CSC461 CN Lecture 15 Feb. 13 2013

BITS Pilani
Pilani | Dubai | Goa | Hyderabad
Performance & Application-driven Approaches to Design of Computer Networks

Lectures - 15-17, February 15-17, 2013
Rahul Banerjee, PhD (CSE)

Professor, Department of Computer Science & Information Systems
E-mail: rahul@pilani.bits-pilani.ac.in
Interaction Points
Significance of the Application-Driven Approach to Design Computer Networks Need for Specialized Protocols for Applications / Classes of Applications / Services Select Application-Layer Services & Protocols

HTTP, DNS, DHCP, SMTP, POP, IMAP SOAP, REST

Overlay Networks, Protocols and Applications Example cases of VoIP, SIP, Skype, WebEx, ATT-Connect, Adobe Connect, Jabber
BITS Pilani, Deemed to be University under Section 3 of UGC Act, 1956
Network-based Multimedia Applications
Summary
First, a quick recap of Protocols and Protocol Graphs and a little additional information!
Starters, before we begin the main course!
Of Protocols & Protocol Graphs

A network protocol, in the simplest sense, is a set of predefined behaviorally encoded request-response pairs that along with a set of rules and conventions allow meaningful communication within and between nodes of a network. A graph showing interrelation of various collaborating protocols at different levels is called a Protocol Graph. In a protocol graph, each protocol is represented as a node.
HTTP TFTP
TCP
UDP
IP
Example of a Simple Protocol Graph as applicable to the Internet

HTTP FTP TFTP
TCP
UDP
IP
Protocol Representa@on
There exist numerous schemes of representation of a given Protocol. One common way to specify a Protocol is to represent it as a State Transition Diagram.
Protocol Valida@on
A Protocol needs to be proven correct before it is implemented. There exist quite a few ways of formal and semi-formal verification of Protocols. One common technique is to first represent a protocol a State Transition Diagram and then examine it for its:
completeness, Reachability, points of weakness etc.
System Model
An abstract computer model: state machine. A network or a distributed system model comprises of a set of n state machines called processors that communicate with each other, which can be represented as a graph. Message passing communica@on model: queue(s) Qij, for messages from Pi to Pj System congura@on is set of states, and message queues. In any case it is assumed that the topology remains connected, i.e., there exists a path between any two nodes.
Deni@on
States sa@sfying P are called legi@mate states and those not sa@sfying P are called illegi@mate states. A system S is self-stabilizing with respect to predicate P if it sa@ses the proper@es of closure and convergence
Dijkstra's self-stabilizing token ring system

When a machine has a privilege, it is able to change its current state, which is referred to as a move. A legi@mate state must sa@sfy the following constraints:
There must be at least one privilege in the system (liveness or no deadlock). Every move from a legal state must again put the system into a legal state (closure). During an innite execu@on, each machine should enjoy a privilege an innite number of @mes (no starva@on). Given any two legal states, there is a series of moves that change one legal state to the other (reachability).
Dijkstra considered a legi1mate (or legal) state as one in which exactly one machine enjoys the privilege.
Automata with Inputs/Outputs

Each state emits an output symbol that is noted on the state Alterna@vely, each transi@on is marked with the event that triggers the transi@on and below it lists the ac@ons that are taken as a result of the transi@on.
s1
1
d
a c b
s2
1
d/s1
a/s2 c/s3
2
b/s2
3
s3
Example of FSM Model for Protocol Verica@on (Stop and Wait Protocol)
The transmiYer sends a frame and stops wai@ng for an acknowledgement from the receiver (ACK) Once the receiver correctly receives the expected packet, it sends an acknowledgement to let the transmiYer send the next frame. When the transmiYer does not receive an ACK within a specied period of @me (@mer) then it retransmits the packet.
TransmiYer
Frame 0
Receiver
Timer
ACK 0
Frame 1
Timer
ACK 1
Frame 0
ACK 0
FSM for Stop and Wait Protocol

TransmiYer
Send Pkt 0
Ack 1 Received Timeout or Ack 1 Received Pkt 0 transmiYed
Wait Ack 1
Timeout or Ack 0 Received Pkt 1 transmiYed
Wait Ack 0
Ack 0 Received
Send Pkt 1
FSM for Stop and Wait Protocol

Receiver
Pkt 0 received Send Ack 0
Wait Pkt 0
Pkt 1 Received Send Ack 1 Pkt 1 received Send Ack 1
Wait Pkt 1
Pkt 0 Received Send Ack 0
Communica@on protocols
Communica@on protocol might be aected due to:
Ini@aliza@on to an illegal state. A change in the mode of opera@on. Not all processes get the request for the change at the same @me, so an illegal global state may occur. Transmission errors because of message loss or corrup@on. Process failure and recovery. A local memory crash which changes the local state of a process.
Exercise
Write a simula@on program that imitates the behavior of the network shown below.
The inputs to your program are the capaci@es of each buer as well as the clock structure (three vectors with the life@mes of each event) The output from your program is the sample path of the network i.e., the state trajectory and/or a trace consis@ng of a sequence of events and its corresponding @me.
B1
a d1
B2
d2
A Few Measures of Network Performance

Performance Measures
Available Performance Measured Performance
Bandwidth:
Width of the usable / allotted Frequency band Rate of data transfer in bits per second
Throughput: Actual measured rate of achievable data transfer in bits per second Bandwidth has often a value greater than that of the Throughput
Round-Trip Time (RTT) Latency: Delays of various kinds Delay x Bandwidth metric Quality of Service
17
(c) Dr. Rahul Banerjee, BITS, Pilani, India
Performance Ma-ers

With signicant input from : Professor Bob Kinicki, Computer Science Department, WPI, USA
15/02/13 Dr. Rahul Banerjee, Department of Computer Science, BITS-Pilani, INDIA 18
Interac@on Points
Computer Network Performance Metrics Performance Evalua@on Techniques
Workload Characteriza@on Simula@on Models Analy@c Models
Empirical Measurement Studies
What to measure? Choice of measurement tools The Design of Measurement Experiments

Dr. Rahul Banerjee, Department of Computer Science, BITS-Pilani, INDIA 19
15/02/13
Performance Evalua@on
Performance evaluation is the application of the scientific method to the study of computer systems. Viewed as distinct from computer system design, the goal of performance evaluation is to determine the effectiveness and fairness of a computer system that is assumed to work correctly. Performance evaluation techniques have been developed to accurately measure the effectiveness with which computer system resources are managed while striving to provide service that is fair to all customer classes.
Performance Evaluation of Computer Networks 20
Computer Network Performance Metrics

Metric :: a descriptor used to represent some aspect of a computer networks performance. The goal is objective performance indices. For computer networks, metrics can capture performance at multiple layers of the protocol stack, e.g.,
UDP throughput IP packet round trip time MAC layer channel utilization
Performance metrics can be positive and negative.

e.g., goodput, packet loss rate, MAC layer retries
21 Performance Evaluation of Computer Networks
Wide Area Network (WAN)

