Download ADVANCED COMPUTER NETWORKS - Sample Paper 1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Wireless security wikipedia , lookup

Airborne Networking wikipedia , lookup

Serial digital interface wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

IEEE 1355 wikipedia , lookup

I²C wikipedia , lookup

CAN bus wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Transcript
MODEL TEST PAPER 1
Subject: Advance Computer Networks
Q1 (a) What is Hidden and Exposed problem?
Ans. The exposed node problem occurs when a node is prevented from sending packets to other
nodes due to a neighboring transmitter.
The hidden node problem or hidden terminal problem occurs when a node is visible from a wireless
access point (AP), but not from other nodes communicating with that AP. This leads to difficulties
in media access control.
(b) Explain the advantages and disadvantages of Fiber Distributed Data Interface?
Ans.





Advantages:
FDDI supports real-time allocation of network bandwidth.
This allows you to use a wide array of different types of traffic.
FDDI has a dual ring that is fault-tolerant. The benefit here is that if a station on the ring fails or if the cable
becomes damaged, the dual ring is automatically doubled back onto itself into a single ring.
The FDDI compensates for wiring failures. The stations wrap within themselves when the wiring fails.
Optical bypass switches are used that can help prevent ring segmentation. The failed stations are eliminated
from the ring.
Disadvantages:




There's a potential for multiple ring failures.
As the network grows, this possibility grows larger and larger.
The uses of fiber optic cables are expensive.
This has kept many companies from deploying FDDI in a widespread manner. Instead, they have been
using copper wire and the similar method of CDDI.
(c) Explain the following term in respect to ATM technology:Virtual Path:- The bandwidth of the transmission path is logically divided into separate virtual
paths and identified using the VPI in the ATM header. Each virtual path is allocated a fixed
amount of bandwidth. Virtual paths do not dynamically vary their bandwidths beyond what has
been allocated.
Virtual Connection:- The bandwidth of a virtual path is logically divided into separate virtual
channels using a virtual channel identifier in the ATM header. Unlike virtual paths, virtual
channels share the bandwidth within a virtual path dynamically.
UNI:- UNI is the interface between the ATM end user and a private ATM switch. It also can
represent the interface between a private ATM switch and the public carrier ATM network.
SVC:- An SVC is an on-demand connection that is dynamically established by end devices
through the Network-Network Interface (NNI) signaling method. There must be an ATM switch
between the end-devices that dynamically route the call through the ATM cloud. Network
operators do not have to manually configure every ATM switch in the path. If there is a link
failure, the end-device must reinitiate the SVC call.
(d) Differentiate between Wi Fi and Wimax.
Ans.
Freature
WiMax
(802.16a)
Wi-Fi
(802.11b)
Wi-Fi
(802.11a/g)
Primary
Application
Broadband Wireless
Access
Wireless LAN
Wireless LAN
Frequency Band
Licensed/Unlicensed
2 G to 11 GHz
2.4 GHz ISM
2.4 GHz ISM (g)
5 GHz U-NII (a)
Channel
Bandwidth
Adjustable
1.25 M to 20 MHz
25 MHz
20 MHz
Half/Full Duplex
Full
Half
Half
Radio Technology
OFDM
(256-channels)
Direct Sequence
Spread Spectrum
OFDM
(64-channels)
Bandwidth
Efficiency
<=5 bps/Hz
<=0.44 bps/Hz
<=2.7 bps/Hz
Modulation
BPSK, QPSK,
16-, 64-, 256-QAM
QPSK
BPSK, QPSK,
16-, 64-QAM
FEC
Convolutional Code
Reed-Solomon
None
Convolutional Code
Encryption
Mandatory- 3DES
Optional- AES
Optional- RC4
(AES in 802.11i)
Optional- RC4
(AES in 802.11i)
Mobility
Mobile WiMax
(802.16e)
In development
In development
Mesh
Yes
Vendor
Proprietary
Vendor Proprietary
Access Protocol
Request/Grant
CSMA/CA
CSMA/CA
(e) What is Route Optimization in MIPv6?
Ans. In mobile IPv6 route optimization is an essential part of the protocol. Mobile nodes have
a binding update list, which contains the bindings other nodes have for it. Correspondent nodes
and home agents have a binding cache, which contains the home and care-of addresses of
mobile nodes they have been recently communicating with. All signaling is performed via
destination options that are appended to the base IPv6 header. Thus all signaling traffic can be
piggybacked on datagrams with a data payload.
(f) Explain briefly one-way Hash function.
Ans. An algorithm that turns messages or text into a fixed string of digits, usually for security or
data management purposes. The "one way" means that it's nearly impossible to derive the original
text from the string. A one-way hash function is used to create digital signatures, which in turn
identify and authenticate the sender and message of a digitally distributed message.
(g) Perform Encryption and Decryption using RSA Algo. For the following P=3, q=11, e=7 and
m=5.
Ans. n = p x q = 3 x 11 = 33
(n) = (p-1) x (q-1) = 2 x 10 = 20
gcd((n), e) = gcd(20, 7) = 1
d ≡ e-1(mod (n))
d x e mod (n) = 1
7d mod 20 = 1
d=3
So:
Public Key
pu = {e, n} = {7, 33}
Private Key
pr = {d, n} = {3, 33}
Encryption:
C = Me mod n = 57 mod 33 = 14
Decription:
M = Cd mod n = 143 mod 33 = 5
Q2 (a) Explain HIPPI Protocol. What are its limitations and Characteristics?
Ans. The High-Performance Peripheral Interface (HIPPI) protocol was designed to facilitate highspeed communications between very high-performance computers (such as supercomputers), and
thereby to attempt to meet their I/O requirements.
HIPPI is a very high-speed data transfer protocol, with the following properties, features, and
Limitations:









