Course Hero

Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.

5 Pages

Routing Security and Authentication Mechanism

Course: ICT 2, Spring 2011
School: Kungliga Tekniska...
Rating:
 
 
 
 
 

Word Count: 3937

Document Preview

Security Routing and Authentication Mechanism for Mobile Ad Hoc Networks Yuh-Ren Tsai Institute of Communications Engineering, National Tsing Hua University 101, Sec. 2, Kuang-Fu Rd., Hsinchu 300, Taiwan yrtsai@ee.nthu.edu.tw AbstractMobile ad hoc networks (MANETs) is proposed as an extremely flexible technology for establishing wireless communications. In comparison with fixed networks or traditional mobile...

Register Now
Search

Unformatted Document Excerpt

Coursehero >> Other International >> Kungliga Tekniska högskolan >> ICT 2

Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Course Hero has millions of student submitted documents similar to the one below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Security Routing and Authentication Mechanism for Mobile Ad Hoc Networks Yuh-Ren Tsai Institute of Communications Engineering, National Tsing Hua University 101, Sec. 2, Kuang-Fu Rd., Hsinchu 300, Taiwan yrtsai@ee.nthu.edu.tw AbstractMobile ad hoc networks (MANETs) is proposed as an extremely flexible technology for establishing wireless communications. In comparison with fixed networks or traditional mobile cellular networks, MANETs introduce some new security issues. Especially, the routing security is the most important and complicated one. In this work, we propose a twotier authentication mechanism for MANETs. The first tier, based on hash function and the concept of MAC, provides fast message verification and group identification. The second tier, based on secret sharing technology, provides secure user identification. This two-tier authentication mechanism can prevent internal and external attacks, including black hole, impersonation, routing table overflow and energy consummation attacks. KeywordsMobile ad hoc networks (MANET); Authentication; Routing security; Secret sharing; Hash function. Shiuh-Jeng Wang Department of Information Management, Central Police University Taoyuan, Taiwan 3333 sjwang@sun4.cpu.edu.tw of MANETs. The first tier is the cluster authentication and the second tier is the individual authentication. The rest of this paper is organized as follows. In section II we will illustrate the routing security problems in MANETs. Section III concentrates on the proposed authentication mechanism. In Section IV, the discussions for our proposal are presented. Finally, this paper is concluded in section V. II. ROUTING SECURITY IN MANETS A. Routing Protocols of MANETs In MANETs, each node functions as a host as well as a router and will forward packets for other mobile nodes in the network which is not within direct wireless transmission range of each other. Since the network topology is dynamic, each node participates in the network management and routing mechanism. According to the routing protocols, each node can discover multiple-hop paths through the network to any other node. Many different routing protocols, such as Destinationsequenced distance-vector (DSDV) [6], ad hoc on-demand distance vector (AODV) [7] and Dynamic Source Routing (DSR) [8] protocols, have been developed for MANETs and are generally classified into three categories: proactive, reactive and hybrid protocols. Proactive protocols, also known as table-driven protocols, require each node to possess one or more tables to store routing information and attempt to maintain consistent and up-to-date routing information for each node; thus periodically refreshing or updating of the existing routing information is essential. On the contrary, reactive protocols, also known as source-initiated on-demand driven protocols, do not periodically update the routing information and routes are created only when desired by source node. When a source node requires a route to a specific destination, it initiates a route discovery process within the network. Since neither the pure proactive nor the reactive approach is sufficient, hybrid protocols make use of both reactive and proactive approaches by adapting the protocols to the specific conditions and is in general the optimal choice. B. Routing Security Problems of MANETs MANETs suffer from some new weaknesses, such as no trustworthy administration, easy theft of nodes, vulnerability of tampering, limited computational abilities, battery powered operation and transient nature of services and devices; and thus I. INTRODUCTION An ad hoc network is formed by a collection of selfgoverning nodes which can communicate with each other without any fixed infrastructure, such as base stations or mobile switching centers, or any centralized administration. Due to limited radio propagation coverage, each node can only connect to a few neighboring nodes. If the communication link between any two nodes which are not in the same radio coverage area is required, a multiple-hop radio connection relying on other intermediate nodes to relay messages is established to provide services. If the nodes of ad hoc networks are mobile and with wireless communication to maintain the connectivity, it is known as mobile ad hoc network (MANET) and is proposed as an extremely flexible technology for establishing communications in situations which demand a fully decentralized network without any fixed base stations, such as battlefields, military applications, and other emergency and disaster situations. Since all nodes are mobile, the network topology of a MANET is generally dynamic and may change frequently. In comparison with fixed networks or traditional mobile cellular networks, MANETs introduce some new security issues; especially, the routing security is the most important and complicated one [1]-[5]. In this work, we propose a twotier authentication mechanism according to the characteristics This work was supported in part by the Chung-Shan Institute of Science and Technology, Taiwan, R.O.C., under Grant BC-93-B14P and the National Science Council, Taiwan, R.O.C., under Grant NSC 93-2752-E-007-003-PAE. 0-7803-8521-7/04/$20.00 2004 IEEE 4716 0-7803-8521-7/04/$20.00 (C) 2004 IEEE MANETs introduce some new and critical security issues. Especially, the operation of MANETs is based on the assumption of routing protocol functioning normally; thus routing security becomes the Achilles' heel of MANETs in an insecure environment. To defend against malicious