Host A Host N Host M Host L
2
Host B Host C
3 16 17 15
1 routers 11 12 10 9 13 7 8 14
4 5
Host J
Host D
Host E
Host G
Host H
Host F
Performance Evaluation of Computer Networks
22
Wireless Local Area Network (WLAN)

Server
Clients
AP
23
Sample Performance Measures

Category productivity Metric throughput effective capacity Mbps milliseconds packets percentage of time busy loss percentage Units
responsiveness delay round trip time queue size utilization losses channel utilization packet loss rate frame retries
buffer problems AP queue overflow packet drops playout buffer underflow rebuffer events
24
Wide Area Network (WAN)

Host A Host N Host M Host L
2
Host B Host C
3 16 17 15
1 nodes 11 12 10 9 13 7 8 14
4 5
Host J
Host D
Host E
Host G
Host H
Host F
25
Local Area Network (LAN)

A C X Z
26

Server
Client
AP
27
Outline
Performance Evaluation Computer Network Performance Metrics Performance Evaluation Techniques
Workload Characterization Simulation Models Analytic Models

Performance Evalua@on Techniques

Workload characterization for computer networks involves the design and choice of traffic types that provide the inputs for computer network performance evaluation. Performance measures of computer networks are all dependent to some extent on the input workload, the network topology and the choices in controlled parameters or network default settings. An evaluation study of a computer network seeks to determine the values for network performance indices under a given traffic workload and network configuration.
29
Typical Network Trac Types

Web Traffic between a Browser and an Internet Server. Long-Lived File Transfers
FTP downloads.
Multimedia Streaming
Video clip downloads (UDP and/or TCP) Audio VOIP (Voice Over IP)
Peer-to-Peer Exchanges
Concurrent downloads and uploads
Telnet file edits


Server
Client
AP
31
Performance Evalua@on Techniques

Network evalua1on u1lizes the actual network, an emulated network or a model of the network. Models Simulation Modeling Analytic Modeling Both modeling techniques tend to rely on queuing theory. Measurement Studies Empirical measurement of real networks Measurements where some aspect of the network architecture or topology is emulated via software or hardware.
" The primary focus of this presentation is on the design and techniques used in experiments to measure real computer networks.
32
Conceptual Models
Researchers utilize knowledge about the interactions of network components to understand and explain the workings of a computer network via a conceptual model. Models are partitioned into simulation models or analytic models. Both model types rely on simplifying assumptions that that enable the model to capture important characteristics of networks (usually in terms of networks of queues).
Simple Queuing Model
Arrivals
Queue
Server
34
Networks of Queues Model
35
Simula@on Models
Simulation attempts to reproduce the behavior of the network in the time domain. Event-driven simulation defines a network in terms of states and transitions where events trigger transitions. Simulation is essentially a numeric solution that utilizes systems of equations and data structures to capture the behavior of the simulated network in terms of logical conditions.
36
Simula@on Models
The three types of simulators are:
Trace-driven Program-driven Distribution-driven
The choice of the duration of a simulation run is subject to the same issues of estimating variance and variance reduction as found in the design of empirical measurements.
Analy@c Models
Similar to simulation models, analytic models involve systems of equations. Analytic models of computer networks usually start with a network of queues model and develop a system of equations that may or may yield a closed form solution. Analytic models of computer networks tend to be stochastic models built on the theory of stochastic processes associated with independent random variables.
Outline
Performance Evaluation Computer Network Performance Metrics Performance Evaluation Techniques
Workload Characterization Simulation Models Analytic Models


The planning phase objectives of an empirical measurement are:
1. 2. 3. To decide what to measure. To choose the measurement tools To design the experiments.
"
Network measurements can be either active or passive. Active measurement involves purposely adding traffic to the network workload specifically to facilitate the measurement (e.g., sending packet pair probes into the network to estimate the available bandwidth along a flow path). An example of a passive measurement tool is a network sniffer running in promiscuous mode to collect information about all packets traversing a network channel.
40
What to Measure?
The overall objective of the computer network measurement study guides the choice of performance indices to be measured. Metrics are either direct or indirect indices. Indirect indices require some type of data reduction process to determine metric values. Due to the large data volume associated with network traffic, measurement of computer networks often involves filtering of data or events (e.g., It is common for network measurement tools to only retain packet headers for off-line
Network Measurement Tools

While hardware probes provide the best quality measurements, they are expensive and not always available. The availability of software tools for computer networks depends on the ability to get inside the components of the network protocol stack and the ability to access nodes of the network topology. Network software measurement tools provide hooks within the network layering software to capture and store network measurement data.
Key issues in the usability of network measurement tools are:

1. 2. 3. 4.
Choice of Measurement Tools

Tool location Interference or bias introduced by the tool. Accuracy of the tool. Tool resolution
- This has become a problem with respect to the granularity of system clocks relative to the speed of modern high speed network links.
43

Server
Clients
AP
44
The Design of Measurement Experiments

Measurement Experiments are divided into two major categories: 1. Live measurements With live empirical studies, the objective is to measure the performance of the computer network while it is handling real traffic. The advantage of this type of study is that the measurement involves a real workload. One disadvantage of measuring live traffic is being convinced that this measurement involves typical traffic for this network. Another disadvantage of live traffic measurement is that reproducibility of the exact same traffic workload is usually not possible. This is problematic when the goal is to evaluate the impact of changing network components on overall performance.
45
The Design of Measurement Experiments

2. Controlled-traffic measurements
Traffic generator tools or traffic script files provide repeatable, controlled traffic workloads on the network being measured. Controlled-traffic workloads are chosen when the goal of the performance study is to evaluate the impact of different versions of a network component, strategy or algorithm on network performance. Controlled, repeatable traffic makes it easier to conduct cause-andeffect performance analysis. One difficulty with controlled-traffic is being confident in the accuracy of the traffic generator tool and the ability to conduct measurement experiments where the traffic workload choices are adequately varied to provide representative, robust network performance evaluation.
46
Measurement Design Decisions

Understanding which network components (or independent variables) significantly impact network performance. Deciding which network parameters are to be controlled and/or held fixed during experimental runs. How long to run a single experiment? How many times to repeat an experiment?
47
Throughput (Mbps)
Time (sec)
48
RSSI (dB)
Time (sec)
49

When to run experiments?
Namely, to determine whether time of day or other temporal periods influence performance measurements.
How to control, minimize and/or understand physical phenomenon or other interference sources that can produce discrepancies and variability in the measurement results?
Throughput (Mbps)
Time (sec)
51
RSSI (dB)
Time (sec)
52

