Journal of Modern Power Systems and Clean Energy

ISSN 2196-5625 CN 32-1884/TK

网刊加载中。。。

使用Chrome浏览器效果最佳,继续浏览,你可能不会看到最佳的展示效果,

确定继续浏览么?

复制成功,请在其他浏览器进行阅读

A Privacy-preserving Algorithm for AC Microgrid Cyber-physical System Against False Data Injection Attacks  PDF

  • Jun Yang
  • Yu Zhang
the College of Information Science and Engineering, Northeastern University, Shenyang, China; the Liaoning Provincial Transportation Planning and Design Institute Co., Ltd., Shenyang, China

Updated:2023-09-20

DOI:10.35833/MPCE.2022.000447

  • Full Text
  • Figs & Tabs
  • References
  • Authors
  • About
CITE
OUTLINE

Abstract

A new privacy-preserving algorithm based on the Paillier cryptosystem including a new cooperative control strategy is proposed in this paper, which can resist the false data injection (FDI) attack based on the finite-time control theory and the data encryption strategy. Compared with the existing algorithms, the proposed privacy-preserving algorithm avoids the direct transmission of the ciphertext of frequency data in communication links while avoiding complex iterations and communications. It builds a secure data transmission environment that can ensure data security in the AC microgrid cyber-physical system (CPS). This algorithm provides effective protection for AC microgrid CPS in different cases of FDI attacks. At the same time, it can completely eliminate the adverse effects caused by the FDI attack. Finally, the effectiveness, security, and advantages of this algorithm are verified in the improved IEEE 34-node test microgrid system with six distributed generators (DGs) in different cases of FDI attacks.

I. Introduction

WITH the wide access of distributed generators (DGs) and continuous development of intelligent power grid construction, the power grid has gradually become an active, controllable, and flexible active power grid cyber-physical system (CPS) [

1]-[4]. Microgrids, as an essential part of active distribution CPS, also have relevant advantages. Microgrids can not only operate with connection to the main grid, but also manage the energy flow within the system independently from the main grid. This feature makes a microgrid CPS play an essential role in the active power grid CPS [5]-[7]. In order to improve the operation of microgrids, hierarchical control structures are usually used to control microgrids [8], [9]. The hierarchical control structure generally includes the primary control layer, secondary control layer, and tertiary control layer [10], [11]. Efficient coordination among the control layers is an important condition for the safe operation of microgrid CPS.

Distributed control has gradually replaced centralized control with its flexibility and high reliability in recent years [

12], [13]. However, the problems caused by the lack of a control center need attention in the process of distributed information exchange. The most striking feature of the distributed system is the information propagating and data update between adjacent DGs, which determines that all adjacent DGs may be affected although just one DG is attacked. The distributed feature of DGs can make the entire microgrid CPS unstable when only one DG suffers from a simple network attack [14]. Network attacks prevent control algorithms from reaching the expected goal, directly affecting the frequency and voltage of the distributed system. Attackers will directly lead to the collapse of the microgrid in some more severe cases. Therefore, it is essential to study distributed cooperative control strategy, which can resist attacks and eliminate the damage to the microgrid CPS.

For distributed control systems, the false data injection (FDI) attack with a constant injection can destabilize the system without causing system tracking errors. The false data can easily pass the largest normalized residual test of the system compared with other attack types [

15]. The consistency of frequency among DGs is an important indicator to ensure the stable operation of AC microgrid CPS. The false data can cause serious harm to the AC microgrid CPS. In the existing research, the FDI attack is considered as noise or some other disturbances that destabilize the AC microgrid CPS. Reference [16] proposes an elastic distributed control method, which firstly judges whether DG is attacked or not, and then it gradually strips the attacked DG from the communication network through calculation. References [17]-[19] regard the influence of a limited number of attackers on the system as noise interference. Striping the frequency information of the system from noise is studied to solve the microgrid CPS defense problem. However, the noise filtering technology usually requires the noise of the system to have some prominent statistical characteristics. The above algorithms cannot provide effective protection for the microgrid CPS when the FDI attack is deliberately designed by the attacker. In this paper, the deliberately designed attack is considered as a constant injection. Reference [20] designs a trust and confidence-based control strategy to reduce the impact of attack on the system to ensure the security of the AC microgrid CPS when the system is under the constant FDI attack. The weight of attacked DG is reduced by establishing confidence factor strategy during the data iteration. However, the control strategy cannot eliminate the frequency deviation caused by the attacked DG when the AC microgrid CPS is stable. Reference [21] eliminates the complex weighting computation process, and introduces a virtual hidden layer based on the communication layer of the existing microgrid CPS. The attacker does not know the existence of the hidden layer. The control algorithm then protects the microgrid CPS to keep stable by iterative computation between the hidden and communication layers. It is worth noting that [20] ignores the case of the attack against the communication links between the layers and DGs. The communication expense also increases compared to the control algorithm proposed in [20]. Designing a new control algorithm that can provide comprehensive protection for microgrid CPS is an important issue now.

In the operation of existing microgrid CPS based on distributed architecture, the potential privacy leakage problem needs to be faced when the microgrid CPS continuously performs the continuous forced information interaction and iterative computation between DGs, including the leakage of the major iterative data and the destruction of the communication network. FDI attacks can destroy communication links and inject false data in the process of information propagating and data update. The algorithm will not complete the control objective due to the influence of the false data. If the data is encrypted at the sending place and decrypted on the data receiving side, even if there is incorrect data in the communication link, the data processed by the control algorithm will still be correct. References [

22] and [23] improve the Dijk-Gentry-Halevi-Vaikutanathan style of fully homomorphic encryption, and [24] designs a Brakerski/Fan-Vercauteren scheme based on high-degree polynomial multiplication to enhance the computational efficiency in the encryption process. Most research generally focuses on increasing the speed and efficiency of encryption. The practical application of the communication encryption algorithm has not been considered in the AC microgrid CPS.

On this basis, a new distributed cooperative control strategy based on communication encryption is designed in this paper. The main contributions are listed as follows.

1) A new privacy-preserving algorithm based on the Paillier cryptosystem is proposed, and this algorithm mainly includes two parts: the new cooperative control strategy and the encryption strategy. This algorithm not only ensures the frequency stability of each DG, but also prevents false data from destabilizing the frequency through communication links, thus ensuring the privacy and security of the AC microgrid CPS.

2) A new cooperative control strategy is proposed in this algorithm, which can completely eliminate the impact of FDI attacks on the AC microgrid CPS. The frequency of each DG can be restored to the reference value when the AC microgrid CPS reaches stable.

3) The second-order improved distributed cooperative control strategy based on the finite-time control theory is used in the cooperative control of the proposed algorithm. It can make the microgrid CPS restore stability faster.

4) Unlike the existing encryption strategy, the proposed encryption strategy in this algorithm avoids the direct transmission of the ciphertext of frequency data in the communication links, further ensuring the privacy and security of the AC microgrid CPS.