Data rates of 800 or 1600 Mb/s.
Uses a 50- or 100-pair connection. (50-pair for 800 Mb/s data-rate, 100-pair for 1600 Mb/s data
rate.)
The 100-pair connection is actually a set of two identical 50-pair cables.
Useful for distances up to 25 meters. (Serial-HIPPI extensions are being proposed for operation up
to 10km.)
Transfers 32 bits (for 800 Mb/s data-rate) or 64 bits (for 1600 Mb/s data-rate) in parallel. Packet
format allows byte alignment.
Connection-oriented protocol.
Point-to-point connection.
Simplex (i.e., one-way data transfer) operation.
First standard in its class (data-transfer for high-performance computing environments).
(b) Identify and describe the problem areas for wireless MAC protocols.
Ans. Wireless medium makes the MAC design more challenging than the wireline networks.
The three important issues are:
1. Half Duplex operation –> either send or receive but not both at a given time
 In wireless, It’s difficult to receive data when the transmitter is sending the data, because:
‰
 When node is transmitting, a large fraction of the signal energy leaks into the receiver path.
‰
 The transmitted and received power levels can differ by orders of magnitude
‰
 The leakage signal typically has much higher power than the received signal -> “Impossible
to detect a received signal, while transmitting data”
‰
 Collision detection is not possible, while sending data
– CSMA/CD (Ethernet MAC) cannot be used as it is
 As collision cannot be detected by the sender, all proposed protocols attempt to minimize the
probability of collision -> Focus on collision avoidance.
2. Time varying channel
 Three mechanisms for radio signal propagation
‰
 Reflection – occurs when a propagating wave impinges upon an object that has very large dimensions
than the wavelength of the radio wave e.g. reflection occurs from the surface of the earth and from
buildings and walls.
‰
 Diffraction – occurs when the radio path between the transmitter and the receiver is obstructed by a
Surface with sharp edges
‰
 Scattering – occurs when the medium through which the wave travels consists of objects with
dimensions smaller than the wavelength of the wave
 The received signal by a node is a superposition of time-shifted and attenuated versions of the
transmitted signals ->The received signal varies with time
 The time varying signals (time varying channel) phenomenon -> also known as multipath propagation
 The rate of variation of channel is determined by the coherence time of the channel
‰
 Coherence time is defined as time within which the received signal strength changes by 3 dB
 When a node’s received signal strength drops below a certain threshold the node is said to be in
fade
 Handshaking is widely used strategy to ensure the link quality is good enough for data communication
 A successful handshake between a sender and a receiver (small message) indicates a good
communication link
3. Burst channel errors
 As a consequence of time varying channel and varying signals strengths ->errors are introduced in the
transmission (Very likely)
 For wireline networks the bit error rate (BER) is typically i.e. the probability of packet error is small
 For wireline networks the errors are due to random noise
 For wireless networks the BER is as high as 10^-3
 For wireless networks the errors are due to node being in fade as a result errors occur in a long burst
 Packet loss due to burst errors - mitigation techniques
» Smaller packets
» Forward Error Correcting Codes
» Retransmissions
Q3 (a) Explain IEEE 802.6 Protocol.
Ans. Distributed Queue Dual Bus (DQDB) is a Data-link layer communication protocol for Metropolitan
Area Networks (MANs), specified in the IEEE 802.6 standard and designed for use in MANs. DQDB is
designed for data as well as voice and video transmission and is based on cell switching technology (similar
to ATM). DQDB, which permits multiple systems to interconnect using two unidirectional logical buses, is
an open standard that is designed for compatibility with carrier transmission standards such as SMDS.
For a MAN to be effective it requires a system that can function across long, “city-wide” distances of several
miles, have a low susceptibility to error, adapt to the number of nodes attached and have variable bandwidth
distribution. Using DQDB, networks can be thirty miles long and function in the range of 34 Mbps to 155
Mbps. The data rate fluctuates due to many hosts sharing a dual bus, as well as to the location of a single host
in relation to the frame generator, but there are schemes to compensate for this problem making DQDB
function reliably and fairly for all hosts.
The DQDB is composed of two bus lines with stations attached to both and a frame generator at the end of
each bus. The buses run in parallel in such a fashion as to allow the frames generated to travel across the
stations in opposite directions. Below is a picture of the basic DQDB architecture.
DQDB Architecture
(b) List the various types of Timers and Time Registers used in FIDDI.
Ans. Time Registers
FDDI defines three time registers to control circulation of the token and distribute link access opportunities