What data filters to use? How and where to store experimental results? Determining the best choices of graphical and tabular forms of data representation to facilitate network performance analysis while providing a clear view of the results of the computer network performance evaluation.
53
MAC Layer Retries
Time (sec)
54
Cumula@ve Distribu@on Func@on (CDF)
55
Coming AYrac@ons
Professor Claypool will discuss: The Scientific Method applied to Computer Science Statistical Techniques used in Experimental Measurement Design
56
Summary of the Concepts & Terms learnt so far
15/02/13
(c) Dr. Rahul Banerjee, SDET Unit, BITS- Pilani, INDIA
57
Repeaters / Repeater Hubs / Shared Hubs: where usually Physical layer / level exist with L1-protocol data unit (raw bits) regeneration and onward transmission Managed Hubs / Layer-2 Switching Hubs: where Physical and Data Link layers / levels exist with ability to handle and deliver Layer-2protocol data unit (frame) Bridges: where Physical and Data Link layers / levels exist with L2-protocol data unit (frame) processing and forwarding Switches: where Physical and Data Link and / or Network (sometimes even higher) layers / levels exist with Layer-2 and / or Layer-3(c) Dr. Rahul Banerjee, BITS, Pilani, India 58
Some Networking Terms
Any question please?
Thank you for your kind attention!
For further details, you may contact at:

E-mail: rahul@bits-pilani.ac.in / rahul.banerjee.cse@gmail.com

or visit:

Home: http://www.bits-pilani.ac.in/~rahul/

References
Larry L. Peterson & Bruce S. Davie: Computer Networks: A Systems Approach, Fourth Edition, Morgan Kaufmann / Elsevier, New Delhi, 2007. <System design approach> IEEE 802 standards issued so far PLUS amendments like:
802.3ap-2007: IEEE Standard for LAN/MAN Specific Requirements Part 3: CSMA/CD Access Method and Physical Layer Specifications Amendment 4: Ethernet Operation over Electrical Backplanes 802.11-2007 IEEE Standard for LAN/MAN Specific Requirements Part 11: Wireless LAN Medium Access Control (MAC)and Physical Layer (PHY) Specifications 802.15.4a-2007 IEEE Standard for Telecommunications and Information Exchange Between Systems; PART 15.4: Wireless MAC and PHY Specifications for Low-Rate Wireless PANs (LR-WPANs) Amendment 1: Add Alternate PHY 802.1ag-2007 IEEE Standard for LAN/MAN Virtual Bridged LANs Amendment 5: Connectivity Fault Management
Dr. Rahul Banerjee, BITS, Pilani (India)
References
A. S. Tanenbaum: Computer Networks, Fourth Edition, Pearson Education, New Delhi, 2003. <Conceptual Approach> Mohammed G. Gouda: Elements of Network Protocol Design, Wiley Student Edition, John Wiley & Sons (Pte.) Ltd., Singapore, 2004. Thomas G. Robertazzi: Computer Networks and Systems: Queuing Theory and Performance Evaluation, Third Edition, Springer-Verlag, New York, 2000. <Analytical approach> S. Keshav: Computer Networking: An Engineering Approach, Pearson Education, New Delhi, 1997. A. Leon Garcia and I. Widjaja: Communication Networks: Fundamental Concepts and Key Architectures, Second Edition, Tata McGraw-Hill, New Delhi, 2004. Baldwin, D.: Discovery Learning in Computer Science. In Proceedings of the Twenty-seventh SIGCSE Technical Symposium on Computer Science Education, ACM, pp. 222-226,February 1996.
61
(c) Dr. Rahul Banerjee, BITS, Pilani, India
NOTE:
Some of the duly marked slides have been prepared with respective input from BITS, UIUC, ETH-Zurich, MSR, UoW, CMU, IETF, ITU, Sun, W3C, KU, CU, LU, IEEE PC as duly permitted for academic and research use.
Use of copyrighted material from these and other sources in the following slides is meant for pure academic reference herein is thankfully acknowledged. <Not meant for re-distribution!>
What is a Web Service?

A Web Service is simply a service available via the Web Service can be implemented in any language. Problems with Web Services:
It is not practical to automatically find web services for your needs There is no built-in mechanism for payment for use of a web service There is no built-in security control When a web service changes (e.g., adds a parameter to its method), the program using it breaks
The Simple Object Access Protocol

SOAP stands for "Simple Object Access Protocol" Used for "Remote Procedure Calls", similar to:
IIOP (for CORBA) and RMI (for Java)
Major Distinguishing Features:

SOAP is text-based (uses XML), not binary. It is therefore, Firewall-friendly It is Programming Language-independent. Therefore, it can call a program in any language IT uses standard port, since uses standard protocols
SOAP: RPC & DOC

SOAP is just a standard for sending messages (thus used as an envelope that encapsulates messages) We can send two types of messages using SOAP:
RPC: Remote Procedure Call, a request to call a method DOC: A document (this is used for more complex client server communication)
How does the SOAP Work?
SOAP Header Sec@on

The SOAP Header can contain information that describes the SOAP request. Example: <SOAP-ENV:Header> <t:Transaction xmlns:t="some-URI"
SOAP-ENV:mustUnderstand="1">5 </t:Transaction> </SOAP-ENV:Header>

Here, 5 is the transaction ID of which this method is a part. SOAP envelope's mustUnderstand attribute is set to 1, which means that the server must either understand and honor the transaction request or must fail to process the message.
SOAP Response on Error

There may be many errors in processing a SOAP request
Error in Running Method: Error in Processing SOAP Headers:
e.g., Problem running method as part of a transaction
The Main Players in SOAP

There are three components that take part in a SOAP application:
Client Application: A program that sends a SOAP request. Wants to use a service. SOAP Processor: A program that can receive SOAP requests and act accordingly (e.g., call an method of the Application Server) Application Server: A program that supplies the Web service
Applica@on Server: Some Simple @ps

The application server providing any Web Service does not need anything special.
In fact, your application server need not know that it is being used for providing a Web Service!!
A bit on the Client Applica@on

The SOAP client needs to generate a SOAP request When using Java, you shall need the following packages in your CLASSPATH to compile:
soap.jar mail.jar activation.jar
Tips on Tomcat / Servlet & SOAP Processor Scenario

Your Tomcat web server needs a web application that is a SOAP Processor Put soap.war in your <tomcat_home>/webapps directory To actually run the SOAP Processor, it needs the soap.jar, mail.jar, activation.jar files in its classpath Easiest way to get the files in its classpath: Add them to the directory <tomcat_home>/lib
Crea@ng the Applica@on Server

package hello; public class HelloServer { public String sayHelloTo(String name) { return "Hello " + name + ", How are you doing?"; } }
Note: Put applica@on in a package. Create a jar le from the package and put the package in <tomcat_home>/lib, so that it will be in Tomcat's classpath
Deploying the Web Service

The SOAP Processor must be told about your application. This is called "deploying"
Deployment is a two-step process:

Create a deployment descriptor Call the java command that deploys the web application
Deployment Descriptor
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment" id="urn:helloApp"> <isd:provider type="java" scope="application" methods="sayHelloTo"> <isd:java class="hello.HelloServer"/> </isd:provider> The scope of the Object used to fulll <isd:faultListener> the SOAP Request. org.apache.soap.server.DOMFaultListener Applica1on means that all SOAP </isd:faultListener> requests will be sent </isd:service> to the same object.
Deployment Descriptor
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment" id="urn:helloApp"> <isd:provider type="java" scope="application" methods="sayHelloTo"> <isd:java class="hello.HelloServer"/> </isd:provider> <isd:faultListener> org.apache.soap.server.DOMFaultListener </isd:faultListener> </isd:service>
Scope of Web Service

page: The service instance is available until a response is sent back or the request is forwarded to another page request: The service instance is available for the duration of the request, regardless of forwarding session: The service instance is available for the entire session
application: The same service instance is used to serve all invocations Which of these scope values require us to think about synchronizing access to data members and methods?
Comple@ng the Deployment

