Blanc Comp Net Exam Fall 10

Computer Networks - Final examProf. J.-P. Hubaux and Dr. M. H. Manshaei

December 21, 2010

Duration: 3:00 hours, closed book.

Please write your answers on these sheets in a readable way.Poorly written answers will not be corrected.

Use extra sheets if necessary (put your name on them).

You may write your answers in English or in French.

The total number of points is 60.

This document contains 18 pages.

First Name (Prenom):Last Name (Nom de famille):

SCIPER No:

Division: 2 Communication Systems 2 Computer Science2 Other (mention it): . . . . . . . . .

Year: 2 Bachelor Year 2 2 Bachelor Year 32 Other (mention it): . . . . . . . . .

1 Short questions (10 points)

For each question, please circle a single best answer.

1. WikiLeaks has recently faced DDoS (Distributed DoS) attacks. These attacks:

(a) make use of Trojan horses to infect a specific host.

(c) install malware that corrupts and deletes sensitive files.

(d) allow the attacker to reveal identities of people submitting documents to different servers.

2. Consider an HTTP client that wants to retrieve a Web document at a given URL. Assuming that theIP address of the HTTP server is initially unknown, what transport and application-layer protocolsbesides HTTP are needed?

(a) UDP

(b) TCP

(c) DNS

3. Among the following applications, which one is not suitable for P2P architecture:

(a) file sharing

(c) video streaming

(d) instant messaging

4. A Web cache:

(a) can help prevent DoS attacks.

(b) is a network entity that guarantees anonymity of Internet traffic.

(d) makes use of cookies to reduce the response time for a client request.

5. In TCP, the timeout interval is a function of:

(b) maximum segment size (MSS) and the overhead of a datagram.

(c) the size of buffer at the receiver.

(d) both (b) and (c).

2

(b) use botnets with thousands of compromised hosts

(d) all of the above

(b) electronic banking

(c) responds to HTTP requests on the behalf of a Web server.

(a) estimated RTT at the transmitter.

6. Which of the following is correct about the flow control service in TCP?

(a) The sender selects the maximum segment size (MSS).

(b) The receiver increases its application data rate.

(d) The receiver increases its buffer size.

7. A TCP transmitter has received an acknowledgment with the sequence number equal to 80. Thismeans that:

(a) the receiver has received segment 80.

(c) the receiver can accept 80 bytes without overflow in its buffer.

(d) the transmitter should sent 80 bytes in the next segment.

8. In a Go-Back-10 protocol, the oldest transmitted segment without ACK has a sequence numberequal to 100. The sender has already sent 5 packets from its transmission windows. If the timeoutexpires for packet 100, the sender should retransmit:

(a) packets 96 to 100.

(b) packets 91 to 100.

(c) packet 100.

(e) packets 100 to 109.

9. Consider a router with the switching fabric based on memory access. The memory access speed(read and write) is B packets per second. The overall forwarding throughput is always:

(a) greater than B packets per second.

(b) greater than 2B packets per second.

(c) smaller than√B/2.

10. ICMP (Internet Control Message Protocol):

(a) is used by ping to provide echo request/reply.

(b) is used by traceroute to measure the delay between the routers from a source to a destination.

(c) is used by hosts and routers to communicate network-level information.

3

(b) the receiver has received the segment preceding segment 80.

(c) The sender does not overflow the receiver’s buffer by transmitting too many segments.

(d) packets 100 to 104.

(d) smaller than B/2.

(d) All of the above.

11. Which of the following is incorrect about IPv6?

(a) The size of IPv6 addresses is 128 bits.

(c) There is no checksum in the IPv6 header.

(d) All the above are correct.

12. DHCP:

(a) allows an ISP to obtain a set of IP addresses from the ICANN (Internet Corporation forAssigned Names and Numbers).

(b) allows a router to allocate port numbers in a NAT (Network Address Translation).

(d) both (a) and (c).

13. In BGP, the NEXT-HOP attribute indicates:

(b) the shortest path between two ASs.

(c) the gateway address that has the highest traffic.

(d) both (b) and (c).

14. Compared to pure ALOHA, slotted ALOHA has:

(b) higher efficiency, because slotted Aloha uses collision avoidance.

(c) lower efficiency, because a large part of a slot can go unused.

(d) lower efficiency, because having slots requires synchronization.

15. To allow the sender to detect a collision in CSMA/CD:

(a) frames must include a checksum.

(b) frames must be encrypted and authenticated.

(c) frames need to be shorter than some maximum length.

4

(b) The routers use datagram fragmentation with IPv6.

(c) allows a host to dynamically obtain an IP address when it joins the network.

(a) the router interface that begins the AS-PATH.

(a) higher efficiency, because without slots a frame is more likely to suffer a collision.

(d) frames need to be longer than some minimum length.

16. In an Ethernet frame, the preamble is responsible for:

(a) collision detection.

(c) error correction.

(d) multiplexing/demultiplexing.

17. Which of the following is not true about SSL?

(b) In SSL, the client sends to the server a list of encryption algorithms that it supports and theserver chooses one.

(c) In SSL, client authentication is optional.

