Notes:

Short Question Answer: 1—2

Assignment 3 with solution: 3—9
Assignment 4 with solution: 10—13
Physical Layer: 14—27 (Consult PPTx slides as well)
Wired and Wireless Networks: 28—31 (Consult PPTx Slides as well)
Security in Computer Networks: 31—34 (Consult PPTx slides as well)
Network Layer (Consult PPTx slides as well)

Q1. Define Bandwidth and Latency?

Answer: Network performance is measured in Bandwidth (throughput) and Latency (Delay).
Bandwidth of a network is given by the number of bits that can be transmitted over the network
in a certain period of time. Latency corresponds to how long it t5akes a message to travel from
one end off a network to the other. It is strictly measured in terms of time.

Q2. Define Routing?

Answer: The process of determining systematically hoe to forward messages toward the
destination nodes based on its address is called routing.

Q3: Do routers have IP addresses? If so, how many IP addresses and does each IP address
have to belong to the same or a different subnet?
Answer:
Routers typically have multiple IP addresses. They have (at least) one IP for each LAN (well,
at least if it's an IP LAN) and usually one (sometimes more, but usually one) address attached to
a "loopback interface" for management purposes.

Basically, no There are numerous reasons, but the simplest that if an IP address belongs to the
different subnet, it will break any routing and a host will have no way of knowing that they're going
to an address on a different network. An IP address needs to be unique, regardless of subnet.

Q4. Define the terms Unicasting, Multiccasting and Broadcasting?

Answer: If the message is sent from a source to a single destination node, it is called
Unicasting. If the message is sent to some subset of other nodes, it is called Multicasting. If
the message is sent to all the m nodes in the network it is called Broadcasting.

Q5. List the layers of OSI

Answer: a. Physical Layer b. Data Link Layer c. Network Layer d. Transport Layer e. Session
Layer f. Presentation Layer g. Application Layer.

Q6. Which layers are network support layers?

Answer: a. Physical Layer b. Data link Layer and c. Network Layers.

Q7. Which layers are user support layers?

Answer: a. Session Layer b. Presentation Layer and c. Application Layer

Q8. What are the concerns of the Physical Layer?

Answer: Physical layer coordinates the functions required to transmit a bit stream over a
physical medium. a. Physical characteristics of interfaces and media b. Representation of bits
c. Data rate d. Synchronization of bits e. Line configuration f. Physical topology g.
Transmission mode.

Q9. What are the responsibilities of Data Link Layer?

1
The Data Link Layer transforms the physical layer, a raw transmission facility, to a reliable link
and is responsible for node-node delivery. a. Framing b. Physical Addressing c. Flow Control
d. Error Control e. Access Control.

Q10. What is Framing?

Answer: Framing in the data link layer separates a message from one source to a destination,
or from other messages to other destinations, by adding a sender address and a destination
address. The destination address defines where the packet has to go and the sender address
helps the recipient acknowledge the receipt.
Q11. What is MAC address?
Answer: The address for a device as it is identified at the Media Access Control (MAC) layer
in the network architecture. MAC address is usually stored in ROM on the network adapter
card and is unique.

Q12: Difference between bit rate and baud rate.

Answer: Bit rate is the number of bits transmitted during one second whereas baud rate refers
to the number of signal units per second that are required to represent those bits. baud rate =
(bit rate / N) where N is no-of-bits represented by each signal shift.

Q13. What is Bandwidth?

Answer: Every line has an upper limit and a lower limit on the frequency of signals it can carry.
This limited range is called the bandwidth.

Q14. What is difference between ARP and RARP?

Answer: The address resolution protocol (ARP) is used to associate the 32 bit IP address
with the 48 bit physical address, used by a host or a router to find the physical address of
another host on its network by sending a ARP query packet that includes the IP address of
the receiver. The reverse address resolution protocol (RARP) allows a host to discover its
Internet address when it knows only its physical address.

2
 Assignment 3 (Solution)
Question 1
i. Please compare and contrast the advertisements used by RIP and OSPF.
ii. How does BGP use the NEXT-HOP attribute? How does it use the AS-PATH attribute?

Answers:
I. Please compare the advertisements used by RIP and OSPF.