among the nodes equitably. Values are set when the ring is initialized and do not vary in the course of
operation. The registers are called synchronous allocation (SA), target token rotation time (TTRT), and
absolute maximum time (AMT).
1. Synchronous Allocation (SA) The SA register indicates the length of time allowed each station for
sending synchronous data. This value is different for each station and is negotiated during
initialization of the ring.
2. Target Token Rotation Time (TTRT) The TTRT register indicates the average time required for a
token to circulate around the ring exactly once (the elapsed time between a token's arrival at a given
station and its next arrival at the same station). Because it is an average, the actual time of any
rotation may be greater or less than this value.
3. Absolute Maximum Time (AMT) The AMT register holds a value equal to twice the TTRT. A token
may not take longer than this time to make one rotation of the ring. If it does, some station or stations
are monopolizing the network and the ring must be reinitialized.
Timers
Each station contains a set of timers that enable it to compare actual timings with the values contained in the
registers. Timers can be set and" reset, and the_ values decremented or incremented at a rate set by the
system clock. The two timers used by FDDI are called the token rotation timer (TRT) and token holding
timer (THT).
1. Token Rotation Timer (TRT) The TRT runs continuously and measures the actual time taken by the
token to complete a cycle. In our implementation, we use an incrementing TRT for simplicity,
although some implementations may use a decremenlin1 timer.
2. Token Holding Timer (THT) The THT begins running as soon as the token is received. Its function
is to show how much time remains for sending asynchronous frames once the synchronous frames
have been sent. In our implementation, we use a decrementing THT for simplicity, although some
implementations may use an incrementing one. In addition, we allow the value of THT to become
negative (to make the concept easier to understand) although a real timer may stay at zero.
Q4 (a) Differentiate between Statefull and Stateless address assignment Protocols of IPv6.
Ans. Differences between Stateless and Stateful
Stateless
Stateful
1:1 translation
1:N translation
No conservation of IPv4 address
Conserves IPv4 address
Assures end-to-end address
transparency and scalability
Uses address overloading, hence lacks in
end-to-end address transparency
No state or bindings created on the
translation
State or bindings are created on every
unique translation
Requires IPv4-translatable IPv6
addresses assignment (mandatory
requirement)
No requirement on the nature of IPv6
address assignment
Requires either manual or DHCPv6
based address assignment for IPv6
hosts
Free to choose any mode of IPv6 address
assignment viz. Manual, DHCPv6,
SLAAC
(b) Gives the Configuration commands in OSPFv3.
Ans. The commands required to configure OSPFv3 on a network device.
1
Enter global configuration mode
router#configure terminal
2
Enable device IPv6 unicast forwarding
router(config)#ipv6 unicast-routing
3
Enter interface configuration mode
router(config)#interface interface
4
Enable OSPFv3 on the interfaceNote: In newer
router(config-if)#ipv6 ospf process-id area
versions of IOS 15 this command is being changed,
the newer version of the command will
be ospfv3 process-id area.
Repeat steps 1-4 on all OSPFv3 interfaces
5
Enter OSPFv3 router configuration modeNote:
This is a global configuration mode command
router(config-if)#ipv6 router ospf process-id
6
Configure the router-ID to be used by
router(config-router)#router-id ip-address
OSPFv3Note: This is required if no IPv4 address is
assigned on the device.
Q5 Compare IPv4 multicasting & IPv6 multicasting.
 Ans. Although the basic notion of multicasting is common to IPv4 and IPv6, several new
characteristics are introduced in IPv6 multicasting.
 In IPv4, multicasting was extension of the basic specification, while specifications of IPv6 require
that all IPv6 nodes support multicasting.
 IPv6 explicitly limits the scope of a multicast address by using a fixed address field, whereas the
scope was specified using TTL (Time to Live) of a multicast packet in IPv4.
 In IPv4, multicast tunnels were introduced to deploy multicasting .In IPv6,all routers should be
multicast-capable, which means that we do not have to use multicast tunnels to deploy IPv6
multicasting.
 IPv4 multicasting use unicast addresses to identify a network interface. However, this is not suitable
for IPv6, as an IPv6-capable node may assign multiple addresses on a single interface, which tends
to cause a configuration mismatch. In IPv6, to identify the interface the user must use specified
interface index.
Q6 What are the new Security Threats that have been introduced in Mobile IPv6? Give there
solutions.
Ans. Security issues in MIPV6:
A. Secure Route Optimization
To enhance the performance, Route Optimization protocol is used. Route optimization is a technique