The rest of this paper is arranged as follows. Section II introduces the basic knowledge of graph theory, hierarchical control strategy, and finite-time control theory. A new privacy-preserving algorithm based on the Paillier cryptosystem is proposed and designed after analyzing the impact of attacks on the system in Section III. Simulation comparison study under different attack conditions using the IEEE 34-node test microgrid system is presented in Section IV. The conclusion is drawn in Section V.

II. Cooperative Control of AC Microgrids

A. Preliminary of Graph Theory

Let G=(V,E) signifies the graph of cyber network. There are a set of nodes V={v1, v2,...,vn} in the network topology diagram, which represent the local DGs within the microgrid. A series of edges EV×V denote the communication links between DGs. If node vi can receive information from node vj, node vj is the adjacent node to node vi. The Laplacian matrix L of network graph G is defined as:

L=diagj=1ndij-A (1)

where dij represents the degree of node vi, which is the number of edges emanating from the node vi; and A=[aij] represents the adjacency matrix, aij=1 if node vi can receive information from node vj, otherwise aij=0.

B. Primary Droop Control

The primary droop control is mainly applied in power controllers to control the output active and reactive power of inverters in microgrid CPS. The primary droop control exists in the module of DG i, where i=1,2,,n.

According to the operation law of AC microgrid, the connection between active power and angular frequency and the connection between reactive power and voltage can be obtained as:

ωi=ωr,i-mp,iPiUi=Ur,i-nq,iQi (2)

where ωi and Ui are the output angular frequency and voltage of the inverter i, respectively; Pi and Qi are the active and reactive power of the inverter i, respectively; mp,i and nq,i are the active and reactive droop coefficients through the rating of inverter i, respectively; and ωr,i and Ur,i are the primary control references.

C. Cooperative Secondary Control

The cooperative secondary control eliminates the frequency deviation due to the droop control. In this paper, the main objective is to design a distributed secondary control scheme for microgrid CPS under FDI attacks. The following condition needs to be satisfied when the AC microgrid CPS is stable.

limtωi-ωref=0 i=1,2,,n (3)

where ωref represents the reference frequency.

To achieve the above control objectives using distributed cooperative control strategy, the frequency recovery problem of microgrid containing n DGs can be converted to a tracking and synchronization problem for a first-order linear multi-intelligent. The inputs to the controller ui need to be designed by:

ui=ω˙i=ω˙r,i-mp,iP˙i (4)

where (). is the differential symbol.

D. Finite-time Control Theory

Lemma 1 [

25]: choose a suitable Lyapunov function V(x) of (4) as:

V˙(x)-KVφ(x) (5)

where K>0 and 0<φ<1. The frequency of each DG in the microgrid CPS will get a consensus in a finite time T:

TTmax=V1-φ(0)K(1-φ) (6)

where Tmax represents the maximum value of the finite time.

III. New Privacy-preserving Algorithm Based on Paillier Cryptosystem Under FDI Attack

In a microgrid containing multiple distributed power sources, the frequency consistency is critical to the stability of the microgrid. Therefore, the reasonable secondary frequency control is the key to realize the safe operation of the microgrid CPS. The constant FDI attack will cause the distributed cooperative control strategy to fail to achieve the control goal; then, it will cause the frequency deviation of the microgrid CPS. In this paper, a new privacy-preserving algorithm based on the Paillier cryptosystem is proposed to resist the FDI attack based on the attack model.

A. Attack Models

For the AC microgrid CPS, the types of FDI attack can be divided into two categories: the controller in the underlying model and the communication links between two DGs. Among them, the attack on the controller includes two situations, where the entire controller is hijacked by the attacker, and the controller input (actuators) is damaged due to the false data.

The attacks on actuators can be modeled by:

uic=ui+μiuia (7)

where uia is the FDI attack to the actuator i; uic is the control input under attack; and μi=1 represents the presence of attack and μi=0 represents the absence of attack.

If the controller is hijacked or the communication link between two DGs is damaged, the frequency of the system will be directly affected. Malicious damage caused by attackers can be modeled by:

ωic=ωi+ηiωiα (8)

where ωiα is the frequency deviation caused by the attacker in (4); ωic is the fallacious frequency; and ηi=1 represents the presence of attack and ηi=0 represents the absence of attack.

B. Design of Distributed Cooperative Control Strategy

To remove the negative results of FDI attack on the secondary control with constant injection, a second-order improved distributed cooperative control strategy based on the finite-time control theory is used in the cooperative secondary control. It is designed as:

ui=-αi=1,j=1naijsigφ(ωj-ωi)+gisigφ(ωref-ωi)dt-ωi (9)

where α>1; and sigφ(l)=sign(l)lφ, and sign(l) is the sign function defined by:

sign(l)=1        l>00       l=0-1    l<0 (10)

Lemma 2 [

25]: for an undirected figure G, if aij=aji is an odd function, then we have:

i=1,j=1naijxisig(xj-xi)=-12i=1,j=1naij(xi-xj)sig(xj-xi) (11)

Lemma 3 [

26]: let ξ1,ξ2,,ξn0, 0<θ<1, and then we have:

i=1nξiθi=1nξiθ (12)

Lemma 4 [

27]: for an undirected graph G, the properties of Laplacian matrix L^+diag(b^) can be described as:

xT(L^+diag(b^))x=12i=1,j=1naij(xj-xi)2+bijxi2 (13)

Donate the smallest eigenvalue of Laplacian matrix by λ˜(L^+diag(b^)), and then we can obtain:

xT(L^+diag(b^))xλ˜(L^+diag(b^))xTx (14)

Theorem 1: each DG frequency satisfies limtTv|ωi-ωref |=0 with the cooperative control strategy (9) adopted, then the AC microgrid CPS is stable, where Tv2V1-φ2(0)K(1-φ).

Proof: the Lyapunov function is selected as:

V=12δvTδv=12i=1nδvi2 (15)

where δvi=ui+ωi.

The derivative function of the Lyapunov function of control algorithm (9) can be expressed as:

V˙=i=1nδviδ˙vi (16)

Then, the control algorithm of the microgrid CPS can be rewritten as:

δ˙vi=d(ui+ωi)dt=αi=1,j=1naijsigφ(ωj-ωi)+gisigφ(ωref-ωi) (17)

Define the new adjacency matrix of undirected graph G as A^=[avij]n×n, where avij=(αaij)21+φ, and diag(b^)=[bvi]n×n, where bvi=-(αbi)21+φ. Equation (17) is equivalent to:

δ˙vi=i=1,j=1navij1+φ2sigφ(δvj-δvi)-bvi1+φ2sigφ(δvi) (18)

The derivative function of the Lyapunov function can be deduced as (19) by using (15)-(18).

