![3
5
Networking and internetworking
ˆPacket transmission
Message: a logical unit of information, a
sequence of data items of arbitrary length.
Packet: a sequence of binary data of restricted
length, with addressing information.
Packet size
ˆ Difference
Port address;
IP address
Physical address
6
Switching schemes
ˆ Broadcast
No switching logic, i.e., Ethernet, wireless
networks
ˆ Circuit switching
Communicate through a number of intervening
exchanges, i.e., POTS
ˆ Packet switching [1960s]
store-and-forward network
May be lost, vary in latency. A few ten
microseconds-a few milliseconds.
short Internet packet takes up to 200
milliseconds to arrive his destination
ˆ Frame relay
Video conference: < 50 milliseconds.
Combine the advantages of circuit switching to
packet-switching.
Example: ATM](https://image.slidesharecdn.com/2f60bbc40bdcbfd65276a188dbd29323d6b7-241010142005-cecfde4f/85/Distributed-systems-short-notes-module-1-3-320.jpg)
![27
5
3
ˆ Timestamp
1. Alice sends to Trent: Alice, Bob;
2. Trent sends to Alice: {Bob, K,T, {Alice,K,T}KBT}KAT;
3. Alice sends to Bob: {Alice, K,T}KBT;
4,5. same as in “Challenge Response” protocol.
ˆ One problem is good-quality time value and
reasonable window size.
ˆ Public key techniques
mathematical functions
smaller trust base
100 or 1000 times processing power for secret-key
Applications: digital signature (RSA); key exchange
(DH key exchange, RSA); encryption/decryption
(RSA).
5
4
ˆ RSA: block cipher; block value: [0,n-1]
En: C=Pe (mod n); De: P=Cd (mod n).
Public-key: {e,n}; private-key is {d,n}
Key generation
• 1. Select two prime numbers, for example p=7, and q=17.
• 2. Calculate n=p*q=119.
• 3. Calculate phi(n)=96.
• 4. Select e s.t. e is relatively prime to phi(n) and <=
phi(n), in this case, e=5.
• 5. Determine d such that d*e=1 (mod 96) and d <= 96. The
correct value for d is 77 because 77*5=385=4*96+1.
Huge computation
ˆ DH Key exchange
two public numbers: a prime number q and an integer a,
where a is a primitive root of q.
User A selects a random integer XA < q and calculates its
public key YA= aXA mod q.
Similarly, B selcts XB and calculates its public key YB
The Man-in-the-Middle Attack
Fix: authentication service](https://image.slidesharecdn.com/2f60bbc40bdcbfd65276a188dbd29323d6b7-241010142005-cecfde4f/85/Distributed-systems-short-notes-module-1-27-320.jpg)
Distributed systems short notes module 1
- 1. 1 1 What is a Distributed System ˆ Motivation: sharing resources. ˆ Definition of distributed system: a collection of independent computers that appears to its users as a single coherent system. a system of networked computers that coordinate their activity only by message passing. ˆ Resources in a distributed system managed by a server program. accessed by communication via service interface provided by the server program. ˆ Different from “distributed computing” and “distributed application”, multi-processor system ˆ In a distributed system, each computer has its own memory, has its own clock, and each computer runs its own operating systems. ˆ Characteristics of distributed systems Concurrency; No global clock; Independent failures • Network failure; Computer failure 2 Resource sharing and the web ˆ Client/Server model Clients are active and servers are passive ˆ Caching technique vs. buffering ˆ The WWW (World Wide Web) the "hypertext" structure among the documents. Open system Standard technological components: • HTML (HyperText Markup Language) • URL (Uniform Resource Locators) • HTTP (HyperText Transfer Protocol). ˆ URL scheme:scheme-specific-identifier ˆ HTTP A request-reply protocol Specify content types in request One resource per request Dynamic pages, Downloaded code (mobile code)
- 2. 2 3 Architectural models ˆ Platform does not provide a view of a single coherent system ˆ Solution: Middleware Masking heterogeneity ˆ Limitation of Middleware: “End-to-end argument” Some functions require knowledge only the applications have Example: Careful file transfer, delivery guarantee ˆ Client-server model ˆ Client-server group model: Partition or replicate resources ˆ Proxy server and caches ˆ Mobile code: push model ˆ An example in client/server model: e-mail 4 Interaction Model ˆ Distributed algorithm vs. simple algorithm ˆ Difficulties in distributed algorithm Complex: client/server group model Hard to predict: executing rate, transmission rate No general state ˆ Performance of communication channels Latency; Bandwidth; Jitter ˆ Computer clocks clock drift rate: difference from perfect clock Correction: Time server or Logical clock
