computer networks ivan marsic rutgers university chapter 7 – network security chapter 8 –...
TRANSCRIPT
Computer Networks
Ivan Marsic
Rutgers University
Chapter 7 – Network SecurityChapter 8 – Network Monitoring
Chapter 9 – Internet ProtocolsAPPENDIX: Probability Refresher
Network Security
Chapter 7
Topic:Secure Communication
Network Security Problem Symmetric and Public-Key Cryptosystems Cryptographic Algorithms Authentication
4
Network Security Problem
Sender Receiver
Padlockand sharedkey copy
Sharedkey copy
Content
MessageIntermediary
Threats posed by intruder/adversary:• forge the key and view the content• damage/substitute the padlock• damage/destroy the message• observe characteristics of messages
(statistical and/or metric properties)
Receiver needs:• receive securely a shared key copy• positively identify the message sender • detect any tampering with messages
Sender needs:• receive securely a copy of the shared key • positively identify the message receiver
Secure/Confidential Communication ?
Objectives of Information Security
• Confidentiality: information not disclosed or revealed to unauthorized persons
• Integrity: consistency of data—preventing unauthorized creation, modification, or destruction
• Availability: legitimate users are not unduly denied access to resources, including information resources, computing resources, and communication resources
• Authorized use: resources are not used by unauthorized persons or in unauthorized ways
Message Encoding and Decoding
• Encoding takes a message M and produces a coded form f(M)
• Decoding the message requires an inverse function , such that = M. )(1 Mff
Two Basic Types of Cryptosystems
• Symmetric systems: both parties use the same (secret) key in encryption and decryption transformations
• Public-key systems (aka asymmetric systems): the parties use two related keys, one of which is secret and the other can be publicly disclosed
Public-Key Cryptosystem
8
Sender Receiver
1. Sender secures the briefcasewith his/her padlock and sends
2. Receiver additionally securesthe briefcase with his/herpadlock and returns
3. Sender removes his/herpadlock and sends again
4. Receiver removes his/herpadlock to access the content
Sender’spadlock
Receiver’spadlock
Public-Key Cryptosystem - mod
9
Sender
Receiver
Receiver distributes his/her padlock (unlocked)to sender ahead of time, but keeps the key
Sender uses the receiver’s padlockto secure the briefcase and sends
Receiver removes his/herpadlock to access the content
Receiver’spadlock (unlocked)
Receiver’skey
“Public key” “Private key”
Public-Key Cryptography
In RSA, receiver does the following:
• Randomly select two large prime numbers p and q, which always must be kept secret.
• Select an integer number E, known as the public exponent, such that (p 1) and E have no common divisors, and (q 1) and E have no common divisors.
• Determine the product n = pq, known as public modulus.
• Determine the private exponent, D, such that (ED 1) is exactly divisible by both (p 1) and (q 1). In other words, given E, we choose D such that the integer remainder when ED is divided by (p 1)(q 1) is 1.
• Release publicly the public key, which is the pair of numbers n and E, K = (n, E). Keep secret the private key, K = (n, D).
Example: send the plaintext “hello world”
• receiver chooses p = 5 and q = 7• receiver chooses E = 5, because 5 and (5 1)(7
1) have no common factors. Also, n = pq = 35
• receiver chooses D = 29, because
i.e., they are exactly divisible. • receiver’s public key is K = (n, E) = (35, 5),
which is made public. The private key K = (n, D) = (35, 29) is kept secret.
624144
641295
)1()1(1
qp
DE
Example, cont’d
Plaintext letterPlaintext numeric
representationBE Ciphertext BE % n
h 8 85 = 32768 85 % 35 = 8
e 5 55 = 3125 55 % 35 = 10
l 12 125 = 248832 125 % 35 = 17
l 12 248832 17
o 15 155 = 759375 155 % 35 = 15
Ciphertext CD B = CD % n Plaintext letter
8 829 = 154742504910672534362390528 829 % 35 = 8 h
10 100000000000000000000000000000 5 e
17 481968572106750915091411825223071697 12 l
17 481968572106750915091411825223071697 12 l
15 12783403948858939111232757568359375 15 o
Encryption
Decryption
Example, cont’d
• While the adversary knows n and E, he or
she does not know p and q, so they cannot
work out (p 1)(q 1) and thereby find D.
Topic:Authentication
Network Security Problem Symmetric and Public-Key Cryptosystems Cryptographic Algorithms Authentication
Authentication Protocol (1)
Secure communication is not enough … playback attack:
Assumption: Only Sender needs to be authenticated to Receiver, not mutually.
