MI0035-set-2

Sikkim Manipal University - MBA - MI0035 – Computer Network

Semester: 3 - Assignment Set: 2

Q.1 Write down the features of Fast Ethernet and Gigabit Ethernet.

Answer: Fast Ethernet Technology

Fast Ethernet, or 100BaseT, is conventional Ethernet but faster, operating at 100 Mbps instead of 10

Mbps. Fast Ethernet is based on the proven CSMA/CD Media Access Control (MAC) protocol and can

use existing 10BaseT cabling (See Appendix for pinout diagram and table). Data can move from 10

Mbps to 100 Mbps without protocol translation or changes to application and networking software.

Data- Link Layer: Fast Ethernet maintains CSMA/CD, the Ethernet transmission protocol. However,

Fast Ethernet reduces the duration of time each bit is transmitted by a factor of 10, enabling the

packet speed to increase tenfold from 10 Mbps to 100 Mbps. Data can move between Ethernet and

Fast Ethernet without requiring protocol translation, because Fast Ethernet also maintains the

10BaseT error control functions as well as the frame format and length. Other high-speed

technologies such as 100VG-AnyLAN, FDDI, and Asynchronous Transfer Mode (ATM) achieve 100

Mbps or higher speeds by implementing different protocols that require protocol translation when

moving data to and from 10BaseT. This protocol translation involves changes to the frame that

typically mean higher latencies when frames are passed through layer 2 LAN switches.

Physical Layer Media Options: Fast Ethernet can run over the same variety of media as

10BaseT, including UTP, shielded twisted-pair (STP), and fiber. The Fast Ethernet specification

defines separate physical sublayers for each media type:

• 100BaseT4 for four pairs of voice- or data-grade Category 3, 4, and 5 UTP wiring

• 100BaseTX for two pairs of data-grade Category 5 UTP and STP wiring

• 100BaseFX for two strands of 62.5/125-micron multimode fiber

In many cases, organizations can upgrade to 100BaseT technology without replacing existing

wiring. However, for installations with Category 3 UTP wiring in all or part of their locations, four

pairs must be available to implement Fast Ethernet.

The MII layer of 100BaseT couples these physical sublayers to the CSMA/CD MAC layer. The MII

provides a single interface that can support external transceivers for any of the 100BaseT physical

sublayers. For the physical connection, the MII is implemented on Fast Ethernet devices such as

routers, switches, hubs, and adapters, and on transceiver devices using a 40-pin connector. Cisco

Systems contributed to the MII specification.

Physical Layer Signaling Schemes

Each physical sublayer uses a signaling scheme that is appropriate to its media type. 100BaseT4

uses three pairs of wire for 100-Mbps transmission and the fourth pair for collision detection. This

method lowers the 100BaseT4 signaling to 33 Mbps per pair, making it suitable for Category 3, 4,

and 5 wiring. 100BaseTX uses one pair of wires for transmission (125-MHz frequency operating at

80-percent efficiency to allow for 4B5B encoding) and the other pair for collision detection and

Sandeep Haldar Reg. No. 511114771



receive. 100BaseFX uses one fiber for transmission and the other fiber for collision detection and

receive. The 100BaseTX and 100BaseFX physical signaling channels are based on FDDI physical

layers developed and approved by the American National Standards Institute (ANSI) X3T9.5

committee. 100BaseTX uses the MLT-3 line encoding signaling scheme, which Cisco developed and

contributed to the ANSI committee as the specification for FDDI over Category 5 UTP. Today MLT-3

also is used as the signaling scheme for ATM over Category 5 UTP.

Gigabit Ethernet: Gigabit Ethernet is a 1-gigabit/sec (1,000-Mbit/sec) extension of the IEEE 802.3

Ethernet networking standard. Its primary niches are corporate LANs, campus networks, and service

provider networks where it can be used to tie together existing 10-Mbit/sec and 100-Mbit/sec

Ethernet networks. Gigabit Ethernet can replace 100-Mbit/sec FDDI (Fiber Distributed Data

Interface) and Fast Ethernet backbones, and it competes with ATM (Asynchronous Transfer Mode)

as a core networking technology. Many ISPs use Gigabit Ethernet in their data centers.