- 3. 3 5 Networking and internetworking ˆPacket transmission Message: a logical unit of information, a sequence of data items of arbitrary length. Packet: a sequence of binary data of restricted length, with addressing information. Packet size ˆ Difference Port address; IP address Physical address 6 Switching schemes ˆ Broadcast No switching logic, i.e., Ethernet, wireless networks ˆ Circuit switching Communicate through a number of intervening exchanges, i.e., POTS ˆ Packet switching [1960s] store-and-forward network May be lost, vary in latency. A few ten microseconds-a few milliseconds. short Internet packet takes up to 200 milliseconds to arrive his destination ˆ Frame relay Video conference: < 50 milliseconds. Combine the advantages of circuit switching to packet-switching. Example: ATM
- 4. 4 7 Internetworking Protocol ˆ Overview Unreliable, best-effort delivery service: post office Connectionless: datagram • transported independently Æ datagrams sent by the same source to the same destination could arrive out of order ˆ mask 8 Routing algorithms ˆ implemented by a program in the network layer at each router node ˆ two responsibilities route of each incoming packet: hop-by-hop basis update its knowledge of the network ˆ RIP Two-node loop instability • Solution: defining infinity; split horizon Three-node instability • defining infinity ˆ Open Shortest Path First protocol link state routing method Three steps Can avoid problems in RIP. Why?
- 5. 5 9 Transport layer in TCP/IP suite ˆ Difference between UDP and TCP ˆ delivery of a message from one process to another process. Service-point addressing: port address Segmentation and reassemble connection mechanism Flow control Error control Congestion control 1 0 Flow control in TCP ˆ See sample solution of hw1
- 6. 6 1 1 Error control in TCP ˆ Error detection and error correction ˆ Checksum ˆ Acknowledgment Next sequence number expected One Ack for every two in-order data segment One Ack for each out-of-order segment One Ack for each duplicate segment ˆ time-out ˆ Retransmission 1 2 Congestion, Congestion Control ˆ Congestion: the load on the network is greater than the capacity of the network. ˆ Congestion control: mechanisms that detect, prevent and handle network congestion. ˆ Congestion control vs. flow control
- 7. 7 1 3 Congestion Control ˆ Two implementation points Routers, switches: queuing discipline End hosts Queuing disciplines at routers See sample solution of Hw1 1 4 Congestion control in TCP ˆ Additive Increase/Multiplicative Decrease (AIMD)
- 8. 8 1 5 Congestion control in TCP ˆ Slow start 1 6 Congestion control in TCP ˆ Fast Retransmit
- 9. 9 1 7 RED Gateway ˆ RED Gateway vs. DECbit ˆ See sample solution for hw1 1 8 Ethernet ˆ broadband or baseband signalling ˆ Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) ˆ All nodes are continuously ‘listening’ to the medium for packets that are addressed to them. ˆ Packets Æ frames Prefix: hardware timing purposes the destination address, the sending address; length of data (46—1,500 bytes), data of variable length, checksum
- 10. 10 1 9 Ethernet ˆ Packet collision carrier sensing: not enough Collision detection • Sender’s responsibility to detect Minimum packet length in collision detection Send jamming signal, delay and try again Delay time is selected using binary exponential back-off A B A B Message almost there at time T when B starts – collision! time = 0 time = T’ time = 2T A B 2 0 Example of Persistent Asyn. Comm.: email system ˆ Types of communication Persistent communication – Stores message until communicated to user Transient communication – Stored only when sending and receiving processes are alive • Transport level protocols provide transient communication Asynchronous – Sender continues after sending message Synchronous – Sender blocks until message is stored at receiver's local buffer, delivered to receiver or processed by receiver
- 11. 11 2 1 c) Transient asynchronous communication: UDP, one- way RPCs. d) Receipt-based transient synchronous communication e) Delivery-based transient synchronous communication at message delivery: Asyn. RPCs f) Response-based transient synchronous communication: PRCs, RMIs. 2 2 IPC mechanisms ˆ Pipes processes must be related through a common ancestor impossible in a distributed environment ˆ Sockets ˆ message queues: Message-oriented Middleware (MOM)
- 12. 12 2 3 Socket creation: socket() ˆ s = socket(domain, type, protocol); domain: AF_UNIX, AF_INET, or AF_NS type: SOCK_STREAM, SOCK_DGRAM, etc protocol: TCP or UDP. Auto selected if 0 Return a socket descriptor (a small integer for later reference) Ex: s = socket(AF_INET, SOCK_STREAM, 0); 2 4 Connection Establishment ˆ Asymmetric, involving a server and a client Server: createÆbindÆlistenÆaccept Client: createÆbindÆconnect connect(s, address, len) • s: socket descriptor • address: server address • len: the length of the address
