A Communication Encryption-Based Distributed Cooperative Control for Distributed Generators in Microgrids under FDI Attacks

: To alleviate the hassle of false data injection (FDI) attacks on distributed generators (DGs) in microgrids, a communication encryption-based distributed cooperative control is proposed in this paper. Compared to the conventional distributed control strategies, the proposed control scheme is simpler with much less complex evaluation mechanism by upgrading the secondary control to a second-order control based on the ﬁnite-time control theory while combining an encryption strategy. The proposed algorithm provides constant injections to eliminate the impact of FDI attacks based on a robust communication system. The effectiveness and high efﬁciency of the proposed control scheme is validated in an IEEE 34 Node Test Feeder system with six DGs as a microgrid cyber-physical system (CPS) under different FDI attacks.


Introduction
With high penetrations of distributed generators (DGs), high-performance communication systems are increasingly accessed into the power grids to forge cyber-physical systems (CPSs) [1][2][3][4].A microgrid is a major component of CPS that can operate in both grid-connected and grid-off modes.Self-commissioning operation is the most outstanding feature of microgrids [5][6][7].To ensure the stability of microgrids, hierarchical control schemes, which generally consist of primary layer control, secondary layer control, and tertiary layer control are widely adopted [8][9][10][11].On the basis of the primary stability concern, optimal power efficiencies and other objectives can also be set for hierarchical control.
The hierarchical control comprises centralized and distributed control.By considering communication delays, distributed control exhibits better flexibility and reliability [12,13].However, distributed control may suffer from cyber-attack issues.The most striking feature of the distributed system is the information propagating and data update between neighbor DGs, which determines that all adjacent DGs are expected to be affected even if one DG is attacked.The distributed feature of DGs can result in the instability of entire microgrids if any one of the nodes in the system is attacked [14].Network attacks prevent control algorithms from reaching the excepted goals and directly affecting the frequencies and voltages of the system.Attackers directly lead to the collapse of microgrids in more severe cases.Therefore, advanced distributed cooperative control with an anti-cyber-attack mechanism is desired to enhance the safety of microgrids.
False data injection (FDI) is a typical cyber attack that can destabilize the system without causing any tracking errors, since it can easily pass the largest normalized residual tests of the system compared to other types of attacks [15].To this end, several strategies have been proposed to enhance the stability of microgrids under FDI attacks [16][17][18][19][20][21][22][23].In [16], an elastic distributed control algorithm is proposed.The algorithm first detects the existence of attacks, then gradually strips the attacked DG from the communication network.In [17][18][19], the influence of limited numbers of attackers on microgrids is regarded as interference.Striping the frequency information of the system from noise is investigated to solve the microgrid defense problem.However, this technology requires explicit expressions of disturbance to reflect prominent statistical characteristics.It becomes ineffective when the attack signals are deliberately designed by the attackers.To alleviate this hassle, a trust or confidence-based control strategy is proposed in [20] to reduce the attacks' impact on the systems to ensure the stability and reliability of microgrids.The weights of attacked DGs are reduced by establishing confidence factor strategy during data iteration, while the FDI attacks could destroy communication links and inject false data in the process of information propagating and update.Data encryption is an effective solution to address this issue.If the data is encrypted at the sending place and decrypted at the receiving place, the proceeding data remain correct even if falsified data are injected into the communication channel.In [21,22], an improved Dijk-Gentry-Halevi-Vaikutanathan style of fully homomorphic encryption are proposed.Parallel computation can be achieved via a k-means clustering scheme using fully homomorphic encryption with ciphertext packing technique without extra cost.In [23], a rakerski/Fan-Vercauteren scheme based on high-degree polynomial multiplication is proposed to enhance the computational efficiency in the encryption process.However, most studies on encryption are mainly focused on speed and efficiency, while practical applications of communication encryption technologies for microgrids are rarely considered [21][22][23].
This paper aims to bridge the research gap by proposing a new distributed cooperative control algorithm based on communication encryption.The main contributions of the paper are listed in the following points: (1) A new cooperative control algorithm, which can eliminate the impact of FDI attacks to microgrids, is proposed.The frequency of each DGs in the microgrid can be restored to track the reference.(2) An enhanced second-order control based on the finite-time control theory is proposed.
The new higher-order control can restore the stability of the system faster.(3) The proposed control algorithm is designed based on simple algorithm rather than conventional trust or confidential-based protocol, which can be implemented using inexpensive digital controllers.(4) The communication protection algorithm used in this paper is based on the Paillier homomorphic encryption strategy, which has never been used for DGs in microgrids.
The rest of this paper is arranged as follows: Section 2 introduces the theoretical basis.The cooperative control strategy and finite time theory of the microgrid CPS are presented in Section 3. A new distributed cooperative control algorithm based on communication encryption is designed after analyzing the impact of attacks on the system in Section 4. Comparative studies under different attack conditions using the IEEE 34 Node Test Feeder system are presented in Section 5.The conclusions are drawn in Section 6.

