Name and Surnames: _____________________________________ NIU: ____________

Advanced Networks and Security

Part 1 – Partial Exam
22 November 2017
Duration: 50 minutes

1. Draw the layers structure of a hub, a bridge and a router (no need to specify what is
connected to each entry). Tell what information they use to take routing decisions and in
what PDU (Protocol Data Unit) it is.

- Hub: bits/no decission in layer 1 signals; Switch: physical address (MAC) inside frames;
Router: logical address (eg IP) inside datagrams.

2. Briefly explain how public key cryptography in encryption mode works (encryption and
decryption), and the security services provided.

Alice encrypts using Bob public key: X = E (KBp E)

B decrypts using his private key: M = D (KBs, X)
This message can only be read by B, the only who has KBs

A sends a confidential message to B, knowing that only B will be able to decrypt and/or
modify what has been sent. Therefore, it will provide: Confidentiality and Integrity

3. Briefly explain the mechanism that is used to get authentication and integrity of the public
key inside a Certificate. Briefly explain the steps a user that receives a Certificate will do
to authenticate the public key that is inside.

A digital signature made by the Certification Authority (CA) with its secret key (KCAx) is
used: S = E(KCAs, H(Certificate))

Receiver gets H(Certificate) from the received signature S’: H(Certificate) = D(KCAp, S')
Receiver calculates Hash of received Certificate H(Certificate’), and compares:
H(Certificate’) =? H(Certificate) if both are the same, certificate is authenticated.

4. Briefly explain the traffic interchange costs, including free pairings, between Tier-1 ISPs,
Tier -2 ISPs, Tier -3 ISPs and Internet Exchange Points (IXP).

- Tier 1 Networks: Settlement-free peering: allow traffic from other Tier 1 networks to
transit their backbones without a fee. Reach all other Internet networks without
purchasing IP transit or paying settlements.

4
 - Tier 2 Networks: Typically, pay a fee to a Tier 1 network to access portions of the
Internet that they cannot reach directly or via peer networking arrangements.
- Tier 3 Networks: Always pay fees to obtain access to the larger backbones via Tier 2
networks.
- Internet Exchange Point, IXP: Usually mutual agreements, that allow traffic to be
exchanged without cost.

5. Briefly explain what kind of information (including the type of metrics) is exchanged in
RIP, OSPF and BGP. Why is BGP not "really" a routing protocol?

- RIP and OSP propagate a list of routes (“route table” information) together with the
metrics to reach them; RIP: number of jumps; BGP: cost (time)
- BGP includes/propagates a Path field with the list of Autonomous Systems to reach a
network.

- In BGP there are not routes, neither it has sense to look for optimum routes. It is an
accessibility protocol. The path may contain information on how to reach the destination
(not a real cost).

6. Briefly compare (differences or similarities) 4 features of OSPF protocol versus BGP

protocol.

OSPF BGP
Routing table sent to neighbor Updated info when changes
every 30 seconds
Based on costs Based on “path”
It sends little information It sends little information
Cost: distance Cost: “path”
Partial information inside AS Partial/global Information outside AS

7. List and add a 0.5-1.5 line explanation of 4 of the 5 processes of the Collection System in
Content Management Systems (CMSs).

- Authoring: Create the content from scratch.

- Acquisition: Gather the content from some existing source.
- Conversion: Strip unnecessary information from content and change markup language.
- Stripping: removing and discarding unneeded information.
- Aggregation: Edit content, divide into components, augment to fit metadata system.

8. Very briefly explain the functionality of the Publishing System in the Content Management
Systems Architecture. Very briefly explain the Publishing templates and Publishing
services in the Publishing System.

The publishing system is responsible for pulling content components and other resources
out of the repository and automatically creating publications out of them.

- Publishing templates: Programs (code) that build publications automatically.

- Publishing services: A set of tools for controlling what is published and how it is
published. It includes the load and execution of templates.

5
9. Briefly explain 4 (out of the the 7) points that must be taken into account when designing
a CMS framework.

- Establish metrics: Start by listing what you intend to accomplish in terms of goals
- Size of company: Bigger companies requirements -> more expensive software
- Project management proficiency: formality of your management culture and support
- Degree of centralized content management processes: departments need to
synchronize authoring and publishing? sites/content/applications interaction?
- Type of content: Buy a system suited to your needs
- Variety of content: More heterogeneous content -> more standardization decisions
- Variety of publishing channels: higher number and heterogeneity of channels requires
more granular, standardized content

10. Briefly list (and explain if required) 4 changes between IPv6 header and IPv4 header.

- Expanded Hierarchical Addressing Capabilities (128 bits)

- Header Format Simplification
- Improved Support for Extensions and Options: Mandatory IPv6 Header + Optional IP
information in separate extension headers
- Fragmentation fields moved out of base header
- Flow Labelling Capability - Authentication and Privacy Capabilities
- Header Checksum eliminated - Header Length field eliminated
- Length field excludes IPv6 header - Alignment changed from 32 to 64 bits

11. Briefly explain the 4 “router advertisement, router solicitation, neighbor advertisement and
neighbor solicitation” Neighbor Discovery ICMPv6 Informational message types, including
the destination (neighbour unicast / solicitor unicast / IP multicast) in them.

- Router advertisement: Periodically multicast by router to all nodes multicast address

[link scope]
- Router solicitation: sent only at host start-up, to solicit immediate router advert. sent to
all-routers multicast address [link scope]
- Neighbor solicitation: for address resolution (≈ARP): sent to “solicited node” multicast
addr. [for unreachability detection: sent to neighbor’s unicast addr.]
- Neighbor advertisement: for address resolution (≈ARP): sent to unicast address of
solicitor. For link-layer address change: sent to all-nodes multicast addr. [usable for proxy
responses (detectable). includes router/host flag]

12. Briefly explain mobility via direct routing used in Mobile IPv6.

- A Host will acquire a care-of address when it discovers it is in a foreign subnet (i.e., not
its home subnet)
- Registers the care-of address with a home agent.
- Packets sent by a correspondent node to the mobile’s home address(es) are
intercepted by home agent and forwarded to the care-of address, using encapsulation
- Mobile IPv6 hosts sends binding-updates to correspondent node to remove home agent
from flow.