- 13. 13 2 5 System Call: listen() ˆ listen(s, max_num) s: socket descriptor max_num: the maximum number of outstanding connections which may be queued awaiting acceptance by the server process If the queue is full, a connection will be ignored (instead of refused). Why? 2 6 socket() close() read() connect() write() client socket() bind() listen() accept() accept() read() write() close() server Start a thread Wait for new connection
- 14. 14 2 7 Java Sockets close() readUTF() socket() writeUTF() client socket() accept() accept() readUTF() writeUTF() close() server Start a thread Wait for new connection 2 8 Java API for the Internet protocols ˆ java.net.InetAddress ˆ host name: “java.sun.com” ˆ getHostAddress(): IP address string in textual presentation. ˆ getHostName(): the host name for this IP address. ˆ 32-bit integers for port number ˆ Socket types UDP socket TCP socket Static InetAddress.getByName(String host)
- 15. 15 2 9 TCP socket ˆ TCP is a connection-oriented protocol, a connection is established first. ˆ Server listens connection request ˆ Client asks for a connection ˆ Two types of TCP sockets: ordinary sockets and server sockets ˆ A client process constructs an ordinary socket and then it asks for a connection with the server. ˆ A server socket receives a connection request, it constructs an ordinary socket with an unused port number which completes the connection. ˆ No limit on data size. ˆ Streams: one in each direction 3 0 Message-oriented Middleware (MOM) ˆ Main features intermediate-term storage for messages: persistent ! neither sender nor receiver is required to be active Message queue Æ eliminate the need for programs to be logically connected: asynchronous ! takes minutes ˆ Only guarantee is that a message will be inserted in receivers’ queue. But no guarantees about when, or even if the message will actually be read
- 16. 16 3 1 Message Brokers ˆ Issue: message format How to make sure the receiver understands sender’s message? ˆ One format? Application are too diverse. ˆ Act as an application level gateway E.g. change delimiters at the end of records 3 2 External data representation and marshalling ˆ Big Endian vs. Little Endian ˆ Solutions transmitted in the sender’s format together with an indication of the format used converted to an agreed external format
- 17. 17 3 3 Java object serialization ˆ Serializable objects implement the “java.io.Serializable” interface You can implement one or more of the methods readObject(), writeObject() to custom serialization. ˆ Externalizable objects implement the “java.io.Externalizable” interface the programmer takes full responsibility for the serialization and deserialization of objects. ˆ Serialization will preserve the state of all fields in the object graph except for fields marked transient or static or fields contained in superclasses that are not serializable. 3 4 Java object serialization ˆ Visibility modifiers (e.g., private, protected, etc.) on fields do not affect serialization. ˆ Any subclasses of a serializable class are serializable classes, and any data inside a serializable class are also serializable data.
- 18. 18 3 5 RPCs ˆ RPC vs. LPC: Direct variable access is not allowed in distributed situation. Error handling: In RPC, failures of the remote server and failures of network. Performance: RPCs operate much slower than LPCs. Authentication: insecure networks, authentication is necessary. ˆ RPC uses client/server model ˆ response-based transient synchronous communication ˆ Remote procedures appear local through stub functions. ˆ Two stubs: client stub and server stub. ˆ In RPC, stubs are compiled and linked with the applications. 3 6 Steps in one RPC ˆ Before call a remote procedure, client initiates a connection to server. ˆ When client process calls a remote procedure, client stub: Retrieves the required parameters from the client address space. Translates the parameters into a standard network data representation (NDR) format for transmission over the network. Calls functions in the RPC client run-time library to send the request and its parameters to the server. ˆ At the server side, The server RPC run-time library functions accept the request and call the server stub procedure. The server stub retrieves the parameters from the network buffer and converts them from the network transmission format to the format the server needs. The server stub calls the actual procedure on the server. After the remote procedure returns its data to the server stub, the server stub converts return value to the network message and call the RPC run-time library functions. The server RPC run-time library functions transmit the reply message to the client computer. ˆ At the client side, The client RPC run-time library receives the return values and returns them to the client stub. The client stub converts the data into the format used by the client. The stub returns the result to the calling program. The calling procedure continues.