Sender ReceiverAdversary
record
EncryptPK-receiversender-ID, password
ACK
replay EncryptPK-receiversender-ID, password
ACK
Receiver’s public key
Replayed message
Authentication Protocol (2)Solution to playback attack:
Sender ReceiverAdversary
record
EncryptPK-receiversender-ID, password
replay EncryptPK-receiversender-ID, password
Does not know how to reply!
Receiver’s public key
number used once and
never again
EncryptPK-receivernonce1
EncryptPK-sendernonce1
Sender’s public key
Receiver’s public key
ACK
EncryptPK-sendernonce2
Impersonation Attack
PROBLEM: Public key distribution … Adversary impersonates Bank
PROBLEM: Customer unaware that Adversary obtained his account info!
Customer BankAdversary
EncryptPK-adversarycustomer-ID, password, PK-customer
I am Bank and here is my public key
Adversary’s public key
Decrypt Customer’s message and obtain ID & password
EncryptPK-bankcustomer-ID, password, PK-adversary
Bank’s public key
Assumption:Adversary obtained Bank’s public key
Adversary’s public keyCustomer’s
public key
EncryptPK-adversarycustomer-account-infoDecrypt Bank’s message and obtain Customer account info
EncryptPK-customercustomer-account-info
Customer’s public key
Network Monitoring
Chapter 8
Packet-pair Dispersion
Router 1 Router 2Link 1Link 2
Link 3
Sendpacket
pair
Receivepacket
pair
t2 t1t4 t3
t4 t3
Pkt-1P1P2
Pkt-1Pkt-2Pkt-2Pkt-2
Packets
Minimum packet spacing at bottleneck link
Same spacing is preserved on higher speed links= Time to process P bytes packet
P
Link speed estimation = P/
Flow direction
t1 t2 t3 t4
Internet Protocols
Chapter 9
The Internet Reference Model
http://en.wikipedia.org/wiki/OSI_model
Visit http://en.wikipedia.org/wiki/Internet_reference_model for more details on the Internet reference model
IPv6 Header0 11 12 313 4 15 16
20-bit flow label
16-bit payload length 8-bit hop limit
versionnumber
40bytes
8-bit traffic class
next header
128-bit (16-byte) destination IP address
128-bit (16-byte) source IP address
IPv6 Address Prefix Assignments
11111111
Unspecified
Loopback within this network
Multicast addresses
Link-local use unicast
127
127
127
127
0
00000000 ... 00000000
0
1270
9 100
11111110 10
0
00000000 ... 00000001
7 8
Anything
Anything
Site-local use unicast 11111110 11 Anything9 10
Everything elseGlobal unicast
1270
00000000Reserved
1270 7 8
Anything
IPv4 compatible address(Node supports IPv6 & IPv4)
127
1270 95 96
0
00000000 ... 00000000
000000 ... 000000IPv4 mapped address(Node does not support IPv6)
111...11
IPv4 Address
IPv4 Address
95 96
79 80
IPv6 Global Unicast Address
global routing prefixIPv6 global unicast address
general format
1270 (n bits) (m bits) (128 n m bits)
subnet ID interface ID
global routing prefixIPv6 global unicast address
format for prefix not “000”
1270 (n bits) (64 bits)(64 n bits)
subnet ID interface ID
(b)
(a)
Example IPv6 Extension Headers
application data payload
IPv6 main header
Hop-by-hopoptions header
Routing header
Fragment header
Destinationoptions header
TCP header
MandatoryIPv6 header
Optionalextension
headers
IPv6 packetpayload
40 bytes
variable
variable
variable
8 bytes
20 bytes (default)
variable
= Next Header field
Format of IPv6 Extension Headers
0 15 16 317 8
Hdr ext len
