204
CS 2363 COMPUTER NETWORKS A Course Material on COMPUTER NETWORKS By Mr. K.TAMILVANAN ASSISTANT PROFESSOR DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING SASURIE COLLEGE OF ENGINEERING VIJAYAMANGALAM 638 056

6. CS2363 CN-unit IV Ref

Tags:

Embed Size (px)

DESCRIPTION

ss

Citation preview

CS 2363 COMPUTER NETWORKS A Course Material on COMPUTER NETWORKS By Mr. K.TAMILVANAN ASSISTANT PROFESSOR DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING SASURIE COLLEGE OF ENGINEERING VIJAYAMANGALAM 638 056 CS 2363 COMPUTER NETWORKS QUALITY CERTIFICATE This is to certify that the e-course materialSubject Code:CS 2363 Subject:COMPUTER NETWORKS Class: II Year EEEBeing prepared by me and it meets the knowledge requirement of the university curriculum. Signature of the Author Name: Designation: This is to certify that the course material being prepared by Mr. K. Tamilvanan is of adequate quality. He has referred more than five books among them minimum one is from aboard author. Signature of HD Name:Mr. S. Sriram SEAL CS 2363 COMPUTER NETWORKS S.NO CONTENTS PAGE NO Unit I DATA COMMUNICATION 1.1Introduction to networks9 1.1.1 Network definition10 1. 2Network architecture12 1.2.1 Protocols12 1.2.2 Interfaces12 1.3OSI architecture13 1.3.1 Internet architecture13 1.3.2 Application programming interface14 1.3.3 Socket14 1.4Network performance15 1.5Direct link networks16 1.6Encoding17 1.7Framing18 1.8Error detection18 1.9Transmission 18 1.10Ethernet19 1.11Rings19 1.12Switched networks 1.13Wireless networks 1.14Bridges Unit II Data link layer CS 2363 COMPUTER NETWORKS 2.1Internetworking21 2.2Ip22 2.2.1 Ip service model22 2.2.2 Packet format22 2.2.3 Ip fragmentation and reassembly23 2.3Arp24 2.4Reverse address resolution protocol27 2.5Dynamic host configuration protocol (dhcp)27 2.6Internet control message protocol28 2.7Routing29 2.8Routing algorithms30 2.8.1 Distance vector30 2.8.2 Count-to-infinity problem32 2.8.3 Link state routing33 2.9Addressing34 2.9.1 Global addresses34 2.9.2 Ip datagram forwarding36 2.10CIDR37 2.11Subnetting37 Unit III Network Layer 3.1Transport layer40 3.2User datagram protocol (udp)41 3.3Transmission control protocol42 3.3.1Tcp segment structure42 CS 2363 COMPUTER NETWORKS 3.3.2 Tcp seq. #s and acks42 3.4 Congestion control43 3.5Flow control44 3.6Queuing disciplines44 3.7Congestion avoidance mechanisms49 3.7.1 Tcp slow start50 58 unit IV - Transport layer 4.1Data compression59 4.1.1Lossless compression techniques60 4.2Introduction to jpeg 64 4.2.1Jpeg compression65 4.3 Introduction to mpeg66 4.3.1 Video compression (mpeg)67 4.3.2 Frame types69 4.4 Introduction tomp369 4.5Cryptography70 4.5.1 Transposition cipher72 4.5.2 Polyalphabetic cipher72 4.5.3 Types ofecryption73 4.5.6 Types of encryption keys81 4.6Symmetric key81 4.7Public-key82 4.8Authentication84 4.9Key distribution86 CS 2363 COMPUTER NETWORKS 4.9.1 Key distribution mechanisms.86 4.10Key agreement88 4.11PGP88 4.12SSH90 4.13Transport security91 4.14IP security92 4.15Wireless security94 4.16Firewalls96 Unit V Application layer 5.1Domain name system (DNS)107 5.2E- mail107 5.2.1 Peer-peer model109 5.3World wide web110 5.3.1 Hypertext data110 5.3.2 Clustering and classification111 5.3.3 Hyperlink analysis112 5.4SNMP113 5.5FTP113 5.6Web services116 5.7Multimedia applications117 5.8Overlay network119 IWorked out problems125 IIGlossary125 CS 2363 COMPUTER NETWORKS IIIUnit I Important Two marks & Big Questions134 IVUnit II Important Two marks & Big Questions135 VUnit III Important Two marks & Big Questions140 VIUnit IV Important Two marks & Big Questions144 VIIUnit V Important Two marks & Big Questions150 VIIIAnna University Old Question Papers154 UNIT I DATA COMMUNICATION Introduction to networks network architecture network performance Direct link networks encodingframingerrordetectiontransmissionEthernetRingsFDDI-Wireless networks Switched networks bridges 1.1 INTRODUCTION TO NETWORKS 1.1.1Network Definition Anetworkcanbedefinedastwoormorecomputersconnectedtogetherinsuchaway that they can share resources.The purpose of a network is to share resources. A resource may be: A file A folder A printer A disk drive Or just about anything else that exists on a computer. CS 2363 COMPUTER NETWORKS Anetworkissimplyacollectionofcomputersorotherhardwaredevicesthatare connected together, either physically or logically, using special hardware and software, to allow them to exchange information and cooperate. Networking is the term that describes theprocessesinvolvedindesigning,implementing,upgrading,managingandotherwise working with networks and network technologies Advantages of networking. Connectivity and CommunicationData SharingHardware SharingInternet AccessInternet Access SharingData Security and ManagementPerformance Enhancement and BalancingEntertainment 1. 2 NETWORK ARCHITECTURE

