10/11/2015 1R. Smith - University of St Thomas - Minnesota CISC 370 - Class Today Project ScheduleProject Schedule RecapRecap Finish up Wireless securityFinish

04/21/23 1R. Smith - University of St Thomas - Minnesota

CISC 370 - Class Today CISC 370 - Class Today

• Project ScheduleProject Schedule• RecapRecap• Finish up Wireless securityFinish up Wireless security• St. Luke’s Hospital case studySt. Luke’s Hospital case study• POTS – Plain Old Telephone SystemPOTS – Plain Old Telephone System

– Architectural traditionsArchitectural traditions– POTS-style WANs for digital networkingPOTS-style WANs for digital networking


Project ScheduleProject Schedule

• Topic: (handed in)Topic: (handed in)

• Outline: April 23Outline: April 23– I’ll e-mail comments to your groupI’ll e-mail comments to your group

• Revised Outline (optional): Apr 30Revised Outline (optional): Apr 30

• Papers: May 12Papers: May 12• Presentations: May 12 and 14Presentations: May 12 and 14

RecapRecap

• Project plansProject plans• Wireless LANs, esp. 802.11Wireless LANs, esp. 802.11• Wireless security – some WEPWireless security – some WEP


Basic vs Extended Service SetBasic vs Extended Service Set

• The risk of vague terminologyThe risk of vague terminology• Basic Service Set (BSS)Basic Service Set (BSS)

– One or more coordinated devices – essentially a single LAN as One or more coordinated devices – essentially a single LAN as far as media access goesfar as media access goes

– May contain 1, 2, or many base stationsMay contain 1, 2, or many base stations– Sometimes called a ‘cell’Sometimes called a ‘cell’

• Independent BSS Independent BSS – A BSS that’s not bridged or linked to other BSSes at Layer 2A BSS that’s not bridged or linked to other BSSes at Layer 2

• Usually an ad-hoc net without any base stationsUsually an ad-hoc net without any base stations

• Extended Service Set (ESS)Extended Service Set (ESS)– Two or more BSSes connected at Layer 2Two or more BSSes connected at Layer 2– A single LAN in terms of Layer 2 addressingA single LAN in terms of Layer 2 addressing


WEP - Wired equivalent privacy

• Shared key encryption protocol– 64 to 128-bit keys using RC-4

Each packet has an IVPer-packet key constructed of key + IV

– The secret part is much smaller than the encryption key

• Poorly constructed encryption– 64-bit keys broken in 40-bit time

128-bit keys broken in 64-bit timePossible to modify a packet's contents and CRC without knowing the encryption key

Wireless Protected Access

• WPA – first try– designed as stopgap since WEP was so bad– 128-bit keys using RC-4– Pre-shared keys updated using TKIP - Temporal Key Integrity

Protocol• Better integrity protection• Larger effective keys• Key update protocol

• WPA2 - 802.11i - full implementation of WPA– Use permanent keys to authenticate; temporary keys to

encrypt – AES replaces RC-4– Can use RADIUS authentication server (protocol called 802.1X)

• (what is this RADIUS thing about?)


St. LukesSt. Lukes

– Houston TX, 500K patients/yearHouston TX, 500K patients/year

• Wireless LAN & HospitalsWireless LAN & Hospitals– Benefits?Benefits?

• Most workers provide “mobile” serviceMost workers provide “mobile” service• Portable equipment: thermometers, blood pressurePortable equipment: thermometers, blood pressure• Carts with stuff for patients: medications, food, etc.Carts with stuff for patients: medications, food, etc.• Evolving mandate for “electronic medical records”Evolving mandate for “electronic medical records”

– Problems/Risks?Problems/Risks?• HIPAA – federal mandate for patient privacyHIPAA – federal mandate for patient privacy

– Major culture shock for ‘traditional’ medicineMajor culture shock for ‘traditional’ medicine

• Vulnerability of wireless accessVulnerability of wireless access– Default is unprotectedDefault is unprotected