- 19. 19 3 7 RPC message ˆ written in Interface definition language (IDL), also called RPC language ˆ transaction identifier, xid. used for client RPC layer to matching reply messages with call messages, and may be used by server process to detect retransmissions. ˆ Body of an RPC call message: RPC version number: always equal to 2 here. Remote program number: (in hexadecimal) Remote program version number Remote procedure number two authentication fields: the credential and verifier the procedure parameters ˆ Body of a reply message Requirement: contain enough information to distinguish different error conditions accepted reply message or rejected reply message 3 8 Other Uses of RPC Protocol ˆ Batching: a client sends a large sequence of call messages to a server. The client doesn’t wait for a reply from the server, and the server does not send replies to batch calls. A sequence of batch calls is terminated by a simple remote procedure call operation. And server will send a reply message to that last call message. ˆ Broadcast: the client sends a broadcast call to the network and waits for numerous replies. Servers that support broadcast protocols only reply when the call is successfully processed, and not reply if some error happens. Broadcast calls use the Port Mapper RPC service.
- 20. 20 3 9 DES Authentication Verifiers ˆ Content: an encrypted timestamp ˆ Rules: The server can decrypt this timestamp If it is close to the real time, then the client must have encrypted it correctly. The only way the client could encrypt it correctly is to know the "conversation key“ K. If the client knows K, then it must be the real client. ˆ K is generated by the client, and client sends it to the server in its first RPC call, using a public key scheme. (Diffie-Hellman with 192-bit keys, next week) ˆ agree on the current time Network Time Protocol a simple time request ˆ 1st transaction: the client sends an encrypted timestamp and "window" to the server. ˆ Additional check in 1st transaction: the client sends an encrypted "window verifier", equal to the window minus 1. ˆ For any other transaction, the server checks for two things: (1) the timestamp is greater than the previous one. (2) compare current real time with the timestamp plus window. ˆ The client check the verifier returned from the server: the encrypted timestamp minus one second. 4 0 Portmapper program protocol ˆ Broadcasting ˆ PMAPPROC_CALLIT: allows a client to call a remote procedure without knowing its port number. broadcasting. Its parameters are the program number, version number, procedure number, and parameters of the remote procedure. Note that: • This procedure only sends a reply if the procedure was successfully executed. • The portmapper communicates with the remote program using UDP only. • The procedure returns the remote program's port number, and the reply message from the remote procedure. ˆ Steps for Sun RPC Define the RPC Interface in a .x file. Such as MyRPCService.x Use rpcgen to compile the .x file: % rpcgen MyRPCService.x. Code the server implementation: you can use implementation template and fill in the details. Build the server: compile server stub, server implementation and link to RPC library to build an executable file. Write a client: establish a connection to corresponding server process via clnt_create. Then, compile & link the client implementation and client stub. Run server and client
- 21. 21 4 1 Java RMI ˆ locate remote objects: obtain a reference to the object. ˆ two mechanisms register its remote objects with RMI's simple naming facility: rmiregistry pass and return remote object references ˆ java.rmi.Naming bind(String name, Remote obj) lookup(String name): rmi://host:port/objectname • default port: 1099 ˆ One difference between RPC stubs and RMI stubs: In RPC, stubs are compiled and linked with the client application. RMI stubs need not be compiled into the client; it can be downloaded at runtime. ˆ Some advantages of Java RMI Object oriented Mobile behaviour or dynamic invocation Safe and secure Distributed Garbage Collection • reference-counting algorithm • request-reply way with at-most-once invocation semantics Write once, Run Anywhere 4 2 Steps for use RMI to develop a distributed application ˆ Design and implement the components of your distributed application Defining and implementing the remote interfaces Implementing remote objects Implementing the clients ˆ Compile sources and generate stubs. ˆ Make classes network accessible. ˆ Start the application To start the registry • Windows users:-start rmiregistry (in javabin directory) ; • Unix users:-rmiregistry & To start the server:- java SumServiceServer To start the client: java SumServiceClient localhost ˆ Example: a service that calculate sum of two integers.