V˙=i=1nδvii=1,j=1navij1+φ2sigφ(δvj-δvi)-bvi1+φ2sigφ(δvi) (19)

Based on Lemma 2, (19) can be converted to:

V˙=-12i=1,j=1navij(δvj-δvi)sig2φ1+φ(δvj-δvi)1+φ2-i=1nbviδvisig2φ1+φ(δvi)1+φ2 (20)

Taking the upper bound of (19) based on Lemma 3 and Lemma 4, (20) satisfies:

V˙-12i,j=1navij(δvj-δvi)2+2bviδvi21+φ2-i,j=1navij(δvj-δvi)2+bviδvi21+φ2-122x(Lv+diag(bv))xTδvTδv1+φ2-124x(Lv+diag(bv))xTV1+φ20 (21)

Based on Lemma 1, define K=124x(Lv+diag(bv))xT1+φ2, and we can obtain:

V˙-KV1+φ2 (22)

Finally, the frequencies of all DGs in the microgrid CPS will reach a consensus in a finite time Tv.

Tv2V1-φ2(0)K(1-φ) (23)

C. Stability Analysis of Algorithm Under FDI Attack

A constant FDI attack against the microgrid CPS causes a continuous deviation of the control input and frequency of the microgrid CPS. To demonstrate that the above algorithm can completely eliminate the harm done to the microgrid CPS by the constant value FDI attack, and frequency of each DG can be completely restored to the reference value, this section will analyze the security of the distributed cooperative control strategy proposed in Section III-B in the presence of different FDI attack kinds.

Theorem 2: the distributed cooperative control strategy proposed in Section III-B can completely eliminate the impact of FDI attacks on the AC microgrid CPS. The frequency of each DG can be restored to the reference value when the AC microgrid CPS reaches stable.

The proof process is as follows.

Situation 1: when the controller is hijacked or the communication link between two DGs is damaged, in the duration of the attack according to Section III-A, the frequency ωic changes at this time as:

ωic=ωi+Δ (24)

where ωic is the control input under attack; and Δ represents the amount of control deviation due to the attacker. The control algorithm (9) in the presence of such attacks can be expressed as:

ui=-αi=1,j=1naijsigφ(ωj-ωic)+gisigφ(ωref-ωic)dt-ωic (25)

The Lyapunov function is chosen as:

V1=12δv'Tδv'=12i=1nδvi'2 (26)

Define δvi'=ui+ωi+Δ, and then the derivative function of the Lyapunov function of control algorithm (9) under situation 1 can be expressed as:

V˙1=i=1nδvi'δ˙vi'=αi=1nδvi'i=1,j=1naijsigφ(ωj-ωi-Δ)+gisigφ(ωref-ωi-Δ) (27)

In this paper, we consider that the impact Δ caused by the attacker is constant. Define the new adjacency matrix of undirected graph G as A^'=[avij']n×n, where avij'=(αaij+Δ)21+φ and b^'=[bvi']n×n, where bvi'=-(αbi+Δ)21+φ. Then, the derivative function of the Lyapunov function is equivalent to (28) by using (15)-(18).

V˙1=i=1nδvi'i=1,j=1navij'1+φ2sigφ(δvj'-δvi')-bvi'1+φ2sigφ(δvi') (28)

Based on Lemma 2, (28) can be converted to:

V˙1=-12i=1,j=1navij'(δvj'-δvi')sig2φ1+φ(δvj'-δvi')1+φ2-i=1nbvi'δvi'sig2φ1+φ(δvi')1+φ2 (29)

Taking the upper bound of (28) based on Lemma 3 and Lemma 4, (29) satisfies:

V˙1-12i=1,j=1navij'(δvj'-δvi')2+2bvi'δvi'21+φ2-i=1,j=1navij'(δvj'-δvi')2+bvi'δvi'21+φ2-122x(L'v+b^'v)xTδv'Tδv'1+φ2-124x(L'v+b^'v)xTV11+φ20 (30)

Situation 2: when the controller input (actuators) is damaged due to the false data, according to Section III-A, the control quantity of (9) will become uic during the attack.

uic=ui+uia (31)

where uic is the frequency deviation caused by the attacker.

In this paper, we consider that the impact uia caused by the attacker is constant, and then (31) can be expressed as:

uic=ui+c (32)

where c represents the amount of control deviation due to the attacker.

At this point, under the influence of the constant attack, the control can be expressed as:

uic=-αi=1,j=1naijsigφ(ωj-ωi)+gisigφ(ωref-ωi)dt-ωi (33)

The Lyapunov function is chosen as:

V2=12δv''Tδv''=12i=1nδvi''2 (34)

where δvi''=ui+ωi+c. According to (27)-(30), (35) can be obtained similarly.

V˙2-12i,j=1navij''(δvj''-δvi'')2+2bvi''δvi''21+φ2-122x(L''v+b^''v)xTδv''Tδv''1+φ2-124x(L''v+b^''v)xTV21+φ20 (35)

According to (30) and (35), among the two types of attacks proposed in Section III-A, the proposed distributed cooperative control strategy can ensure that the stability of the AC microgrid CPS can be restored when it is subjected to the FDI attack with the constant value in different situations. When the AC microgrid CPS reaches stable, the frequency of each DG can be restored to the reference value. Thus, it shows that the cooperative secondary control strategy (9) can completely eliminate the effect of FDI attack on AC microgrid CPS.

D. Privacy-preserving Algorithm Design

Homomorphic cryptography allows certain arithmetic operations on the ciphertext. Paillier encryption is a cryptosystem that can directly calculate the key without affecting the correctness of decryption. Therefore, it has been widely used in application scenarios, including distributed optimization algorithms, status estimation, and some other areas. The program implementation consists of three main parts, which are described as follows.

Let p and q be random primes, then n^=pq and λ=LCM((p-1),(q-1)) can be calculated, where p and q are large prime numbers of the same length, and LCM(a,b) represents the least common multiple of a and b. Define function γ(x) as:

γ(x)=x-1n^ (36)

where x needs to satisfy

x{x<n^2|x=mod(1,n^)} (37)

where mod(a,b) represents the modulo operation.

The parameters g and μ can be obtained as:

g=n^+1μ= mod(ζ-1(n^),n^) (38)

where g is the set of mutually prime integers of n^2; and ζ(n^)=(p-1)(q-1).

Continuously generate random primes p and q until g and μ satisfy the following conditions.

gcd(γ(mod(gλ,n^2)),n^)=1 (39)
μ= mod(γ-1(mod(gλ,n^2)),n^) (40)

where gcd(a,b) represents the greatest common divisor of a and b.

From this, the public key (n^,g) and private key (λ,μ) required for the Paillier algorithm can be obtained.

Let the plaintext be m and the encryption result be c. Note that in the distributed encryption calculations in this paper, the plaintext m represents the frequency of each DG and it is a real number during the calculations, but the integer must be used in the Paillier cryptosystem. Define σ as the number of decimal places to be retained. At this point, the decimal m is transformed into the integer m˜ by m˜=10σm. To ensure the accurate encryption of the Paillier algorithm, the generated parameter n^ needs to satisfy n^>m˜. Also, n^2 needs to satisfy n^2>c.