– ““Secure” modes originally weakSecure” modes originally weak


St. Lukes & WirelessSt. Lukes & Wireless

• Proxima WLAN (1998)Proxima WLAN (1998)– Decision based on internal WLAN case studyDecision based on internal WLAN case study– Goal: provide mobile LAN accessGoal: provide mobile LAN access– Implementation: 802.11 BSS, FHSS 1.2Mbps thruputImplementation: 802.11 BSS, FHSS 1.2Mbps thruput– Problems: Problems:

• Chicken wire, very poor coverageChicken wire, very poor coverage– Lost signal would yield a dropped connectionLost signal would yield a dropped connection

– Dropped connections would terminate applicationsDropped connections would terminate applications

• Increasing traffic -> capacity saturation -> troubleIncreasing traffic -> capacity saturation -> trouble

• Upgrade #1 – Cisco APs (2003)Upgrade #1 – Cisco APs (2003)– Differences in transmission:Differences in transmission:

• 802.11B, DSSS, 11Mbps802.11B, DSSS, 11Mbps

St. Luke Upgrade #2St. Luke Upgrade #2

• Netmotion’s Mobility product (2003)Netmotion’s Mobility product (2003)

• Note Figure V.1 (p. 341)Note Figure V.1 (p. 341)– Most hospital systems are on “Main network”Most hospital systems are on “Main network”

– All wireless access is through NetMotion serversAll wireless access is through NetMotion servers

• Two software componentsTwo software components– Clients have “Mobility” installed in their protocol stacksClients have “Mobility” installed in their protocol stacks

– Netmotion servers sit between wireless and “main net”Netmotion servers sit between wireless and “main net”

• Serve as ‘proxy hosts’ – redundant pairServe as ‘proxy hosts’ – redundant pair

• Netmotion maintains application connectionsNetmotion maintains application connections– Even when the wireless connection temporarily fades outEven when the wireless connection temporarily fades out

• Address mapping: Address mapping: – Keeps a consistent appearance to the applications even as the client Keeps a consistent appearance to the applications even as the client

moves to different subnetsmoves to different subnets



The Plain Old Telephone SystemThe Plain Old Telephone System

• POTSPOTS– ArchitectureArchitecture– SS-7SS-7

• WANs from the POTS folksWANs from the POTS folks– X.25X.25– Frame RelayFrame Relay– ATMATM


POTSPOTS

• Plain Old Telephone SystemPlain Old Telephone System– Driven by analog circuit traditionsDriven by analog circuit traditions

• Classic ‘circuit switching’Classic ‘circuit switching’

• Architecture based on phone system evolutionArchitecture based on phone system evolution


Circuit operationCircuit operation

• Like connections, with differencesLike connections, with differences• Phase 1: establishmentPhase 1: establishment

– One endpoint initiates; other acceptsOne endpoint initiates; other accepts– Establish the route through intermediate nodesEstablish the route through intermediate nodes– Allocate resources at intermediate nodesAllocate resources at intermediate nodes

• Phase 2: data transferPhase 2: data transfer– Data follows the established path and data rateData follows the established path and data rate

• Phase 3: disconnect Phase 3: disconnect – Initiated by an endpointInitiated by an endpoint– Deallocate resources at the nodesDeallocate resources at the nodes


ArchitectureArchitecture

– SubscribersSubscribers• End user pointsEnd user points• ““Dumb” endpoints in traditional systemsDumb” endpoints in traditional systems

– Subscriber linesSubscriber lines• The “last mile” of telecommunicationsThe “last mile” of telecommunications• AKA “subscriber loop” or “local loop”AKA “subscriber loop” or “local loop”

– ExchangesExchanges• Connects to subscriber lines Connects to subscriber lines • Connects to ‘trunks’ leading to other exchangesConnects to ‘trunks’ leading to other exchanges

– TrunksTrunks• Connects exchanges togetherConnects exchanges together


Exchanges (“Offices”)Exchanges (“Offices”)

• End Office – connects to subscriber linesEnd Office – connects to subscriber lines– ~19,000 exchanges in the US~19,000 exchanges in the US

• Intermediate ExchangeIntermediate Exchange– connects end offices togetherconnects end offices together

