Computer Networks – CS132/EECS148 – Spring 2013

Instructor: Karim El Defrawy

Assignment 5

Deadline : May 30th – 9:30pm (hard and soft copies required)

————————————————————————–

Problem 1 (Chapter 6 , problem 10 – 6 points) – Consider the following idealized LTE

scenario: The downstream channel (see figure 6.20) is slotted in time, across F frequencies.

There are four nodes A,B,C and D, reachable from a base station at rates of 10 Mbps, 5 Mbps,

2.5 Mbps and 1 Mbps , respectively, on the downstream channel. These rates assume that the

base station utilizes all time slots available on all F frequencies to send to just one station. The

base station has an infinite amount of data to send to each of the nodes, and can send to any

one of these four nodes using any of the F frequencies during any timeslot in the downstream

sub-frame.

a. What is the maximum rate at which the base station can send to the nodes, assuming it can

send to any node it chooses during each timeslot? Is your solution fair? Explain and define what

you mean by “fair.”

b. If there is a fairness requirement that each node must receive an equal amount of data during

each one second interval, what is the average transmission rate by the base station (to all

nodes) during the downstream sub-frame? Explain how you arrived at your answer.

c. Suppose that the fairness criterion is that any node can receive at most twice as much data

as any other node during the sub-frame. What is the average transmission rate by the base

station (to all nodes) during the sub-frame? Explain how you arrived at your answer.

a. 10 Mbps if it only transmits to node A. This solution is not fair since only A is getting

served. By “fair” it means that each of the four nodes should be allotted equal number of

slots.

a. For the fairness requirement such that each node receives an equal amount of data during

each downstream sub-frame, let n1, n2, n3, and n4 respectively represent the number of

slots that A, B, C and D get.

Now,

data transmitted to A in 1 slot = 10t Mbits

(assuming the duration of each slot to be t)

Hence,

Total amount of data transmitted to A (in n1 slots) = 10t n1

Similarly total amounts of data transmitted to B, C, and D equal to 5t n2, 2.5t n3, and t n4

respectively.

Now, to fulfill the given fairness requirement, we have the following condition:

10t n1 = 5t n2 = 2.5t n3 = t n4

Hence,

n2 = 2 n1

n3 = 4 n1

n4 = 10 n1

Now, the total number of slots is N. Hence,

n1+ n2+ n3+ n4 = N

i.e. n1+ 2 n1 + 4 n1 + 10 n1 = N

i.e. n1 = N/17

Hence,

n2 = 2N/17

n3 = 4N/17

n4 = 10N/17

The average transmission rate is given by:

(10t n1+5t n2+ 2.5t n3+t n4)/tN

= (10N/17 + 5 * 2N/17 + 2.5 * 4N/17 + 1 * 10N/17)/N

= 40/17 = 2.35 Mbps

a. Let node A receives twice as much data as nodes B, C, and D during the sub-frame.

Hence,

10tn1 = 2 * 5tn2 = 2 * 2.5tn3 = 2 * tn4

i.e. n2 = n1

n3 = 2n1

n4 = 5n1

Again,

n1 + n2 + n3 + n4 = N

i.e. n 1+ n1 + 2n1 + 5n1 = N

i.e. n1 = N/9

Now, average transmission rate is given by:

(10t n1+5t n2+ 2.5t n3+t n4)/tN

= 25/9 = 2.78 Mbps

Similarly, considering nodes B, C, or D receive twice as much data as any other nodes, different

values for the average transmission rate can be calculated.

Problem 2 (Chapter 6 , problem 13 – 3 points) – In mobile IP, what effect will mobility have on

end-to-end delays of datagrams between the source and destination.

Because datagrams must be first forward to the home agent, and from there to the mobile, the

delays will generally be longer than via direct routing. Note that it is possible, however, that the

direct delay from the correspondent to the mobile (i.e., if the datagram is not routed through the

home agent) could actually be smaller than the sum of the delay from the correspondent to the

home agent and from there to the mobile. It would depend on the delays on these various path

segments. Note that indirect routing also adds a home agent processing (e.g., encapsulation)

delay.

Problem 3 (Chapter 6 , problem 15 – 3 points) – Consider two mobile nodes in a foreign

network having a foreign agent. Is it possible for two mobile nodes to use the same care-of in

mobile IP? Explain your answer.