Save the deployment descriptor in a file, e.g., HelloDescriptor.xml Run the command:
java org.apache.soap.server.ServiceManagerClient http:// <host>:<port>/soap/servlet/rpcrouter deploy HelloDescriptor.xml
where <host> and <port> are those of Tomcat

Note that Tomcat must be running for this to work
You can get a list of all deployed web services using the command
java org.apache.soap.server.ServiceManagerClient http:// <host>:<port>/soap/servlet/rpcrouter list
Undeploying a Service
You can undeploy a web service, so that it is no longer recognized by the SOAP Processor using the command
java org.apache.soap.server.ServiceManagerClient http:// <host>:<port>/soap/servlet/rpcrouter undeploy urn:helloApp
Note that the last argument is the URI of the web service to be removed
What must the client do: A Summary Note

Create the SOAP-RPC call Set up any type mappings for custom parameters Set the URI of the SOAP service to use Specify the method to invoke Specify the encoding to use Add any parameters to the call Connect to the SOAP service Receive and interpret a response
Note on Parameters
It must be possible to "serialize" the parameters that the method invoked receives and returns. The following have default serialization/ deserialization:
primitive types: int, long, double, etc. primitive Objects: Integer, Long, Double, String, etc. complex Objects: Vector, Enumeration, Hashtable, arrays easy to use JavaBeans
Crea@ng the Server

When the application server is a script, the script is actually put in the deployment descriptor Need the jar files bsf.jar and js.jar Put them in your <tomcat_home>/lib directory
UDDI - Universal Descrip@on, Discovery and Integra@on Service

UDDI is a standard for describing and nding web services
UDDI Business Registry (UBR), Public Cloud

Nodes contain all UDDI information Nodes are synchronized, so they retain the same data You can query any node You can add UDDI to a node, and it will be replicated to all others
Interac@ng with the UDDI

UDDI is itself a web service!!! Interaction is via SOAP messages The JAXR package defines a standard way to interact with registries (can work with other types of registries too, e.g., ebXML) Two types of interaction:
Inquiry: Does not need authentification Publish: Needs authentification
WSDL - Web Services Descrip@on Language
Describing a Web Service

SOAP is just one standard to access a web service, there are many others (XML-RPC) Need a standard way to describe a Web Service:
the methods available their parameters etc.
WSDL is a standard for describing web services using XML
UPnP Services
Description is stored as XML file Control via SOAP messages: SOAP developed for web service Most every language/platform has SOAP/XML libraries Event notification with XML in General Event Notification Architecture Presentation URL can be supplied by device
The OSGi
OSGi is open, standards-based, languageneutral and OS-neutral Consists of framework in which bundles of services that register with a registry can run Runs atop the Java 2 Runtime Environment (J2RE)
OSGi Service Specica@ons

Logging service Web server Device access Configuration service Preferences service User administration service Permission administration service Package administration service
Client Authen@ca@on over the Internetworks

There exist four possibilities:
No Authentication Basic Authentication Moderate Authentication Advanced Authentication
Basic Authentication: It may be provided as an extension to the HTTP 1.1 (HHTP: RFC 2616, Extn.: RFC 2617) Moderate Authentication: Digest Access Authentication using Challenge-Response technique Advanced Authentication: There are two choices, depending upon the requirements: Kerberos-based Authentication (K-5: RFC 1510) Public-Key Cryptography-based Authentication (SSL: RFC 2246, TLS: RFC 2818)
BASIC AUTHENTICATION
Client may use it to authenticate itself to either the Origin Server or an intermediate Proxy Server. In this basic scheme, if an unauthorized access attempt is made by a client, server / proxy sends it back an Error Code: 401 / 407: Unauthorized Access Error However, server / proxy may ask / challenge the requesting client to supply / respond to one or more pieces of information and if the client sends the correct piece (s) in its
BASIC AUTHENTICATION
In this scheme, users ID and his/her password are transmitted using base64-ended plaintext. This clearly is as insecure as the default Telnet authentication scheme. Moderate and Advanced schemes of authorization attempt to tackle this issue by offering cryptographic measures.
Moderate Authoriza@on using Digest Access

In this case, a client requesting a restricted service receives a nonce-challenge from the server and is expected to generate a message digest using this nonce containing the user Id, password, numeric value of the received nonce, the requested HTTP method and the URI. This digest is then transmitted over the insecure network to the server who upon receipt, knowing the nonce and algorithm
Advanced Authen@ca@on using SSL / TLS

In this case, as discussed earlier, if a client requests an access to a restricted service, the server generates a random secret / challenge to the client. Client is expected to respond by signing the sent challenge by using its Private Key and transmit this signed response along with its digital certificate. Upon receipt, the server verifies the authenticity of the certificate, extracts clients public-key from it and using this verifies the clients signature. If the process succeeds, the client is granted access to the requested service / resource.
Client-side Issues,
Applica@ons on respec@ve devices / device clusters
Middleware-specific Issues
Server-side Issues
Role of Network Security in Pervasive Compu@ng Environments
Interac@on Points
Brief introduction to Network and internetwork Security Principles Various forms and mechanisms of security Influence of Network Security on Pervasive Computing Systems Discussion
Networks, Internetworks & Security

Network
A Computer Network is an interconnected group of autonomous computing nodes which:
Use a well-defined, mutually-agreed set of rules and conventions known as Protocols, Interact with one-another meaningfully; Allow resource-sharing preferably in a predictable and controllable manner.
Internetwork Security
A network of two or more networks is called an Internetwork Participating networks in an Internetwork may be interconnected for restricted or unrestricted resource sharing
Security is often viewed as the need to protect one or more aspects of networks operation and permitted use (access, behaviour, performance, privacy and confidentiality included), Security requirements may be Local or Global in their scope, (c) Rahul Banerjee, BITS, depending upon the network s or internetworks purpose of 99 Pilani (India) design and deployment.
Criteria for Evaluating Security Solutions

Ability to meet the specied needs / requirements Eec@veness of Approach Across Networks Compu@ng Resources Needed vis--vis the value of the protec@on oered Quality and Scalability Availability of Monitoring mechanisms Adaptability and Flexibility Prac@cability from Sociological / Poli@cal perspec@ve Economic considera@ons & Sustainability
(c) Rahul Banerjee, BITS, Pilani (India) 100
Classica@on of Security Problems: Access Breaches in Internetworks (S/W & H/W)

