Blanc Comp Net Exam Fall 09

EPFL-logo

Computer Networks - Final ExamProf. J.-P. Hubaux and Dr. M. H. Manshaei

January 18, 2010

Duration: 3:00 hours, closed book.

Please write your answers on these sheets in a readable way.Poorly written answers will not be corrected.

Use extra sheets if necessary (put your name on them).

You may write your answers in English or in French.

The total number of points is 60.

This document contains 20 pages.

Student First name:Last name:

Division: 2 Communication Systems 2 Computer Science2 Other (mention it): . . . . . . . . .

Year: 2 Bachelor Year 2 2 Bachelor Year 32 Other (mention it): . . . . . . . . .

1 Short questions (5 points)

For each question, please circle a single best answer.

1. In the CSMA/CD protocol, what condition on the transmission delay Ttrans and the propagationdelay Tprop has to be satisfied to guarantee that a node always detects a collision?

(a) Ttrans > Tprop

trans prop

(c) Ttrans < Tprop

(d) 2Ttrans < Tprop

2. Alice and Bob communicate in an alphabet that has L letters. They use a monoalphabetic substitu-tion cipher with key K. Assume that Trudy obtains a plaintext m and the corresponding ciphertextc. Under what conditions can Trudy recover the key K completely?

(b) |m| ≥ L.

(c) |m| ≥ |K|.(d) m is not empty.

3. The WiMaX protocol:

(a) provides the maximum available data rate over a wireless channel.

(b) uses unlicensed spectrum, such as WiFi.

(d) All of the above options are correct.

4. Two hosts simultaneously send data through a link of capacity 1Mbps. Host A generates data witha rate of 1Mbps and uses TCP. Host B uses UDP and transmits a 100bytes packet every 1ms.Which host will obtain higher throughput?

(a) Host A.

(c) They obtain roughly the same throughput.

(d) They experience congestion collapse and negligible throughput.

5. What is the theoretical upper-bound on the number of simultaneous TCP/IPv4 connections that ahost with a single IP address can handle? (Ignore memory limitations.)

(a) 216

(b) 232

64

(d) unlimited

2

(b) T > 2T

(a) m contains at least L− 1 unique letters.

(c) provides a mechanism for scheduling.

(b) Host B

(c) 2

6. Host A sends a TCP segment (Seq = 43, ACK = 103), to which host B replies with a TCP segment(Seq = 103, ACK = 57). The payload of the first TCP segment is

(b) 43 bytes long.

(c) 46 bytes long.

(d) 57 bytes long.

(e) 60 bytes long.

7. The Distance-Vector algorithm is not:

(a) iterative.

(b) asynchronous.

(c) distributed.

(d) used in RIP.

8. Longest prefix matching is used:

(b) in classless addressing to use the address space more efficiently than in classful addressing.

(c) by NAT to increase the available address space in home networks.

(d) to assign subnet masks.

(e) None of the above.

9. An authoritative DNS server knows a top-level domain server via:

(a) hostname.

(c) canonical hostname.

(d) alias.

(e) domain.

10. A user requests a Web page that consists of some text and 3 images. The browser’s cache is empty.For this page, the client’s browser:

(a) sends 1 http request message and receives 1 http response messages.

(b) sends 1 http request message and receives 3 http response messages.

(c) sends 1 http request message and receives 4 http response messages.

(d) sends 3 http request messages and receives 3 http response messages.

3

(a) 14 bytes long.

(e) None of the above.

(a) in routers to know on which link interface to forward packets.

(b) IP address.

(e) sends 4 http request messages and receives 4 http response messages.

2 Application Layer (7 points)

Question 1: Consider a scenario where an EPFL student joins a BitTorrent torrent, but he does notallow other peers to download any content from his machine (so called “free-riding”).

a. The student claims that he can download complete copies of the files shared by torrent. Is thispossible? Why or why not?

b. The student further claims that he can make his “free-riding” more efficient by using a collectionof multiple computers (with distinct IP addresses). Is this possible? Why or why not?

Question 2: Consider a circular Distributed Hash Table (DHT) with node identifiers in the range[0, 15]. Suppose there are seven peers with identifiers 1, 3, 4, 5, 8, 12 and 14.

a. Suppose that the following (key,value) pairs should be stored in the DHT: (2,1), (6,5), (7,15)and (15,5). Which peers will store which (key,value) pairs? Fill in the table below.

(key,value) Identifier of the responsible peer

(2 1) 3(2,1) 3(6,5) 8(7,15) 8(15,5) 1

4

b. Suppose that peer 3 learns that peer 5 has left the DHT. How does peer 3 update its successorstate information? Which peer is now its first successor? Its second successor?

c. Suppose that a new peer with the identifier 6 wants to join the DHT and peer 6 initially onlyknows the IP address of the peer 14. What steps are taken for peer 6 to join the system?