RIP OSPF
RIP Stands for Routing Information Protocol.
OSPF stands for Open Shortest Path First.
RIP works on Bellman Ford algorithm. OSPF works on Dijkstra algorithm.
It is a Distance Vector protocol, and it uses the
It is a link state protocol, and it analyzes
distance or hops count to determine the
different sources like the speed, cost and path
transmission path. congestion while identifying the shortest path.
It is basically use for smaller size organization.
It is basically use for larger size organization in
the network.
RIP uses UDP (User Datagram Protocol) OSPF works for IP (Internet Protocol) Protocol.
Protocol.

II. How does BGP use the NEXT-HOP attribute? How does it use the AS-PATH
attribute?

BGP protocol:

BGP (Border Gateway Protocol) is an Inter-AS routing protocol. The two most important
attributes are AS-PATH and NEXT-HOP.

• The advertisement passed for the prefix values contains the AS’s in the AS-PATH.
• The NEXT-HOP is the router interface that initiates the AS-PATH.
• The routers also use the AS-PATH attribute for mutliple paths.
• The first router is configured in the forward table, the router uses the NEXT-
HOP attribute.

Question 2
i. Why are different inter-AS and intra-AS protocols used on the Internet?

Reasons:

1. Policy:

• The policy issues of the inter-AS and the intra-AS leads to the usage of the different inter-AS and
intra-AS on the Internet.

3
• In inter-AS, the traffic originating in each Autonomous System (AS) cannot pass through another
specific AS.

• The BGP (Border Gateway Protocol) carries the path attributes and provides for the controlled
distribution of routing information leading to the policy-based routing decisions.

• In the Intra-AS routing protocol, the Autonomous System (AS) is under the same administrative
control. So, the policy issues play a less important role in choosing routes.

2. Scalability:

• The Scalability is one of the reasons for the usage of the different inter-AS and intra-AS on the Internet.

• The ability to scale and handle the routing among many networks is difficult in the inter-AS routing
protocol.

• The ability to scale the routing is less in Intra-AS routing. if there is a large single administrative
domain, then it can be divided into smaller AS’s.

3. Performance:

• The inter-AS is the policy-oriented protocol. The policy of the inter-AS dominates the quality and the
performance associated with the routes among the AS’s.

• The intra-AS focuses on the performance of the routing on a router because of a single AS.

ii. Compare and contrast link-state and distance-vector routing algorithm

Similarities between Link state routing algorithm and Distance Vector routing algorithms:

• Link state routing algorithm and Distance Vector routing algorithms are routing algorithm that finds
the best path from source router to destination router from a set of routers and their links connecting
other routers.

• The least-cost path between a source and destination are computed.

ii.Difference between Link state routing algorithm and Distance Vector routing algorithms:

Link state Routing Algorithm Distance Vector Routing Algorithm

The network topology and all the link costs are The input to algorithm is all the associated costs
the input to this algorithm. with the current node to all its neighbors.

It computes the least-cost path from source to It computes the least path in an iterative and
destination with computer knowledge on distributed manner.
network.

The shortest path is calculated using Dijkstra’s The shortest path is calculated using Bellman
algorithm. Ford algorithm.

OSPF is an example of link state algorithm. RIP is an example of Vector routing algorithm.

Convergence time is fast Convergence time is slow

Question 3

4
 Consider a datagram network using 32-bit host addresses. Suppose a router has four links,
numbered 0 through 3, and packets are to be forwarded to the link interfaces as follows:

a) Provide a forwarding table that has five entries, uses longest prefix matching, and
forwards packets to the correct link interfaces.

Solution:

a) Prefix Match Link Interface

11100000 00 0
11100000 01000000 1
1110000 2
11100001 1 3
Otherwise, 3

b) Describe how your forwarding table determines the appropriate link interface for
datagrams with destination addresses:

11001000 10010001 01010001 01010101

11100001 01000000 11000011 00111100
11100001 10000000 00010001 01110111

Solution:
b) Matches to “otherwise” entry, link 3
Matches to “111000” entry, link 2
Matches to “1110001 1” entry, link 3

Question 4 . Consider sending a 2400-byte datagram into a link that has an MTU of 700 bytes. Suppose the
original datagram is stamped with the identification number 422. How many fragments are generated?
What are the values in the various fields in the IP datagram(s) generated related to fragmentation?

5
 Length Id More Fragment Flag Offset

Solution:

Question 5
Consider the network shown in Fig below. With the indicated link costs, use Dijkstra’s shortest-
path algorithm to calculate the shortest path from x to all network nodes. Please write down
intermediate steps in obtaining the solution.

