1 final review ee 122: intro to communication networks fall 2010 (mw 4-5:30 in 101 barker) scott...
TRANSCRIPT
1
Final Review
EE 122: Intro to Communication Networks
Fall 2010 (MW 4-5:30 in 101 Barker)
Scott Shenker
TAs: Sameer Agarwal, Sara Alspaugh, Igor Ganichev, Prayag Narula
http://inst.eecs.berkeley.edu/~ee122/
Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxsonand other colleagues at Princeton and UC Berkeley
Announcements
• Ground Rules for Final– Closed book, with single 8.5x11 (both sides) crib sheet– Accommodations? Email me….
• Exam covers entire semester– Roughly 30% before midterm, 70% after midterm
• This review only covers post-midterm material– See midterm review for earlier material
• Everything in review slides is fair game– But so is everything else except material from
o Designing in 90 minuteso Advanced routing (except what’s in final review)o P2P (except what’s in final review) 2
Office Hours
• Email me in advance– I can be available on M, W, or Th.
• Sections this week and next– Possible schedule changes
• TAs will announce expanded office hours
3
This Review
• 106 slides!
• I won’t try to get through all of them
• But should serve as a useful study guide– Along with midterm review
• Evaluations at end of class…..
4
DHCP and ARP
5
6
What Does a Host Need to Know?
• What IP address the host should use?
• What local DNS server to use?
• How to tell which destinations are local?
• How do we address them using local network?
• How to send packets to remote destinations?
host host DNS... host host DNS...
router router
1.2.3.0/23 5.6.7.0/24
1.2.3.7 1.2.3.156???
1.2.3.19
router
7
Avoiding Manual Configuration
• L3: Dynamic Host Configuration Protocol (DHCP)– End host learns how to send packets– Learn IP address, DNS servers, “gateway”, what’s local
• L2: Address Resolution Protocol (ARP)– For local destinations, learn mapping between IP
address and MAC address
host host DNS... host host DNS...
router router
1.2.3.0/23255.255.254.0
5.6.7.0/24
1.2.3.7 1.2.3.1561.2.3.48
1.2.3.19
router
1A-2F-BB-76-09-AD
8
Address Resolution Protocol
• Every node maintains an ARP table– <IP address, MAC address> pair
• Consult the table when sending a packet– Map destination IP address to destination MAC address– Encapsulate and transmit the data packet
• But: what if IP address not in the table?– Sender broadcasts: “Who has IP address 1.2.3.156?”– Receiver responds: “MAC address 58-23-D7-FA-20-B0”– Sender caches result in its ARP table
• Link-layer protocol (RFC 826)– Because necessary to bootstrap IP connectivity
9
Bootstrapping Problem
• Host doesn’t have an IP address yet– So, host doesn’t know what source address to use
• Host doesn’t know who to ask for an IP address– So, host doesn’t know what destination address to use
• Solution: IP-level discovery protocol to find server– Broadcast a server-discovery message (255.255.255.255)
– Server(s) sends a reply offering an address
host host host...
DHCP server
10
Dynamic Host Configuration Protocol
arrivingclient
DHCP server203.1.2.5
DHCP discover(broadcast)
DHCP offer
DHCP request
DHCP ACK
(broadcast)
Why all the broadcasts?
(broadcast)
(broadcast)
Where to send packets
• Determine if destination is local using the netmask– If netmask of destination address is same as netmask of
source, then destination is local
• If destination is on the local network– Need to find out its MAC address using ARP
• If destination is not local (“remote”)– Need to send to gateway router (as specified by DHCP)– Use ARP to determine MAC address of gateway router
11
Network Control Messages(and how to use them for discovery)
12
13
Internet Control Message Protocol
• ICMP runs on top of IP– Same level as TCP and UDP– Though viewed as an integral part of IP (not transport)
• Diagnostics (network “print” statement)– Triggered when an IP packet encounters a problem
• ICMP packet sent back to the source IP address– Includes the error information (e.g., type and code)– IP header plus 8+ byte excerpt from original packet
• Source host receives the ICMP packet– Inspects excerpt to identify socket
• Exception: ICMP not sent if problem is ICMP– And just for fragment 0 of a group of fragments
14
Types of Control Messages
• Need Fragmentation– IP packet too large for link layer, DF set
• TTL Expired– Decremented at each hop; generated if 0
• Unreachable– Subtypes: network / host / port
• Source Quench– Old-style signal asking sender to slow down
• Redirect– Tells source to use a different local router
15
Discovering Network Path Properties
• ICMP provides way for routers to talk to end hosts
• Can be used in clever ways to probe the network to discover things about its internals:–PMTU Discovery:
o What is largest packet that can be sent completely through the network w/o needing fragmentation?