5

3 Network Layer (14 points)

Question 1: Consider sending a 1500-byte datagram into a link that has an MTU of 500 bytes.Suppose the original datagram is stamped with the identification number 1. Assume that IPv4 is used.Hint: The IPv4 header is 20bytes long.

a. Where does fragmentation happen? Where are the fragments reassembled?

b. How many fragments are generated?

c. In addition to the identification number, what are the fields in the generated IP datagram(s) thatare related to fragmentation?

6

d. What are the values of the fragmentation-related fields in the generated IP datagram(s)?

e. What changes if IPv6 were used?

Question 2: Consider destinations connected to a single source by a binary tree of routers as shownbelow (the source is the node at the top). Each time a packet (or copy of a packet) is sent over a singlelink, it incurs a unit of cost. In a single time step, a node can receive all transmitted broadcast packetsfrom its neighbors, duplicate the packets, and send them to all of its neighbors (except to the nodethat sent a given packet). At the next time step, neighboring nodes can receive, duplicate, and forwardthese packets, and so on.

Figure 1: A computer network.

7

a. Assume that uncontrolled flooding is used to provide broadcast in this network. At time step k,how many copies of the broadcast packet will be transmitted, assuming that during time step 1,a single broadcast packet is transmitted by the source node to its three neighbors?

b. Assuming there are only 48 destinations (as shown in the figure), what is the cost of sending abroadcast packet using N-way-unicast?

c. Assuming there are 48 destinations, what is the cost of sending a broadcast packet usingspanning-tree broadcast?

8

Question 3: IPv4 multicast addresses are in the group historically called Class D, based on the leadingbits of these addresses. This group has been allocated the address block 224.0.0.0/4.

a. Assume that 5000 multicast groups are ongoing at the same time and choose their multicastgroup addresses at random such that no two addresses interfere with each other. What is theprobability that an additional multicast group chooses an address that does not interfere withany of the other 5000 group addresses and without knowing any of these 5000 addresses?

b. Now assume that all 5001 multicast groups choose their multicast group addresses simultane-ously at random. What is the probability that no two addresses interfere with each other?

9

4 Link Layer (10 points)

Question 1: Figure 2 shows a network with three routers and five hosts. The administrator of thenetwork has assigned two subnet masks 192.168.1.0/29 and 192.168.2.0/30 to the Router 1. Router2 can use three subnet masks 192.168.2.0/30, 192.168.3.0/30, and 192.168.4.0/30. Router 3 can usetwo subnet masks 192.168.4.0/30 and 192.168.5.0/29.

Router 1

Router 2

Router 3

E D

C

B

A IP: 192.168.1.1

MAC: A

MAC: B

MAC: C

MAC: D MAC: E

IP: 192.168.1.3

MAC: R11

IP: 192.168.2.1

MAC: R12

IP: 192.168.2.2

MAC: R21

IP: 192.168.3.2

MAC: R22

IP: 192.168.4.1

MAC: R23

IP: 192.168.4.2

MAC: R31

IP: 192.168.5.3

MAC: R32

Figure 2: A computer network with 3 routers and 5 hosts.

a. Assign missing IP addresses (hosts and router interfaces). Write your answer in the figure.

b. Assume that the MAC addresses of Router i are Rni , n ∈ {1, 2, · · · } (For example, Router 1

has two MAC addresses R11 and R2

1). Assign the missing MAC addresses. Write your answerin the figure.

10

IP

IP

IPIP

c. Assume that the ARP tables in E and D are empty. Host D wants to send a packet to host C andhost E wants to send a packet to host A. Explain how the ARP tables of these two hosts shouldbe updated.

d. Now assume that all ARP tables are up to date and host A wants to send an IP datagram to hostC. Enumerate all the steps that should be taken to send this datagram. Please write the IP andMAC addresses of datagram and frames in routers and host.

11

Question 2: Suppose two active nodes n1, n2 share a channel using slotted ALOHA. The channelcapacity is 10 Mbps. Assume that each node has an infinite number of packets to send. Node 1attempts to transmit in each slot with probability p1 = 0.8.What should be the probability of transmission for node 2 (p2) if it wants to obtain 1 Mbps throughputover the channel? What is the network throughput in this case?

12

5 Security (14 points)

Consider the following hypothetical situation. The government of some country, let us call it Xland,does not want its citizens (users) to access certain type of content (forbidden content) on the Internet.The government is in a position to deny users access, because it controls all the ISPs of Xland.An independent, international organization fighting for freedom of speech, OfFoS, wants to help theusers in Xland to circumvent these restrictions. A group of OfFoS volunteers is preparing a reportdescribing the technical measures used to deny access that the ISPs of Xland are employing. Thereport also contains a list of potential countermeasures. However, as these volunteers lack expertisein the topics of computer networks and security, you have been asked to review the report.The report identifies two threats:

Threat 1 The ISPs can block access to forbidden content.