Layered system with alternative abstractions available at a given layer 1.2.1 Protocols Protocol defines the interfaces between the layers in the same system and with the layers of peer system Building blocks of a network architecture Each protocol object has two different interfaces service interface: operations on this protocol peer-to-peer interface: messages exchanged with peer Term protocol is overloaded specification of peer-to-peer interface module that implements this interface 1.2.2 Interfaces CS 2363 COMPUTER NETWORKS Protocol Specification: prose, pseudo-code, state transition diagram Interoperable: when two or more protocols that implement the specification accurately IETF: Internet Engineering Task Force 1.3 OSI ARCHITECTURE Description of Layers Physical Layer Handles the transmission of raw bits over a communication link Data Link Layer Collects a stream of bits into a larger aggregate called a frame NetworkadaptoralongwithdevicedriverinOSimplementtheprotocolinthis layer Frames are actually delivered to hosts Network Layer Handles routing among nodes within a packet-switched network Unit of data exchanged between nodes in this layer is called a packet The lower three layers are implemented on all network nodes Transport Layer Implements a process-to-process channel Unit of data exchanges in this layer is called a message Session Layer Providesanamespacethatisusedtotietogetherthepotentiallydifferent transport streams that are part of a single application Presentation Layer Concerned about the format of data exchanged between peers CS 2363 COMPUTER NETWORKS Application Layer Standardize common type of exchanges Thetransportlayerandthehigherlayerstypicallyrunonlyonend-hostsandnotonthe intermediate switches and routers 1.3.1 Internet Architecture Defined by IETF Three main features Doesnotimplystrictlayering.Theapplicationisfreetobypassthedefined transport layers and to directly use IP or other underlying networks Anhour-glassshapewideatthetop,narrowinthemiddleandwideatthe bottom. IP serves as the focal point for the architecture Inorderforanewprotocoltobeofficiallyincludedinthearchitecture,there needstobebothaprotocolspecificationandatleastone(andpreferablytwo) representative implementations of the specification 1.3.2 Application Programming Interface Interface exported by the network Sincemostnetworkprotocolsareimplemented(thoseinthehighprotocolstack)in softwareandnearlyallcomputersystemsimplementtheirnetworkprotocolsaspartof theoperatingsystem,whenwerefertotheinterfaceexportedbythenetwork,weare generally referring to the interface that the OS provides to its networking subsystem The interface is called the network Application Programming Interface (API) Interface exported by the network Sincemostnetworkprotocolsareimplemented(thoseinthehighprotocolstack)in softwareandnearlyallcomputersystemsimplementtheirnetworkprotocolsaspartof theoperatingsystem,whenwerefertotheinterfaceexportedbythenetwork,weare generally referring to the interface that the OS provides to its networking subsystem The interface is called the network Application Programming Interface (API) CS 2363 COMPUTER NETWORKS Socket Interface was originally provided by the Berkeley distribution of Unix - Now supported in virtually all operating systems Each protocol provides a certain set of services, and the API provides a syntax by which those services can be invoked in this particular OS 1.3.3Socket Socket Family PF_INET denotes the Internet familyPF_UNIX denotes the Unix pipe facilityPF_PACKETdenotesdirectaccesstothenetworkinterface(i.e.,itbypassesthe TCP/IP protocol stack) Socket Type SOCK_STREAM is used to denote a byte stream SOCK_DGRAM is an alternative that denotes a message oriented service, such as that provided by UDP Creating a Socket int sockfd = socket(address_family, type, protocol); The socket number returned is the socket descriptor for the newly created socket int sockfd = socket (PF_INET, SOCK_STREAM, 0); int sockfd = socket (PF_INET, SOCK_DGRAM, 0); The combination of PF_INET and SOCK_STREAM implies TCP Bind Binds the newly created socket to the specified address i.e. the network address of the local participant (the server) Address is a data structure which combines IP and port Listen Defines how many connections can be pending on the specified socket Accept Carries out the passive open Blocking operationDoes not return until a remote participant has established a connection Whenitdoes,itreturnsanewsocketthatcorrespondstothenew establishedconnectionandtheaddressargumentcontainstheremote participants address Client Application performs active open It says who it wants to communicate with Client invokes int connect (int socket, struct sockaddr *address, int addr_len) Connect DoesnotreturnuntilTCPhassuccessfullyestablishedaconnectionatwhich application is free to begin sending data Address contains remote machines address 1.4NETWORK PERFORMANCE CS 2363 COMPUTER NETWORKS BandwidthWidth of the frequency band Number of bits per second that can be transmitted over a communication link 1 Mbps: 1 x 106 bits/second = 1x220 bits/sec 1 x 10-6 seconds to transmit each bit or imagine that a timeline, now each bit occupies 1 micro second space. On a 2 Mbps link the width is 0.5 micro second. Smaller the width more will be transmission per unit time. Bits transmitted at a particular bandwidth can be regarded as having some width:(a) bits transmitted at 1Mbps (each bit 1 s wide);(b) bits transmitted at 2Mbps (each bit 0.5 s wide).Latency = Propagation + transmit + queue Propagation = distance/speed of light Transmit = size/bandwidth One bit transmission => propagation is important Large bytes transmission => bandwidth is important Delay X Bandwidth We think the channel between a pair of processes as a hollow pipe Latency (delay) length of the pipe and bandwidth the width of the pipe Delay of 50 ms and bandwidth of 45 Mbps 50 x 10-3 seconds x 45 x 106 bits/second 2.25 x 106 bits = 280 KB data. Relative importance of bandwidth and latency depends on application For large file transfer, bandwidth is critical For small messages (HTTP, NFS, etc.), latency is critical Varianceinlatency(jitter)canalsoaffectsomeapplications(e.g.,audio/video conferencing) How many bits the sender must transmit before the first bit arrives at the receiver if the sender keeps the pipe full Takes another one-way latency to receive a response from the receiver CS 2363 COMPUTER NETWORKS Ifthesenderdoesnotfillthepipesendawholedelaybandwidthproducts worth of data before it stops to wait for a signalthe sender will not fully utilize the network Infinite bandwidth RTT dominates Throughput = TransferSize / TransferTimeTransferTime = RTT + 1/Bandwidth x TransferSizeIts all relative 1-MB file to 1-Gbps link looks like a 1-KB packet to 1-Mbps link 1.5 DIRECT LINK NETWORKS Givestheupperboundtothecapacityofalinkintermsofbitspersecond(bps)asa function of signal-to-noise ratio of the link measured in decibels (dB). C = Blog2(1+S/N) Where B = 3300 300 = 3000Hz, S is the signal power, N the average noise. Thesignaltonoiseratio(S/N)ismeasuredindecibelsisrelatedtodB=10x log10(S/N).If there is 30dB of noise then S/N = 1000. Now C = 3000 x log2(1001) = 30kbps. Allpracticallinksrelyonsomesortofelectromagneticradiationpropagatingthrougha medium or, in some cases, through free space One way to characterize links, then, is by the medium they use Typicallycopperwireinsomeform(asinDigitalSubscriberLine(DSL)and coaxial cable), Another important link characteristic is the frequency Measured in hertz, with which the electromagnetic waves oscillate Distance between the adjacent pair of maxima or minima of a wave measured in meters is called wavelength Speed of light divided by frequency gives the wavelength. Frequencyonacoppercablerangefrom300Hzto3300Hz;Wavelengthfor 300Hz wave through copper is speed of light on a copper / frequency 2/3 x 3 x 108 /300 = 667 x 103 meters. Placing binary data on a signal is called encoding. Modulation involves modifying the signals in terms of their frequency, amplitude, and phase. Opticalfiber(asinbothcommercialfiber-to-thehomeservicesandmanylong-distance links in the Internets backbone), or Air/free space (for wireless links) CS 2363 COMPUTER NETWORKS 1.6 ENCODING Signals travel between signaling components; bits flow between adaptors Problem with NRZ Baseline wander The receiver keeps an average of the signals it has seen so far Uses the average to distinguish between low and high signal When a signal is significantly low than the average, it is 0, else it is 1 Too many consecutive 0s and 1s cause this average to change, making it difficult to detect Problem with NRZ Clock recovery Frequent transition from high to low or vice versa are necessary to enable clock recovery Both the sending and decoding process is driven by a clock Every clock cycle, the sender transmits a bit and the receiver recovers a bit The sender and receiver have to be precisely synchronized NRZI Non Return to Zero Inverted Sendermakesatransitionfromthecurrentsignaltoencode1andstayatthe current signal to encode 0 Solves for consecutive 1sCS 2363 COMPUTER NETWORKS Manchester encoding MergingtheclockwithsignalbytransmittingEx-ORoftheNRZencodeddata and the clock Clockisaninternalsignalthatalternatesfromlowtohigh,alow/highpairis considered as one clock cycle In Manchester encoding 0: low high transition 1: high low transitionProblem with Manchester encoding Doubles the rate at which the signal transitions are made on the link Which means the receiver has half of the time to detect each pulse of the signal The rate at which the signal changes is called the links baud rate In Manchester the bit rate is half the baud rate 4B/5B encoding Insert extra bits into bit stream so as to break up the long sequence of 0s and 1s Every 4-bits of actual data are encoded in a5- bit code that is transmitted to the receiver 5-bit codes are selected in such a way that each one has no more than one leading 0(zero) and no more than two trailing 0s. No pair of 5-bit codes results in more than three consecutive 0s 1.7 .FRAMING Wearefocusingonpacket-switchednetworks,whichmeansthatblocksofdata(called frames at this level), not bit streams, are exchanged between nodes.It is the network adaptor that enables the nodes to exchange frames.When node A wishes to transmit a frame to node B, it tells its adaptor to transmit a frame from the nodes memory. This results in a sequence of bits being sent over the link. The adaptor on node B then collects together the sequence of bits arriving on the link and deposits the corresponding frame in Bs memory. Recognizingexactlywhatsetofbitsconstituteaframethatis,determiningwherethe frame begins and endsis the central challenge faced by the adaptor Byte-oriented Protocols To view each frame as a collection of bytes (characters) rather than bits BISYNC (Binary Synchronous Communication) Protocol Developed by IBM (late 1960) DDCMP (Digital Data Communication Protocol) Used in DECNetBISYNC sentinel approach Frames transmitted beginning with leftmost field BeginningofaframeisdenotedbysendingaspecialSYN(synchronize) character DataportionoftheframeiscontainedbetweenspecialsentinelcharacterSTX (start of text) and ETX (end of text) SOH : Start of Header DLE : Data Link Escape CS 2363 COMPUTER NETWORKS CRC: Cyclic Redundancy Check PPP Frame Format Recent PPP which is commonly run over Internet links uses sentinel approach Special start of text character denoted as Flag 0 1 1 1 1 1 1 0 Address, control : default numbers Protocol for demux : IP / IPX Payload : negotiated (1500 bytes) Checksum : for error detectionByte-counting approach DDCMP count : how many bytes are contained in the frame body If count is corrupted Framing error Bit-oriented Protocol HDLC : High Level Data Link Control Beginning and Ending Sequences 0 1 1 1 1 1 1 0 HDLC Protocol On the sending side, any time five consecutive 1s have been transmitted from the bodyofthemessage(i.e.excludingwhenthesenderistryingtosendthe distinguished 01111110 sequence) The sender inserts 0 before transmitting the next bit HDLC Protocol On the receiving side 5 consecutive 1s Next bit 0 : Stuffed, so discard it 1 : Either End of the frame marker Or Error has been introduced in the bitstreamLook at the next bit If 0 ( 01111110 ) End of the frame marker If 1 ( 01111111 ) Error, discard the whole frame The receiver needs to wait for next01111110 before it can start receiving again CS 2363 COMPUTER NETWORKS 1.8ERROR DETECTION Bit errors are introduced into frames Because of electrical interference and thermal noises Detecting Error Correction Error Two approaches when the recipient detects an error Notify the sender that the message was corrupted, so the sender can send again. If the error is rare, then the retransmitted message willbe error-free Usingsomeerrorcorrectdetectionandcorrectionalgorithm,thereceiver reconstructs the message Common technique for detecting transmission error CRC (Cyclic