Then, the encryption process can be expressed as:

c=EP(m˜,r)=gm˜mod (rn^,n^2) (41)

where r is a random integer, which is reciprocal with n^. It is worth noting that only the encryption process requires r. So r is only a local variable for the sender of the message. The receiver does not use r in the decryption process. The introduction of r brings randomness to the ciphertext. Even if the plaintexts are identical, the obtained ciphertexts will be statistically indistinguishable due to different random numbers used in each encryption. It is difficult for an attacker to perform collision attacks on the plaintexts by exhaustive enumeration.

The decryption is calculated as:

m˜=DP(c)=γ(mod(cλ,n^2))mod(μ,n^) (42)

The next step is to convert m˜ back to the original real number m using n^ and σ through [

28]:

m=Tσ,n^(m˜)=m˜/10σ         0m˜12(n^-1)(m˜-n^)/10σ    12(n^-1)m˜12n^ (43)

After obtaining the encrypted information, the most important feature of the Paillier cryptosystem is its additive homomorphism and multiplicative semi-homomorphism, which illustrates the relationship between plaintext and ciphertext computation.

DP(EP(m1,r)EP(m2,r))=m1+m2 (44)
DP(EPl(m1,r))=lm1 (45)

where m1 and m2 are two ciphertexts; and l represents the lth power of EP(m1,r). It can be found that the product of the ciphertext is equal to the sum of the plaintext, and the power of the ciphertext is equal to the product of the plaintext in the ciphertext calculation process.

Based on the Paillier cryptosystem, a new privacy protection process for AC microgrid CPS is designed as Algorithm 1. Among them, the information encryption and decryption process between nodes i and j is shown in Fig. 1.

Fig. 1  Schematic diagram of information encryption and decryption between node i and node j.

Algorithm 1  : system privacy protection process

Preparation (node i)

Use (36)-(40) to generate a bunch of random public key (n̂,g) and private key (λ,μ) before collaborative computing

Encryption and information-interaction (node i)

Step 1: encrypt ωi as EP-1(ω˜i,r), and EP(-ω˜i,r) is used to refer to EP-1(ω˜i,r)

Step 2: transmit EP(-ω˜i,r) and the public key (n̂,g) to the node j

Calculation, encryption, and information-interaction (node j)

Step 1: accept the public key (n̂,g)

Step 2: use (n̂,g) to encrypt ωj as EP(ω˜j,r)

Step 3: calculate the product of EP(-ω˜i,r) and EP(ω˜j,r); and then use the element lji in the Laplacian matrix L to calculate the ljith power of the product

Step 4: transmit the calculation result (EP(-ω˜i)EP(ω˜j))lji to node i

Calculation, decryption, and cooperative control (node i)

Step 1: accept the result from node j, and the above result is equivalent to EP(lji(ω˜j-ω˜i)) according to (44) and (45)

Step 2: use private key (n̂,g) to decrypt EP(lji(ω˜j-ω˜i)), and then get lji(ωj-ωi)

Step 3: based on (1), lij is equal to lji. Divide lji(ωj-ωi) by lij, and then the plaintext ωj-ωi can be obtained

Step 4: bring the plaintext ωj-ωi into (9) for collaborative computing

In this way, the node i successfully receives the plaintext ωj-ωi from the node j and completes the collaborative computation

Repeat the above process, ensuring the security of data during communication

Each node generates a pair of public key and private key during the operation of Algorithm 1. Finally, the secure communication environment is proposed for the improved second-order attack-resistant algorithm based on the finite time theory in Section IV-B.

E. Security Analysis

The primary targets of attacker are the controller and the communication links as mentioned in Section III-A. Attacks against controllers and actuators can cause frequency deviations in DGs, which can be expressed as:

ωic=ωi+ωiα (46)

The proposed privacy-preserving algorithm can correct the frequency deviation caused by the FDI attack during the collaborative computation of each DG by using (9), so that the frequency can be restored to stability.

When an attacker injects false data into the attack link, the process is represented in Fig. 2. Figure 2(a) shows a set of encrypted data transmitted from node i to node j. The attacker injects false data into this communication link from t=t1 to t=t2, and the total time of attack is τ. Figure 2(c) shows the data received by node j. Eventually, node j receives a string of correctly encrypted data mixed with false data maliciously injected by the attacker.

Fig. 2  False data injection procedure. (a) A set of data transmitted from node i to node j. (b) False data injected into communication links by attacker. (c) Data received by node j.

Definition 1 [

28]: an encryption algorithm can be written as E. When the attacker sends the ciphertexts E(x1) and E(x2) to the receiver after encrypting x1 and x2 using the encryption algorithm E, there is no indication of how the plaintext corresponds to the ciphertext. At this point, the encryption algorithm E is semantically absolutely secure for any plaintexts x1 and x2 chosen by the attacker, which can be written as E(x1)E(x2).

Lemma 5 [

29]: for a secure computation algorithm Ω with distributed M parties, the algorithm Ω can be considered secure for the computation of a1,a2,,aM when there exists a probabilistic poly-time algorithm S that satisfies (47) for the privacy information of the ith party.

S(i,Ii,ai(Ii))Wi (47)

where Ii represents the private data of the ith party; ai represents the objective function calculated by the ith party; S() represents all the elements obtained by the probabilistic poly-time algorithm S; and Wi represents the results obtained by the secure computation algorithm Ω.

Theorem 3: Algorithm 1 ensures the privacy of the data disseminated among DGs against the attacker and the adjacent DG when the AC microgrid CPS is not under attack.

Proof: the zero-knowledge proof [

30] can be used to prove that node j decrypts the ciphertext correctly. Given any number, it is difficult to calculate whether it is a residual of known data. The attacker can only intercept a piece of ciphertexts that is computationally indecipherable, so Algorithm 1 ensures the privacy against the attacker. As for the adjacent DG, it is constantly involved in the system information interaction and collaborative computation process, and it will get the public key required for the encryption process of this node during the Algorithm 1 operation. So, a potential attacker can compromise the privacy of the system through the information of the adjacent DG. According to Definition 2, Wi is defined as:

Wi=(p,q,λ,n^,g,μ,ωj-ωi,EP(ωj-ωi,ri),lij,x1,x^1) (48)

Encrypt x1, and we can obtain:

EP(x1,ri)=EP(ωj-ωi,ri)=gωj-ωimod(rin^,n^i2) (49)

For node i, it has all the parameters for encryption and decryption so that another random number ωz can be generated, such that x^1=(ωz-ωi)', then

x1=x^1 (50)

Based on Definition 1, node i can generate a random number rz such that

EP(x1,ri)=gωj-ωimod(rin^,n^i2) (51)
EP(x^1,rz)=gωj-ωzmod(rin^,n^i2) (52)
EP(x^1,rz)=EP(x1,ri)zi,zn2EP(x^1,rz) (53)

Declassify (53), and then we can get:

Dp(EP(x^1,rz))=x1 (54)

According to Definition 1, (55) can be derived by (54).