Gigabit Ethernet provides an ideal upgrade path for existing Ethernet-based networks. It can be

installed as a backbone network while retaining the existing investment in Ethernet hubs, switches,

and wiring plants. In addition, management tools can be retained, although network analyzers will

require updates to handle the higher speed. Gigabit Ethernet provides an alternative to ATM as a

high-speed networking technology. While ATM has built-in QoS (quality of service) to support real-

time network traffic, Gigabit Ethernet may be able to provide a high level of service quality by

providing more bandwidth than is needed.

This topic continues in "The Encyclopedia of Networking and Telecommunications" with a discussion

of the following:

Gigabit Ethernet features and specification

Gigabit Ethernet modes and functional elements

Gigabit Ethernet committees and specifications, including:

1000Base-LX (IEEE 802.3z)

1000Base-SX (IEEE 802.3z)

1000Base-CX (IEEE 802.3z)

1000Base-T (IEEE 802.3ab)

10-Gigabit Ethernet (IEEE 802.3ae)

Gigabit Ethernet switches

Network configuration and design

Flat network or subnetsGigabit Ethernet backbones

Switch-to-server links

Gigabit Ethernet to the desktop

Switch-to-switch links

Gigabit Ethernet versus ATM

Hybrid Gigabit Ethernet/ATM Core Network




10-Gigabit Ethernet

As if 1 Gbits/sec wasn't enough, the IEEE is working to define 10-Gigabit Ethernet (sometimes called

"10 GE"). The new standard is being developed by the IEEE 802.3ae Working Group. Service

providers will be the first to take advantage of this standard. It is being deployed in emerging

metro-Ethernet networks. See "MAN (Metropolitan Area Network)" and "Network Access Services."

As with 1-Gigabit Ethernet, 10-Gigabit Ethernet will preserve the 802.3 Ethernet frame format, as

well as minimum and maximum frame sizes. It will support full-duplex operation only. The topology

is star-wired LANs that use point-to-point links, and structured cabling topologies. 802.3ad link

aggregation will also be supported. The new standard will support new multimedia applications,

distributed processing, imaging, medical, CAD/CAM, and a variety of other applications-many that

cannot even be perceived today. Most certainly it will be used in service provider data centers and

as part of metropolitan area networks. The technology will also be useful in the SAN (Storage Area

Network) environment.

Q.2 Differentiate the working between pure ALOHA and slotted ALOHA.

Answer: ALOHA: Aloha is a computer networking system which was introduced in the early 1970

by Norman Abramson and his colleagues at university of Hawaii to solve the channel allocation

problem. On the basis of global time synchronization. Aloha is divided into two different versions or

protocols. i.e Pure Aloha and Slotted Aloha.

Pure Aloha: Pure Aloha does not require global time synchronization. The basic idea of pure aloha

system is that it allows its users to transmit whenever they have data.A sender just like other users

can listen to what it is transmitting, and due to this feedback broadcasting system is able to detect

collision, if any. If the collision is detected the sender will wait a random period of time and attempt

transmission again. The waiting time must not be the same or the same frames will collide and

destroyed over and over. Systems in which multiple users share a common channel in a way that

can lead to conflicts are widely known as contention systems.

Efficiency of Pure Aloha: Let "T" be the time needed to transmit one frame on the channel, and

"frame-time" as a unit of time equal to T. Let "G" refer to the mean used in the Poisson distribution

over transmission-attempt amounts that is, on average, there are G transmission-attempts per

frame-time. Let "t" be the time at which the sender wants to send a frame. We want to use the

channel for one frame-time beginning at t, and so we need all other stations to refrain from

transmitting during this time. Moreover, we need the other stations to refrain from transmitting

between t-T and t as well, because a frame sent during this interval would overlap with our frame.