(d) In SSL, both client and server send a MAC of all the handshake messages to prevent Man-in-the-Middle attack.

18. Cipher Block Chaining prevents:

(a) Cipher-text only attacks in Block ciphers.

(b) Large number of rounds in Block ciphers.

(c) Producing exactly same cipher-text block for two same plain-text blocks in Block ciphers.

(d) All of the above.

19. In CDMA, user A uses code cAm and user B uses code cBm. The codes should satisfy:

(a) cAm = 1, cBm = 0 (or the other way around)

(b) cAm = cBm

(c) cAm = −cBm∑m

Am

Bm

20. Which of the following is generally true about modulation schemes:

(a) At a fixed bitrate, increasing the SNR increases the BER.

(b) At a fixed SNR, increasing the bitrate increases the BER.

(c) At a fixed BER, increasing the SNR increases the achievable bitrate.

(e) All of the above are correct.

5

(b) synchronization of the receiver’s clock to the sender’s clock.

(a) SSL provides authentication and confidentiality for UDP and ICMP messages.

(d) c c = 0

(d) (b) and (c) are correct.

2 DNS (8 points)

Consider a hierarchy of name servers and a number of machines that belong to the cs.princeton.edudomain as depicted below. Note the attributes (names and IP addresses) of each of the DNSservers in the hierarchy and of the machines in the cs.princeton.edu domain. Each DNS serverhas a number of resource records (i.e., name-to-value bindings) that contain the following fields:< Name, V alue, Type, Class, TTL >.

6

Question 1: Ignoring the TTL and Class fields, write the resource records in the form< Name, V alue, Type > that each of the DNS servers in the hierarchy has. Assume that thecaches of all machines are empty.

Question 2: A student at EPFL wants to establish communication with the host pen-guins.cs.princeton.edu. Therefore, the student’s machine needs to resolve the IP address of the hostpenguins.cs.princeton.edu. The student’s machine is configured to first query a local EPFL DNSserver, stisun1.epfl.ch, using recursive type of queries. Local EPFL DNS server is configured to useiterative type of queries. Assume that the caches of all machines are empty.

a. Draw the arrows that represent the DNS messages exchanged between the entities as a resultof the query for penguins.cs.princeton.edu. Enumerate (i.e., assign numbers) to the arrowsto represent the order in which the messages are exchanged. Write the content of each ofthe exchanged DNS messages. (You may write the content of the messages together with thecorresponding arrows).

7

b. Which resource record does the local EPFL DNS server need to have in this scenario?

8

3 Routing (10 points)

Consider the network in the figure below. The numbers on the links between nodes represent the costscorresponding to these links. Assume that nodes initially know only the cost of adjacent links (link towhich they are directly connected).

A C

D

B

E

F

36

12

2

8

Question 1: The network runs the distance-vector algorithm. Assume that the algorithm works in asynchronous manner: In one time-slot, all nodes simultaneously receive distance vectors from theirneighbors, compute their new distance vectors, and inform their neighbors if their distance vectorshave changed. Fill out the distance tables at node C for each time-slot:

cost toA B C D E F

cost toA B C D E F

cost toA B C D E F

9

Afrom C

EF

Afrom C

EF

Afrom C

EF

Question 2: Assume that a router has the following entries in its routing table:

Address/mask Next hop135.46.56.0/22 Interface 0135.46.60.0/22 Interface 1192.53.40.0/23 Interface 2

default Interface 3

For each of the following IP addresses, what does the router do if a packet with that destination address

Question 3: Consider the topology shown below, and suppose that each link has unit cost. Supposethat node H is chosen as the center (i.e., rendezvous point) in a center-based routing tree. Assumethat each attached router uses its least-cost path to node H to send join messages to H . We alsoassume that nodes are joining in an alphabetic order (i.e., first A joins, then B, etc.). Draw theresulting spanning tree in the figure. Is it unique? Justify your answer.

B CA H

G

D E F

10

a. 135.46.63.10 ——interface

b. 135.46.57.14 ——interface

c. 135.46.52.2 ——interface

d. 192.53.40.7 ——interface

e. 192.53.56.7 ——interfac

arrives?

4 ALOHA (5 points)

Suppose 5 nodes are competing to access a channel using the (pure) ALOHA protocol. Assumeeach node has an infinite number of packets to send. Each node attempts to transmit with probability p.

Question 1: What is the probability of transmission that maximize the throughput of this network?

Question 2: Assume that the nodes use the probability of transmission computed in Question 1.Moreover, they use slotted ALOHA instead of ALOHA. Calculate the probability that in a time-slot:

a. the channel is idle.

b. there is a collision.

11

5 ARP (10 points)

Consider the following LAN, composes of 2 machines, a gateway router and a switch:

Eve

Alicegatewayrouterswitch

192.168.42.10AA-AA-AA-AA-AA-AA

192.168.42.13EE-EE-EE-EE-EE-EE

192.168.42.111-11-11-11-11-11

The router and both machines rely on ARP to dynamically obtain the mapping between IP ad-dresses and MAC addresses. The switch, upon receiving a frame with destination MAC address X:

• forwards the frame to all the NICs if X is a broadcast address,

• forwards the frame only to the NIC with address X if X is a unicast address

• drops the frame if address X is unknown.