Inten@onal / Non-Inten@onal Access Breaches Origin-based Access Breaches Centralized / Distributed Access Breaches Service Blocking / Overwhelming / Redirec@on /Abuse / Modica@on / Termina@on-based Access Breaches Periodic / Aperiodic Applica@on-Data / Control-Data Access Breaches Event-based Access Breaches Storage-based Access Breaches
(c) Rahul Banerjee, BITS, Pilani (India)
101
Of Security AYacks, Security Threats, Security Mechanisms and Security Services

Security Attack => compromises the information-system security Security Threat => has potential for security violation Security Mechanism => detects / locates / identifies / prevents / recovers from security attacks Security Service => enhances security, makes use of the security mechanisms
102
Ac@ve versus Passive AYacks

Active attacks involve active attempts on security leading to modification, redirection, blockage or destruction of data, devices or links.
Examples:
Replay attacks Masquerade attacks Modification / corruption of data or access control bits Denial-of Service attacks
Passive attacks involve simply getting access to link or device and consequently data. (c) Rahul Banerjee, BITS,
Pilani (India)
103
A typical Internetwork Model of Security

Par@es involved:
Sender Receiver Interceptor (Passive / Ac@ve) TransmiYer Receiver Encoder Decoder
Devices involved:
Links involved:
Data and Control signal transmission links

104
Iden@ca@on of Sources of Security Problems

Importance of Identification of sources
Strategic importance for planning, preventing and / or countering Importance with respect to Sensitivity-analysis and Economic-impact-analysis and pro-active protection Monitoring-based approaches
Log-based Agent-based
Possible Approaches for Analysis
Non-monitoring approaches
Model-based Experimental Replication-based

105
Role of Cryptography, OS & Congura@on

Role of Cryptography
Secret-key cryptography Public-key cryptography Built-in OS Security at the Kernel-level Support for Cryptographic APIs Network Protocol Stack implementation decision-based security Network configuration OS configuration Application configuration Security System configuration
106
Role of Operating Systems
Role of Configuration in Security
On the Internetwork Cryptography

Internetwork Cryptography aims to handle
internetwork-specific or network-specific issues
and
problems involving authentication, integrity and secrecy / confidentiality / privacy.
Cryptography can exist with or without networks but Internetwork / Network Cryptography specifically addresses the Internetwork / Network needs / requirements and is thus a subset of general cryptography.
107
Symmetric-Key Cryptography
Symmetric-Key cryptography is called so since in this class of cryptographic algorithms, encryption as well as decryption processes are performed using the same (i.e. symmetric) key. The algorithms / schemes / programs that use this paradigm are often termed as Symmetric-Key Ciphers / Private-Key Ciphers / Secret-Key Ciphers / Conventional Ciphers etc. Rahul B anerjee, BITS, (c) In such cases, Plaintext, EncryptionPilani (India)
108
Characterizing the Symmetric Key Ciphers

This is often done by:
Choice of key-space Key-derivation / identification within the keyspace Number of cycles involved in encryption / decryption process Choice of operations (or choice of type of operators) that are used in the process of encryption / decryption Number of internal algorithms that form the final scheme of enciphering / deciphering Role, if any, of the compression algorithms / schemes in adding the security value
109
Some More Basics

Any cryptographic scheme is safe if and only if it is unbreakable in reasonable time using feasible resources in spite of the intruders being aware of:
Encryption and decryption algorithm Size of the key
Kerckhoffs Principle: Security of conventional encryption depends only upon the Secrecy of the Key, and not on the Secrecy of the Algorithm. Strength of the algorithm and the size of (c) Rahul Banerjee, BITS, key remain two important factors in Pilani (India)
110
On the Secure Deployment of the Conven@onal (Secret-Key) Cryptography

Requirements for secure deployment of conventional cryptography:
Availability of a strong Encryption Algorithm Secure distribution of the Secret Key to the intended recipients
Kerckhoffs Principle remains a guiding line for the research on conventional cryptography and its real-life use in internetworks.
111
Uncondi@onally Secure Versus Computa@onally Secure Encryp@on Schemes Unconditionally Secure Encryption schemes:
Here, the generated Ciphertext simply does not have adequate information to allow discovery of the unique plaintext irrespective of the amount of Ciphertext available (as well as irrespective of the computational resource available) to the attacker.
Computationally Secure Encryption schemes

Here, the cost of deciphering exceeds the value of enciphered information Time needed to decipher exceeds the lifetime of the enciphered information
112
Digital Signatures
A Digitally-signed Communication is a message that has been processed by a computer in such a manner that ties the message to the individual that signed the message. Criteria for Digital Signatures Technology:
An acceptable technology must be capable of creating signatures that conform to requirements: It is unique to the person using it; It is capable of verification; It is under the sole control of the person (c) Rahul Banerjee, BITS, 113 Pilani (India) using it;
Signature Dynamics
The Signature Dynamics Technology: It is an acceptable technology for use by public en@@es that uses as the means the metrics of the shapes, speeds and/or other dis1nguishing features of a signature as the person writes it by hand. It involves binding the measurements to a message through the use of cryptographic techniques. Signature Digest is the resul@ng bit-string produced when a signature is @ed to a document using Signature Dynamics.
114
Digital Cer@cates
Digital Certificate: It refers to a computer-based record which: identifies the certification authority issuing it; names or identifies its subscriber; contains the subscriber's public key; and is digitally signed by the certification authority issuing or amending it & conforms to widely-used standards.
115
Related terms:
Certification Authority: This refers to an entity that issues a certificate, or in the case of certain certification processes, certifies amendments to an existing certificate. Key Pair: This refers to a private key and its corresponding public key in an asymmetric cryptosystem. The keys have the property that the public key can verify a digital signature that the private key creates.
116
A few more points on Digital Cer@cates

One of the simplest ways to describe the function of a Digital Certificate is to treat it as a means to verify the genuineness of the Public-Key. Just as the individuals / groups are normally assigned Digital Signatures, the corporate merchants and ECommerce / I-Commerce Gateways are issued Digital Certificates for proving their authenticity to others. Certificate Expiry: Most of the certificates have their period of legal validity as marked by the issuing entity / authority, after which it is considered as invalid or expired. Certificate Revocation: If the Certificate is found to be compromised, it may be explicitly revoked by the Certificate Authority (CA) and included in the subsequently published Certificate Revocation List. Certificate Validation: It refers to the verification of the Certificate Chain.
117
Who are the common Cer@cate Authori@es?

As per the Secure Electronic Transac@ons (SET) standard, the following CAs may exist:
1. The Root Cer@cate Authority (RCA) 2. The Brand Cer@cate Authority (BCA) 3. The Geo-Poli@cal Cer@cate Authority (GCA) <opFonal> 4. The Merchant Cer@cate Authority (MCA) 5. The Payment Gateway Cer@cate Authority (PGCA) 6. The Cardholder Cer@cate Authority (CCA) 1. Merchant Cer@cates 2. Cardholder Cer@cates
118
Cer@cate Categories:
The Hierarchical CA Architecture

The Root Certificate Authority (RCA) The Brand Certificate Authority (BCA) The Geo-Political Certificate Authority (GCA) <optional> MCA
Merchant Certificates
PGCA
Payment Gateway
119
CCA
Cardholder Certificates
Who issues and signs the Cer@cates?

