IST 220 - Exam 3 Review

ZigBee

- 802.15.4 (low powered bluetooth)

Common characteristics of different 802.11 standards

- All use the same medium access protocol (CSMA/CA) - All use the same frame structure for their link-layer frames - Have the ability to reduce their transmission rate in order to reach out over greater distances - All backwards compatible, meaning that a mobile capable of 802.11f may still interact with with a newer 802.11ac base station

Classes of medium access protocols

- Channel partitioning - Random access - Taking turns

Wireless/Wired Differences

- Decreasing signal strength - Interference from other sources - Multipath propagation

Single-hop, infrastructure-based

- Have a base station connected to a larger wired network - All communication is between this base station and a wireless host over a single wireless hop - Ex. 802.11 networks and 4G LTE data networks - Vast majority of our daily interactions are with this type of wireless network

Multi-hop, infrastructure-based

- Have a base station connected to a larger wired network - Some wireless nodes may have to relay their communication through other wireless nodes in order to communicate via the case station - Ex. some wireless sensor networks and "wireless mesh networks"

Disadvantages of increasing transmission power

- Having to expend more energy - Increase in interference with the transmissions of another signal

Multi-hop, infrastructure-less

- No base station connected to a wired network - Nodes may have to relay messages among several other nodes in order to reach a destination - Nodes may be mobile, with connectivity changing among nodes - a class of networks known as mobile ad hoc networks (MANETs) - Network is a vehicular ad hoc network (VANETs) if the mobile nodes are vehicles - Development of protocols for such networks is challenging and is the subject of much ongoing research

Single-hop, infrastructure-less

- No base station connected to a wireless network - One of the nodes may coordinate the transmissions of other nodes - Ex. bluetooth and 802.11 networks in ad hoc mode

Multipath Propagation

- Occurs when portions of the electromagnetic wave reflect off objects and the ground, taking paths of different lengths between a sender and receiver - Could result in the received signal at the receiver to be blurred - Moving objects between the sender and receiver can cause multipath propagation to change over time

Major differences of different 802.11 standards at the physical layer

- Operate in 2 frequency ranges: 2.4 - 2.485 GHz and 5.1 - 5.8 GHz - Most recent standards are 802.11n (2.4 GHz) and 802.11ac (5 GHz) - Some base stations use multiple input multiple-output (MIMO) antennas; 2 or more antennas on the sending side and 2 or more on the receiving side that are transmitting/receiving different signals

Types of Firewalls

- Stateless packet filters (traditional) - Stateful packet filters - Application gateways

Carrier Sense Multiple Access w/ Collision Avoidance (CDMA/CA)

- WiFi's collision detection system - Each station senses the channel before transmitting, and refrains from transmitting if the channel is found busy

Wireless/Wired Equivalents

- Wireless 802.11 ~ wired ethernet - Wireless interface ~ ethernet interface - Access point ~ ethernet switch - Changes only occur as the link layer during a switch from ethernet to wireless or vice versa

Base Station

- a key part of the wireless network infrastructure - responsible for coordinating the transmission of multiple wireless hosts which it is associated with

Ad Hoc Network

- a network with no central control and with no connections to the "outside world" - formed when people with laptops get together and want to exchange data in the absence of a centralized AP

Secure Hash Algorithm (SHA-1)

- a secure hash algorithm that creates 160-bit hash values - used in DSS

Code Division Multiple Access (CDMA)

- a shared-medium access protocol that is often used in wireless networks - belongs to a family of channel partitioning protocols - prevalent in wireless LAN and cellular technologies

MD5 Hash

- a widely used hash algorithm that produces 128-bit hash values - has vulnerabilities - used to verify data for integrity

IPsec Services

- data integrity - origin authentication - replay attack prevention confidentiality

Source Description Packets

- e-mail address of sender, sender's name, SSRC of associated RTP stream - provide mapping between the SSRC and the user/host name

SIP Services

- provides mechanisms for call setup - determines current IP address of callee - call management