attacks, the security mechanisms should be able to protect the network management information (such as routing information), user traffic and any other vulnerable information from any adversaries, and to maintain the routing protocol functioning normally. Furthermore, the design of security mechanisms should also consider the availability, confidentiality, integrity, authenticity and non-repudiation similar to the traditional networks. Attacks against MANETs can be classified as passive attacks and active attacks. Passive attacks typically involve only eavesdropping and the attacker attempt to discover valuable information by listening to the routing traffic. Active attacks involve actions performed by adversaries; generally the attacker must be able to inject arbitrary packets into the network and attempts to improperly modify data, gain authentication, replicate or delete data, insert false packets or modify packets transition through the network. Furthermore, active attacks can be divided into external attacks and internal attacks. External attacks are caused by nodes that do not belong to the network while internal attacks are from compromised or hijacked nodes that belong to the network. External attacks can typically be prevented by using standard security mechanisms; while internal attacks are typically more severe, since malicious nodes already belong to the network as an authorized party and thus the attacks are protected with the security mechanisms offered by the network. Some types of active attacks, including black hole, wormhole, denial of service (DOS), routing table overflow, impersonation, energy consummation and Information or location disclosure, have been addressed in literature [1]-[5]. These attacks can be easily performed against a MANET in the network layer and may paralysis the operation of part or whole network. Details of these attacks will be explained in the final version. III. AUTHENTICATION MECHANISM Due to the special characteristics of MANETs, including no centralized administration, dynamic network topology, limited computational power, limited transmission bandwidth and high user mobility, the authentication mechanism suitable for MANETs should be feasible for highly changing network topology and be with low computational complexity and low bandwidth consumption. Thus we propose a two-tier authentication mechanism for message verification and user identification. The first tier is the cluster authentication which provides a fast messages verification and basic user identification mechanism with low computation complexity and low bandwidth consumption. The second tier is the individual authentication which provides a secure user identification mechanism with moderate computation complexity and low bandwidth consumption. A. Basic Assumptions and Definitions Followings are the basic assumptions and definitions for this work. It is assumed that each node holds the following items: The plaintext M : which is the original message sent by a node. The ciphertext C : which is the output of message M encrypted by the cryptosystem. Time synchronization: time synchronization is imposed in this system so that each node is able to synchronize the same time. Each node holds a common secret key K c , which is the same for all nodes and is undisclosed to any outsiders. Each node holds a symmetric cryptosystem with the property of M = DK ( EK (M )) , such as 3-DES system or c c AES system, where E K () and DK () are the encryption c c and decryption functions, respectively; thus all the transmitted messages are well protected from the outsiders. Each node holds a collision-free hash function H , such as SHA/MD5. The message authentication code (MAC): which is defined by MAC = H (K c ; ) , where K c is the protection key and denotes the encoded message. Each node holds a set of secret shadows for all other nodes. For example, K A, E , kept inside Node A, is the secret shadow associated with Node E. The secret shadows are assumed to be symmetric between any pair of nodes, i.e. Ki , j = K j ,i , and are undisclosed to any other nodes in the same cluster or any outsiders. B. Two-tier Authentication Mechanism 1) First tier: cluster authentication The goal of cluster authentication is to verify whether a user (node) belongs to the same group or to verify whether a message is come from a (any) node of this group. For example, a soldier should make sure the received message is come from a partner, not come from any adversary. The concept of message authentication code (MAC) is commonly used for message verification [9]. Also it was proposed to play a role in packet leashes for the defense against wormhole attacks [10]. By applying the hash operation, the MAC of a specific message can be easily obtained. In this work, we apply the concept of MAC and hash function for cluster authentication. For each transmitted packet, the original message accompanied with the cluster signature, which is obtained from the hash function by using the time stamp and the original message as inputs, will be sent by the originator. For a node having received a packet, it verifies the cluster signature and then determines the validity of this packet. Thus, the false packets can be detected, and the attacks from any outsider can also be prevented. 2) Second tier: individual authentication 0-7803-8521-7/04/$20.00 2004 IEEE 4717 0-7803-8521-7/04/$20.00 (C) 2004 IEEE The goal of individual authentication is to verify the identity of a specific user (node) of this group or to verify whether the message is come from a specific node or not. For example, a soldier should make sure the received message is come from an officer not come from a soldier which might be a hijacked node. Generally, the public-key cryptosystems [10] can be utilized to fulfill the above-mentioned requirements; however it suffers from high computational complexity and seems unsuitable for MANETs applications. In this work, we utilize the secret sharing concept and propose a user authentication mechanism to verify the identity of a node. In cryptography, secret sharing is usually applied to the key management. With this, a secret (specific key) can be well protected from the unauthorized access and the intentional destruction. The concept of secret sharing was first due to Shamirs interpolating polynomial construction [11]. Afterwards, there are a lot of reports developed on the area explorations of secret sharing [12]-[14]. Among these