A Certificate Authority is a Trusted entity that issues, monitors, revokes, modifies and cancels digital certificates for a subscribers holding / requiring certificates. A digital certificate is signed with CAs private key. In principle, certificates can be of several types including Institutional Authority Certificates and Web Server Certificates.
120
Steps involved
1. A pair of Private and Public keys is created by the Requester. 2. Requester generates and encrypts a Certificate Request using its private key and sends the certificate request to your chosen CA . 3. CA initiates and completes a process to verify the correctness of the information supplied by the Requester. 4. The certificate for the Requester (who hereafter becomes a Subscriber) is signed by a device that holds the private key of the CA. 5. The certificate is sent to the Subscriber. 6. A copy of the issued Certificate is kept in certificate repository / directory (so that using (c) Rahul Banerjee, BITS, Certificates could be retrieved). LDAP etc. 121 Pilani (India)
Cer@cate revoca@on
Certificate revocation: Canceling a certificate before than its originally scheduled validity period. Certificate Revocation Lists (CRL) A CRL is a time-stamped list of revoked certificates Online Certificate Status Protocol is used for online verification.
122
Trusted versus Untrusted Networks

My Network (PAN/LAN)
Fully Trusted Partly Trusted
Our Network (LAN/MAN/WAN/ WAI)

Fully Trusted Partly Trusted Unsure
Other Networks (LAN/MAN/WAN/ WAI)

Partly Trusted (c) Rahul Banerjee, BITS, Pilani (India) Untrusted
123
The Network Perimeter

A Network / Internetwork Perimeter is a secure boundary of a network that may include some or all of the following:
Firewalls Routers IDS VPN mechanisms DMZ Screened subnets
DMZ is outside the Firewall Screened subnet is an isolated subnetwork connected to a dedicated firewall (c) Rahul B anerjee, BITS, interface 124
Pilani (India)
Intrusion Detec@on System

Intrusion Detection System (IDS) is a system that
comprises of mechanisms / devices involving one or more Intrusion Detection Sensors (traffic monitoring devices / mechanisms) placed at security-wise strategic locations; and, Has been designed to detect any known or likely intrusion into the protected network.
Types of IDS:
Network-based IDS (NIDS) : Subnetresident Host-based IDS (HIDS) : Host resident
Sensor reporting may involve (c) Rahul Banerjee, BITS, forms like logs, database several 125 Pilani (India)
Internetwork Firewall
Firewall is an internetwork security device that
serves on the only access route that connects the internal network / internetwork (i.e. the segment to be protected) to the external network (s) / internetwork (s); and, decides about physically allowing / denying entry / exit to / from the protected segment using a set of policies (often manifested in terms of rules) is called a Firewall.
A Firewall may be implemented in hardware / software / firmware or a (c) Rahul Banerjee, BITS, combination of these. 126 Pilani (India)
Characteris@cs of Internet Firewalls

Characteristically, an Internet Firewall exhibits security measures and internetwork-control-mechanisms related to but not necessarily limited to:
Internet services as separated from the intranet services Service-based directional traffic User-specific / Class-specific / Group-specific service access Service-usage / deployment-behaviour Origin-specific / Destination-specific service / traffic / monitoring / QoS-security bindings Relaying / blocking / redirection of encapsulated and / or encrypted traffic
A common assumption (though debatable) made is that the Firewall itself is incorruptible / impenetrable A firewall works under the assumption that it is solely responsible for blockade / allowance of any traffic between two or more than two networks / internetworks separated by it.
127
What does a rewall do?

As part of an Internetwork Security System, a firewall:
Allows defining exit and entry points for traffic from and to the internal protected network / intranet Offers a set of mechanisms and a set of locations / points for supervising security-sensitive activities / events / behaviour Provides network-level encapsulation, encryption, decryption, decapsulation, tunnelling services Permits a variable-security facility-zones creation that may also offer some functionalities not necessarily related to the security function that is the primary function of the firewall Supports creation and interpretation of structured (c) Rahul Banerjee, BITS, mechanisms and files for a variety of logging 128 Pilani (India) purposes.
What a Firewall does not do?

A Firewall is not meant for:
Virus / Worm / Trojan Horse / Logic bomb detection Virus / Worm / Trojan Horse / Logic bomb removal Semantic analysis of the applicationto-application messages with certain exceptions Protecting a network / internetwork from a trusted entity (client / server / user) or an internal authorized user with adequate privileges Protecting from power, link or protocol (c) Rahul Banerjee, BITS, 129 failure Pilani (India)
Cons@tuents & Types of a Firewall

Firewall Constituents: (some of these can serve as firewalls as
well)
Types of Firewalls:
Application-level Gateways and Proxies Transport-level / Circuit-level Gateways and Proxies Network-level Gateways / Routers Packet filters (also known as Static Packet Filtering Firewalls) Bastion Host Screened Host
Stateless Firewalls Stateful Inspection-based Firewalls Perimeter Firewalls Screened Host Firewalls Intranet Firewalls Internet Firewalls (c) R ahul Banerjee, BITS, 130 Pilani ( India) Extranet Firewalls
Examples of Commercial Firewalls

Static Packet Filtering Firewall (implemented on a Router): Example: Nortels Accellar Router Firewall Proxy Firewall: Example: Secure Computings Sidewinder Firewall Stateful Inspection-based Firewall: (c) Rahul Banerjee, BITS, 131 Pilani (India) Example:
Virtual Private Networks

A Virtual Private Network (VPN) is a mechanism that allows establishment of a protected session between two network nodes / services located in / on two different protected networks / internetworks separated by unprotected / untrusted / insecure (often public) networks / channels / infrastructure. Example: Nortels Contivity, Ciscos VPN 3000 Concatenator Another perspective: SSH, TLS, SSL, IPSec, L2TP, PPTP are choices providing different types of security at different layers. Although, all of these could be reused in an appropriately designed VPN mechanism, often the L-3 and L-2 mechanisms are preferred by many VPN designers. Often, people refer to a VPN as a security device / mechanism on the perimeter of the protected network (c) Rahul B anerjee, BITS, / internetwork that allows encrypted 132 Pilani (India) sessions.
Advantages of VPNs
Capability to access remote network as if there exists a private channel to that network Several security options available to provide a range of security Adequacy of lower-strength encryption schemes on certain occasions Cost-effective if well-designed, well-implemented and wellconfigured (c) Rahul Banerjee, BITS, 133 Pilani (India) Can be quickly implemented
Disadvantages of VPNs
Requirement of encryption, decryption, encapsulation and decapsulation induce a sizeable processing overhead, packet overhead and storage overheads and may introduce latency as well as increase cost of service In some cases, if designed ad-hoc, certain network installations may pose additional challenges in adding the VPN functionality due to the added overhead in packet processing. Intricate design issues, unless handled carefully, may actually serve to lower the network performance without really bring corresponding increase in the security level of the network. Implementation issues include VPN pass through issues, NAT-specific issues and MTU-size related (c) Rahul B anerjee, BITS, issues 134
Pilani (India)
Dening the Control Zone