- 22. 22 4 3 Security ˆ Confidentiality: protection against disclosure to unauthorized individuals ˆ Integrity: protection against modification or corruption ˆ Availability: protection against interference with the means to access the resources. ˆ Situation distributed systems are open the attackers are quite knowledgeable secret has limit lifetime, the design of your security systems are available to attackers Only small portion of people are trustable ˆ Attacks Interruption; Interception; Modification; Fabrication ˆ Passive attacks, active attacks 4 4 Cryptography ˆ Plaintext; Encryption algorithm; keys; Ciphertext; Decryption algorithm ˆ Three points: two general operations: substitution, transposition The number of keys used. • Same key: symmetric, single-key, secret-key, or conventional encryption. • Two keys: asymmetric, two-key, or public-key encryption The way used to process the plaintext • block cipher; stream cipher ˆ Two requirements for using conventional encryption: Strong encryption algorithm secret key must be secure
- 23. 23 4 5 DES Encrypt Alg. ˆ 1. perform initial permutation (IP) on one input block. IP(Input Block)Æ(L0,R0) ˆ 2. Then 16 iterations of same operation. Ri-1ÆLi XOR(Li-1, f(Ri-1,ki))ÆRi ki is ‘round key’; f is called “S-box Function”. It is used to achieve a big degree of “message diffusion”. ˆ 3. Finally, swap the left-half block and right-half block and perform an inverse initial permutation on it. IP-1(R16,L16)Æ output block. ˆ Decryption algorithm uses same three steps. The only different is the order of round keys: k16, k15, … , k1. ˆ check the correctness 4 6 S-box function ˆ Non-linear property can avoid DC attacks. DC attacks a cipher by exploring the linear difference between two plaintext messages and the linear difference between their corresponding ciphertext messages. ˆ a longer key: Triple DES Drawbacks: slow in software, smaller block size.
- 24. 24 4 7 The Advanced Encryption Standard ˆ Rijndael Cipher: block cipher with a variable block size and variable key size ˆ At each round, four different transformations: SubBytes(): non-linear property ShiftRows(): message diffusion MixColumns(): message diffusion AddRounedKey(): randomness 4 8 Cipher operation modes ˆ electronic codebook (ECB); ˆ cipher block chaining (CBC) mode; ˆ output feedback (OFB) mode; ˆ cipher feedback (CFB) mode; ˆ counter (CTR) mode ˆ Electronic codebook (ECB) mode encrypt each message segment independently, unique ciphertext for a segment Possible attack on some fixed pattern: stable frequency deterministic
- 25. 25 4 9 ˆCBC mode “initial vector” (IV). An IV is a random n-bit block. IV is not secrete. the ciphertext messages sent to the receiver will include the IV. Has encryption/decryption algorithms ˆ CFB Mode the encryption function of the underlying block cipher is used at the encryption side and the decryption side ˆ OFB Mode decryption identical to Encryption Note the difference between it and CFB ˆ CTR Mode Ctr1: initial random value. Ctri=Ctri-1+1 the algorithms at sender and receiver sides are same 5 0 Key channel establishment ˆ Authentication servers ˆ Public-key techniques ˆ Trent: authentication server. ˆ Alice and Bob: two principals want to communicate with each other. ˆ Malice: attacker ˆ KAT: a key shared between Alice and Trent; ˆ KBT: is the key shared between Bob and Trent. ˆ The first protocol: “From Alice to Bob” 1.Alice sends to Trent: Alice, Bob, {K}KAT 2. Trent sends to Bob: Alice, Bob, {K}KBT 3. Bob sends to Alice: {Hi Alice, I’m Bob!}K. ˆ Drawback: Bob may not trust Alice ˆ Fix: “session key from Trent” 1.Alice sends to Trent: Alice, Bob 2.Trent sends to Alice: {K}KAT,{K}KBT; 3.Alice to Bob: Trent, Alice, {K}KBT 4. Bob sends to Alice: {Hi Alice, I’m Bob!}K.
