1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and...
-
date post
21-Dec-2015 -
Category
Documents
-
view
219 -
download
3
Transcript of 1 Last class r Ethernet r Hubs and Switches r Mobile and wireless networks, CDMA Today r CDMA and...
1
Last class Ethernet Hubs and Switches Mobile and wireless networks, CDMA
Today CDMA and IEEE 802.11 wireless LANs Network security
2
10BaseT and 100BaseT Ethernet Uses CSMA/CD 10/100 Mbps rate; latter called “fast ethernet” T stands for Twisted Pair Nodes connect to a hub: “star topology”; 100
m max distance between nodes and hub
twisted pair
hub
3
Interconnecting with hubs
Pros: Enables
interdepartmental communication
Extends max distance btw. nodes
If a hub malfunctions, the backbone hub can disconnect it
Cons: Collision domains are
transferred into one large, common domain
Cannot interconnect 10BaseT and 100BaseT hubs
hub
hubhub
hub
4
Switch: traffic isolation switch installation breaks subnet into LAN
segments switch filters packets:
same-LAN-segment frames not usually forwarded onto other LAN segments
segments become separate collision domains
hub hub hub
switch
collision domain collision domain
collision domain
5
Wireless network characteristicsMultiple wireless senders and receivers create
additional problems (beyond multiple access):
AB
C
Hidden terminal problem B, A hear each other B, C hear each other A, C can not hear each
othermeans A, C unaware of their
interference at B
A B C
A’s signalstrength
space
C’s signalstrength
Signal fading: B, A hear each other B, C hear each other A, C can not hear each other
interferring at B
6
Overview
CDMA and IEEE 802.11 wireless LANs Network security
7
Code Division Multiple Access (CDMA) used in several wireless broadcast channels
(cellular, satellite, etc) standards unique “code” assigned to each user; i.e., code
set partitioning all users share same frequency, but each user
has own “chipping” sequence (i.e., code) to encode data
encoded signal = (original data) X (chipping sequence)
decoding: inner-product of encoded signal and chipping sequence
allows multiple users to “coexist” and transmit simultaneously with minimal interference (if codes are “orthogonal”)
8
CDMA Encode/Decode
slot 1 slot 0
d1 = -1
1 1 1 1
1- 1- 1- 1-
Zi,m= di.cmd0 = 1
1 1 1 1
1- 1- 1- 1-
1 1 1 1
1- 1- 1- 1-
1 1 11
1-1- 1- 1-
slot 0channeloutput
slot 1channeloutput
channel output Zi,m
sendercode
databits
slot 1 slot 0
d1 = -1d0 = 1
1 1 1 1
1- 1- 1- 1-
1 1 1 1
1- 1- 1- 1-
1 1 1 1
1- 1- 1- 1-
1 1 11
1-1- 1- 1-
slot 0channeloutput
slot 1channeloutputreceiver
code
receivedinput
Di = Zi,m.cmm=1
M
M
9
CDMA: two-sender interference
10
Overview
CDMA and IEEE 802.11 wireless LANs Network security
11
IEEE 802.11 Wireless LAN
802.11b 2.4-5 GHz unlicensed
radio spectrum up to 11 Mbps direct sequence
spread spectrum (DSSS) in physical layer
• all hosts use same chipping code
widely deployed, using base stations
802.11a 5-6 GHz range up to 54 Mbps
802.11g 2.4-5 GHz range up to 54 Mbps
All use CSMA/CA for multiple access
All have base-station and ad-hoc network versions
12
802.11 LAN architecture
wireless host communicates with base station base station = access
point (AP) Basic Service Set (BSS)
(aka “cell”) in infrastructure mode contains: wireless hosts access point (AP): base
station ad hoc mode: hosts
only
BSS 1
BSS 2
Internet
hub, switchor routerAP
AP
13
802.11: Channels, association 802.11b: 2.4GHz-2.485GHz spectrum divided
into 11 channels at different frequencies AP admin chooses frequency for AP interference possible: channel can be same as
that chosen by neighboring AP! host: must associate with an AP
scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address
selects AP to associate with may perform authentication [Chapter 8] will typically run DHCP to get IP address in
AP’s subnet
14
IEEE 802.11: multiple access avoid collisions: 2+ nodes transmitting at same
time 802.11: CSMA - sense before transmitting
don’t collide with ongoing transmission by other node
802.11: no collision detection! difficult to receive (sense collisions) when transmitting
due to weak received signals (fading) can’t sense all collisions in any case: hidden terminal,
fading goal: avoid collisions: CSMA/C(ollision)A(voidance)
AB
CA B C
A’s signalstrength
space
C’s signalstrength
15
IEEE 802.11 MAC Protocol: CSMA/CA
802.11 sender1 if sense channel idle for DIFS then
transmit entire frame (no CD)2 if sense channel busy then
- start random backoff time- timer counts down while channel idle- transmit when timer expires- if no ACK, increase random backoff
interval, repeat 2
802.11 receiver- if frame received OK
return ACK after SIFS (ACK needed due to hidden terminal problem)
sender receiver
DIFS
data
SIFS
ACK
16
Avoiding collisions (more)
idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames
sender first transmits small request-to-send (RTS) packets to BS using CSMA RTSs may still collide with each other (but they’re
short) BS broadcasts clear-to-send CTS in response to RTS RTS heard by all nodes
sender transmits data frame other stations defer transmissions
Avoid data frame collisions completely using small reservation packets!