The Control Zone: Consider a typical electronically controlled device like a tape drive, hard disk drive or other gadget that operates in an unshielded environment. Each such device emits signals that can be sensed within a zone called Control Zone. For security reasons, it is important that: No important information about any device operation leaks out of the target environment No external body should be able to make use of control or data signals related to this device
135
The Concept of Security Services

Authentication Service Access Control Service Availability Service Confidentiality Service Integrity Service Identification: Author, Authorization, Endorsement, Approval, Access, Concurrence, Licensing, Certification, Signature, Witness, Validation, Timestamps, Authenticity, Ownership, Registration, Privacy / Confidentiality / Secrecy Non-Repudiation Service
(c) Rahul Banerjee, BITS, Pilani (India) 136
GSM network architecture

PSTN/ISDN MS
Um
BTS
A-bis
MSC
BSC
800, 900, 1900 Mhz Subscriber model

Licensed & expensive
OMC
Mobility mgt
VLR HLR AUC EIR
Started out like PSTN, and gepng more complex

Pre-paid, premium rate SMS
Voice Traffic
(c) Source: http://choices.cs.uiuc.edu/MobilSec/posted_docs/
Wireless Applica@on Protocol
WAP security architecture
Bluetooth security architecture
(c) http://www.cs.hut.fi/Opinnot/Tik-86.174/Bluetooth_Security.pdf
IEEE 802.11 architecture
(c) Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/reskit/prdc_mcc_ardu.asp
Mobile IP
Foreign Agent (FA)
Home Agent (HA)
charliep@nokia.com
Binding update issue: If I change FA how do I tell home agent and previous FA such that no-one else can spoof that message? And in a performant, scalable manner? MobileIPv6 has this problem (no FA though, just care-of address)
(c) Source: http://www.iab.org/Workshops/IAB-wireless-workshop/
J2ME
J2ME includes some security primitives for code signing and to support (some) application security
(c) Source: http://choices.cs.uiuc.edu/MobilSec/posted_docs/ & (c) Sun Microsystems Inc.
Common security issues

Over the air (OTA) confidentiality
But don't ignore e.g. Microwave links used after a base station!
Data origin authentication/integrity for some data and some origins Bad use of cryptography Various types of fraud
Cloning of hosts Re-direction to premium rate
Authentication of node or user?
Security relevant differences

GSM's subscription model vs. 802.11's lack of a subscriber model
GSM Security
Mobile Station SIM Ki A3 Signed response (SRES) A8 Authentication: are SRES values equal? mi Fn A5 Kc Encrypted Data Kc A5 Fn mi Radio Link Challenge RAND A3 Ki SRES GSM Operator
SRES A8
GSM crypto breaks

Several researchers have developed breaks of GSM's use of encryption
Typically involve some known plaintext and quite intensive (though do-able) memory and processing
e.g. Goldberg, Wagner, Green: requires difference in the plaintext of two GSM frames, which are exactly 2^11 frames apart (6 seconds) with time complexity of 2^16 dot products of 114 bit vectors.
Base stations can also be impersonated

No authentication of BSC to ME!
GSM Attack Details

GSM Encryption uses A5:
A5/0 no encryption A5/1 - strong encryption A5/2 - export (i.e. designed weak) encryption
All use a 64-bit key generated from the network's challenge

Same key bits regardless of algorithm!!!
GSM Attack Details (2)

A5 is a stream cipher Applied after error correcting bits are added
even though the attacker might not know the values of particular input bits, they know that certain groups of them XOR to 0 taking the same groups of encrypted bits and XORing them
reveals the corresponding XOR of the keystream bits
GSM Attack Details (3)

Numbers:
A5/2 passive attack (eavesdropping) requires milliseconds of ciphertext! A5/1 ciphertext only attack:
5 minutes of intercepted frames (doesn't have to be one call) 4.4 terabytes of disk a lab full of 2003 AD type PCs for a year's worth of one-time precomputation
Active attacks: bid down to A5/2
IEEE 802.11 security
Wardriving / boating
Picking up IEEE 802.11 access points as you cycle/ drive/fly/sail past Many of these give (sometimes intentionally) open access to the Internet
http://www.catalina42.org/war-sail/
802.11 security overview

Good setup depends on network topology
There are a few choices
WEP is broken and IPsec should be used instead as much as possible (probably in tunnel mode)
TLS should then be used wherever sensible above IPsec (e.g. IMAP over SSL)
Then secure applications should be used where possible

Probably based on proprietary protocols (which may make use of standard constructs like PKCS#7)
WEP Encapsulation
802.11 Hdr Data
Encapsulate
802.11 Hdr IV
Decapsulate
Data ICV
WEP Encapsulation Summary:

Encryption Algorithm Per-packet WEP Data Data
= RC4
encryption key = 24-bit IV concatenated to a pre-shared key
allows IV to be reused with any frame integrity provided by CRC-32 of the plaintext data (the ICV) and ICV are encrypted under the per-packet encryption key
Properties of Vernam Ciphers (1)

The WEP encryption algorithm RC4 is a Vernam Cipher: Pseudo-random number generator
Encryption Key K
Random byte b Plaintext data byte p

Ciphertext data byte c
Decryption works the same way: p = c b
Properties of Vernam Ciphers (2)

Thought experiment 1: what happens when p1 and p2 are encrypted under the same random byte b? c1 = p1 b Then: c1 c2 = (p1 b) (p2 b) = p1 p2 Conclusion: it is a very bad idea to encrypt any two bytes of data using the same byte output by a Vernam Cipher PRNG. c2 = p2 b
How to Read WEP Encrypted Traffic (1)

802.11 Hdr IV Data ICV
24 luxurious bits
Encrypted under Key +IV using a Vernam Cipher
By
the Birthday Paradox, probability Pn two packets will share same IV after n packets is P2 = 1/224 after two frames and Pn = Pn1 + (n1)(1Pn1)/ 224 for n > 2.
50%
chance of a collision exists already after only 4823 packets!!! recognition can disentangle the XOR-ed recovered plaintext. ICV can tell you when youve disentangled plaintext correctly.
Pattern
Recovered After
only a few hours of observation, you can recover all 224 key streams.
How to Read WEP Encrypted Traffic (2)

Ways to accelerate the process:
Send spam into the network: no pattern recognition required! Get the victim to send e-mail to you
The AP creates the plaintext for you!
Decrypt packets from one Station to another via an Access Point

If you know the plaintext on one leg of the journey, you can recover the key stream immediately on the other
Fixing WEP
Protect against ALL known threats:
IV Collisions Weak Keys Message Forgery Replay Two alternatives: Short-term and long-term
Short-term:
Temporal Key Integrity Protocol (TKIP) Does not require new hardware (but firmware/ software) Some performance penalty
Longer term
Move to AES based primitives with proper key management
The 802.11x security scheme
A reasonable 802.11 configuration
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
WLAN topologies
Sensible network topologies
Corporate (small WLAN) Corporate (widespread WLAN) Service provider Volunteerism
Network topology issues