Redundancy Check) Used in HDLC, DDCMP, CSMA/CD, Token Ring Other approaches Two Dimensional Parity (BISYNC) Checksum (IP) Basic Idea of Error Detection Toaddredundantinformationtoaframethatcanbeusedtodetermineiferrors have been introduced Imagine (Extreme Case) Transmitting two complete copies of data Identical No error Differ Error Poor Scheme ??? n bit message, n bit redundant information Error can go undetected In general, we can provide strong error detection technique k redundant bits, n bits message, k LAF CS 2363 COMPUTER NETWORKS Discard it (the frame is outside the receiver window) If LFR < SeqNum LAF Accept itNow the receiver needs to decide whether or not to send an ACK Let SeqNumToAckDenotethelargestsequencenumbernotyetacknowledged,suchthatall frameswithsequencenumberlessthanorequaltoSeqNumToAckhave been received The receiver acknowledges the receipt of SeqNumToAck even if high-numbered packets have been received This acknowledgement is said to be cumulative. The receiver then setsLFR = SeqNumToAck and adjusts LAF = LFR + RWSFor example, suppose LFR = 5 and RWS = 4(i.e. the last ACK that the receiver sent was for seq. no. 5)LAF = 9 If frames 7 and 8 arrive, they will be buffered because they are within the receiver window But no ACK will be sent since frame 6 is yet to arrive Frames 7 and 8 are out of order Frame6arrives(itislatebecauseitwaslostfirsttimeandhadtobe retransmitted) Now Receiver Acknowledges Frame 8 and bumps LFR to 8 and LAF to 12 1.10 ETHERNET Most successful local area networking technology of last 20 years. Developedinthemid-1970sbyresearchersattheXeroxPaloAltoResearchCenters (PARC). Uses CSMA/CD technology Carrier Sense Multiple Access with Collision Detection. A set of nodes send and receive frames over a shared link. Carriersensemeansthatallnodescandistinguishbetweenanidleandabusy link. Collisiondetectionmeansthatanodelistensasittransmitsandcantherefore detectwhenaframeitistransmittinghascollidedwithaframetransmittedby another node. Uses ALOHA (packet radio network) as the root protocol DevelopedattheUniversityofHawaiitosupportcommunicationacrossthe Hawaiian Islands. ForALOHAthemediumwasatmosphere,forEthernetthemediumisacoax cable. DEC and Intel joined Xerox to define a 10-Mbps Ethernet standard in 1978. This standard formed the basis for IEEE standard 802.3 CS 2363 COMPUTER NETWORKS Morerecently802.3hasbeenextendedtoincludea100-MbpsversioncalledFast Ethernet and a 1000-Mbps version called Gigabit Ethernet. An Ethernet segment is implemented on a coaxial cable of up to 500 m. This cable is similar to the type used forcable TV except that it typically has an impedance of 50 ohms instead of cable TVs 75 ohms. Hosts connect to an Ethernet segment by tapping into it. A transceiver (a small device directly attached to the tap) detects when the line is idle and drives signal when the host is transmitting. The transceiver also receives incoming signal. The transceiver is connected to an Ethernet adaptor which is plugged into the host. The protocol is implemented on the adaptor. Multiple Ethernet segments can be joined together by repeaters. A repeater is a device that forwards digital signals. No more than four repeaters may be positioned between any pair of hosts. An Ethernet has a total reach of only 2500 m. Any signal placed on the Ethernet by a host is broadcast over the entire network Signal is propagated in both directions. Repeaters forward the signal on all outgoing segments. Terminators attached to the end of each segment absorb the signal. Ethernet uses Manchester encoding scheme. New Technologies in Ethernet Insteadofusingcoaxcable,anEthernetcanbeconstructedfromathinnercable known as 10Base2 (the original was 10Base5) 10 means the network operates at 10 Mbps Base means the cable is used in a baseband system 2 means that a given segment can be no longer than 200 m New Technologies in Ethernet Another cable technology is 10BaseT T stands for twisted pair Limited to 100 m in length With10BaseT,thecommonconfigurationistohaveseveralpointtopoint segments coming out of a multiway repeater, called HubAccess Protocol for Ethernet The algorithm is commonly called Ethernets Media Access Control (MAC). It is implemented in Hardware on the network adaptor. Frame format Preamble (64bit): allows the receiver to synchronize with the signal (sequence of alternating 0s and 1s). Host and Destination Address (48bit each). Packet type (16bit): acts as demux key to identify the higher level protocol. Data (up to 1500 bytes) Minimally a frame must contain at least 46 bytes of data. Frame must be long enough to detect collision. CRC (32bit) Ethernet Addresses CS 2363 COMPUTER NETWORKS Each host on an Ethernet (in fact, every Ethernet host in the world) has a unique Ethernet Address. The address belongs to the adaptor, not the host. It is usually burnt into ROM. Ethernet addresses are typically printed in a human readable format As a sequence of six numbers separated by colons. Each number corresponds to 1 byte of the 6 byte address and is given by a pair of hexadecimal digits, one for each of the 4-bit nibbles in the byte Leading 0s are dropped. For example, 8:0:2b:e4:b1:2 is 00001000 00000000 00101011 11100100 10110001 00000010 Toensurethateveryadaptorgetsauniqueaddress,eachmanufacturerofEthernet devicesisallocatedadifferentprefixthatmustbeprependedtotheaddressonevery adaptor they build AMD has been assigned the 24bit prefix 8:0:20 1.11.RINGS Aringtoplogynetworkdevelopedinthelate1960s.SupportedmainlybyIBM. Pushed into the background by Ethernet in the 1990s. aLANprotocolwhichresidesatthedatalinklayer(DLL)oftheOSI model Shielded Twisted Pair with unique hermaphroditic connectors (IBM Type 1) or Symmetric pair. Speed: 4 Mbps (1985) 16 Mpbs (1989, IBM Ring operation When nobody is transmitting a token circles. When a station needs to transmit data, it converts the token into a data frame. When the sender receives its own data frame, it converts the frame back into a token. Ifanerroroccursandnotokenframe,ormorethanone,ispresent,aspecialstation (Active Monitor) detects the problem and removes and/or reinserts tokens as necessary. The Abort frame: used to abort transmission by the sending station FDDI FDDI ARCHITECTURAL MODEL CS 2363 COMPUTER NETWORKS accordingtotheosi-rm,fddispecifieslayer1(physicallayer)andpartoflayer2(data link control layer) the physical layer handles the transmission of raw bits over a communications link the data link control (dlc) layer is responsible for maintaining the integrity of information exchanged between two pointshigh bandwidth (10 times more than ethernet) largerdistancesbetweenfddinodesbecauseofverylowattenuation( 0.3db/km)in fibersimproved signal-to-noise ratio because of no interference from external radio frequencies and electromagnetic noiseber typical of fiber-optic systems (10^-11) is substantially better than that in copper (10^-5) and microwave systems (10^-7)very difficult to tap signals form a fiber cablehigh cost of optical components required for transmission/reception of signals (especially for single mode fiber networks) more complex to implement than existing low speed lan technologies such as ieee 802.3 and ieee 802.5office automation at the desktop backbones for factory automation backend data center applications campus lan interconnection intercampus backbones or metropolitan area networks (mans) interconnection of private branch exchanges (pbxs) workgroup and departmental lans integrated transport for multimedia applications 1.12 SWITCHED NETWORKS Datagram network is not either connection-orientedor connectionless. Internet provides both connection-oriented (TCP) andconnectionless services (UDP) to apps. mesh of interconnected routers the fundamental question: how is data transferred through net? circuit switching: dedicated circuit per call: telephone net packet-switching: data sent thru net in discrete chunksEnd-end resources reserved for call CS 2363 COMPUTER NETWORKS link bandwidth,switch capacity dedicated resources: no sharing circuit-like (guaranteed) performance call setup required network resources (e.g., bandwidth) divided into piecespieces allocated to calls resource piece idle if not used by owning call (no sharing)each end-end data stream divided into packetsuser A, B packets share network resourceseach packet uses full link bandwidthresources used as needed 1.13 .WIRELESS NETWORKS Wireless links transmit electromagnetic signals Radio, microwave, infrared Wireless links all share the same wire (so to speak) The challenge is to share it efficiently without unduly interfering with each other Most of this sharing is accomplished by dividing the wire along the dimensions of frequency and space Exclusive use of a particular frequency in a particulargeographic area maybeallocated to an individual entity such as a corporation TheseallocationsaredeterminedbygovernmentagenciessuchasFCC(Federal Communications Commission) in USA Specific bands (frequency) ranges are allocated to certain uses. Some bands are reserved for government use OtherbandsarereservedforusessuchasAMradio,FMradio,televisions, satellite communications, and cell phones Specificfrequencieswithinthesebandsarethenallocatedtoindividual organizations for use within certain geographical areas. Finally, there are several frequency bands set aside for license exempt usage Bands in which a license is not needed Devices that use license-exempt frequencies are still subject to certain restrictions The first is a limit on transmission power Thislimitstherangeofsignal,makingitlesslikelytointerferewithanother signal For example, a cordless phone might have a range of about 100 feet. he second restriction requires the use ofSpread Spectrum technique Idea is to spread the signal over a wider frequency band So as to minimize the impact of interference from other devices CS 2363 COMPUTER NETWORKS Originally designed for military use Frequency hopping Transmitting signal over a random sequence of frequencies First transmitting at one frequency, then a second, then a third The sequence of frequencies is not truly random, instead computed algorithmically by a pseudorandom number generator Thereceiverusesthesamealgorithmasthesender,initializesit with the same seed, and is Abletohopfrequenciesinsyncwiththetransmitterto correctly receive the frame A second spread spectrum technique called Direct sequence Represents each bit in the frame by multiple bits in the transmitted signal. For each bit the sender wants to transmit It actually sends the exclusive OR of that bit and n random bits Thesequenceofrandombitsisgeneratedbyapseudorandomnumbergenerator known to both the sender and the receiver. The transmitted values, known as an n-bit chipping code, spread the signal across a frequency band that is n times wider Wireless technologies differ in a variety of dimensions How much bandwidth they provide How far apart the communication nodes can be Four prominent wireless technologies Bluetooth Wi-Fi (more formally known as 802.11) WiMAX (802.16) 3G cellular wireless 1.14 BRIDGES Bridges and LAN Switches Classofswitchesthatisusedtoforwardpacketsbetweenshared-mediaLANs such as Ethernets Known as LAN switches Referred to as Bridges Suppose you have a pair of Ethernets that you want to interconnect One approach is put a repeater in between them It might exceed the physical limitation of the Ethernet No more than four repeaters between any pair of hosts No more than a total of 2500 m in length is allowed An alternative would be to put a node between the two Ethernets and have the node forward frames from one Ethernet to the other This node is called a Bridge A collection of LANs connected by one or more bridges is usually said to form an Extended LANSimplest Strategy for Bridges Accept LAN frames on their inputs and forward them out to all other outputs Used by early bridges CS 2363 COMPUTER NETWORKS Learning Bridges Observe that there is no need to forward all the frames that a bridge receivesBroadcast and Multicast Forward all broadcast/multicast frames Current practice Learn when no group members downstream AccomplishedbyhavingeachmemberofgroupGsendaframetobridge multicast address with G in source field Limitation of Bridges Do not scale Spanning tree algorithm does not scale Broadcast does not scale,Do not accommodate heterogeneity UNIT IIDATA LINKLAYER InternetworkingIP-ARPReverseAddressResolutionProtocolDynamicHost ConfigurationProtocolInternetControlMessageProtocolRoutingRoutingalgorithms Addressing Subnetting CIDR Inter domain routing IPv6 2.1 INTERNETWORKING Anarbitrarycollectionofnetworksinterconnectedtoprovidesomesortofhost-host to packet delivery service 2.2 IP IP stands for Internet Protocol Key tool used today to build scalable, heterogeneous internetworks Itruns on all the nodes in a collection of networks and defines the infrastructure that allows these nodes and networks to function as a single logical internetwork CS 2363 COMPUTER NETWORKS