which enables a mobile node and a correspondent node to communicate directly, bypassing the home
agent completely. The concept of route optimization is that, when the mobile node receives the first
tunneled message, the mobile node informs correspondent node about its new location, i.e. care-ofaddress, by sending a binding update message. The correspondent node stores the binding between the
home address and care-of address into its Binding Cache. Then after communication directly take place
between MN and CN. The route optimization is not secure because there is no authentication mechanism
between MN and CN.
B. Connection hijacking
The connection-hijacking attack is shown in Figure. A, B and C are IPv6 addresses. The Internet nodes A
and B are honest and communicating with each other. An attacker at the address C sends a false binding
update to B, claiming to be a mobile with the home address A. If B, acting in the role of a correspondent,
believes the binding update and creates a binding, it will redirect to C all packets that are intended for A.
Thus, the attacker can intercept packets sent by B to A. The attacker can also spoof data packets from A by
inserting a false home-address option into them. This way, it can hijack existing connections between A
and B, and open new ones pretending to be A. The attacker can also redirect the packets to a random or
non-existent care-of address in order to disrupt the communication between the honest nodes. It has to
send a new binding update every few minutes to refresh the binding cache entry at the correspondent.
C. Denial of Service
It is an attempt to make a computer resource unavailable to its intended users. Although the means to carry
out, motives for, and targets of a Denial of Service attack may vary, it generally consists of the concerted
efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or
at all, temporarily or indefinitely. By sending spoofed BUs, an attacker could also send large amounts of
unwanted traffic to overwhelm the resources of a single node or that of a network. The attacker could first
find a site with streaming video or another heavy data stream and establish a connection with it. Then it
could send a BU to the corresponding node, saying to redirect subsequent data traffic to the attacker’s new
location, that of an arbitrary node. This arbitrary node would be then bombed with a large amount of
unnecessary traffic. Similarly, the attacker could also use spoofed BUs to redirect several streams of
data to random addresses with the network prefix of a particular target network, thereby congesting an
entire network with unwanted data
D. Eavesdropping
Eavesdropping is type of a theft of information attack. It may be passive or active. A passive
eavesdropping attack happens when an attacker start to listen to the traffic and get useful information by
gathering the session data that is transferred between mobile device and its home agent. In case of wireless
network an intruder is able to receive packets transmitted by radio signals. In case of active eavesdropping
the attacker makes independent connections with the victims and relays messages between them, making
them believe that they are talking directly to each other over a private connection, when in fact the entire
conversation is controlled by the attacker. The attacker must be able to intercept all messages going
between the two victims and inject new ones, which is straightforward in many circumstances.
Q7
Explain S / MIME.
Ans. S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public
key encryption and signing of M S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for
public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a
number of documents, most importantly RFCs (3369, 3370, 3850, 3851). S/MIME was originally
developed by RSA Data Security IME data. S/MIME is on an IETF standards track and defined in a
number of documents, most importantly RFCs (3369, 3370, 3850, 3851). S/MIME was originally
developed by RSA Data Security.
Q8 Explain Authentication Header?
Ans. The Authentication Header (AH) protocol provides data origin authentication, data integrity, and replay
protection. However, AH does not provide data confidentiality, which means that all of your data is sent in
the clear.
AH ensures data integrity with the checksum that a message authentication code, like MD5, generates. To
ensure data origin authentication, AH includes a secret shared key in the algorithm that it uses for
authentication. To ensure replay protection, AH uses a sequence number field within the AH header. It is
worth noting here, that these three distinct functions are often lumped together and referred to
as authentication. In the simplest terms, AH ensures that your data has not been tampered with enroute to its
final destination.
Although AH authenticates as much of the IP datagram as possible, the values of certain fields in the IP
header cannot be predicted by the receiver. AH does not protect these fields, known as mutable fields.
However, AH always protects the payload of the IP packet.