–Traceroute:o What is the series of routers that a packet traverses
as it travels through the network?
16
Path MTU Discovery
• MTU = Maximum Transmission Unit– Largest IP packet that a link supports
• Path MTU (PMTU) = minimum end-to-end MTU– Sender must keep datagrams no larger to avoid
fragmentation
• How does the sender know the PMTU is?
• Strategy (RFC 1191):– Try a desired value– Set DF to prevent fragmentation– Upon receiving Need Fragmentation ICMP …
o … oops, that didn’t work, try a smaller value
17
Discovering Routing via Time Exceeded
host DNS... host host DNS...
router routerrouter
host
1.2.3.7
8.9.10.11
5.6.7.156
• Host sends an IP packet– Each router decrements the time-to-live field
• If TTL reaches 0– Router sends Time Exceeded ICMP back to the source– Message identifies router sending it
o Since ICMP is sent using IP, it’s just the IP source address
Time exceeded
18
Traceroute: Exploiting Time Exceeded
• Time-To-Live field in IP packet header– Source sends a packet with TTL ranging from 1 to n– Each router along the path decrements the TTL– “TTL exceeded” sent when TTL reaches 0
• Traceroute tool exploits this TTL behavior
source destination
TTL=1
Time exceeded
TTL=2
Send packets with TTL=1, 2, … and record source of Time Exceeded message
Routing
19
20
Three levels in routing hierarchy
• Networks: reaches individual hosts– Link-layer routing (self-learning)
• Intradomain: routes between networks– Lowest-cost routing (link-state, distance-vector)
• Interdomain: routes between ASes– BGP (path vector)
Lowest Cost Routing
21
22
Link State: Control Traffic
• Each node floods its local information• Each node then knows the entire network topology
Host A
Host BHost E
Host D
Host C
N1 N2
N3
N4
N5
N7N6
23
Local Computation of Routes
Host A
Host BHost E
Host D
Host C
N1 N2
N3
N4
N5
N7N6
A
BE
DC
A
BE
DC A
BE
DC
A
BE
DC
A
BE
DC
A
BE
DC
A
BE
DC
Each node independently calculates shortest paths(using Dijkstra’s algorithm)
24
Distance Vector Routing
• Each router knows the links to its neighbors– Does not flood this information to the whole network
• Each router has provisional “shortest path”– E.g.: Router A: “I can get to router B with cost 11 via
next hop router D”
• Routers exchange this information with their neighboring routers– Again, no flooding the whole network
• Routers update their idea of the best path using info from neighbors
• This iterative process converges with set of shortest paths
25
Bellman-Ford Algorithm
• INPUT:–Link costs to each neighbor–Not full topology
• OUTPUT:–Next hop to each destination and the
corresponding cost–Does not give the complete path to the
destination
Bellman-Ford – Overview
• Each router maintains a table– Row for each possible destination– Column for each directly-attached
neighbor to node– Entry in row Y and column Z of node X
best known distance from X to Y, via
Z as next hop = DZ(X,Y)
A C12
7
B D3
1
B C
B 2 8
C 3 7
D 4 8
Node A
Neighbor (next-hop)
Destinations DC(A, D)
Bellman-Ford
• Know the Bellman-Ford algorithm, count-to-infinity, and poisoned reverse….