RTCP Packet Types

- receiver report packets - sender report packets - source description packets

Basic Service Set (BSS)

- the fundamental building block of the 802.11 architecture - contains one or more wireless stations and a central base station, known as an *access point (AP)*

Service Set Identifier (SSID)

- the unique name of a wireless network that differentiates it from other wireless networks that are also in range of a wireless client - generated by the network administrator when it installs an AP that's assigned to the access point

Security Association Database (SAD)

- where an IPsec entity stores the state information for all its SAs - a data structure in the entity's OS kernal - where the endpoint holds SA state

WEP Authenication

1. Authentication request --> 2. Nonce (128-bytes) <-- 3. Nonce encrypted shared keys --> 4. Success if decrypted value equals nonce <--

3 Goals of Network Security

1. Confidentiality 2. Integrity 3. Availability

802.11i Phases of Operation

1. Discovery of security capabilities 2. STA and AS mutually authenticate, together generate Master Key (MK) 3. STA derives Pairwise Master Key (PMK); AS derives same PMK, sends to AP 4. STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity

SSL

1. Handshake - sender and receiver use their certificates, private keys to authenticate each other and exchange shared secret 2. Key Derivation - Sender and receiver use shared secret to derive set of keys 3. Data Transfer - Data to be transferred is broken up into records 4. Connection Closure - Special messages to securely close connection (vulnerable to the possibility of attackers replaying messages)

Skype Client Operation

1. Joins Skype network by contacting SN using TCP 2. Logs-in to centralized Skype login server 3. Obtains IP address for callee from SN, SN overlay 4. Initiate call directly to callee

Firewall Goals

1. Prevent denial of service attacks 2. Prevent illegal modification/access of internal data 3. Allow only authorized access to inside network

Three classifications for streaming video systems

1. UDP Streaming 2. HTTP Streaming 3. Adaptive Streaming

802.11n

2.4-5 GHz/5 GHz; up to 200 (or 450) Mbps

802.11b

2.4-5 GHz; up to 11 Mbps

802.11g

2.4-5 GHz; up to 54 Mbps

Assured Forwarding (AF)

4 classes of traffic

Audio via CD

44100 samples per second

802.11ac

5 GHz; up to 1300 Mbps

802.11a

5-6 GHz; up to 54 Mbps

Audio via telephone

8000 samples per second

overlapping channels

802.11 LANs define 11 partially ____________ within the frequency range of 2.4 GHz to 2.4835 GHz

Bluetooth

802.15.1 ~ 2.4-2.5 GHz, up to 721 kbps

Emergency Services

911

Security Parameter Index (SPI)

A 32-bit identifier for the SA

Session Initiation Protocol (SIP)

A VoIP signaling protocol used to set up, maintain, and tear down VoIP phone calls.

H.323

A VoIP standard that handles the initiation, setup, and delivery of VoIP sessions.

Advanced Encryption Standard (AES)

A block cipher created in the late 1990s that uses a 128-bit block size and a 128-, 192-, or 256-bit key size; practically uncrackable

Integrity Check Value (ICV)

A checksum based on the contents of the text, used in WEP encryption.

Block Cipher

A cipher that manipulates an entire block of plaintext at one time

Cyclic Redundancy Check (CRC)

A code added to data which is used to detect errors occurring during transmission, storage, or retrieval

Digital Signature

A code digitally signed by a company or person; verifiable and non-forgeable

Real-time Transport Control Protocol (RTCP)

A companion to RTP, defined in RFC 3550 by the IETF, RTCP provides feedback on the quality of a call or video conference to its participants.

Security Policy Database (SPD)

A data structure that indicates what types of datagrams are to be IPsec processed

Stateful Packet Filtering

A firewall technology that creates and maintains a table in memory that lists all established connections between the organization's computers and the Internet

Application Gateway

A firewall technology that filters packets based on application data as well as on IP/TCP/UDP fields

Stateless Packet Filtering

A firewall technology that looks at the incoming packet and permits or denies it based strictly on the rule base.