proposals, the secret key construction (or management) designed in a low-complexity computation is entirely satisfied with the need of MANETs. Accordingly, the low powerconsuming authentication procedure based on the secret sharing on low-computation purpose is proposed in our scheme. MACT = H (K c ; Ts ) . (2) Step 4: By applying the global symmetric cryptosystem, Node A generates the encrypted message body EK c (MACM , Ts , M ) . (3) Step 5: Node A forms and transmits output the packet PKTM = MACT ; Ts ; EK c (MACM , Ts , M ) . { } (4) For each intermediate node, if a packet is received, it checks the following two conditions: Condition 1: MACT = H (K c ; Ts ) , and Condition 2: Ts is in a reasonable time delay range. C. Proposed Authentication Mechanism Shown in Fig. 1 is a possible network topology for MANET. The routing protocol is assumed to be an on-demand driven routing protocol, such as AODV. As shown in Fig. 1, when a source node, say Node A, requires a route to a destination node, say Node E, it initiates a route discovery process and broadcasts a route request (RREQ) packet to its neighbors. All intermediate nodes forward the received RREQ to its neighbors, and so on, until either the destination or an intermediate node with a fresh route to the destination is located. As shown in Fig. 2, according to the received RREQ, the destination node or an intermediate node with a fresh route will unicast a route reply (RREP) packet following the shortest path to inform the source node about route information. After establishing a route, it is maintained by a route maintenance process until either the destination becomes inaccessible or the route is no longer desired. 1) First tier: cluster authentication For any message M transmitted from a source node, say Node A, following steps will be progressed before the message is sent. Procedure 1. Step 1: According to the system time, Node A generates a time stamp Ts . Step 2: By applying M and Ts as inputs, Node A uses the hash function H ( ) to generate MAC for this message, i.e. MACM = H (K c ; Ts , M ) . If the two above-mentioned conditions are all satisfied, this intermediate node forwards this packet to the next node; otherwise this packet is discarded. For the destination node, without loss of generality, it will follow the Condition 1 and Condition 2 to check the status of an arriving packet. Furthermore, it decrypts EK (MACM , Ts , M ) and checks the c following two conditions: Condition 3: MACM = H (K c ; Ts , M ) and Condition 4: The decrypted Ts is the same as the one in the packet without encryption. If all conditions are satisfied, this packet is regarded as a valid packet; otherwise this packet is discarded. 2) Second tier: individual authentication Assume that system has chosen a large prime number, p, and a primitive root g. As in Fig. 1, Node A is the source node and Node E is the destination node. The individual authentication mechanism is incorporated into the route discovery process as shown in the following steps. Procedure 2. Step 1: Node A generates a random number a0 and a random challenge number RAND . Step 2: Node A finds a linear polynomial f 1 ( x) = a1 x + a0 mod p-1 with the number a1 obtained by solving K A, E = f1 ( IDE ) = a1 IDE + a0 mod ( p 1) , where IDE denotes the identity of Node E in this system. Step 3: Node A generates (5) = g f (1) mod p = g a1 + a0 mod p . (6) (1) Step 4: Node A broadcasts the RREQ packet containing and RAND to discover Node E. Step 5: Node E receives RREQ, and then generates Step 3: By applying Ts as input, Node A uses H ( ) to generate the cluster signature, i.e. 0-7803-8521-7/04/$20.00 2004 IEEE 4718 0-7803-8521-7/04/$20.00 (C) 2004 IEEE =g K E ,A mod p = g a1IDE + a0 mod p , (7) according to the secret shadow K E , A . Step 6: Node E finds Z satisfying the relation of ( IDE 1) Z = 1 mod ( p 1) . (8) Step 7: According to the in the received RREQ, Node E calculates K S = IDE Procedure 1 is a symmetric one with very low computational complexity and power consumption. Moreover, the message verification in any intermediate node involves only the computation of hash function, which is with very low computational complexity. Thus, the message verification procedure will not burden the network with high power consumption and long latency. As considering the bandwidth consumption, the hash output contains only limited number of bits which just increases the required bandwidth slightly. ( ) Z mod p . (9) 2) Second tier: individual authentication In MANETs, the internal attacks are typically more severe, since malicious nodes already belong to the network. To prevent such attacks, authenticating the unique identity of any node is necessary. Our individual authentication scheme provides an efficient way to verify the identity of a node. According to Procedure 2, only the destination node can acquire the secret K S = g a0 mod p by the concept of secret sharing. The source node can verify the validity of authentication reply code AUTHR to authenticate the identity of destination node. It is noteworthy that the secret shadow wont be disclosed to other intermediate nodes during the routing discovery-authentication procedure since it is subject to the hard problem of discrete logarithms when breaking the secret is desired. Furthermore, the authentication manner can be reiterated in later time. In the meantime, a different secret can be imposed to obtain a different common session key. Since the identity of the destination node is well verified, the internal attacks from member of this network, including black hole and impersonation attacks, can be adequately prevented. Consider the crucial damage with the attack of black hole in MANETs. If a malicious node receives a RREQ packet requesting a route to the destination node, it may reply a RREP packet claiming that it has the shortest path to the destination node. Therefore the malicious node can intercept the packets to the destination node and disrupts the correct functioning of the routing protocol. However, in our proposal, the RREP packet replied by the malicious node will be ignored since the authentication reply code is invalid. On the contrary, the source node will confide the RREQ packet under the correct comparison in (12). Thus, a secure routing path is obtained and the black hole attack can be definitely prevented. In the following, we further show that the source and destination nodes share a common secret key, K S . Theorem 1. The destination Node E and the source Node A share a common secret key, K S , in Procedure 2. Proof. Step 8: By using K S as key, Node E performs an encryption process for the received challenge number RAND and obtains the authentication reply code AUTHR , i.e. AUTHR = EK S (RAND) . (10) Step 9: According to the shortest path, Node E replies a RREP packet containing the authentication reply code AUTHR to Node A. Step 10: Node A computes V = g a0 mod p . (11) and verifies whether the received AUTHR is equal to AUTHR = EV (RAND) , (12) where RAND is the challenge number generated in Step 1. If yes, the responding node is treated as the intended recipient and a secure routing path to Node E is guaranteed. Furthermore, a common session key K S = V = g a0 mod p is obtained which can be used for message verification and protection in further data transactions. IV. DISCUSSION In this section, we discuss the applicability and feasibility of our schemes for MANETs. 