2.2.1 IP Service Model Packet Delivery Model Connectionless model for data delivery Best-effort delivery (unreliable service) packets are lost packets are delivered out of order duplicate copies of a packet are delivered packets can be delayed for a long time Global Addressing Scheme Provides a way to identify all hosts in the network Packet Format Version (4): currently 4 Hlen (4): number of 32-bit words in header TOS (8): type of service (not widely used) Length (16): number of bytes in this datagram Ident (16): used by fragmentation Flags/Offset (16): used by fragmentation TTL (8): number of hops this datagram has traveled Protocol (8): demux key (TCP=6, UDP=17) Checksum (16): of the header only DestAddr & SrcAddr (3 IP Fragmentation and Reassembly Each network has some MTU (Maximum Transmission Unit) Ethernet (1500 bytes), FDDI (4500 bytes) Strategy Fragmentationoccursinarouterwhenitreceivesadatagramthatitwantsto forward over a network which has (MTU < datagram) Reassembly is done at the receiving host All the fragments carry the same identifier in the Ident field Fragments are self-contained datagramsCS 2363 COMPUTER NETWORKS IP does not recover from missing fragments 2.3 ARP Address Translation Protocol (ARP) Map IP addresses into physical addresses destination host next hop router Techniques encode physical address in host part of IP address table-based ARP (Address Resolution Protocol) table of IP to physical address bindings broadcast request if IP address not in table target machine responds with its physical address table entries are discarded if not refreshed CS 2363 COMPUTER NETWORKS HardwareType: type of physical network (e.g., Ethernet) ProtocolType: type of higher layer protocol (e.g., IP) HLEN & PLEN: length of physical and protocol addresses Operation: request or response Source/Target Physical/Protocol addresses Ethernetaddressesareconfiguredintonetworkbymanufacturerandtheyare unique IPaddressesmustbeuniqueonagiveninternetworkbutalsomustreflectthe structure of the internetwork MosthostOperatingSystemsprovideawaytomanuallyconfiguretheIP information for the host Drawbacks of manual configuration A lot of work to configure all the hosts in a large network Configuration process is error-prune Automated Configuration Process is required 2.4 REVERSE ADDRESS RESOLUTION PROTOCOL (RARP) is a Link layer networking protocol RARP is described in internet EngineeringTask ForceETF) publication RFC 903 IthasbeenrenderedobsoletebytheBootstrapProtocol(BOOTP)andthemodern Dynamic Host Configuration Protocol(DHCP) BOOTPconfigurationserverassignsanIPaddresstoeachclientfromapoolof addresses.BOOTP uses the User Datagram Protocol (UDP) 2.5 DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) DHCP server is responsible for providing configuration information to hosts There is at least one DHCP server for an administrative domain DHCP server maintains a pool of available addresses Newly booted or attached host sends DHCPDISCOVER message to a special IP address (255.255.255.255) DHCP relay agent unicasts the message to DHCP server and waits for the response CS 2363 COMPUTER NETWORKS 2.6 INTERNET CONTROL MESSAGE PROTOCOL Definesacollectionoferrormessagesthataresentbacktothesourcehostwhenevera router or host is unable to process an IP datagram successfully Destination host unreachable due to link /node failure Reassembly process failed TTL had reached 0 (so datagrams don't cycle forever) IP header checksum failed ICMP-RedirectFrom router to a source host With a better route information Forwarding versus Routing Forwarding: toselectanoutputportbasedondestinationaddressandrouting table Routing: process by which routing table is built 2.7 ROUTING Forwarding versus Routing Forwarding: toselectanoutputportbasedondestinationaddressandrouting table Routing: process by which routing table is built Forwarding table VS Routing table Forwarding tableCS 2363 COMPUTER NETWORKS Usedwhenapacketisbeingforwardedandsomustcontain enough information to accomplish the forwarding function Arowintheforwardingtablecontainsthemappingfroma networknumbertoanoutgoinginterfaceandsomeMAC information, such as Ethernet Address of the next hop Routing tableBuiltbytheroutingalgorithmasaprecursortobuildthe forwarding table Generally contains mapping from network numbers to next hops For a simple network, we can calculate all shortest paths and load them into some nonvolatile storage on each node. Such a static approach has several shortcomings It does not deal with node or link failures It does not consider the addition of new nodes or links It implies that edge costs cannot change Need a distributed and dynamic protocol Two main classes of protocols Distance Vector Link State2.8 ROUTING ALGORITHMS 2.8.1 Distance Vector Eachnodeconstructsaonedimensionalarray(avector)containingthedistances (costs) to all other nodes and distributes that vector to its immediate neighbors Startingassumptionisthateachnodeknowsthecostofthelinktoeachofitsdirectly connected neighbors The distance vector routing algorithm is sometimes called as Bellman-Ford algorithm Every T seconds each router sends its table to its neighbor each each router then updates its table based on the new information Problemsincludefastresponsetogoodnewandslowresponsetobadnews.Alsotoo many messages to update When a node detects a link failure F detects that link to G has failed F sets distance to G to infinity and sends update to A A sets distance to G to infinity since it uses F to reach G A receives periodic update from C with 2-hop path to G A sets distance to G to 3 and sends update to F F decides it can reach G in 4 hops via A CS 2363 COMPUTER NETWORKS Slightly different circumstances can prevent the network from stabilizing Suppose the link from A to E goes down In the next round of updates, A advertises a distance of infinity to E, but B and C advertise a distance of 2 to E Depending on the exact timing of events, the following might happen Node B, upon hearing that E can be reached in 2 hops from C, concludes that it can reach E in 3 hops and advertises this to A Node A concludes that it can reach E in 4 hops and advertises this to C Node C concludes that it can reach E in 5 hops; and so on. This cycle stops only when the distances reach some number that is large enough to be considered infinite 2.8.2 Count-to-infinity problem Use some relatively small number as an approximation of infinity For example, the maximum number of hops to get across a certain network is never going to be more than 16 One technique to improve the time to stabilize routing is called split horizon When a node sends a routing update to its neighbors, it does not send those routes it learned from each neighbor back to that neighbor Forexample,ifBhastheroute(E,2,A)initstable,thenitknowsitmusthave learned this route from A, and so whenever B sends a routing update to A, it does not include the route (E, 2) in that update In a stronger version of split horizon, called split horizon with poison reverse B actually sends that back route to A, but it puts negative information in the route to ensure that A will not eventually use B to get to E For example, B sends the route (E, ) to A2.8.3 Link State Routing Strategy: Send to all nodes (not just neighbors) information about directly connected links (not entire routing table). Link State Packet (LSP) id of the node that created the LSP cost of link to each directly connected neighbor sequence number (SEQNO) time-to-live (TTL) for this packet CS 2363 COMPUTER NETWORKS Reliable Flooding store most recent LSP from each node forward LSP to all nodes but one that sent it generate new LSP periodically; increment SEQNO start SEQNO at 0 when reboot decrement TTL of each stored LSP; discard when TTL=0 2.9 ADDRESSING 2.9.1 Global Addresses Properties globally unique hierarchical: network + host 4 Billion IP address, half are A type, is B type, and 1/8 is C type Format Dot notation 10.3.2.4 128.96.33.81 192.12.69.77 2.9.2 IP Datagram Forwarding Strategy every datagram contains destination's address if directly connected to destination network, then forward to host if not directly connected to destination network, then forward to some router forwarding table maps network number into next hop each host has a default router each router maintains a forwarding table Example (router R2) Algorithm if (NetworkNum of destination = NetworkNum of one of my interfaces) then deliver packet to destination over that interface else if (NetworkNum of destination is in my forwarding table) then deliver packet to NextHop router else deliver packet to default router For a host with only one interface and only a default router in its forwarding table, this simplifies to if (NetworkNum of destination = my NetworkNum)then deliver packet to destination directly else deliver packet to default router 2.10 CIDR CS 2363 COMPUTER NETWORKS Classless Addressing Classless Inter-Domain Routing A technique that addresses two scaling concerns in the Internet The growth of backbone routing table as more and more network numbers need to be stored in them Potential exhaustion of the 32-bit address space Address assignment efficiency Arises because of the IP address structure with class A, B, and C addresses Forces us to hand out network address space in fixed-size chunks of three very different sizes A network with two hosts needs a class C address Address assignment efficiency = 2/255 = 0.78 A network with 256 hosts needs a class B address ADDRESSASSIGNMENTEFFICIENCY=256/65535= 0.39 Problem with this solution Excessive storage requirement at the routers.If a single AS has, say 16 class C network numbers assigned to it,Every Internet backbone router needs 16 entries in its routing tables for that AS This is true, even if the path to every one of these networks is the same If we had assigned a class B address to the AS The same routing information can be stored in one entry Efficiency = 16 255 / 65, 536 = 6.2% CIDR tries to balance the desire to minimize the number of routes that a router needs to know against the need to hand out addresses efficiently. CIDR uses aggregate routes Uses a single entry in the forwarding table to tell the router how to reach a lot of different networks Breaks the rigid boundaries between address classes Consider an AS with 16 class C network numbers. Insteadofhandingout16addressesatrandom,handoutablockofcontiguousclassC addresses Suppose we assign the class C network numbers from 192.4.16 through 192.4.31 Observethattop20bitsofalltheaddressesinthisrangearethesame(11000000 00000100 0001) Wehavecreateda20-bitnetworknumber(whichisinbetweenclassBnetwork number and class C number) Requires to hand out blocks of class C addresses that share a common prefix CS 2363 COMPUTER NETWORKS 2.11 SUBNETTING Add another level to address/routing hierarchy: subnet Subnet masks define variable partition of host part of class A and B addressesSubnets visible only within site Forwarding Algorithm D = destination IP address for each entry < SubnetNum, SubnetMask, NextHop> D1 = SubnetMask & D if D1 = SubnetNumif NextHop is an interface deliver datagram directly to destination else deliver datagram to NextHop (a router) Subnet Addressing Supposethatthefirsttwobytesarethesubnetindicatorwithaddressesoftheform 131.156.x.x Then, 131.156.29.156 and 131.156.34.215 would be on the same subnet. Thesubnetmaskwouldbe255.255.0.0,whichcorrespondsto 11111111.11111111.00000000.00000000,where1indicatesthatthepositionispartofthe subnet address and a 0 indicates that it is not. Partial bytes can also be used as subnets. Forexample,considerthesubnetmask255.255.255.128,whichis 11111111.11111111.11111111.10000000. Here,all computers with the same first three bytes and last byte from 128 to 254 would be on the same subnet. CS 2363 COMPUTER NETWORKS UNIT III NETWORK LAYER Transport Layer User Datagram Protocol (UDP) Transmission Control Protocol Congestion control Flow control Queuing Disciplines Congestion Avoidance Mechanisms 3.1 TRANSPORT LAYER provide logical communication between app processes running on different hosts transport protocols run in end systemsosend side: breaks app messages into segments, passes tonetwork layer orcv side: reassembles segments into messages, passes to app layer more than one transport protocol available to apps oInternet: TCP and UDP network layer: logical communication between hosts transport layer: logical communication between processesorelies on, enhances, network layer servicesreliable, in-order delivery (TCP) ocongestion control (distributed control)oflow control oconnection setupunreliable, unordered delivery: UDP ono-frills extension of best-effort IP services not available:odelay guarantees obandwidth guarantees 3.2 USER DATAGRAM PROTOCOL (UDP) no frills, bare bones Internet transport protocol best effort service, UDP segments may be: olost odelivered out of order to app connectionless:ono handshaking between UDP sender, receiver oeach UDP segment handled independently of others ono connection establishment (which can add delay) osimple: no connection state at sender, receiver osmall segment header ono congestion control: UDP can blast away as fast as desiredoften used for streaming multimedia apps oloss tolerant orate sensitive other UDP uses oDNS oSNMPCS 2363 COMPUTER NETWORKS reliable transfer over UDP: add reliability at application layer oapplication-specific error recovery! 3.3 TRANSMISSION CONTROL PROTOCOL point-to-point:oone sender, one receiverreliable, in-order byte steam:ono message boundaries pipelined:oTCP congestion and flow control set window size send & receive buffers full duplex data:bi-directional data flow in same connection MSS: maximum segment size connection-oriented:handshaking(exchangeofcontrolmsgs)initssender,receiverstatebeforedata exchange flow controlled: sender will not overwhelm receiver socketdoorTCPsend bufferTCPreceive buffersocketdoorsegmentapplicationwrites dataapplicationreads dataCS 2363 COMPUTER NETWORKS 3.3.1TCP segment structure 3.3.2 TCP seq. #s and ACKs Seq. #s:byte stream number of first byte in segments dataACKs:seq # of next byte expected from other side cumulative ACK Q: how receiver handles out-of-order segments A: TCP spec doesnt say, - up to implementorlonger than RTT but RTT varies too short: premature timeout unnecessary retransmissions too long: slow reaction to segment loss SampleRTT: measured time from segment transmission until ACK receipt ignore retransmissions SampleRTT will vary, want estimated RTT smootheraverage several recent measurements, not just current SampleRTTTCP Round Trip Time and Timeout EstimatedRTT = (1-)*EstimatedRTT +*SampleRTTExponential weighted moving average influence of past sample decreases exponentially fast typical value: = 0.125 CS 2363 COMPUTER NETWORKS 3.4 CONGESTION CONTROL Congestion:informally: too many sources sending too much data too fast for network to handle different from flow control! manifestations: olost packets (buffer overflow at routers) olong delays (queueing in router buffers) a top-10 problem! Causes/costs of congestion: scenario 1 two senders, two receivers one router, infinite buffersno retransmission Causes/costs of congestion: scenario 2 one router, finite bufferssender retransmission of lost packet always: (goodput) perfect retransmission only when loss: retransmission of delayed (not lost) packet makes larger (than perfect case) for same costs of congestion:more work (retrans) for given goodput unneeded retransmissions: link carries multiple copies of pktCauses/costs of congestion: scenario 3 four senders multihop paths timeout/retransmit Another cost of congestion:whenpacketdropped,anyupstreamtransmissioncapacityusedforthatpacketwas wasted! Approaches towards congestion control End-end congestion control:no explicit feedback from network CS 2363 COMPUTER NETWORKS congestion inferred from end-system observed loss, delay approach taken by TCPNetwork-assisted congestion control:routers provide feedback to end systems osingle bit indicating congestion (SNA, DECbit, TCP/IP ECN, ATM) oexplicit rate sender 3.5 FLOW CONTROL receive side of TCP connection has a receive buffer: app process may be slow at reading from buffer speed-matching service: matching the send rate to the receiving apps drain rate (Suppose TCP receiver discards out-of-order segments) spare room in buffer= RcvWindow= RcvBuffer-[LastByteRcvd - LastByteRead] Rcvr advertises spare room by including value of RcvWindow in segments Sender limits unACKed data to RcvWindowoguarantees receive buffer doesnt overflow 3.6 QUEUING DISCIPLINES Each router must implement some queuing discipline Scheduling discipline Drop policy Queuing allocates both bandwidth and buffer space: Bandwidth: which packet to serve (transmit) nextBuffer space: which packet to drop next (when required) Queuing also affects latency FIFO + drop-tail Simplest choice Used widely in the Internet FIFO: scheduling discipline Drop-tail: drop policy FIFO (first-in-first-out)Implies single class of traffic, no priority CS 2363 COMPUTER NETWORKS Drop-tail Arriving packets get dropped when queue is full regardless of flow or importance Lock-out problem Allows a few flows to monopolize the queue space Send more, get more No implicit policingFull queues TCP detects congestion from loss Forces network to have long standing queues in steady-state Queueing delays bad for time sensitive traffic Synchronization: end hosts react to same events Full queue empty Full empty Poor support for bursty traffic Maintain running average of queue length If avg < minth do nothing Low queuing, send packets through If avg > maxth, drop packet Protection from misbehaving sources Else mark packet in a manner proportional to queue length Notify sources of incipient congestion 3.7 CONGESTION AVOIDANCE MECHANISMS end-end control (no network assistance) sender limits transmission: LastByteSent-LastByteAcked CongWinRoughly, CongWin is dynamic, function of perceived network congestion loss event = timeout or 3 duplicate acksTCP sender reduces rate (CongWin) after loss event three mechanisms:oAIMD oslow start oconservative after timeout events multiplicative decrease: cut CongWin in half after loss event Priority queueing can solve some problems Starvation Determining priorities is hard Simpler techniques: Random drop Packet arriving when queue is full causes some random packet to be dropped Drop front On full queue, drop packet at head of queue Random drop and drop front solve the lock-out problem but not the full-queues problem CS 2363 COMPUTER NETWORKS Drop packets before queue becomes full (early drop) Detect incipient congestion Avoid window synchronization oRandomly mark packets Random drop helps avoid bias against bursty traffic additive increase: increaseCongWin by 1 MSS every RTT in the absence of loss events: probing 3.7.1 Tcp slow start When connection begins, CongWin = 1 MSS Example: MSS = 500 bytes & RTT = 200 msecinitial rate = 20 kbps available bandwidth may be >> MSS/RTT desirable to quickly ramp up to respectable rate When connection begins, increase rate exponentially fast until first loss event When connection begins, increase rate exponentially until first loss event: double CongWin every RTT done by incrementing CongWin for every ACK received Refinement After 3 dup ACKs: CongWin is cut in half window then grows linearly8 Kbytes16 Kbytes24 Kbytestimecongesti onwi ndowCS 2363 COMPUTER NETWORKS But after timeout event: CongWin instead set to 1 MSS;window then grows exponentially to a threshold, then grows linearlyAfter 3 dup ACKs: CongWin is cut in half window then grows linearlyBut after timeout event: CongWin instead set to 1 MSS;window then grows exponentially to a threshold, then grows linearlyEvent State TCP Sender Action CommentaryACK receiptfor previously unacked dataSlowStart (SS)CongWin=CongWin+ MSS,If (CongWin > Threshold)setstateto Congestion AvoidanceResulting in a doubling ofCongWinevery RTTACK receiptfor previously unacked dataCongestionAvoidance (CA)CongWin= CongWin+MSS* (MSS/CongWin)

