Appendix

Appendix 1
 Appendix
 Networking basics
o Protocol stack, layers, etc.
 Math basics
o Modular arithmetic
o Permutations
o Probability
o Linear algebra

Appendix 2
 Networking Basics

There are three kinds of death in this world.

There's heart death, there's brain death, and there's being off the network .
 Guy Almes

Appendix 3
 Network
 Includes
o Computers
o Servers
o Routers
o Wireless devices
o Etc.
 Purpose is to
transmit data

Appendix 4
 Network Edge
 Network edge
includes…
 …Hosts
o Computers
o Laptops
o Servers
o Cell phones
o Etc., etc.

Appendix 5
 Network Core

 Network core
consists of
o Interconnected
mesh of routers
 Purpose is to
move data from
host to host

Appendix 6
 Packet Switched Network
 Telephone network is/was circuit switched
o For each call, a dedicated circuit established
o Dedicated bandwidth
 Modern data networks are packet switched
o Data is chopped up into discrete packets
o Packets are transmitted independently
o No dedicated circuit is established
o More efficient bandwidth usage
o But more complex than circuit switched

Appendix 7
 Network Protocols
 Study of networking focused on protocols
 Networking protocols precisely specify
“communication rules”
 Details are given in RFCs
o RFC is essentially an Internet standard
 Stateless protocols do not “remember”
 Stateful protocols do “remember”
 Many security problems related to state
o E.g., DoS is a problem with stateful protocols

Appendix 8
 Protocol Stack
 Application layer protocols user
o HTTP, FTP, SMTP, etc. application space
 Transport layer protocols transport
o TCP, UDP OS
 Network layer protocols network
o IP, routing protocols
link
 Link layer protocols NIC
card
o Ethernet, PPP physical
 Physical layer
Appendix 9
 Layering in Action
router
data application application data
transport transport
network network network
link link link
host physical physical physical
host
 At source, data goes “down” the protocol stack
 Each router processes packet “up” to network layer
o That’s where routing info lives
 Router then passes packet down the protocol stack
 Destination processes packet up to application layer
o That’s where the application data lives
Appendix 10
 Encapsulation data X

 X = application data at source application

 As X goes down protocol stack, each
transport
layer adds header information:
o Application layer: (H, X)
network
o Transport layer: (H, (H, X))
o Network layer: (H, (H, (H, X))) link
o Link layer: (H, (H, (H, (H, X))))
physical
 Header has info required by layer
 Note that app data is on the “inside” packet
(H,(H,(H,(H,X))))
Appendix 11
 Application Layer
 Applications
o For example, Web browsing, email, P2P, etc.
o Applications run on hosts
o Hosts want network details to be transparent
 Application layer protocols
o HTTP, SMTP, IMAP, Gnutella, etc., etc.
 Protocol is only one part of an application
o For example, HTTP only a part of web browsing

Appendix 12
 Client-Server Model
 Client
o “speaks first”
 Server
o responds to client’s request
 Hosts are clients or servers
 Example: Web browsing
o You are the client (request web page)
o Web server is the server

Appendix 13
 Peer-to-Peer Paradigm
 Hosts act as clients and servers
 For example, when sharing music
o You are client when requesting a file
o You are a server when someone
downloads a file from you
 In P2P, how does client find server?
o Many different P2P models for this

Appendix 14
 HTTP Example
HTTP request

HTTP response

 HTTP  HyperText Transfer Protocol

 Client (you) requests a web page
 Server responds to your request

Appendix 15
 cookie
Web Cookies
initial HTTP r
session e quest
HTTP
re sponse
, cooki
e
Cookie
c o okie database
que st ,
cookie HTTP re
r es p o nse
later HT T P
session

 HTTP is stateless  cookies used to add state

 Initially, cookie sent from server to browser
 Browser manages cookie, sends it to server
 Server uses cookie database to “remember” you
Appendix 16
 Web Cookies
 Web cookies used for…
o Shopping carts, recommendations, etc.
o A very, very weak form of authentication
 Privacy concerns
o Web site can learn a lot about you
o Multiple web sites could learn even more