Priliminary of Graph Theory
We let G = (V, E) signify the graph of the cyber network.There are a set of nodes V = (v 1 , v 2, ..., v n ) in the network topology diagram which represent the local DGs within the microgrid.A series of edges E ⊆ V × V denote the communication links between DGs.If node vi can receive information from node vj, node vj is named as the neighbor node to node vi.Laplacian matrix L of network graph G is defined as where matrix A = a ij represents the adjacency matrix.a ij = 1 if node vi can receive information from neighbor node vj.Otherwise, a ij = 0. diag(•) is the diagonal function.

Lemma 1 ([24]
).We choose a suitable Lyapunov function V (x) as where K > 0 and 0 < ϕ < 1.Then, the frequency of each DG in the microgrid is converged in a finite time T, as

Primary Droop Control
Droop control is mainly applied in power controllers to control the output active and reactive power of inverters in microgrid CPS.The underlying communication network model adopted by the primary control is shown in Figure 1, where the orange lines represent the communication links between DGs.The droop control exists in the DG i module, where i = 1, 2, . . ., n.

Priliminary of Lyapunov Stabiliy of DG Frequencies
Lemma 1 ( [24]).We choose a suitable Lyapunov function V (x) as where  > 0 and 0 <  < 1.Then, the frequency of each DG in the microgrid is converged in a finite time T, as

Primary Droop Control
Droop control is mainly applied in power controllers to control the output active and reactive power of inverters in microgrid CPS.The underlying communication network model adopted by the primary control is shown in Figure 1, where the orange lines represent the communication links between DGs.The droop control exists in the DG i module, where  = 1,2,•••, .
According to the operation law of the AC microgrid, the connection between active power-angular frequency and reactive power-voltage can be obtained as where   and   are the output angular frequency and voltage of inverter i, where i = 1, 2•,•••, n.   and   denote the active and reactive power of inverter i.  , and  , denote the active and reactive droop coefficients through the rating of inverter i.  , and  , are the primary control references.According to the operation law of the AC microgrid, the connection between active power-angular frequency and reactive power-voltage can be obtained as where w i and U i are the output angular frequency and voltage of inverter i, where i = 1, 2, . . ., n. P i and Q i denote the active and reactive power of inverter i. m p,i and n q,i denote the active and reactive droop coefficients through the rating of inverter i. w r,i and U r,i are the primary control references.

Secondary Cooperative Control
Cooperative secondary control eliminates the frequency deviation due to droop control.In this paper, the main objective is to design a distributed secondary control scheme for microgrid CPS under FDI attacks.The following condition needs to be satisfied when the microgrid CPS is stable.
where i = 1, 2, . . .n, w ra f represents reference frequency.To achieve the above control objectives using distributed cooperative control, the microgrid frequency recovery problem containing n DGs can be converted to a tracking and synchronization problem for a first-order linear multi-intelligent.The inputs to the controller need to be designed by where u i is the inputs to the controller, .
w i , .
w r,i , and .
P i represent the differentials of w i , w r,i and P i .According to Lemma 1, when (6) satisfies Lyapunov stability, the stable point is zero of the function and (6) converges within a finite time.