6
 Fig. 1
Solution:

QUESTION 6
Consider the network shown in below Fig and assume that every node initially knows the
costs to each of its neighbors. Consider the distance-Vector (DV) algorithm and show the
distance table entries at node z.

Fig. 2

Solution:
Distance vector routing algorithm exchanges the information with the neighbours and works
asynchronously.
According to the distance vector algorithm, any node m computes the distance vector using the
following formulas:

7
Note: NA is used when there is no distance value.
Constructing the distance vector table for node z from the network diagram:

Now update the table with costs of all the neighbouring nodes.

Update the table with minimum costs using the distance vector routing algorithm:
Example: v to y, two paths are available. v-u-y and v-x-y with costs 3 and 6 respectively. So, v-u-y is the
path with minimum cost. Hence update the table with this value.

Therefore, at node z, the above table will be computed by the distance vector routing algorithm.

Question 7

Consider the network shown in Fig below. Suppose AS3 and AS2 are running OSPF for their
intra-AS routing protocol. Suppose AS1 and AS4 are running RIP for their intra-AS routing
protocol. Suppose eBGP and iBGP are used for the inter-AS routing protocol. Initially suppose
there is no physical link between AS2 and AS4.
a) Router 3c learns about prefix x from which routing protocol: OSPF, RIP, eBGP, or iBGP?
b) Router 3a learns about x from which routing protocol?
c) Router 1c learns about x from which routing protocol?
d) Router 1d learns about x from which routing protocol?

8
Solution:
EBGP: external BGP runs between routers in different ASs
IBGP: internal BGP runs between routers in the same AS
a. eBGP: Router 3c learns about x from eBGP
b. iBGP: Router 3a learns about x from iBGP
c. eBGP: Router 1c learns about x from eBGP
d. iBGP: Router 1d learns about x from iBGP

Question 8: Consider a router that interconnects three subnets: Subnet 1, Subnet 2, and Subnet
3. Suppose all of the interfaces in each of these three subnets are required to have the prefix
223.1.17/24. Also suppose that Subnet 1 is required to support at least 60 interfaces, Subnet 2
is to support at least 90 interfaces, and Subnet 3 is to support at least 12 interfaces. Provide
three net- work addresses (of the form a.b.c.d/x) that satisfy these constraints.

Solution:

Three net- work addresses (of the form a.b.c.d/x) that satisfy given constraints as follows:

• 223.1.17.0/25
• 223.1.17.128/26
• 223.1.17.192/26

9
 Assignment 4 (Solution)
Question No. 01:

i. In CSMA/CD, after the fifth collision, what is the probability that a node chooses
K = 4? The result K = 4 corresponds to a delay of how many seconds on a 10 Mbps
Ethernet?
Solution:
After fifth collision, node chooses value of K randomly from {0, 1, 2,..., 25 – 1} or 0 to 31.
Hence, P(K=4) = 1/32
Delay = K * 512 bit times
As K = 4 and for 10 Mbps ethernet, bit time = 0.1 microsecond
Delay = 4 * 512 * 0.1 microsecond
= 204.8 microsecond

ii. What is the maximum number of VLANs that can be configure on a switch supporting the
802.1Q protocol? Why?
Solution:
As VLAN Id field is of 12 bits for 802.1Q protocol,
Maximum number of VLANs = 212 – 2 = 4096 – 2 = 4094
Out of total 4096, 0 and 4096 are reserved, So 4094 can be used.

Question No. 02:

i. Why is an ARP query sent within a broadcast frame? Why is an ARP?
Solution:
To send an IP datagram, the sender must know both the IP and MAC address. Sender initially
does not know the MAC address, so it will send an ARP query as a broadcast message across
the LAN. Each node will receive the message and send it to its own ARP module. Each ARP
module checks if that IP address matches its IP address. If it does, it will send the ARP response
back to the sender with the MAC address inside a frame of the packet.

ii. Distinguish between baseband transmission and broadband transmission.

Solution:

Baseband Transmission Broadband Transmission

Digital signals Analog signals
Bi-directional transmission of data Uni-directional transmission of data
FDM is not possible FDM is possible
Short distance signal travelling Long distance signal travelling
Entire bandwidth is used for transmission of Multiple signals are simultaneously
one signal transmitted over different frequencies
Example: Ethernet is using Basebands for Example : Used to transmit cable TV to
LAN premises

Question No. 03:

An organization is granted the block 130.56.0.0/16. The administrator wants to create

10
1024 subnets.
a) Find the number of addresses in each subnet.
Valid addresses can exist in each subnet are 62.

b) Find the subnet prefix.