EFFICIENCY OF ALOHA: Vulnerable period for the shaded frame is 2t, if t is the frame time. A

frame will not collide if no other frames are sent within one frame time of its start, before and after.

For any frame-time, the probability of there being k transmission-attempts during that frame-time

is: {G^k e^{-G}} / {k!} If throughput (number of packets per unit time) is represented by S, under

all load, S =GPo, where Po is the probability that the frame does not suffer collision. A frame does

not have collision if no frames are send during the frame time. Thus, in t time Po=(e)^(-G). In 2t

time Po=e^(-2G), as mean number of frames generated in 2t is 2G. From the above, throughput in

2t time S=G*(Po)=G*e^(-2G)

Slotted Aloha Channel: Slotted Aloha does require global time synchronization.

Efficiency of Slotted Aloha Channel: Assume that the sending stations has to wait until the

beginning of a frame time (one frame time is one time slot) and arrivals still follow Poisson

Distribution, where they are assumed probabilistically independent: In this case the vulnerable

period is just t time units. Then the Probability that k frames are generated in a frame time is

effective:-

Pk=(G^k)*(e^-G)/k! In t time, the probability of zero frames, Po=e^(-G) From the above throughput

becomes:

S=GPo=G*(e^-G)

Comparison Of Pure Aloha And Slotted Aloha:

PURE ALOHA VS SLOTTED ALOHA: Throughput versus offered traffic for pure ALOHA and slotted

ALOHA systems, ie, plot of S against G, from S=Ge^(-2G) and S=Ge^(-G) formulas.




CSMA: CSMA is a set of rules in which the devices attached to a network first determines whether

the channel or carrier is in use or free and then act accordingly. As in this MAC protocol,the network

devices or nodes before transmission senses the channel,therefore, this protocol is known as carrier

sense multiple access protocol. Multiple Access indicates that many devices can connect to and

share the same network and if a node transmits anything, it is heard by all the stations on the

network.

Q.3 Write down distance vector algorithm. Explain path vector protocol.

Answer: Distance Vector Routing algorithm:

1) For each node, estimate the cost from itself to each destination.

2) For each node, send the cost information the neighbors.

3) Receive cost information from the neighbor, update the routing tables accordingly.

4) Repeat steps 1 to 3 periodically.

Path vector protocol: A path vector protocol is a computer network routing protocol which

maintains the path information that gets updated dynamically. Updates which have looped through

the network and returned to the same node are easily detected and discarded. This algorithm is

sometimes used in Bellman–Ford routing algorithms to avoid "Count to Infinity" problems.

It is different from the distance vector routing and link state routing. Each entry in the routing table

contains the destination network, the next router and the path to reach the destination.

Path Vector Messages in BGP: The autonomous system boundary routers (ASBR), which participate

in path vector routing, advertise the reachability of networks. Each router that receives a path

vector message must verify that the advertised path is according to its policy. If the messages

comply with the policy, the ASBR modifies its routing table and the message before sending it to the

next neighbor. In the modified message it sends its own AS number and replaces the next router

entry with its own identification.

BGP is an example of a path vector protocol. In BGP the routing table maintains the autonomous

systems that are traversed in order to reach the destination system. Exterior Gateway

Protocol (EGP) does not use path vectors.

Q.4 State the working principle of TCP segment header and UDP header.

Answer: TCP Header Format: TCP segments are sent as internet datagrams. The Internet

Protocol header carries several information fields, including the source and destination host




addresses [2]. A TCP header follows the internet header, supplying information specific to the TCP

protocol. This division allows for the existence of host level protocols other than TCP.

TCP Header Format

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Source Port | Destination Port |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Sequence Number |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Acknowledgment Number |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Data | |U|A|P|R|S|F| |

| Offset| Reserved |R|C|S|S|Y|I| Window |

| | |G|K|H|T|N|N| |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Checksum | Urgent Pointer |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Options | Padding |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| data |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

TCP Header Format

Note that one tick mark represents one bit position.

Source Port: 16 bits

The source port number.