EP(x1,ri)EP(x^1,rz) (55)

Formula (55) shows that even different plaintext encrypted results received by node i can be effectively reconstructed, indicating the existence of a probabilistic poly-time function S that satisfies:

S(i,Ιi,ai(Ιi))Wi (56)

Thus, Algorithm 1 can be considered secure for the computation of encryption and decryption processes, representing that Algorithm 1 ensures the privacy of the data disseminated among DGs against the attacker and the adjacent DG, when the AC microgrid CPS is not under attack.

Theorem 4:when the privacy-preserving algorithm 1 is used, the false data injected into the communication links by the attacker cannot be decrypted, and then the false data cannot participate in the collaborative iterative computation, ensuring the privacy and security of the AC microgrid CPS.

Proof:in the process of data encryption, the plaintext m and the ciphertext c need to satisfy (41). It is relatively easy to compute a ciphertext satisfying (41) using the plaintext, but the reverse computation is complex unless the attacker knows the decomposition of n^ [

31], [32]. However, without the private key owned by the node itself, the decomposition of n^ can not be quickly computed. In other word, the receiver will not be able to decrypt the “ciphertext” when the encrypted data are replaced in the communication link. Thus, the Paillier cryptosystem has strong security for communication links. The proposed algorithm eliminates the participation of false data injected by the attacker against the communication link for consistent cooperative computation and thus preserves privacy for AC microgrid CPS.

Take the communication link attack between DG4 and DG5 as an example. DG4 and DG5 cannot decrypt the false data and thus cannot receive information from both sides during the attack on the communication link between them (tτ). At this point, the communication topology changes from Fig. 3(a) to Fig. 3(b). Only when it is confirmed that the data can be decrypted, the iterative calculation will continue between DGs. The proposed algorithm preserves privacy for AC microgrid CPS.

Fig. 3  Communication topology changes of system under attack. (a) FDI attack scenario. (b) Change in communication topology.

IV. Simulation Study

A. Preparation

To verify the feasibility of the proposed algorithm, the modified IEEE 34-node test microgrid system [

20] as shown in Fig. 4(a) is used as the research object. The test system contains six inverters which can be regarded as six DGs during the simulation studies and four integrated loads (sum of load demands connected to the same bus). The integrated loads 1-4 are (1.7+j1.5) Ω, (1+j1.2) Ω, (0.6+j1.2) Ω, and (1.5+j1.5) Ω, respectively. The whole simulation process is: at t=0 s, the test feeder system disconnects from the main grid and operates stably, and the FDI attacks are injected into the test feeder system at t=1 s.

Fig. 4  Improved IEEE 34-node test microgrid system with six inverters (a) IEEE 34-node test microgrid system. (b) Topology link of each DG.

The real topology link of each DG in the AC microgrid is shown in Fig. 4(b), where the communication network is undirected. The reference frequency of the microgrid CPS is 50 Hz. The corresponding network topology and DG models are simulated in MATLAB 2020a and Python 3.9.2. A comparative experiment was conducted using the algorithm in [

20] and [21] to compare the performance of the algorithm in this paper. The simulation study is arranged as follows. FDI attacks against non-communication links are discussed in Section IV-B, and FDI attacks against different cases for communication links are discussed in Section IV-C. Finally, Section IV-D shows the comparison of the proposed privacy-protection algorithm with the control algorithms in [20], [21].

B. Case 1: FDI Attacks Against Non-communication Links

To verify the effectiveness of the proposed distributed cooperative control strategy against controller and actuator-oriented attacks in the context of communication link security, simulations are conducted for the following three scenarios: ① the actuator of DG5 is under FDI attack; ② the controller of DG5 is under attack; ③ actuators of all DGs in the microgrid CPS are under FDI attack, as shown in Fig. 5.

Fig. 5  FDI attacks against non-communication links. (a) Actuator of DG5 is under attack. (b) Controller of DG5 is under attack. (c) All actuators are under attack.

The simulation results of FDI attacks on the actuator of DG5 is shown in Fig. 6. The FDI attack modeled by (7) is injected into the DG5 (actuator 5) at t=1 s. The effect of the FDI attack on DG5 is embodied in the frequency change. The initial frequency of DG5 becomes 50.4 Hz, i.e., f5=50.4  Hz. Figure 6 shows the change in frequency of each DG after the attack. As shown in Fig. 6, the frequency of each DG can be restored to the reference frequency (50 Hz) with the distributed cooperative control strategy in the proposed privacy-preserving algorithm at t=2.639  s. When an attacker launches the FDI attack against the actuators of DGs, the distributed cooperative control strategy can effectively resist the adverse effects caused by the attack, which also verifies the effectiveness of the proposed privacy-preserving algorithm.

Fig. 6  Simulation results of FDI attacks on actuator of DG5 with f5=50.4 Hz.

The simulation results of FDI attacks on controller of DG5 is shown in Fig. 7. The controller of DG5 is destroyed by the attacker, and the output frequency of DG5 changes to 50.2 Hz during [1, 2.5] s. Similarly, when an attacker performs the FDI attack on the controller of each DG, the proposed privacy-preserving algorithm can provide effective protection to the system and the frequency of each DG can be restored to the reference value. When the attack duration grows, as shown in Fig. 8, the time of the attack increases to 4 s. The proposed privacy-preserving algorithm still provides good protection for the microgrid CPS, the system will recover to stability in a finite time, and (3) holds.

Fig. 7  Simulation results of FDI attacks on controller of DG5 during [1, 2.5] s with f5=50.2 Hz.

Fig. 8  Simulation results of FDI attacks on controller of DG5 during [1,5] s with f5=50.2 Hz.

To verify the effectiveness of the algorithm in the extreme case, as shown in Fig. 9, all actuators of the microgrid CPS are subjected to FDI attack. The frequency deviation of each DG caused by the attacker is [0.1,0.4,-0.2,-0.4,0.2,-0.9]T Hz. When the system is attacked in extreme cases, the proposed privacy-preserving algorithm can restore the frequencies of all DGs to the reference value and completely eliminate the detrimental effects of the attackers on the system. In the case with more serious intentional attacks, i.e., constant injection of FDI attacks, the proposed privacy-preserving algorithm is still effective and can provide more complete protection for the system.

Fig. 9  Simulation results of FDI attacks on actuators of all DGs.

In addition, the random number r used in the encryption process brings randomness to the ciphertext as the above simulation proceeds. As shown in Fig. 10, the introduction of r in the encryption algorithm is random, so the frequency data transmitted by each DG are entirely random and unrelated after encryption. The attacker cannot obtain the system information even if part of the data are intercepted. In addition, even if the false data are introduced into the communication link, the decryption process can find the wrong data. The false data cannot participate in the calculation process so as to ensure the security of the communication links in microgrid CPS.

Fig. 10  Ciphertext for frequency calculation process of each DG.

