EE 7376: Introduction to Computer Networks
Homework #3: Network Security, Email, Web, DNS, and Network Management
Maximum Points: 60
1. Network security attacks that have to do with eavesdropping on, or monitoring, transmissions are called passive threats. Whereas, attacks that include the modification of the transmitted data and attempts to gain unauthorized access to computer systems are called active threats. Classify the following threats as either passive or active, and list at least one way to protect from each attack: (6 points)
a. Release of message contents/ reading of message contents b. Replay
c. Masquerade
d. Traffic analysis (on amount of data being transmitted) e. Modification of messages
f. Denial of service.
2. Suppose that someone suggests the following way to confirm that the 2 of you are both in possession of the same secret key. You create a random bit string the length the key, and send the result over the channel. Your partner XORs the incoming block with the key (which should be the same as your key) and sends it back. You check and if what you receive is your original random string, you have verified that your partner has the same secret key, yet neither of you has ever transmitted the key. Is there a flaw in this scheme? (2 points)
3. What protocols comprise SSL? What service do each of them provide? In SSL and TLS, why is there a separate Change Cipher Spec protocol rather than including a change_cipher_spec message in the Handshake protocol? (5 points)
4. A security protocol uses encryption for privacy of data exchanged. However, since any message can be decrypted to something (which might not have been sent), integrity protection is required. In the following, Mp is plain text message, Mc is encrypted message, Hp is hash of Mp, Hc is the hash of Mc, and E(Hp) is the encrypted Hp. Which of the following will ensure integrity of messages, and why (in short)? Which will also ensure privacy? (6 points)
a. Mp and Hp are sent b. Mp and E(Hp) are sent c. Mp and Hc are sent d. Mc and Hp are sent
e. Mc and Hc are sent f. Mc and E(Hp) are sent
5. Public key cryptography: An electronic signature is used so that a user cannot repudiate later - that they are not responsible for some content. One way to electronically sign a message is to have a hash of the message, and then encrypt the hash and attach it at the end of the message.
a. If Public Key Cryptography is used to encrypt the message, which of the keys: public or private is used to encrypt the hash. Which key is used to decrypt the message? (1 point)
b. If Symmetric Key Cryptography is used to encrypt the hash, should the key be made public so that the others can verify the signature? How can a trusted (by all concerned) third party be used for enforcing signatures in this case? (2 points)
c. What is a public key certificate (what is contained in such a certificate)? (1 point)
6. Enable full header in an email that you have received. Google how to view full headers in your web based email or unix based email.
‘Portions’ of the extended header from an email are copied below. ============================= Return-Path: <[email protected]> Delivered-To: [email protected] Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C8F640.1C2E76E7" Subject: Subject of this email
Date: Mon, 4 Aug 2008 09:40:59 -0500 Message-ID: <[email protected] mu.edu> X-MS-Has-Attach: yes X-MS-TNEF-Correlator:
From: "Somebody Somewhere" <[email protected]> To: <[email protected]>,
<[email protected]>, <[email protected]>
============================
Based on the header, what pattern should the receiver program try to match in the body of the email to separate the various parts of the message? Are the various parts of the message required to be presented to the receiver in the
order they appear in the message? Why, or why not? Is it possible that all the parts of the message are plain text? (3 points)
Some email messages include the same content in plain text, as well as html format, and the user’s email program is supposed to show the message to the user in whichever format is best to the user. What MIME type and subtype are used for such messages? (1 point)
7. Please solve the following problems
a. We’ve seen that the character sequence “<CR><LF>.<CR><LF>” indicates the end of mail data to a SMTP server. What happens if the mail data itself contains that character sequence? (1 point)
b. Users are free to define and use additional header fields other than the ones defined in RFC 822. Such header fields must begin with the character string “X-“. Why? (1 point)
c. Using table in http://en.wikipedia.org/wiki/Base64, encode the following 3 octets into radix-64 code words (show the ASCII printable characters only): (2 points)
10010100,11100011,10100110
8. Excluding the connection establishment and termination, what is the minimum number of network round trips to send a small email message using SMTP? (2 points)
9. SNMP: A network management protocol uses “get”, “set”, and “trap” messages to request a parameter value, set the value of a parameter, and notify of certain changes respectively. Who (a “Manager” or an “agent”) are the originators of these messages? (1 point)
Given that a router has 4 parameter in its MIB: 1) Memory allocated for packets, 2) Average Number of Packets/sec in last 1 minute, 3) Received data in last 1 minute, and 4) forwarded data in last 1 minute.