Network access Address allocation (DHCP) NAT/private addresses Firewall location and rulesets
Some Interesting Networks

Mobile Ad-hoc networks:
Idea is that a network emerges from nodes which just happen to be in the vicinity (AODV)
Delay tolerant networks Sensor networks Issues:

Mainly academic at the moment Security not really thought all the way through for these yet
Pervasive / Ubiquitous Computing

What if loads and loads of things (doors, TVs, couches) were nodes on a network?
Hot topic How do you secure these systems?
TCD and partners SECURE project

http://secure.dsg.cs.tcd.ie/
Conclusions (1)
There are a range of different types of mobile network
GSM and 802.11 are the interesting ones
Security hasn't been handled well for these

Nor was it for the wired Internet for a loooong time! There are substantial security problems with today's deployed mobile networks
So, overlaying a VPN is probably a good idea in most cases

And overlay that with TLS and that with application security if you can
Conclusions (2)
Users are generally less in control of mobile networks
Bandwidth is allocated Manufacturer/Operator/Subscriber model differs from wired Internet
e.g. Closed operating systems
Network security is given and not easily fixed/ managed
So, try to gain control of your applications and try to secure the applications themselves
Better if wireless technology changes anyway Can create a porting headache though
Acknowledgements
Some of these slides have been inspired by / borrowed from some well-received presentations made in different parts of the world. All inspired / reused slides either carry their respective copyright information on them or have been acknowledged about their sources in a group just after / before their respective usage herein. These slides are being used here purely for instructional purposes during a live (c) Rahul Banerjee, BITS, session Pilani (India) for the registered students of
165
Any ques@ons?
Thank you!
166
Case-Study of of a Network-Based Mul@-site Collabora@on System Design
BITS-Connect 2.0 built atop the MPLS Cloud, not cloud computing!
Project BITS-Connect 2.0 The Immersive Tele-presence Rooms

This is how an 18-seater immersive telepresence room looks like at all the Indian campuses. Chancellors oce is equipped with one two-seater system
References
Larry L. Peterson & Bruce S. Davie: Computer Networks: A Systems Approach, Fifth Edition, Morgan Kaufmann / Elsevier, New Delhi, 2011. <System design approach> S. Keshav: Computer Networking: An Engineering Approach, Pearson Education, New Delhi, 1997. A. S. Tanenbaum: Computer Networks, Fifth Edition, Pearson Education, New Delhi, 2012. <Conceptual Approach> Y. Zheng and S. Akhtar: Networks for Computer Scientists and Engineers, Oxford University Press, New York, 2002. <Structural approach> A. Leon Garcia and I. Widjaja: Communication Networks: Fundamental Concepts and Key Architectures, Second Edition, Tata McGraw-Hill, New Delhi, 2004. Mohammed G. Gouda: Elements of Network Protocol Design, Wiley Student Edition, John Wiley & Sons (Pte.) Ltd., Singapore, 2004. Thomas G. Robertazzi: Computer Networks and Systems: Queuing Theory and Performance Evaluation, Third Edition, Springer-Verlag, New York, 2000. <Analytical approach>
15/02/13
(c) Dr. Rahul Banerjee, BITS Pilani, INDIA
170
References
Larry L. Peterson & Bruce S. Davie: Computer Networks: A Systems Approach, Fifth Edition, Morgan Kaufmann / Elsevier, New Delhi, 2011. <System design approach> S. Keshav: Computer Networking: An Engineering Approach, Pearson Education, New Delhi, 1997. A. S. Tanenbaum: Computer Networks, Fifth Edition, Pearson Education, New Delhi, 2012. <Conceptual Approach> Y. Zheng and S. Akhtar: Networks for Computer Scientists and Engineers, Oxford University Press, New York, 2002. <Structural approach> A. Leon Garcia and I. Widjaja: Communication Networks: Fundamental Concepts and Key Architectures, Second Edition, Tata McGraw-Hill, New Delhi, 2004. Mohammed G. Gouda: Elements of Network Protocol Design, Wiley Student Edition, John Wiley & Sons (Pte.) Ltd., Singapore, 2004. Thomas G. Robertazzi: Computer Networks and Systems: Queuing Theory and Performance Evaluation, Third Edition, Springer-Verlag, New York, 2000. <Analytical approach>
15/02/13
(c) Dr. Rahul BRahul anerjee, BITS Pilani, INDIA Dr. Banerjee, BITS, Pilani (India)
171

CSC461 CN Lecture 15 Feb. 13 2013

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CSC461 CN Lecture 15 Feb. 13 2013

Transféré par

Droits d'auteur :

Formats disponibles

BITS Pilani

Pilani | Dubai | Goa | Hyderabad

Performance & Application-driven Approaches to Design of Computer Networks

Rahul Banerjee, PhD (CSE)

HTTP, DNS, DHCP, SMTP, POP, IMAP SOAP, REST

Network-based Multimedia Applications

BITS Pilani, Deemed to be University under Section 3 of UGC Act, 1956

Of Protocols & Protocol Graphs

Example of a Simple Protocol Graph as applicable to the Internet

Dijkstra's self-stabilizing token ring system

Automata with Inputs/Outputs

FSM for Stop and Wait Protocol

FSM for Stop and Wait Protocol

Pkt 0 Received Send Ack 0

A Few Measures of Network Performance

(c) Dr. Rahul Banerjee, BITS, Pilani, India

Empirical Measurement Studies

What to measure? Choice of measurement tools The Design of Measurement Experiments

Computer Network Performance Metrics

Performance metrics can be positive and negative.

Wide Area Network (WAN)

Performance Evaluation of Computer Networks

Wireless Local Area Network (WLAN)

Performance Evaluation of Computer Networks

Sample Performance Measures

Wide Area Network (WAN)

Performance Evaluation of Computer Networks

Local Area Network (LAN)

Performance Evaluation of Computer Networks

Wireless Local Area Network (WLAN)

Performance Evaluation of Computer Networks

Empirical Measurement Studies

Performance Evalua@on Techniques

Performance Evaluation of Computer Networks

Typical Network Trac Types

Telnet file edits

Wireless Local Area Network (WLAN)

Performance Evaluation of Computer Networks

Performance Evalua@on Techniques

Performance Evaluation of Computer Networks

Simple Queuing Model

Performance Evaluation of Computer Networks

Networks of Queues Model

Performance Evaluation of Computer Networks

Performance Evaluation of Computer Networks

Empirical Measurement Studies

Empirical Measurement Studies

Performance Evaluation of Computer Networks

Network Measurement Tools

Key issues in the usability of network measurement tools are:

Choice of Measurement Tools

Performance Evaluation of Computer Networks

Wireless Local Area Network (WLAN)

Performance Evaluation of Computer Networks

The Design of Measurement Experiments

Performance Evaluation of Computer Networks

The Design of Measurement Experiments

Performance Evaluation of Computer Networks

Measurement Design Decisions

Performance Evaluation of Computer Networks

Performance Evaluation of Computer Networks

Performance Evaluation of Computer Networks

Measurement Design Decisions