IEEE 802.

11: multiple access

— Like Ethernet, uses CSMA:
— random access
— carrier sense: don’t collide with ongoing transmission
— Unlike Ethernet:
— no collision detection – transmit all frames to completion
— with acknowledgment – because without collision detection, you
don’t know if your transmission collided or not
— Why no collision detection?
— difficult to receive (sense collisions) when transmitting due to weak
received signals (fading)
— can’t sense all collisions in any case: hidden terminal
— Goal: avoid collisions -- CSMA/C(ollision)A(voidance)

397
 Hidden Terminal Problem

398
 Medium Access Control Logic
802.11 sender
1 For a new frame, if sense channel idle for DIFS then sender receiver
transmit entire frame (no CD)
DIFS
2 For a retransmitted frame or if sense channel busy then
-start random backoff time
-if sense channel idle for DIFS then data
-timer counts down while channel idle
-transmit when timer expires SIFS
if no ACK for transmission, increase random backoff interval,
ACK
repeat 2
802.11 receiver
if frame received OK
return ACK after SIFS (ACK needed due to hidden terminal problem)
399
 Interframe Space (IFS)

— Short IFS (SIFS)

— Shortest IFS (used for ACK, CTS, poll response)
— Used for immediate response actions
— Point coordination function IFS (PIFS)
— Midlength IFS
— Used by centralized controller in PCF scheme when using polls
— Distributed coordination function IFS (DIFS)
— Longest IFS (data, RTS)
—Used as minimum delay of asynchronous frames contending for access
— Extended Interframe space (EIFS)
— Used when received frame containing errors

400 SIFS < PIFS < DIFS < EIFS

 More on Medium Access Control Logic
— Contention window (in slots)
— Each station maintains a
contention window (CW) set
to CWmin initially
— Upon collision, CW’ =
(CW+1)*2 –1 (exponentially
backoff) till it reaches CWmax.
— CW is reset to CWmin upon
successful delivery

401
 Example
— A pair of nodes A and B are sending packets to node C
— back-off intervals: Node A: 2, 3 and B are 2, 4
— Both nodes count down at t0.
— Size of the backoff-window in slot before send data?
— Which node sends data?
A

402
t0
 Example
— A pair of nodes A and B are sending packets to node C
— back-off intervals: Node A: 2, 3 and B are 2, 4
— Size of the Interframe Space, will C sends ACK?

A 2 Data

B 2 Data

403
t0
 Example
— A pair of nodes A and B are sending packets to node C
— back-off intervals: Node A: 2, 4 and B are 2, 3
— Size of the Interframe Space before A, B countdown?
— Size of the backoff-window in slot before send data?

A 2 Data
S
I
C F
S

B 2 Data

404
t0
 Example
— A pair of nodes A and B are sending packets to node C
— back-off intervals: Node A: 2, 4 and B are 2, 3
— Size of the Interframe Space before A countdown?
— Size of the backoff-window in slot before sends data?

A 2 Data 3
S D S
I I I A
C F F F
C
K
S S S

B 2 Data 3 Data

405
t0
 Example
— A pair of nodes A and B are sending packets to node C
— back-off intervals: Node A: 2, 4 and B are 2, 3
— Size of the Interframe Space before A, countdown?
— Size of the backoff-window in slot before sends data?

A 2 Data 3 1 Data
S D S D
I I I A I
C F F F
C
K
F
S S S S

B 2 Data 3 Data

406
t0
 Summary
— WLAN
— DS, BSS, IBSS, ESS
— CSMA/CA
— Physical and virtual carrier sensing
— Defer transmission after a busy period
— Exponential backoff
— IEEE 802.11 frame format

410
 Synthesis: a day in the life of a web request
— journey down protocol stack complete!
— application, transport, network, link
— putting-it-all-together: synthesis!
— goal: identify, review, understand protocols (at all layers)
involved in seemingly simple scenario: requesting www page
— scenario: student attaches laptop to campus WiFi network,
requests/receives www.google.com

411
 A day in the life: scenario
browser DNS server
Comcast network
68.80.0.0/13

school network
68.80.2.0/24

web page

web server Google’s network

64.233.169.105 64.233.160.0/19

412
 A day in the life… connecting to the Internet
— If connected wirelessly, the
laptop needs to be first
associated with an AP on
campus
— Scan beacons from APs
— Association request/response
message
router
(runs DHCP)

413
 A day in the life… connecting to the Internet
DHCP DHCP — connecting laptop needs to get its
DHCP UDP own IP address, addr of first-hop
DHCP IP
router, addr of DNS server: use
DHCP Eth
Phy DHCP
DHCP v DHCP request encapsulated in
UDP, encapsulated in IP,
encapsulated in 802.3 Ethernet
DHCP DHCP
DHCP UDP v (AP converts 802.11 frame to
DHCP IP 802.3 frame)
DHCP Eth router
Phy (runs DHCP) v Ethernet frame broadcast (dest:
FFFFFFFFFFFF) on LAN,
received at router running
DHCP server
v (Switch broadcast the frame to all
LAN segments)
v Ethernet demuxed to IP
demuxed, UDP demuxed to
414
DHCP
 A day in the life… connecting to the Internet
DHCP DHCP — DHCP server formulates DHCP
DHCP UDP ACK containing client’s IP
DHCP IP address, IP address of first-hop
DHCP Eth router for client, name & IP
Phy address of DNS server

v encapsulation at DHCP server,

DHCP DHCP frame forwarded (switch
DHCP UDP learning) through LAN,
DHCP IP demultiplexing at client
DHCP Eth router
Phy (runs DHCP)
DHCP v DHCP client receives DHCP
ACK reply