Appendix 17
 SMTP
 SMTP to deliver email from sender to
recipient’s mail server
 Then POP3, IMAP or HTTP (Web mail) used
to get messages from server
 As with many application protocols, SMTP
commands are human readable

Sender Recipient
SMTP SMTP
POP3

Appendix 18
 Spoofed email with SMTP
User types the red lines:
> telnet eniac.cs.sjsu.edu 25
220 eniac.sjsu.edu
HELO ca.gov
250 Hello ca.gov, pleased to meet you
MAIL FROM: <[email protected]>
250 [email protected]... Sender ok
RCPT TO: <[email protected]>
250 [email protected] ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
It is my pleasure to inform you that you
are terminated
.
250 Message accepted for delivery
QUIT
221 eniac.sjsu.edu closing connection

Appendix 19
 Application Layer
 DNS  Domain Name Service
o Convert human-friendly names such as
www.google.com into 32-bit IP address
o A distributed hierarchical database
 Only 13 “root” DNS server clusters
o Essentially, a single point of failure for Internet
o Attacks on root servers have succeeded…
o …but, attacks did not last long enough (yet)

Appendix 20
 Transport Layer
 The network layer offers unreliable, “best
effort” delivery of packets
 Any improved service must be provided by
the hosts
 Transport layer: 2 protocols of interest
o TCP  more service, more overhead
o UDP  less service, less overhead
 TCP and UDP run on hosts, not routers

Appendix 21
 TCP
 TCP assures that packets…
o Arrive at destination
o Are processed in order
o Are not sent too fast for receiver: flow control
 TCP also provides…
o Network-wide congestion control
 TCP is connection-oriented
o TCP contacts server before sending data
o Orderly setup and take down of “connection”
o But no true connection, only logical “connection”
Appendix 22
 TCP Header
bits
0 8 16 24 31

Source Port Destination Port

Sequence Number
Acknowledgement Number
Offset reserved U A P R S F Window
Checksum Urgent Pointer
Options Padding
Data (variable length)

 Source and destination port

 Sequence number
 Flags (ACK, SYN, RST, etc.)
 Header usually 20 bytes (if no options)
Appendix 23
 TCP Three-Way Handshake
SYN request

SYN-ACK

ACK (and data)

 SYN: synchronization requested

 SYN-ACK: acknowledge SYN request
 ACK: acknowledge SYN-ACK (and send data)
 Then TCP “connection” established
o Connection terminated by FIN or RST
Appendix 24
 Denial of Service Attack
 The TCP 3-way handshake makes denial of
service (DoS) attacks possible
 Whenever SYN packet is received, server
remembers this “half-open” connection
o Remembering consumes resources
o Too many half-open connections and server’s
resources will be exhausted, and then…
o …server can’t respond to legitimate connections
 Problem occurs due to fact TCP is stateful
Appendix 25
 UDP
 UDP is minimalist, “no frills” service
o No assurance that packets arrive
o No assurance packets are in order, etc., etc.
 Why does UDP exist?
o More efficient (header only 8 bytes)
o No flow control to slow down sender
o No congestion control to slow down sender
 If packets sent too fast, will be dropped
o Either at intermediate router or at destination
o But in some apps this may be OK (audio/video)

Appendix 26
 Network Layer
 Core of network/Internet
o Interconnected mesh of routers
 Purpose of network layer
o Route packets through this mesh
 Network layer protocol is known as IP
o Follows a best effort approach
 IP runs in every host and every router
 Routers also run routing protocols
o Used to determine the path to send packets
o Routing protocols: RIP, OSPF, BGP, …
Appendix 27
 IP Addresses
 IP address is 32 bits
 Every host has an IP address
 Problem: Not enough IP addresses exist!
o Lots of tricks used to extend address space
 IP addresses given in dotted decimal notation
o For example: 195.72.180.27
o Each number is between 0 and 255
 Usually, a host’s IP address can change
Appendix 28
 Socket
 Each host has a 32 bit IP address
 But many processes on one host
o You can browse web, send email at same time
 How to distinguish processes on a host?
 Each process has a 16 bit port number
o Numbers below 1024 are “well-known” ports
(HTTP is port 80, POP3 is port 110, etc.)
o Port numbers above 1024 are dynamic (as needed)
 IP address and port number define a socket
o Socket uniquely identifies process, Internet-wide