1) First tier: cluster authentication For the first tier authentication, all messages are encrypted by a global symmetric cryptosystem. No outsider can eavesdrop and acquire the message contents. Furthermore, each intermediate node can verify the validity of the received packets. If any outsider intends to inject a false packet, such as a false routing request, into the network, the Condition 1 or Condition 2 will be violated and no intermediate node will forward this false packet. If any outsider intends to modify the encrypted message body or replace it by a replay version of a valid packet, the Condition 3 or Condition 4 will be violated and the destination node will discard this packet. According to the foregoing discussion, our scheme can adequately prevent external attacks from any outsider, including routing table overflow and energy consummation attacks. To be a feasible scheme for MANETs, the computational complexity, bandwidth consumption and power consumption are major concerns. Furthermore, long latency is not acceptable for many real-time applications. The cryptosystem applied in In Procedure 2, K S = g a0 mod p . Consider the computation in the Step 7 at the side of Node E. K S = IDE = (g =g ( ( IDE 1)a0 ) Z mod p Z ) mod p mod p ( IDE 1) Z a0 Since ( IDE 1) Z = 1 mod ( p 1) is sustained in Step 6 of 0-7803-8521-7/04/$20.00 2004 IEEE 4719 0-7803-8521-7/04/$20.00 (C) 2004 IEEE Procedure 2, Node E can obtain the result of g a0 mod p , which is identical to K S generated at the side of Node A. Q.E.D. For Procedure 2, the computational efforts dominated at the source node are Step 3 and 10, and the major computation required in destination note is at Steps Step 5 and 7. By carefully choosing the parameters, only limited number of multiplication and modulo operations are needed. As compared to existing exponent-computation-like public-key cryptosystem, our scheme is capable of satisfying the requirements of low computational complexity and less power consumption. As a result, it is suitable for MANETs. V. CONCLUSIONS In this work, we have proposed a two-tier authentication mechanism. The first tier, based on hash function and the concept of MAC, is the cluster authentication. This tier can verify whether a user (node) belongs to the same group or whether the message is come from a (any) node of this group, and prevent external attacks, such as routing table overflow and energy consummation attacks. The second tier, based on secret sharing technology, is the individual authentication. This tier can verify the identity of a specific user (node) or verify whether the message is come from a specific node, and prevent the internal attacks from member of this network, including black hole and impersonation attacks. In sum, the first tier mechanism provides limited secure ability with very low complexity; while the second tier mechanism provides a high degree of secure ability with moderate complexity. REFERENCES [1] L. Zhou and Z. J. Haas, Securing Ad Hoc Networks, IEEE Network., vol. 13, pp. 24-30, Nov./Dec. 1999. [2] H. Deng, W. Li and D. P. Agrawal, Routing Security in Wireless Ad Hoc Networks, IEEE Communications Magazine pp. 70-75, Oct. 2002. [3] F. Hu and N. K. Sharma, "Security Considerations in Ad Hoc Networks," to be appeared in Ad Hon Network, 2004. [4] R.D. Pietro, L.V. Mancini, and S. Jajodia, "Providing Secrecy in Key Management Protocols for Large Wireless Sensors Networks," Ad Hoc Networks, Vol. 1, 2003, pp. 455-468. [5] H.Deng, W. Li, and D.P. Agrawal, "Routing Security in Wireless Ad Hoc Networks, IEEE Communication Magazine, Oct. 2002. [6] C. E. Perkins, and P. Bhagwat, Highly dynamic destination-sequenced distance-vector routing (DSDV) for mobile computers, Proc. of SIGCOMM, pp. 234244, 1994. [7] C. E. Perkins, E. M. Royer, and S. R. Das, Ad Hoc On-Demand Distance Vector (AODV) Routing, IETF Mobile Ad Hoc Networks Working Group, Internet Draft, work in progress, 17 Feb. 2003. [8] D. B. Johnson, D. A. Maltz, and Y-C. Hu, The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (DSR), IETF Mobile Ad Hoc Networks Working Group, Internet Draft, work in progress, 15 Apr. 2003. [9] W. Stallings, Cryptography and Network Security, 3/e, Prentice-Hall, 2003. [10] Y.-C. Hu, A. Perrig and D. B. Johnson, Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks, Proc. of IEEE INFOCOM 2003. [11] A. Shamir, How to Share a Secret, Comm. ACM, Vol. 22, No. 11, 1979, pp. 612-613. [12] C. Asmuth and J. Bloom, A Modular Approach to Key Safeguarding, IEEE Trans. Information Theory, vol. IT-29, no. 2, 1983, pp. 208-210. [13] E.D. Karnin, J.W. Greene, and M.E. Hellman, On Sharing Secret Systems, IEEE Tran. Information Theory, vol. IT-29, 1983, pp. 35-41. [14] G.J. Simmons, An Introduction to Shared Secret and/or Shared Control Schemes and Their Application, in G. Simmons, Editor, Contemporary Cryptology: The Science of Information Integrity, IEEE Press, 1992. RREQ message Node Node B D Node Destination node E KE,A ( , RAND) Source node Node A K A, E Node Node H F Node C Node Node G I Fig. 1. MANET topology and RREQ packet forwarding. RREP message Node Node B D Node ( AUTHR) Source node Node A K S E Destination node KS Node Node H ( AUTHR) F Node C Node Node G I Fig. 2. The reply of RREP for shortest path. 0-7803-8521-7/04/$20.00 2004 IEEE 4720 0-7803-8521-7/04/$20.00 (C) 2004 IEEE
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more. Course Hero has millions of course specific materials providing students with the best way to expand their education.

