EPFL-logo

Computer Networks - Final Exam

Prof. J.-P. Hubaux and Dr. M. H. Manshaei January 18, 2010 Duration: 3:00 hours, closed book.

Please write your answers on these sheets in a readable way. Poorly written answers will not be corrected. Use extra sheets if necessary (put your name on them).

You may write your answers in English or in French.

The total number of points is 60.

This document contains 20 pages.

Student First name: Last name: 2 Communication Systems 2 Other (mention it): . . . . . . . . . 2 Computer Science

Division:

Year:

2 Bachelor Year 2 2 Other (mention it): . . . . . . . . .

2 Bachelor Year 3

(answers to the questions are shown in italic and blue)

Short questions

(5 points)

For each question, please circle a single best answer. 1. In the CSMA/CD protocol, what condition on the transmission delay Ttrans and the propagation delay Tprop has to be satised to guarantee that a node always detects a collision? (a) Ttrans > Tprop (b) Ttrans > 2Tprop CORRECT (c) Ttrans < Tprop (d) 2Ttrans < Tprop 2. Alice and Bob communicate in an alphabet that has L letters. They use a monoalphabetic substitution cipher with key K. Assume that Trudy obtains a plaintext m and the corresponding ciphertext c. Under what conditions can Trudy recover the key K completely? (a) m contains at least L 1 unique letters. CORRECT (b) |m| L. (c) |m| |K|. (d) m is not empty. 3. The WiMaX protocol: (a) provides the maximum available data rate over a wireless channel. (b) uses unlicensed spectrum, such as WiFi. (c) provides a mechanism for scheduling. CORRECT (d) All of the above options are correct. 4. Two hosts simultaneously send data through a link of capacity 1Mbps. Host A generates data with a rate of 1Mbps and uses TCP. Host B uses UDP and transmits a 100bytes packet every 1ms. Which host will obtain higher throughput? (a) Host A. (b) Host B. CORRECT (c) They obtain roughly the same throughput. (d) They experience congestion collapse and negligible throughput. 5. What is the theoretical upper-bound on the number of simultaneous TCP/IPv4 connections that a host with a single IP address can handle? (Ignore memory limitations.) (a) 216 (b) 232 (c) 264 CORRECT (d) unlimited 2

6. Host A sends a TCP segment (Seq = 43, ACK = 103), to which host B replies with a TCP segment (Seq = 103, ACK = 57). The payload of the rst TCP segment is (a) 14 bytes long. CORRECT (b) 43 bytes long. (c) 46 bytes long. (d) 57 bytes long. (e) 60 bytes long. 7. The Distance-Vector algorithm is not: (a) iterative. (b) asynchronous. (c) distributed. (d) used in RIP. (e) None of the above. CORRECT 8. Longest prex matching is used: (a) in routers to know on which link interface to forward packets. CORRECT (b) in classless addressing to use the address space more efciently than in classful addressing. (c) by NAT to increase the available address space in home networks. (d) to assign subnet masks. (e) None of the above. 9. An authoritative DNS server knows a top-level domain server via: (a) hostname. (b) IP address. CORRECT (c) canonical hostname. (d) alias. (e) domain. 10. A user requests a Web page that consists of some text and 3 images. The browsers cache is empty. For this page, the clients browser: (a) sends 1 http request message and receives 1 http response messages. (b) sends 1 http request message and receives 3 http response messages. (c) sends 1 http request message and receives 4 http response messages. (d) sends 3 http request messages and receives 3 http response messages. (e) sends 4 http request messages and receives 4 http response messages. CORRECT

Application Layer

(7 points)

Question 1: Consider a scenario where an EPFL student joins a BitTorrent torrent, but he does not allow other peers to download any content from his machine (so called free-riding). a. The student claims that he can download complete copies of the les shared by torrent. Is this possible? Why or why not? Yes. His rst claim is possible, as long as there are enough peers staying in the torrent for a long enough time. The student can always receive data through optimistic unchoking by other peers.

b. The student further claims that he can make his free-riding more efcient by using a collection of multiple computers (with distinct IP addresses). Is this possible? Why or why not? His second claim is also true. He can run a client on each machine, and let each client do freeriding, and combine those collected chunks from different machines into a single le. He can even write a small scheduling program to let different machines only ask for different chunks of the le. This is actually a kind of a Sybil attack in P2P networks.

