부산대학교 도서관

Distributed cyberphysical systems depend on secure wireless ad hoc networks to ensure that the sensors, controllers, and actuators (or nodes) in the system can reliably communicate. Such networks are difficult to design because, being inherently complex, they are vulnerable to attack. As a result, the current process of designing secure protocols for wireless ad hoc networks is effectively an arms race between discovering attacks and creating fixes. At no point in the process is it possible to make provable performance and security guarantees. This paper proposes a system-theoretic framework for the design of secure open wireless ad hoc networks, that provides precisely such guarantees. The nodes are initially unsynchronized, and join the network at any stage of the operation. The framework consists of a zero-sum game between all protocols and adversarial strategies, in which the protocol is announced before the adversarial strategy. Each choice of protocol and adversarial strategy results in a payoff. The design imperative is to choose the protocol that achieves the optimal payoff. We propose an “edge-tally supervised” merge protocol that is theoretically significant in three ways. First, the protocol achieves the max-min payoff; the highest possible payoff since the adversarial strategy always knows the protocol a priori . Second, the protocol actually does better and achieves the min-max payoff; it is a Nash equilibrium in the space of protocols and adversarial strategies. The adversarial nodes gain no advantage from knowing the protocol a priori . Third, the adversarial nodes are effectively limited to either jamming or conforming to the protocol; more complicated behaviors yield no strategic benefit.