The router has an ‘agent’ which communicates with the network ‘manager’. The manager monitors the router, and sets the parameter 1) to a higher value HV if any of parameters 2), 3), or 4) exceed thresholds T2, T3, or T4 respectively. Also if they exceed higher-thresholds HT2, HT3, and HT4 respectively, the agent is required to notify the manager without waiting for any query from it. On such notification, the manager is required to set the parameter 1) to a very high value VHV1.
What message or messages or no messages (get, set, or trap) are sent from whom (manager or agent) AFTER the following cases happen? Also indicate briefly the content of the message. (Note: Only include messages get, set, or trap in your answers; Assume the response, if any, to the get, set, and trap messages, is always a success.) (6 points)
a. Manager sends ‘set’ 1) to a small value SM b. Parameter 4) value increases from <T4 to >HT4
c. Parameter 2) value increases from {HT2 > parameter 2) >T2} to >HT2 d. Parameter 3) value increases from <T3 to >T3
e. Manager wishes to know the current values of MIB parameters 2) 3) and 4), and the values are 2) <T2 , HT3 > 3) > T3, and 4) >HT4
f. Manager wishes to know the current values of all parameters in the routers MIB, and all of parameters 2) to 4) are less than their respective thresholds T2 to T4. Moreover, parameter 1) also has the proper value it is supposed to have.
The manager also acts as an agent to an “manager”. The overall-manager does not set any parameters, and only monitors the MIB values of the router (through the manager of course). If the overall-manager seeks to populate its own MIB values for the router, what type of message/s (get, set, trap) does it generate, and to whom? If the overall manager requests for any of the router’s parameter values from the manager, is it always required to query the router for them? If not, why not? If yes, what type of messages does it use to query the router? (3 points)
10. Solve the following:
a. Classify a DNS resolver and a DNS name server as either client, server, or both. (1 point)
b. What’s the main difference between a primary and a secondary name server? (1 point)
c. What is the difference between a domain and a zone? (1 point)
11. The DIG tool is used for DNS lookups. Read about the tool on one or more of the following: a) “man dig” on unix/linux machines; b) Google “Domain information groper” or “man dig”. Use the DIG tool at the following website: http://www.kloth.net/services/dig.php
a. What are the 3 main parameters to the dig tool? (1 point)
b. Find the list of root name servers by using the tool and knowing that all root servers are authoritative for the zone “.”. (1 points)
c. Now find the IP addresses of the “k” root name server. (0.5 points) d. Now use the dig tool to find the IP address of www.example.com. Copy
what is displayed in the QUESTION SECTION and the ANSWER SECTION? (0.5 point)
e. What is the TTL from your query in part d above? (0.5 points)
f. Now repeat the same query. Why has the TTL field changed? (0.5 point)
12. Does a root server support recursive lookup? (0.5 point) Why or why not? (0.5 point)
13. List briefly 2 reasons why the current DNS system is better than maintaining a central HOSTS.txt file at a well-known IP address, and using the latest version of this HOSTS.txt file to do the name resolution. (2 points)
14. One can browse the same web page on different types of browsers such as Lynx that cannot display images etc. or IE that is more general purpose. If a browser cannot display a certain type of media, how does it tell the server from which it is requesting the URL? (1 point)
15. In the response to a request for a URL, how does the receiver know what type of media is contained in the entity? (1 point)
16. An efficient way to use web caches is for the client to request the server for the URL indicating that it respond with the entity only if the URL contents have changed since the last time the client accessed the same URL. If the URL content has not changed, and is cached at the client side, then the response can be short and does not need to carry potentially large amount of data. How can an http request message make such a request to the server? That is, identify the header field and value to be used. (2 points)
17. A website has a front page that changes in format regularly but the content (in terms of images, sounds, and videos linked on the web page) stays the same more or less. Akamai servers are used to replicate content so that a nearest Akamai server is used to download content rather than cause traffic across larger portion of the Internet. Should the Akamai servers replicate the front page or the less frequently changing content? Why? (1 point)
18. Why do clients using BitTorrent request the rarest file fragment first? (1 point) 19. Between Napster and Gnutella, which one is more susceptible to a single
