understanding networked applications: a first course final exam review by david g. messerschmitt

Understanding Networked Applications:A First Course

Final exam review

by

David G. Messerschmitt

Understanding Networked Applications A First Course2

Copyright notice

©Copyright David G. Messerschmitt, 2000. This material may be used, copied, and distributed freely for educational purposes as long as this copyright notice remains attached. It cannot be used for any commercial purpose without the written permission of the author.


Note on material coverage

• On topics assigned by reading but not covered in class, this review lists what I consider the most important concepts

• To limit the material you are responsible for, exam questions will be limited to these topics or things touched on

• Therefore you can safely focus your studying around the topics mentioned here and issues they touch on


Note

• This is a review of the material since the second midterm

• You are responsible for the entire course

• Please, therefore, see the midterm reviews as well


Major topics since midterm

• Privacy

• Industrial organization

• Distributed systems basics– protocols– locating things


Major topics (con’t)

• Communication services– message, queuing, multiplexing, reply,

conversation, streaming, broadcast– internet: IP, TCP, etc

• Trust– availability– security


Major topics (con’t)

• Networking– multiplexing, forwarding, routing, name

services, flow and congestion control– encapsulation, fragmentation, layering– internet: IP, TCP, UDP

• Communications– Bitrate and delay limited communication– Caching


Privacy

ByDavid G. Messerschmitt


The issue

• In the course of using a networked application, there is an opportunity to capture a user profile, including– Information provided by the user for legitimate

purposes (e.g credit card number)– Information not intended to be revealed by the user

(e.g. email message)– Information about the user’s activities

• These issues are aggravated within network applications


Anonymous identification

• Complete anonymity. No identify information (personal or anonymous) is available to applications or service providers. There is no feasible way to capture traces of user activity over time or across applications.

• Anonymous identification. While no personal identify information (like name, address, email address, etc.) is available, it can be inferred when the same user revisits an application or provider (using an anonymous identifier as in the deli example). Traces can be captured of a single user’s activity, but those traces cannot be matched to personal identity.

• Personal identification. Applications or providers are aware of (at least some) personal identity information. Often, even given incomplete information, it is possible to correlate across distinctive sets of personal information if there is some commonality (e.g. an email address).


User

Application Application Application…

User profile User profile User profile…

User profile

Capture

Aggregation


Some specific privacy policy issues

Disclosure Does the application abide by a comprehensive privacy policy, and is that policy disclosed to the user?

Anonymity Is the personal identity of the user known or included in the user profile?

Control Is the user allowed some degree of control over attributes of the policy, what information is collected, and how it is used?

Default If there are user-selected options, what is are the defaults if the user makes no explicit choice? Extreme cases are “opt in”, where no information is collected unless the user explicitly chooses, or “opt out”, where all information is collected unless the user explicitly says no.

Ownership Who owns and exercises control over information that is captured?

Sharing With who is a user’s personal information shared, and how may they disseminate it further?

Persistence Over what period of time is personal information captured, and how long is it retained?


Industrial Organization

ByDavid G. Messerschmitt

Understanding Networked Applications A First Course14Implementation Provisioning Operation

Implementation Provisioning Operation

Use

Application

Infrastructure

Analysis

Analysis

Value chain for software


Systemintegrator

Applicationsoftware supplier

Infrastructuresoftware supplier

Applicationservice provider

Infrastructureservice provider

End-userorganization

Business consultant

Industry consultant


From stovepipe to layering

Data Voice Video

All applications

Value-added services

Common services

Core technologies

Application-dependentinfrastructure

Application-independent


Applications

Integrative services

Generic services

Common representations

Processing Storage Connectivity

Application components


Diversity of applications

Application and technology- independent infrastructure

Technology specific infrastructure

Application-specific infrastructure

Structure of a layered industry


Distributed systems

by



Protocol

• Distributed algorithm realized by two or more modules to coordinate their actions or accomplish some shared task

• Module interoperability focuses on actions and protocols


Client Server

Time

sendreceive

request

response

subscribe

responses


Three ways of locating things

• Name

• Address

• Reference


Communication services

by



Example communication services

• Messages

• Queuing and multiplexing

• Message with reply

• Conversation

• Broadcast


Sender1

Recipient

Sender2

Mux&

queue

Multiplexing and queuing

Infrastructure

Recipient deals with one message at a time even if coming from many senders


Send/receive

Request/response

Queue

= Work on message or request

= Blocked waiting for response

Send/receive

Request/response

Message

waiting

Sender RecipientSender Recipient

Comparison


Audiocoder

Audiodecoder

Videocoder

Videodecoder

Streaming multimedia


Time

Accumulate audio in message

Send message

Receive message

Playback audio in message

Delay

A session supports streaming multimedia


Security

by



Availability

• Application up and running correctly– increasingly 24x7

• Expressed as expected downtime per unit time• Some types of downtime:

– Off-line upgrade and maintenance

– Software crashes

– Equipment failure

– Successful denial-of-service attack


Encryption

Encrypt Decrypt

Ciphertext

Encryption key Decryption key

Plaintextmessage

Plaintextmessage


Information

Data

Block: plaintext

Encrypt Decrypt

Information

Data

Block: plaintext

Representation by data (defined by

application)

Fragmentation AssemblyInterpretationassumed by

encryption algorithm

Ciphertext

Encryption obscures data representation


Brute force approach: block substitution table

Plaintext (n bits)

0000000000000

0000000000001

0000000000010

….