Destination Port: 16 bits

The destination port number. Sandeep Haldar Reg. No. 511114771



Sequence Number: 32 bits

The sequence number of the first data octet in this segment (except when SYN is present). If SYN is

present the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1.

Acknowledgment Number: 32 bits

If the ACK control bit is set this field contains the value of the next sequence number the sender of

the segment is expecting to receive. Once a connection is established this is always sent.

Data Offset: 4 bits

The number of 32 bit words in the TCP Header. This indicates where the data begins. The TCP

header (even one including options) is an integral number of 32 bits long.

Reserved: 6 bits

Reserved for future use. Must be zero.

Control Bits: 6 bits (from left to right):

URG: Urgent Pointer field significant

ACK: Acknowledgment field significant

PSH: Push Function

RST: Reset the connection

SYN: Synchronize sequence numbers

FIN: No more data from sender

Window: 16 bits

The number of data octets beginning with the one indicated in the acknowledgment field which the

sender of this segment is willing to accept.

Checksum: 16 bits

The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words

in the header and text. If a segment contains an odd number of header and text octets to be

checksummed, the last octet is padded on the right with zeros to form a 16 bit word for checksum

purposes. The pad is not transmitted as part of the segment. While computing the checksum, the

checksum field itself is replaced with zeros.

The checksum also covers a 96 bit pseudo header conceptually prefixed to the TCP header. This

pseudo header contains the Source Address, the Destination Address, the Protocol, and TCP length.

This gives the TCP protection against misrouted segments. This information is carried in the

Internet Protocol and is transferred across the TCP/Network interface in the arguments or results of

calls by the TCP on the IP.

+--------+--------+--------+--------+

| Source Address |

+--------+--------+--------+--------+




| Destination Address |

+--------+--------+--------+--------+

| zero | PTCL | TCP Length |

+--------+--------+--------+--------+

The TCP Length is the TCP header length plus the data length in octets (this is not an explicitly

transmitted quantity, but is computed), and it does not count the 12 octets of the pseudo header.

Urgent Pointer: 16 bits

This field communicates the current value of the urgent pointer as a positive offset from the

sequence number in this segment. The urgent pointer points to the sequence number of the octet

following the urgent data. This field is only be interpreted in segments with the URG control bit set.

Options: variable

Options may occupy space at the end of the TCP header and are a multiple of 8 bits in length. All

options are included in the checksum. An option may begin on any octet boundary. There are two

cases for the format of an option:

Case 1: A single octet of option-kind.

Case 2: An octet of option-kind, an octet of option-length, and the actual option-data octets.

The option-length counts the two octets of option-kind and option-length as well as the option-

data octets.

Note that the list of options may be shorter than the data offset field might imply. The content of

the header beyond the End-of-Option option must be header padding (i.e., zero).

A TCP must implement all options.

Currently defined options include (kind indicated in octal):

Kind Length Meaning

---- ------ -------

0 - End of option list.

1 - No-Operation.

2 4 Maximum Segment Size.

Specific Option Definitions

End of Option List




+--------+

|00000000|

+--------+

Kind=0

This option code indicates the end of the option list. This might not coincide with the end of

the TCP header according to the Data Offset field. This is used at the end of all options, not the end

of each option, and need only be used if the end of the options would not otherwise coincide with

the end of the TCP header.

No-Operation

+--------+

|00000001|

+--------+

Kind=1

This option code may be used between options, for example, to align the beginning of a

subsequent option on a word boundary.

There is no guarantee that senders will use this option, so receivers must be prepared to

process options even if they do not begin on a word boundary.

Maximum Segment Size

+--------+--------+---------+--------+

|00000010|00000100| max seg size |

+--------+--------+---------+--------+

Kind=2 Length=4

Maximum Segment Size Option Data: 16 bits

If this option is present, then it communicates the maximum receive segment size at the TCP

which sends this segment.

This field must only be sent in the initial connection request (i.e., in segments with the SYN

control bit set). If this option is not used, any segment size is allowed.