Hash-based Message Authentication Code (HMAC)

A fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result; most popular standard for MACs today

Extensible Authentication Protocol (EAP)

A framework for transporting authentication protocols that defines the format of the messages. (Mobilr)

Authentication (Protocol)

A method for confirming users' identities

Pretty Good Privacy (PGP)

A method of encrypting and decrypting e-mail messages. It can also be used to encrypt a digital signature.

Substitution Cipher

A method of encryption and decryption in which each letter in the alphabet is replaced by another

Streaming

A method of sending audio and video files over the Internet in such a way that the user can view the file while it is being transferred; stored at server

Piconet

A network of Bluetooth devices

Transport Layer Security (TLS)

A protocol based on SSL 3.0 that provides authentication and encryption, used by most servers for secure exchanges over the Internet.

SSL Handshake

A protocol for the beginning of an interaction. 1. Bob establishes a TCP connection with Alice (TCP SYN, TCP/SYNACK, TCP ACK) 2. Bob verifies Alice is really Alice (SSL hello, certificate) 3. Bob sends Alice a master secret key, which will be used by both to generate all the symmetric keys they need for the SSL session (EMS = Kv(A)^(+) (Master Secret, or MS)

Internet Key Exchange (IKE)

A protocol used to set up an IPsec session.

Beacon Frames

A series of frames used in WiFi (802.11) to establish the presence of a wireless network device

IP Security Protocol (IPsec)

A set of open, non-proprietary standards that you can use to secure data as it travels across the network or the internet through data authentication and encryption.

Quality of Service (QoS)

A set of parameters that controls the level of quality provided to different types of network traffic

Request to Send (RTS)

A signal used in wireless networks indicating that a computer has data ready to send on the network

Message Authentication Code (MAC)

A small block of data that is generated using a secret key and then appended to the message

Secure Socket Layer (SSL)

A standard security technology for establishing and encrypting links between a web server and a browser, ensuring that all data passed between them remain private

Ciphertext

A string of text that has been converted to a secure form using encryption

Data Encryption Standard (DES)

A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks

Prefetching

A technique in which data blocks needed in the future are brought into the cache early by the use of special instructions that specify the address of the block.

Intrusion Prevention System (IPS)

A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity.

IP Spoofing

A type of spoofing whereby an intruder uses another site's IP address as if it were that other site

Frequency Hopping Spread Spectrum (FHSS)

A type of wireless technology that spreads its signal over rapidly changing frequencies

Vehicular Ad Hoc Networks (VANETs)

Ad hoc networks with vehicles

Mobile Ad Hoc Networks (MANETs)

Also known as wireless ad hoc network or ad hoc wireless network, is a continuously self-configuring, infrastructure-less network of mobile devices connected wirelessly.

Wired Equivalent Privacy (WEP)

An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure.

Cryptographic Hash Function

An algorithm that is run on a file, producing a value called a checksum

Real-Time Streaming Protocol (RTSP)

An application layer protocol that servers and the Internet use to deliver streaming audio and video data to a user's browser.

Man-in-the-middle (MITM) Attacks (or Session Hijacking)

An attack that is placed by an active attacker who listens to the communication between two communicators and changes the contents of this communication. While performing this attack, the attacker pretends to be one of the parties to the other party.

Rivest Shamir Adleman (RSA)

An improved public-key cryptography algorithm that enables secure digital signatures

WiFi Jungle

Any physical location where a wireless station receives a sufficiently strong signal from two or more APs

IPsec Protocols

Authentication Header (AH) Encapsulation Security Payload (ESP)

400 ms

Bi-directional voice/video needs to have a delay no more than _______ milliseconds.

MPEG-1

CD-ROM, 1.5 Mbps

Link and network

Challenges posed by networking wireless and mobile devices usually occur at what layers?

