Weak Split Whisper

Figure: Weak-Split construction using a globally known hash function $h()$

Figure 3 illustrates the weak-split construction using a simple example topology. Weak-Split whisper is motivated by the hash-chain construction used by Hu et al. [21,20] in the context of ad-hoc networks. The key idea is as follows: The origin AS generates a secret $x$ and propagates $h(x)$ to its neighbors where $h()$ is a globally known one-way hash function. Every intermediary AS in the path repeatedly hashes the signature field. An AS that receives two routes $r$ and $s$ of AS hop lengths $k$ and $l$ with signatures $y_r$ and $y_s$ can check for consistency by testing whether $h^{k-l}(y_s) = y_r$.

The security property that the weak-whisper guarantees is: An independent adversary that is $N$ AS hops away from an origin AS can propagate invalid routes of a minimum length of $N-1$ without being detected as inconsistent. An AS that is $N$ hops away from the origin knows the value $h^{N}(x)$ but cannot compute $h^{k}(x)$ for any $k<N$ since $h()$ is a one-way hash function. Such an AS also is not supposed to reveal its hash value to other nodes (unless the AS colludes with other AS's). However, the adversary can forward any fake path of length $N-1$.

Hence, weak-split whisper does not provide strong forms of security guarantees. In particular, it cannot ensure path integrity i.e. a malicious AS could modify the AS numbers of a path without affecting the AS path length.