Download Part I: Introduction - Computer Science Division

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts

Policies promoting wireless broadband in the United States wikipedia , lookup

CAN bus wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

IEEE 1355 wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Code-division multiple access wikipedia , lookup

Wireless security wikipedia , lookup

IEEE 802.11 wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Last class
 Ethernet
 Hubs and Switches
 Mobile and wireless networks, CDMA
Today
 CDMA and IEEE 802.11 wireless LANs
 Network security
1
10BaseT and 100BaseT Ethernet
 Uses CSMA/CD
 10/100 Mbps rate; latter called “fast ethernet”
 T stands for Twisted Pair
 Nodes connect to a hub: “star topology”; 100 m
max distance between nodes and hub
twisted pair
hub
2
Interconnecting with hubs
Pros:
Cons:
 Enables interdepartmental
 Collision domains are
communication
 Extends max distance btw.
nodes
 If a hub malfunctions, the
backbone hub can
disconnect it
hub
transferred into one large,
common domain
 Cannot interconnect
10BaseT and 100BaseT
hub hubs
hub
hub
3
Switch: traffic isolation
 switch installation breaks subnet into LAN
segments
 switch filters packets:
 same-LAN-segment frames not usually
forwarded onto other LAN segments
 segments become separate collision domains
switch
collision
domain
hub
collision domain
hub
collision domain
hub
4
Wireless network characteristics
Multiple wireless senders and receivers create
additional problems (beyond multiple access):
C
A
B
A
B
Hidden terminal problem
C
C’s signal
strength
A’s signal
strength
space
 B, A hear each other
Signal fading:
 A, C can not hear each other
 B, C hear each other
 B, C hear each other
 B, A hear each other
means A, C unaware of their
interference at B
 A, C can not hear each other
interferring at B
5
Overview
 CDMA and IEEE 802.11 wireless LANs
 Network security
6
Code Division Multiple Access (CDMA)
 used in several wireless broadcast channels