The subnet prefix is 16.

c) Find the first and the last address in the first subnet.
First address in subnet 1 will be 130.56.0.1 and last address is sibnet 1 will be
130.56.0.62.

d) Find the first and the last address in the last subnet.
First address is 1024 subnet will be 130.56.255.193 and last address in 1024 subnet will
be 130.56.255.254.

Question No. 04:

Consider three LANs interconnected by two routers, as shown in Figure 1.

a) Assign IP addresses to all of the interfaces. For Subnet 1 use addresses of the form
192.168.1.xxx; for Subnet 2 uses addresses of the form 192.168.2.xxx; and for
Subnet 3 use addresses of the form 192.168.3.xxx.
• Simply increment in the network
• Note how the interface to the router is also included in the subnet

11
 b) Assign MAC addresses to all of the adapters.
• 16 bit hexadecimal
• Just pretend these MAC addresses were made in the factory
• You can actually change your MAC address
• Won't check if your MAC address is valid

c) Consider sending an IP datagram from Host E to Host B. Suppose all of the ARP
tables are up to date. Enumerate all the steps, as done for the single-router
example in Section 6.4.1.
• The prefix of the IP is different
• If the prefix is not the same then it'll go through a different router
• E sends it's source IP and source MAC address
• Send a packet to destination 192.168.1.3 router 2
• Ask router to do the rest
• Router 2 then extracts the data gram and determines it has to send it to Router 1
o Source MAC of the router 2's sending interface is used and desintation MAC of
router's 1 interface used
o IPs of E and B are still used and sent to router 1
o Router 1 sends it to B

d) Repeat (c), now assuming that the ARP table in the sending host is empty (and
the other tables are up to date).
• E knows R2 IP
• Broadcast ARP from E, then the R2 receives this and transmits back it's MAC address
• E now knows the IP and MAC address of R2
• Repeated across the whole network

Question No. 05:

i. What is the bit rate for each of the following signals?
a) A signal in which 1 bit lasts 0.001 s
Bitrate = 1/duration = 1/0.001 = 1000 bps = 1 kbps

b) A signal in which 1 bit lasts 2 ms

12
 Bitrate = 1/duration = 1/2*10-3 = 500 bps = 0.5 kbps

c) A signal in which 10 bits last 20 μ s

Bitrate = 1/(20*10-6 / 10) = 1/2*10-6 = 500 kbps

ii. What is the bandwidth of the composite signal shown in below figure.

Solution:

Bandwidth = fh – fl = 180 – 155 = 25 Hz

Question No. 06:

A periodic composite signal contains frequencies from 10 to 30 KHz, each with an amplitude
of 10 V. Draw the frequency spectrum?

Solution:
The signal is periodic and the frequency domain is made of discrete Like as this Diagram:

13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 Wired and Wireless Networks
Q1: What does it mean for a wireless network to be operating in “infrastructure mode”? If the
network is not in infrastructure mode, what mode of operation is it in, and what is the difference
between that mode of operation and infrastructure mode?
Answer: In infrastructure mode of operation, each wireless host is connected to the larger network via
a base station (access point). If not operating in infrastructure mode, a network operates in ad-hoc mode.
In ad-hoc mode, wireless hosts have no infrastructure with which to connect. In the absence of such
infrastructure, the hosts themselves must provide for services such as routing, address assignment,
DNS-like name translation, and more.

Q2: What are the differences between the following types of wireless channel impairments: path
loss, multipath propagation, interference from other sources?
Answer: Path loss is due to the attenuation of the electromagnetic signal when it travels
through matter. Multipath propagation results in blurring of the received signal at the receiver
and occurs when portions of the electromagnetic wave reflect off objects and ground, taking
paths of different lengths between a sender and receiver. Interference from other sources
occurs when the other source is also transmitting in the same frequency range as the wireless
network.

Q3: As a mobile node gets farther and farther away from a base station, what are two actions that
a base station could take to ensure that the loss probability of a transmitted frame does not
increase?
Answer: The two possible ways are, 1) increasing the transmission power, and 2) reducing the
transmission rate.

Q4: Describe the role of the beacon frames in 802.11.