• Long Distance OfficeLong Distance Office– connects end offices and other long distance officesconnects end offices and other long distance offices


TrunksTrunks

• TypesTypes– Connecting trunk – between nearby exchangesConnecting trunk – between nearby exchanges– Intercity trunk – between more distant exchangesIntercity trunk – between more distant exchanges

• Channel ImplementationChannel Implementation– Frequency Division MultiplexingFrequency Division Multiplexing– Synchronous Time Division MultiplexingSynchronous Time Division Multiplexing

• Architecture diagramArchitecture diagram– Subscriber loop, end office connecting trunk, intermediate Subscriber loop, end office connecting trunk, intermediate

exchange, long distance office, intercity trunkexchange, long distance office, intercity trunk


Signalling and Control FunctionSignalling and Control Function

• Controlling a call and giving statusControlling a call and giving status• Consider a ‘classic telephone’Consider a ‘classic telephone’

– What control and status things have you heard?What control and status things have you heard?– Control signals?Control signals?– Status signals?Status signals?

• In-band versus out of band signallingIn-band versus out of band signalling– Where do we have in-band signalling on phone connections?Where do we have in-band signalling on phone connections?– Does TCP/IP use in-band or out-of-band signalling? Ethernet?Does TCP/IP use in-band or out-of-band signalling? Ethernet?


Can we figure out how calls work?Can we figure out how calls work?

• What elements of network technology do we What elements of network technology do we need?need?

• What have we experienced in phone calls?What have we experienced in phone calls?• What do we know about POTS architecture?What do we know about POTS architecture?• How does this manifest itself through circuit How does this manifest itself through circuit

switching?switching?


Telephone connection sequenceTelephone connection sequence

• Both phones are on-hook, One goes off-hookBoth phones are on-hook, One goes off-hook• End office sends dial toneEnd office sends dial tone• Caller dials a numberCaller dials a number• Switch uses this as the ‘called address’Switch uses this as the ‘called address’• If called address is not busy, make it ringIf called address is not busy, make it ring• Send ring tone to callerSend ring tone to caller• If called phone goes off hook, connect the callIf called phone goes off hook, connect the call• Turn off the ring signalTurn off the ring signal• Continue the connection till a phone goes on-Continue the connection till a phone goes on-

hookhook


Office-to-office connectionOffice-to-office connection

• Originating office finds a free connection on an Originating office finds a free connection on an interoffice trunkinteroffice trunk

• Sends a request for a ‘digit register’ to receive Sends a request for a ‘digit register’ to receive the called numberthe called number

• Destination sends a ‘wink’ when it has a digit Destination sends a ‘wink’ when it has a digit register for originator to useregister for originator to use

• Originator sends the number to the destination Originator sends the number to the destination officeoffice

• The destination connects to the end subscriber The destination connects to the end subscriber loop, or continues through another officeloop, or continues through another office


Signaling System 7 (SS7)Signaling System 7 (SS7)

• Today, trunks use SS7 for control signalingToday, trunks use SS7 for control signaling• Packet technology + POTS office architecturePacket technology + POTS office architecture

– ““Offices” are now called “switches”Offices” are now called “switches”– Highly redundantHighly redundant

• Supports modern capabilitiesSupports modern capabilities– Phone numbers not tied to hardware (subscriber loop)Phone numbers not tied to hardware (subscriber loop)– Phone numbers ‘roam’ geographicallyPhone numbers ‘roam’ geographically– Remote voice mailRemote voice mail– Toll free numbers (800 etc)Toll free numbers (800 etc)– Special charge numbers (900 etc)Special charge numbers (900 etc)


Elements of SS7Elements of SS7

• These devices are deployed redundantlyThese devices are deployed redundantly• Service Switching Points (SSPs)Service Switching Points (SSPs)

– Connect to subscribers – local loopsConnect to subscribers – local loops– Connect to STPs via SS7Connect to STPs via SS7– Sends queries to SCPs to find out how to route a callSends queries to SCPs to find out how to route a call