Additiveincrease, resultinginincreaseof CongWinby1MSS every RTTLossevent detected bytriple duplicate ACKSS or CA Threshold = CongWin/2, CongWin = Threshold,SetstatetoCongestion AvoidanceFastrecovery, implementing multiplicative decrease.CongWin willnotdropbelow1 MSS.Timeout SS or CA Threshold = CongWin/2, CongWin = 1 MSS,Set state to Slow StartEnter slow startDuplicate ACKSS or CA IncrementduplicateACK countforsegmentbeing ackedCongWinand Threshold not changed CS 2363 COMPUTER NETWORKS UNIT IV - TRANSPORT LAYER Data Compression introduction to JPEG, MPEG, and MP3 cryptography symmetric-key public-key authentication key distribution key agreement PGP SSH Transport layer security IP Security wireless security Firewalls 4.1 DATA COMPRESSION Multimediadata,comprisingaudio,video,andstillimages,nowmakesupthemajority of traffic on the Internet by many estimates.This is a relatively recent developmentit may be hard to believe now, but there was no YouTube before 2005.Partofwhathasmadethewidespreadtransmissionofmultimediaacrossnetworks possible is advances in compression technology.Because multimedia data is consumed mostly by humans using their sensesvision and hearingand processed by the human brain, there are unique challenges to compressing it.You want to try to keep the information that is most important to a human, while getting ridofanythingthatdoesntimprovethehumansperceptionofthevisualorauditory experience.Hence, both computer science and the study of human perception come into play.Inthissectionwelllookatsomeofthemajoreffortsinrepresentingandcompressing multimedia data. Togetasenseofhowimportantcompressionhasbeentothespreadofnetworked multimedia, consider the following example.Ahigh-definitionTVscreenhassomethinglike10801920pixels,eachofwhichhas 24bitsofcolorinformation,soeachframeis1080192024=50Mbandsoifyou want to send 24 frames per second, that would be over 1Gbps.Thats a lot more than most Internet users can get access to, by a good margin.Bycontrast,moderncompressiontechniquescangetareasonablyhighqualityHDTV signaldowntotherangeof10Mbps,atwoorderofmagnitudereduction,andwell within the reach of many broadband users.SimilarcompressiongainsapplytolowerqualityvideosuchasYouTubeclipsweb videocouldneverhavereacheditscurrentpopularitywithoutcompressiontomakeall those entertaining videos fit within the bandwidth of todays networks. Lossless Compression Techniques In many ways, compression is inseparable from data encoding. That is, in thinking about how to encode a piece of data in a set of bits, we might just as well think about how to encode the data in the smallest set of bits possible.For example, if you have a block of data that is made up of the 26 symbols A through Z, and if all of these symbols have an equal chance of occurring in the data block you are encoding, then encoding each symbol in 5 bits is the best you can do (since 25 = 32 is the lowest power of 2 above 26).If, however, the symbol R occurs 50% of the time, then it would be a good idea to use fewer bits to encode the R than any of the other symbols.CS 2363 COMPUTER NETWORKS In general, if you know the relative probability that each symbol will occur in the data, thenyou can assign a different number of bits to each possible symbol in a way that minimizes the number of bits it takes to encode a given block of data.ThisistheessentialideaofHuffmancodes,oneoftheimportantearly developments in data compression.4.1.1Lossless Compression Techniques Run length Encoding Run length encoding (RLE) is a compression technique with a brute-force simplicity. Theideaistoreplaceconsecutiveoccurrencesofagivensymbolwith only one copy of the symbol, plus a count of how many times that symbol occurshence the name run length.Forexample,thestringAAABBCDDDDwouldbeencodedas 3A2B1C4D. 4.1.2Differential Pulse Code Modulation Another simple lossless compression algorithm is Differential Pulse Code Modulation (DPCM).Theideahereistofirstoutputareferencesymbolandthen,foreach symbolinthedata,tooutputthedifferencebetweenthatsymbolandthe reference symbol.Forexample,usingsymbolAasthereferencesymbol,thestring AAABBCDDDD would be encoded as A0001123333 since A is the same asthereferencesymbol,Bhasadifferenceof1fromthereference symbol, and so on. Dictionary based Methods The final lossless compression method we consider is the dictionary-based approach,ofwhichtheLempel-Ziv(LZ)compressionalgorithmisthe best known.The Unix compress and gzip commands use variants of the LZ algorithm. Theideaofadictionary-basedcompressionalgorithmistobuilda dictionary(table)ofvariable-lengthstrings(thinkofthemascommon phrases)thatyouexpecttofindinthedata,andthentoreplaceeachof thesestringswhenitappearsinthedatawiththecorrespondingindexto the dictionary.Dictionary based Methods Forexample,insteadofworkingwithindividualcharactersintextdata, you could treat each word as a string and output the index in the dictionary for that word.Tofurtherelaborateonthisexample,thewordcompressionhasthe index4978inoneparticulardictionary;itisthe4978thwordin /usr/share/dict/words.To compress a body of text, each time the string compression appears, it would be replaced by 4978. CS 2363 COMPUTER NETWORKS 4.1.2Image Representation and Compression Given the increase in the use of digital imagery in recentyearsthis use was spawned by the invention of graphical displays, not high-speed networksthe need for standard representationformatsandcompressionalgorithmsfordigitalimagerydatahasgrown more and more critical.In response to this need, the ISO defined a digital image format known as JPEG, named after the Joint Photographic Experts Group that designed it. (The Joint in JPEG stands for a joint ISO/ITU effort.) 4.1.3Image Representation and Compression JPEG is the most widely used format for still images in use today.At the heart of the definition of the format is a compression algorithm, which we describe below.ManytechniquesusedinJPEGalsoappearinMPEG,thesetofstandardsforvideo compression and transmission created by the Moving Picture Experts Group.Digitalimagesaremadeupofpixels(hencethemegapixelsquotedindigitalcamera advertisements). Each pixel represents one location in the two-dimensional grid that makes up the image, and for color images, each pixel has some numerical value representing a color.Therearelotsofwaystorepresentcolors,referredtoascolorspaces:theonemost people are familiar with is RGB (red, green, blue). 4.2 INTRODUCTION TO JPEG 4.2.1JPEG Compression DCT Phase DCTisatransformationcloselyrelatedtothefastFouriertransform(FFT).It takes an 88matrixofpixelvaluesasinputandoutputsan88matrixoffrequency coefficients. You can think of the input matrix as a 64-point signal that is defined in two spatial dimensions (x and y); DCT breaks this signal into 64 spatial frequencies. DCT, along with its inverse, which is performed during decompression, is defined by the following formulas: wherepixel(x,y)isthegrayscalevalueofthepixelatposition(x,y)inthe88 block being compressed; N = 8 in this case CS 2363 COMPUTER NETWORKS Quantization Phase The second phase of JPEG is where the compression becomes lossy.DCT does not itself lose information; it just transforms the image into a form that makes it easier to know what information to remove.Quantization is easy to understandits simply a matter of dropping the insignificant bits of the frequency coefficients Quantization Phase The basic quantization equation is QuantizedValue(i, j) = IntegerRound(DCT(i, j)/Quantum(i, j)) Where Decompression is then simply defined as DCT(i, j) = QuantizedValue(i, j) Quantum(i, j)Encoding Phase The final phase of JPEG encodes the quantized frequency coefficients in a compact form.This results in additional compression, but this compression is lossless.StartingwiththeDCcoefficientinposition(0,0),thecoefficientsare processed in the zigzag sequence.Along this zigzag, a form of run length encoding is usedRLE is applied toonlythe0coefficients,whichissignificantbecausemanyofthelater coefficients are 0.The individual coefficient values are then encoded using a Huffman code. 4.3 INTRODUCTION TO MPEG 4.3.1 Video Compression (MPEG) We now turn our attention to the MPEG format, named after the Moving Picture Experts Group that defined it.Toafirstapproximation,amovingpicture(i.e.,video)issimplyasuccessionofstill imagesalso called frames or picturesdisplayed at some video rate.Each of these frames can be compressed using the same DCT-based technique used in JPEG CS 2363 COMPUTER NETWORKS 4.3.2 Frame Types MPEGtakesasequenceofvideoframesasinputandcompressesthem intothreetypesofframes,calledIframes(intrapicture),Pframes (predicted picture), and B frames (bidirectional predicted picture).Eachframeofinputiscompressedintooneofthesethreeframetypes.I framescanbethoughtofasreferenceframes;theyareself-contained, depending on neither earlier frames nor later frames. 4.4 INTRODUCTION TOMP3 ThemostcommoncompressiontechniqueusedtocreateCD-qualityaudioisbasedonthe perceptualencodingtechnique.Thistypeofaudioneedsatleast1.411Mbps,whichcannotbe sent over the Internet without compression. MP3 (MPEG audio layer 3) uses this technique. ThebasicperceptualmodelusedinMP3isthatlouderfrequenciesmaskoutadjacent quieter ones. People can not hear a quiet sound at one frequency if there is a loud sound at another This can be explained better by the following figures presented by Rapha Depke CS 2363 COMPUTER NETWORKS The audio signal passes through 32 filters with different frequency Joint stereo coding takes advantage of the fact that both channels of a stereo channel pair contain similar information Thesestereophonicirrelevanciesandredundanciesareexploitedtoreducethetotal bitrateJointstereoisusedincaseswhereonlylowbitratesareavailablebutstereosignalsare desired. Encoder A typical solution has two nested iteration loops Distortion/Noise control loop (outer loop) Rate control loop (inner loop) Rate control loop nFor a given bit rate allocation, adjust the quantization steps to achieve the bit rate. Thisloopchecksifthenumberofbitsresultingfromthecodingoperation exceeds the number of bits available to code a given block of data. If it is true, then the quantization step is increased to reduce the total bits. This can be achieved by adjusting the global gain 4.5 CRYPTOGRAPHY What Is Cryptography Cryptography is the science of hiding information in plain sight, in order to conceal it from unauthorized parties. Substitution cipher first used by Caesar for battlefield communications Encryption Terms and Operations Plaintext an original message Ciphertext an encrypted message Encryption the process of transforming plaintext into ciphertext (also encipher) Decryption the process of transforming ciphertext into plaintext (also decipher) CS 2363 COMPUTER NETWORKS Encryption key the text value required to encrypt and decrypt data Encryption methodologies Substitution Cipher Plaintext characters are substituted to form ciphertext A becomes R, B becomes G, etc. Character rotation Caesar rotated three to the right (A > D,B > E, C > F, etc.) A table or formula is used ROT13 is a Caesar cipher Image from Wikipedia (link Ch 5a) Subject to frequency analysis attack 4.5.1 Transposition Cipher Plaintext messages are transposed into ciphertext Plaintext: ATTACK AT ONCE VIA NORTH BRIDGE Write into columns going down Read from columns to the right Ciphertext: AKCNBTAEORTTVRIAOITDCNAHG Subject to frequency analysis attack Monoalphabetic Cipher One alphabetic character is substituted or another Subject to frequency analysis attackCS 2363 COMPUTER NETWORKS 4.5.2 Polyalphabetic Cipher Two or more substitution alphabets CAGED becomesRRADB Not subject to frequency attack Running-key Cipher Plaintext letters converted to numeric (A=0, B=1, etc.)Plaintext values added to key values giving ciphertext Modulo arithmetic is used to keep results in range 0-26 Add 26 if results < 0; subtract 26 if results > 26 One-time PadWorks like running key cipher, except that key is length of plaintext, and is used only once Highly resistant to cryptanalysis 4.5.3 Types ofecryption Block cipher Encrypts blocks of data, often 128 bits Stream cipher Operates on a continuous stream of data Block Ciphers Encrypt and decrypt a block of data at a time Typically 128 bits Typical uses for block ciphers Files, e-mail messages, text communications, web Well known encryption algorithms DES, 3DES, AES, CAST,Twofish, Blowfish, Serpent Block Cipher Modes of Operation Electronic Code Book (ECB) Cipher-block chaining (CBC) Cipher feedback (CFB) Output feedback (OFB) CS 2363 COMPUTER NETWORKS Counter (CTR) Initialization Vector (IV) Starting block of information needed to encrypt the first block of data IV must be random and should not be re-used WEP wireless encryption is weak because it re-uses the IV, in addition to making other errors Block Cipher: Cipher-block Chaining (CBC) Ciphertext output from each encrypted plaintext block is used in the encryption for the next block First block encrypted with IV (initialization vector) Block Cipher: Cipher Feedback (CFB) Plaintext for block N is XORd with the ciphertext from block N-1. In the first block, the plaintext XORd with the encrypted IV Stream Ciphers Used to encrypt a continuous stream of data, such as an audio or video transmission A stream cipher is a substitution cipher that typically uses an exclusive-or (XOR) operation that can be performed very quickly by a computer. Most common stream cipher is RC4 Other stream ciphers 4.5.6 Types of Encryption Keys Symmetric key A common secret that all parties must know Difficult to distribute key securely Used by DES, 3DES, AES, Twofish, Blowfish, IDEA, RC5 Asymmetric key Public / private key Openly distribute public key to all parties Keep private key secret Anyone can use your public key to send you a message Used by RSA. El Gamal, Elliptic Curve Asymmetric Encryption Uses Encrypt message with recipient's public key CS 2363 COMPUTER NETWORKS Only recipient can read it, using his or her private key Provides confidentiality Sign message Hash message, encrypt hash with your private key Anyone can verify the signature using your public key Provides integrity and non-repudiation (sender cannot deny authorship) Sign and encrypt Both of the above 4.6 SYMMETRIC KEY most symmetric block ciphers are based on a Feistel Cipher Structure needed since must be able to decrypt ciphertext to recover messages efficiently block ciphers look like an extremely large substitutionwould need table of 264 entries for a 64-bit blockinstead create from smaller building blocksusing idea of a product cipherHorst Feistel devised the feistel cipherbased on concept of invertible product cipherpartitions input block into two halves process through multiple rounds which perform a substitution on left data halfbased on round function of right half & subkeythen have permutation swapping halves implements Shannons substitution-permutation network concept block sizeincreasing size improves security, but slows cipherkey sizeincreasing size improves security, makes exhaustive key searching harder, but may slow ciphernumber of roundsincreasing number improves security, but slows ciphersubkey generationgreater complexity can make analysis harder, but slows cipherround functiongreater complexity can make analysis harder, but slows cipherfast software en/decryption & ease of analysis are more recent concerns for practical use and testing 4.7 PUBLIC-KEY Rapidlyincreasing needs for flexible and secure transmission of information require touse new cryptographic methods.The main disadvantage of the classical cryptography is the need to senda (long) key through a super secure channel before sending the message itself. CS 2363 COMPUTER NETWORKS In secret-key (symetric key) cryptography both sender and receiver share the same secret key.In public-key ryptography there are two different keys: a public encryption keyanda secret decryption key (at the receiver side).Basic idea: If it is infeasible from the knowledge of an encryption algorithm ek to construct the corresponding description algorithm dk, then ek can be made public.Toy example: (Telephone directory encryption)Start: Each user U makes public a unique telephone directory tdU to encrypt messages for U and U is the only user to have an inverse telephone directory itdU.Encryption: Each letter X of a plaintext w is replaced, using the telephone directory tdU of the intended receiver U, by the telephone number of a person whose name starts with letter X.Decryption: easy for Uk, with an inverse telephone directory, infeasible for others.Analogy:Secret-key cryptography 1. Put the message into a box, lock it with a padlock and send the box. 2. Send the key by a secure channel. Public-key cryptography Openpadlocks, for each user different one, are freely available. Onlylegitimate user has key from his padlocks. Transmission:Put the message into the box of the intended receiver, close the padlockMain problem of the secret-key cryptography: a need to make a secure distribution (establishment) of secret keys ahead of transmissions.Diffie+Hellman solved this problem in 1976 by designing a protocol for secure keyestablishment (distribution) overpublic channels. Protocol: If two parties, Alice and Bob, want to create a common secret key, thenthey first agree, somehow, ona large prime p and a primitive root q (mod p) and then they perform, through a public channel, the following activities. Alicechooses, randomly, a large 1 x < p -1 and computes X = q x mod p.Bob also chooses, again randomly, a large 1 y < p -1 and computes Y = q y mod p.Alice and Bob exchange X and Y, through a public channel, but keep x, y secret.Alice computes Y x mod p and Bob computes X y mod p and then each of them has the key K = q xy mod p. The following attack by a man-in-the-middle is possible against the Diffie-Hellman key establishment protocol. . Eve chooses an exponent z.Eve sends q z to both Alice and Bob. (After that Alice believes she has received q x and Bob believes he has receivedq y.)Eve intercepts q x and q y.When Alice sends a message to Bob, encrypted with KA, Eve intercepts it, decrypts it,then encrypts it with KB and sends it to Bob without any need forsecret key distribution(Shamir's no-key algorithm)Basic assumption: Each user X has its own CS 2363 COMPUTER NETWORKS secret encryption function eX secret decryption function dX