One or more options
Reserved
0 15 16 317 8
(a) Hop-by-Hop Options header;Destinations Options header
(b) Fragment header
Next headerNext header
Next headerNext header MRes
28 29
Fragment offset
Identification
0 15 16 31
Type-specific data
23 24
Segments left
(c) Generic Routing header
Next headerNext header
7 8
Hdr ext len Routing type
0 15 16 317 8
Hdr ext len
One or more options
Reserved
0 15 16 317 8
(a) Hop-by-Hop Options header;Destinations Options header
(b) Fragment header
Next headerNext header
Next headerNext header MRes
28 29
Fragment offset
Identification
0 15 16 31
Type-specific data
23 24
Segments left
(c) Generic Routing header
Next headerNext header
7 8
Hdr ext len Routing type
0 7 8
Next headerNext header
Reserved
(d) Type 0 Routing header
Address[n]
15 16 3123 24
Segments leftHdr ext len 0
Address[1]
Address[2]
0 7 8
Next headerNext header
Reserved
(d) Type 0 Routing header
Address[n]
15 16 3123 24
Segments leftHdr ext len 0
Address[1]
Address[2]
RIP Header (for IPv4)
Total up to 25 route entries
0 15 16 317 8
version unused (must be zero)
address family identifier
distance metric
IPv4 address
route tag
command
next hop
subnet mask16
bytes
8bytesRIP header
RIP route entry
Total up to 25 route entries
0 15 16 317 8
version unused (must be zero)
address family identifier
distance metric
IPv4 address
route tag
command
next hop
subnet mask16
bytes
8bytesRIP header
RIP route entry
OSPF Directed Graph of an AS
AAN1
N2
BB
CC
DD
H2
N3AS
AS
H1 1
2
1
1
5
3
1
8
6
7
4
N1
A
B
C
D
N3N2
H2
12
1
57
1
3
6
8
14
(a)
(b)
OSPF Header (for IPv4)
OSPF packet payload
0 15 16 317 8
type packet length
area ID
version
authentication
24bytesOSPF header
checksum authentication type
source router address (IPv4 )
OSPF - LSA Header0 15 16 317 8
LS age
LS sequence number
authentication
20bytesLSA header
LS checksum length
link state ID
typeoptions
link ID
link data
link type num_TOS metric
optional TOS information
Link descriptionfor LSA type = 1
(more link descriptions)
16bytes
0 0 number of linksflags
eBGP and iBGP Sessions
AS AS
LL
KK
NN
PP
OO QQ
MM
AS
AS
HH
JJ
II
AA
FF
BB
GG
DD
CC
EE
Link-layer connection
eBGP TCP session
Key:
iBGP TCP session
Link-layer connection
eBGP TCP session
Key:
iBGP TCP session
BGP Finite State Machine
ManualStart ORAutomaticStart /
ManualStop /
ConnectRetryTimerexpired / retry
DelayOpenTimer expires ORDelayOpen attribute == FALSE /
ManualStop OR AutomaticStop ORHoldTimer expired /
send NOTIFICATION cease
OPEN or msg recvd / send KEEPALIVE msg
KEEPALIVEmsg recvd /
ManualStop OR AutomaticStop OR Error in msg detected ORNOTIFICATION error recvd /
KEEPALIVE orUPDATE msg recvd /
TcpConnectionFails /
Idle
Established
Setting upTCP connection
{Connect, Active}
OpeningBGP session
{OpenSent, OpenConfirm}
Detail from Figure 1-49:
NN
RR
SS
AS
AS
{AS
{AS, A
S, A
S}}
{AS
{AS, A
S, A
S}}
{{CustCust}}{{CustCust}}
AS
BGP Header & Message Formats
(a) BGP header format
0 15 16 3123 24
MarkerMarker
LengthLength TypeType
0 7 8 15 16 3123 24
MarkerMarker
LengthLength Type: OPENType: OPEN VersionVersion
My autonomous systemMy autonomous system Hold timeHold time
BGP identifierBGP identifier
Optional parameters (variable)Optional parameters (variable)
