Networking Fundamentals

Questions and Answers

Within the Internet protocol stack, which of the following is NOT considered a layer?

• Transport
• Connectivity (correct)
• Network
• Link

Which function below is NOT a responsibility of the Transmission Control Protocol (TCP)?

• Congestion Control
• Reliable Data Transfer
• Flow Control
• Routing (correct)

Which statement accurately compares the Internet and the Public Switched Telephone Network (PSTN)?

• The Internet is circuit-switched and the PSTN is packet-switched.
• The Internet and PSTN are both packet-switched.
• The Internet and PSTN are both circuit-switched.
• The Internet is packet-switched and the PSTN is circuit-switched. (correct)

Which of the following algorithms are used for unicast routing?

Dijkstra's algorithm (B), Bellman-Ford's algorithm (D)

Which protocol below would NOT provide reliable data transfer?

Retransmit-upon-acknowledgment (B)

Which of the following can identify a node in the Internet?

MAC address (A), IP address (C)

What is the dominant medium for connecting routers within the core of the Internet?

Fiber optic cable (C)

Which of the following exemplify medium access control (MAC) protocols?

TDMA (C), FDMA (D)

Which options represent application-layer protocols?

SMTP (A), HTTP (B), FTTP (C)

Which of the following constitutes a wireless network?

Wi-Fi (B), LTE-Advanced (D)

Suppose users share a 2 Mbps link. Also suppose each user transmits continuously at 1 Mbps when transmitting, but each user transmits only 20 percent of the time. When circuit switching is used, how many users can be supported?

2 users (C)

Suppose three users share a 2 Mbps link. Also suppose each user transmits continuously at 1 Mbps when transmitting, but each user transmits only 20 percent of the time. Packet switching is used. What is the fraction of time during which the queue of packets to be sent on the link grows?

0.008 (B)

Suppose a packet of 1000 bytes is sent over a link of rate 10 Mbps and length 500 m. The speed of light on the link is $2 \times 10^8$ m/s. What is the transmission delay?

0.8 milliseconds (B)

Which of the following is accurate regarding routing algorithms?

Dijkstra's algorithm and Bellman-Ford's algorithm are both centralized algorithms. (D)

Which of the following mechanisms are used for reliable data transfer?

Retransmissions (B), Sequence numbers (C), Timeouts (D)

Which approach does TCP use for congestion control?

End-to-end congestion control (C)

Which of the following are examples of point-to-point links?

DSL (A), Dial-up (B)

Which of the following accurately describes the relationship between Internet Service Providers (ISPs)?

A Tier-3 ISP typically pays a Tier-2 ISP (B), A Tier-1 ISP typically does not pay other Tier-1 ISPs (D)

Concerning Ethernet evolution, which statements accurately reflect its architecture?

In modern Ethernet, switches are used. (A), In the original version of Ethernet, each end system is connected to a shared cable. (D)

Which protocols operate at the transport layer?

UDP (A), TCP (C)

Which mechanism allows a user at one end of a connection to verify the identity of the user at the other end?

End-point authentication (B)

How many values of x in the range ${0,1, ...,71}$ satisfy both equations $x \mod 8 = 3$ and $x \mod 9 = 5$?

1 (A)

Suppose a block cipher is used to encrypt a sequence of plaintext blocks $m_1, m_2, ..., m_i, ..., m_N$ into the corresponding ciphertext blocks $C_1, C_2, ..., C_i, ..., C_N$. If Cipher Block Chaining (CBC) is used and block $C_i$ is corrupted during transmission, which block(s) will not be decrypted successfully at the receiver?

$C_i$ and $C_{i+1}$ (A)

In a public-key system using RSA, you intercept the ciphertext $C = 10$ sent to a user whose public key is $e = 5, n = 35$. What is the plaintext $m$?

5 (A)

A and B perform Diffie-Hellman key exchange using $p = 53$ and $g = 2$. If A chooses her secret to be 10 and B chooses his secret to be 33, then what is the common secret that they agree upon?

6 (A)

Flashcards

Internet Protocol Stack Layers

Connectivity is NOT a layer in the Internet Protocol Stack. The layers are Link, Network, Transport, etc.

TCP Functions

Routing is NOT performed by TCP. TCP handles flow control, reliable data transfer and congestion control.

Internet vs PSTN Switching

The internet is packet-switched and the PSTN is circuit-switched.

Unicast Routing Algorithms

Dijkstra's algorithm and Bellman-Ford's algorithm.

Reliable Data Transfer Protocols

Retransmit-upon-acknowledgment is NOT a reliable data transfer protocol.

Identify a node in the Internet

IP address and MAC address

Router Connection Media

Fiber optic cable is used to connect routers.