C. Case 2: Attacks Against Communication Links

To verify the effectiveness of the proposed privacy-preserving algorithm under attacks against communication links, the designed attack scenario is shown in Fig. 3(a), where the attacker launches an FDI attack against the communication link between DG4 and DG5 at t=1 s. As shown in Fig. 3(b), the communication link between DG4 and DG5 is completely broken.

The microgrid CPS is in a steady state until t=1 s when the Laplacian matrix L1 is (57). The communication link between DG4 and DG5 is attacked when t>1 s. The proposed privacy-preserving algorithm prevents false data from participating in the system collaborative computation. According to Theorem 4, if an attacker deliberately injects false data with the same bytes of encrypted data, the false data cannot be detected in the third part of Algorithm 1. DG4 and DG5 will still not decipher the false information, which is equivalent to the communication interruption, as shown in Fig. 3(b). Therefore, the communication between them is interrupted, and the Laplacian matrix changes to (58).

L1=3-10-10-1-12-10000-13-10-1-10-13-10000-12-1-100-1-13 (57)
L2=3-10-10-1-12-10000-13-10-1-10-120000001-1-100-1-13 (58)

The frequency variation of DGs when the communication link between DG4 and DG5 is under attack is illustrated in Fig. 11. The false data will not participate in the data iteration process. It is worth noting that the communication topology of the AC microgrid CPS is still strongly connected, so the proposed privacy-preserving algorithm can provide adequate protection for the communication security of the microgrid CPS.

Fig. 11  Frequency variation of DGs when communication link between DG4 and DG5 is under attack.

In this paper, the data interaction between DG4 and DG5 is bidirectional. However, the case of launching an attack against the communication link in a single direction cannot be excluded. As shown in Fig. 12, the constant-value FDI attack causes the communication link from DG4 to DG5 to be broken at t=1 s, while DG4 can receive the ciphertext from DG5. Unlike the scenario shown in Fig. 3, the one-way interruption of communication leads to frequency deviation. DG4 and DG5 are subjected to a frequency deviation of 0.3 Hz and -0.3 Hz, respectively, due to the attack on the communication link between them.

Fig. 12  One-way communication link between DG4 and DG5 is under attack. (a) FDI attack scenario. (b) Change in communication topology.

The frequency variation of each DG when the proposed privacy-preserving algorithm is used with the attack on the communication link between DG4 and DG5 is shown in Fig. 13. When the communication link between DG4 and DG5 suffers the FDI attack, the topology of the microgrid CPS is changed because the false data cannot be decrypted and DG4 cannot receive the information from DG5. In this case, the proposed privacy-preserving algorithm can make the microgrid CPS recover the frequency of each DG to the reference value after the frequency is perturbed due to the FDI attack, while ensuring that the false data will not participate in the calculation.

Fig. 13  Frequency variation of each DG using proposed privacy-preserving algorithm.

In order to verify the effectiveness of the proposed privacy-preserving algorithm in the case of FDI attack against the communication link with more serious damage, the FDI attack scenario shown in Fig. 14(a) is designed. The attacker injects false data into multiple communication links at the same time, and all communication links connected to DG4 are injected with false data. DG4 disconnects due to the inability to decrypt the false data, which is equivalent to exiting the communication network of microgrid CPS. It causes frequency fluctuations of 0.1 Hz, 0.2 Hz, and -0.3 Hz, respectively, when DG1, DG3, and DG5 are connected to it.

Fig. 14  Multiple communication links are under attack. (a) FDI attack scenario. (b) Change in communication topology.

The frequency variation of each DG during the above process is shown in Fig. 15. The attack causes the information in all communication links connected to DG4 to be the false data, and the false data cannot be decrypted, which is equivalent to DG4 disconnected with the networks as shown in Fig. 14(b). The proposed algorithm can ensure that the system is protected from false data when the communication link is attacked in a large area, and in addition, it can ensure that the DG that suffers from frequency fluctuation is restored to the reference frequency. In summary, the proposed algorithm can provide effective protection for microgrids when the communication link is under attack.

Fig. 15  Frequency variation of each DG when communication link between DG4 and DG5 is under attack.

D. Case 3: Comparison with Control Algorithm in [20] and [21] Under FDI Attack

In this subsection, the performances of the control algorithm in [

20] and [21] are compared with the proposed privacy-preserving algorithm.

Based on the observer with confidence and trust factors, [

20] designed a cooperative control algorithm as:

ω^˙i(t)=jNiaijCj(t)Tij(t)(ω^i(t)-ω^j(t))+gi(ω^i(t)-ωref) (59)

where Cj(t) is the confidence factor; and Tij(t) is the trust factor. The confidence factor Cj(t) is calculated by comparing the difference between the observer and the actual value of DG, thus representing the degree of attack received by the DG itself. The confidence factor is calculated based on the tracking error of the state observer of the DG and the state deviation of the adjacent nodes. The tracking error converges to zero regardless of whether the DG is under attack, but the state deviation is not zero when the DG is under attack. Thus, the confidence factor represents the degree of the attack on DG itself. Similarly, the trust factor Tij(t) determines the reliability of adjacent nodes based on the computed values between DGs and their neighbors.

It can be found that [

20] resists the FDI attack by reducing the weight of the attacked DG in the data iteration process, thus, inhibiting the spread of the attack in the microgrid CPS. However, the presence of weights does not affect the continued impact of attack on the microgrid CPS when the false data attacks the controllers and actuators of DGs. In other words, the weight does not eliminate the effect of the attack on the microgrid CPS. In addition, [20] requires that no more than half of the attacked DG’s neighbors are affected, which further reduces the effectiveness of the control algorithm in [20].

To show the results of the control algorithm in [

20], we use the same scenario in Case 1. Figures 16 and 17 show the performance of the control algorithm in [20] when the actuator of DG5 is attacked and all actuators are attacked, as shown in Fig. 5(a) and (c), respectively.

Fig. 16  Performance of control algorithm in [

20] in the case of Fig. 5(a).

Fig. 17  Performance of control algorithm in [

20] in the case of Fig. 5(c).

It can be observed from Figs. 16 and 17 that the control algorithm in [

20] can maintain the frequency of each DG at a stable value when t=4.198 s. However, there is a constant deviation between the frequency of each DG and the reference frequency, and the deviation expressed as (60) is especially obvious when the microgrid CPS encounters extreme FDI attacks.

limtωi-ωref0 (60)

When the microgrid CPS is under FDI attack, the control algorithm in [

20] cannot provide effective protection. This comparison highlights the advantage that the proposed privacy-preserving algorithm can completely eliminate the impact caused by FDI attacks on the microgrid CPS.

When the microgrid CPS is attacked in the case of Fig. 3(a), half of the neighbors connected to DG5 are affected by the attack. Then, the frequency change of each DG is shown in Fig. 18 by the control algorithm in [

20].

Fig. 18  Performance of control algorithm in [

20] in case of Fig. 3(a).