Client now has IP address, knows name & addr of DNS

server, IP address of its first-hop router
415
A day in the life… ARP (before DNS, before HTTP)
DNS DNS — before sending HTTP request, need IP
DNS UDP address of www.google.com: DNS
DNS
ARP
IP
ARP query Eth
Phy v DNS query created, encapsulated in
UDP, encapsulated in IP, encapsulated in
Eth. To send frame to router, need
ARP
MAC address of router interface: ARP
ARP reply Eth
Phy
router v ARP query broadcast, received by
(runs DHCP) router, which replies with ARP reply
giving MAC address of router
interface
v client now knows MAC address of
first hop router, so can now send
frame containing DNS query

416
 A day in the life… using DNS DNS
DNS
UDP DNS server
DNS IP
DNS DNS DNS Eth
DNS UDP DNS Phy
DNS IP
DNS Eth
Phy
DNS
Comcast network
68.80.0.0/13

router
v IP datagram forwarded from campus
(runs DHCP) network into congeco network,
v IP datagram containing DNS routed (tables created by RIP, OSPF,
query forwarded via LAN switch IS-IS and/or BGP routing protocols)
from client to 1st hop router to DNS server
v demux’ed to DNS server
v DNS server replies to client
with IP address of
417 www.google.com
 A day in the life…TCP connection carrying HTTP
HTTP
HTTP
SYNACK
SYN TCP
SYNACK
SYN IP
SYNACK
SYN Eth
Phy

v to send HTTP request, client

first opens TCP socket to web
server
router v TCP SYN segment (step 1 in 3-way
(runs DHCP)
SYNACK
SYN TCP
handshake) inter-domain routed to
SYNACK
SYN IP web server
SYNACK
SYN Eth
Phy v web server responds with TCP
SYNACK (step 2 in 3-way
web server handshake)
64.233.169.105 v TCP connection established!
418
 A day in the life… HTTP request/reply
HTTP
HTTP HTTP v web page finally (!!!) displayed
HTTP
HTTP TCP
HTTP
HTTP IP
HTTP
HTTP Eth
Phy

v HTTP request sent into TCP

socket
router v IP datagram containing HTTP
HTTP HTTP (runs DHCP) request routed to
HTTP TCP
HTTP IP
www.google.com
HTTP Eth v web server responds with HTTP
Phy reply (containing web page)

web server
v IP datagram containing HTTP reply
64.233.169.105
routed back to client
419
Network Security
 Network Security
— Understand principles of network security:
— cryptography and its many uses beyond “confidentiality”
— authentication
— message integrity
— key distribution
— Security in networks:
— security in application, transport, network, link layers

421
 What is network security?
— Confidentiality: only sender, intended receiver should
“understand” message contents
— sender encrypts message
— receiver decrypts message
— Others cannot understand the message
— The identities, timing or frequency should be secrets as well
— Authentication: sender, receiver want to confirm identity of each
other
— Message Integrity: sender, receiver want to ensure message not
altered (in transit, or afterwards) without detection
— Access and Availability: services must be accessible and available to
users
422
 Outline
— Attacks and counter measures
— Security primer
— Security in different layers

423
 Internet security threats
Mapping:
— before attacking: “case the joint” – find out what services are
implemented on network
— Use ping to determine what hosts have addresses on network
— Port-scanning: try to establish TCP connection to each port in
sequence (and see what happens)
— nmap (http://www.insecure.org/nmap/) mapper: “network
exploration and security auditing”

Countermeasures?

424
 Internet security threats
Mapping: countermeasures
— record traffic entering network
— look for suspicious activity (IP addresses, ports being scanned
sequentially)

425
 Internet security threats
Packet sniffing:
— broadcast media
— promiscuous NIC reads all packets passing by
— can read all unencrypted data (e.g. passwords)
— e.g.: C sniffs B’s packets

A C

src:B dest:A payload

B

Countermeasures?
426
 Internet security threats
IP Spoofing:
— can generate “raw” IP packets directly from application, putting
any value into IP source address field
— receiver can’t tell if source is spoofed
— e.g.: C pretends to be B

A C

src:B dest:A payload

B
Countermeasures?
427
 Internet security threats
IP Spoofing: ingress filtering
— routers should not forward outgoing packets with invalid source
addresses (e.g., datagram source address not in router’s
network)
— great, but ingress filtering can not be mandated for all networks

A C

src:B dest:A payload

B
×
428
 Denial of Service (DOS)
— Huge problem in current Internet
— General form
— Prevent legitimate users from
gaining service by overloading or
crashing a server

Total number of DDoS attacks

429
 DOS: Sync Attack
A C

SYN
SYN
SYN SYN SYN
B
SYN
Countermeasures?
SYN

— Buggy implementations allow unfinished connections to eat all

memory, leading to crash
— Better implementations limit the number of unfinished
connections
— Once limit reached, new SYNs are dropped
430
 Denial of service (DOS): countermeasures
— filter out flooded packets (e.g., SYN) before reaching host:
throw out good with bad
— traceback to source of floods (most likely an innocent,
compromised machine)

A C

SYN
SYN
SYN SYN SYN
B
SYN
431 SYN