Medium Access Control Protocols

TDMA and FDMA

Application-Layer Protocols

SMTP, HTTP and FTTP

Wireless Networks

Wi-Fi and LTE-Advanced.

TCP congestion control

End-to-end congestion control

Point-to-Point Links

Dial-up and DSL

ISP Payment Structure

A Tier-3 ISP typically pays a Tier-2 ISP. A Tier-1 ISP typically does not pay other Tier-1 ISPs.

Ethernet Evolution

In the original version of Ethernet, each end system is connected to a shared cable. In modern Ethernet, switches are used.

Transport-Layer Protocols

TCP and UDP

Mechanisms to check user identity

End-point authentication.

Satisfactory Equation Values

One value.

Corrupted Cipher Blocks

Ci and Ci+1

Breaking Monoalphabetic Ciphers

Frequency analysis

Types of Malware

Trapdoor, Logic bomb, and Rootkit

Ensuring Message Integrity

Message Authentication Code and Digital Signature

Cryptographic Hash Function Facts

It is computationally infeasible to find a message that has a pre-specified hash and It is computationally infeasible to find two messages whose hash value is the same

Cryptographic Hash Functions

SHA-3 and MD5

SHA-1 Padding Lengths

65 and 576

SHA-1 Properties

Its output is 160 bits in length and It processes the input data in 512-bit blocks

Study Notes

Week 0: Assignment 0

• Connectivity is not a layer in the Internet protocol stack.
• Routing is a function not performed by the Transmission Control Protocol (TCP).
• The Internet is packet-switched, and the Public Switched Telephone Network (PSTN) is circuit-switched.
• Dijkstra's algorithm and Bellman-Ford's algorithm are examples of unicast routing algorithms.
• Retransmit-upon-acknowledgment is not a reliable data transfer protocol.
• An IP address and a MAC address can be used to identify a node in the Internet.
• Fiber optic cables connect routers in the core of the Internet.
• TDMA and FDMA are medium access control (MAC) protocols.
• SMTP, HTTP, and FTTP are application-layer protocols.
• Wi-Fi and LTE-Advanced are wireless networks.

Assignment 1

• With circuit switching, 2 users can be supported on a 2 Mbps link when each user transmits continuously at 1 Mbps but only 20% of the time.
• With packet switching and three users sharing a 2 Mbps link, where each transmits at 1 Mbps for 20% of the time, the fraction of time during which the queue of packets grows is 0.008.
• The transmission delay for a 1000-byte packet over a 10 Mbps link with a length of 500 m and a speed of light of 2 × 10^8 m/s is 0.8 milliseconds.
• Dijkstra's algorithm is centralized, and Bellman-Ford's algorithm is distributed.
• Timeouts, retransmissions, and sequence numbers are mechanisms used for reliable data transfer.
• TCP uses end-to-end congestion control.
• Dial-up and DSL are point-to-point links.
• A Tier-3 ISP typically pays a Tier-2 ISP, and a Tier-1 ISP does not pay other Tier-1 ISPs.
• In the original version of Ethernet, each end system is connected to a shared cable; modern Ethernet uses switches.
• TCP and UDP are transport-layer protocols.

Assignment 2

• End-point authentication allows a user at one end of a connection to check whether the user at the other end is indeed who they claim to be.
• There is 1 value of x in the range {0,1, ...,71} that satisfies both equations x mod 8 = 3 and x mod 9 = 5.
• When Cipher Block Chaining (CBC) is used and block C_i is corrupted during transmission, blocks C_i and C_(i+1) will not be decrypted successfully at the receiver.
• With RSA, if the ciphertext C = 10 is sent to a user with a public key e = 5, n = 35, the plaintext m is 5.
• If A and B perform Diffie-Hellman key exchange using p = 53 and g = 2, where A chooses her secret to be 10 and B chooses his secret to be 33, the common secret they agree upon is 6.
• 11 and 23 are safe primes.
• CBC, OFB, and CTR schemes use an Initialization Vector.
• 3DES and AES are block ciphers.
• Frequency analysis can efficiently break a monoalphabetic cipher.
• Trapdoor, Logic bomb, and Rootkit are types of malware.