Two mobiles could certainly have the same care-of-address in the same visited network. Indeed,

if the care-of-address is the address of the foreign agent, then this address would be the same.

Once the foreign agent decapsulates the tunneled datagram and determines the address of the

mobile, then separate addresses would need to be used to send the datagrams separately to their

different destinations (mobiles) within the visited network.

Problem 4 (Chapter 8 , problem 4 – 6 points) – Consider the block cipher in Figure 8.5.

Suppose that each block cipher Ti simply reverses the order of the 8 input bits (so that, for

example, 11110000 becomes 00001111). Further suppose that the 64 bit scrambler does not

modify any bits (so that the output value of the mth bit is equal to the input value of the mth bit).

(a) With n = 3 and the original 64 bit input equal to 10100000 repeated 8 times, what is the

value of the output? (b) Repeat part a but now change the last bit of the original 64 bit input from

a 0 to a 1. (c) Repeat parts a and b but now suppose that the 64 bit scrambler inverses the

order of the 64 bits.

a. The output is equal to 00000101 repeated eight times.

b. The output is equal to 00000101 repeated seven times + 10000101.

c. We have (ARBRCR)R = CBA, where A, B, C are strings, and R means inverse

operation. Thus:

1. For (a), the output is 10100000 repeated eight times;

2. For (b), the output is 10100001 + 10100000 repeated seven times.

Problem 5 (Chapter 8 , problem 8 – 6 points) – Consider RSA with p=5 and q=11.

a. What are n and z?

b. Let e be 3. Why is this an acceptable choice for e?

c. Find d such that de=1 (mod z) and d < 160.

d. Encrypt the message m=8 using the key (n,e). Let c denote the corresponding ciphertext.

Show all work. Hint: To simplify the calculations use the fact :

[(a mod n) . (b mod n)] mod n = (a . b) mod n

p = 5, q = 11

a. n = p*q = 55, z = (p-1)(q-1) = 40

b. e = 3 is less than n and has no common factors with z.

c. d = 27

d. m = 8, me = 512, Ciphertext c= me mod n = 17

Problem 6 (Chapter 8 , problem 9 – 6 points) – In this problem we explore the Diffie-Hellman

(DH) public-key encryption algorithm, which allows two entities to agree on a shared key. The

DH algorithm makes use of a large prime number p and another large number g less than p.

Both p and g are made public (so that an attacker would know them). In DH, Alice and Bob each

independently choose secret keys, SA and SB respectively. Alice then computes her public key,

TA, by raising g to SA and then taking mod p. Bob similarly computes his own public key TB by

raising g to SB and then taking mod p. Alice and Bob then exchange their public keys over the

internet. Alice then calculates the shared secret key S by raising TB to SA and then taking mod

p. Similarly Bob calculates shared key S’ by raising TA to SB and then taking mod p.

a. Prove that, in general, Alice and Bob obtain the same symmetric key, that is, prove S = S’.

b. With p=11 and g=2, suppose Alice and Bob choose private keys SA=5 and SB = 12,

respectively. Calculate Alice’s and Bob’s public keys, TA and TB. Show all work.

c. Following up on part b, now calculate S as the shared symmetric key. Show all work.

d. Provide a timing diagram that shows how DH can be attacked by a man-in-the-middle. The

timing diagram should have three vertical lines, one for Alice, one for Bob, one for the attacker

Trudy.

Alice secrect key: public key: shared key: |
Bob | SA TA = (g^SA) mod p S = (TB^SA) mod p |
SB TB = (g^SB) mod p S’ = (TA^SB ) mod p |

AssignmentTutorOnline

a. S = (TB^SA ) mod p = ((g^SB mod p)^SA ) mod p = (g^(SBSA )) mod p

= ((g^SA mod p)^SB ) mod p = (TA^SB ) mod p = S’

(b and c) p = 11, g = 2

Alice SA= 5 TA = (g^SA) mod p = 10 S = (TB^SA) mod p = 1 |
Bob SB = 12 TB = (g^SB) mod p = 4 S’ = (TA^SB ) mod p = 1 |
secrect key: public key: shared key: |

d)

TA

TT

) T

T

TB

Alice

Trudy

Bob

The Diffie-Hellman public key encryption algorithm is possible to be attacked by man-in-themiddle.