When the assumed limit is exceeded, the frequency cannot be restored to stability for a long time and the FDI attack causes serious damage to the microgrid CPS. It shows that the control algorithm in [

20] cannot provide effective protection when an attacker launches a larger range of FDI attacks against the communication links. However, in the same case, the proposed privacy-preserving algorithm can ensure the frequency recovery to the reference value.

Reference [

21] introduces a hidden layer of virtual system based on the communication layer of the existing microgrid CPS, which can be expressed as (61) and (62). Equation (61) represents the communication layer, while (62) represents the hidden layer.

ω˙=Cω+α˜Pz+Bωref+Δ (61)
z˙=Hz-α˜Qω+αDωref (62)

where P and Q represent the interconnection matrices of the communication layer and the hidden layer, respectively; C and H represent the adjacency matrices of the communication layer and the hidden layer, respectively; B and D represent the weighting matrices of the communication layer and the hidden layer, respectively; and α˜>0.

Reference [

21] eliminates the complex weighting process. In [21], a distributed hidden layer is built, and an attacker can only apply the attack to the communication layer and cannot know the existence of the hidden layer. After the controller and actuator of DGs are under FDI attack, the control algorithm in [21] achieves the goal of protecting the microgrid CPS to maintain stability through iterative calculations in the hidden layer and communication layer. It is worth noting that the control algorithm in [21] requires the extra hidden layer to be established. The communication is required both within the hidden layer and between the hidden layer and the communication layer, which adds a lot of communication expenses.

In order to compare the performances of the control algorithm in [

21] and the porposed algorithm under the same conditions, we use the same scenario in Case 1. Figures 19 and 20 show the frequency of each DG with the control algorithm in [21], when the actuator of DG5 is destroyed and all actuators are attacked as shown in Fig. 5(a) and (c), respectively.

Fig. 19  Performance of control algorithm of [

21] in case of Fig. 5(a).

Fig. 20  Performance of control algorithm of [

21] in case of Fig. 5(c).

It can be observed from the Figs. 19 and 20 that the control algorithm in [

21] can ensure that the system is restored to stability and the frequency of each DG can be restored to the reference value at t=4.578 s when the controller and actuator are attacked.

However, when the communication link in the three-layer system constructed by [

21] is attacked by the false data, the communication layer is corrupted, and then the false data affect the frequency of the DG. The three-layer system suffers from more severe damage because of the information interaction between the communication layer and the hidden layer. When the three-layer system is subjected to the case of Fig. 3(a), the frequency of each DG frequency is shown in Fig. 21.

Fig. 21  Performance of control algorithm of [

21] in case of Fig. 3(a).

The FDI attack against the communication link in the same case leads to excessive frequency fluctuations during the iteration. The effect of the control algorithm in [

21] is improved compared with that in [20] and the system frequency does not produce continuous fluctuations. However, the frequency of each DG has a deviation from the reference value when the system is stable, i.e., limt|ωi-ωref |0. The control algorithm in [21] cannot provide effective protection when the communication links are under FDI attack.

The performance of the proposed privacy-preserving algorithm compared with the control algorithms in [

20] and [21] is shown Table I.

TABLE I  Comparison of Performance with Different Algorithms
ReferenceCommunication expenseStable time (s)Protection for controllers and actuatorsProtection for communication links
This paper Low 1.369 Y Y
[20] Low 3.198
[21] High 3.578 Y
* Low 1.242 Y

Note:   * represents the case only using control strategy (9), that is, the communication protection strategy based on the Paillier algorithm is not used.

It can be found from Table I that when the proposed privacy-preserving algorithm is used, the time for the microgrid CPS to restore stable is only 0.127 s longer than that when the second-order improved distributed cooperative control strategy (9) is used. It shows that the computational cost and additional time caused by the Paillier-based privacy-preserving algorithm have little impact on the microgrid CPS studied in this paper.

All the simulation results illustrate that the proposed privacy-preserving algorithm can ensure the frequency stability of each DG and completely eliminate the impact of FDI attacks on the AC microgrid CPS. The frequency of each DG can be restored to the reference value. The proposed privacy-preserving algorithm can prevent false data from destabilizing the frequency through communication links, thus ensuring the privacy and security of the AC microgrid CPS. At the same time, the second-order improved distributed cooperative control strategy based on the finite-time control theory is used in the privacy-preserving algorithm, which makes the AC microgrid CPS restore stable faster than the control algorithms in [

20] and [21].

V. Conclusion

Microgrid CPSs are vulnerable to FDI attacks, and the false data can cause severe damage to the system. The new cooperative control strategy, which can completely eliminate the impact of FDI attacks on the microgrid CPS, is designed for different paths of FDI attacks with a constant injection. Using mathematical proof and simulation analyses with the IEEE 34-node test feeder system, the proposed privacy-preserving algorithm can provide more comprehensive protection for the microgrid in a shorter period. The proposed privacy-preserving algorithm can completely remove the negative effect of the attack on the AC microgrid CPS, and it still has a high practicality even in the extreme case of all DGs under the attack. At the same time, the introduced communication encryption mechanism makes the data spread safely in the communication links of the microgrid CPS. The proposed privacy-preserving algorithm can provide comprehensive protection for microgrid CPS. Moreover, the proposed privacy-preserving algorithm is applicable to control the voltage of DG. Considering the performance of computers and controllers, the scale of microgrid CPS, the key length, and the communication efficiency, the computational cost and additional time caused by Paillier algorithm may cause serious delay in other scenarios, so that the system cannot complete real-time response, which is the bottleneck of its application. We can focus the research on these types of problems in the future.

References

1

G. Cao, W. Gu, P. Li et al., “Operational risk evaluation of active distribution networks considering cyber contingencies,” IEEE Transactions on Industrial Informatics, vol. 16, no. 6, pp. 3849-3861, Jun. 2020. [Baidu Scholar] 

2

Y. Huang, Z. Lin, X. Liu et al., “Bi-level coordinated planning of active distribution network considering demand response resources and severely restricted scenarios,” Journal of Modern Power Systems and Clean Energy, vol. 9, no. 5, pp. 1088-1100, Sept. 2021. [Baidu Scholar] 

3

D. Ding, Q. Han, X. Ge et al., “Secure state estimation and control of cyber-physical systems: a survey,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 51, no. 1, pp. 176-190, Jan. 2021. [Baidu Scholar] 

4

J. Yang and C. Su, “Robust optimization of microgrid based on renewable distributed power generation and load demand uncertainty,” Energy, vol. 223, p. 120043, May 2021. [Baidu Scholar] 

5

F. Abdi, C. Chen, M. Hasan et al., “Preserving physical safety under cyber attacks,” IEEE Internet of Things Journal, vol. 6, no. 4, pp. 6285-6300, Aug. 2019. [Baidu Scholar] 

6

J. Zhou, Y. Xu, L. Yang et al., “Attack-resilient distributed control for islanded single-/three-phase microgrids based on distributed adaptive observers,” Journal of Modern Power Systems and Clean Energy, vol. 10, no. 1, pp. 109-119, Jan. 2022. [Baidu Scholar] 