Optional Optional paramsparamslengthlength
(b) BGP OPEN message format
(c) BGP KEEPALIVE message format
0 15 16 3123 24
MarkerMarker
LengthLengthType:Type:
KEEPALIVEKEEPALIVE
0 7 8 15 16 3123 24
MarkerMarker
LengthLength Error codeError code
Data (variable)Data (variable)Error Error subcodesubcode
(d) BGP NOTIFICATION message format
Type:Type:NOTIFICATIONNOTIFICATION
BGP UPDATE Message
0 7 8 15 16 3123 24
MarkerMarker
LengthLength Type: Type: UPDATEUPDATE
Withdrawn routes (variable)Withdrawn routes (variable)
Withdrawn routes lengthWithdrawn routes length
Path attributes (variable)Path attributes (variable)
Total path attribute lengthTotal path attribute length
Network layer reachability information (variable)Network layer reachability information (variable)
(a) BGP UPDATE message format (c) Attribute type format
Attribute type (2 bytes)Attribute type (2 bytes) Attrib. length (1 or 2 bytes)Attrib. length (1 or 2 bytes)
Attribute value (variable)Attribute value (variable)
(b) Path attribute format
Attributetype codeO T P E 0
Attribute flags
OptionalTransitive
PartialExtended Length
Example BGP UPDATE Message
AS AS
LL
KKNN
AS
OO
MM
Subnet Prefix =128.34.10.0/24
192.12.69.2
Prefix = 128.34/16
Prefix = 128.34/16
AS_PATH = {AS
AS_PATH = {AS}}
NEXT_HOP = 192.12.69.2
NEXT_HOP = 192.12.69.2
UPDATE
192.12.69.1
Prefix = 128.34/16
Prefix = 128.34/16
AS_PATH = {
AS_PATH = {ASAS, , ASAS}}
NEXT_HOP = 192.12.62.1
NEXT_HOP = 192.12.62.1UPDATE
192.12.62.1
192.12.62.2
128.34.10.0/24 192.12.69.2
Prefix Next Hop
K’s forwarding table:
128.34.10.0/24 192.12.50.5
Prefix Next Hop
N’s forwarding table:
128.34.10.0/24 192.12.62.1
Prefix Next Hop
O’s forwarding table:
AS BGP routing table:
128.34.10.0/24 192.12.69.2
Prefix Next HopPath
{AS}
K’s IGP routing table:
128.34.10.0/24 0
Destination Cost
KK’’ss BGPBGP
Next Hop
+
192.12.50.5
+AS BGP routing table
N’s IGP routing table:
128.34.10.0/24 2
Destination Cost Next Hop
Router M
Router K 2 Router M
AS AS
LL
KKNN
AS
OO
MM
Subnet Prefix =128.34.10.0/24
192.12.69.2
Prefix = 128.34/16
Prefix = 128.34/16
AS_PATH = {AS
AS_PATH = {AS}}
NEXT_HOP = 192.12.69.2
NEXT_HOP = 192.12.69.2
UPDATE
Prefix = 128.34/16
Prefix = 128.34/16
AS_PATH = {AS
AS_PATH = {AS}}
NEXT_HOP = 192.12.69.2
NEXT_HOP = 192.12.69.2
UPDATE
192.12.69.1
Prefix = 128.34/16
Prefix = 128.34/16
AS_PATH = {
AS_PATH = {ASAS, , ASAS}}
NEXT_HOP = 192.12.62.1
NEXT_HOP = 192.12.62.1UPDATE
Prefix = 128.34/16
Prefix = 128.34/16
AS_PATH = {
AS_PATH = {ASAS, , ASAS}}
NEXT_HOP = 192.12.62.1
NEXT_HOP = 192.12.62.1UPDATE
192.12.62.1
192.12.62.1
192.12.62.2
128.34.10.0/24 192.12.69.2
Prefix Next Hop
K’s forwarding table:
128.34.10.0/24 192.12.69.2
Prefix Next Hop
K’s forwarding table:
128.34.10.0/24 192.12.50.5
Prefix Next Hop
N’s forwarding table:
128.34.10.0/24 192.12.50.5
Prefix Next Hop
N’s forwarding table:
128.34.10.0/24 192.12.62.1
Prefix Next Hop
O’s forwarding table:
128.34.10.0/24 192.12.62.1
Prefix Next Hop
O’s forwarding table:
AS BGP routing table:
128.34.10.0/24 192.12.69.2
Prefix Next HopPath
{AS}
AS BGP routing table:
128.34.10.0/24 192.12.69.2
Prefix Next HopPath
{AS}
K’s IGP routing table:
128.34.10.0/24 0
Destination Cost
KK’’ss BGPBGP
Next Hop
K’s IGP routing table:
128.34.10.0/24 0
