Saturday, May 8, 2010
Lecture #23: Cryptography
Symmetric key crytography uses ciphers to encrypt/decrypt messages. It requires both parties to use a common key. Therefore, the issue arrises of how to share the common key between the parties.
Public key encryption uses two keys: a public key which is publically available, and a private key, which is used to decrypt messages encoded using the public key. It is nearly impossible to determine the private key for any given public key. Because public key encryption is more computationally expensive, two parties will often exchange a symmetric key using public key encryption, and then continue to use symmetric key cryptography for the remainder of the secure session.
Wednesday, May 5, 2010
Lecture 24: Secure Communications
Sunday, May 2, 2010
Lecture 22: Network Security
Wednesday, April 28, 2010
Overview Session
The session is mainly to help review material and attendance is optional.
Friday, April 16, 2010
“Survivable Routing in Multi-hop Wireless Networks” by Dr. Srikanth Krishnamurthy
Even though there is much research and work done with wireless multi-hop networks there are still many issues remaining. The issues are routing quality, reliability and security.
Dr. Krishnamurthy talked about ETX(Expected transmission count) routing metric. This is used to measure the quality of a path between two nodes in a wireless packet network. Facts that need to be considered when looking at this are order matters and the security. This metric does not take into account switching link positions would equals different costs. And it also doesn’t account for a finite number of retransmissions where a packet is dropped changes costs. These all degrade the reliability and quality of the transmission. ETX was designed to improve transmission but it does not cover security.
Dr. Krishnamurthy introduced ETOP. This takes into account all the issues that ETX does not cover; node order, dropped packets and security. The estimated cost of n-hop path is expected to be the number of transmissions plus the retransmissions required to deliver a packet over that particular path. Performance results give a 65% improvement over ETX routing for paths that are separated by 3 or more hops. TCP behavior with ETOP gives higher reliability with ETOP allowing TCP to be more aggressive and ramp up its congestion window. TCP transmission time improves.
But there are security issues that need to be address with ETOP. Dr. Krishnamurthy addresses the issues of vulnerable attacks on the system paths. Some solutions would be when sending out probes that each carry a message. Then the reply to the probes would not only be the probe number but the message value. Another is to respond on only certain channels in the system. These solutions would throw off attackers who were trying to fake link quality metrics to attack routes.
All in all Dr. Krishnamurthy feels that ETOP is a better, more reliable and secure than ETX.
Wednesday, April 14, 2010
Colloquium: "Survivable Routing in Multi-hop Wireless Networks"
Today's class was mostly on Prof. Krishnamurthy's talk on routing within a multi-hop wireless network. Multi-hop wireless networks are networks involving multiple static routers connecting wirelessly over some area, and are commonly seen in things like city-wide wireless networks, campus networks, surveillance, and the military. Research on this kind of networks is being carried out in many places, involving Rutgers, MIT, and UCR. What separates these networks from wired networks is the fact that spatial distance and arrangement matter.
Currently, the most popular protocol uses ETX (Expected Transmission Count) as a metric of connection quality. ETX uses number of expected number of packets to send one good packet as weight on a network graph connection. However, most protocols put too much weight on number of hops needed to a destination, and so favors longer, less reliable hops over short, very reliable hops between routers. This forces each router to send more packets, expecting them to not arrive successfully. In addition, ETX is blind to where unreliable connections are located – lost packets toward the end of a path means that a failure message will have to travel all the way back to the sender, causing more network congestion.
Prof. Krishnamurthy proposes ETOP, a protocol that takes into account both the number of hops, reliability, and the location of unreliable connections. The metric uses probe packets to determine where unreliable connections are and places greater cost toward unreliable segments which are farther in the path. Because of this, the protocol generates non-commutative paths (Paths from routers A to B aren't necessarily the same as B to A). Regardless, he has proven that greedy algorithms are usable for determining paths given this metric, and so Dijkstra's algorithm is usable for the protocol.
ETOP on average shows better goodput (useful bandwidth) compared to ETX, especially for multi-hop paths. The protocol interacts somewhat chaotically with TCP, making its congestion window fluctuate wildly, but almost always better goodput nonetheless. ETOP also shows worse round trip time since it may favor paths with more hops.