• Service Transfer Points (STPs)Service Transfer Points (STPs)– A packet switch tailored to handle SS7A packet switch tailored to handle SS7– Routes data based on phone numbersRoutes data based on phone numbers– Firewalling traffic from ‘external’ networksFirewalling traffic from ‘external’ networks

• Service Control Points (SCPs)Service Control Points (SCPs)– Centralized databasesCentralized databases– Links particular phone numbers to particular subscribersLinks particular phone numbers to particular subscribers– Provides routing information for reaching subscribersProvides routing information for reaching subscribers


WANs - The Telcos' parting attempts at WANs - The Telcos' parting attempts at relevancerelevance• They really are mired in an existing business They really are mired in an existing business

model and customer basemodel and customer base• Makes it hard for them to deal with the Makes it hard for them to deal with the

changing data comm landscapechanging data comm landscape• You can almost see how modern services like You can almost see how modern services like

ATM reflect demands by particular (large) ATM reflect demands by particular (large) customers with particular expectationscustomers with particular expectations

• Telcos still exist because they can meet these Telcos still exist because they can meet these demands and charge high tariffs for them.demands and charge high tariffs for them.


Classic WAN LineupClassic WAN Lineup

• "Leased Lines" - dedicated point to point "Leased Lines" - dedicated point to point connections (archaic!!)connections (archaic!!)

• Most of these were a fixed (huge!) cost per Most of these were a fixed (huge!) cost per monthmonth

• Cost tied to distance of connectionCost tied to distance of connection– Analog - an ancient and relatively slow service (56K)Analog - an ancient and relatively slow service (56K)– Digital Data Service - a slightly less ancient and slow service Digital Data Service - a slightly less ancient and slow service

(56K)(56K)– T-1 - the workhorse for early Internet sites 1.54MT-1 - the workhorse for early Internet sites 1.54M– T-3 - something of an improvement: 44.7MT-3 - something of an improvement: 44.7M


Newer ServicesNewer Services

• Frame Relay - more recent service Frame Relay - more recent service – (talk more about it in a minute) (talk more about it in a minute) – 44.7M44.7M– Charge per month for the connecting portCharge per month for the connecting port– Added charge per month for each virtual circuit's capacityAdded charge per month for each virtual circuit's capacity– No extra charge for longer distancesNo extra charge for longer distances

• Synchro Optical Net (SONET) 51.4M to ...Synchro Optical Net (SONET) 51.4M to ...– Standard designation for optical hardware connectionsStandard designation for optical hardware connections– ““OC” numbersOC” numbers

• OC-1 (or STS-1) at 50Mb/secOC-1 (or STS-1) at 50Mb/sec– thruthru

• OC-192 (STS-192) at 9.6Gb/secOC-192 (STS-192) at 9.6Gb/sec• STS-768 at 38 Gb/sec.. etc.STS-768 at 38 Gb/sec.. etc.


"Switched Services”"Switched Services”

• gee, a choice of destinations!gee, a choice of destinations!• Dial-up analog - the classic modem connection 56KDial-up analog - the classic modem connection 56K• X.25 packet switching - now archaic 56KX.25 packet switching - now archaic 56K• ISDN -ISDN -

– a first attempt at integrated ditigtal service: a first attempt at integrated ditigtal service: – up to 1.54Mup to 1.54M– cost per month plus connect time charge + long distance chargescost per month plus connect time charge + long distance charges

• ADSL - something more contemporary, but aging: ADSL - something more contemporary, but aging: – up to 9Mup to 9M

• Frame Relay - see, both switched and unswitchedFrame Relay - see, both switched and unswitched• ATM - the Great White Hope of the telcosATM - the Great White Hope of the telcos

– if this doesn't bring in business, they're historyif this doesn't bring in business, they're history– Pricing structure varies, but is not usually distance sensitivePricing structure varies, but is not usually distance sensitive


•Trade-offs between choicesTrade-offs between choices

• Cost structure: per link, per connection, per Cost structure: per link, per connection, per packet, distance sensitive, etc.packet, distance sensitive, etc.

• Switched vs unswitchedSwitched vs unswitched

• Channels per physical link: all in one, or Channels per physical link: all in one, or multiplexedmultiplexed

• Reliability and flow control: network or Reliability and flow control: network or endpoint responsibility?endpoint responsibility?