Destination Cost
KK’’ss BGPBGP
Next Hop
+
192.12.50.5
192.12.50.5
+AS BGP routing table
N’s IGP routing table:
128.34.10.0/24 2
Destination Cost Next Hop
Router M
Router K 2 Router M
N’s IGP routing table:
128.34.10.0/24 2
Destination Cost Next Hop
Router M
Router K 2 Router M
BGP MULTI_EXIT_DISC (MED) Attribute
AS
AS
AS
AS
AS LL
KKNN
HH
MM
AA
FF
BB
GG
DD
CC
EE
AS
AS
AS
Pref
ix= so
me
pref
ix in
AS
Pref
ix= so
me
pref
ix in
AS
AS_P
ATH
= {
AS_P
ATH
= {A
SAS,
, ASAS}}
ME
D =
300
ME
D =
300
UP
DA
TE
Prefix=
some p
refix i
n AS
Prefix=
some p
refix i
n AS
AS_PATH =
{
AS_PATH =
{ASAS, , A
SAS}}
MED =
100
MED =
100UPDATE
AS
AS
AS
AS
AS LL
KKNN
HH
MM
AA
FF
BB
GG
DD
CC
EE
AS
AS
AS
Pref
ix= so
me
pref
ix in
AS
Pref
ix= so
me
pref
ix in
AS
AS_P
ATH
= {
AS_P
ATH
= {A
SAS,
, ASAS}}
ME
D =
300
ME
D =
300
UP
DA
TEPr
efix=
som
e pr
efix
in AS
Pref
ix= so
me
pref
ix in
AS
AS_P
ATH
= {
AS_P
ATH
= {A
SAS,
, ASAS}}
ME
D =
300
ME
D =
300
UP
DA
TE
Prefix=
some p
refix i
n AS
Prefix=
some p
refix i
n AS
AS_PATH =
{
AS_PATH =
{ASAS, , A
SAS}}
MED =
100
MED =
100UPDATE
Prefix=
some p
refix i
n AS
Prefix=
some p
refix i
n AS
AS_PATH =
{
AS_PATH =
{ASAS, , A
SAS}}
MED =
100
MED =
100UPDATE
Address Resolution Protocol (ARP)
Need for multiple addresses, hierarchical vs. non-hierarchical
1P3BP49K7J F1119661P3BP49K7J F111966
Vehicle identification number (VIN)
Registration plate
Address Resolution Protocol (ARP)
Target
IP: 192.200.96.23MAC: A3-B0-21-A1-60-35
IP: 192.200.96.22MAC: 00-01-03-1D-CC-F7
Sender
IP: 192.200.96.21MAC: 01-23-45-67-89-AB
IP: 192.200.96.20MAC: 49-BD-2F-54-1A-0F
Sender MAC: 01Sender MAC: 01--2323--4545--6767--8989--ABABSender IP: 192.200.96.21Sender IP: 192.200.96.21Target IP: Target IP: 192.200.96.23192.200.96.23
ARP Request: to FF-FF-FF-FF-FF-FF
Sender MAC: 01Sender MAC: 01--2323--4545--6767--8989--ABABSender IP: 192.200.96.21Sender IP: 192.200.96.21Target IP: Target IP: 192.200.96.23192.200.96.23
ARP Request: to FF-FF-FF-FF-FF-FF
Sender MAC: Sender MAC: A3A3--B0B0--2121--A1A1--6060--3535Sender IP: 192.200.96.23Sender IP: 192.200.96.23Target MAC: 01Target MAC: 01--2323--4545--6767--8989--ABABTarget IP: 192.200.96.21Target IP: 192.200.96.21
ARP Reply
Sender MAC: Sender MAC: A3A3--B0B0--2121--A1A1--6060--3535Sender IP: 192.200.96.23Sender IP: 192.200.96.23Target MAC: 01Target MAC: 01--2323--4545--6767--8989--ABABTarget IP: 192.200.96.21Target IP: 192.200.96.21
ARP Reply
ARP Packet Format (for IPv4)
0 15 16 317 8
Protocol addr len = 4
Protocol type = 0x0800Hardware type = 1
Target hardware address (6 bytes)
Sender hardware address (6 bytes)
Target protocol address
Hardware addr len = 6
Sender protocol address (last 2 bytes)
Sender protocol address (first 2 bytes)28
bytes
Operation
Mobile IP
Correspondent node (CN)
Mobile node (MN)
Home Agent (HA)
1
2
3
4
Foreign Agent (FA)
SNMP
Managed device
MIBMIB
Network management system (NMS)
Messages
SNMP manager (client)
SNMP manager (client)
SNMP agent
(server)
SNMP agent
(server)
(a)
(b)
Network
Agent
Managedobjects
GetRequest
GetNextRequest
ResponseResponse
ResponseResponse
GetBulkRequest
SetRequest
ResponseResponse
ResponseResponse
TrapTrap
InformRequestInformRequestInformRequestInformRequestNMS
Probability Refresher