1. In this attack, Trudy receives Alice’s public value (TA) and sends her own public value

(TT) to Bob.

2. When Bob transmits his public value (TB), Trudy sends her public key to Alice (TT).

3. Trudy and Alice thus agree on one shared key (SAT) and Trudy and Bob agree on another

shared key (SBT).

After this exchange, Trudy simply decrypts any messages sent out by Alice or Bob by the public

keys SAT and SBT.

Problem 7 (Chapter 8 , problem 15 – 6 points) – Consider our authentication protocol in Figure

8.18, in which Alice authenticate herself to Bob, which we saw works well (i.e. we found no

flaws in it). Now suppose that while Alice is authenticating herself to Bob, Bob must authenticate

himself to Alice. Give a scenario by which Trudy, pretending to be Alice, can now authenticate

herself to Bob as Alice. (Hint: consider that the sequence of operations of the protocol, one with

Trudy initiating and one with Bob initiating, can be arbitrarily interleaved. Pay particular attention

to the fact that both Bob and Alice will use a nonce, and that if care is not taken, the same

nonce can be used maliciously)

Bob does not know if he is talking to Trudy or Alice initially. Bob and Alice share a secret key

KA-B that is unknown to Trudy. Trudy wants Bob to authenticate her (Trudy) as Alice. Trudy is

going to have Bob authenticate himself, and waits for Bob to start:

1. Bob-to-Trudy: “I am Bob” Commentary: Bob starts to authenticate himself. Bob’s

authentication of himself to the other side then stops for a few steps.

2. Trudy-to-Bob: “I am Alice” Commentary: Trudy starts to authenticate herself as Alice

3. Bob-to-Trudy: “R” Commentary: Bob responds to step 2 by sending a nonce in reply.

Trudy does not yet know KA-B(R) so she can not yet reply.

4. Trudy-to-Bob: “R” Commentary: Trudy responds to step 1 now continuing Bob’s

authentication, picking as the nonce for Bob to encrypt, the exact same value that Bob

sent her to encrypt in Step 3.

5. Bob-to-Trudy: “KA-B(R)” Bob completes his own authentication of himself to the other

side by encrypting the nonce he was sent in step 4. Trudy now has KA-B(R). (Note: she

does not have, nor need, KA-B

Trudy-to-Bob: “KA-B(R)” Trudy completes her authentication, responding to the R that Bob

sent in step 3 above with KA-B(R). Since Trudy has returned the properly encrypted nonce that

Bob send in step 3, Bob thinks Trudy is Alice!

Problem 8 (Chapter 8 , problem 21 – 4 points) – Suppose Alice and Bob are communicating

over an SSL session. Suppose an attacker, who does not have any of the shared keys, inserts a

bogus TCP segment into a packet stream with correct TCP checksum and sequence numbers

(and correct IP addresses and port numbers). Will SSL at the receiving side accept the bogus

packet and pass the payload to the receiving application? Why or why not?

No, the bogus packet will fail the integrity check (which uses a shared MAC key).

Problem 9 (Chapter 8 , problem 22 – 8 points) – The following True/False questions pertain to

Figure 8.28 of your book.

a. When a host in 172.16.1/24 sends a datagram to an Amazom.com server, the router R1 will

encrypt the datagram using IPsec.

b. When a host in 172.16.1/24 sends a datagram to a host in 172.16.2/24, the router R1 will

change the source and destination address of the IP datagram.

c. Suppose a host in 172.16.1/24 initiates a TCP connection to a Web server in 172.16.2/24. As

part of this connection, all datagrams sent by R1 will have protocol number 50 in the left-most

IPv4 header field.

d. Consider sending a TCP segment from a host in 172.16.1/24 to a host in 172.16.2/24.