Distributed Cooperative Control for DGs in Microgrids under FDI Attacks
It is critical to ensure the frequency stability of a microgrid with multiple DGs.The secondary frequency control is designed to ensure frequency stability.Unlike centralized control, distributed control lacks a relatively stable control center and relies on the cooperation among DGs to maintain system frequency.Constant FDI attacks fail the distributed control in achieving the objectives since the frequency of the microgrid is easy to be deviated.The size of the attack vectors can be arbitrary, and the attack paths are also uncertain.In this paper, a new distributed cooperative control algorithm is proposed to resist the attacks based on the models of consistent FDI attacks.

Attack Models
In microgrids, FDI attacks can be classified into two categories: (i) controller existing in the underlying model and (ii) communication links between the two DGs.Among them, controller attacks include two situations: the entire controller is hijacked by the attacker, and the controller inputs (actuators) are fabricated due to the falsified data.
The attacks on control inputs can be modeled as where u a i is the FDI attack on actuator i. u c i is the control input.u i is the corresponding control input based on (6).µ i = 1 represents the presence of attack, while µ i = 0 represents the absence of attack.
If the controller is hijacked, the frequency of the system is affected.Malicious damage to the controller can be modeled as where w a i is the frequency deviation caused by the attacker in (6).w c i is fallacious frequency.η i = 1 represents the presence of attack, while η i = 0 represents the absence of attack.
If the communication links between two DGs is attacked, the controller receives false frequency data from the attackers.When the communication link is deliberately compromised, the system control input can be modeled as where w β i is the FDI attack caused by the attacker into the communication link.w .c i is the frequency of DGs being transmitted on the communication link.η i = 1 represents the communication link being under attack; otherwise, η i = 0 represents the absence of attack.

Distributed Cooperative Control Algorithm Design and Stability Analysis under an FDI Attack
To remove negative results of an FDI attack on secondary control with constant injection, a second-order improved distributed cooperative control strategy based on finitetime control theory is adopted as where α > 1, 0 < ϕ < 1, sgn(l) ϕ denotes function sgn(l) ϕ l ϕ .|l| represents the absolute value of l. sgn(•) is the sign function, which is defined as

Lemma 2 ([24]
).For an undirected figure G, and if a ij = a ji is an odd function,

Lemma 4 ([26]
).For an undirected graph G, the properties of Laplacian matrix L + diag b are as follows: where x is the state variables of units.a ij indicates whether node vi can receive information from neighbor node vj, as described in (1).b ij indicates whether node vi can send information to neighbor node vj.L is the Laplacian matrix of network graph G.We donate the smallest eigenvalue of the Laplacian matrix by λ L + diag b ; then, we have Theorem 1.When Control algorithm ( 10) is adopted, the frequency of each DG in a microgrid is consistent within a finite time.
Proof.The Lyapunov function is selected as follows: The derivative function of the Lyapunov function can be expressed as .
By defining .δ v = u i + w i , the control algorithm can be rewritten as We define the new adjacency matrix of undirected graph G as Â = [a vij ] n * n , where .Then, (18) can be reorganized as .
Based on ( 16)-( 19), the derivative function of the Lyapunov function can be derived as .
Based on Lemma 2, (20) can be further simplified as Based on Lemmas 3 and 4, the upper bound of ( 20) or ( 21) can be derived as .
According to Lemma 1, 2 can be defined.Then, the derivative of the Lyapunov function in (22) can be derived as .
Finally, the frequency of the DGs in the microgrid can reach an agreement in a finite time T v as