Appendix 29
Network Address Translation
 Network Address Translation (NAT)
o Trick to extend IP address space
 Useone IP address (different port
numbers) for multiple hosts
o “Translates” outside IP address (based
on port number) to inside IP address

Appendix 30
 NAT-less Example

source 11.0.0.1:1025
destination 12.0.0.1:80

source 12.0.0.1:80
destination 11.0.0.1:1025
Web
server Alice
IP: 12.0.0.1 IP: 11.0.0.1
Port: 80 Port: 1025

Appendix 31
 NAT Example

src 11.0.0.1:4000 src 10.0.0.1:1025

dest 12.0.0.1:80 dest 12.0.0.1:80

src 12.0.0.1:80 src 12.0.0.1:80

dest 11.0.0.1:4000 dest 10.0.0.1:1025
Web
server Firewall Alice
IP: 12.0.0.1 IP: 11.0.0.1 IP: 10.0.0.1
NAT Table
4000 10.0.0.1:1025

Appendix 32
 NAT: The Last Word
 Advantage(s)?
o Extends IP address space
o One (or a few) IP address(es) can be
shared by many users
 Disadvantage(s)?
o Makes end-to-end security difficult
o Might make IPSec less effective
(IPSec discussed in Chapter 10)

Appendix 33
 IP Header

 IP header has necessary info for routers

o E.g., source and destination IP addresses
 Time to live (TTL) limits number of “hops”
o So packets can’t circulate forever
 Fragmentation information (see next slide)
Appendix 34
 IP Fragmentation
fragmented

re-assembled

 Each link limits maximum size of packets

 If packet is too big, router fragments it
 Re-assembly occurs at destination

Appendix 35
 IP Fragmentation
 One packet becomes multiple packets
 Packets reassembled at destination
o Prevents multiple fragmentation/reassemble
 Fragmentation is a security issue…
o Fragments may obscure real purpose of packet
o Fragments can overlap when reassembled
o Must reassemble packet to fully understand it
o Lots of work for firewalls, for example

Appendix 36
 IPv6
 Current version of IP is IPv4
 IPv6 is a “new-and-improved” version
 IPv6 is “bigger and better” than IPv4
o Bigger addresses: 128 bits
o Better security: IPSec
 How to migrate from IPv4 to IPv6?
o Unfortunately, nobody thought about that…
 So IPv6 has not taken hold (yet?)

Appendix 37
 Link Layer
 Link layer sends
packet from one
node to next
 Links can be
different
o Wired
o Wireless
o Ethernet
o Point-to-point…

Appendix 38
 Link Layer
 On host, implemented in adapter:
Network Interface Card (NIC)
o Ethernet card, wireless 802.11 card, etc.
o NIC is “semi-autonomous” device
 NIC is (mostly) out of host’s control
o Implements both link and physical layers

Appendix 39
 Ethernet
 Ethernet is a multiple access protocol
 Many hosts access a shared media
o On a local area network, or LAN
 With multiple access, packets can “collide”
o Data is corrupted and packets must be resent
 How to efficiently deal with collisions in
distributed environment?
o Many possibilities, but ethernet is most popular
 We won’t discuss details here…
Appendix 40
 Link Layer Addressing
 IP addresses live at network layer
 Link layer also needs addresses  Why?
o MAC address (LAN address, physical address)
 MAC address
o 48 bits, globally unique
o Used to forward packets over one link
 Analogy…
o IP address is like your home address
o MAC address is like a social security number

Appendix 41
 ARP
 Address Resolution Protocol (ARP)
 Used by link layer  given IP address, find
corresponding MAC address
 Each host has ARP table, or ARP cache
o Generated automatically
o Entries expire after some time (about 20 min)
o ARP used to find ARP table entries