and all these functionscommute (to form a commutative cryptosystem).Communication protocol with which Alicecan send a message w to Bob. 1. Alice sends eA (w) to Bob 2. Bob sends eB (eA (w)) to Alice 3. Alice sends dA (eB (eA (w))) = eB (w) to Bob 4. Bob performs the decryption to get dB (eB (w)) = w. 4.8 AUTHENTICATION fundamental security building block basis of access control & user accountability is the process of verifying an identity claimed by or for a system entity has two steps: identification - specify identifierverification - bind entity (person) and identifierdistinct from message authentication four means of authenticating user's identity based one something the individualknows - e.g. password, PIN possesses - e.g. key, token, smartcard is (static biometrics) - e.g. fingerprint, retina does (dynamic biometrics) - e.g. voice, signcan use alone or combined all can provide user authentication all have issues Authentication Protocols used to convince parties of each others identity and to exchange session keys may be one-way or mutual key issues are confidentiality to protect session keys timeliness to prevent replay attacks where a valid signed message is copied and later resent simple replay repetition that can be logged repetition that cannot be detected backward replay without modification countermeasures include use of sequence numbers (generally impractical) timestamps (needs synchronized clocks) challenge/response (using unique nonce)CS 2363 COMPUTER NETWORKS One-Way Authentication required when sender & receiver are not in communications at same time (eg. email) have header in clear so can be delivered by email system may want contents of body protected & sender authenticatedas discussed previously can use a two-level hierarchy of keys usually with a trusted Key Distribution Center (KDC) each party shares own master key with KDC KDC generates session keys used for connections between parties master keys used to distribute these to them