Virtual Private Network (VPN)

Companies can establish direct private network links among themselves or create private, secure Internet access, in effect a "private tunnel" within the Internet

Chosen-plaintext Attack (CPA)

Cryptanalysis attack where the attacker can choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts

Known-plaintext Attack (KPA)

Cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext and ciphertext

MPEG-2

DVD, 3-6 Mbps

Public Key Certification

Data that associates a public key with a specific owner, signed by a CA that attests to its correctness

Interconnection Devices

Devices such as routers, switches and hubs

Carrier Sense Multiple Access w/ Collision Detection (CSMA/CD)

Ethernet's collision detection system

802.11 frame

Four different addresses... 1. MAC address of wireless host or AP to receive this frame 2. MAC address of wireless host or AP transmitting this frame 3. MAC address of router interface to which AP is attached 4. Used only if in ad hoc mode

Receiver Report Packets

Fraction of packets lost, last sequence number, average inter-arrival jitter

Masters

Grants requests (from slaves)

wireless; wired

Hidden terminal problems make multiple access in a __________ network considerably more complex than in a _________ network

Infrastructure Mode

Hosts associated with a base station and all traditional services provided by network to which host is connected are referred to as operate in...

Delay Loss

IP datagram arrives too late for playout at receiver

Network Loss

IP datagram lost due to network congestion

Synchronization Source Identifier (SSRC)

Identifies the source of the RTP stream; each stream in RTP session has distinct SSRC (32 bits)

Distributed Inter-frame Space (DIFS)

If the sender senses the channel is idle it transmits after a short period of time

Per-hop Behavior (PHB)

In differentiated service, this is a class of descriptors of available service levels, or a way of describing protocols and priorities applied to a packet on traversing a router "hop."

Transmission Power

Increasing the _____________ increases SNR, which also decreases the probability that a frame is received in error

MPEG-4

Internet, < 1 Mbps

Firewall

Isolates organization's internal network from the Internet, allowing some packets to pass, blocking others

Cryptographic Keys

Kv(c) = encryption key for data sent from client to server Mv(c) = MAC key for data sent from client to server Kv(s) = encryption key for data sent from server to client Mv(s) = MAC key for data sent from client to server

Policing Mechanisms

Limits traffic as to not exceed declared parameters; three common-used criteria... 1. Average rate - how many packets can be sent per unit time 2. Peak rate 3. Burst Size - max number of packets sent consecutively

Plain Text/Clear Text

Message data before it is encrypted

Skype Network

P2P Components... 1. Clients 2. Super nodes 3. Overlay network 4. Login server

Hidden Terminal Problem

Physical obstructions in the environment may prevent two stations from hearing each other's transmissions, even though their transmissions are interfering with each other at a 3rd location resulting in undetectable collisions

Real-Time Transport Protocol (RTP)

Protocol that defines the type of packets used on the Internet to move voice or data from a server to clients. The vast majority of VoIP solutions available today use RTP.

Real-time Transport Protocol (RTP)

Protocol that defines the type of packets used on the Internet to move voice or data from a server to clients. The vast majority of VoIP solutions available today use RTP.

Personal Area Network (PAN)

Provide communication over a short distance that is intended for use with devices that are owned and operated by a single user

802.11 Advanced Capabilities

Rate adaptation and power management

Spatial Redundancy

Redundancies that occur within a single frame of video whenever the value of a pixel is repeated across a series of adjacent pixels.

Temporal Redundancy

Redundancy that reflects repetition from one image to the next

Timestamp Field

Reflects the sampling instant of the first byte in the RTP data packet (32 bits)

Slaves

Request permission to send (to masters)

Sender Report Packets

SSRC of RTP stream current time, number of packets sent, number of bytes sent

ap 5.0

Same as ap 4.0, but uses public key cryptography (vulnerable to MITM attacks)