• No need to know Dijkstra’s Algorithm
27
Interdomain Routing
28
BGP Basics
• If domains A and B have an interdomain link:– Their border routers announce routes to each other
o One route for each reachable prefix
– Routes announced whenever changed or withdrawno Route withdrawn when domain no longer offering path to prefixo It usually has a path itself, but is choosing to not export that path
• Policies:– Import policy: which routes the domain will use
o Chooses among routes advertised by neighbors
– Export policy: which routes the domain lets other useo Purely a filtering policy
• Route computation: path vector– Loop detection, which enables flexible policies 29
30
Joining BGP and IGP Information
• Border Gateway Protocol (BGP)–Announces reachability to external destinations–Maps a destination prefix to an egress point
o 128.112.0.0/16 reached via 192.0.2.1
• Interior Gateway Protocol (IGP)–Used to compute paths within the AS–Maps an egress point to an outgoing link
o 192.0.2.1 reached via 10.1.1.1
192.0.2.1
10.1.1.1
31
IGP, eBGP, iBGP,….
Border routerInternal router
1. Provide internal reachability (IGP)2. Learn routes to external destinations (eBGP)3. Distribute externally learned routes internally (iBGP)4. Select closest egress (IGP)
62
4 9 2
13
3
Routing Follows the Money!
• Peers provide transit between their customers
• Peers do not provide transit to each other32
traffic allowed traffic not allowed
33
Examples of Standard Policies
• Transit network:– Selection: prefer customer to peer to provider– Export:
o Let customers use any of your routeso Let anyone route through you to your customero Block everything else
• Multihomed (nontransit) network:– Export: Don’t export routes for other domains– Selection: pick primary over backup
35
Advanced Routing
Basic Routing Techniques
• Self-learning
• Link-state
• Distance-vector
• Path-vector
36
Self-Learning
• Requirements:– Plug-and-play (no management needed)– Flat address space
• Forwarding rules:– Watch which port MAC addresses come from– When in doubt, flood to all other ports
• Spanning tree needed for flooding– Does not use shortest data paths– Network unusable while spanning tree recomputed
37
Intradomain (L3)
• Link-state:– Global state, local computation– Flood local topology information– Each router computes shortest paths on graph– Requires routers to have globally consistent state
• Distance-vector:– Local state, global computation– Routers participate in distributed computation– Exchange current views on “shortest paths”– Hard to prevent loops while responding to failures
o E.g., count-to-infinity38
Interdomain: Path-vector
• Path-vector enables:– General policy autonomy for import and export– Easy detection of loops (which allows policy freedom!)
• Disadvantages of path-vector– High churn rate (many updates)– Convergence after failure can be slow– Policy oscillations possible
o Even limited degrees of autonomy can result in policy oscillations
39
Three Routing Challenges
• Resilience– Slow convergence after failures, worse as networks grow– Network not reliable during convergence– Most important barrier to a more reliable Internet
o Goal is 99.999% availability, now 99.9% at besto Gaming, media, VoIP, finance (trading) make this more important
• Traffic engineering– Current traffic engineering mechanisms cumbersome– Must find more adaptive methods
• Policy oscillations in interdomain routing40
Meeting These Challenges
• Augmenting all approaches with multipath– Routing computes more than one path– Allows hosts to use alternate paths when failure occurs
• Augmenting LS with Failure-Carrying Packets– No packet drops during convergence– Requires change to packet header
• Augmenting DV with Routing Along DAGs– Local adaptation prevents packet drops, spreads load– No need for header changes, applies to L2 and L3
• Augmenting PV with Policy Dispute Resolution– Only invoked when oscillation is in progress
41
42
Multicast
43
IP Multicast Service Model
• Receivers join multicast group identified by a multicast address G
• Sender(s) send data to address G
• Network routes data to each of the receivers
• Two common approaches: DVMRP and CBT
• Note: multicast is both a delivery and a rendezvous mechanism– Senders don’t know list of receivers– For many purposes, the latter is more important than the former
R0 joins GR1
joins G
Rn joins G
S
R0
R1
.
.
.
[G, data]
[G, data][G, data]
[G, data]
Rn
Net
DVMRP Basics
• Starts by broadcasting along reverse path tree– Tree formed by paths from all nodes to source– First packet in transmission is broadcast!