X-25 Network ProtocolX-25 Network Protocol

• Telco industry’s first - unsuccessful - attempt Telco industry’s first - unsuccessful - attempt to build a networking protocolto build a networking protocol

• Designed a "smart network“Designed a "smart network“• Misused the notion of a protocol stackMisused the notion of a protocol stack

– used it to establish independence among protocol designers at used it to establish independence among protocol designers at different levels -different levels -

– led to serious inefficienciesled to serious inefficiencies– Flow control and error correction replicated at layers 2 and 3Flow control and error correction replicated at layers 2 and 3


X.25 ArchitectureX.25 Architecture

• Telcos took as an article of faith that Telcos took as an article of faith that connections are fundamentalconnections are fundamental– Embedded per-connection overhead in individual network Embedded per-connection overhead in individual network

switchesswitches– Personally, I implemented X.25 over the Arpanet backbone Personally, I implemented X.25 over the Arpanet backbone

without such foolishness and it worked fine.without such foolishness and it worked fine.– Flow control took some fine-tuning, but that worked, too.Flow control took some fine-tuning, but that worked, too.

• ServicesServices– Cost per packet - I remember this; probably a link cost, tooCost per packet - I remember this; probably a link cost, too– Multiple channels per link possibleMultiple channels per link possible– Switched and unswitched channels possible ('permanent' Switched and unswitched channels possible ('permanent'

virtual circuits)virtual circuits)


Frame RelayFrame Relay

• A "dumber network" than X.25A "dumber network" than X.25– closer to “end to end” Internet architecture conceptcloser to “end to end” Internet architecture concept

• WAN with unreliable datagrams and no flow WAN with unreliable datagrams and no flow controlcontrol– Relies on end-to-end protocols like TCP to handle flow control Relies on end-to-end protocols like TCP to handle flow control

and error correctionand error correction– 'Smarter' than datagrams – 'Smarter' than datagrams –

• retains order of transmission on a channelretains order of transmission on a channel– Stallings argues that this works because modern digital Stallings argues that this works because modern digital

transmission methods are more reliable than the analog transmission methods are more reliable than the analog modem-based techniquesmodem-based techniques

– Greatly increased network efficiency and reduced transmission Greatly increased network efficiency and reduced transmission delays by eliminating "smart network" protocol overheaddelays by eliminating "smart network" protocol overhead


Protocol detailsProtocol details

• Multiple channels – Multiple channels – – channel 0 for linking other channels to endpointschannel 0 for linking other channels to endpoints

• Each channel can have its own endpoint – Each channel can have its own endpoint – – either predefined or on a "per call" basiseither predefined or on a "per call" basis– Like ‘virtual circuits’ on X.25Like ‘virtual circuits’ on X.25

• Individual packets carry a channel number or Individual packets carry a channel number or "Data Link Connection Identifier" (DLCI)."Data Link Connection Identifier" (DLCI).


Setting up a connectionSetting up a connection

• Initating host sends a SETUP packet - crosses the Initating host sends a SETUP packet - crosses the network to the destination, delivered to destination network to the destination, delivered to destination host.host.

• Destination host accepts by sending a CONNECT Destination host accepts by sending a CONNECT packet - goes back to the initiating host.packet - goes back to the initiating host.

• The SETUP/CONNECT protocol establishes a channel, The SETUP/CONNECT protocol establishes a channel, assigns a DLCI.assigns a DLCI.

• When connection finished, send a RELEASE to other When connection finished, send a RELEASE to other endend

• Other end responds with RELEASE COMPLETEOther end responds with RELEASE COMPLETE• No big deal - just different names for the same sort of No big deal - just different names for the same sort of

thing.thing.


