Entrenamiento

A Merkle tree [75] is a special binary tree that starts with hashing every packet using a one-way hash function that takes an input and turns it into a unique hash using a mathematical algorithm. The resulting hashes of these packets are called the leaves of the tree located at the leaves level ([H00], [H01], [H02], and [H03] in figure 3.2). Every

[H11] in figure 3.2). Depending on the size of the tree, the child hashes are then also

concatenated and hashed to derive further child hashes. This process is repeated until only one value is left, the root, or the Merkle root ([H20] in figure 3.2). The Merkle

root can be used to authenticate messages, and can also reduce the authentication overhead needed.

In OppNets, Merkle trees will be used to verify that data transferred in a path is complete. If one packet is removed, the hash of its parent will change. Which will change the hash of its parent, and so on, resulting in the Merkle root’s hash to change as well.

Figure 3.2: A Merkle tree

A hash function must produce a hash with a fixed length output. An important step in the hash construction process, which is called the Merkle-Demgrad construc- tion, is that the last hashed packet should be clearly padded with the length of the message [75]. The Merkle-Demgrad construction is also resistant to collisions. Pop- ular functions include SHA-1, SHA-2, SHA-3, and MD5. In the proposed system, SHA-1 was used. The hash (h) formula for any packet (p) in the Merkle tree is h(p) = h(h(p.lef t) + h(p.right)) where p.lef t and p.right are left and right sub trees of that packet. Therefore, the hash for the root h(A) = h(h(B) + h(C)).

When choosing a cryptographic hash function, it is important that it has the fol- lowing features:

• Easy to compute the hash value for any given data.

• You cannot generate the original data from a given hash (one-way only) [107]. • You cannot change a packet without changing its hash.

Merkle trees are perfectly complete when the number of leaves/packets is even, and in each level of the tree (except the root), the number of hashes is also even. If the number at any level of the tree is odd, the tree is referred to as a complete (but not perfect) tree. In the proposed method, both perfectly complete trees and trees that require completion are considered. If the number of hashes is not even at any level of the tree, the odd hash is concatenated with itself to form a new parent hash value. Further explanation follows:

• Perfect complete binary tree: Has an even number of packets that results in an even number of elements at each level in the tree from bottom-top (except the root). For example, as shown in figure 3.3, there are 8 packets which result in 8 hashes, results to 4 parent hashes, then 2, then 1. As can be seen from the figure, the number of elements in each level is even, or perfectly completely filled.

Figure 3.3: A perfect complete binary Merkle tree

• Complete binary tree: The number of packets can be any number and there are no restrictions on requiring the tree to have a perfect complete number of packets. However, the tree needs to be completed in order to build the tree. This can be addressed in 2 ways:

1. If there is an odd number of hashes at any level of the tree, the last packet’s hash value is concatenated with itself to form a new hash value that is used as input to the hash function to compute the parent hash value. An example is shown in figure 3.4, the leaf hash value of the fifth packet is single (H04), so it will be concatenated with itself to generate the parent

hash value (H12). At level 1, H12 is concatenated with itself to generate

the parent hash value (H21), and at level 2, H21is merged with the rest of

the tree. The concatenation process needs to happen at every level of the tree only when the resulting hashes in the level is not even. For example,

in Fig 3.4, the hashes needed self-concatenation at the "Leaf hashes" and "Level 1" levels, but not in "Level 2".

Figure 3.4: A Merkle tree with number of hashes that needs completion

Having an even number of packets does not guarantee having even num- ber of hashes at each level in the tree. Sometimes, the number of leaves is even, but at some point in the tree, an element has to be concatenated with itself to compute the value of the parent element, as shown in figure 3.5.

Figure 3.5: A complete Merkle tree with 18 packets

2. If the source wants to send number of packets less or more than a num- ber that makes a perfectly complete binary tree, then dummy packets are created to complete the tree, these dummy packets will be used to create filler hashes.

In the proposed approach, the first option is chosen to be used as it is easier to work with existing hashes than having the source node create filler hashes from extra dummy packets.

Advantages of using Merkle trees for this chapter include:

1. The advantage of using Merkle trees over cryptographic verifications is that packets can be verified using the root only first, if the received Merkle root matches with the calculated Merkle root, then there is no need to do further calculations, thus limiting the amount of data transferred which saves time and network resources [108].

2. They save computational resources needed to verify each packet. Hash calcu- lations perform significantly fast because of their small size (between 100-200 bits long), thus they don’t consume a lot of computational resources when compared to cryptographic verifications.

3. Sending and verifying all of the hashes individually is more expensive than the verification process performed using Merkle trees where only the Merkle roots are verified.

In the proposed technique, the sender (source node) performs algorithm 1, em- beds the Merkle root in each packet’s header and sends them to the destination through intermediate nodes, figure 3.6. Upon receipt, the destination node performs algorithm 1 to compute a new Merkle root.

Figure 3.6: Source sends the packets with embedded Merkle root to the destination

The reason why the root is chosen to be sent in each packet’s header, is to guar- antee the arrival of the root even if only one packet is received.

In algorithm 1:

• The source/destination hashes each packet to generate leaf hashes (lines 2 to 3).

• And computes the Merkle root (lines 13 to 15).

The source sends the packets along with the Merkle root inside each packet’s header. The destination receives the packets; it performs algorithm 1 to compute the hashes for the packets, builds a Merkle tree, and computes a new Merkle root.

Algorithm 1 Hash each packet, build Merkle tree, and compute the Merkle root

1: READ: packets

2: For all packets

3: hash[i] = createHash(packet[i])

4: For all hashes in each level

5: if numberOfHashes = even then

6: hash[i] = createHash(hash[i] + hash[i])

7: else

8: if !lastHash then

9: hash[i] = createHash(hash[i] + hash[i + 1])

10: else

11: hash[i] = createHash(hash[i] + hash[i])

12: end if

13: if level = last then

14: rootValue = hash[i]

15: end if

16: end if

The complexity of the algorithm depends on the number hashes which is depen- dent on the number of packets, and is "order N": O(N). The complexity of the algo- rithm is expressed as linear-time, meaning, the complexity increases as the packets increases.

The destination then performs algorithm 2 to use the computed Merkle root to compare with the original Merkle root sent by the source. If the 2 roots match, it means that the destination received the correct number of packets. If the 2 roots don’t match, the destination reports the path as malicious, and reports that a selective packet dropping attack has occurred. At this stage, the destination cannot identify the malicious node, and thus suspects that any node in the path could be malicious.

In algorithm 2:

• If the 2 roots are not equal, the destination reports that the path is malicious, and the path is added to the malicious paths list (lines 2 to 6).

Algorithm 2 Identify malicious paths

1: READ: merkleRoot’

2: if merkleRoot 6= merkleRoot’ then 3: Path is malicious

4: maliciousPaths[maliciousPathCounter] = currentPath

5: maliciousPathCounter++

6: end if