1111111111111

Ciphertext (n bits)

0100001011001

0111010011000

1000101101011

….

1110100000110


f

f

f

f

...

32 bits 32 bits

32 bits 32 bits

Bit-by bitaddition (base-two)

16 rounds

k15

k16

k2

k1

Plaintext block

Ciphertext block

Confusion

Diffusion

DES symmetric algorithm

•64 bit plaintext

•56 bit key


0

n-1

P = plaintext

C = ciphertext

Encrypt

Decrypt

RSA asymmetric algorithm

C = Ps mod nP = Ct mod nt cannot becomputed from(n,s) in reasonabletime


Alice writes message on paper in permanent ink

Alice addsher signature

Alice seals messagein envelope

Only Bob breaks sealand opens envelope

Bob verifiesAlice’ssignature

Post officephysicalsecurity

Alice requestsreturn acknowledgementfrom Bob


Encryption Decryption

Plaintext

P

Originalplaintext

P

Ciphertext

C

SK SK

Encryption DecryptionP

PC

BPK BSK

Secret key

Public key

Secret key

Secret key

Message sentby Alice

Messagereceived byBob

Or

Confidentiality


k

Alice (being authenticated)

Decryption Encryption

APK ASK

Response

Bob

Compare

Challenge-responseprotocol

Randominteger Challenge


Encryption DecryptionPS

ASK APK

Signature

(Alice) sender Bob (recipient)

Plaintext

Compare

Secret key Public key

Digital signature

Verified by a signature authority


Bob Alice

CA

Alice convinces CA of her identity

Alice provides Bob with a replica of her digitalcertificate, which provides and certifies Alice’s public key

CA givesdigital certificateand secret keyto Alice Bob verifies CA

signature using CA’s public key

Digital certificate protocol


Certificateauthority

Bank’s certificateissued by CA

Merchant’s certificateissued by bank

Verifysignature

Authority’sknownpublic key

Bank’spublickey

Verifysignature

Merchant’spublickey

Chain of trust (e-commerce example)


Secure socket layer

• Illustrated as an example of– Authentication (PKI)– Confidentiality (symmetric encryption with

secret session key)

• Shortcomings– No authentication of client– No client digital signatures


Performance

By



Performance measures

• Delay– How long does it take things to happen?

• Capacity and throughput– How many things can happen (per unit time)?– Utilization

• Tradeoff– Increasing throughput through utilization is

cost effective but degrades delay


Wherefrom congestion?

time(50% utilization, regular arrivals, no backlog)

time(50% utilization, irregular arrivals, inevitable backlog)

• Increased delay from congestion is due to irregular arrivals causing system resources to be temporarily oversubscribed• Actual delay depends on arrival statistics


Networking

by



Impact of network on applications

• Communication service provided the application– what does application have to do for itself?

• Impact on application performance– message (packet) latency– message (packet) loss– message (packet) corruption


Internetworking (IP)

Subnetworks

Datagram (UDP) Bytestream session (TCP)

Remote method invocation (RMI)

Application

Middleware

OS

Network

Partial internet protocol architecture


Packet switch

Addr OutLink

Output link

Routing table

Packet

Packet forwarding

...

...


Producer Consumer

Queue

Streamof messages

Flow control

Flow control

Normally the producer determines what information is sent, but consumer has to have a way to slow down producer


Carriedtraffic

Offeredtraffic

Network “capacity”

Increasing portion ofnetwork traffic is resentpackets

Socialoptimum

Congestion instability


Key ideas

• Packet encapsulation: one packet can be encapsulated in another

• Packet fragmentation: one packet can be split into two or more packets and encapsulated

• Protocol layering: one service can be layered on another by fragmentation and encapsulation


Layer n+1 Layer n+1

Layer n Layer n

Layer n+1 protocol header

Layer nprotocol header

Encapsulated layer n+1packet, including header

Peer-to-peer communication


DestinationSource DestinationSource

ACK

ACK

ACK

ACK

ACK

TaskConcurrenttasks forhigherthroughput

Packets canbe reorderedusing sequencenumber


Gateway

Public telephone network

Internet

IP telephone

Plain oldtelephone

Voice over IP


Communications

by



Conveyer belt

Bits waitingto be sent

Bits thathave alreadybeen received

Conveyer belt analogy

= “0”

= “1”

Constant speed


Bottlenecks and workarounds

• Compare message size to delay-throughput product (number of bits on conveyer)

• Bitrate limited– compression

• Delay limited– caching


Remote databeing accessed

Local cache

Communicationbottleneck

Futurereferences(wherepossible)

Caching

Predictive caching becomes very important in the delay-limited regime

understanding networked applications: a first course final exam review by david g. messerschmitt

Documents

network applications

course privacy

information personal

entire course

messerschmitt slide

personal identity information

course final exam review

incomplete information