(cellular, satellite, etc) standards
unique “code” assigned to each user; i.e., code set
partitioning
all users share same frequency, but each user has
own “chipping” sequence (i.e., code) to encode data
encoded signal = (original data) X (chipping
sequence)
decoding: inner-product of encoded signal and
chipping sequence
allows multiple users to “coexist” and transmit
simultaneously with minimal interference (if codes
are “orthogonal”)
7
CDMA Encode/Decode
sender
d0 = 1
data
bits
code
Zi,m= di.cm
-1 -1 -1
1
-1
1 1 1
-1 -1 -1
slot 1
-1
slot 1
channel
output
1
-1
1 1 1 1 1 1
1
d1 = -1
1 1 1
channel output Zi,m
-1 -1 -1
slot 0
1
-1
-1 -1 -1
slot 0
channel
output
M
Di = S Zi,m.cm
m=1
received
input
code
receiver
1 1 1 1 1 1
1
-1 -1 -1
-1
1 1 1
1
-1
-1 -1 -1
-1
1 1 1
-1 -1 -1
slot 1
M
1
1
-1
-1 -1 -1
slot 0
d0 = 1
d1 = -1
slot 1
channel
output
slot 0
channel
output
8
CDMA: two-sender interference
9
Overview
 CDMA and IEEE 802.11 wireless LANs
 Network security
10
IEEE 802.11 Wireless LAN
 802.11b
 2.4-5 GHz unlicensed
radio spectrum
 up to 11 Mbps
 direct sequence spread
spectrum (DSSS) in
physical layer
• all hosts use same
chipping code
 widely deployed, using
base stations
 802.11a
 5-6 GHz range
 up to 54 Mbps
 802.11g
 2.4-5 GHz range
 up to 54 Mbps
 All use CSMA/CA for
multiple access
 All have base-station
and ad-hoc network
versions
11
802.11 LAN architecture
 wireless host communicates
Internet
AP
hub, switch
or router
BSS 1
AP
BSS 2
with base station
 base station = access
point (AP)
 Basic Service Set (BSS)
(aka “cell”) in infrastructure
mode contains:
 wireless hosts
 access point (AP): base
station
 ad hoc mode: hosts only
12
802.11: Channels, association
 802.11b: 2.4GHz-2.485GHz spectrum divided into
11 channels at different frequencies
 AP admin chooses frequency for AP
 interference possible: channel can be same as
that chosen by neighboring AP!
 host: must associate with an AP
 scans channels, listening for beacon frames
containing AP’s name (SSID) and MAC address
 selects AP to associate with
 may perform authentication [Chapter 8]
 will typically run DHCP to get IP address in AP’s
subnet
13
IEEE 802.11: multiple access
 avoid collisions: 2+ nodes transmitting at same time
 802.11: CSMA - sense before transmitting
 don’t collide with ongoing transmission by other node
 802.11: no collision detection!
 difficult to receive (sense collisions) when transmitting due
to weak received signals (fading)
 can’t sense all collisions in any case: hidden terminal, fading
 goal: avoid collisions: CSMA/C(ollision)A(voidance)
A
C
A
B
B
C
C’s signal
strength
A’s signal
strength
space
14
IEEE 802.11 MAC Protocol: CSMA/CA
802.11 sender
1 if sense channel idle for DIFS then
transmit entire frame (no CD)
2 if sense channel busy then
- start random backoff time
- timer counts down while channel idle
- transmit when timer expires
- if no ACK, increase random backoff
interval, repeat 2
802.11 receiver
- if frame received OK
sender
receiver
DIFS
data
SIFS
ACK
return ACK after SIFS (ACK needed due
to hidden terminal problem)
15
Avoiding collisions (more)
idea: allow sender to “reserve” channel rather than random
access of data frames: avoid collisions of long data frames
 sender first transmits small request-to-send (RTS) packets
to BS using CSMA
 RTSs may still collide with each other (but they’re short)
 BS broadcasts clear-to-send CTS in response to RTS
 RTS heard by all nodes
 sender transmits data frame
 other stations defer transmissions
Avoid data frame collisions completely
using small reservation packets!
16
Collision Avoidance: RTS-CTS exchange
A
AP
B
reservation collision
DATA (A)
defer
time
17
802.11 frame: addressing
2
2
6
6
6
frame
address address address
duration
control
1
2
3
Address 1: MAC address
of wireless host or AP
to receive this frame
2
6
seq address
4
control
0 - 2312
4
payload
CRC
Address 4: used only
in ad hoc mode
Address 3: MAC address
of router interface to
which AP is attached
Address 2: MAC address
of wireless host or AP
transmitting this frame
18
802.11 frame: addressing
R1 router
H1
Internet
AP
R1 MAC addr AP MAC addr
dest. address
source address
802.3 frame
AP MAC addr H1 MAC addr R1 MAC addr
address 1
address 2
address 3
802.11 frame
19
802.11: mobility within same subnet
 H1 remains in same IP
subnet: IP address
can remain same
 switch: which AP is
associated with H1?
 self-learning
(Ch. 5):
switch will see frame
from H1 and
“remember” which
switch port can be
used to reach H1
router
hub or
switch
BBS 1
AP 1
AP 2
H1
BBS 2
20
Network Security
What is network security?
Principles of cryptography
Authentication
Access control: firewalls
Attacks and counter measures
21
What is network security?
Confidentiality: only sender, intended receiver
should “understand” message contents
 sender encrypts message
 receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message Integrity: sender, receiver want to ensure
message content not altered (in transit, or
afterwards) without detection
Access and Availability: services must be accessible
and available to users
22
Friends and enemies: Alice, Bob, Trudy
 well-known in network security world
 Bob, Alice (lovers!) want to communicate “securely”
 Trudy (intruder) may intercept, delete, add messages
Alice
data
channel
secure
sender
Bob
data, control
messages
secure
receiver
data
Trudy
23
Who might Bob, Alice be?
 … well, real-life Bobs and Alices!
 Web browser/server for electronic
transactions (e.g., on-line purchases)
 on-line banking client/server
 DNS servers
 routers exchanging routing table updates
 other examples?
24
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: a lot!
eavesdrop: intercept messages
 actively insert messages into connection
 impersonation: can fake (spoof) source address
in packet (or any field in packet)
 hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself
in place
 denial of service: prevent service from being
used by others (e.g., by overloading resources)