Below is a small sample set of documents:

Kungliga Tekniska högskolan - ICT - 2
Routing Security in Ad Hoc NetworksJanne Lundberg Helsinki University of Technology Telecommunications Software and Multimedia Laboratory Janne.Lundberg@hut.fiAbstract The existing ad hoc routing protocols do not accommodate any security and are highly
Kungliga Tekniska högskolan - ICT - 2
TELECOMMUNICATIONS NETWORK SECURITYRouting Security in Wireless Ad Hoc NetworksHongmei Deng, Wei Li, and Dharma P. Agrawal, University of CincinnatiABSTRACTA mobile ad hoc network consists of a collection of wireless mobile nodes that are capable of c
Kungliga Tekniska högskolan - ICT - 2
RoutingSecurityinWirelessAd HocNetworksHongmeiDeng WeiLi DharmaP.Agrawal IEEECommunicationsMagazineOctober2002Outline Introduction RoutingsecurityinMANETs TheblackholeproblemincurrentAODV protocol Aproposedsolutiontotheblackholeproblem Conclusionandfut
Kungliga Tekniska högskolan - ICT - 2
SECURING MOBILE AD HOC NETWORK ROUTING PROTOCOLSNG KENG SENGNATIONAL UNIVERSITY OF SINGAPORE 2003SECURING MOBILE AD HOC NETWORK ROUTING PROTOCOLSNG KENG SENG(B.Eng.(Hons.), UNIMAS)A THESIS SUBMITTED FOR THE DEGREE OF MASTER OF ENGINEERING DEPARTMENT
Kungliga Tekniska högskolan - ICT - 2
IK2205, Interdomain Routing Course Informationhttp:/www.tslab.ssvl.kth.se/course/IK2205/ Markus HidellWhat is this course about?Routing of IP packets across multiple networks Routing on the ISP level From routing protocol operation to router configurat
Kungliga Tekniska högskolan - ICT - 2
IK2205, Interdomain Routing Course Informationhttp:/www.tslab.ssvl.kth.se/course/IK2205/ Markus HidellWh What is this course about?Routing of IP packets across multiple networks Routing on the ISP level From routing protocol operation to router configu
Kungliga Tekniska högskolan - ICT - 2
Internet Routing Architectures, Second EditionSam Halabi Danny McPherson Publisher: Cisco Press Second Edition August 23, 2000 ISBN: 1-57870-233-X, 528 pagesInternet Routing Architectures, Second Edition expands on the highly successful first edition, w
Kungliga Tekniska högskolan - ICT - 2
Internet Routing Architectures, Second EditionSam Halabi Danny McPherson Publisher: Cisco Press Second Edition August 23, 2000 ISBN: 1-57870-233-X, 528 pagesInternet Routing Architectures, Second Edition expands on the highly successful first edition, w
Kungliga Tekniska högskolan - ICT - 2
IK2206 Internet Security and PrivacyPeter Sjdin, psj@kth.se1Introduction Staff Goal Planning and rules Lectures Recitations Laboration Material Book Course web Responsibilities of participants2Staff Lectures Markus Hidell Karl-Johan Grinnemo P
Kungliga Tekniska högskolan - ICT - 2
Symmetric EncryptionPeter Sjdin psj@kth.se1Acknowledgements Many people have contributed to the course material Former teachers Alberto Escudero Pascal, Jan-Olov Vatn, Bjrn Knutsson We are particularly thankful to Prof. Vitaly Shmatikov, The Univ of
Kungliga Tekniska högskolan - ICT - 2
Hashes and IntegrityPeter Sjdin psj@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1Motivation: IntegrityVIRUSbadFile goodFileThe TimesBigFirmhash(goodFile)User Software manufacturer wants to ens
Kungliga Tekniska högskolan - ICT - 2
User AuthenticationPeter Sjdin psj@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1Basic Problem?How do you prove to someone that you are who you claim to be?Any system with access control must solve
Kungliga Tekniska högskolan - ICT - 2
Public Key EncryptionKarl-Johan Grinnemo grinnemo@kth.se2004 2005 2007 2009Created by Dr. Johan Montelius Revised by Dr. Johan Montelius and Dr. Jon-Olov Vatn Revised by Dr. Karl-Johan Grinnemo1Symmetric EncryptionShared, secret keyPlaintext input
Kungliga Tekniska högskolan - ICT - 2
Authentication Protocols and Key EstablishmentPeter Sjdin psj@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1Authentication & handshakes Authentication & pitfalls Trusted intermediates Performance & r