• Prune tree, to avoid sending wasted messages– Leaf networks start by issuing NMR
o Non-Membership Report
– If all of a router’s children send NMRs, and it has no local members, then it sends an NMR to its parent
• This builds source-specific trees:– Packets from source S to group member m follow same
path that packets from m take to reach S (in reverse)
44
Constructing Source-Specific Tree
• Individual paths from members to source
• Union of these paths form tree
• Data packets sent in opposite direction down tree45
source
M1
M2 M3
CBT Basics
• Picks core (root, center, whatever) for each group
• Member sends join message towards core
• This builds a shared spanning tree– Later joins are “grafted” onto existing tree
• Packets are delivered over this tree using standard flooding over spanning tree– Send out on all but incoming interface
• No need for initial packets to be broadcast– Only go to current members– But need to identify center (where should it be?) 46
47
Building and Using Shared Tree
• Group members send joins to core– Joins are grafted on to tree
• M1 sends data to group core
M1
M2 M3
control (join) messagesdata
48
Packet Scheduling
49
Packet Scheduling: FIFO
• What if scheduler uses one first-in first-out queue?– Simple to implement– But everyone gets the same service
• Example: two kinds of traffic– Video conferencing needs high bandwidth and low delay
o E.g., 1 Mbps and 100 msec delay
– E-mail transfers not very sensitive to delay
• Cannot admit much e-mail traffic– Since it will interfere with the video conference traffic
50
Packet Scheduling: Strict Priority
• Strict priority– Multiple levels of priority– Always transmit high-priority traffic, when present– .. and force the lower priority traffic to wait
• Isolation for the high-priority traffic– Almost like it has a dedicated link– Except for the (small) delay for packet transmission
o High-priority packet arrives during transmission of low-priorityo Router completes sending the low-priority traffic first
51
Scheduling: Weighted Fairness
• Limitations of strict priority– Lower priority queues may starve for long periods– … even if the high-priority traffic can afford to wait– Traffic still competes inside each priority queue
• Weighted fair scheduling– Assign each queue a fraction of the link bandwidth– Rotate across the queues on a small time scale– Send extra traffic from one queue if others are idle
50% red, 25% blue, 25% green
Max-Min Fairness
• Given a set of bandwidth demands ri and a total bandwidth C, the max-min bandwidth allocations are:
ai = min(f, ri)
• where f is the unique value such that Sum(ai) = C
• Property:– If you don’t get full demand, no one gets more than you
• Max-min name comes from multi-good version52
Why Should Routers Impose Fairness?
• Keep flows isolated
• No need for global congestion control standard
• …..
53
54
Quality of Service
55
Comparison to Best-Effort & Intserv
Best-Effort Diffserv Intserv
Service Connectivity
No isolation
No guarantees
Per aggregate isolation
Per aggregate guarantee
Per flow isolation
Per flow guarantee
Service scope
End-to-end Domain End-to-end
Complexity No setup Long term setup Per flow steup
Scalability Highly scalable (nodes maintain only routing state)
Scalable
(edge routers maintain per aggregate state; core routers per class state)
Not very scalable (each router maintains per flow state, unless aggregation techniques are used)
56
TCP
57
TCP Service Model• Reliable, in-order, duplex byte-stream delivery
– Hopefully with good performance
• Challenges - the network can– drop packets
o Even perhaps a large number– delay packets
o Even perhaps for many seconds– deliver packets out-of-order
o Follows from possibility of arbitrary delay– replicate packets
o Weird, but it does sometimes happen– corrupt packets
58
Timing Diagram: 3-Way Handshaking
Client (initiator)
Server
SYN, SeqNum = x
SYN + ACK, SeqNum = y, Ack = x + 1
ACK, Ack = y + 1
ActiveOpen
PassiveOpen
connect()
listen()
accept()
59
Normal Termination, Both Together
SYN
SYN
AC
K
AC
KD
ata
FIN
FIN + A
CK
AC
K
timeA
B
AC
K
Connectionnow closed
Timeout:Avoid reincarnation
Can retransmitFIN ACK if ACK lost
60
Abrupt Termination
• A sends a RESET (RST) to B– E.g., because app. process on A crashed
• That’s it– B does not ack the RST– Thus, RST is not delivered reliably– And: any data in flight is lost– But: if B sends anything more, will elicit another RST
SYN
SYN
AC
K
AC
KD
ata
RST
AC
K
timeA
B
Data R
ST
61
TCP Support for Reliable Delivery
• Checksum– Used to detect corrupted data at the receiver– …leading the receiver to drop the packet
• Sequence numbers– Used to detect missing data– ... and for putting the data back in order
• Retransmission– Sender retransmits lost or corrupted data– Timeout based on estimates of round-trip time– Fast retransmit algorithm for rapid retransmission
62
ACKing and Sequence Numbers
• Sender sends packet – Data starts with sequence number X– Packet contains B bytes
o X, X+1, X+2, ….X+B-1
• Upon receipt of packet, receiver sends an ACK– If all data prior to X already received:
o ACK acknowledges X+B (because that is next expected byte)– If highest byte already received is some smaller value Y
o ACK acknowledges Y+1o Even if this has been ACKed before
63
Flow Control
• Advertised Window: W– Can send W bytes beyond the next expected byte
• Receiver uses W to prevent sender from overflowing buffer
64
Reliability: TCP Retransmission
65
Reasons for Retransmission
Packet
ACK
Tim
eou
t
Packet
ACK
Tim
eou
t
Packet
Tim
eou
t
Packet
ACK
Tim
eou
t
Packet
ACK
Tim
eou
tPacket
ACK
Tim
eou
t
ACK lostDUPLICATE
PACKET
Packet lost Early timeoutDUPLICATEPACKETS
66
How Long Should Sender Wait?