Appendix 42
 ARP
 ARP is stateless
 ARP can send request and receive reply
 Reply messages to fill/update ARP cache

IP: 111.111.111.001 IP: 111.111.111.002

LAN
MAC: AA-AA-AA-AA-AA-AA MAC: BB-BB-BB-BB-BB-BB

111.111.111.002 BB-BB-BB-BB-BB-BB 111.111.111.001 AA-AA-AA-AA-AA-AA

Alice’s ARP cache Bob’s ARP cache

Appendix 43
 ARP Cache Poisoning
 ARP is stateless, so…
 Accept “reply”, even if no request sent

Trudy 111.111.111.003
CC-CC-CC-CC-CC-CC

ARP “reply” ARP “reply”

111.111.111.002 111.111.111.001
CC-CC-CC-CC-CC-CC CC-CC-CC-CC-CC-CC

111.111.111.001
LAN 111.111.111.002
AA-AA-AA-AA-AA-AA BB-BB-BB-BB-BB-BB

111.111.111.002 CC-CC-CC-CC-CC-CC
BB-BB-BB-BB-BB-BB 111.111.111.001 AA-AA-AA-AA-AA-AA
CC-CC-CC-CC-CC-CC

Alice’s ARP cache Bob’s ARP cache

 Host CC-CC-CC-CC-CC-CC is man-in-the-middle

Appendix 44
 Math Basics

7/5ths of all people don’t understand fractions.

 Anonymous

Appendix 45
 Modular Arithmetic

Appendix 46
 Clock Arithmetic
 For integers x and n, “x mod n” is the
remainder when we compute x  n
o We can also say “x modulo n”
0
 Examples
o 33 mod 6 = 3
5 1
o 33 mod 5 = 3
o 7 mod 6 = 1 number “line”
o 51 mod 17 = 0 mod 6
o 17 mod 6 = 5
4 2

3
Appendix 47
 Modular Addition
 Notation and fun facts
o 7 mod 6 = 1
o 7 = 13 = 1 mod 6
o ((a mod n) + (b mod n)) mod n = (a + b) mod n
o ((a mod n)(b mod n)) mod n = ab mod n
 Addition Examples
o 3 + 5 = 2 mod 6
o 2 + 4 = 0 mod 6
o 3 + 3 = 0 mod 6
o (7 + 12) mod 6 = 19 mod 6 = 1 mod 6
o (7 + 12) mod 6 = (1 + 0) mod 6 = 1 mod 6

Appendix 48
 Modular Multiplication
 Multiplication Examples
o 3  4 = 0 mod 6
o 2  4 = 2 mod 6
o 5  5 = 1 mod 6
o (7  4) mod 6 = 28 mod 6 = 4 mod 6
o (7  4) mod 6 = (1  4) mod 6 = 4 mod 6

Appendix 49
 Modular Inverses
 Additive inverse of x mod n, denoted –x
mod n, is the number that must be
added to x to get 0 mod n
o -2 mod 6 = 4, since 2 + 4 = 0 mod 6
 Multiplicative inverse of x mod n,
denoted x-1 mod n, is the number that
must be multiplied by x to get 1 mod n
o 3-1 mod 7 = 5, since 3  5 = 1 mod 7

Appendix 50
 Modular Arithmetic Quiz
 Q: What is -3 mod 6?
 A: 3
 Q: What is -1 mod 6?
 A: 5
 Q: What is 5-1 mod 6?
 A: 5
 Q: What is 2-1 mod 6?
 A: No number works!
 Multiplicative inverse might not exist

Appendix 51
 Relative Primality
x and y are relatively prime if they
have no common factor other than 1
 x-1 mod y exists only when x and y are
relatively prime
 If it exists, x-1 mod y is easy to
compute using Euclidean Algorithm
o We won’t do the computation here
o But, an efficient algorithm exists
Appendix 52
 Totient Function
 (n) is “the number of numbers less than n
that are relatively prime to n”
o Here, “numbers” are positive integers
 Examples
o (4) = 2 since 4 is relatively prime to 3 and 1
o (5) = 4 since 5 is relatively prime to 1,2,3,4
o (12) = 4
o (p) = p-1 if p is prime
o (pq) = (p-1)(q-1) if p and q prime

Appendix 53
 Permutations

Appendix 54
 Permutation Definition
 Let S be a set
 A permutation of S is an ordered list
of the elements of S
o Each element of S appears exactly once
 Suppose S = {0,1,2,…,n-1}
o Then the number of perms is…
o n(n-1)(n-2)    (2)(1) = n!