4.9 KEY DISTRIBUTION In designing the key distribution protocol, the authors took into consideration the following requirements: Security domain change: The Certifiction Authority (CA) of the receiving security domain must be able to authenticate the agent which comes from another security domain. Trust establishment: The key distribution process should start with a very high trust relationship with the Certifiction Authority (CA) . Secure key distribution: The key distribution process should be conducted in a secure manner (e.g., trusted path). Efficiency: The key distribution process should not consume a lot of resources, such as machines CPUs and network bandwidth. Scalability: The key distribution process must be scalable enough, so that the mobile agent can have the ability to roam widely. Transparency: The mobile agents should not include a code which is proper to key distribution.This will ease programming as agentsprogrammers will concentrate on the programming logic rather than the key obtaining issues.Portability: The protocol should not be platform specific and should be ported to any mobile agent platform. Ease of administration: The key distribution protocol should not be a burden on the administrator. The protocol is an automated infrastructure that should require minimum administrators intervention. 4.9.1 Key Distribution Mechanisms. A.System Components: A key distribution system for mobile agents includes the following components: Agent: An agent is a software component which executes on behalf of a particular user who is the user of the agent.An agent can be mobile and move from one host server to another under its own control to achieve tasks on these hosts servers. CS 2363 COMPUTER NETWORKS Agent Server: Each host, as part of the mobile agent platform, runs an execution environment, the agent server. Messaging System. A messaging system is part of an agent execution environment. It provides facilities for agents to communicate both locally and remotely The CA. It is a trusted third party which provides digital certificates for mobile agents, users and agent servers.All digital certificates are signed by the CA for further verification of their authenticity and validity. Keystore: Each agent server has a local database which is used to store and retrieve its own private/public key pair and the digital certificate.It also stores the digital certificate of the trusted CA and other agent severs, mobile agents, and CAs with which the agent server has prior communication. Similarly, each CA has a local keystore . Security Domain:A security domain consists of a group of agent servers which are under one common CA. In the security domain, the agent servers have the digital certificate of their local CA stored in their local keystores. When a mobile agent moves, it can move within the same security domain or changes a security domain. 4.10 KEY AGREEMENT Flexibility in credentials Modern, publically analysed/available cryptographic primitives Freshness guarantees PFS? Mutual authentication Identity hiding for supplicant/end-user No key re-use CS 2363 COMPUTER NETWORKS Fast re-key Fast handoff Efficiency not an overarching concern: Protocol runs only 1/2^N-1 packets, on average DOS resistance Credentials flexibility Local security policy dictates types of credentials used by end-users Legacy authentication compatibility extremely important in market Examples: username/password Tokens (SecurID, etc) X.509 certificates Algorithms Algorithms must provide confidentiality and integrity of the authentication and key agreement. Public-key encryption/signature RSA ECC DSA PFS support D-H Most cryptographic primitives require strong random material that is fresh. Not a protocol issue, per se, but a design requirement nonetheless Both sides of authentication/key agreement must be certain of identity of other party. Symmetric RSA/DSA schemes (public-keys on both sides) Asymmetric schemes Legacy on end-user side RSA/DSA on authenticator side 4.11 PGP PGP provides a confidentiality and authentication service that can be used for file storage and electronic mail applications. PGP was developed be Phil Zimmermann in 1991 and since then it has grown in popularity. There have been several updates to PGP. A free versions of PGP is available over the Internet, but only for non-commercial use. The latest (Jan. 2000) current version is 6.5.Commercial versions of PGP are available from the PGP Division of Network AssociatesFor three years, Philip Zimmermann, was threatened with federal prosecution in the United States for his actions. Charges were finally dropped in January 1996.At the close of 1999, Network Associates, Inc. announced that it has been granted a full license by the U.S. Government to export PGP world-wide, ending a decades-old ban.PGP enables you to make your own public and secret key pairs.PGP public keys are distributed and certified via an informal network called "the web of trust".CS 2363 COMPUTER NETWORKS Most experts consider PGP very secure if used correctly. PGP is based on RSA, DSS, Diffie-Hellman in the public encryption side, and CAST.128, IDEA, 3DES for conventional encryption. Hash coding is done with SHA-1. PGP has a wide range of applicability from corprorations that wish to enforce a standardized scheme for encryptin files and messages to individuals who wish to communicate securely with each others over the interent. The actual operation of PGP consists of five services: authentication, confidentiality, compression, e-mail compatibility and segmentation (Table 12.1.) AuthenticaitonThe digital signature service is illustrated in Fig 12.1a.EC is used for conventional encryption, DC for decryption, and EP and ED correspondingly for public key encryption and decryption. The algorithms used are SHA-1 and RSA. Alternatively digital signatures can be generated using DSS/SHA-1. Normally digital signatures are attached to the files they sign, but there are exceptions a detached signature can be used to detect a virus infection of an executable program. sometimes more than one party must sign the document. a separate signature log of all messages is maintained ConfidentialityConfidentiality serviceis illustrated in Fig 12.1b.CS 2363 COMPUTER NETWORKS Confidentiality can be use for storing files locally or transmitting them over insecure channel. The algorithms used are CAST-128 oralternatively IDEA or 3DES. The ciphers run in CFB mode. Each conventional key is used only once.A new key is generated as a random 128-bit number for each message. The key is encrypted with the receivers public key (RSA) and attached to the message.An alternative tousing RSA for key encryption, ELGamal, a variant of Diffie-Hellman providing also encryption/decryption, can be used. The use of conventional encryption is fast compared to encryption the whole message with RSA. The use of public key algorithm solves the use session key distribution problem. In email application any kind of handshaking would not be practical. 4.12 SSH protocol for secure network communications designed to be simple & inexpensive SSH1 provided secure remote logon facility replace TELNET & other insecure schemes also has more general client/server capabilityCan be used for FTP, for exampleSSH2 was documented in RFCs 4250 through 4254 SSH clients & servers are widely available (even in OSs) Identification string exchange To know which SSH version, which SSH implementation Algorithm NegotitationFor the crypto algorithms (key exchange, encryption, MAC) and compression algo. A list in the order of preference of the client For each category, the algorithm chosen is the first algorithm on the client's list that is also supported by the server.key exchange Only two exchanges Diffie-Hellman basedAlso signed by the server (host private key) CS 2363 COMPUTER NETWORKS As a result (i) two sides now share a master key K. (ii) the server has been authenticated to the client. Then, encryption, MAC keys and IV are derived from the master keyEnd of key exchange To signal the end of key exchange process Encrypted and MACed using the new keys Service Request: to initiate either user authentication or connection protocol Authentication of client to server First client and server agree on an authentication methodThen a sequence of exchanges to perform that methodSeveral authentication methods may be performed one after anotherauthentication methodspublic-keyClient signs a message and server verifiespasswordClient sends pasword which is encrypted and MACed using the keys agreedruns on SSH Transport Layer Protocol assumes secure authentication connectionwhich is called tunnelused for multiple logical channels SSH communications use separate channels either side can open with unique id number flow controlled via sliding window mechanismhave three stages: opening a channel, data transfer, closing a channel 4.13 TRANSPORT SECURITY transport layer security service originally developed by Netscape version 3 designed with public input subsequently became Internet standard known as TLS (Transport Layer Security) uses TCP to provide a reliable end-to-end service SSL has two layers of protocolsSSL connection a transient, peer-to-peer, communications link associated with 1 SSL sessionSSL session an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol CS 2363 COMPUTER NETWORKS AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption message integrity using a MAC with shared secret key similar to HMAC but with different paddingone of 3 SSL specific protocols which use the SSL Record protocol a single message causes pending state to become current hence updating the cipher suite in use 4.14 IP SECURITY RFC 2401- Overall security architecture and services offered by IPSec.Authentication Protocols RFC 2402 IP Authentication Header processing (in/out bound packets )RFC 2403 Use of MD-5 with Encapsulating Security Payload and Authentication HeaderRFC 2404 - Use of Sha1with Encapsulating Security Payload and Authentication HeaderESP Protocol RFC 2405 Use of DES-CBS which is a symmetric secret key block algorithm (block size 64 bits).RFC 2406 IP Encapsulating Security Payload processing (in/out bound packets)RFC 2407 Determines how to use ISAKMP for IPSecRFC 2408 (Internet Security Association and Key Management Protocol - ISAKMP) Common frame work for exchanging key securely. Defines format of Security Association (SA) attributes, and for negotiating, modifying, and deleting SA.CS 2363 COMPUTER NETWORKS Security Association contains information like keys, source and destination address, algorithms used.Key exchange mechanism independent. RFC 2409 Internet key exchange Mechanisms for generating and exchanging keys securely. Designed to provide both confidentiality and integrity protection Everything after the IP header is encrypted The ESP header is inserted after the IP header Designed for integrity only Certain fields of the IP header and everything after the IP header is protected Provides protection to the immutable parts of the IP header 4.15 WIRELESS SECURITY Wireless connections need to be secured since the intruders should not be allowed to access, read and modify the network traffic. Mobile systems should be connected at the same time. Algorithm is required which provides a high level of security as provided by the physical wired networks. Protect wireless communication from eavesdropping, prevent unauthorized access. Access Control Ensure that your wireless infrastructure is not used. Data Integrity Ensure that your data packets are not modified in transit. Confidentiality Ensure that contents of your wireless traffic is not leaked. WEP relies on a secret key which is shared between the sender (mobile station) and the receiver (access point). Secret Key : packets are encrypted using the secret key before they are transmitted. Integrity Check : it is used to ensure that packets are notmodified in transitTo send a message to M: Compute the checksum c(M). Checksum does not depend on the secret key k. Pick a IV v and generate a key stream RC4(v,k). XOR with the key stream to get the cipher text. Transmit v and the cipher text over a radio link. CS 2363 COMPUTER NETWORKS WEP uses RC4 encryption algorithm known as stream cipher to protect the confidentiality of its data. Stream cipher operates by expanding a short key into an infinite pseudo-random key stream. Sender XORs the key stream with plaintext to produce cipher text. Receiver has the copy of the same key, and uses it to generate an identical key stream. XORing the key stream with the cipher text yields the original message.Passive Attacks To decrypt the traffic based on statistical analysis (Statistical Attack) Active Attacks To inject new traffic from authorized mobile stations, based on known plaintext. Active Attacks To decrypt the traffic based on tricking the access point Dictionary Attacks Allow real time automated decryption of all traffic. 4.16 FIREWALLS Effective means of protection a local system or network of systems from network-based security threats while affording access to the outside world via WAN`s or the Internet Information systems undergo a steady evolution (from small LAN`s to Internet connectivity)Strong security features for all workstations and servers not established The firewall is inserted between the premises network and the Internet Aims: Establish a controlled link CS 2363 COMPUTER NETWORKS Protect the premises network from Internet-based attacks Provide a single choke point Design goals: All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall) Only authorized traffic (defined by the local security police) will be allowed to pass Four general techniques: Service control Determines the types of Internet services that can be accessed, inbound or outbound Direction control Determines the direction in which particular service requests are allowed to flow User control Controls access to a service according to which user is attempting to access it Behavior control Controls how particular services are used (e.g. filter e-mail) Types of Firewalls Three common types of Firewalls: Packet-filtering routers Application-level gateways Circuit-level gateways (Bastion host Packet-filtering Router Packet-filtering Router Applies a set of rules to each incoming IP packet and then forwards or discards the packet Filter packets going in both directions The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header Two default policies (discard or forward) Advantages: Simplicity Transparency to users High speed Disadvantages: Difficulty of setting up packet filter rules Lack of Authentication CS 2363 COMPUTER NETWORKS UNIT V- APPLICATION LAYER DomainNameSystem(DNS)E-mailWorldWideWeb(HTTP)SimpleNetwork Management Protocol File Transfer Protocol (FTP) Web Services - Multimedia Applications Overlay networks 5.1 DOMAIN NAME SYSTEM (DNS) There are 3 components: Name Space: Specifications for a structured name space and data associated with the names Resolvers: Client programs that extract information from Name Servers. Name Servers: Server programs which hold information about the structure and the names. Resolvers A Resolver maps a name to an address and vice versa. Iterative Resolution CS 2363 COMPUTER NETWORKS Recursive Resolution 5.2 E- MAIL What is an Email an electronic message transmitted over a network from one user to another. Can be as simple as a few lines of text, or include attachments such as pictures or documents. Email made up 75% of network traffic soon after the introduction of the internet. The Header Who sent the email. To whom the mail is sent. When the email was sent.The email subject. The size of the email. The Body Contains the message. May also contain an attachment. Attachments Different Architectural Models exist for constructing computer systems. Some models include: Peer-Peer Pipe and Filter Implicit Invocation Client-Server If not embedded within the body, attachments are sent along with the email. How Email Works CS 2363 COMPUTER NETWORKS 5.2.1 Peer-Peer Model Provided InterfacePeerRequired InterfaceProvided InterfacePeerRequired InterfaceProvided InterfacePeerRequired InterfaceProvided InterfacePeerRequired InterfaceProvided InterfacePeerRequired InterfaceProvided InterfacePeerRequired InterfaceProvided InterfacePeerRequired InterfaceProvided InterfacePeerRequired InterfaceProvided InterfacePeerRequired Interface Forms in which clients appear: Application based - these are installed onto users machines and include Microsoft Outlook and the freely available Outlook Express and Eudora.Web based - these appear in a web browsers window and include Hotmail, Yahoo and Outlook web client.Clients vary greatly in functionality, but all provide a basic level of functionality that assists the user.Basic functions include: Ability to create new emails. Display and store received emails. Hold address lists of contacts, a calendar, journal and other extra functions that help organize the users working day.The client is also configured with the account information and names or IP addresses of the email servers with which it will be communicating. An email server is typically a combination of processes running on a server with a large storage capacity a list of users and rules, and the capability to receive, send and store emails and attachments.These servers are designed to operate without constant user intervention.Should process emails for months as sending, receiving and maintenance tasks are carried out at scheduled times. The client only has to connect to the email server when it sends and checks/receives new email.Sometimes it may be permanently connected to the server to allow access to shared address books or calendar information this is typical of a LAN-based email server.Most email servers conduct email services by running two separate processes on the same machine.One process is the POP3 (Post Office protocol 3) server, which holds emails in a queue and delivers emails to the clie