• Sender sets a timeout to wait for an ACK– Too short: wasted retransmissions– Too long: excessive delays when packet lost
• RTO = EstimatedRTT + 4 x EstimatedDeviation
• Estimated RTT: exponential average of RTT– Only sample packets that are not retransmitted
• Deviation = | SampleRTT – EstimatedRTT |
• EstimatedDeviation: exp. average of Deviation
67
Alternative to Timeouts
• Triple duplicate ACK (“three dups”)– Packet n is lost, but packets n+1, n+2, …, arrive
• On each arrival of a packet not in sequence, receiver generates an ACK– So as n+1, n+2, … arrive, receiver generates repeated
ACKs for seq.no. n– “duplicate” acknowledgments since they all look the
same– Sender sees 3 of these (four ACKs in total) and
immediately retransmits packet n (and only n)
• Termed Fast Retransmission
68
Congestion Control Overview
69
Basics of TCP Congestion Control
• Each source determines the available capacity– … so it knows how many packets to have in flight
• Congestion window (CWND)– Maximum # of unacknowledged bytes to have in flight– Congestion-control equivalent of receiver window– MaxWindow = min{congestion window, receiver window}– Send at the rate of the slowest component
• Adapting the congestion window– Decrease upon detecting congestion– Increase upon lack of congestion: optimistic exploration
• Packet losses used as sign of congestion
Summary of Increase
• “Slow-start”: increase cwnd by MSS for each ack
• Leave slow-start regime when either:– cwnd > SSThresh– Packet drop
• Enter AIMD regime– Increase by MSS for each window’s worth of acked data– Increment per ACK:
CWND += MSS * (MSS / CWND)
70
71
Summary of Decrease
• Cut CWND half on loss detected by NACK – “fast retransmit”
• Cut CWND all the way to 1 MSS on timeout– Set ssthresh to cwnd/2
• Never drop CWND below 1 MSS
72
TCP Dynamics
t
Window
Slow-start restart: Go back to CWND of 1 MSS, but take advantage of knowing the previous value of CWND.