Eve wants to meddle with Alice’s Internet connection. As she only has control over her ownmachine, she resort to so called ARP poisoning attacks. We elaborate these attacks in this question.

Question 1: Explain in detail how the ARP module updates the ARP table upon receiving:

a. an ARP request.

b. an ARP reply.

12

Question 2: Eve wants to mount a denial-of-service attack on Alice, i.e., cut the connection betweenAlice and the gateway.

Propose an ARP-based attack that would allow Eve to achieve this. List the ARP packets used; forevery ARP packet, give the type (request/reply) and source/destination IP/MAC addresses. Describewhat happens with IP packets sent by Alice afterwards.

Question 3: Eve wants to receive all the IP packets sent from Alice to the gateway.Propose an ARP-based attack that would allow Eve to achieve this. List the ARP packets used; for

every ARP packet, give the type (request/reply) and source/destination IP/MAC addresses. Describewhat happens with IP packets sent by Alice afterwards.

13

Question 4: Eve wants to eavesdrop on all the IP packets exchanged between Alice and the gatewayin a way that would be stealthy (Alice should not realize that something is wrong).

Propose an ARP-based attack that would allow Eve to achieve this. List the ARP packets used; forevery ARP packet, give the type (request/reply) and source/destination IP/MAC addresses. Describewhat Eve should do with the IP packets received from Alice and from the gateway.

Question 5: Propose a modification to the way the ARP module updates the ARP table that wouldprevent and/or detect such ARP attacks. Note: the format of ARP packets has to remain unchanged.

14

6 Wireless Networks (8 points)

Question 1: In IEEE 802.11, when does using RTS/CTS decrease the network throughput comparedto the case when RTS/CTS is not used?

Question 2: Consider the following IEEE 802.11 network, where all stations use channel 4:

A B C D

The shaded oval around a node represent the communication and interference range of that node.Assume that nodes do not use RTS/CTS. For each of the following traffic patterns, indicate at

which (if any) nodes can data frames be lost due to a collision?

c. B sends data to A, C sends data to D: -

Question 3: Consider question 2, assuming all nodes use RTS/CTS. Is it possible that a data frameis lost due to collision in any of the scenarios a, b, and c? If yes, explain how.

Question 4: Propose a channel allocation that prevents all collisions in scenarios b and c. (Assign aIEEE 802.11 channel to each node.)

15

a. A sends data to B, C sends data to B:

b. A sends data to B, D sends data to C:

A: B: C: D:

7 Security (9 points)

Question 1: Alice and Bob share a secret key KA−B . Based on this key, the following protocol allowsAlice to authenticate herself to Bob:

“Hello I am Alice”

R

H(KA-B,R)

Alice Bob

generate nonce R

generate MAC H(KA-B,R)

H – hash function

verify MAC

Trudy is an attacker who does not have the secret session key KA−B , but can eavesdrop on themessage exchanges between Alice and Bob, as well as modify these messages, drop them, or injectnew messages.

What attack could Trudy mount if the random nonce R is not part of the protocol? (E.g., Alicesimply sends “Hello I am Alice”, MAC(“Hello I am Alice”, KA−B)).

Question 2: Consider the authentication protocol from question 1. Suppose that whenever Alice startsthe authentication protocol with Bob, Bob also attempts to authenticate himself to Alice. Bob doesso by running in parallel a second instance of the same protocol (but with the roles of Alice and Bobreversed).

Give a scenario by which Trudy, pretending to be Alice, can now authenticate herself to Bobas Alice. (Hint: Consider that the messages of the two instances of the protocol can be arbitrarilyinterleaved.)

generate MAC H(KA-B,R)

“Hello I am Bob” nonce R

send received R

A-B

send received MAC

MAC verifies!

16

Question 3: The following protocol allows Alice and Bob to establish a shared secret session key KS

with the help of a Key Distribution Center (KDC). The KDC is a server that shares a unique secretsymmetric key with Alice (KA−KDC) and with Bob (KB−KDC). NA is a freshly generated nonce,and K{m} denotes an encryption of message m with a symmetric key K.

Bob and Alice now communicate using the

symmetric session key KS

KB-KDC{A, KS}

KA-KDC{NA,B, KS, KB-KDC{A, KS}}

A,B,NA

Alice KDC Bob

At the end of the protocol, the key KS is secret to everyone except for Alice, Bob and the KDC. Inaddition, Alice is sure that the only other party that knows KS is Bob (and the KDC), and vice versa.

Trudy is an internal attacker who shares a key with the KDC (KT−KDC), but who does not knowKA−KDC or KB−KDC . Trudy can eavesdrop on all the message exchanges between the other parties,as well as modify messages, drop messages, and inject new messages. Trudy can also initiate newprotocol instances.

a. Consider that “B” is removed from the 2nd message of the protocol. Describe an attack thatTrudy can mount against this modified version of the protocol.

b. Consider that “A” is removed from “KB−KDC{A,KS}” in the 2nd and 3rd message of theprotocol. Describe an attack that Trudy can mount against this modified version of the protocol.

17

18