Suppose the ACK for this segment gets lost, so that TCP resends the segment. Because IPsec

uses sequence numbers, R1 will not resend the TCP segment.

a) F

b) T

c) T

d) F

Problem 10 (Chapter 8 , problem 24 – 8 points) – Consider the following pseudo-WEP

protocol. The key is 4 bits and the IV is 2 bits. The IV is appended to the end of the key when

generating the keystream. Suppose that the shared secret key is 1010. The keystreams for the

four possible inputs are as follows:

101000: 0010101101010101001011010100100 …

101001: 1010011011001010110100100101101 …

101010: 0001101000111100010100101001111 …

101011: 1111101010000000101010100010111 …

Suppose all messages are 8 bits long. Suppose ICV (integrity check) is 4 bits long, and is

calculated by XORing the first 4 bits of the data with the last 4 bits of the data. Suppose the

pseudo-WEP packet consists of three fields: first the IV field, then the message field and last the

ICV field, with some of these fields encrypted.

a. We want to send a message m=10100000 using the IV = 11 and using WEP. What will be the

values in the three WEB fields ?

b. Show that when the receiver decrypts the WEP packet, it recovers the message and the ICV.

c. Suppose Trudy intercepts a WEP packet (not necessarily with IV = 11) and wants to modify it

before forwarding to the receiver. Suppose Trudy flips the first ICV bit. Assuming that Trudy

does not know the keystreams for any of the IVs, what other bit(s) must Trudy also flip so that

the received packet passes the ICV check?

d. Justify your answer by modifying the bits in the WEP packet in part (a), decrypting the

resulting packet, and verifying the integrity check.

a. Since IV = 11, the key stream is 111110100000 ……….

Given, m = 10100000

Hence, ICV = 1010 XOR 0000 = 1010

The three fields will be:

IV: 11

Encrypted message: 10100000 XOR 11111010 = 01011010

Encrypted ICV: 1010 XOR 0000 = 1010

a. The receiver extracts the IV (11) and generates the key stream 111110100000 ……….

XORs the encrypted message with the key stream to recover the original message:

01011010 XOR 11111010 = 10100000

XORs the encrypted ICV with the keystream to recover the original ICV:

1010 XOR 0000 = 1010

The receiver then XORs the first 4 bits of recovered message with its last 4 bits:

1010 XOR 0000 = 1010 (which equals the recovered ICV)

a. Since the ICV is calculated as the XOR of first 4 bits of message with last 4 bits of

message, either the 1st bit or the 5th bit of the message has to be flipped for the received

packet to pass the ICV check.

a. For part (a), the encrypted message was 01011010

Flipping the 1st bit gives, 11011010

Trudy XORs this message with the keystream:

11011010 XOR 11111010 = 00100000

If Trudy flipped the first bit of the encrypted ICV, the ICV value received by the receiver is

0010

The receiver XORs this value with the keystream to get the ICV:

0010 XOR 0000 = 0010

The receiver now calculates the ICV from the recovered message:

0010 XOR 0000 = 0010 (which equals the recovered ICV and so the received packet passes the

ICV check)

Problem 11 (Chapter 8 , problem 25 – 4 points) – Provide a filter table and a connection table

for a stateful firewall that is as restrictive as possible but accomplished the following:

a. Allows all internal users to establish Telnet sessions with external hosts.

b. Allows external users to surf the company Web site at 222.22.0.12.

c. But otherwise blocks all inbound and outbound traffic.

The internal network is 222.22/16. In your solution, suppose that the connection table is

currently caching three connections, all from inside to outside. You’ll need to invent appropriate

IP addresses and port numbers.

Filter Table:

Actio n |
Sour ce Addr ess |
Dest addr ess |
Prot ocol |
Sour ce port |
Dest port |
Flag bit |
Chec k conn ectio n |

allow | 222.2 2/16 |
outsi de of 222.2 2/16 |
TCP | > 1023 |
23 | any | |

allow | outsi de of 222.2 2/16 |
222.2 2/16 |
TCP | 23 | > 1023 | ACK | x |

Allo w |
outsi de of 222.2 2/16 |
222.2 2.0.1 2 |
TCP | >102 3 |
80 | Any | |

Allo w |
222.2 2.0.1 2 |
outsi de of 222.2 2/16 |
TCP | 80 | >102 3 |
Any | |

deny | All | all | all | all | all | All |

Connection Table:

Source address |
Dest address |
Source port |
Dest port |

222.22.1.7 | 37.96.87.1 23 |
12699 | 23 |

222.22.93. 2 |
199.1.205. 23 |
37654 | 23 |

222.22.65. 143 |
203.77.240 .43 |
48712 | 23 |

- Assignment status: Already Solved By Our Experts
*(USA, AUS, UK & CA PhD. Writers)***CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS**

**NO PLAGIARISM**– CUSTOM PAPER