Prof. Krishnamurthy also talked about security in a wireless network, in particular about safeguards against certain common attacks. A wormhole attack places an attractive link in the network, allowing the attacker to snoop on many of the packets going through the network. Gray hole and black hole attacks expand on this concept by also consuming some or all of the incoming packets. This effectively creates a denial of service attack. Sybil attacks expand on wormholes by spoofing as multiple clients to obtain disproportionately many packets. Colluded attacks involve multiple clients working together to give their fake connections more reliability.
His proposal for network security involve a protocol which detects and uproots attackers. The protocol (separate from ETOP) stops attackers by first looking for suspicious traits for every client on the network. Questionable clients are then interrogated. Challenge packets are sent to the offending clients, which must be replied to in a certain way. Failure rates incompatible with their advertised reliability would expel those clients from the network. This protocol has a very high success rate and low false positive rate, but makes the network significantly less efficient.
"Survivable Routing in Multi-hop Wireless Networks"
Lab 4: CGI Search Engine
Pre-lab questions will become part of the 2nd Homework assignment.
Instead I have posted a new lab on developing a CGI Search Engine which is due Wednesday, Apr 28 at 1:00 pm.
Also, there will be bonus for the students that had scheduled as first in the lab including previous ones.
Tuesday, April 13, 2010
Lecture 20: HTTP (April 12)
Thursday, April 8, 2010
Lecture 19: HTTP (April 7)
Tuesday, April 6, 2010
Lecture 17: Socket Programming Issues
After the lecture review was complete, the professor transitioned to the new information. The main idea of this lecture was to take the system calls and low level interface from the previous lecture and understand how to use these tools to create functional applications using the protocols.
The first application the instructor discussed was a generic TCP client. When designing such an application many things have to be taken into account. If blocking IO is used, the listening aspect of the program must be in a separate thread. If the IO is non-blocking, then it must be polled continuously.
Another option is to use alarms and interrupts. Or, the "select()" function could be used. The instructor then spent several slides describing how to use the select function.
After discussing these programming decisions, specific errors were discussed. We learned about error codes and how to read their descriptions using the strerror() function.
Following the errors, general programming strategies for both clients and servers were discussed. When designing a client several things must be attended to, these include: identifying the server and port selection. When designing a server, the programmer must decide between concurrent client handling and iterative. Between these two choices are many differences that must be considered.
Monday, April 5, 2010
Lecture 16 TCP and UDP Sockets
Monday, March 29, 2010
Lecture 13: FTP
When an FTP connection is made, two separate connections are established. One is for control information and the other is for data information. First, the control connection is established and the end hosts communicate with one another. When a request is made over the control connection for a file, the data connection is established and the data transfer occurs. As data is transferred over the connections, replies are also sent back and forth. Replies are only sent over the control connection and contain much information about the state of the transfer.
Trivial File Transfer Protocol (TFTP) is a simplified version of FTP. It was designed to be small and simple and able to fit into the ROM of a computer. TFTP is mainly used for bootstrapping diskless systems.
Thursday, March 25, 2010
Lecture 15: Socket Programming
A socket is an abstract representation of a communication endpoint that needs to establish a connection and specify communication endpoint addresses. In order to create a socket we must call a function, int socket(int family, int type, int proto); where family specifies the protocol familty, type specifies the type of service and protocol specifies the specific protocol. This function will return a socket descriptor or -1 on an error, and will allocate the resources needed for a communication endpoint, but endpoint addressing has yet to be dealt with. Generic socket addresses are added through a struct, that contains three values, a address length, family, and the address value. This addressing can be done bothe in IPv4 and IPv6.
Once the addressing has been handled it is time to bind the address to a socket. To do this we use the bind() system call. If the bind returns successfully it will return a 0 or a -1 on error. Calling bind() assigns the address specified by the structure to the socket descriptor. There are a number of uses for bind, such as allowing a client to bind to a port, or a server to a well known address.
At the end of the lecture we went over some more socket system calls, such as the general use ones of read(), write(), or close(). There are also specific calls for connection oriented(TCP), connect(), listen(), and accept(). As well as calls for connectionless service(UDP), send(), and recv().
Monday, March 22, 2010
Lab 3: Transport Layer Protocols
You may schedule lab sessions to work in the networking lab using the link posted on WebCT.