Paillier Encryption Algorithm
Homomorphic cryptography allows certain arithmetic operations on the ciphertext.Paillier encryption is a cryptographic encryption that can be directly used to calculate the key without affecting the correctness of decryption [27].Thus, it has been widely adopted in applications such as distributed optimizations, status estimations, etc. [28].The Paillier Encryption Algorithm mainly comprises three parts, which can be described as follows: We assume p and q are large prime numbers with the same length, while lcm(p − 1)(q − 1) represents the least common multiple of p − 1 and q − 1.We define function where n = pq and x needs to satisfy Then, the mutually prime integers of n2 (i.e., g) and the control input (i.e., µ) can be obtained by calculating where It is worth noting that random primes p and q are continuously generated until g and µ being calculated from ( 25)-( 27) satisfy the following conditions: where gcd γ g λ mod n2 , n2 represents the greatest common divisor of γ g λ mod n2 and n2 .On this basis, the public key ( n, g) and private key (λ, µ) can be obtained for the Paillier Encryption Algorithm.
We let the ciphertext be m and the encryption result be c, the encryption process can be expressed as where r is a random integer, which is reciprocal with n.It is worth noting that r is only a local variable for the sender of the message, since only the encryption process requires r, while the receiver does not use r in the decryption process.Even if the plaintexts are identical, the obtained ciphertexts are statistically indistinguishable due to the different random numbers used in each encryption.It is difficult for an attacker to perform collision attacks on the plaintexts by exhaustive enumeration.
After receiving the coded text, the decryption is calculated and obtained by During system communication, each node i requires the information about neighbor nodes being summarized in the following Algorithm 1.

Algorithm 1: Information Exchange in Networks
Preparation (node i) Generate a bunch of public key ( n, g) and private key (λ, µ) based on (25)-( 30), then send ( n, g) to all its neighbors (including node j).

Encryption and Transmission (node i)
Step 1 : Encrypt w i as E p (w i , r), Step 2 : Transmit E p (w i , r) to the neighbor: node j.

Calculation, and Transmission (node j)
Step 1: Decrypt E p (w i , r) after the out-of-limit judgment, obtain the plaintext D p (w i ), Step 2: Encrypt the kth calculation results of (10) as E p w J+1 , r , Step 3: Transmit E p w J+1 , r to node i. Decryption (node i) Repeat the above process and ensure the security of data during communication.
The zero-knowledge proof in [29] can be used to prove that node j decrypts the ciphertext correctly.Eventually, the secure and privacy-protected communication environment is proposed for the improved second-order attack-resistant algorithm based on the finite time theory.

