Name and Surnames: _____________________________________ NIU: ____________

Advanced Networks and Security

Part 2 – Final Exam
27 January 2017
Duration: 1 hour

1. Briefly explain the differences between active and proactive routing protocols in ad-hoc
networks.

Proactive Routing Protocol (Table-driven): - Maintain fresh lists of destinations and their
routes by periodically distributing routing tables throughout the network. - Continuously
evaluate the routes. - attempt to maintain consistent, up-to-date routing information, +
when a route is needed, one may be ready immediately. - when the network topology
changes, + the protocol responds by propagating updates throughout the network to
maintain a consistent view

Reactive Routing Protocol (On-demand): - Find a route on demand (only qhen a

connection is required) by flooding the network with Route Request packets.

2. Which are the 4 actions that a sensor can perform? What are the 4 parts a wireless
sensor node is equipped with?

Sense, Compute, Communicate, Actuate

- one or more sensors,

- a radio transceiver or other wireless communications device,
- a small microcontroller, (some level of intelligence for signal processing of the data.)
- an energy source, usually a battery.

3. Briefly explain the 3 types of devices are used/required in Pervasive computing, and
briefly explain the 3 forms of human-computer interactions defined.

- Sensors: Input devices that detect environmental changes, user behaviours, human
commands, etc;
- Processors: Electronic systems that interpret and analyse input-data;
- Actuators: Output devices that respond to processed information by altering the
environment via electronic or mechanical means. However the term can also refer to
devices which deliver information, rather than altering the environment physically.

- Active: Users could have overt (visible) control over pervasive computing technologies
and devices in the environment.
- Passive: Pervasive computing could disappear into the background. People would no
longer know they were interacting with computers.
- Coercive: Pervasive computing could control, overtly (visible) or covertly (invisible), lives
and environments (e.g. if a device did not have an off-switch or a manual over-ride).

10
4. Briefly explain the two IPSec Connection modes, including when they can be used.

- Transport Mode: AH/ESP header between “existing” IP and TCP headers. End-to-end

- Tunnel mode: New IP+AH/ESP header before “existing” IP and TCP headers. End-to-
end, and System-to-system (Host-to-host)

5. Briefly explain how Network Layer VLAN (Tunnel / VPN) work to provide security
between 2 (sub)networks (A and B) in a transparent way to users Alice and Bob.

- PC A sends within subnet A a datagram with PC B as destination @

- Router A encapsulates the datagram inside datagram with Router B as destination @
and sends I through the network (typically internet)
+ If desired, security can be added to the content (original datagram): VPN
- Router B receives the datagram, decapsulates it and places its contents (the original
datagram with PC B as destination @) within the subnet B.
- PC B receives the datagram

6. Briefly explain the CHARGEN and ECHO transport layer services, and the Snork attack,
that is based on them.

- The CHARGEN service (CHARacter GENerator) responds with a random string of

characters to the host that requests it receives.
- ECHO service: It is used as a test system to verify the operation of the IP protocol.

- The Snork attack is based on crossing ECHO and CHARGEN services by sending a
false CHARGEN service request, having previously set as the source address the IP
address of the machine to be attacked (with the ECHO service port as response port).
Thus, an infinite ping-pong game begins.

7. Briefly describe the two approaches of firewall operation. Briefly explain the two types of
firewalls (depending on the communications layer they work).

- To let pass all traffic by default and add filters to those who do not want to accept
datagrams.
- To block all traffic by default and add filters to let pass only traffic allowed.

- Packet filtering routers: network layer (and transport): Filter based on source/destination
IP addresses, source/destination Ports or even protocol
- Proxy servers: Application layer: application specific. Must “understand” the application
protocol being used, so they can also implement protocol specific security

8. Based on the operation of the BGP (Border Gateway Protocol) protocol, briefly explain
how the attacks against BGP work.

BGP is an inter-Autonomous System routing protocol. The primary function of a BGP

speaking system is to exchange network reachability information with other BGP
systems. This network reachability information includes information on the list of
Autonomous Systems (ASes) that reachability information traverses.

11
 The attacks are based on sending fake BGP messages to redirect traffic between AS,
e.g. to create black holes o for man-in-the-middle attacks.

9. Briefly explain the two basic types of IDS depending of the location of the sensors, the
two basic behaviours of the analyzers/correlators in IDS, and the two basic behaviors of
the response units in IDS.

Location of sensors:
- Network-based: Sensor in network
- Host-based: Sensors in hosts
Behaviour of analyzers/correlators:
- Knowledge-based: Compare/look at a database of traffic patterns. Basically, only known
attacks
- Based on behaviour: find deviations from normal use
Behaviour of response units:
- Active IDS lock attacks when they are detected usually by adding filters in a firewall
- Passive only trigger an alarm e.g. sending an e-mail

10. Briefly describe 3 security issues in Ad-hoc networks.

- Availability: Network services should operate properly. Network services should tolerate
failures even when DoS attack threats
- Physical Security: Nodes are assumed to have low physical security. Nodes can easily
be stolen or compromised by an adversary
- Identification and Authentication: Only authorized nodes (subjects) can have access to
data (objects). Only authorized nodes may form, destroy, join or leave groups
- etc.

11. Briefly discuss the privacy issues in Pervasive / Ubiquitous computing.

Pervasive computing systems may have implications for privacy, security and safety, as a
result of their ability to:
- gather sensitive data, for example on users' everyday interactions, movements,
preferences and attitudes, without user intervention or consent;
- retrieve and use information from large databases/archives of stored data;
- alter the environment via actuating devices.

Pervasive computing requires continuous monitoring of user actions. Data are not always
“anonymous”

12. Briefly describe (or list if enough) 4 mechanisms to protect Agent Platforms or to protect
Agent (4 in total).

- Protecting the platform: Sandbox, Safe code interpretation, Signed code, State
appraisal, Path histories, Proof carrying code

- Protecting the agent: Result encapsulation, Remote agent tracking, Execution tracking,
Environmental key generation, Encrypted functions, Obfuscated code

12