Threat 2 The ISPs can detect and identify users who attempt to access forbidden content (allowingthe government to persecute them).

The report also states that:

• The ISPs keep track of a blacklist of websites providing forbidden content (domain names andIP addresses).

• The ISPs keep track of a blacklist of words specific to forbidden content.

• OfFoS has the resources to deploy a limited number of machines (outside of Xland) to assistthe users.

Question 1: The DNS servers that the users are provided with are under the ISPs control.

a. How can the ISPs take advantage of this to achieve threat 1?

b. Which protocol is (most likely) responsible for providing the IP addresses of DNS servers tothe users?

13

c. What is the simplest way for the users to circumvent this blocking mechanism?

d. Assume that the countermeasure proposed above is deployed. You recall that DNS queries andreplies are sent without any cryptographic protection. How can the ISPs take advantage of thatto achieve threat 1? Threat 2?

e. What cryptographic mechanisms can be used to prevent the attacks described above?

14

Question 2: The report notes that in the case of some content providers, e.g. Wikipedia, the ISPs grantaccess to most of the information offered by the service. Only a fraction of the content is forbidden,and hence blocked. It appears that every IP packet is inspected by the ISPs, and dropped if it containsa word from a blacklist. The report lists a number of potential countermeasures, which you are askedto evaluate. Assume no other blocking/detection mechanisms are deployed by the ISPs.

a. The first proposal is switching from HTTP to HTTPS by all content providers offeringforbidden content. Would this prevent threat 1? Threat 2? Explain.

b. Assume that the HTTPS countermeasure proposed above is deployed. Many of the smallerproviders of forbidden content cannot be expected to pay for a certificate from a CertificationAuthority, and would use self-signed certificates. Could the ISPs take advantage of this toachieve threat 1 or threat 2? Explain.

c. Another countermeasure proposal is an ssh tunnel. The report recommends the users to createthe tunnel as follows:

ssh -L 8080:www.google.com:80 localhost

and start browsing from visiting localhost:8080. Would this prevent threat 1? Threat 2? Explain.

15

d. The next countermeasure proposal is an http proxy that OfFoS would deploy. The proxy’s IPaddress is 123.45.67.89 and it accepts connections at port 8080. How can the users make useof this proxy? Would this prevent threat 1? Threat 2? Explain.

e. The final countermeasure proposal is a combination of an http proxy with an ssh tunnel. Theproxy is still at 123.45.67.89:8080. The ssh server deployed by OfFoS is at 123.45.67.80, withthe login freedom and password ofspeech. How should the users create the tunnel (givethe command) and configure their machines to use the proxy via the ssh tunnel? Would thisprevent threat 1? Threat 2? Explain.

f. Assume that one of the successful countermeasures is deployed (choose one). What additionalmeasures can the ISPs implement to achieve threat 1 or threat 2? Give one example.

16

Question 3: Beyond content-based filtering discussed in the previous question, the ISPs can achievesome forms of threat 1 and threat 2 based on IP addresses. The report again provides some counter-measure, and you are asked to evaluate them. Assume that the ISPs do not inspect the payload of IPpackets, including DNS queries/replies (e.g., because some countermeasures reviewed in the previousquestions are deployed).

a. How can the ISPs achieve threat 1 based on IP addresses alone? Threat 2?

b. The first countermeasure proposal is for each user to deploy his own NAT, and connect to theInternet from behind a NAT. Would this prevent threat 1? Threat 2? Explain.

c. The second countermeasure proposal is for OfFoS to deploy an http proxy. Would this preventthreat 1? Threat 2? Explain.

17

6 Wireless and Mobile Networks (10 points)

Question 1: Can we use the following two codes for a CDMA protocol to avoid collision betweentwo stations. Why or why not?c1 = (1,−1,−1,−1, 1, 1,−1,−1)c2 = (1, 1,−1, 1, 1,−1, 1, 1)

(Hint: The output of a CDMA encoder is Zi,m = di × cm and the CDMA decoder recovers thedata by computing di =

1M

∑Mm=1 Zi,m × cm)

Question 2: What is triangle routing? Does mobile IP use triangle routing or direct routing?

18

Question 3: What is the main purpose of using RTS/CTS packets (Request to Send/Clear to Sendpackets) in wireless networks? Explain this with one example.

Question 4: Figure 3 shows five 802.11b wireless access points. Assume that we assign channel 6to AP3. Which channels should be assigned to other APs such that the data throughput of the nodesconnected to AP3 are maximized? (Hint: There are 11 channels available for 802.11b). Justify youranswer.

AP3

AP1

AP2

AP4

AP5

Figure 3: Five access point. The distances between neighboring access points are equal.

19

20