Appendix 55
 Permutation Example
 Let S = {0,1,2,3}
 Then there are 24 perms of S
 For example,
o (3,1,2,0) is a perm of S
o (0,2,3,1) is a perm of S, etc.
 Perms are important in cryptography

Appendix 56
 Probability Basics

Appendix 57
 Discrete Probability
 We only require some elementary facts
 Suppose that S={0,1,2,…,N1} is the
set of all possible outcomes
 If each outcome is equally likely, then
the probability of event E  S is
o P(E) = # elements in E / # elements in S

Appendix 58
 Probability Example
 Forexample, suppose we flip 2 coins
 Then S = {hh,ht,th,tt}
o Suppose X = “at least one tail” = {ht,th,tt}
o Then P(X) = 3/4
 Often, it’s easier to compute
o P(X) = 1  P(complement of X)

Appendix 59
 Complement
 Again, suppose we flip 2 coins
 Let S = {hh,ht,th,tt}
o Suppose X = “at least one tail” = {ht,th,tt}
o Complement of X is “no tails” = {hh}
 Then
o P(X) = 1  P(comp. of X) = 1  1/4 = 3/4
 We make use of this trick often!

Appendix 60
 Linear Algebra Basics

Appendix 61
 Vectors and Dot Product
 Let  be the set of real numbers
 Then v  n is a vector of n elements
 For example
o v = [v1,v2,v3,v4] = [2,1, 3.2, 7]  4
 The dot product of u,v  n is
o u  v = u1v1 + u2v2 +… + unvn

Appendix 62
 Matrix
A matrix is an n x m array
 For example, the matrix A is 2 x 3

 The element in row i column j is aij

 We can multiply a matrix by a number

Appendix 63
 Matrix Addition
 We can add matrices of the same size

 We can also multiply matrices, but this

is not so obvious
 We do not simply multiply the elements

Appendix 64
 Matrix Multiplication
 Suppose A is m x n and B is s x t
 Then C=AB is only defined if n=s, in
which case C is m x t
 Why?
 The element cij is the dot product of
row i of A with column j of B

Appendix 65
 Matrix Multiply Example
 Suppose

 Then

 And AB is undefined
Appendix 66
Matrix Multiply Useful Fact
 Consider AU = B where A is a matrix and U
and B are column vectors
 Let a ,a ,…,a be columns of A and u ,u ,…,u
1 2 n 1 2 n
the elements of U
 Then B = u a + u a + … + u a
1 1 2 2 n n

Example:
[ 3 4
1 5
][ ]
2
6
= 2 [ ] + 6 [ ]
3
1
4
5
= [ 30
32
]

Appendix 67
 Identity Matrix
A matrix is square if it has an equal
number of rows and columns
 For square matrices, the identity
matrix I is the multiplicative identity
o AI = IA = A
 The 3 x 3 identity matrix is

Appendix 68
 Block Matricies
 Block matrices are matrices of matrices
 For example

 We can do arithmetic with block matrices

 Block matrix multiplication works if
individual matrix dimensions “match”

Appendix 69
 Block Matrix Mutliplication
 Block matrices multiplication example
 For matrices

 We have

 Where X = U+CT and Y = AU+BT

Appendix 70
 Linear Independence
 Vectors u,v  n linearly independent
if au + bv = 0 implies a=b=0
 For example,

 Are linearly independent

Appendix 71
 Linear Independence
 Linear independence can be extended
to more than 2 vectors
 If vectors are linearly independent,
then none of them can be written as a
linear combination of the others
o None of the independent vectors is a
sum of multiples of the other vectors

Appendix 72