Padding: variable

The TCP header padding is used to ensure that the TCP header ends and data begins on a 32 bit

boundary. The padding is composed of zeros.

The User Datagram Protocol (UDP)

The User Datagram Protocol (UDP) is a transport layer protocol defined for use with the IP network

layer protocol. It is defined by RFC 768 written by John Postel. It provides a best-effort datagram

service to an End System (IP host). The service provided by UDP is an unreliable service that

provides no guarantees for delivery and no protection from duplication (e.g. if this arises due to

software errors within an Intermediate System (IS)). The simplicity of UDP reduces the overhead

from using the protocol and the services may be adequate in many cases. UDP provides a minimal,

unreliable, best-effort, message-passing transport to applications and upper-layer protocols.

Compared to other transport protocols, UDP and its UDP-Lite variant are unique in that they do not

establish end-to-end connections between communicating end systems. UDP communication

consequently does not incur connection establishment and teardown overheads and there is

minimal associated end system state. Because of these characteristics, UDP can offer a very

efficient communication transport to some applications, but has no inherent congestion control or

reliability. A second unique characteristic of UDP is that it provides no inherent On many platforms,

applications can send UDP datagrams at the line rate of the link interface, which is often much

greater than the available path capacity, and doing so would contribute to congestion along the

path, applications therefore need to be designed responsibly [RFC 4505].

One increasingly popular use of UDP is as a tunneling protocol, where a tunnel endpoint

encapsulates the packets of another protocol inside UDP datagrams and transmits them to another

tunnel endpoint, which decapsulates the UDP datagrams and forwards the original packets

contained in the payload. Tunnels establish virtual links that appear to directly connect locations

that are distant in the physical Internet topology, and can be used to create virtual (private)

networks. Using UDP as a tunneling protocol is attractive when the payload protocol is not

supported by middleboxes that may exist along the path, because many middleboxes support UDP

transmissions.

UDP does not provide any communications security. Applications that need to protect their

communications against eavesdropping, tampering, or message forgery therefore need to

separately provide security services using additional protocol mechanisms.

Protocol Header

A computer may send UDP packets without first establishing a connection to the recipient. A UDP

datagram is carried in a single IP packet and is hence limited to a maximum payload of 65,507

bytes for IPv4 and 65,527 bytes for IPv6. The transmission of large IP packets usually requires IP

fragmentation. Fragmentation decreases communication reliability and efficiency and should

theerfore be avoided.




To transmit a UDP datagram, a computer completes the appropriate fields in the UDP header (PCI)

and forwards the data together with the header for transmission by the IP network layer.

The UDP protocol header consists of 8 bytes of Protocol Control Information (PCI)

The UDP header consists of four fields each of 2 bytes in length:

Source Port (UDP packets from a client use this as a service access point (SAP) to indicate

the session on the local client that originated the packet. UDP packets from a server carry

the server SAP in this field)

Destination Port (UDP packets from a client use this as a service access point (SAP) to

indicate the service required from the remote server. UDP packets from a server carry the

client SAP in this field)

UDP length (The number of bytes comprising the combined UDP header information and

payload data)

UDP Checksum (A checksum to verify that the end to end data has not been corrupted

by routers or bridges in the network or by the processing in an end system. The algorithm to

compute the checksum is the Standard Internet Checksum algorithm. This allows the

receiver to verify that it was the intended destination of the packet, because it covers the IP

addresses, port numbers and protocol number, and it verifies that the packet is not

truncated or padded, because it covers the size field. Therefore, this protects an application

against receiving corrupted payload data in place of, or in addition to, the data that was

sent. In the cases where this check is not required, the value of 0x0000 is placed in this field,

in which case the data is not checked by the receiver.

Like for other transport protocols, the UDP header and data are not processed by Intermediate

Systems (IS) in the network, and are delivered to the final destination in the same form as originally

transmitted. At the final destination, the UDP protocol layer receives packets from the IP network

layer. These are checked using the checksum (when >0, this checks correct end-to-end operation of

the network service) and all invalid PDUs are discarded. UDP does not make any provision for error

reporting if the packets are not delivered. Valid data are passed to the appropriate session layer

protocol identified by the source and destination port numbers (i.e. the session service access

points).

