Lecture 29 Review Part II EECS 122 University of California Berkeley REVIEW2 Network Structure Challenges Security Ethernet Sensors Check List Contents Index Review2 2 Network Structure Geoff Huston Contents Index Review2 Structure 3 Network Structure Backbone AT T http www caida org tools visualization mapnet Backbones Contents Index Review2 Structure 4 Network Structure BGP AC 1 2 3 AD 4 5 A C 1 2 3 C 1 2 3 C 1 2 3 D B D 4 5 DC 1 2 3 E BAC 1 2 3 BAD 4 5 F 4 5 Transit Peering Agreements Customer Provider Contents Index Review2 Structure 5 Challenges Providing new services Ubiquitous telepresence Sensored universe Virtualized environments naming management Adding resilience Don Towsley NSF Workshop April 2003 Contents Index Review2 Challenges 6 Challenges Mathematical theories to understand performance limits compute communication sensing tradeoffs with power constraints understand network as a complex system How to design evolvable networks How to design resilient tolerate any fault networks How to design markets and network mechanisms to support future heterogeneous apps Don Towsley NSF Workshop April 2003 Contents Index Review2 Challenges 7 Security Threats DDOS Cryptography Systems Contents Index Review2 Security 8 Threats Against Type Protection Network Link DDOS Physical Routers Tables DNS DDOS Detect Filter Detect Isolate Detect Filter Computers Physical Infection Intrusion Physical security Virus detection Firewall passport Users Identity Privacy Signature password watermark Encryption relay Documents Integrity Confidentiality Message authentication code Encryption Contents Index Review2 Security Threats 9 DDOS Distributed Denial of Service Attack Basic Mechanism Effect Saturate a link to a host by sending requests from many nodes across the Internet Host is incapacitated Remedies Verify that source IP exists i e is not spoofed Block packets that DDOS tools use some ICMPs Limit rate of ICMP flows Limit rate of SYNs Trace back from last router upstream to block packets toward that link Contents Index Review2 Security DDOS 10 Cryptography Bob Channel Alice P E K C D K P Plaintext Cyphertext Secret Key K known only to Bob and Alice Examples One time Pad DES Key Distribution Trusted Channel SK PK DiffieHellman Public Key Alice advertises K Example RSA Note PK is more complex use PK for SK exchange Contents Index Review2 Security Cryptography 11 Systems Integrity Alice Signed P D P H P Alice Key Exchange A z a mod p Bob 1 2 B z b mod p Signed A B Signed A B K B a mod p K A b mod p Notes 1 D P Alice is not secure Find P E C Alice 2 Simple Diffie Hellman a and b is not secure Man in Middle Contents Index Review2 Security Systems 12 Systems Authentication Alice Bob Alice psswd F X K X Check H psswd X 1 K shared secret E X Alice Signed X X Note 1 Can be intercepted Contents Index Review2 Security Systems 13 Ethernet Internetworking Random Multiple Access Switching Bridged Ethernet 802 11 Contents Index Review2 Ethernet 14 Internetworking Direct Delivery IP1 e2 e1 IP1 IP2 X H1 e1 e3 H3 e1 Who is IP2 all e1 IP3 H2 e2 e4 R1 IP2 e2 e2 I am IP2 e1 e2 Contents Index Review2 Ethernet Internetworking R2 e5 15 Internetworking Indirect Delivery e5 e3 IP1 e4 e1 IP1 IP3 X H1 e1 H2 e2 IP2 I am IP3 e3 H3 IP3 SH IP1 IP3 X e4 R1 e3 e5 IP1 IP3 X R2 e5 all e5 Who is IP3 Note Fragmentation may be required at R1 Contents Index Review2 Ethernet Internetworking 16 Random Multiple Access How to share a channel Multiple Access Multiplexing ALOHA First random multiple access system Efficient for many users each with low utilization Try If collide wait random time then repeat CD Analysis Slotted Aloha efficiency 1 e 36 p indpdt N nodes Slot P success Np 1 p N 1 1 e if p 1 N Contents Index Review2 Ethernet Random Multiple Access 17 Random Multiple Access Ethernet First version CSMA CD Wait until channel is idle try if collide stop wait repeat Idea CS should improve efficiency if fast enough Wait random multiple of 512 bit times exponential back off Analysis Efficiency 1 1 5a a PROP TRANS A B Contents Index Review2 Ethernet Random Multiple Access 18 Switching Ethernet Later versions Switched Larger aggregate throughput VLANs partition in disjoint logical LANs Link Aggregation Fast GE 10GE Improved modulation schemes Contents Index Review2 Ethernet Switching 19 Bridged Ethernet Flat Addressing Learning Watch source addresses Avoiding Loops Spanning Tree Protocol ID presumed root ID distance to presumed root ID Note Not very efficient Not very fast Contents Index Review2 Ethernet Bridged 20 Spanning Tree Example 4 2 1 1 1 3 3 0 5 3 1 2 B3 B2 B1 3 1 1 0 B6 6 6 1 1 B4 B5 2 5 3 1 Format my ID presumed root ID distance to presumed root Contents Index Review2 Ethernet Bridged 21 802 11 a 5GHz up to 54Mbps b 2 5GHz up to 11Mbps g 2 5GHz up to 54Mbps MAC RTS CTS Distributed maintain network allocation vector Centralized access point polls nodes Contents Index Review2 Ethernet 802 11 22 Sensor Networks Application Specific New problems because New architecture layers In network processing MAC Limited energy memory CPU Many nodes naming addressing Location triangulation Sleep wake up Routing Directed diffusion Ant algorithm Contents Index Review2 Sensor 23 Check List Switching Security Public vs Secret RSA Diffie Hellman Integrity Key Distribution Authentication MAC Internetworking Learning Spanning Tree in Ethernet ALOHA CSMA CD RTS CTS Sensors Key issues Contents Index Review2 Check List 24
View Full Document
Unlocking...