Question 2: Consider a circular Distributed Hash Table (DHT) with node identiers in the range [0, 15]. Suppose there are seven peers with identiers 1, 3, 4, 5, 8, 12 and 14. a. Suppose that the following (key,value) pairs should be stored in the DHT: (2,1), (6,5), (7,15) and (15,5). Which peers will store which (key,value) pairs? Fill in the table below.

(key,value) (2,1) (2 1) (6,5) (7,15) (15,5)

Identifier of the responsible peer 3 8 8 1

b. Suppose that peer 3 learns that peer 5 has left the DHT. How does peer 3 update its successor state information? Which peer is now its rst successor? Its second successor? Peer 3 learns that peer 5 has just left the system, so peer 3 asks its rst successor (peer 4) for the identier of its immediate successor (peer 8). Then peer 3 will make peer 8 as its second successor. Note: Peer 3 knows that peer 5 was originally the rst successor of peer 4, so peer 3 would wait until peer 4 nishes updating its rst successor.

c. Suppose that a new peer with the identier 6 wants to join the DHT and peer 6 initially only knows the IP address of the peer 14. What steps are taken for peer 6 to join the system? Peer 6 would rst send peer 14 a message, saying what will be peer 6s predecessor and successor? This message gets forwarded through the DHT until it reaches peer 5, who realizes that it will be 6s predecessor and that its current successor, peer 8, will become 6s successor. Next, peer 5 sends this predecessor and successor information back to 6. Peer 6 can now join the DHT by making peer 8 its successor and by notifying peer 5 that it should change its immediate successor to 6.

Network Layer

(14 points)

Question 1: Consider sending a 1500-byte datagram into a link that has an MTU of 500 bytes. Suppose the original datagram is stamped with the identication number 1. Assume that IPv4 is used. Hint: The IPv4 header is 20bytes long. a. Where does fragmentation happen? Where are the fragments reassembled? Fragmentation happens in the router preceding the link with the small MTU. The fragments are reassembled in the end system.

b. How many fragments are generated? The maximum size of the data eld in each fragment = 480 (because there are 20 bytes IP header). Thus the number of required fragments = 150020 = 4. 480

c. In addition to the identication number, what are the elds in the generated IP datagram(s) that are related to fragmentation? Flag and fragmentation offset.

d. What are the values of the fragmentation-related elds in the generated IP datagram(s)? Each fragment will have an identical identication number. Each fragment except the last one will be of size 500 bytes (including the IP header). The last datagram will be of size 60 bytes (including the IP header). The offsets of the 4 fragments will be 0, 60, 120, 180. Each of the rst 3 fragments will have ag=1; the last fragment will have ag=0.

e. What changes if IPv6 were used? The router preceding the link with the small MTU will drop the packet and send an ICMP error message Packet Too Big back to the source. The source is responsible for adjusting the packet size.

Question 2: Consider destinations connected to a single source by a binary tree of routers as shown below (the source is the node at the top). Each time a packet (or copy of a packet) is sent over a single link, it incurs a unit of cost. In a single time step, a node can receive all transmitted broadcast packets from its neighbors, duplicate the packets, and send them to all of its neighbors (except to the node that sent a given packet). At the next time step, neighboring nodes can receive, duplicate, and forward these packets, and so on.

Figure 1: A computer network.

a. Assume that uncontrolled ooding is used to provide broadcast in this network. At time step k, how many copies of the broadcast packet will be transmitted, assuming that during time step 1, a single broadcast packet is transmitted by the source node to its three neighbors? After 1 step, 3 copies are transmitted, after 2 steps, 6 copies are transmitted, after 3 steps, 12 copies are transmitted, and so on. 3 2k1 copies will be transmitted at step k.

b. Assuming there are only 48 destinations (as shown in the gure), what is the cost of sending a broadcast packet using N-way-unicast? With N-way-unicast, the source unicasts a copy to each of the 48 destinations over a path with 5 hops. The cost is therefore 5*48 = 240.

c. Assuming there are 48 destinations, what is the cost of sending a broadcast packet using spanning-tree broadcast? With spanning-tree broadcast, a copy of the message is forwarded over each link exactly once. The cost is therefore 3+6+12+24+48 = 93.