Kungliga Tekniska högskolan - ICT - 2
KerberosPeter Sjdin psj@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1Kerberos Many-to-many authentication? Kerberos2Many-to-Many Authentication?Servers & WorkstationsUsers How can we authentic
Kungliga Tekniska högskolan - ICT - 2
Public Key InfrastructuresPeter Sjdin psj@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1Public Key Infrastructures Trust models and CA organization X.509 and PKIX standards Certificate Revocation2C
Kungliga Tekniska högskolan - ICT - 2
IPSEC: AH and ESPMarkus Hidell mahidell@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1Reading Kaufman, chapter 16-172TCP/IP Example3IP Security Issues Eavesdropping Modification of packets in tr
Kungliga Tekniska högskolan - ICT - 2
IPSEC: IKEMarkus Hidell mahidell@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1Reading Kaufman, chapter 18 (and some of 16)2Secure Key Establishment Goal: generate and agree on a session key using
Kungliga Tekniska högskolan - ICT - 2
TLS/SSLPeter Sjdin psj@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1What is SSL / TLS? Transport Layer Security protocol, version 1.0 De facto standard for Internet security The primary goal of the
Kungliga Tekniska högskolan - ICT - 2
FirewallsMarkus Hidell mahidell@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1Reading Kaufman, chapter 232Firewallsadministered network firewallpublic Internet Isolates organizations internal ne
Kungliga Tekniska högskolan - ICT - 2
E-mail SecurityPeter Sjdin psj@kth.seBased on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers1E-mail Security Overview and e-mail spoofing Design considerations PGP S/MIME2Simple Mail Transfer Protocol (SMTP)SMTP
Kungliga Tekniska högskolan - ICT - 3
IK2211 Data Links and Local Area NetworksEthernetPeter Sjdin KTH School of ICTOverview Background and recapitulation High speed Ethernet Spanning Tree Protocol Virtual LANs and large scale EthernetMAC Frame FormatMedia-specific preambleData link la
Kungliga Tekniska högskolan - ICT - 3
IK2211 Data Links and LANs Optical Networks moduleLena Wosinskawosinska@kth.seThe Royal Institute of Technology (KTH), School of Information and Communication Technology (ICT) Next Generation Optical NETworks (NEGONET) http:/www.ict.kth.se/MAP/FMI/Nego
Kungliga Tekniska högskolan - ICT - 3
IK2211 Data Links and Local Area NetworksPeter Sjdin, Markus Hidell KTH School of ICTIntroduction Course planning and organization Staff Modules Lectures Home assignments Laboratory assignments Web site project Course material eLearning portal Introd
Kungliga Tekniska högskolan - ICT - 3
Multi-Protocol Label Switching IK2211 Data Links and Local Area NetworksMPLSMarkus Hidell KTH School of ICTMulti-Protocol Label SwitchingBackground In the late 1990s (1995-1997) several new techniques to simplify IP forwarding appeared Basic idea was
Kungliga Tekniska högskolan - ICT - 3
IK2211 Data Links and Local Area NetworksOptical NetworksPeter Sjdin KTH School of ICTTopics Optical Systems and Devices WDM transmission Add-drop multiplexing Cross-connects Digital Optical SDH/SONET Protection and restoration Control Neighbour d
Kungliga Tekniska högskolan - ICT - 3
IK2211 Data Links and Local Area NetworksWireless NetworksPeter Sjdin KTH School of ICT1About These Slides Slides are to a large extent based on material from Computer Networking: A Top Down Approach, 4th edition. Jim Kurose, Keith Ross. Addison-Wes
California PA - ACCT - 123
Chapter5CostVolumeProfitRelationshipsSolutionstoQuestions51 Thecontributionmargin(CM)ratioisthe ratioofthetotalcontributionmargintototalsales revenue.Itcanbeusedinavarietyofways.For example,thechangeintotalcontributionmargin fromagivenchangeintotalsale
CSU San Marcos - MIS - 304
Tiffany Woodbury Seat: C-4-1Bus 302 Mon. 1-3 Beverlee B. Anderson, Ph.DTitle of Article: Middle East Investors Wait for Fog to Clear Issue Date: February 4, 2011 Page Number(s) Online Appropriate Model for Analysis: Porters Diamond Model Focus: Middle E