Simulation Study
The proposed algorithm is verified on the IEEE 34 Node Test Feeder system (as shown in Figure 2), which has been widely adopted to evaluate high penetrations of DGs [30].In this paper, the system contains six DGs and four integrated loads (sum of load demands being connected to the same bus).The network communication topology among the six DGs is also presented in Figure 2b-e.The reference frequency of the microgrid is 50 Hz.The four integrated loads are load 1: 1.7 + 1.5j Ω, load 2: 1 + 1.2j Ω, load 3: 0.6 + 1.2 j Ω, and load 4: 1.5 + 1.5j Ω, respectively.The load impedances are referred from common load impedances in the IEEE 34 Node Test Feeder system by considering general electrical apparatus.The simulations are conducted in both MATLAB 2020a and PYTHON 3.9.2, which are common tools to investigate the stability of DGs in power systems under FDI attacks.For MATLAB 2020a, power system and power electronics blocks are well established.The simulations are conducted in the following process: At t = 0 s, the IEEE 34 Node Test Feeder system disconnects from the main grid and operates stably.At t = 1 s, various FDI attacks are injected into the test feeder system.In Case A (Figure 2b), the FDI attack modelled in ( 7) is injected into the DG5 at 1 s.The effects of the FDI attacks on DG5 are embodied in the frequency change.Simulations are conducted based on the proposed control method and the algorithm in [20] for fair comparisons.The results are shown in Figure 3. Apparently, the frequencies of DGs, except the DG1, deviate from the rated 50 Hz when the conventional control algorithm in [20] is adopted.Their frequencies are converged at 50.2 Hz, which is not acceptable for the stability of a microgrid.The fundamental reason is that the FDI attack being modeled by (7) always exists, while the conventional algorithm is unable to compensate it.Alternatively, the proposed control method can ensure zero offsets and faster restoration.The simulations are conducted in the following process: At t = 0 s, the IEEE 34 Node Test Feeder system disconnects from the main grid and operates stably.At t = 1 s, various FDI attacks are injected into the test feeder system.In Case A (Figure 2b), the FDI attack modelled in ( 7) is injected into the DG5 at 1 s.The effects of the FDI attacks on DG5 are embodied in the frequency change.Simulations are conducted based on the proposed control method and the algorithm in [20] for fair comparisons.The results are shown in Figure 3. Apparently, the frequencies of DGs, except the DG1, deviate from the rated 50 Hz when the conventional control algorithm in [20] is adopted.Their frequencies are converged at 50.2 Hz, which is not acceptable for the stability of a microgrid.The fundamental reason is that the FDI attack being modeled by (7) always exists, while the conventional algorithm is unable to compensate it.Alternatively, the proposed control method can ensure zero offsets and faster restoration.In Case B (Figure 2c), the controller of DG5 is attacked to be nonfunctional during the period from 1 s to 2.5 s.As a result, the frequency of DG2 is changed to 50.2 Hz during that period, as shown in Figure 4. Figure 4a shows the frequencies of the six DGs controlled by the conventional algorithm in [20].Obviously, the frequency of DG5 remains at 50.2 Hz during the period from 1 s to 2.5 s by using the state observer.At 2.5 s, the attack disappears, the conventional control method takes some time to settle steady states after a period of oscillations.In contrast, the proposed method can quickly compensate for the FDI attack; at about 2 s, the frequency of DG5 is already converged at 50 Hz even if the attack signal still exists.Consequently, the remaining DGs are also converged to 50 Hz.At 2.5 s, when the attack is cleared.Small overshoots can be observed, but they are quickly tamed for all the DGs.To further showcase the advantages of the proposed algorithm over the conventional algorithm, the attack signal is prolonged from a 1.5 s to a 4 s period.