CSMA/CA

Sender 1. If sense channel idle for DIFS, then... transmit entire frame (no CD) 2. If sense channel busy, then... start random backoff time timer counts down while channel idle transmit when timer expires ...if no ACK, increase random backoff interval (repeat 2) Receiver If frame received OK, then... return ACK after SIFS (ACK needed due to hidden terminal problem)

ap 4.0

Sender sends a message claiming to be someone; Receiver sends a none (once in a lifetime protocol); Sender encrypts key and sends it to the destination (used to make sure the sender is live and online); Receiver decrypts the message and if the nonce's equal each other then the sender is authenticated! (vulnerable to MITM attacks)

ap 3.0

Sending a message saying who you are including a secret password. The attacker can record the packet and play it back later.

ap 3.1

Sending a message saying who you are including an encrypted secret password. The attacker can record the packet and play it back later.

ap 2.0

Sending a message saying who you are, including the IP address. The IP can be spoofed and the message can be sent from someone else

ap 1.0

Sending a message saying who you are, someone can easily claim they are someone else

UDP; RTP

The ______ transport layer protocol and ______ application layer protocol are used for real-time multimedia.

Interactivity

The ability of the user to interact with an application (play, pause, rewind, etc.)

Message Integrity

The ability to be certain that the message being sent arrives at the proper destination without being copied or changed

Fading

The fading of a signal's strength due to undetectable collisions at the receiver as it propagates through the wireless medium

Clear to Send (CTS)

The hardware signal that is sent from a receiver to a transmitter to indicate that the transmitter can begin sending

BER

The higher the SNR, the lower the...

Internet access

The host must associate with at least one AP to gain _________

Network Infrastructure

The larger network with which a wireless host may wish to communicate

SNR

The lower the BER, the higher the...

Dynamic Adaptive Streaming over HTTP (DASH)

The multimedia protocol used to manage audio/video at different bit rates from a streaming media server (like YouTube) using TCP

Bit Error Rate (BER)

The probability that a transmitted bit is received in error at the receiver

Active Scanning

The process of broadcasting a probe request frame that will be received by all APS within the wireless device's range 1. Probe Request frame broadcast from H1 2. Probe Response frames sent from APs 3. Association Request frame sent: H1 to selected AP 4. Association Response frame sent from selected AP to H1

End-point Authentication

The process of one entity proving its identity to another entity over a network

Passive Scanning

The process of scanning channels and listening for beacon frames 1. Beacon frames sent from APs 2. Association Request frame sent: H1 to selected AP 3. Association Response frame sent from selected AP to H1

Chipping Rate

The rate at which the signal being multiplied by each bit in a CDMA protocol changes during the encoding process

Path Loss

The reduction in signal strength due to the increase in distance between the sender and the receiver

Short Inter-frame Spacing (SIFS)

The short period of time before the destination sends back an ACK

IEEE 802.11 wireless LAN (WiFi)

The standard class for wireless LANs

Security Association (SA)

This generates the encryption and authentication keys that are used by IPsec.

Authentication Header (AH)

This provides source authentication and data integrity, but does not provide confidentiality

Encapsulation Security Payload (ESP) Protocol

This provides source authentication, data integrity and confidentiality; more widely used than AH

Loss-tolerant

Transmissions that can tolerate occasional loss of data without compromising the user experience.

Delay-sensitive

Transmissions that will suffer significantly compromised user experiences if portions of the transmission are delayed, such as with voice and video transmissions.

Playback Attack

Trudy need only eavesdrop on Alice's communication, record the encrypted version of the password, and play back the encrypted version of the password to Bob to pretend that she is Alice.

Sequence Number Field

Used by the receiver to detect packet loss and to restore packet sequence (16 bits)

Encryption Key

Used to encrypt and decrypt data

Voice over IP (VoIP)

Uses IP technology to transmit telephone calls

HTTP Streaming

Uses TCP to stream audio and video

UDP Streaming

Uses the RTP protocol and RTSP servers

Public Key Encryption (PKE)

Uses two keys... 1. a public key everyone can have 2. a private key for only the recipient

Internet Telephony

Using the internet rather than the telephone network to exchange spoken conversations

Constant Bit Rate (CBR)

Video encoding at a fixed rate

Variable Bit Rate (VBR)

Video encoding rate changes as amount of spatial, temporal coding changes

Bit errors

What are more common in wireless links than in wired links? They require wireless link protocols to employ powerful CRC error detection codes and link-level reliable-data-transfer protocols that retransmit corrupted frames.