Answer: Access Points (APs) transmit beacon frames. An AP‟s beacon frames will be transmitted over
one of the 11 channels. The beacon frames perm it nearby wireless stations to discover and identify the
AP.

Q5: Why are acknowledgments used in 802.11 but not in wired Ethernet?
Answer: In wired Ethernet, the transmitted can sense the wire and decide if the frame was
successfully delivered, so no ACK is necessary. In the wireless scenario, the sender has no idea if the
frame was successfully delivered, for two reasons. First, fading or the hidden-terminal problem may
mean that interference occurred without the sender knowing. Second, the sender may not be capable
of transmitting and listening at the same time, making collision detection impossible. Hence, an ACK
is useful.

Q6: Suppose the IEEE 802.11 Request to Send (RTS) and Confirm to Send (CTS) frames were as
long as the standard DATA and ACK frames. Would there be any advantage to using the CTS
and RTS frames? Why or why not?
Answer: RTS/CTS is the optional mechanism used by the 802.11 wireless networking protocol to
reduce frame collisions introduced by the hidden node problem.
Yes. They are still necessary to avoid the hidden terminal problem. The
CTS and RTS frames makes sure a node A sending to B won't interfere with another node C also
attempting to contact B, even if A and C are unable to see each other.

Q7: What are the differences between a master device in a Bluetooth network and a base station
in an 802.11 network?
Answer: Bluetooth devices organize themselves into a "Piconet" of up to 8 slave devices. One of the
devices will be the "master" device. The master's clock determines the Piconet time. The master can
change any device from Parked to Slave. Blutooth is also an example of an Ad-hoc network.

28
A base station or access point is a receiver and transmitter acting as the hub of the WIFI network.
Additionally, may also function as the gateway between a wired network and the wireless network.
This is also an example of infrastructure mode.

Q8: What are three approaches that can be used to avoid having a single wireless link degrade
the performance of an end-to-end transport-layer TCP connection?
Answer:
• Local recovery - Recovers from bit errors at the wireless link when they occur.
• TCP Sender awareness of wireless links - This will enable TCP to be aware of the wireless link
where ordinarily it would not be. This will make the distinction between cognitive loss and
caption loss occurring in the wired and wireless network.
• Split connection approaches - The sender and receiver is broken down into 2 transport layer
connections 1 from the mobile host to the wireless AP, the other from the AP to the end point.
This is widely used in cellular networks.

Q9: What are the differences between a master device in a Bluetooth network and a base station
in an 802.11 network?
Answer: Bluetooth devices organize themselves into a "Piconet" of up to 8 slave devices. One
of the devices will be the "master" device. The master's clock determines the Piconet time. The
master can change any device from Parked to Slave. Blutooth is also an example of an Ad-hoc
network. A base station or access point is a receiver and transmitter acting as the hub of the
WIFI network. Additionally, may also function as the gateway between a wired network and
the wireless network. This is also an example of infrastructure mode.

Q10: If a node has a wireless connection to the Internet, does that node have to be mobile?
Explain. Suppose that a user with a laptop walks around her house with her laptop, and always
accesses the Internet through the same access point. Is this user mobile from a network
standpoint? Explain.
Answer: No. A node can remain connected to the same access point throughout its
connection to the Internet (hence, not be mobile). A mobile node is the one that changes its
point of attachment into the network over time. Since the user is always accessing the Internet
through the same access point, she is not mobile.

Q11: Suppose you purchase a wireless router and connect it to your cable modem. Also suppose
that your Internet Service Provider (ISP) dynamically assigns your connected device (that is,
your wireless router) one IP address. Also suppose that you have five PCs at home that use
802.11 to wirelessly connect to your wireless router. How are IP addresses assigned to the five
PCs? Does the wireless router use Network Address Translation (NAT)? Why or why not?
i. How are the IP addresses assigned to the five PCs?
ii. What does the wireless router use for it?

Answer: Typically, the wireless router includes a Dynamic Host Configuration Protocol (DHCP)
server. DHCP is used to assign IP addresses to the 5 PCs and to the router interface. Yes, the wireless
router also uses NAT as it obtains only one IP address from the ISP.
i. IP addresses are assigned from the range of private addresses.
ii. Wireless router uses NAT for it.