Do not forget to turn in the solutions for Question Sheet for the PreLab in Pages 173-174 by Thursday, March 25th by 1pm on WebCT.
Tuesday, March 9, 2010
Saturday, March 6, 2010
Lecture 12: Telnet, Email, etc.
The lecture given on wednesday, march 3rd, started, as always with a review of the previous lecture and then moved onto the new material: the application level protocols telnet, smtp, pop, imap and mime. From the previous lecture, Dr. Gunes repeated the key functions of a router, how much buffer was necessary, bridges, and spanning trees.
The first protocol that Dr. Gunes taught us about was telnet. Telnet is simple, bidirectional communication protocol that utilizes byte oriented communication. It is a generic TCP client that sends whatever you type into the host terminal over the TCP socket. Many unix machines have telnet servers offering functionality like echo running by default. The professor demonstrated several such examples during class to the delight of the students.
Next, the instructor educated us on several basic email protocols including smtp, pop, imap, and mime. Smtp, simple message transfer protocol is used to send emails. It can even be used through telnet! It was shown to be unsecure because it is very easy to send fraudulent emails. Next the instructor taught us about POP, post office protocol. This mail receiving protocol allows the client to read their emails by pulling them entirely from the server. this allows the emails to be read offline. After that, he taught us about IMAP, Internet Message Access protocol. This protocol is more flexible than pop3 and more complicated. Finally we discussecd webmail, which we are all quite familiar with.
Monday, March 1, 2010
Lecture 11: Router Architectures
Input ports,output ports and switching fabric are important components of a router. Input ports perform the physical layer functions(line termination), the data link layer functions(data-link processing) and the network layer functions(lookup,fowarding and queuing). Import queuing takes place when data arrives faster than it can forward into switching fabic. Head of the Line blocking (HOL) queuing is when data at the front of the queue stops other data in the queue from moving forward. Switching fabric connects the routers input ports to its output ports. There are three types of switching fabrics: memory, bus and crossbar. And the output ports performs the reverse of the input port functions.
The lecture also covered bridges. A bridge connects networks. They are needed for two reasons; it strengthens signals if communication is large and provides autonomy.
The bridge must have a database to keep track of which hosts are on which networks. To do this the system administrator can hard code the addressses or the bridge could learn the information as it goes. A learning bridge can move from one network to another and hosts can be added at any time. This would allow no manual setup from humans. The problem with this is the possibility of looping in a system of two or more bridges. Some of the ways to fix this issue is to have the bridges detect loops and feed it back to the user or design the bridge to prune itself so there is no loops in the network.
Sunday, February 28, 2010
Lecture 9: Routing the Internet (Feb 22)
Thursday, February 25, 2010
Lecture 10: BGP (Feb 24)
Wednesday, February 24, 2010
Lab 2 on RIP
You may schedule lab sessions to work in the networking lab using the link posted on WebCT.
Do not forget to turn in the solutions for Question Sheet for the PreLab in Page 131 of Mastering Networks: An Internet Lab Manual by Monday, March 1st by 1pm on WebCT.
Clarification: You may find the solution to the first question in PreLab at http://www.techonia.com/configure-linux-pc-router.
Monday, February 22, 2010
Lecture 8: Routing Algorithms (Feb 17)
Today's lecture talks about routing algorithms, which are used by routers to determine where data packets should go in a network. This problem is essentially that of finding the shortest route through a weighted graph.
These algorithms may use global or local information. The routing itself can be relatively static or dynamic over time. Dijkstra's algorithm uses global information and constructs a shortest-path tree from a given router. For this strategy, every router remembers the complete topology of the network and paths toward each location. Bellman-Ford algorithm uses local information and broadcasted network changes to approximate and over time attain optimal routes. For this strategy, each router remembers their known closest distance to all locations in the network and the first hop toward that location.
In both algorithms, changes in the network may cause instabilities. Dijkstra's algorithm may have instabilities if packets change edge weights in a network graph. Bellman-Ford algorithm has troubles propagating information about increase in transmission costs or dead connections.
Wednesday, February 10, 2010
Lecture 7 : Routing (Feb 10)
Monday, February 8, 2010
Student presentations
Indicate your preferred date and topic on the spread sheet.