UDP and UDP-Lite also may be used for multicast and broadcast, allowing senders to transmit to

multiple receivers.

Using UDP

Application designers are generally aware that UDP does not provide any reliability, e.g., it does not




retransmit any lost packets. Often, this is a main reason to consider UDP as a transport. Applications

that do require reliable message delivery therefore need to implement appropriate protocol

mechanisms in their applications (e.g. tftp).

UDP's best effort service does not protect against datagram duplication, i.e., an application may

receive multiple copies of the same UDP datagram. Application designers therefore need to verify

that their application gracefully handles datagram duplication and may need to implement

mechanisms to detect duplicates. The Internet may also significantly delay some packets with

respect to others, e.g., due to routing transients, intermittent connectivity, or mobility. This can

cause reordering, where UDP datagrams arrive at the receiver in an order different from the

transmission order. Applications that require ordered delivery must restore datagram ordering

themselves. The burdon of needing to code all these protocol mechanims can be avoided by

using TCP.

Q.5 What is IP addressing? Discuss different classes of IP Addressing.

Answer: IP addressing

n identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route

messages based on the IP address of the destination. The format of an IP address is a 32-bit

numeric address written as four numbers separated by periods. Each number can be zero to 255.

For example, 1.160.10.240 could be an IP address.

Within an isolated network, you can assign IP addresses at random as long as each one is unique.

However, connecting a private network to the Internetrequires using registered IP addresses

(called Internet addresses) to avoid duplicates.

The four numbers in an IP address are used in different ways to identify a particular network and a

host on that network. Four regional Internet registries -- ARIN, RIPE NCC, LACNIC and APNIC -- assign

Internet addresses from the following three classes.

· Class A - supports 16 million hosts on each of 126 networks

· Class B - supports 65,000 hosts on each of 16,000 networks

· Class C - supports 254 hosts on each of 2 million networks

The number of unassigned Internet addresses is running out, so a new classless scheme

called CIDR is gradually replacing the system based on classes A, B, and C and is tied to adoption

of IPv6.

IP address classes

These IP addresses can further be broken down into classes. These classes are A, B, C, D, E and

their possible ranges can be seen in Figure 2 below.

Class Start address Finish address

A 0.0.0.0 126.255.255.255




B 128.0.0.0 191.255.255.255

C 192.0.0.0 223.255.255.255

D 224.0.0.0 239.255.255.255

E 240.0.0.0 255.255.255.255

Figure 2. IP address Classes

If you look at the table you may notice something strange. The range of IP address from Class A to

Class B skips the 127.0.0.0-127.255.255.255 range. That is because this range is reserved for the

special addresses called Loopback addresses that have already been discussed above.

The rest of classes are allocated to companies and organizations based upon the amount of IP

addresses that they may need. Listed below are descriptions of the IP classes and the organizations

that will typically receive that type of allocation.

Default Network: The special network 0.0.0.0 is generally used for routing.

Class A: From the table above you see that there are 126 class A networks. These networks consist

of 16,777,214 possible IP addresses that can be assigned to devices and computers. This type of

allocation is generally given to very large networks such as multi-national companies.

Loopback: This is the special 127.0.0.0 network that is reserved as a loopback to your own

computer. These addresses are used for testing and debugging of your programs or hardware.

Class B: This class consists of 16,384 individual networks, each allocation consisting of 65,534

possible IP addresses. These blocks are generally allocated to Internet Service Providers and large

networks, like a college or major hospital.

Class C: There is a total of 2,097,152 Class C networks available, with each network consisting of

255 individual IP addresses. This type of class is generally given to small to mid-sized companies.

Class D: The IP addresses in this class are reserved for a service called Multicast.

Class E: The IP addresses in this class are reserved for experimental use.