(a) In Case B (Figure 2c), the controller of DG5 is attacked to be nonfunctional during the period from 1 s to 2.5 s.As a result, the frequency of DG2 is changed to 50.2 Hz during that period, as shown in Figure 4. Figure 4a shows the frequencies of the six DGs controlled by the conventional algorithm in [20].Obviously, the frequency of DG5 remains at 50.2 Hz during the period from 1 s to 2.5 s by using the state observer.At 2.5 s, the attack disappears, the conventional control method takes some time to settle steady states after a period of oscillations.In contrast, the proposed method can quickly compensate for the FDI attack; at about 2 s, the frequency of DG5 is already converged at 50 Hz even if the attack signal still exists.Consequently, the remaining DGs are also converged to 50 Hz.At 2.5 s, when the attack is cleared.Small overshoots can be observed, but they are quickly tamed for all the DGs.To further showcase the advantages of the proposed algorithm over the conventional algorithm, the attack signal is prolonged from a 1.5 s to a 4 s period.In Case B (Figure 2c), the controller of DG5 is attacked to be nonfunctional during the period from 1 s to 2.5 s.As a result, the frequency of DG2 is changed to 50.2 Hz during that period, as shown in Figure 4. Figure 4a shows the frequencies of the six DGs controlled by the conventional algorithm in [20].Obviously, the frequency of DG5 remains at 50.2 Hz during the period from 1 s to 2.5 s by using the state observer.At 2.5 s, the attack disappears, the conventional control method takes some time to settle steady states after a period of oscillations.In contrast, the proposed method can quickly compensate for the FDI attack; at about 2 s, the frequency of DG5 is already converged at 50 Hz even if the attack signal still exists.Consequently, the remaining DGs are also converged to 50 Hz.At 2.5 s, when the attack is cleared.Small overshoots can be observed, but they are quickly tamed for all the DGs.To further showcase the advantages of the proposed algorithm over the conventional algorithm, the attack signal is prolonged from a 1.5 s to a 4 s period.
(a)  In this case, the frequency of DG5 is attacked to be 50.3Hz during the period from 1 s to 5 s, as shown in Figure 5a.Under the conventional control in [20], DG5 continuously brings disturbance to the system due to the introduction of the confidential factor.However, the proposed algorithm can detect and compensate for the attack in 2.691 s.The restoration time is significantly reduced, as shown in Figure 5b.In Case C (Figure 2d), the FDI signal attacks the communication link between the DG4 and at 1 s.As a result, both frequencies of DG4 and DG5 are seriously affected, as shown in Figure 6.With the conventional control method in [20], the DG4 and DG5 are subjected to a frequency deviation of +0.3 Hz and −0.3 Hz, respectively, as shown in Figure 6a.The restoration time is more than 2 s for both DG4 and DG5.By comparison, both restoration times are less than 2 s for the proposed control method, as shown in Figure 6b.In this case, the frequency of DG5 is attacked to be 50.3Hz during the period from 1 s to 5 s, as shown in Figure 5a.Under the conventional control in [20], DG5 continuously brings disturbance to the system due to the introduction of the confidential factor.However, the proposed algorithm can detect and compensate for the attack in 2.691 s.The restoration time is significantly reduced, as shown in Figure 5b.