Assignment 3

• A Message Authentication Code and a Digital Signature, when appended to a message, ensure the integrity of the message.
• Statements true about a cryptographic hash function:
  • It is computationally infeasible to find a message that has a pre-specified hash.
  • It is computationally infeasible to find two messages whose hash value is the same.
• SHA-3 and MD5 are cryptographic hash functions.
• SHA-1 pads the input message with minimum and maximum possible lengths of 65 and 576, respectively, before computing its hash value.
• Alice can efficiently achieve message integrity by using a Digital Signature.
• For a cryptographic hash function with a 256-bit output, with a target hash value h, the expected number of inputs, out of n randomly chosen inputs, whose hash value equals h is n / 2^256.
• An attack on a cryptographic hash function where an intruder tries n inputs to find two different inputs with the same hash value is called a Birthday attack.
• Verifiability and Nonforgeability are properties that must be satisfied by a digital signature.
• Statements true for the SHA-1 cryptographic hash function:
  • Its output is 160 bits in length.
  • It processes the input data in 512-bit blocks.
• SHA-1 and SHA-2 are cryptographic hash functions vulnerable to the length extension attack.

Assignment 4

• If Alice and Bob share a secret symmetric key K, and Alice authenticates to Bob using protocol ap4.0, then the following are secure as a session key: K(R + K) and (R + K)(R), where R is the nonce.
• Protocols ap3.0 and ap4.0 defend against IP spoofing.
• Statements true about a nonce:
  • It is used by a protocol only once during its operation.
  • It can be used to check the liveness of the party at the other end of a connection.
• Protocols ap4.0, Lamport's hash and Public key-based authentication defend against the eavesdropping attack.
• Four nonces are used in the Expanded Needham-Schroeder protocol.
• Nonce and Key Distribution Center are used in the Needham-Schroeder protocol.
• Techniques used to defend against an intruder deleting packets between Alice and Bob include:
  • Addition of sequence numbers to packets.
  • Addition, to a packet, of a MAC computed over all the packets from the beginning of a session to the current packet.
• Statements true about the Lamport's Hash protocol:
  • It defends against eavesdropping.
  • It uses cryptographic hash functions.
  • It defends against the server database reading attack.
• Small n attack is an attack on Lamport's Hash.
• Statements true for the ap4.0 protocol:
  • It provides one-way authentication.
  • It uses symmetric key cryptography.

Assignment 5

• Fields in an ITU X.509 certificate include serial number, subject public key, and version.
• Statements true about certificates:
  • The subject and issuer of a certificate may be the same.
  • Certificates are often issued by Certification Authorities.
• The oligarchy model is commonly used in web browsers.
• Statements true about delta CRLs include:
  • Delta CRLs are intended for making CRL distribution more efficient.
  • Delta CRLs are typically posted more frequently than full CRLs.
• PGP and S/MIME are systems for securing email.
• PGP provides confidentiality, message integrity, and compression.
• PGP uses Base64 format.
• Phases of SSL include handshake, data transfer, and key derivation.
• Fields in an SSL record include type, length, and version.
• Server authentication is mandatory, but client authentication is optional in the SSL handshake.

Assignment 6

• The following statements are true:
  • ESP provides confidentiality and message integrity.
• An IKE SA is bidirectional, and an IPsec SA is unidirectional.
• The following are included in the Security Association Database:
  • SPI
  • Current sequence number
  • Encryption key
  • Authentication key
• When tunnel mode is used, the following fields in an ESP packet are encrypted:
  • Original IP header
  • Original IP datagram payload
• The following statements about Wi-Fi are true:
  • It uses a binary exponential backoff based MAC protocol.
  • It is based on the IEEE 802.11 standard.

Assignment 7

• The following statements are true of EAP authentication protocols:
  • EAP-TLS requires both the station and authentication server to have digital certificates.
  • EAP-MD5 is vulnerable to a replay attack.
• The Key Confirmation Key (KCK) is used for the following tasks:
  • To integrity-protect messages in the four-way handshake.
• The four-way handshake is used to agree on a Pairwise Transient Key (PTK).
• RADIUS and Diameter are standards for authentication servers.
• The length of the Pairwise Transient Key (PTK) is 384 bits.
• The following are inputs to the pseudo-random function used to compute the Pairwise Transient Key (PTK):
  • PMK
  • MAC address of the AP
• The following are extracted from the Pairwise Transient Key (PTK):
  • TK
  • KEK
  • KCK
• The following statements are true:
  • TKIP uses RC4 for encryption.
  • CCMP uses AES for encryption.
• CBC-MAC is used for message integrity in CCMP.
• The following management frames are not protected under 802.11w:
  • Probe response frame
  • Association response frame