Appendix
Jar with Black & White Balls
Random Events
Possible outcomes of two coin tosses:
“Tree diagram” of possible outcomes of two coin tosses:
HH HT
TH TT
HH HT
TH TT
H T
H
T
First toss
Second toss
First toss
Second toss Outcome
HH
HT
TH
TT
H
T
T
H
½½
½½
½
½
H
T
(a) (b)
Drawing from Jar/Urn Decided by Rolling a Die
JarJar UrnUrn
EXPERIMENT 1:Roll a die; if outcome is 1 or 2, select Jar; else, select Urn
EXPERIMENT 2:Draw a ball from the selected container
Probability Matrix for Ball Drawing
n12
n22
y1 = Jar
y2 = Urn
x1 = Black x2 = White
n11
c2
n21
r1Random variable Y:Identity of the vessel
that will be chosen
Random variable X: Color of the ball
Illustration for Bayes Theorem
JarJar UrnUrn
EXPERIMENT 1:Roll a die; if outcome is 1 or 2, select Jar; else, select Urn
EXPERIMENT 2:Draw a ball from the selected container
Guess whether the ball was drawn from
Jar or from Urn
Poisson Process
average arrival rate = 5
0
5
10
15
20
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
arrivals per time unit (n)
pe
rce
nt
of
oc
cu
rre
nce
s (
%)
Partitioning of Areas Under Normal Curve
0
34.13% 34.13%
2 3 4 2 3 4
13.59% 13.59%
2.15%2.15%0.13%0.13%
0.4
0.3
0.2
0.1
0.0
0
34.13% 34.13%
2 3 4 2 3 4
13.59% 13.59%
2.15%2.15%0.13%0.13%
0.4
0.3
0.2
0.1
0.0
Areas between selected points under the normal curve
How to Read Table A-1
0
Area between mean and z(from Column B)
1 1 2 3 4 2 3 4
z = 1.50(in Column A)
43.32%
0.4
0.3
0.2
0.1
0.0
Area beyond z(from Column C)
6.68%6.68%
0
Area between mean and z(from Column B)
1 1 2 3 4 2 3 4
z = 1.50(in Column A)
43.32%
0.4
0.3
0.2
0.1
0.0
Area beyond z(from Column C)
6.68%6.68%
(A) z
(B) area
between mean and z
(C) area
beyond z
(A) z
(B) area
between mean and z
(C) area
beyond z
(A) z
(B) area
between mean and z
(C) area
beyond z
0.00 .0000 .5000 0.55 .2088 .2912 1.10 .3643 .1357 0.01 .0040 .4960 0.56 .2123 .2877 1.11 .3665 .1335 0.02 .0080 .4920 0.57 .2157 .2843 1.12 .3686 .1314 0.34 .1331 .3669 0.89 .3133 .1867 1.44 .4251 .0749 0.35 .1368 .3632 0.90 .3159 .1841 1.45 .4265 .0735 0.36 .1406 .3594 0.91 .3186 .1814 1.46 .4279 .0721 0.37 .1443 .3557 0.92 .3212 .1788 1.47 .4292 .0708 0.38 .1480 .3520 0.93 .3238 .1762 1.48 .4306 .0694 0.39 .1517 .3483 0.94 .3264 .1736 1.49 .4319 .0681 0.40 .1554 .3446 0.95 .3289 .1711 1.50 .4332 .0668 0.41 .1591 .3409 0.96 .3315 .1685 1.51 .4345 .0655 0.42 .1628 .3372 0.97 .3340 .1660 1.52 .4357 .0643 0.43 .1664 .3336 0.98 .3365 .1635 1.53 .4370 .0630 0.44 .1700 .3300 0.99 .3389 .1611 1.54 .4382 .0618 0.45 .1736 .3264 1.00 .3413 .1587 1.55 .4394 .0606 0.46 .1772 .3228 1.01 .3438 .1562 1.56 .4406 .0594 0.47 .1808 .3192 1.02 .3461 .1539 1.57 .4418 .0582 0.48 .1844 .3156 1.03 .3485 .1515 1.58 .4429 .0571 0.49 .1879 .3121 1.04 .3508 .1492 1.59 .4441 .0559 0.50 .1915 .3085 1.05 .3531 .1469 1.60 .4452 .0548 0.51 .1950 .3050 1.06 .3554 .1446 1.61 .4463 .0537 0.52 .1985 .3015 1.07 .3577 .1423 1.62 .4474 .0526 0.53 .2019 .2981 1.08 .3599 .1401 1.63 .4484 .0516 0.54 .2054 .2946 1.09 .3621 .1379 1.64 .4495 .0505
(A)
z
(B)area
between mean and z
(C)area
beyondz
1.50 .4332 .0668
(A)
z
(B)area
between mean and z
(C)area
beyondz
(A)
z
(B)area
between mean and z
(C)area
beyondz
1.50 .4332 .06681.50 .4332 .0668