17
Collision Avoidance: RTS-CTS exchange
APA B
time
RTS(A)RTS(B)
RTS(A)
CTS(A) CTS(A)
DATA (A)
ACK(A) ACK(A)
reservation collision
defer
18
framecontrol
durationaddress
1address
2address
4address
3payload CRC
2 2 6 6 6 2 6 0 - 2312 4
seqcontrol
802.11 frame: addressing
Address 2: MAC addressof wireless host or AP transmitting this frame
Address 1: MAC addressof wireless host or AP to receive this frame
Address 3: MAC addressof router interface to which AP is attached
Address 4: used only in ad hoc mode
19
Internetrouter
AP
H1 R1
AP MAC addr H1 MAC addr R1 MAC addr
address 1 address 2 address 3
802.11 frame
R1 MAC addr AP MAC addr
dest. address source address
802.3 frame
802.11 frame: addressing
20
hub or switch
AP 2
AP 1
H1 BBS 2
BBS 1
802.11: mobility within same subnet
router H1 remains in same
IP subnet: IP address can remain same
switch: which AP is associated with H1? self-learning (Ch. 5):
switch will see frame from H1 and “remember” which switch port can be used to reach H1
21
Network Security
What is network security?Principles of cryptographyAuthenticationAccess control: firewallsAttacks and counter measures
22
What is network security?
Confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message
Authentication: sender, receiver want to confirm identity of each other
Message Integrity: sender, receiver want to ensure message content not altered (in transit, or afterwards) without detection
Access and Availability: services must be accessible and available to users
23
Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may intercept, delete, add messages
securesender
securereceiver
channel data, control messages
data data
Alice Bob
Trudy
24
Who might Bob, Alice be?
… well, real-life Bobs and Alices! Web browser/server for electronic
transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?
25
There are bad guys (and girls) out there!Q: What can a “bad guy” do?A: a lot!
eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source
address in packet (or any field in packet) hijacking: “take over” ongoing connection
by removing sender or receiver, inserting himself in place
denial of service: prevent service from being used by others (e.g., by overloading resources)
more on this later ……
26
Overview
What is network security?Principles of cryptographyAuthenticationAccess control: firewallsAttacks and counter measures
27
The language of cryptography
symmetric key crypto: sender, receiver keys identicalpublic-key crypto: encryption key public, decryption
key secret (private)
plaintext plaintextciphertext
KA
encryptionalgorithm
decryption algorithm
Alice’s encryptionkey
Bob’s decryptionkey
KB
28
Symmetric key cryptography
substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc
E.g.:
Q: How hard to break this simple cipher?: brute force (how hard?) other?
29
Symmetric key cryptography
symmetric key crypto: Bob and Alice share know same (symmetric) key: K
e.g., key is knowing substitution pattern in mono alphabetic substitution cipher
Q: how do Bob and Alice agree on key value?
plaintextciphertext
KA-B
encryptionalgorithm
decryption algorithm
A-B
KA-B
plaintextmessage, m
K (m)A-B
K (m)A-Bm = K ( )
A-B
30
Symmetric key crypto: DES
DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months
no known “backdoor” decryption approach making DES more secure:
use three keys sequentially (3-DES) on each datum use cipher-block chaining
31
Symmetric key crypto: DES
initial permutation 16 identical “rounds” of
function application, each using different 48 bits of key
final permutation
DES operation
32
AES: Advanced Encryption Standard
new (Nov. 2001) symmetric-key NIST standard, replacing DES
processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key)
taking 1 sec on DES, takes 149 trillion years for AES
33
Public Key Cryptography
symmetric key crypto requires sender,
receiver know shared secret key
Q: how to agree on key in first place (particularly if never “met”)?
public key cryptography
radically different approach [Diffie-Hellman76, RSA78]
sender, receiver do not share secret key
public encryption key known to all
private decryption key known only to receiver
34
Public key cryptography
plaintextmessage, m
ciphertextencryptionalgorithm
decryption algorithm
Bob’s public key
plaintextmessageK (m)
B+
K B+
Bob’s privatekey
K B-
m = K (K (m))B+
B-
35
Public key encryption algorithms
need K ( ) and K ( ) such thatB B. .
given public key K , it should be impossible to compute private key K
B
B
Requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
+ -
K (K (m)) = m BB
- +
+
-