* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download ADVANCED COMPUTER NETWORKS - Sample Paper 1
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Wireless security wikipedia , lookup
Airborne Networking wikipedia , lookup
Serial digital interface wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Routing in delay-tolerant networking wikipedia , lookup
Zero-configuration networking wikipedia , lookup
MODEL TEST PAPER 1 Subject: Advance Computer Networks Q1 (a) What is Hidden and Exposed problem? Ans. The exposed node problem occurs when a node is prevented from sending packets to other nodes due to a neighboring transmitter. The hidden node problem or hidden terminal problem occurs when a node is visible from a wireless access point (AP), but not from other nodes communicating with that AP. This leads to difficulties in media access control. (b) Explain the advantages and disadvantages of Fiber Distributed Data Interface? Ans. Advantages: FDDI supports real-time allocation of network bandwidth. This allows you to use a wide array of different types of traffic. FDDI has a dual ring that is fault-tolerant. The benefit here is that if a station on the ring fails or if the cable becomes damaged, the dual ring is automatically doubled back onto itself into a single ring. The FDDI compensates for wiring failures. The stations wrap within themselves when the wiring fails. Optical bypass switches are used that can help prevent ring segmentation. The failed stations are eliminated from the ring. Disadvantages: There's a potential for multiple ring failures. As the network grows, this possibility grows larger and larger. The uses of fiber optic cables are expensive. This has kept many companies from deploying FDDI in a widespread manner. Instead, they have been using copper wire and the similar method of CDDI. (c) Explain the following term in respect to ATM technology:Virtual Path:- The bandwidth of the transmission path is logically divided into separate virtual paths and identified using the VPI in the ATM header. Each virtual path is allocated a fixed amount of bandwidth. Virtual paths do not dynamically vary their bandwidths beyond what has been allocated. Virtual Connection:- The bandwidth of a virtual path is logically divided into separate virtual channels using a virtual channel identifier in the ATM header. Unlike virtual paths, virtual channels share the bandwidth within a virtual path dynamically. UNI:- UNI is the interface between the ATM end user and a private ATM switch. It also can represent the interface between a private ATM switch and the public carrier ATM network. SVC:- An SVC is an on-demand connection that is dynamically established by end devices through the Network-Network Interface (NNI) signaling method. There must be an ATM switch between the end-devices that dynamically route the call through the ATM cloud. Network operators do not have to manually configure every ATM switch in the path. If there is a link failure, the end-device must reinitiate the SVC call. (d) Differentiate between Wi Fi and Wimax. Ans. Freature WiMax (802.16a) Wi-Fi (802.11b) Wi-Fi (802.11a/g) Primary Application Broadband Wireless Access Wireless LAN Wireless LAN Frequency Band Licensed/Unlicensed 2 G to 11 GHz 2.4 GHz ISM 2.4 GHz ISM (g) 5 GHz U-NII (a) Channel Bandwidth Adjustable 1.25 M to 20 MHz 25 MHz 20 MHz Half/Full Duplex Full Half Half Radio Technology OFDM (256-channels) Direct Sequence Spread Spectrum OFDM (64-channels) Bandwidth Efficiency <=5 bps/Hz <=0.44 bps/Hz <=2.7 bps/Hz Modulation BPSK, QPSK, 16-, 64-, 256-QAM QPSK BPSK, QPSK, 16-, 64-QAM FEC Convolutional Code Reed-Solomon None Convolutional Code Encryption Mandatory- 3DES Optional- AES Optional- RC4 (AES in 802.11i) Optional- RC4 (AES in 802.11i) Mobility Mobile WiMax (802.16e) In development In development Mesh Yes Vendor Proprietary Vendor Proprietary Access Protocol Request/Grant CSMA/CA CSMA/CA (e) What is Route Optimization in MIPv6? Ans. In mobile IPv6 route optimization is an essential part of the protocol. Mobile nodes have a binding update list, which contains the bindings other nodes have for it. Correspondent nodes and home agents have a binding cache, which contains the home and care-of addresses of mobile nodes they have been recently communicating with. All signaling is performed via destination options that are appended to the base IPv6 header. Thus all signaling traffic can be piggybacked on datagrams with a data payload. (f) Explain briefly one-way Hash function. Ans. An algorithm that turns messages or text into a fixed string of digits, usually for security or data management purposes. The "one way" means that it's nearly impossible to derive the original text from the string. A one-way hash function is used to create digital signatures, which in turn identify and authenticate the sender and message of a digitally distributed message. (g) Perform Encryption and Decryption using RSA Algo. For the following P=3, q=11, e=7 and m=5. Ans. n = p x q = 3 x 11 = 33 (n) = (p-1) x (q-1) = 2 x 10 = 20 