Question 3: IPv4 multicast addresses are in the group historically called Class D, based on the leading bits of these addresses. This group has been allocated the address block 224.0.0.0/4. a. Assume that 5000 multicast groups are ongoing at the same time and choose their multicast group addresses at random such that no two addresses interfere with each other. What is the probability that an additional multicast group chooses an address that does not interfere with any of the other 5000 group addresses and without knowing any of these 5000 addresses? 32 - 4 = 28 bits are available for multicast addresses. Thus, the size of the multicast address space is N = 228 . The probability that group 5001 chooses an address different from all other groups is N 5000 1. N

b. Now assume that all 5001 multicast groups choose their multicast group addresses simultaneously at random. What is the probability that no two addresses interfere with each other? The probability that 5001 groups all have different addresses is N (N 1) (N 2) (N 5000) = N 5001 1 1 N 1 2 N 1 5000 N

Ignoring cross-product terms, this is approximately equal to 1 1 + 2 + + 5000 N =1 5000 5001 = 0.953 2N

Link Layer

(10 points)

Question 1: Figure 2 shows a network with three routers and ve hosts. The administrator of the network has assigned two subnet masks 192.168.1.0/29 and 192.168.2.0/30 to the Router 1. Router 2 can use three subnet masks 192.168.2.0/30, 192.168.3.0/30, and 192.168.4.0/30. Router 3 can use two subnet masks 192.168.4.0/30 and 192.168.5.0/29.
IP: 192.168.3.1 MAC: C

C
IP: 192.168.3.2 MAC: R Router 2 IP: 192.168.4.1 MAC: R
2 3 2 2

A
IP: 192.168.2.2 MAC: R
1 2 2 1

Router 1 IP: 192.168.1.3 MAC: R

1 1

IP: 192.168.1.1 MAC: A IP: 192.168.1.2 MAC: B

IP: 192.168.2.1 MAC: R

IP: 192.168.4.2 MAC: R Router 3 IP: 192.168.5.3 MAC: R

3 2 3 1

E
IP: 192.168.5.2 MAC: E

D
IP: 192.168.5.1 MAC: D

Figure 2: A computer network with 3 routers and 5 hosts.

a. Assign missing IP addresses (hosts and router interfaces). Write your answer in the gure.

n b. Assume that the MAC addresses of Router i are Ri , n {1, 2, } (For example, Router 1 1 and R2 ). Assign the missing MAC addresses. Write your answer has two MAC addresses R1 1 in the gure.

10

c. Assume that the ARP tables in E and D are empty. Host D wants to send a packet to host C and host E wants to send a packet to host A. Explain how the ARP tables of these two hosts should be updated. ARP in host E or D must determine the MAC address of 198.162.5.3. Host E sends out an ARP query packet within a broadcast Ethernet frame. Router 3 receives the query packet and sends to host E an ARP response packet. This ARP response packet is carried by an Ethernet frame with Ethernet destination address E. Host D does the same thing.

d. Now assume that all ARP tables are up to date and host A wants to send an IP datagram to host C. Enumerate all the steps that should be taken to send this datagram. Please write the IP and MAC addresses of datagram and frames in routers and host.

(a) Datagram at host A: should be sent to 192.168.1.2

1 (b) Ethernet packet made at host A: destination MAC address R1

(c) Router 1 determines that the datagram should be forwarded to 192.168.2.2

1 (d) Router 1 makes an Ethernet packet with destination address R2 .

(e) Router 2 determine that the datagram should be delivered to C. (f) Router 2 makes an Ethernet packet with destination MAC address C.

11

Question 2: Suppose two active nodes n1 , n2 share a channel using slotted ALOHA. The channel capacity is 10 Mbps. Assume that each node has an innite number of packets to send. Node 1 attempts to transmit in each slot with probability p1 = 0.8. What should be the probability of transmission for node 2 (p2 ) if it wants to obtain 1 Mbps throughput over the channel? What is the network throughput in this case? The throughput of node 1 can be calculated by p2 (1 p1 )R = 0.1R which means that p2 should be equal to 0.5. The network throughput is then p1 (1 p2 ) + p2 (1 p1 ) = 0.8 0.5 + 0.5 0.2 = 0.5 R = 5M bps

12

Security

(14 points)