CSU San Marcos - MIS - 304
1. What do you think about your boss asking for a memo for his boss? Is that a good thing? Yes, because it outlines the advantages and justifies need of such system and cost of such a system with how its going to affect sales force, calculated advantage a
CSU San Marcos - MIS - 304
MIS 304 Management Information SystemsT.SanaeWoodbury Exercises3TheDeeVideoEpisode1and2Episode1:question141) Whatdoyouthinkaboutthisblogidea? Ithinktheblogideacouldworkifitissimpleandeasytouseandeasytonavigate.It woulddefinitelyhavetobefocusedandpresen
CSU San Marcos - MIS - 304
MIS 304 Management Information SystemsT.SanaeWoodbury Exercises4CompetitiveAdvantagesPart1Slides81) Readthefivesituationsontheslides,andidentifywhichcompetitiveforceitaffects. The five competitive forces determine industry profitability and competitive
CSU San Marcos - MIS - 304
MIS 304 Management Information SystemsExercisesforDeesVideo(46)TiffanySanaeWoodbury Watchthevideo(5episodesoftheDeevideo)containedinthisfolder.Answerthereview questions:Episode4: 1. IfsomeonehadaskedDeebeforeshestartedthisproject,ifsheneededtoknowthed
CSU San Marcos - MIS - 304
T. Sanae WoodburyPart Number 2 3 4 5 6 7 8 9 10 11 12 13 14Description Handle Bar Bar Grip Bar Tang Wagon Body, Metal Front Wheel Assembly Front Wheels Axel Front Wheel Retainer Rear Wheel Assembly Rear Wheels Axel Wheel Retainer Bar StockInventory Lev
CSU San Marcos - MIS - 304
God as Computer ProgrammerGod as Computer Programmer Some Important Theological Questions are Answered if we think of God as a Computer Programmer. Q: Does God control everything that happens in my life? A: He could, if he used the debugger, but it's ted
CSU San Marcos - MIS - 304
D ateofRequ M anager.Fi Manager.La IPAddressT BlockingIn est rstName stName Clinton Clinton Paul oblock 144.25.68.89 both 144.23.67.33 incoming Out 1/1/2008 H illary 1/4/2008 H illary 2/14/2008 Ron 144.23.65.87 incomingStatus Approved Pending PendingSpe
CSU San Marcos - MIS - 304
<html> <title> Onestar Sanae Sending Greetings</title> <body> <h1 align= center> Greetings Professor Fang.</h1> <div align="left" class="Georgia1"> <p>This webpage is brought to you by Mis 304. </p></div> <font face="Georgia, Times New Roman, Times, serif
CSU San Marcos - MIS - 304
VendorName ProductInventoryCostOfSum Copper River Manufacturin g $205,987.50 Illumination, Inc $97,235.00 Plymouth Sales $113,077.50 Slate Distribution $100,550.00 Team Facility $67,175.00CategoryAccessories Clothing Furniture LinensProductInventoryCos
CSU San Marcos - MIS - 304
MANAGEMENTINFORMATION SYSTEMSReview2FangFang DeptofISOM CSUSMCHAPTERSOVERVIEW02/17/11Chapter 1 3 Strategic Use of Information Systems Chapter 4 6 Technology Components of Information Systems Chapter 7-9 Different Types of InformationManagement Infor
CSU San Marcos - MIS - 304
Mis3keyselementsdevelopmentuse,infosystems,businessgoalsobject.Thedevelopmentanduseofinfosystemsthathelp businessesachievetheirgoalsandobjectives.MooresLaw,costofdatacommunicationsanddatastorageisessentiallyzero. Suffficientmoneyreleveanttimilely 8princ1.
CSU San Marcos - MIS - 304
MIS 304 Management Information Systems Tiffany Sanae Woodbury MIS Lab Exercise Chapter 1: MIS and YouThe Spreadsheet in Microsoft Excel file Ch1Ex1 contains records of employee activity on special projects. Open this workbook and examine the data that yo
CSU San Marcos - MIS - 411
TERM PROJECT COVER PAGE AND OUTLINEVersion 08.27.10You must include this page in front of your page 1 Title page. Each Team Member, Please Read, then Sign Below: I HAVE CONTRIBUTED ONLY MY OWN ORIGINAL WORK, UNLESS OTHERWISE NOTED. I HAVE PROPERLY REFER
CSU San Marcos - MIS - 411
Chapter 11. Examples of relationships:2.In this database, the relationship between CUSTOMER and CONTACT HISTORY is one-to-many:10. a. one-to-many b. many-to-many11.