Slow start in operation until it reaches half of previous CWND, I.e.,
SSTHRESH
TimeoutFast
Retransmission
SSThreshSet to Here
Additional Congestion Control Topics
• Equation-based congestion control– rate ~ MSS/[RTT*sqrt(loss rate)] (know this equation)
• Extending TCP to higher speeds– Change CWND adjustment at higher speeds
• Signaling congestion without packet drops– Explicit congestion notification (ECN)
73
74
Peer-to-Peer
P2P Basics
• Design paradigm: No central control
• Economic model: leverage user nodes
75
P2P Tasks
• Search: general keyword/wildcard search– Controlled flooding
• Lookup: given name, get IP address of location– DHT or similar structure
• Download:– Chunking is used because of asymmetric bandwidth– Self-scaling depends on an incentive mechanism
o Prevent free-riders
76
77
Wireless Networks
78
• A and C can both send to B but can’t hear each other– A is a hidden terminal for C and vice versa
• Carrier Sense will be ineffective – need to sense at receiver
Hidden Terminals
A B C
transmit range
Key Points
• No concept of a global collision– Different receivers hear different signals– Different senders reach different receivers
• Collisions are at receiver, not sender– Only care if receiver can hear the sender clearly– It does not matter if sender can hear someone else– As long as that signal does not interfere with receiver
• Goal of protocol:– Detect if receiver can hear sender– Tell senders who might interfere with receiver to shut up79
Basic Collision Avoidance
• Since can’t detect collisions, we try to avoid them
• Carrier sense:– When medium busy, choose random interval– Wait that many idle timeslots to pass before sending
• When a collision is inferred, retransmit with binary exponential backoff (like Ethernet) – Use ACK from receiver to infer “no collision”– Use exponential backoff to adapt contention window
80
81
MA with Collision Avoidance (MACA)
• Before every data transmission – Sender sends a Request to Send (RTS) frame containing the length
of the transmission– Receiver respond with a Clear to Send (CTS) frame– Sender sends data– Receiver sends an ACK; now another sender can send data
• When sender doesn’t get a CTS back, it assumes collision
sender receiverother node in sender’s range
RTS
ACK
dataCTS
82
MACA, con’t
• If other nodes hear RTS, but not CTS: send– Presumably, destination for first sender is out of
node’s range …
senderreceiver other node in
sender’s rangeRTS
dataCTS
data
83
MACA, con’t
• If other nodes hear RTS, but not CTS: send– Presumably, destination for first sender is out of node’s range
…– … Can cause problems when a CTS is lost
• When you hear a CTS, you keep quiet until scheduled transmission is over (hear ACK)
sender receiverother node in sender’s range
RTS
ACK
dataCTS
Summary
• Wireless is a tricky beast– Distributed multiple access problem– Hidden terminals– Exposed terminals– Current protocols sufficient, given overprovisioning
• Multihop even more complicated
84
85
Security
Basic Requirements for Secure Communication
• Availability: Will the network deliver data?– Infrastructure compromise, DDoS
• Authentication: Who is this actor?– Spoofing, phishing
• Integrity: Do messages arrive in original form?
• Confidentiality: Can adversary read the data?– Sniffing, man-in-the-middle
• Provenance: Who is responsible for this data?– Forging responses, denying responsibility– Not who sent the data, but who created it
86
87
Basic Forms of Cryptography
88
Symmetric Key Encryption
• Same key for encryption and decryption– Both sender and receiver know key– But adversary does not know key
• For communication, problem is key distribution– How do the parties (secretly) agree on the key?
• What can you do with a huge key? One-time pad– Huge key of random bits
• To encrypt/decrypt: just XOR with the key!– Provably secure! …. provided:
o You never reuse the key…and it really is random/unpredictable– Spies actually use these
89
Asymmetric Encryption (Public Key)
• Idea: use two different keys, one to encrypt (e) and one to decrypt (d)– A key pair
• Crucial property: knowing e does not give away d
• Therefore e can be public: everyone knows it!
• If Alice wants to send to Bob, she fetches Bob’s public key (say from Bob’s home page) and encrypts with it– Alice can’t decrypt what she’s sending to Bob …– … but then, neither can anyone else (except Bob)
90
Public Key / Asymmetric Encryption
• Sender uses receiver’s public key– Advertised to everyone
• Receiver uses complementary private key– Must be kept secret
InternetEncrypt withpublic key
Decrypt withprivate key
Plaintext Plaintext
Ciphertext
91
Works in Reverse Direction Too!
• Sender uses his own private key
• Receiver uses complementary public key
• Allows sender to prove he knows private key
InternetDecrypt withpublic key
Encrypt withprivate key
Plaintext Plaintext
Ciphertext
92
Realizing Public Key Cryptography
• Invented in the 1970s– Revolutionized cryptography– (Was actually invented earlier by British intelligence)
• How can we construct an encryption/decryption algorithm with public/private properties?