Q12: Let’s assume that RTS and CTS frames were of the size of the standard DATA and ACK
frames. Would it be having any advantage? Why //why not?
Answer:
No, there wouldn’t be any advantage. Suppose there are two stations that want to transmitat the somet
ime and they both use RTS/CTS.If the RTS frame is as long as a DATA frames, the channel would be

29
 wasted for as long as it would have been wasted fortwo colliding DATA frames. Thus, the RTS/CTS
exchange is only useful when the RTS/CTS frames are significantly smaller than the DATA frames.

Q13: In wired network, CSMA/CD is used to coordinate access among multiple nodes, what
protocol is used in wireless network. How is that protocol different from CSMA/CA.

Answer: CSMA/CA
CSMA/CA stands for Carrier Sense Multiple Access/ Collision Avoidance. It is a network protocol for
transmission. It operates in the Medium Access Control Layer. This protocol is effective before the
collision.
CSMA/CD
CSMA/CD stands for Carrier Sense Multiple Access/ Collision Detection. It is also a network protocol
for transmission and operates in the Medium Access Control Layer. In this protocol, each station senses
the collision by broadcast sensing. In case of collision, the transmission is stopped and they send a jam
signal and then wait for a random time context before retransmission.

Q14: Explain Hidden node/terminal problem and its solution.

Answer: A wireless network with lack of centralized control entity, sharing of wireless bandwidth
among network access nodes i.e. medium access control (MAC) nodes must be organized in
decentralized manner.
The hidden terminal problem occurs when a terminal is visible from a wireless access point (APs),
but not from other nodes communicating with AP. This situation leads the difficulties in medium
access control sub-layer over wireless networking.
In a formal way hidden terminals are nodes in a wireless network that are out of range of other
node or a collection of nodes.
Consider the scenario of wireless networking with three wireless devices(e.g. mobile phones)as
shown below.

30
The transmission range of access point A reaches at B, but not at access point C, similarly
transmission range of access point C reaches B, but not at A. These nodes are known as hidden
terminals. The problem occurs when nodes A and C start to send data packets simultaneously to
the access point B. Because the access points A and c are out of range of each other and resultant
they cannot detect a collision while transmitting, Carrier sense multiple access with collision
detection (CSMA/CD) does not work, and collisions occur, which then corrupt the data received by
the access point B due to the hidden terminal problem.
The hidden terminal analogy is determined as follows:

• Terminal C wants to send data to B, terminal C senses a "free" medium (CS fails)
and starts transmitting
• Collision at B occurs, A cannot detect this collision (CD fails) and continues with its
transmission at B
• Terminal A is "hidden" from C and vice versa

Solution: Some other technology that can be employed to solve hidden node problem
are: Increase Transmitting Power from the Nodes. With the enhancement of the
transmission power of access point can solve the hidden terminal problem by allowing the
cell around each mode to increase in size, encompassing all of the the nodes.
Use Omni directional antennas: Since nodes using directional antennas are nearly
invisible to nodes that are not positioned in the direction the antenna is aimed at,
directional antennas should be used only for very small networks.
Use protocol enhancement software: Pooling and token passing strategy should be
used before start data transformation.
Q15: How active scanning differs from passive scanning?
During an active scan, the client radio transmits a probe request and listens for a probe response from
an AP. With a passive scan, the client radio listens on each channel for beacons sent periodically by an
AP. A passive scan generally takes more time, since the client must listen and wait for a beacon versus
actively probing to find an AP. Another limitation with a passive scan is that if the client does not wait
long enough on a channel, then the client may miss an AP beacon.

31
 Security in Computer Networks
Q1: What are the differences between message confidentiality and message integrity? Can you
have confidentiality without integrity? Can you have integrity without confidentiality? Justify
your answer.
Answer: Confidentiality is the property that the original plaintext message cannot be determined by an
attacker who intercepts the ciphertext-encryption of the original plaintext message. Message integrity
is the property that the receiver can detect whether the message sent (whether encrypted or not) was
altered in transit. The two are thus different concepts, and one can have one without the other. An
encrypted message that is altered in transmit may still be confidential (the attacker can not determine
the original plaintext) but will not have message integrity if the error is undetected. Similarly, a message
that is altered in transit (and detected) could have been sent in plaintext and thus would not be
confidential.

Q2: From a service perspective, what is an important difference between a symmetric-key system
and a public-key system?
Answer: One important difference between symmetric and public key systems is that in symmetric key
systems both the sender and receiver must know the same (secret) key. In public key systems, the
encryption and decryption keys are distinct. The encryption key is known by the entire world (including
the sender), but the decryption key is known only by the receiver.

