![Page 1: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/1.jpg)
1
Last class Ethernet Hubs and Switches Mobile and wireless networks, CDMA
Today CDMA and IEEE 802.11 wireless LANs Network security
![Page 2: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/2.jpg)
2
10BaseT and 100BaseT Ethernet Uses CSMA/CD 10/100 Mbps rate; latter called “fast ethernet” T stands for Twisted Pair Nodes connect to a hub: “star topology”; 100
m max distance between nodes and hub
twisted pair
hub
![Page 3: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/3.jpg)
3
Interconnecting with hubs
Pros: Enables
interdepartmental communication
Extends max distance btw. nodes
If a hub malfunctions, the backbone hub can disconnect it
Cons: Collision domains are
transferred into one large, common domain
Cannot interconnect 10BaseT and 100BaseT hubs
hub
hubhub
hub
![Page 4: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/4.jpg)
4
Switch: traffic isolation switch installation breaks subnet into LAN
segments switch filters packets:
same-LAN-segment frames not usually forwarded onto other LAN segments
segments become separate collision domains
hub hub hub
switch
collision domain collision domain
collision domain
![Page 5: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/5.jpg)
5
Wireless network characteristicsMultiple wireless senders and receivers create
additional problems (beyond multiple access):
AB
C
Hidden terminal problem B, A hear each other B, C hear each other A, C can not hear each
othermeans A, C unaware of their
interference at B
A B C
A’s signalstrength
space
C’s signalstrength
Signal fading: B, A hear each other B, C hear each other A, C can not hear each other
interferring at B
![Page 6: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/6.jpg)
6
Overview
CDMA and IEEE 802.11 wireless LANs Network security
![Page 7: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/7.jpg)
7
Code Division Multiple Access (CDMA) used in several wireless broadcast channels
(cellular, satellite, etc) standards unique “code” assigned to each user; i.e., code
set partitioning all users share same frequency, but each user
has own “chipping” sequence (i.e., code) to encode data
encoded signal = (original data) X (chipping sequence)
decoding: inner-product of encoded signal and chipping sequence
allows multiple users to “coexist” and transmit simultaneously with minimal interference (if codes are “orthogonal”)
![Page 8: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/8.jpg)
8
CDMA Encode/Decode
slot 1 slot 0
d1 = -1
1 1 1 1
1- 1- 1- 1-
Zi,m= di.cmd0 = 1
1 1 1 1
1- 1- 1- 1-
1 1 1 1
1- 1- 1- 1-
1 1 11
1-1- 1- 1-
slot 0channeloutput
slot 1channeloutput
channel output Zi,m
sendercode
databits
slot 1 slot 0
d1 = -1d0 = 1
1 1 1 1
1- 1- 1- 1-
1 1 1 1
1- 1- 1- 1-
1 1 1 1
1- 1- 1- 1-
1 1 11
1-1- 1- 1-
slot 0channeloutput
slot 1channeloutputreceiver
code
receivedinput
Di = Zi,m.cmm=1
M
M
![Page 9: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/9.jpg)
9
CDMA: two-sender interference
![Page 10: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/10.jpg)
10
Overview
CDMA and IEEE 802.11 wireless LANs Network security
![Page 11: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/11.jpg)
11
IEEE 802.11 Wireless LAN
802.11b 2.4-5 GHz unlicensed
radio spectrum up to 11 Mbps direct sequence
spread spectrum (DSSS) in physical layer
• all hosts use same chipping code
widely deployed, using base stations
802.11a 5-6 GHz range up to 54 Mbps
802.11g 2.4-5 GHz range up to 54 Mbps
All use CSMA/CA for multiple access
All have base-station and ad-hoc network versions
![Page 12: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/12.jpg)
12
802.11 LAN architecture
wireless host communicates with base station base station = access
point (AP) Basic Service Set (BSS)
(aka “cell”) in infrastructure mode contains: wireless hosts access point (AP): base
station ad hoc mode: hosts
only
BSS 1
BSS 2
Internet
hub, switchor routerAP
AP
![Page 13: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/13.jpg)
13
802.11: Channels, association 802.11b: 2.4GHz-2.485GHz spectrum divided
into 11 channels at different frequencies AP admin chooses frequency for AP interference possible: channel can be same as
that chosen by neighboring AP! host: must associate with an AP
scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address
selects AP to associate with may perform authentication [Chapter 8] will typically run DHCP to get IP address in
AP’s subnet
![Page 14: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/14.jpg)
14
IEEE 802.11: multiple access avoid collisions: 2+ nodes transmitting at same
time 802.11: CSMA - sense before transmitting
don’t collide with ongoing transmission by other node
802.11: no collision detection! difficult to receive (sense collisions) when transmitting
due to weak received signals (fading) can’t sense all collisions in any case: hidden terminal,
fading goal: avoid collisions: CSMA/C(ollision)A(voidance)
AB
CA B C
A’s signalstrength
space
C’s signalstrength
![Page 15: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/15.jpg)
15
IEEE 802.11 MAC Protocol: CSMA/CA
802.11 sender1 if sense channel idle for DIFS then
transmit entire frame (no CD)2 if sense channel busy then
- start random backoff time- timer counts down while channel idle- transmit when timer expires- if no ACK, increase random backoff
interval, repeat 2
802.11 receiver- if frame received OK
return ACK after SIFS (ACK needed due to hidden terminal problem)
sender receiver
DIFS
data
SIFS
ACK
![Page 16: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/16.jpg)
16
Avoiding collisions (more)
idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames
sender first transmits small request-to-send (RTS) packets to BS using CSMA RTSs may still collide with each other (but they’re
short) BS broadcasts clear-to-send CTS in response to RTS RTS heard by all nodes
sender transmits data frame other stations defer transmissions
Avoid data frame collisions completely using small reservation packets!