– Answer: Number Theory
• Most fully developed approach: RSA– Rivest / Shamir / Adleman, 1977; RFC 3447– Based on modular multiplication of very large integers– Very widely used (e.g., SSL/TLS for https)
93
Cryptographic Toolkit
94
Public Key Authentication
• Each side need only to know the other side’s public key
– No secret key need be shared
• A encrypts a nonce (random number) x using B’s public key
• B proves it can recover x
• A can authenticate itself to B in the same way
E(x, PublicB)
x
A B
95
Digital Signatures
• Suppose Alice has published public key KE
• If she wishes to prove who she is, she can send a message x encrypted with her private key KD
–Therefore: anyone w/ public key KE can recover x, verify that Alice must have sent the message
–It provides a digital signature–Alice can’t deny later deny it non-repudiation
96
RSA Crypto & Signatures, con’t
Cryptographic Toolkit
• Confidentiality: Encryption
• Integrity: Cryptographic Hash
• Authentication: Decrypting nonce
• Provenance: Digital Signatures
97
98
PKIs and HTTPS
Digital Certificate
• Signed data structure that binds an entity with its corresponding public key– Signed by a recognized and trusted authority, i.e.,
Certification Authority (CA) – Provide assurance that a particular public key
belongs to a specific entity
• Example: certificate of entity Y Cert = E({nameY, KYpublic}, KCAprivate)– KCAprivate: private key of Certificate Authority– nameY: name of entity Y– KYpublic: public key of entity Y
o In fact, they may sign whatever glob of bits you give them
• Your browser has a bunch of CAs wired into it
100
HTTPS Connection (SSL/TLS)
• Browser (client) connects via TCP to Amazon’s HTTPS server
• Client sends over list of crypto protocols it supports
• Server picks protocols to use for this session
• Server sends over its certificate
• (all of this is in the clear)
SYN
SYN ACK
ACK
Browser Amazon
Hello. I support(TLS+RSA+AES128+SHA1) or
(SSL+RSA+3DES+MD5) or …
Let’s use
TLS+RSA+AES128+SHA1
Here’s my cert
~1 KB of d
ata
101
Inside the Server’s Certificate
• Name associated with cert (e.g., Amazon)
• Amazon’s public key
• A bunch of auxiliary info (physical address, type of cert, expiration time)
• URL to revocation center to check for revoked keys
• Name of certificate’s signatory (who signed it)
• A public-key signature of a hash (MD5) of all this– Constructed using the signatory’s private RSA key
102
HTTPS Connection (SSL/TLS), con’t
• Browser constructs a random session key K
• Browser encrypts K using Amazon’s public key
• Browser sends E(K, KApublic) to server
• Browser displays
• All subsequent communication encrypted w/ symmetric cipher using key K– E.g., client can authenticate using
a password
Browser Amazon
Here’s my cert
~1 KB of d
ata
E(K, KApublic)
K
K
E(password …, K)
E(response …, K)
Agreed
103
Worms: Exponentially Fast …. and Big
• Code Red 1 (2001)• 369K hosts in 10 hours
• Blaster (2003)• 9M hosts in 9 days• 25M hosts total
• Slammer (2003)• 75K hosts …• … in < 10 minutes• Peak scanning rate:
• 55M addresses/sec• Limited by Internet’s capacity
• Theoretical worms• 1M hosts in 1.3 sec (2004)• $50B+ damage (2004)
104
Automated Compromise: Bots
• Big worms are flashy but rare …
• … With the commercialization of malware, the tool of choice has shifted to the less noisy, more directly controlled botnets
• When host is (automatically) compromised, don’t continue propagation• Instead install a command and control platform (a bot)
• Now can monetize malware: sell access to bots• Spamming, phishing web sites, flooding attacks• “Crook’s Google Desktop”: sell capability of searching
the contents of 100,000s of hosts
• (Note: we still worry about worms for cyberwarfare)
105
Distributed Denial-of-Service (DDoS)
Master
Slave 1
Slave 3
Slave 4
Slave 2
Victim
Control traffic directs slaves at victim
src = randomdst = victim
Slaves send streams of traffic (perhaps spoofed) to victim
106
Diffuse DDoS: Reflector Attack
Master
Slave 1
Slave 3
Slave 4
Slave 2
Victim
Control traffic directs slaves at victim & reflectors
Request: src = victim dst = reflector
Reflectors send streams of non-spoofed but unsolicited traffic to victim
Reflector 1
Reflector 9
Reflector 4
Reflector 2
Reflector 3
Reflector 5
Reflector 6
Reflector 7
Reflector 11Reflector 8
Reflector 10
Reply: src = reflector dst = victim
Thank you…..
Good luck on the final (and project and homework and your other finals…..)
107