Q3: Suppose that an intruder has an encrypted message as well as the decrypted version of that
message. Can the intruder mount a ciphertext-only attack, a known-plaintext attack, or a
chosen-plaintext attack?
In this case, a known plaintext attack is performed. If, somehow, the message encrypted by the sender
was chosen by the attacker, then this would be a chosen-plaintext attack.

Q4: Suppose N people want to communicate with each of N - 1 other people using symmetric key
encryption. All communication between any two people, i and j, is visible to all other people in
this group of N, and no other person in this group should be able to decode their communication.
How many keys are required in the system as a whole? Now suppose that public key encryption
is used. How many keys are required in this case?
Answer: If each user wants to communicate with N other users, then each pair of users must have a
shared symmetric key. There are N*(N-1)/2 such pairs and thus there are N*(N-1)/2 keys. With a public
key system, each user has a public key which is known to all, and a private key (which is secret and
only known by the user). There are thus 2N keys in the public key system.

Q5: Suppose that Bob receives a PGP message from Alice. How does Bob know for sure that
Alice created the message (rather than, say, Trudy)? Does PGP use a MAC for message
integrity?
Answer:

32
Q6: What does it mean for a signed document to be verifiable and nonforgeable?
Answer: Suppose Bob sends an encrypted document to Alice. To be verifiable, Alice must be able to
convince herself that Bob sent the encrypted document. To be non-forgeable, Alice must be able to
convince herself that only Bob could have sent the encrypted document (e.g.,, non one else could have
guess a key and encrypted/sent the document) To be nonreputiable, Alice must be able to convince
someone else that only Bob could have sent the document. To illustrate the latter distinction, suppose
Bob and Alice share a secret key, and they are the only ones in the world who know the key. If Alice
receives a document that was encrypted with the key, and knows that she did not encrypt the document
herself, then the document is known to be verifiable and non-forgeable (assuming a suitably strong
encryption system was used). However, Alice can not convince someone else that Bob must have sent
the document, since in fact Alice knew the key herself and could have encrypted/sent the document.

Q7: Summarize key difference between Authentication Header (AH) and

Encapsulating Security Payload (ESP) in IPsec.
Answer: The AH provides for authentication and message integrity, while ESP provides for
authentication, integrity, and Confidentiality.

Q8: What is a man-in middle attack? Can this occur when symmetric keys are used?
In a man-in-the-middle attack, the attacker interposes him/herself between the sender and receiver,
often performing some transformation (e.g., re-encoding or altering) of data between the sender and
receiver. Man-in- the-middle attacks can be particularly pernicious as the sender and receiver will
each receive what the other has sent and since they are using encryption would think that they have
achieved confidentiality.

Q9: What does it mean to say ‘a nonce is a once-in- lifetime value?

Once in a lifetimes means that the entity sending the nonce will never again use that value to check
whether another entity is “live”.

Q10: What is the difference between an active and passive intruder?

A passive intruder only monitors (“sniffs”, intercepts) messages. An active intruder can also monitor
traffic but will also actively send messages into the network.

Q11: What is the purpose of a nonce?

Answer: A nonce is used to ensure that the person being authenticated is “live.” Nonces thus are used
to combat playback attacks.

Q12: What does it mean to say ‘a nonce is a once-in- lifetime value?

Answer: Once in a lifetime means that the entity sending the nonce will never again use that value to
check whether another entity is “live”.

33
Q13: Why does a message digest provide a better integrity check than the Internet
checksum?
Answer: One requirement of a message digest is that given a message M, it is very difficult to find
another message M’ that has the same message digest and, as a corollary, that given a message digest
value it is difficult to find a message M’’ that has that given message digest value. We have “message
integrity” in the sense that we have reasonable confidence that given a message M and its signed
message digest that the message was not altered since the message digest was computed and signed.
This is not true of the Internet checksum, where it easy to find two messages with the same Internet
checksum.

Q14: What is a key distribution centre. What is a CA?

A key distribution centre is used to create a distribute a symmetric session key for two communicating
parties, requiring only that the two parties each have their own symmetric key that allows them to
encrypt/decrypt communication to/from the key distribution centre. A certification authority binds an
individual’s identity with a public key. The CA signs that key with its (the CAs) private key. Thus,
given the public key of a CA, one can retrieve the CA-signed public key for an entity, verify the CA’s
signature, and then have the CA-certified public key for an entity.

34