- 26. 26 5 1 ˆ Problem: no protection on the identities ˆ Attack: Malice can interrupt it and modifies Bob’s identity with his identity, and then the key generated will be known to Alice and Malice. ˆ To fix it, Alice can encrypt Bob’s identity with her key. But not encrypt her identity, why? this fix is not enough, another attack is that Malice interrupts the Alice’s request message and sends a message: Alice, {Malice}KAT to Trent. Why Malice has {Malice}KAT? Also at the last step, Malice needs send an ACK with Bob’s identity. Why Malice knows it’s Bob in the first message? Yet another attack is: Malice modifies the message from Trent to Alice into {K’}KAT ˆ Message Authentication Protocol: prevent modifying messages. main idea: a binding between the session keys and its intended users. 1. Alice sends to Trent: Alice, Bob; 2. Trent sends to Alice: {Bob, K}KAT, {Alice, K}KBT; 3. Alice decrypts {Bob, K}KAT, checks Bob’s identity, and sends to Bob: Trent, {Alice, K}KBT; 4. Bob decrypts {Alice, K}KBT, checks Alice’s identity, and sends an encrypted Ack message to Alice. 5 2 ˆ Message replay attack on Message Authentication Protocol Malice has old ciphertext messages: {Bob,K’}KAT, and {Alice,K’}KBT, and knows the old key K’. ˆ Two mechanisms to check if the message received is an old message. challenge-response, or handshake, or Needham- Schroeder Symmetric-key Authentication protocol Timestamp: DES Authentication Verifiers ˆ challenge-response 1. Alice sends to Trent: Alice, Bob, NA; (NA: random number) 2. Trent sends to Alice: {NA, Bob, K, {Alice, K}KBT}KAT; 3. Alice sends to Bob: Trent, {Alice, K}KBT; 4. Bob sends to Alice: {I’m Bob! NB}K; 5. Alice sends to Bob: {I’m Alice! NB-1}K; ˆ Attack on this protocol: Malice interrupts the messages 3,4,5, and replaces them with his own version. 3’. Malice to Bob: Trent, {K’, Alice}KBT ˆ Fix: challenge-response between Trent and Bob (more message flow)
- 27. 27 5 3 ˆ Timestamp 1. Alice sends to Trent: Alice, Bob; 2. Trent sends to Alice: {Bob, K,T, {Alice,K,T}KBT}KAT; 3. Alice sends to Bob: {Alice, K,T}KBT; 4,5. same as in “Challenge Response” protocol. ˆ One problem is good-quality time value and reasonable window size. ˆ Public key techniques mathematical functions smaller trust base 100 or 1000 times processing power for secret-key Applications: digital signature (RSA); key exchange (DH key exchange, RSA); encryption/decryption (RSA). 5 4 ˆ RSA: block cipher; block value: [0,n-1] En: C=Pe (mod n); De: P=Cd (mod n). Public-key: {e,n}; private-key is {d,n} Key generation • 1. Select two prime numbers, for example p=7, and q=17. • 2. Calculate n=p*q=119. • 3. Calculate phi(n)=96. • 4. Select e s.t. e is relatively prime to phi(n) and <= phi(n), in this case, e=5. • 5. Determine d such that d*e=1 (mod 96) and d <= 96. The correct value for d is 77 because 77*5=385=4*96+1. Huge computation ˆ DH Key exchange two public numbers: a prime number q and an integer a, where a is a primitive root of q. User A selects a random integer XA < q and calculates its public key YA= aXA mod q. Similarly, B selcts XB and calculates its public key YB The Man-in-the-Middle Attack Fix: authentication service
- 28. 28 5 5 NS Public-key authentication protocol ˆ KA: Alice’s public key; KA -1: Alice’s private key. 1. Alice sends to Trent: Alice, Bob; 2. Trent sends to Alice: {KB, Bob}KT -1; 3. Alice sends to Bob: {NA, Alice}KB; (NA is a random number: Alice’s secret information). 4. Bob sends to Trent: Bob, Alice; 5. Trent sends to Bob: {KA, Alice}KT -1; 6. Bob sends to Alice: {NA, NB} KA; (NB is Bob’s secret information). 7. Alice sends to Bob: {NB} KB. ˆ Attack: 1 is for Alice-Malice; 2 is for Malice-Bob 1-3. Alice sends to Malice: {NA, Alice}KM 2-3. Malice sends to Bob: {NA, Alice}KB 2-6. Bob sends to Alice (Interrupted by Malice): {NA, NB} KA 1-6. Malice sends to Alice: {NA, NB} KA 1-7. Alice sends to Malice: {NB} KM 2-7. Malice sends to Bob: {NB} KB 5 6 Data Integrity techniques ˆ Symmetric techniques: keyed hash function technique ˆ Asymmetric techniques: digital signatures ˆ A hash function is a deterministic function that maps a big string of arbitrary length to a hashed value. A hashed value is a bit string of a fixed length. ˆ Properties of a hash function: Mixing-transformation Collision resistance Pre-image resistance Practical efficiency ˆ Birthday attack or square-root attack on hash function ˆ The SHA-1 Secure Hash Function Input: bit length less than 2^64. Its output is a 160-bit message digest. Step 1: Append padding bits. Step 2: Append length. (avoid padding attack) Step 3: Initialize buffer. Step 4: Process message in 512-bit blocks.