E 6 0 cn CT) asltlduu!s O cn Q) cn 8.2 N - …...E 6 0 cn CT) asltlduu!s O cn Q) cn 8.2 N

E 6 0 cn CT) asltlduu!s O cn Q) cn 8.2 N - …...E 6 0 cn CT) asltlduu!s O cn Q) cn 8.2 N

Documents
FOCUS! CORE! papach_catalog… · INDEX PAGES CN-57E CN-70E CN-70E2 CN-83E CN-83F CN-90LH CN-100E CN-130E CN-50P CN-565S RN-45E2 p28-53 SJK Series Fine Wire Stapler 71 Series Fine

FOCUS! CORE! papach_catalog… · INDEX PAGES CN-57E CN-70E CN-70E2 CN-83E CN-83F CN-90LH CN-100E CN-130E CN-50P CN-565S RN-45E2 p28-53 SJK Series Fine Wire Stapler 71 Series Fine

Documents
IVECO · 2012. 6. 11. · EUROTECH IVECO EUROTECH IVECO. ref. RIV SIMILAR ref. ref. RIV SIMILAR ref. ref. RIV SIMILAR ref. ref. RIV SIMILAR ref. ref. RIV SIMILAR ref. ref. RIV SIMILAR

IVECO · 2012. 6. 11. · EUROTECH IVECO EUROTECH IVECO. ref. RIV SIMILAR ref. ref. RIV SIMILAR ref. ref. RIV SIMILAR ref. ref. RIV SIMILAR ref. ref. RIV SIMILAR ref. ref. RIV SIMILAR

Documents
MANUEL DE PRELEVEMENT DES EXAMENS DE ...cnrhp.fr/docs/EP-SA-CN-PRE-PRE-MQ-001V04.pdfMANUEL DE PRELEVEMENT DES EXAMENS DE BIOLOGIE MEDICALE DU CNRHP Ref : EP-SA-CN-PRE-PRE-MQ-001 Version

MANUEL DE PRELEVEMENT DES EXAMENS DE ...cnrhp.fr/docs/EP-SA-CN-PRE-PRE-MQ-001V04.pdfMANUEL DE PRELEVEMENT DES EXAMENS DE BIOLOGIE MEDICALE DU CNRHP Ref : EP-SA-CN-PRE-PRE-MQ-001 Version

Documents
YPF S.A. ÁREA CN III NORTE · YPF S.A. ÁREA CN III NORTE Ref. No.: ME203-00226/01 Rev.: 0 Septiembre, 2019 ELABORADO PARA: YPF S.A. 25 de mayo 1084 Entrepiso Ciudad, Mendoza, Argentina

YPF S.A. ÁREA CN III NORTE · YPF S.A. ÁREA CN III NORTE Ref. No.: ME203-00226/01 Rev.: 0 Septiembre, 2019 ELABORADO PARA: YPF S.A. 25 de mayo 1084 Entrepiso Ciudad, Mendoza, Argentina

Documents
[XLS] · Web viewCLASSIC GLASS AND DISHWASHING SYSTEMS OEB 6.20 OEB 10.20 PHE S65 PHE S100 PHE S130 PHE S152 CS A CS EA CN A CN EA CN LA CN SA CN CA CN ESA CN LAA CN SAA CN ESAA CP

[XLS] · Web viewCLASSIC GLASS AND DISHWASHING SYSTEMS OEB 6.20 OEB 10.20 PHE S65 PHE S100 PHE S130 PHE S152 CS A CS EA CN A CN EA CN LA CN SA CN CA CN ESA CN LAA CN SAA CN ESAA CP

Documents
AnnAGNPS Pollutant Loading Model - Home | NRCS€¦  · Web viewLand Use Identifier CN A Soil CN B Soil CN C Soil CN D Soil Land Use Identifier CN A Soil CN B Soil CN C Soil CN D

AnnAGNPS Pollutant Loading Model - Home | NRCS€¦  · Web viewLand Use Identifier CN A Soil CN B Soil CN C Soil CN D Soil Land Use Identifier CN A Soil CN B Soil CN C Soil CN D

Documents
Cn(Zh-cn) Audit 2013iporeview2014ipooutlook 290114

Cn(Zh-cn) Audit 2013iporeview2014ipooutlook 290114

Documents
Eb Cn Programa Cn 2c II

Eb Cn Programa Cn 2c II

Documents
Sin título-3143 Ref. • Ref. 137 128 • Ref. 112 Ref. Ref. Ref. Ref. 87 Ref. 86 Ref

Sin título-3143 Ref. • Ref. 137 128 • Ref. 112 Ref. Ref. Ref. Ref. 87 Ref. 86 Ref

Documents
Quy trinh cn heo nai cn

Quy trinh cn heo nai cn

Education
sincol allergy 140221‚¢レルギー...BB 1398 BB 1399 BB 1197 BB 1198 BB 1199 BB 1200 BB 1396 BB 1397 CN-7603 CN-7604 ML-7797 ML-7798 CN-7597 CN-7598 CN-7599 CN-7600 CN-7601 CN-7602

sincol allergy 140221‚¢レルギー...BB 1398 BB 1399 BB 1197 BB 1198 BB 1199 BB 1200 BB 1396 BB 1397 CN-7603 CN-7604 ML-7797 ML-7798 CN-7597 CN-7598 CN-7599 CN-7600 CN-7601 CN-7602

Documents
Ë CFRIN-CN CFRSEA-CN CFRKR-CN CFRCN-FOBUS CFRCN …

Ë CFRIN-CN CFRSEA-CN CFRKR-CN CFRCN-FOBUS CFRCN …

Documents
J 1< - Yokohama · 2018-11-15 · kba kbc kbe kbg kbi kca kcc kce kcg kci CN Q CN Q CN' Q CN Q CN Q CN Q CN Q CN Q @CNO CN*% a caa eaa gaa iaa baaa bcaa beaa bgaa biaa caaa kba kbc

J 1< - Yokohama · 2018-11-15 · kba kbc kbe kbg kbi kca kcc kce kcg kci CN Q CN Q CN' Q CN Q CN Q CN Q CN Q CN Q @CNO CN*% a caa eaa gaa iaa baaa bcaa beaa bgaa biaa caaa kba kbc

Documents
bamlive.s3.amazonaws.comO CD O cn O O cn cn O O O O O O a g O cn O O O cn cn O O O O cn O O cn O n cn O O Cra O cn z O cn O O O O O O cn cn O E: CYO cn O O 00 o O O O O O O O O O CT-Q

bamlive.s3.amazonaws.comO CD O cn O O cn cn O O O O O O a g O cn O O O cn cn O O O O cn O O cn O n cn O O Cra O cn z O cn O O O O O O cn cn O E: CYO cn O O 00 o O O O O O O O O O CT-Q

Documents
CONNECT WITH WILSON TOOLmarketing.wilsontool.com/acton/attachment/8311/f... · cn 700 cn 901e cn 1200s trumatic sunimat 400 trumatic trumatic trumatic trumatic minimatic cn 900 cn

CONNECT WITH WILSON TOOLmarketing.wilsontool.com/acton/attachment/8311/f... · cn 700 cn 901e cn 1200s trumatic sunimat 400 trumatic trumatic trumatic trumatic minimatic cn 900 cn

Documents
CN-Notas de Aulas 2009 CN

CN-Notas de Aulas 2009 CN

Documents
web20 Monteregie ouestv2 - Québec · PDF file10 min 5 min 5 min 74° CFQG AMT CFQG CFCP CFL CFQG CN VIA CFCP CFCP CSXT CN CN CN CN CN CFCP VIA OLOR CPR CN CSX AMT CN C N CFQG CSXT

web20 Monteregie ouestv2 - Québec · PDF file10 min 5 min 5 min 74° CFQG AMT CFQG CFCP CFL CFQG CN VIA CFCP CFCP CSXT CN CN CN CN CN CFCP VIA OLOR CPR CN CSX AMT CN C N CFQG CSXT

Documents
CN Snapshot (from cn)

CN Snapshot (from cn)

Documents
CN-GW-MC REF - SW for MVB/CAN converter -Programmer’s manual

CN-GW-MC REF - SW for MVB/CAN converter -Programmer’s manual

Documents
Cerâmica Monte Real€¦ · montp Rea½ REF. REF. REF. REF. ants REF. an. REF. 2Sz6 REF. 12.1 REF. REF. REF. REF. 2SØES REE 2S10es REF. REF. REF. 2S2ses REF. 2S21ES

Cerâmica Monte Real€¦ · montp Rea½ REF. REF. REF. REF. ants REF. an. REF. 2Sz6 REF. 12.1 REF. REF. REF. REF. 2SØES REE 2S10es REF. REF. REF. 2S2ses REF. 2S21ES

Documents
YPF S.A. ÁREA DE EXPLORACIÓN CN VII A · 2020. 9. 14. · YPF S.A. ÁREA DE EXPLORACIÓN CN VII A Ref. No.: ME203-00226/01 Rev.: 0 Febrero, 2019 ELABORADO PARA: YPF S.A. 25 de mayo

YPF S.A. ÁREA DE EXPLORACIÓN CN VII A · 2020. 9. 14. · YPF S.A. ÁREA DE EXPLORACIÓN CN VII A Ref. No.: ME203-00226/01 Rev.: 0 Febrero, 2019 ELABORADO PARA: YPF S.A. 25 de mayo

Documents
CSR cn a t e cn can e Re a€¦ · CSR cn a t e cn can e Re a . cn cn cn cn cn cn cn crq cn cn cn

CSR cn a t e cn can e Re a€¦ · CSR cn a t e cn can e Re a . cn cn cn cn cn cn cn crq cn cn cn

Documents
REF. CN 23 :REF. CN 23 - La Poste

REF. CN 23 :REF. CN 23 - La Poste

Documents
Ventosas rectangulares Rectangular cups - main-sl.commain-sl.com/ref/vgd.pdf · Ventosas rectangulares Rectangular cups GD66X28 GD80X25 Familia Family Material Material NIT, SB, CN,

Ventosas rectangulares Rectangular cups - main-sl.commain-sl.com/ref/vgd.pdf · Ventosas rectangulares Rectangular cups GD66X28 GD80X25 Familia Family Material Material NIT, SB, CN,

Documents
Lac Région de Québec (sud) Mont · PDF file10 min 25 min 15 min CN CFC CN CN CN CN CFQG CN CN CN CN CN CN CFQG CN R0424 R0423 Réserve nationale de faune du Cap-Tourmente Réserve

Lac Région de Québec (sud) Mont · PDF file10 min 25 min 15 min CN CFC CN CN CN CN CFQG CN CN CN CN CN CN CFQG CN R0424 R0423 Réserve nationale de faune du Cap-Tourmente Réserve

Documents
Ref Canadair Owg (@) P [pg · 2016. 4. 21. · Ref loe ^ Ref 208 Ref 2515 Ref 1103 Ref 1102 Ref 3001 Ref 1807 Ref 2007 Ref 2506 Ref 2005 Ref 2007 Ref 2507 Ref 1407 ... Aircraft wirinoiivstallation

Ref Canadair Owg (@) P [pg · 2016. 4. 21. · Ref loe ^ Ref 208 Ref 2515 Ref 1103 Ref 1102 Ref 3001 Ref 1807 Ref 2007 Ref 2506 Ref 2005 Ref 2007 Ref 2507 Ref 1407 ... Aircraft wirinoiivstallation

Documents
CN 148220 CN 148220 X CN 148230 X CN 148231 X CN 142240 …data.vandenborre.be/manual/BEKO/BEKO_M_MULTI_CN 142240 X.pdf · CN 142240 X Refrigerator Réfrigérateur Kühlschrank Refrigerador

CN 148220 CN 148220 X CN 148230 X CN 148231 X CN 142240 …data.vandenborre.be/manual/BEKO/BEKO_M_MULTI_CN 142240 X.pdf · CN 142240 X Refrigerator Réfrigérateur Kühlschrank Refrigerador

Documents
0827.cn 1.cn 1234.cn 148.cn 148legal€¦ · 0827.cn 1.cn 1234.cn 148.cn 148legal.cn 148server.cn 1630.cn 16congress.cn 184.cn 1world1dream.ac. cn 1world-1dream.ac.cn 1-world-1-dream.ac.cn

0827.cn 1.cn 1234.cn 148.cn 148legal€¦ · 0827.cn 1.cn 1234.cn 148.cn 148legal.cn 148server.cn 1630.cn 16congress.cn 184.cn 1world1dream.ac. cn 1world-1dream.ac.cn 1-world-1-dream.ac.cn

Documents
fired - iLoveToCreate · Great for sponging Perfect for stencils CN 101 Light Heather CN 111 Light Delft CN 121 Light Nautical CN 131 Light Tidepool CN 141 Light Aqua CN 151 Light

fired - iLoveToCreate · Great for sponging Perfect for stencils CN 101 Light Heather CN 111 Light Delft CN 121 Light Nautical CN 131 Light Tidepool CN 141 Light Aqua CN 151 Light

Documents