Lecture 29Review – Part IIREVIEW2Network StructureNetwork StructureNetwork StructureChallenges Providing new servicesChallengesSecurityThreatsDDOSCryptographySystemsSystemsEthernetInternetworkingDirect DeliveryInternetworkingIndirect DeliveryRandom Multiple AccessRandom Multiple AccessSwitchingBridged EthernetSpanning Tree Example802.11Sensor NetworksCheck ListLecture 29Review – Part IIEECS 122University of CaliforniaBerkeley2REVIEW2 Network Structure Challenges Security Ethernet Sensors Check ListContents – Index – Review23Network Structure[Geoff Huston ]Contents– Index – Review2 – Structure Æ4Network StructureBackbone - AT&Thttp://www.caida.org/tools/visualization/mapnet/Backbones/Contents– Index – Review2 – Structure Æ5Network StructureBGPD EC FBAC{1,2,3}D{4,5}DC{1,2,3} BAC{1,2,3}BAD{4,5}C{1,2,3}AC {1,2,3}AD {4,5}123 45Transit; Peering Agreements; Customer-ProviderContents – Index – Review2 Å Structure6ChallengesProviding new services Ubiquitous telepresence Sensored universe Virtualized environments naming, management Adding resilience[Don Towsley – NSF Workshop – April 2003]Contents – Index – Review2 – Challenges Æ7Challenges Mathematical theories to: understand performance limits compute/communication/sensing tradeoffs with power constraints understand network as a complex system How to design evolvable networks How to design resilient (tolerate anyfault) networks How to design markets and network mechanisms to support future heterogeneous apps[Don Towsley – NSF Workshop – April 2003]Contents – Index – Review2 Å Challenges8Security Threats DDOS Cryptography SystemsContents – Index – Review2 - Security9ThreatsMessage authentication codeEncryption IntegrityConfidentiality Documents Signature, password, watermarkEncryption, relay IdentityPrivacy Users Physical security Virus detectionFirewall, passportPhysicalInfectionIntrusion ComputersDetect/FilterDetect/Isolate?Detect/FilterLink – DDOS- Physical Routers – TablesDNS – DDOSNetwork ProtectionTypeAgainst Contents – Index – Review2 - Security Å Threats10DDOSDistributed Denial of Service Attack Basic Mechanism Saturate a link to a host by sending requests from many nodes across the Internet Effect Host is incapacitated Remedies Verify that source IP exists (i.e., is not spoofed) Block packets that DDOS tools use (some ICMPs) Limit rate of ICMP flows Limit rate of SYNs Trace back from last router upstream to block packets toward that linkContents – Index – Review2 – Security Å DDOS11CryptographyBob Channel AliceP Æ [ E(.;K) ] Æ C Æ [D(.;K)] Æ P PlaintextCyphertextSecret Key: K known only to Bob and Alice Examples: One-time Pad; DES Key Distribution: Trusted Channel; SK; PK; Diffie-HellmanPublic Key: Alice advertises K Example: RSANote: PK is more complex Æ use PK for SK exchangeContents – Index – Review2 – Security Å Cryptography12SystemsNotes: (1) D(P; Alice) is not secure: Find P’ = E(C’; Alice)(1)Integrity:Alice BobD(P*H(P); Alice)Signed(P)Key Exchange:A = z^a mod pB = z^b mod pSigned(A, B)Signed(A, B)K = B^a mod p K = A^b mod p (2)(2) Simple Diffie-Hellman (Æa and Åb) is not secure: Man-in-MiddleContents – Index – Review2 - Security – Systems Æ13SystemsAuthentication:Alice BobContents – Index – Review2 Å Security – SystemsNote: (1) Can be interceptedAlice, psswd Check H(psswd)(1)F(X,K)XK shared secretXE(X; Alice)Signed(X)X14Ethernet Internetworking Random Multiple Access Switching Bridged Ethernet 802.11Contents – Index – Review2 - Ethernet15InternetworkingDirect Deliverye2:H2e2IP2I am IP2e2:e1|e2e1:all|e1e1IP1e2|e1 IP1|IP2|XH1R1H3e3IP3Who is IP2?e4 e5R2Contents – Index – Review2 – Ethernet – Internetworking Æ16InternetworkingIndirect Deliverye5|e3 I am IP3e4|e1 IP1|IP3|XH3e3IP3Who is IP3?IP1|IP3|Xe3|e5IP1H1R1e1e2SH IP1|IP3|XH2e4 e5IP2 R2all|e5Note: Fragmentation may be required at R1Contents – Index – Review2 – Ethernet Å Internetworking17Random Multiple Access How to share a channel? Multiple Access ≠ Multiplexing ALOHA: First random multiple access system Efficient for many users, each with low utilization Try; If collide, wait random time then repeat (CD) Analysis: Slotted Aloha efficiency ≈ 1/e = 36%Slotp, indpdt.N nodesP(success) = Np(1 – p)N-1≈ 1/e if p = 1/NContents – Index – Review2 – Ethernet – Random Multiple Access Æ18Random Multiple AccessEthernet: First version – CSMA/CD Wait until channel is idle; try; if collide, stop, wait, repeat Idea: CS should improve efficiency if fast enough Wait random multiple of 512 bit times (exponential back off) Analysis: Efficiency ≈ 1/(1 + 5a), a = PROP/TRANSABContents – Index – Review2 – Ethernet Å Random Multiple Access19SwitchingEthernet: Later versions – Switched Larger aggregate throughput VLANs: partition in disjoint logical LANs Link Aggregation Fast, GE, 10GE Improved modulation schemesContents – Index – Review2 – Ethernet Å Switching20Bridged Ethernet Flat Addressing Learning Watch source addresses Avoiding Loops Spanning Tree Protocol (ID, presumed root ID, distance to presumed root ID) Note: Not very efficient; Not very fastContents – Index – Review2 – Ethernet – Bridged Æ21Spanning Tree ExampleB1B2B3 B4B61 Æ [3|3|0]3 Æ [1|1|0]4 Æ [2|1|1]5 Æ [3|1|2]6 Æ [6|1|1]B52 Æ [5|3|1]Format: [my ID | presumed root ID | distance to presumed root]Contents – Index – Review2 – Ethernet Å Bridged22802.11 a - 5GHz, up to 54Mbps b - 2.5GHz, up to 11Mbps g - 2.5GHz, up to 54Mbps MAC: RTS/CTS Distributed: maintain network allocation vector Centralized: access point polls nodesContents – Index – Review2 Å Ethernet – 802.1123Sensor Networks Application-Specific New problems because Limited energy, memory, CPU Many nodes: naming, addressing Location: triangulation New architecture: layers? In-network processing MAC Sleep & wake up Routing Directed diffusion, Ant algorithm, …Contents – Index – Review2 Å Sensor24Check List Switching: Internetworking Learning & Spanning Tree in Ethernet Security: Public vs. Secret RSA; Diffie-Hellman Integrity; Key Distribution; Authentication MAC ALOHA; CSMA/CD; RTS-CTS Sensors Key issuesContents –
View Full Document