Broadcast: This is the special network of 255.255.255.255, and is used for broadcasting messages

to the entire network that your computer resides on.

Private Addresses

There are also blocks of IP addresses that are set aside for internal private use for computers not

directly connected to the Internet. These IP addresses are not supposed to be routed through the

Internet, and most service providers will block the attempt to do so. These IP addresses are used for

internal use by company or home networks that need to use TCP/IP but do not want to be directly

visible on the Internet. These IP ranges are:

Class Private Start Address Private End Address




A 10.0.0.0 10.255.255.255

B 172.16.0.0 172.31.255.255

C 192.168.0.0 192.168.255.255

If you are on a home/office private network and want to use TCP/IP, you should assign your

computers/devices IP addresses from one of these three ranges. That way your router/firewall would

be the only device with a true IP address which makes your network more secure.

Common Problems and Resolutions

The most common problem people have is by accident assigning an IP address to a device on your

network that is already assigned to another device. When this happens, the other computers will

not know which device should get the information, and you can experience erratic behavior. On

most operating systems and devices, if there are two devices on the local network that have the

same IP address, it will generally give you a "IP Conflict" warning. If you see this warning, that

means that the device giving the warning, detected another device on the network using the same

address. The best solution to avoid a problem like this is to use a service called DHCP that almost all

home routers provide. DHCP, or Dynamic Host Configuration Protocol, is a service that assigns

addresses to devices and computers. You tell the DHCP server what range of IP addresses you

would like it to assign, and then the DHCP server takes the responsibility of assigning those IP

addresses to the various devices and keeping track so those IP addresses are assigned only once.

Q.6 Define Cryptography. Discuss two cryptographic techniques.

Answer: Cryptography is the science of information security. The word is derived from the

Greekkryptos, meaning hidden. Cryptography is closely related to the disciplines

of cryptology andcryptanalysis. Cryptography includes techniques such as microdots, merging

words with images, and other ways to hide information in storage or transit. However, in today's

computer-centric world, cryptography is most often associated with scrambling plaintext(ordinary

text, sometimes referred to as cleartext) into ciphertext (a process calledencryption), then back

again (known as decryption). Individuals who practice this field are known as cryptographers.

Modern cryptography concerns itself with the following four objectives:

1) Confidentiality (the information cannot be understood by anyone for whom it was unintended)

2) Integrity (the information cannot be altered in storage or transit between sender and intended

receiver without the alteration being detected)

3) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her

intentions in the creation or transmission of the information)




4) Authentication (the sender and receiver can confirm each other?s identity and the

origin/destination of the information)

TYPES OF CRYPTOGRAPHIC ALGORITHMS

There are several ways of classifying cryptographic algorithms. The two types of algorithms that will

be discussed are:

Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption

Public Key Cryptography (PKC): Uses one key for encryption and another for decryption

Secret Key Cryptography

With secret key cryptography, a single key is used for both encryption and decryption. As shown in

Figure 1A, the sender uses the key (or some set of rules) to encrypt the plaintext and sends the

ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message

and recover the plaintext. Because a single key is used for both functions, secret key cryptography

is also called symmetric encryption. With this form of cryptography, it is obvious that the key must

be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with

this approach, of course, is the distribution of the key.

Secret key cryptography schemes are generally categorized as being either stream ciphers or block

ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and implement

some form of feedback mechanism so that the key is constantly changing. A block cipher is so-

called because the scheme encrypts one block of data at a time using the same key on each block.

In general, the same plaintext block will always encrypt to the same ciphertext when using the

same key in a block cipher whereas the same plaintext will encrypt to different ciphertext in a

stream cipher. Stream ciphers come in several flavors but two are worth mentioning here. Self-

synchronizing stream ciphers calculate each bit in the keystream as a function of the previous n bits

in the keystream. It is termed "self-synchronizing" because the decryption process can stay

synchronized with the encryption process merely by knowing how far into the n-bit keystream it is.