CSU San Marcos - MIS - 411
Tiffany Sanae Woodbury MIS 411 Chapter 1 Homework ExerciseSolve the following textbook problem exercises 1.2.10. a. One to Many b. Many to Many 11.
GWU - PHYS - 2163
Waves, the Wave Equation, and Phase VelocityWhat is a wave? Forward [f(x-vt)] and backward [f(x+vt)] propagating waves The one-dimensional wave equation Harmonic waves Wavelength, frequency, period, etc. 0 1 2 3f(x) f(x-2) f(x-1) f(x-3)xPhase velocity
GWU - PHYS - 2163
What is a wave?A wave is anything that moves. To displace any function f(x) to the right, just change its argument from x to x-a, where a is a positive number. If we let a = v t, where v is positive and t is time, then the displacement will increase with
GWU - PHYS - 2163
The one-dimensional wave equation and its solutionWell derive the wave equation from Maxwells equations next class. Here it is in its one-dimensional form for scalar (i.e., non-vector) functions, f: 2 2f 1f 2 2 =0 2 x v tLight waves (actually the elect
GWU - PHYS - 2163
Proof that f (x vt) solves the wave equationu = 1 and Write f (x vt) as f (u), where u = x vt. So xNow, use the chain rule:f f = x uf f u = x u x f f u = t u t2 2 f 2 f =v 2 t u 2u =v tSo2 f 2 f x 2 = u 2andf f =v t u Substituting into the wave
GWU - PHYS - 2163
The 1D wave equation for light waves2 E 2 E 2 = 0 2 x tWell use cosine- and sine-wave solutions: where E is the light electric fieldE ( x, t ) = B cos[k ( x vt )] + C sin[k ( x vt )]orkx (kv)tE ( x, t ) = B cos(kx t ) + C sin(kx t )where: k=v=1
GWU - PHYS - 2163
A simpler equation for a harmonic wave:E(x,t) = A cos[(kx t) ]Use the trigonometric identity:cos(zy) = cos(z) cos(y) + sin(z) sin(y)where z = k x t and y = to obtain:E(x,t) = A cos(kx t) cos( ) + A sin(kx t) sin( )which is the same result as before,
GWU - PHYS - 2163
Definitions: Amplitude and Absolute phaseE(x,t) = A cos[(k x t ) ]A = Amplitude = Absolute phase (or initial phase)
GWU - PHYS - 2163
DefinitionsSpatial quantities:Temporal quantities:
GWU - PHYS - 2163
DefinitionsSpatial quantities:Temporal quantities:
GWU - PHYS - 2163
Human waveA typical human wave has a phase velocity of about 20 seats per second.
GWU - PHYS - 2163
The Phase of a WaveThe phase is everything inside the cosine.E(x,t) = A cos( ), where = k x t = (x,y,z,t) and is not a constant, like !In terms of the phase, = / t k = / xAnd / t v = This formula is useful when the wave is really complicated. / x
GWU - PHYS - 2163
Complex numbersConsider a point, P = (x,y), on a 2D Cartesian grid.Let the x-coordinate be the real part and the y-coordinate the imaginary part of a complex number. So, instead of using an ordered pair, (x,y), we write: P = x+iy = A cos( ) + i A sin( )
GWU - PHYS - 2163
Euler's Formulaexp(i ) = cos( ) + i sin( )so the point, P = A cos( ) + i A sin( ), can be written:P = A exp(i )whereA = Amplitude = Phase
GWU - PHYS - 2163
Proof of Euler's Formula exp(i ) = cos( ) + i sin( )Use Taylor Series:x x2 x3 f ( x) = f (0) + f '(0) + f '(0) + f '(0) + . 1! 2! 3!x x 2 x3 x 4 exp( x) = 1 + + + + + . 1! 2! 3! 4! x 2 x 4 x 6 x8 cos( x) = 1 + + + . 2! 4! 6! 8! x x3 x5 x 7 x9 sin( x) =
GWU - PHYS - 2163
Complex number theoremsIf exp(i ) = cos( ) + i sin( )exp(i ) = 1 exp(i / 2) = i exp(-i ) = cos( ) i sin( ) 1 cos( ) = [ exp(i ) + exp(i )] 2 1 sin( ) = [ exp(i ) exp(i ) ] 2i A1exp(i1 ) A2 exp(i 2 ) = A1 A2 exp [ i (1 + 2 ) ]A1exp(i1 ) / A2 exp(i 2 ) =
GWU - PHYS - 2163
More complex number theoremsAny complex number, z, can be written: So and z = Recfw_ z + i Imcfw_ z Recfw_ z = 1/2 ( z + z* ) Imcfw_ z = 1/2i ( z z* )where z* is the complex conjugate of z ( i i ) The "magnitude," | z |, of a complex number is: | z
GWU - PHYS - 2163
We can also differentiate exp(ikx) as if the argument were real.d exp(ikx) = ik exp(ikx) dx Proof : d [ cos(kx) + i sin(kx)] = k sin(kx) + ik cos(kx) dx 1 = ik sin( kx) + cos(kx) i But 1 / i = i, so : = ik [ i sin(kx) + cos(kx) ]