![Page 17: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/17.jpg)
17
Collision Avoidance: RTS-CTS exchange
APA B
time
RTS(A)RTS(B)
RTS(A)
CTS(A) CTS(A)
DATA (A)
ACK(A) ACK(A)
reservation collision
defer
![Page 18: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/18.jpg)
18
framecontrol
durationaddress
1address
2address
4address
3payload CRC
2 2 6 6 6 2 6 0 - 2312 4
seqcontrol
802.11 frame: addressing
Address 2: MAC addressof wireless host or AP transmitting this frame
Address 1: MAC addressof wireless host or AP to receive this frame
Address 3: MAC addressof router interface to which AP is attached
Address 4: used only in ad hoc mode
![Page 19: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/19.jpg)
19
Internetrouter
AP
H1 R1
AP MAC addr H1 MAC addr R1 MAC addr
address 1 address 2 address 3
802.11 frame
R1 MAC addr AP MAC addr
dest. address source address
802.3 frame
802.11 frame: addressing
![Page 20: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/20.jpg)
20
hub or switch
AP 2
AP 1
H1 BBS 2
BBS 1
802.11: mobility within same subnet
router H1 remains in same
IP subnet: IP address can remain same
switch: which AP is associated with H1? self-learning (Ch. 5):
switch will see frame from H1 and “remember” which switch port can be used to reach H1
![Page 21: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/21.jpg)
21
Network Security
What is network security?Principles of cryptographyAuthenticationAccess control: firewallsAttacks and counter measures
![Page 22: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/22.jpg)
22
What is network security?
Confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message
Authentication: sender, receiver want to confirm identity of each other
Message Integrity: sender, receiver want to ensure message content not altered (in transit, or afterwards) without detection
Access and Availability: services must be accessible and available to users
![Page 23: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/23.jpg)
23
Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages
securesender
securereceiver
channel data, control messages
data data
Alice Bob
Trudy
![Page 24: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/24.jpg)
24
Who might Bob, Alice be?
… well, real-life Bobs and Alices! Web browser/server for electronic
transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?
![Page 25: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/25.jpg)
25
There are bad guys (and girls) out there!Q: What can a “bad guy” do?A: a lot!
eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source
address in packet (or any field in packet) hijacking: “take over” ongoing connection
by removing sender or receiver, inserting himself in place
denial of service: prevent service from being used by others (e.g., by overloading resources)
more on this later ……
![Page 26: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/26.jpg)
26
Overview
What is network security?Principles of cryptographyAuthenticationAccess control: firewallsAttacks and counter measures
![Page 27: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/27.jpg)
27
The language of cryptography
symmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption
key secret (private)
plaintext plaintextciphertext
KA
encryptionalgorithm
decryption algorithm
Alice’s encryptionkey
Bob’s decryptionkey
KB
![Page 28: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/28.jpg)
28
Symmetric key cryptography
substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc
E.g.:
Q: How hard to break this simple cipher?: brute force (how hard?) other?
![Page 29: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/29.jpg)
29
Symmetric key cryptography
symmetric key crypto: Bob and Alice share know same (symmetric) key: K
e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
Q: how do Bob and Alice agree on key value?
plaintextciphertext
KA-B
encryptionalgorithm
decryption algorithm
A-B
KA-B
plaintextmessage, m
K (m)A-B
K (m)A-Bm = K ( )
A-B
![Page 30: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/30.jpg)
30
Symmetric key crypto: DES
DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months
no known “backdoor” decryption approach making DES more secure:
use three keys sequentially (3-DES) on each datum use cipher-block chaining
![Page 31: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/31.jpg)
31
Symmetric key crypto: DES
initial permutation 16 identical “rounds” of
function application, each using different 48 bits of key
final permutation
DES operation
![Page 32: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/32.jpg)
32
AES: Advanced Encryption Standard
new (Nov. 2001) symmetric-key NIST standard, replacing DES
processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key)
taking 1 sec on DES, takes 149 trillion years for AES
![Page 33: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/33.jpg)
33
Public Key Cryptography
symmetric key crypto requires sender,
receiver know shared secret key
Q: how to agree on key in first place (particularly if never “met”)?
public key cryptography
radically different approach [Diffie-Hellman76, RSA78]
sender, receiver do not share secret key
public encryption key known to all
private decryption key known only to receiver
![Page 34: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/34.jpg)
34
Public key cryptography
plaintextmessage, m
ciphertextencryptionalgorithm
decryption algorithm
Bob’s public key
plaintextmessageK (m)
B+
K B+
Bob’s privatekey
K B-
m = K (K (m))B+
B-
![Page 35: 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and IEEE 802.11 wireless LANs r Network security](https://reader030.vdocuments.net/reader030/viewer/2022032522/56649d635503460f94a45b34/html5/thumbnails/35.jpg)
35
Public key encryption algorithms
need K ( ) and K ( ) such thatB B. .
given public key K , it should be impossible to compute private key K
B
B
Requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
+ -
K (K (m)) = m BB
- +
+
-