7

S. Xia, S. Bu, C. Wan et al., “A fully distributed hierarchical control framework for coordinated operation of DERs in active distribution power networks,” IEEE Transactions on Power Systems, vol. 34, no. 6, pp. 5184-5197, Nov. 2019 [Baidu Scholar] 

8

D. Ding, Q. Han, Z. Wang et al., “A survey on model-based distributed control and filtering for industrial cyber-physical systems,” IEEE Transactions on Industrial Informatics, vol. 15, no. 5, pp. 2483-2499, May 2019. [Baidu Scholar] 

9

B. Huang, Y. Li, F. Zhan et al., “A distributed robust economic dispatch strategy for integrated energy system considering cyber-attacks,” IEEE Transactions on Industrial Informatics, vol. 18, no. 2, pp. 880-890, Feb. 2022. [Baidu Scholar] 

10

A. Bidram, B. Poudel, L. Damodaran et al., “Resilient and cybersecure distributed control of inverter-based islanded microgrids,” IEEE Transactions on Industrial Informatics, vol. 16, no. 6, pp. 3881-3894, Jun. 2020. [Baidu Scholar] 

11

Q. Shafiee, J. M. Guerrero, and J. C. Vasquez, “Distributed secondary control for islanded microgrids–a novel approach,” IEEE Transactions on Power Electronics, vol. 29, no. 2, pp. 1018-1031, Feb. 2014 [Baidu Scholar] 

12

J. Yang and X. Zhuang, “Integrated energy management strategy based on finite time double consistency under non-ideal communication conditions,” IEEE Transactions on Network Science and Engineering, doi: 10.1109/TNSE.2023.3277708 [Baidu Scholar] 

13

G. Zhang, C. Li, D. Qi et al., “Distributed estimation and secondary control of autonomous microgrid,” IEEE Transactions on Power Systems, vol. 32, no. 2, pp. 989-998, Mar. 2017. [Baidu Scholar] 

14

Y. Chen, D. Qi, H. Dong et al., “A FDI attack-resilient distributed secondary control strategy for islanded microgrids,” IEEE Transactions on Smart Grid, vol. 12, no. 3, pp. 1929-1938, May 2021. [Baidu Scholar] 

15

Z. Zhao, Y. Huang, Z. Zhen et al., “Data-driven false data-injection attack design and detection in cyber-physical systems,” IEEE Transactions on Cybernetics, vol. 51, no. 12, pp. 6179-6187, Dec. 2021. [Baidu Scholar] 

16

W. Zeng and M. Y. Chow, “Resilient distributed control in the presence of misbehaving agents in networked control systems,” IEEE Transactions on Cybernetics, vol. 44, no. 11, pp. 2038-2049, Nov. 2014. [Baidu Scholar] 

17

Q. Jiao, H. Modares, F. L. Lewis et al., “Distributed 2-gain output-feedback control of homogeneous and heterogeneous systems,” Automatic, vol. 71, no. 5, pp. 361-368, Sept. 2016. [Baidu Scholar] 

18

Q. Shafiee, V. Nasirian, J. C. Vasquez et al., “A multi-functional fully distributed control framework for AC microgrids,” IEEE Transactions Smart Grid, vol. 9, no. 4, pp. 3247-3258, Jul. 2018. [Baidu Scholar] 

19

S. Abhinav, I. D. Schizas, F. L. Lewis et al., “Distributed noise-resilient networked synchrony of active distribution systems,” IEEE Transactions on Smart Grid, vol. 9, no. 2, pp. 836-846, Mar. 2018. [Baidu Scholar] 

20

S. Abhinav, H. Modares, F. L. Lewis et al., “Synchrony in networked microgrids under attacks,” IEEE Transactions on Smart Grid, vol. 9, no. 6, pp. 6731-6741, Nov. 2018. [Baidu Scholar] 

21

Y. Chen, D. Qi, H. Dong et al., “A FDI attack-resilient distributed secondary control strategy for islanded microgrids,” IEEE Transactions on Smart Grid, vol. 12, no. 3, pp. 1929-1938, May 2021. [Baidu Scholar] 

22

E. Yahyaoui and E. Kettani, “A verifiable fully homomorphic encryption scheme to secure big data in cloud computing,” in Proceedings of 2017 International Conference on Wireless Networks and Mobile Communications (WINCOM), Rabat, Morocco, Nov. 2017, pp. 250-254. [Baidu Scholar] 

23

W. Wu, J. Liu, H. Wang et al., “Secure and efficient outsourced k-means clustering using fully homomorphic encryption with ciphertext packing technique,” IEEE Transactions on Knowledge and Data Engineering, vol. 33, no. 10, pp. 3424-3437, Oct. 2021. [Baidu Scholar] 

24

N. Sutisna, G. Jonatan, I. Syafalni et al., “Polynomial multiplication systolic array for homomorphic encryption in secure network communications,” in Proceedings of 9th IEEE International Conference on Communication, Networks and Satellite (IEEE Comnetsat), Batam, Indonesia, Dec. 2020, pp. 390-394. [Baidu Scholar] 

25

L. Wang and F. Xiao, “Finite-time consensus problems for networks of dynamic agents,” IEEE Transactions on Automatic Control, vol. 55, no. 4, pp. 950-955, Apr. 2010. [Baidu Scholar] 

26

F. Pasqualetti, A. Bicchi, and F. Bullo, “Consensus computation in unreliable networks: a system theoretic approach,” IEEE Transactions on Automatic Control, vol. 57, no. 1, pp. 90-104, Jan. 2012. [Baidu Scholar] 

27

F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Transactions on Automatic Control, vol. 58, no. 11, pp. 2715-2729, Nov. 2013. [Baidu Scholar] 

28

Y. Lu and M. Zhu, “Privacy preserving distributed optimization using homomorphic encryption,” Automatica, vol. 96, pp. 314-325, Jul. 2018. [Baidu Scholar] 

29

R. Cramer, I. B. Damgard, and J. B. Nielsen. Secure Multiparty Computation. Cambridge: Cambridge University, 2015. [Baidu Scholar] 

30

T. B. Ogunseyi and B. Tang, “Fast decryption algorithm for paillier homomorphic cryptosystem,” in Proceedings of 2020 IEEE International Conference on Power, Intelligent Computing and Systems (ICPICS), Shenyang, China, Sept. 2020, pp. 803-806. [Baidu Scholar] 

31

D. Catalano, R. Gennaro, and H. Grahamn, “The bit security of Paillier encryption scheme and its application,” in Proceedings of International Conference on the Theory and Application of Crytographic Techniques (EUROCRYPT 2001), Innsbruck, Austria, May 2001, pp. 229-243. [Baidu Scholar] 

32

N. Mwakabuta and A. Sekar, “Comparative study of the IEEE 34 node test feeder under practical simplifications,” in Proceedings of 39th North American Power Symposium, Las Cruces, USA, Oct. 2007, pp. 484-491. [Baidu Scholar]