Client Buffering

When a client builds up a reserve of several seconds video that has buffered but not yet been played

Protocol

When hosts communicate over a shared medium, a _________ is needed so that the signals sent by multiple senders do not interfere at the receivers

Infrastructure Wireless LANs

Wireless LANs that deploy APs

Security Hole

a bug that permits unauthorized access

Intrusion Detection System (IDS)

a computer program that senses when another computer is attempting to scan or access a computer or network

Checksum

a data transmission control that uses a hash of a file to verify accuracy

Deep Packet Inspection

a process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers

Packet Filtering

a process that uses various fields in a packet's IP and TCP headers to decide what to do with the packet

WiFi Hotspot

a public location where users can find 802.11 wireless access

Signal-to-noise Ratio (SNR)

a relative measure of the strength of the received signal (or the information being transmitted) and this noise; measured in decibels (dB)

Demilitarized Zone (DMZ)

a separate network located outside the organization's internal information system that permits controlled access from the internet

Access Control List (ACL)

a set of IF-THEN rules used to determine what to do with arriving packets

Certification Authority (CA)

a trusted organization or company that validates identities and issues digital certificates used to create digital signatures and public-private key pairs

Session Key

a unique symmetric encryption key chosen for a single secure session

Conversational

affected by delay

5 GHz range

an unlicensed frequency band, where 802.11 LANs have a shorter transmission distance for a given power level and suffer more from multipath propagation

2.4 GHz range

an unlicensed frequency band, where 802.11 devices may compete for frequency spectrum with 2.4 GHz phones and microwave ovens

Value-added Services

call forwarding, screening, recording

Packet Scheduling

choose next queued packet to send on outgoing link

Client-side buffer and playout delay

compensate for delay jitter

Loss tolerance

depending on voice encoding, loss concealment, packet loss rates between 1% and 10% can be tolerated

Relays

devices that automatically turn switches in electric circuits on and off

Session Initialization

how does callee advertise IP address, port number, encoding algorithms

Network Dimensioning

how much bandwidth is "enough"

Token Bucket

limit input to specified burst size and average rate

Adaptive Playout Delay

low playout delay, low late loss rate

Estimated Network Traffic Demand

needed to determine how much bandwidth is "enough" (for that much traffic)

Delay Jitter

network-added delay

Continuous Playout Constraint

once client playout begins, playback must match original timing

Expedited Forwarding (EF)

packet departure rate of a class equals or exceeds specified rate

Statistical Analysis

performs such functions as information correlations, distributions, calculations, and variance analysis

Video Compression

reduces the size of video images while retaining the highest quality video with the minimum bit rate

End-to-end Delay

the accumulation of transmission, processing and queuing delays in routers; propagation delays in links; and end-systems processing delays

Certificate

the binding of the public key of the entity to the identity

Rate Adaptation

the capability to adaptively select the underlying physical-layer modulation technique to use based on current or recent channel characteristics

Power Management

the capability to minimize the amount of time that 802.11 nodes sense, transmit, and receive functions and other circuitry need to be "on"

Cipher-text Only Attack

the hacker gains copies of several messages encrypted in the same way (same algorithm). Statistical analysis can then be used to reveal eventually, repeating code, which can be used to decode messages later

If a host remains in the same subnet,...

the host's IP may remain the same; the switch will see the frame from the host and remember which port it came from therefore remembering which AP the host is associated with

Brute Force Attack

the password cracker tries every possible combination of characters

Handoff

the process of a mobile changing its point of attachment into the larger network when it moves beyond the range of one base station and into the range of another

symmetric-key cryptography (PSK)

the sender and receiver use the same key for encryption and decryption