(b)
Figure 4. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the DG5 is nonfunctional during the period from 1 s to 2.5 s.
In this case, the frequency of DG5 is attacked to be 50.3Hz during the period from 1 s to 5 s, as shown in Figure 5a.Under the conventional control in [20], DG5 continuously brings disturbance to the system due to the introduction of the confidential factor.However, the proposed algorithm can detect and compensate for the attack in 2.691 s.The restoration time is significantly reduced, as shown in Figure 5b.In Case C (Figure 2d), the FDI signal attacks the communication link between the DG4 and DG5 at 1 s.As a result, both frequencies of DG4 and DG5 are seriously affected, as shown in Figure 6.With the conventional control method in [20], the DG4 and DG5 are subjected to a frequency deviation of +0.3 Hz and −0.3 Hz, respectively, as shown in Figure 6a.The restoration time is more than 2 s for both DG4 and DG5.By comparison, both restoration times are less than 2 s for the proposed control method, as shown in Figure 6b.In Case C (Figure 2d), the FDI signal attacks the communication link between the DG4 and DG5 at 1 s.As a result, both frequencies of DG4 and DG5 are seriously affected, as shown in Figure 6.With the conventional control method in [20], the DG4 and DG5 are subjected to a frequency deviation of +0.3 Hz and −0.3 Hz, respectively, as shown in Figure 6a.The restoration time is more than 2 s for both DG4 and DG5.By comparison, both restoration times are less than 2 s for the proposed control method, as shown in Figure 6b.In addition, the proposed control method can also reduce the restoration time and fluctuations of other DGs during the attack period.It is worth noting that falsified data in the communication link are detected due to the existence of an encryption algorithm when there is an actual FDI attack against the communication link.Even if an attacker deliberately injects false data with the same bytes of encrypted data, the falsified data can be detected in the third part of Algorithm 1.The falsified data are not incorporated in the iteration process of the algorithm.
In addition, the proposed control method can also reduce the restoration time and fluctuations of other DGs during the attack period.It is worth noting that falsified data in the communication link are detected due to the existence of an encryption algorithm when there is an actual FDI attack against the communication link.Even if an attacker deliberately injects false data with the same bytes of encrypted data, the falsified data can be detected in the third part of Algorithm 1.The falsified data not incorporated in the iteration process of the algorithm.In Case D (Figure 2e), all the DGs are attacked by FDI attacks simultaneously at 1 s.The frequency deviations of the DGs are 0.1, 0.4, −0.2, −0.4,0.2, and −0.9, respectively.Figure 7 shows the corresponding waveforms.For the conventional algorithm in Figure 7a, the settling time of all DGs is more than 1.5 s.Only DG1 and DG2 can be converged at the rated frequency, while the frequencies of other DGs have offsets.DG6 suffers from the most severe frequency deviation, which is more than 0.1 Hz.For the proposed control method, the restoration time of the DGs is less than 1.5 s.The steady-state tracking errors are almost zero, which means that the adverse effects of the FDI attacks can be eliminated by the proposed control.In Case D (Figure 2e), all the DGs are attacked by FDI attacks simultaneously at 1 s.The frequency deviations of the DGs are 0.1, 0.4, −0.2, −0.4,0.2, and −0.9, respectively.Figure 7 shows the corresponding waveforms.For the conventional algorithm in Figure 7a, the settling time of all DGs is more than 1.5 s.Only DG1 and DG2 can be converged at the rated frequency, while the frequencies of other DGs have offsets.DG6 suffers from the most severe frequency deviation, which is more than 0.1 Hz.For the proposed control method, the restoration time of the DGs is less than 1.5 s.The steady-state tracking errors are almost zero, which means that the adverse effects of the FDI attacks can be eliminated by the proposed control.
Data transmission between the DGs is based on a 64-byte ciphertext, because of the communication protection algorithm being proposed in the algorithm.Table 1 shows the plaintext and the ciphertext of the frequency of each DG in the 22nd iteration of the communication link in Case B. The introduction of r in the encryption algorithm is random, so attackers cannot decipher the encrypted data.Table 2 shows the plaintext and ciphertext of the frequency of each DG in the 23rd iteration of the communication link in Case B. As can be seen from the comparisons of the encrypted frequency data of each DG in two adjacent iterations, the transmitted frequency data are purely random after the encryption.The attacker cannot obtain the system information even if part of the data is intercepted.In addition, even if the falsified data are introduced into the communication link, the decryption process can detect the falsified data.The error data are be incorporated in the calculation process, such that the communication security of DGs in microgrids can be guaranteed.Data transmission between the DGs is based on a 64-byte ciphertext, because of the communication protection algorithm being proposed in the algorithm.Table 1 shows the plaintext and the ciphertext of the frequency of each DG in the 22nd iteration of the communication link in Case B. The introduction of r in the encryption algorithm is random, so attackers cannot decipher the encrypted data.Table 2 shows the plaintext and ciphertext of the frequency of each DG in the 23rd iteration of the communication link in Case B. As can be seen from the comparisons of the encrypted frequency data of each DG in two adjacent iterations, the transmitted frequency data are purely random after the encryption.The attacker cannot obtain the system information even if part of the data is intercepted.In addition, even if the falsified data are introduced into the communication link, the decryption process can detect the falsified data.The error data are be incorporated in the calculation process, such that the communication security of DGs in microgrids can be guaranteed.