gcd((n), e) = gcd(20, 7) = 1 d ≡ e-1(mod (n)) d x e mod (n) = 1 7d mod 20 = 1 d=3 So: Public Key pu = {e, n} = {7, 33} Private Key pr = {d, n} = {3, 33} Encryption: C = Me mod n = 57 mod 33 = 14 Decription: M = Cd mod n = 143 mod 33 = 5 Q2 (a) Explain HIPPI Protocol. What are its limitations and Characteristics? Ans. The High-Performance Peripheral Interface (HIPPI) protocol was designed to facilitate highspeed communications between very high-performance computers (such as supercomputers), and thereby to attempt to meet their I/O requirements. HIPPI is a very high-speed data transfer protocol, with the following properties, features, and Limitations: Data rates of 800 or 1600 Mb/s. Uses a 50- or 100-pair connection. (50-pair for 800 Mb/s data-rate, 100-pair for 1600 Mb/s data rate.) The 100-pair connection is actually a set of two identical 50-pair cables. Useful for distances up to 25 meters. (Serial-HIPPI extensions are being proposed for operation up to 10km.) Transfers 32 bits (for 800 Mb/s data-rate) or 64 bits (for 1600 Mb/s data-rate) in parallel. Packet format allows byte alignment. Connection-oriented protocol. Point-to-point connection. Simplex (i.e., one-way data transfer) operation. First standard in its class (data-transfer for high-performance computing environments). (b) Identify and describe the problem areas for wireless MAC protocols. Ans. Wireless medium makes the MAC design more challenging than the wireline networks. The three important issues are: 1. Half Duplex operation –> either send or receive but not both at a given time In wireless, It’s difficult to receive data when the transmitter is sending the data, because: ‰ When node is transmitting, a large fraction of the signal energy leaks into the receiver path. ‰ The transmitted and received power levels can differ by orders of magnitude ‰ The leakage signal typically has much higher power than the received signal -> “Impossible to detect a received signal, while transmitting data” ‰ Collision detection is not possible, while sending data – CSMA/CD (Ethernet MAC) cannot be used as it is As collision cannot be detected by the sender, all proposed protocols attempt to minimize the probability of collision -> Focus on collision avoidance. 2. Time varying channel Three mechanisms for radio signal propagation ‰ Reflection – occurs when a propagating wave impinges upon an object that has very large dimensions than the wavelength of the radio wave e.g. reflection occurs from the surface of the earth and from buildings and walls. ‰ Diffraction – occurs when the radio path between the transmitter and the receiver is obstructed by a Surface with sharp edges ‰ Scattering – occurs when the medium through which the wave travels consists of objects with dimensions smaller than the wavelength of the wave The received signal by a node is a superposition of time-shifted and attenuated versions of the transmitted signals ->The received signal varies with time The time varying signals (time varying channel) phenomenon -> also known as multipath propagation The rate of variation of channel is determined by the coherence time of the channel ‰ Coherence time is defined as time within which the received signal strength changes by 3 dB When a node’s received signal strength drops below a certain threshold the node is said to be in fade Handshaking is widely used strategy to ensure the link quality is good enough for data communication A successful handshake between a sender and a receiver (small message) indicates a good communication link 3. Burst channel errors As a consequence of time varying channel and varying signals strengths ->errors are introduced in the transmission (Very likely) For wireline networks the bit error rate (BER) is typically i.e. the probability of packet error is small For wireline networks the errors are due to random noise For wireless networks the BER is as high as 10^-3 For wireless networks the errors are due to node being in fade as a result errors occur in a long burst Packet loss due to burst errors - mitigation techniques » Smaller packets » Forward Error Correcting Codes » Retransmissions Q3 (a) Explain IEEE 802.6 Protocol. Ans. Distributed Queue Dual Bus (DQDB) is a Data-link layer communication protocol for Metropolitan Area Networks (MANs), specified in the IEEE 802.6 standard and designed for use in MANs. DQDB is designed for data as well as voice and video transmission and is based on cell switching technology (similar to ATM). DQDB, which permits multiple systems to interconnect using two unidirectional logical buses, is an open standard that is designed for compatibility with carrier transmission standards such as SMDS. For a MAN to be effective it requires a system that can function across long, “city-wide” distances of several miles, have a low susceptibility to error, adapt to the number of nodes attached and have variable bandwidth distribution. Using DQDB, networks can be thirty miles long and function in the range of 34 Mbps to 155 Mbps. The data rate fluctuates due to many hosts sharing a