more on this later ……
25
Overview
What is network security?
Principles of cryptography
Authentication
Access control: firewalls
Attacks and counter measures
26
The language of cryptography
Alice’s
K encryption
A
key
plaintext
encryption
algorithm
ciphertext
Bob’s
K decryption
B key
decryption plaintext
algorithm
symmetric key crypto: sender, receiver keys identical
public-key crypto: encryption key public, decryption key
secret (private)
27
Symmetric key cryptography
substitution cipher: substituting one thing for another

monoalphabetic cipher: substitute one letter for another
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Q: How hard to break this simple cipher?:
 brute force (how hard?)
 other?
28
Symmetric key cryptography
KA-B
KA-B
plaintext
message, m
encryption ciphertext
algorithm
K (m)
A-B
decryption plaintext
algorithm
m = K ( KA-B(m) )
A-B
symmetric key crypto: Bob and Alice share know same
(symmetric) key: K
A-B
 e.g., key is knowing substitution pattern in mono
alphabetic substitution cipher
 Q: how do Bob and Alice agree on key value?
29
Symmetric key crypto: DES
DES: Data Encryption Standard
 US encryption standard [NIST 1993]
 56-bit symmetric key, 64-bit plaintext input
 How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase
(“Strong cryptography makes the world a safer
place”) decrypted (brute force) in 4 months
 no known “backdoor” decryption approach
 making DES more secure:
 use three keys sequentially (3-DES) on each datum
 use cipher-block chaining

30
Symmetric key
crypto: DES
DES operation
initial permutation
16 identical “rounds” of
function application,
each using different
48 bits of key
final permutation
31
AES: Advanced Encryption Standard
 new (Nov. 2001) symmetric-key NIST
standard, replacing DES
 processes data in 128 bit blocks
 128, 192, or 256 bit keys
 brute force decryption (try each key)
taking 1 sec on DES, takes 149 trillion
years for AES
32
Public Key Cryptography
symmetric key crypto
 requires sender,
receiver know shared
secret key
 Q: how to agree on key
in first place
(particularly if never
“met”)?
public key cryptography
 radically different
approach [DiffieHellman76, RSA78]
 sender, receiver do
not share secret key
 public encryption key
known to all
 private decryption
key known only to
receiver
33
Public key cryptography
+ Bob’s public
B key
K
K
plaintext
message, m
encryption ciphertext
algorithm
+
K (m)
B
- Bob’s private
B key
decryption plaintext
algorithm message
+
m = K B(K (m))
B
34
Public key encryption algorithms
Requirements:
1
2
+
need K ( ) and K - ( ) such that
B
B
- +
K (K (m)) = m
B B
.
.
+
given public key KB , it should be
impossible to compute
private key KB
RSA: Rivest, Shamir, Adelson algorithm
35
Related documents
Oral Communication - An-Najah National University
Oral Communication - An-Najah National University
Communication in Business
Communication in Business
International Management
International Management
HR Objectives - Econbus
HR Objectives - Econbus
Communication Process
Communication Process
Chapter 1 Glossary - Fundamentals of Business Communication 2012
Chapter 1 Glossary - Fundamentals of Business Communication 2012
What is Communication?
What is Communication?
Successful Communication
Successful Communication
Communicatio Skill
Communicatio Skill
Basic Communication Theory
Basic Communication Theory
Slides on Security
Slides on Security