Consider the following hypothetical situation. The government of some country, let us call it Xland, does not want its citizens (users) to access certain type of content (forbidden content) on the Internet. The government is in a position to deny users access, because it controls all the ISPs of Xland. An independent, international organization ghting for freedom of speech, OfFoS, wants to help the users in Xland to circumvent these restrictions. A group of OfFoS volunteers is preparing a report describing the technical measures used to deny access that the ISPs of Xland are employing. The report also contains a list of potential countermeasures. However, as these volunteers lack expertise in the topics of computer networks and security, you have been asked to review the report. The report identies two threats: Threat 1 The ISPs can block access to forbidden content. Threat 2 The ISPs can detect and identify users who attempt to access forbidden content (allowing the government to persecute them). The report also states that: The ISPs keep track of a blacklist of websites providing forbidden content (domain names and IP addresses). The ISPs keep track of a blacklist of words specic to forbidden content. OfFoS has the resources to deploy a limited number of machines (outside of Xland) to assist the users. Question 1: The DNS servers that the users are provided with are under the ISPs control. a. How can the ISPs take advantage of this to achieve threat 1? The DNS server can provide a bogus (e.g., random IP) or no response to any query for a domain name from the blacklist.

b. Which protocol is (most likely) responsible for providing the IP addresses of DNS servers to the users? DHCP.

13

c. What is the simplest way for the users to circumvent this blocking mechanism? The users can manually congure their machines to use an existing, external (to Xland) DNS server, for example set up by OfFoS.

d. Assume that the countermeasure proposed above is deployed. You recall that DNS queries and replies are sent without any cryptographic protection. How can the ISPs take advantage of that to achieve threat 1? Threat 2? All packets traverse the ISPs network. Hence, the ISP can lter all DNS queries. To achieve threat 1, the ISP can drop/modify DNS queries/replies containing blacklisted domain names/IP addresses. Or simply drop all DNS packets to non-ofcial DNS servers. To achieve Threat 2, the ISP can eavesdrop on the DNS queries and record the IP addresses of the users asking for blacklisted domain names/IP addresses.

e. What cryptographic mechanisms can be used to prevent the attacks described above? Threat 1 - integrity protection of DNS queries and replies, e.g., using MACs or digital signatures. Threat 2 - encryption of DNS queries and replies.

14

Question 2: The report notes that in the case of some content providers, e.g. Wikipedia, the ISPs grant access to most of the information offered by the service. Only a fraction of the content is forbidden, and hence blocked. It appears that every IP packet is inspected by the ISPs, and dropped if it contains a word from a blacklist. The report lists a number of potential countermeasures, which you are asked to evaluate. Assume no other blocking/detection mechanisms are deployed by the ISPs. a. The rst proposal is switching from HTTP to HTTPS by all content providers offering forbidden content. Would this prevent threat 1? Threat 2? Explain. The trafc would be encrypted, hence content-based ltering would not be feasible. Both threat 1 and threat 2 would be prevented, assuming that the ISP would not deem using HTTPS with content providers such as wikipedia suspicious enough to prevent such communication (threat 1), and record the IP addresses of users attempting such connections (threat 2).

b. Assume that the HTTPS countermeasure proposed above is deployed. Many of the smaller providers of forbidden content cannot be expected to pay for a certicate from a Certication Authority, and would use self-signed certicates. Could the ISPs take advantage of this to achieve threat 1 or threat 2? Explain. The ISPs can mount a man-in-the-middle attack, as the users cannot properly verify self-signed certicates.

c. Another countermeasure proposal is an ssh tunnel. The report recommends the users to create the tunnel as follows: ssh -L 8080:www.google.com:80 localhost and start browsing from visiting localhost:8080. Would this prevent threat 1? Threat 2? Explain. Neither. Such a tunnel only protects the trafc between the users machine the the localhost - which is also the users machine. The trafc is still sent across the network in cleartext, allowing for content-based ltering.