Congestion controlCongestion control• Not much.Not much.• "Danger Will Robinson" bit – "Danger Will Robinson" bit –

– says that there's congestion in one direction or the other. says that there's congestion in one direction or the other. – "Forward/Backward Explicit Congestion Notification" FECN or BECN)"Forward/Backward Explicit Congestion Notification" FECN or BECN)

• "Sacrificial Lamb" bit – "Sacrificial Lamb" bit – – says this packet is a good one to discard if things are too congested. says this packet is a good one to discard if things are too congested. – "Discard Eligibility" DE"Discard Eligibility" DE

• Implement multiple transmission rates, based on what Implement multiple transmission rates, based on what is paid foris paid for– Committed Info Rate (CIR) - what's paid forCommitted Info Rate (CIR) - what's paid for– Maximum Rate (MR) - what is acceptedMaximum Rate (MR) - what is accepted– Access Rate – Access Rate –

• what the link accepts – what the link accepts – • excess past MR gets discardedexcess past MR gets discarded


•ATM or "Cell Relay“ATM or "Cell Relay“

• A "cell" is a "frame" only it's supposed to be A "cell" is a "frame" only it's supposed to be transmitted faster.transmitted faster.– Dumber and more efficient than X.25Dumber and more efficient than X.25– Cell sequence is preservedCell sequence is preserved

• Basic Features Basic Features – Virtual channelsVirtual channels– Packet format/featuresPacket format/features– Service categoriesService categories


Virtual paths and virtual channelsVirtual paths and virtual channels

• Users see virtual channels as logical Users see virtual channels as logical connectionsconnections

• Virtual paths are a network level property: Virtual paths are a network level property: – represents a set of virutal channels with a common destination represents a set of virutal channels with a common destination

– – – network handles them as an aggregated entity instead of network handles them as an aggregated entity instead of

handling the channels individuallyhandling the channels individually


Packet formatPacket format

• Packet destination = virtual path + virtual Packet destination = virtual path + virtual channel within pathchannel within path

• Payload type = user data vs system data, Payload type = user data vs system data, – also includes info about congestionalso includes info about congestion– poor flow control againpoor flow control again

• Sacrificial lamb bit - "Cell Loss Priority" (CLP)Sacrificial lamb bit - "Cell Loss Priority" (CLP)• 8-bit checksum for the header8-bit checksum for the header

– since bit errors could cause pain to the networksince bit errors could cause pain to the network


ATM Service categories ATM Service categories

• or, "I'm a big customer and you'd better provide me the or, "I'm a big customer and you'd better provide me the category of service I want or I'm calling in the category of service I want or I'm calling in the competition."competition."– + Constant bit rate (CBR) - traditional connection service+ Constant bit rate (CBR) - traditional connection service

– + Variable Bit Rat (VBR) - gives network more flexibility and lower cost + Variable Bit Rat (VBR) - gives network more flexibility and lower cost to the customerto the customer

– + Unspecified Bit Rate (UBR) - 'best effort' service - give it whatever + Unspecified Bit Rate (UBR) - 'best effort' service - give it whatever bandwidth is left overbandwidth is left over

– + Avaliable bit rate (ABR) - specifies a minimum cell rate required + Avaliable bit rate (ABR) - specifies a minimum cell rate required (MCR) and a peak rate (PCR). Connects LANs across ATM(MCR) and a peak rate (PCR). Connects LANs across ATM

– + Guaranteed Frame Rate (GFR) + Guaranteed Frame Rate (GFR)

• - for connecting to Internet backbone. Has the ATM net understand - for connecting to Internet backbone. Has the ATM net understand frame boundaries, so packets are discareded in "frame" sets frame boundaries, so packets are discareded in "frame" sets instead of individually, possibly from separate frames.instead of individually, possibly from separate frames.


Creative Commons LicenseCreative Commons License

This work is licensed under the Creative This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United Commons Attribution-Share Alike 3.0 United

States License. To view a copy of this license, States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-visit http://creativecommons.org/licenses/by-

sa/3.0/us/ or send a letter to Creative sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Commons, 171 Second Street, Suite 300, San

Francisco, California, 94105, USA.Francisco, California, 94105, USA.

Documents

10/11/2015 1R. Smith - University of St Thomas - Minnesota CISC 370 - Class Today Project ScheduleProject Schedule RecapRecap Finish up Wireless securityFinish