dual bus, as well as to the location of a single host in relation to the frame generator, but there are schemes to compensate for this problem making DQDB function reliably and fairly for all hosts. The DQDB is composed of two bus lines with stations attached to both and a frame generator at the end of each bus. The buses run in parallel in such a fashion as to allow the frames generated to travel across the stations in opposite directions. Below is a picture of the basic DQDB architecture. DQDB Architecture (b) List the various types of Timers and Time Registers used in FIDDI. Ans. Time Registers FDDI defines three time registers to control circulation of the token and distribute link access opportunities among the nodes equitably. Values are set when the ring is initialized and do not vary in the course of operation. The registers are called synchronous allocation (SA), target token rotation time (TTRT), and absolute maximum time (AMT). 1. Synchronous Allocation (SA) The SA register indicates the length of time allowed each station for sending synchronous data. This value is different for each station and is negotiated during initialization of the ring. 2. Target Token Rotation Time (TTRT) The TTRT register indicates the average time required for a token to circulate around the ring exactly once (the elapsed time between a token's arrival at a given station and its next arrival at the same station). Because it is an average, the actual time of any rotation may be greater or less than this value. 3. Absolute Maximum Time (AMT) The AMT register holds a value equal to twice the TTRT. A token may not take longer than this time to make one rotation of the ring. If it does, some station or stations are monopolizing the network and the ring must be reinitialized. Timers Each station contains a set of timers that enable it to compare actual timings with the values contained in the registers. Timers can be set and" reset, and the_ values decremented or incremented at a rate set by the system clock. The two timers used by FDDI are called the token rotation timer (TRT) and token holding timer (THT). 1. Token Rotation Timer (TRT) The TRT runs continuously and measures the actual time taken by the token to complete a cycle. In our implementation, we use an incrementing TRT for simplicity, although some implementations may use a decremenlin1 timer. 2. Token Holding Timer (THT) The THT begins running as soon as the token is received. Its function is to show how much time remains for sending asynchronous frames once the synchronous frames have been sent. In our implementation, we use a decrementing THT for simplicity, although some implementations may use an incrementing one. In addition, we allow the value of THT to become negative (to make the concept easier to understand) although a real timer may stay at zero. Q4 (a) Differentiate between Statefull and Stateless address assignment Protocols of IPv6. Ans. Differences between Stateless and Stateful Stateless Stateful 1:1 translation 1:N translation No conservation of IPv4 address Conserves IPv4 address Assures end-to-end address transparency and scalability Uses address overloading, hence lacks in end-to-end address transparency No state or bindings created on the translation State or bindings are created on every unique translation Requires IPv4-translatable IPv6 addresses assignment (mandatory requirement) No requirement on the nature of IPv6 address assignment Requires either manual or DHCPv6 based address assignment for IPv6 hosts Free to choose any mode of IPv6 address assignment viz. Manual, DHCPv6, SLAAC (b) Gives the Configuration commands in OSPFv3. Ans. The commands required to configure OSPFv3 on a network device. 1 Enter global configuration mode router#configure terminal 2 Enable device IPv6 unicast forwarding router(config)#ipv6 unicast-routing 3 Enter interface configuration mode router(config)#interface interface 4 Enable OSPFv3 on the interfaceNote: In newer router(config-if)#ipv6 ospf process-id area versions of IOS 15 this command is being changed, the newer version of the command will be ospfv3 process-id area. Repeat steps 1-4 on all OSPFv3 interfaces 5 Enter OSPFv3 router configuration modeNote: This is a global configuration mode command router(config-if)#ipv6 router ospf process-id 6 Configure the router-ID to be used by router(config-router)#router-id ip-address OSPFv3Note: This is required if no IPv4 address is assigned on the device. Q5 Compare IPv4 multicasting & IPv6 multicasting. Ans. Although the basic notion of multicasting is common to IPv4 and IPv6, several new characteristics are introduced in IPv6 multicasting. In IPv4, multicasting was extension of the basic specification, while specifications of IPv6 require that all IPv6 nodes support multicasting. IPv6 explicitly limits the scope of a multicast address by using a fixed address field, whereas the scope was specified using TTL (Time to Live) of a multicast packet in IPv4. In IPv4, multicast tunnels were introduced to deploy multicasting .In IPv6,all routers should