Conclusions and Future Work
Distributed generators (DGs) under false data injection (FDI) attacks affect the stability of entire microgrids.Various conventional cooperative control algorithms have been proposed to mitigate FDI attacks on the frequency deviation issue.However, most traditional cooperative control cannot completely remove the negative effects from the FDI attacks, since their data via the communication channels are not fully encrypted.To address this, a new cooperative control method based on the Paillier Encryption Algorithm is proposed.The Paillier Encryption Algorithm renders safe data spread in the communication links of the system, which significantly alleviates the hassle of penetrating falsified data into the secondary droop control for the DGs.The new cooperative control method is validated on the IEEE 34 Node Test Feeder system in simulation to better exhibit both dynamic and steady-state performance than a conventional cooperative control method for four difference cases, i.e., one DG is attacked, one DG is unfunctional, communication failure between the two DGs, and all DGs are attacked simultaneously.The results show that the frequency restoration time of the proposed control is faster than the conventional control in all the cases.The frequency deviations at the new steady states after the attack are almost zero for all the cases, while frequency deviations can be clearly observed for the conventional control.In future work, we will enhance the control algorithm by including additional nonlinear observers for other types of cyber attacks.In addition, the control objectives for the DGs could be power qualities and power efficiencies of microgrids.

Figure 1 .
Figure 1.Electrical and communication networks for a typical microgrid CPS.Figure 1. Electrical and communication networks for a typical microgrid CPS.

Figure 1 .
Figure 1.Electrical and communication networks for a typical microgrid CPS.Figure 1. Electrical and communication networks for a typical microgrid CPS.

Energies 2023 ,
16,  x FOR PEER REVIEW 8 of 15 common tools to investigate the stability of DGs in power systems under FDI attacks.For MATLAB 2020a, power system and power electronics blocks are well established.

Figure 2 .
Figure 2. (a) Schematic diagrams of the studied IEEE 34 Node Test Feeder system with 6 DGs, (b) Case A: DG5′s actuator is under attack, (c) Case B: the controller of DG5 is destroyed, (d) Case C: the communication link between DG4 and DG5 is under attack, (e) Case D: all actuators in the system are under attacks.

Figure 2 .
Figure 2. (a) Schematic diagrams of the studied IEEE 34 Node Test Feeder system with 6 DGs, (b) Case A: DG5 s actuator is under attack, (c) Case B: the controller of DG5 is destroyed, (d) Case C: the communication link between DG4 and DG5 is under attack, (e) Case D: all actuators in the system are under attacks.

Figure 3 .
Figure 3. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the DG5 is attacked by a constant FDI attack at 1 s.

Figure 3 .
Figure 3. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the DG5 is attacked by a constant FDI attack at 1 s.

Figure 3 .
Figure 3. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the DG5 is attacked by a constant FDI attack at 1 s.

Figure 4 .
Figure 4. Frequencies of the six DGs with the (a) algorithm in[20] and (b) proposed algorithm when the DG5 is nonfunctional during the period from 1 s to 2.5 s.

Figure 5 .
Figure 5. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the DG5 is nonfunctional during the period from 1 s to 5 s.

Figure 4 .
Figure 4. Frequencies of the six DGs with the (a) algorithm in[20] and (b) proposed algorithm when the DG5 is nonfunctional during the period from 1 s to 2.5 s.

Figure 5 .
Figure 5. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the DG5 is nonfunctional during the period from 1 s to 5 s.

Figure 5 .
Figure 5. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the DG5 is nonfunctional during the period from 1 s to 5 s.

Figure 6 .
Figure 6.Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the communication link between the DG4 and DG5 is attacked at 1 s.

Figure 6 .
Figure 6.Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when the communication link between the DG4 and DG5 is attacked at 1 s.

Figure 7 .
Figure 7. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when all the DGs are attacked at 1 s.

Figure 7 .
Figure 7. Frequencies of the six DGs with the (a) algorithm in [20] and (b) proposed algorithm when all the DGs are attacked at 1 s.

Table 1 .
Plaintext and Ciphertext of the Frequency in the 22nd Iteration of the Communication Link in Case B.

Table 1 .
Plaintext and Ciphertext of the Frequency in the 22nd Iteration of the Communication Link in Case B.

Table 2 .
Plaintext and Ciphertext of the Frequency in the 23rd Iteration of the Communication Link in Case B.