One problem is error propagation; a garbled bit in transmission will result in n garbled bits at the

receiving side. Synchronous stream ciphers generate the keystream in a fashion independent of the

message stream but by using the same keystream generation function at sender and receiver.

While stream ciphers do not propagate transmission errors, they are, by their nature, periodic so

that the keystream will eventually repeat.

Secret key cryptography algorithms that are in use today include:

Blowfish: A symmetric 64-bit block cipher invented by Bruce Schneier; optimized for 32-bit

processors with large data caches, it is significantly faster than DES on a Pentium/PowerPC-

class machine. Key lengths can vary from 32 to 448 bits in length. Blowfish, available freely

and intended as a substitute for DES or IDEA, is in use in over 80 products.




Twofish: A 128-bit block cipher using 128-, 192-, or 256-bit keys. Designed to be highly

secure and highly flexible, well-suited for large microprocessors, 8-bit smart card

microprocessors, and dedicated hardware. Designed by a team led by Bruce Schneier and

was one of the Round 2 algorithms in the AES process.

Public-Key Cryptography

Public-key cryptography has been said to be the most significant new development in cryptography

in the last 300-400 years. Modern PKC was first described publicly by Stanford University professor

Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key

crypto system in which two parties could engage in a secure communication over a non-secure

communications channel without having to share a secret key.

PKC depends upon the existence of so-called one-way functions, or mathematical functions that are

easy to computer whereas their inverse function is relatively difficult to compute. Let me give you

two simple examples:

Multiplication vs. factorization: Suppose I tell you that I have two numbers, 9 and 16, and

that I want to calculate the product; it should take almost no time to calculate the product,

144. Suppose instead that I tell you that I have a number, 144, and I need you tell me which

pair of integers I multiplied together to obtain that number. You will eventually come up with

the solution but whereas calculating the product took milliseconds, factoring will take longer

because you first need to find the 8 pairs of integer factors and then determine which one is

the correct pair.

Exponentiation vs. logarithms: Suppose I tell you that I want to take the number 3 to the 6th

power; again, it is easy to calculate 36=729. But if I tell you that I have the number 729 and

want you to tell me the two integers that I used, x and y so that logx 729 = y, it will take you

longer to find all possible solutions and select the pair that I used.

While the examples above are trivial, they do represent two of the functional pairs that are used

with PKC; namely, the ease of multiplication and exponentiation versus the relative difficulty of

factoring and calculating logarithms, respectively. The mathematical "trick" in PKC is to find a trap

door in the one-way function so that the inverse calculation becomes easy given knowledge of some

item of information. (The problem is further exacerbated because the algorithms don't use just any

old integers, but very large prime numbers.)

Generic PKC employs two keys that are mathematically related although knowledge of one key does

not allow someone to easily determine the other key. One key is used to encrypt the plaintext and

the other key is used to decrypt the ciphertext. The important point here is that it does not matter

which key is applied first, but that both keys are required for the process to work. Because a pair

of keys are required, this approach is also called asymmetric cryptography.

In PKC, one of the keys is designated the public key and may be advertised as widely as the owner

wants. The other key is designated the private keyand is never revealed to another party. It is

straight forward to send messages under this scheme. Suppose Alice wants to send Bob a message.




Alice encrypts some information using Bob's public key; Bob decrypts the ciphertext using his

private key. This method could be also used to prove who sent a message; Alice, for example, could

encrypt some plaintext with her private key; when Bob decrypts using Alice's public key, he knows

that Alice sent the message and Alice cannot deny having sent the message (non-repudiation).

Public-key cryptography algorithms that are in use today for key exchange or digital signatures

include:

Diffie-Hellman: After the RSA algorithm was published, Diffie and Hellman came up with their

own algorithm. D-H is used for secret-key key exchange only, and not for authentication or

digital signatures.

Digital Signature Algorithm (DSA): The algorithm specified in NIST's Digital Signature

Standard (DSS), provides digital signature capability for the authentication of messages.


MI0035-set-2

Documents

Transcript of MI0035-set-2