be multicast-capable, which means that we do not have to use multicast tunnels to deploy IPv6 multicasting. IPv4 multicasting use unicast addresses to identify a network interface. However, this is not suitable for IPv6, as an IPv6-capable node may assign multiple addresses on a single interface, which tends to cause a configuration mismatch. In IPv6, to identify the interface the user must use specified interface index. Q6 What are the new Security Threats that have been introduced in Mobile IPv6? Give there solutions. Ans. Security issues in MIPV6: A. Secure Route Optimization To enhance the performance, Route Optimization protocol is used. Route optimization is a technique which enables a mobile node and a correspondent node to communicate directly, bypassing the home agent completely. The concept of route optimization is that, when the mobile node receives the first tunneled message, the mobile node informs correspondent node about its new location, i.e. care-ofaddress, by sending a binding update message. The correspondent node stores the binding between the home address and care-of address into its Binding Cache. Then after communication directly take place between MN and CN. The route optimization is not secure because there is no authentication mechanism between MN and CN. B. Connection hijacking The connection-hijacking attack is shown in Figure. A, B and C are IPv6 addresses. The Internet nodes A and B are honest and communicating with each other. An attacker at the address C sends a false binding update to B, claiming to be a mobile with the home address A. If B, acting in the role of a correspondent, believes the binding update and creates a binding, it will redirect to C all packets that are intended for A. Thus, the attacker can intercept packets sent by B to A. The attacker can also spoof data packets from A by inserting a false home-address option into them. This way, it can hijack existing connections between A and B, and open new ones pretending to be A. The attacker can also redirect the packets to a random or non-existent care-of address in order to disrupt the communication between the honest nodes. It has to send a new binding update every few minutes to refresh the binding cache entry at the correspondent. C. Denial of Service It is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a Denial of Service attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. By sending spoofed BUs, an attacker could also send large amounts of unwanted traffic to overwhelm the resources of a single node or that of a network. The attacker could first find a site with streaming video or another heavy data stream and establish a connection with it. Then it could send a BU to the corresponding node, saying to redirect subsequent data traffic to the attacker’s new location, that of an arbitrary node. This arbitrary node would be then bombed with a large amount of unnecessary traffic. Similarly, the attacker could also use spoofed BUs to redirect several streams of data to random addresses with the network prefix of a particular target network, thereby congesting an entire network with unwanted data D. Eavesdropping Eavesdropping is type of a theft of information attack. It may be passive or active. A passive eavesdropping attack happens when an attacker start to listen to the traffic and get useful information by gathering the session data that is transferred between mobile device and its home agent. In case of wireless network an intruder is able to receive packets transmitted by radio signals. In case of active eavesdropping the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances. Q7 Explain S / MIME. Ans. S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of M S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs (3369, 3370, 3850, 3851). S/MIME was originally developed by RSA Data Security IME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs (3369, 3370, 3850, 3851). S/MIME was originally developed by RSA Data Security. Q8 Explain Authentication Header? Ans. The Authentication Header (AH) protocol provides data origin authentication, data integrity, and replay protection. However, AH does not provide data confidentiality, which means that all of your data is sent in the clear. AH ensures data integrity with the checksum that a message authentication code, like MD5, generates. To ensure data origin authentication, AH includes a secret shared key in the algorithm that it uses for authentication. To ensure replay protection, AH uses a sequence number field within the AH header. It is worth noting here, that these three distinct functions are often lumped together and referred to as authentication. In the simplest terms, AH ensures that your data has not been tampered with enroute to its final destination. Although AH authenticates as much of the IP datagram as possible, the values of certain fields in the IP header cannot be predicted by the receiver. AH does not protect these fields, known as mutable fields. However, AH always protects the payload of the IP packet.