Assignment 8

• In GSM, the following are included in the secret(s) stored on the SIM card:
  • the IMSI.
  • a long-term key shared with the MSC/HLR.
• In UMTS, the SIM authenticates itself to the MSC/HLR using a response to a challenge.
• In UMTS, the key used for message integrity protection is a function of:
  • a random number generated by the MSC/ HLR.
  • the long-term key shared between the SIM and the MSC/ HLR.
• True statements about encryption/integrity protection in UMTS are:
  • KASUMI is used in OFB mode for encryption.
  • KASUMI is used in CBC mode for integrity protection.
• True statements about an LTE network and keys:
  • key KASME is not known to an eNodeB.
  • key KNASenc is not known to an eNodeB.
• In GSM, user identity confidentiality is provided by use of the TMSI.
• The MAC computed in UMTS is used to authenticate the MSC/HLR to the SIM card.
• The random number generated by the MSC is conveyed to the SIM card during the authentication procedure in UMTS.
• Security features in 5G include Home Control and SEAF.
• When KeNB is changed, the following keys also need to be changed: KuPenc, and KRRCInt

Assignment 9

• A packet filter cannot be configured to defend against DDoS attacks and worm attacks.
• A web proxy (HTTP gateway) performs webpage caching, authentication, and malware signature detection.
• Task(s) performed by firewalls:
  • access control.
• Types of firewalls include:
  • Application gateways
  • Traditional packet filters
  • Stateful packet filters
• ICMP packets include:
  • Ping packet
  • Redirect packet
• For the traceroute program, it is implemented using ICMP messages, and it can be used to map the internal configuration of an organization's network.
• Cookies and intrusion detection systems can be used to defend against SYN flood attacks.
• DNS uses port 53.
• Filtering decisions of a traditional packet filter are typically based on:
  • IP destination address
  • ICMP message type
  • TCP flag bits
• Organizations can have application gateways for FTP and HTTP.

Assignment 10

• Distributed route filtering and egress filtering are preventive measures against a DDoS attack.
• Filtering decisions based on application payload are made by anomaly-based IDS and signature-based IDS.
• The probability of false positives in Algorithm 3 for SYN flood detection can be reduced by increasing the threshold.
• True statements include network-based IDS and host-based IDS:
  • A network-based IDS would be preferable to a host-based IDS for detecting network scanning.
  • A host-based IDS would be preferable to a network-based IDS for detecting attempts to break into a server.
• Examples of network scanning include port scanning, operating system detection, and host discovery.
• Statements that are true for a Demilitarized Zone (DMZ):
  • DMZ is a low-security region in an organization's network
  • Machines in DMZ can communicate with external users
• Relay numbers in Tor:
  • Three
  • Four
• The guard-relay knows the IP address of source Alice
• Intrusion Detection System types:
  • Signature-based system
  • Anomaly-based system
• Host based IDS run as an application, where network-based IDS runs as a standalone

Assignment 11

• Suppose the value of the nBits field in Bitcoin block headers at a given time is 0x181BC330, The average number of trials required until a miner succeeds in mining a valid block: 1.7 x 10^20
• Maximum isze of a block in the Bitcoin blockchain:
  • 4 MB.
• Receieveds by node to new block to the Bitcoin blockchain includes:
  • Block subsidy
  • Transaction fees
• The smallest indivisible unit of the Bitcoin is a satoshi
• Fields in the block header of a block in the Bitcoin blockchain include:
  • nTime
  • hashPrevBlock
  • nNonce
• The hashMerkleRoot is used for tamper resistance, enables efficient membership proofs of transactions within a block, and is a 32-byte value.
• Types of nodes in the Bitcoin network include full nodes and SPV nodes.
• A block must contain a single coinbase transaction; a block can contain multiple regular transactions.
• An input of a regular transaction has:
  • A response script
  • The transaction identifier of a previous transaction
• A 51% attacker can launch double-spending attacks, delete transactions from old blocks, and decide which transactions get recorded on the blockchain.

Assignment 12

• SCloud service models include:
  • SaaS
  • IaaS
  • PaaS
• True statements for a private cloud: - It is possible to connect to a private cloud from outside the premises of the enterprise it serves.
  • A private cloud may be situated within or outside the premises of the enterprise it serves.
• Cloud Auditor, Cloud Broker, and Cloud Carrier are actors in the cloud computing reference architecture.
• True statements for the Fully Homomorphic Encryption Scheme includes:
  • The private key is a large odd integer.
  • The scheme encrypts each bit of the plaintext separately.
• Short-range wireless access technologies include IEEE 802.15.4 and Wi-Fi.
• Examples of fog nodes:
  • Industrial controller
  • Router
  • IoT gateway
• SEA is considered a lightweight block cipher
• Short keys in cryptographic algorithms result in low cost and low performance
• Shor's algorithm perform:
  • It can efficiently factor products of large prime numbers
  • It can efficiently calculate discrete logarithms
• Families of post-quantum cryptographic algorithms include:
  • Multivariate cryptography
  • Lattice-based cryptography
  • Code-based cryptography