15

d. The next countermeasure proposal is an http proxy that OfFoS would deploy. The proxys IP address is 123.45.67.89 and it accepts connections at port 8080. How can the users make use of this proxy? Would this prevent threat 1? Threat 2? Explain. The users should congure their browsers to use the proxy 123.45.67.89:8080. However, it prevents neither attack. Everything is still sent in cleartext.

e. The nal countermeasure proposal is a combination of an http proxy with an ssh tunnel. The proxy is still at 123.45.67.89:8080. The ssh server deployed by OfFoS is at 123.45.67.80, with the login freedom and password ofspeech. How should the users create the tunnel (give the command) and congure their machines to use the proxy via the ssh tunnel? Would this prevent threat 1? Threat 2? Explain. Tunnel set-up: ssh -L 8888:123.45.67.89:8080 freedom123.45.67.80 provide password ofspeech. Congure browser to use a proxy at localhost:8888. The trafc going through the network of ISPs in Xland is now encrypted, so threat 1 and threat 2 are prevented.

f. Assume that one of the successful countermeasures is deployed (choose one). What additional measures can the ISPs implement to achieve threat 1 or threat 2? Give one example. A few examples: HTTPS: Man-in-the-middle attack, preventing all HTTPS communication (possibly with some exceptions, e.g. e-banking websites). proxy+ssh tunnel: Man-in-the-middle attack, blacklisting the ssh servers IP address, preventing ssh connections to servers outside Xland.

16

Question 3: Beyond content-based ltering discussed in the previous question, the ISPs can achieve some forms of threat 1 and threat 2 based on IP addresses. The report again provides some countermeasure, and you are asked to evaluate them. Assume that the ISPs do not inspect the payload of IP packets, including DNS queries/replies (e.g., because some countermeasures reviewed in the previous questions are deployed). a. How can the ISPs achieve threat 1 based on IP addresses alone? Threat 2? For threat 1, drop IP packets destined or coming from the blacklisted IPs. For threat 2, store the IP of the users who sending packets to blacklisted IPs.

b. The rst countermeasure proposal is for each user to deploy his own NAT, and connect to the Internet from behind a NAT. Would this prevent threat 1? Threat 2? Explain. Neither. A NAT does not change the destination IP addresses (threat 1). Further, the IP address of the NAT is the address normally assigned to the user, hence threat 2 is not prevented.

c. The second countermeasure proposal is for OfFoS to deploy an http proxy. Would this prevent threat 1? Threat 2? Explain. Both, as the blacklisted IP never appears in the IP headers. The destination of HTTP requests and the source of the HTTP responses in the proxys IP address. However, if the IP address of the proxy is put on the blacklist, this countermeasure fails.

17

Wireless and Mobile Networks

(10 points)

Question 1: Can we use the following two codes for a CDMA protocol to avoid collision between two stations. Why or why not? c1 = (1, 1, 1, 1, 1, 1, 1, 1) c2 = (1, 1, 1, 1, 1, 1, 1, 1) (Hint: The output of a CDMA encoder is Zi,m = di cm and the CDMA decoder recovers the 1 data by computing di = M M Zi,m cm ) m=1 We can write the output of the two decoders as:
1 Zi,m = d1 c1 , i m 2 Zi,m = d2 c2 . i m

If both stations transmit at the same time, the receivers will get
1 2 Zi,m = Zi,m + Zi,m .

Lets assume that the rst user decodes the received signal: d1 = i 1 8
8 Zi,m c1 = m m=1

1 8

8 1 2 (Zi,m + Zi,m ) c1 = m m=1

1 8

(d1 c1 + d2 c2 ) c1 . i m i m m
m=1 8 1 m=1 (cm

The codes should be orthogonal to remove interference by node 2, i.e. now equal to 2.

c2 ) = 0 but it is m

Question 2: What is triangle routing? Does mobile IP use triangle routing or direct routing? Mobile IP uses the triangle routing or indirect routing. In triangle routing, the packets from correspondent to mobile host send to home agent rst and then they will be forwarded to foreign agent. Whereas the mobile agent sends its packets directly to the correspondent

18

Question 3: What is the main purpose of using RTS/CTS packets (Request to Send/Clear to Send packets) in wireless networks? Explain this with one example. An example of hidden node terminal and explain that RTS CTS is used to deal with hidden nodes.

Question 4: Figure 3 shows ve 802.11b wireless access points. Assume that we assign channel 6 to AP3 . Which channels should be assigned to other APs such that the data throughput of the nodes connected to AP3 are maximized? (Hint: There are 11 channels available for 802.11b). Justify your answer.

AP1

AP2

AP3

AP4

AP5

Figure 3: Five access point. The distances between neighboring access points are equal. Other APs should use channel 1 and 11. Any combination of those two channels is acceptable as these channels do not have overlap with channel 6.

19

20