

### Security in IEEE 802.11 WLANs

Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh

### Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff.

Mobile Routing Basic Notions of Mobility When a host moves, its point of attachment in the changes. This is called a handoff. The point of attachment is a base station (BS) for cellular, or an access point

### Overview. SSL Cryptography Overview CHAPTER 1

CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

### CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

### Security: Focus of Control. Authentication

Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond

### 18-731 Midterm. Name: Andrew user id:

18-731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem

### Internet Packets. Forwarding Datagrams

Internet Packets Packets at the network layer level are called datagrams They are encapsulated in frames for delivery across physical networks Frames are packets at the data link layer Datagrams are formed

### Chapter 32 Internet Security

Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3

### Middleboxes. Firewalls. Internet Ideal: Simple Network Model. Internet Reality. Middleboxes. Firewalls. Globally unique idenpfiers

Ideal: Simple Network Model Middleboxes Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 hgp://www.cs.princeton.edu/courses/archive/spr12/cos461/ Globally unique

### Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

### Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

### SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

### Internetwork Security

Internetwork Security Why Network Security Layers? Fundamentals of Encryption Network Security Layer Overview PGP Security on Internet Layer IPSec IPv6-GCAs SSL/TLS Lower Layers 1 Prof. Dr. Thomas Schmidt

### Dr. Arjan Durresi. Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/

Set of Problems 2 Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/ Louisiana State University

### Multimedia Networking and Network Security

CMPT371 12-1 Multimedia Networking and Network Security 1 Multimedia Networking and Network Security This note is based on Chapters 7 and 8 of the text book. Outline of multimedia networking Multimedia

### CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

### Computer Networks - CS132/EECS148 - Spring 2013 ------------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 3 - Solutions Deadline : May 9 th 9:30pm (hard and soft copies required) ------------------------------------------------------------------------------

### 21.4 Network Address Translation (NAT) 21.4.1 NAT concept

21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially

### CS 4803 Computer and Network Security

Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and

### Mobile IP and DHCP. Motivation for Mobile IP. Terminology

Motivation for Mobile IP Motivation transfer Encapsulation Security Mobile IP and DHCP Problems DHCP Dr. Ka-Cheong Leung CSIS 7304 The Wireless and Mobile Computing 1 Routing based on IP destination address,

### IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP

IP and Mobility Chapter 2 Technical Basics: Layer Methods for Medium Access: Layer 2 Chapter Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Telecommunication Networks: GSM, GPRS, UMTS

### Implementing and Managing Security for Network Communications

3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication

### INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

### Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

### Network Security Fundamentals

APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

### 7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

### Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

### Network Security Technology Network Management

COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission

### NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall

NETWORK SECURITY Ch. 8: Defense Mechanism - Firewall Firewall A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave

### APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

### Chapter 4 Virtual Private Networking

Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between

### Throughput Analysis of WEP Security in Ad Hoc Sensor Networks

Throughput Analysis of WEP Security in Ad Hoc Sensor Networks Mohammad Saleh and Iyad Al Khatib iitc Stockholm, Sweden {mohsaleh, iyad}@iitc.se ABSTRACT This paper presents a performance investigation

### Wireless Networks. Welcome to Wireless

Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)

### Virtual Private Networks

Outline Virtual Private Networks Cmput 410 Presentations November 25-2004 Introduction Types of VPNs Tunneling Security Encryption Future of VPNs VPN - Definition Introduction a way to provide remote access

### Protocol Rollback and Network Security

CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

### 802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com

802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key

### Compter Networks Chapter 9: Network Security

Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau

### Tomás P. de Miguel DIT-UPM. dit UPM

Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability

### Final for ECE374 05/06/13 Solution!!

1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -

### SECURITY IN NETWORKS

SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

### Symmetric Key cryptosystem

SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single

### Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

### IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security

### Telematics Chapter 11: Network Security Beispielbild User watching video clip

Telematics Chapter 11: Network Security Beispielbild User watching video clip Server with video clips Application Layer Application Layer Prof. Dr. Mesut Güneş Presentation Layer Presentation Layer Computer

### Ethernet. Ethernet. Network Devices

Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

### Cornerstones of Security

Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

### Network Security. Network Security. Security in Computer Networks

Network Security Network Security introduction cryptography authentication key exchange Reading: Tannenbaum, section 7.1 Ross/Kurose, Ch 7 (which is incomplete) Intruder may eavesdrop remove, modify, and/or

### CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter

### Overview of Network Security

Overview of Network Security from à Computer Networking: A Top Down Approach, 4 th edition. Jim Kurose, Keith Ross AddisonWesley, July 2007. 81 Roadmap: What is network security? Principles of cryptography

### Computer Networks. Secure Systems

Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

### IPSEC: IKE. Markus Hidell mahidell@kth.se. Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers

IPSEC: IKE Markus Hidell mahidell@kth.se Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers 1 Reading Kaufman, chapter 18 (and some of 16) 2 Secure Key Establishment

### Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

### Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org

### tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack Stanford, UCL

tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack! Stanford, UCL Reminder: project goal IPsec SSH TLS Unencrypted TCP traffic today Not drawn to scale Reminder:

### Chapter 3. Network Domain Security

Communication System Security, Chapter 3, Draft, L.D. Chen and G. Gong, 2008 1 Chapter 3. Network Domain Security A network can be considered as the physical resource for a communication system. This chapter

### Computer Networks - CS132/EECS148 - Spring 2013 ------------------------------------------------------------------------------

Computer Networks - CS132/EECS148 - Spring 2013 Instructor: Karim El Defrawy Assignment 2 Deadline : April 25 th 9:30pm (hard and soft copies required) ------------------------------------------------------------------------------

### Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

### EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst

EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst Data communication in reality In reality, the source and destination hosts are very seldom on the same network, for

### Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication

### Transport Layer Security Protocols

SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

### CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher