An Improved DHKE-Based Encryption–Decryption Mechanism for Formation Control of MASs Under Hybrid Attacks

Abstract

This work studies the formation control problem of general linear multi-agent systems (MASs) under hybrid attacks that include man-in-the-middle attacks (MITM) and denial-of-service attacks (DoS). First, an improved Diffie–Hellman key exchange (DHKE)-based encryption–decryption mechanism is proposed. This mechanism combines the challenge–response mechanism and hash function, which can achieve identity authentication, detect MITM attacks and ensure the confidentiality and integrity of information. Second, considering that DoS attacks on different channels are independent, a division model for distributed DoS attacks is established, which can classify attacks into different patterns. Third, an edge-based event-triggered (ET) formation control scheme is proposed. This control method only relies on the information of neighbor agents, which not only saves communication resources but also resists distributed DoS attacks. Finally, sufficient conditions for the implementation of formation control for MASs under hybrid attacks are provided, and the effectiveness and advantages of the proposed strategy are verified by simulation.

1. Introduction

In recent decades, multi-agent systems (MASs) have become a research hotspot due to their wide range of applications in distributed cooperative control [1], such as unmanned aerial vehicle (UAV) formations [2], smart grids [3], robot collaboration [4], etc. As one of the fundamental problems in the cooperative control of MASs, formation control’s goal is to enable agents to form and maintain a specific spatial structure during movement while adapting to environmental changes [5]. The research achievements of formation control for MASs have attracted widespread application in fields such as autonomous underwater vehicles (AUV) [6], satellite formations [7], etc. For instance, in work [6], based on the characteristics of MASs, a multi-acoustic underwater vehicle formation control algorithm based on autonomous mobile agent behavior is proposed, which employs a distributed consensus coordination algorithm to achieve robust tracking. In work [7], a hybrid system method and a novel hybrid ET mechanism are proposed, which accomplishe the bipartite consensus control problem of the satellite formation systems.

In an open network environment, malicious attackers often employ various cyberattacks to attempt to steal the information transmitted by agents and disrupt the normal operation of MASs. Common cyberattacks include denial-of-service (DoS) attacks, false data injection (FDI) attacks, man-in-the-middle (MITM) attacks, etc., [8,9,10,11,12,13,14]. At present, a large number of studies have been conducted on DoS and FDI attacks. In work [9], a multiple DoS attacks model based on discrete sampling data communication was established, and by designing an adaptive distributed control protocol, the secure consensus results of MASs with Euler–Lagrange dynamics and multiple DoS attacks are obtained. In addition, in [11], a new dynamic-memory-weight-dependency security control protocol is proposed, which dynamically adjusts the weight of historical released packets according to DoS attacks to alleviate the influence of DoS attacks. In work [14], in order to eliminate the negative impact of FDI attacks and reduce the burden of virtual control iterative calculations, a security control algorithm is designed, which combines the modified coordinate transformation and the dynamic surface control (DSC) method for nonlinear MASs suffering from FDI attacks. However, in the real network environment, multiple types of attacks may exist simultaneously, and meanwhile, few studies have focused on MASs suffering from MITM attacks. Therefore, how to defend against hybrid attacks has become a challenge for the formation problem of MASs. These attacks make the information exchange among agents in MASs very insecure [15], seriously threatening the confidentiality and integrity of MASs. Confidentiality refers to ensuring that the data transmitted in network communication can only be accessed by authorized recipients, preventing the data from being intercepted or stolen by unauthorized third parties. Integrity refers to ensuring that data is not tampered with or damaged during transmission or storage. In order to solve the security problem of MASs, two effective methods are usually used, namely differential privacy techniques [16,17] and encryption–decryption algorithms [18,19,20]. The principle of differential privacy technology is to inject carefully controlled random noise into the data, so that the presence or absence of any single data record will not have a significant impact on the final result of data analysis [21]. However, it may reduce the accuracy and usability of the data [21,22]. In contrast, encryption–decryption algorithms use appropriate algorithms and keys to encrypt and decrypt data without affecting the original data [23]. In work [18], an encryption–decryption mechanism is designed to encrypt the estimated state into a series of finite-level codewords. After being received and processed by the corresponding decryption algorithm, they are used to design the consensus controller. In work [20], a uniform-quantization-based encoding-decoding mechanism is introduced to solve the consensus tracking problem of a class of nonlinear discrete-time MASs. Above all, how to design an encryption–decryption mechanism to resist hybrid attacks and protect the formation security of MASs is the first motivation of this research.

In addition, another important factor to be considered for MASs is the cost of computing and communication. During MAS formations, agents will exchange information frequently, which may occupy a large amount of communication resources. If there are no effective methods adopted to save communication resources, it may even lead to the disintegration of the communication network. To alleviate the excessive occupation of communication resources, the event-triggering (ET) mechanism is widely applied. Currently, a large number of ET mechanisms are applied to MASs [24,25,26]. For example, in [25], in order to avoid continuous communication between neighboring agents, an intermittent communication strategy based on ET functions is established in the proposed distributed differentially private consensus algorithm. However, all the above-mentioned ET mechanisms are based on nodes. When an event occurs, the agent always needs to broadcast its communication data to all neighbors simultaneously, which can lead to some unnecessary consumption of communication resources. In recent years, another triggering mechanism, namely the edge-based ET mechanism, has attracted considerable attention [27,28,29,30]. For instance, In work [30], a novel adaptive dynamic ET scheme is proposed by introducing dynamic threshold update rules related to each edge to reduce communication burden and lower resource consumption. When an event is triggered, information is exchanged between the two agents without involving all neighbors, which greatly reduces the consumption of communication resources. However, all the above-mentioned studies are based on a secure network environment. When the MAS formation is subjected to hybrid attacks, how to design an edge-based ET formation control protocol becomes a challenge, which is the second motivation of this paper.

As discussed above, this paper aims to design an encryption–decryption mechanism based on edge-events triggered formation control protocol for MASs under hybrid attacks. The main contributions of this study can be summarized as follows:

1.

An improved DHKE-based encryption–decryption mechanism is designed. This method is based on the DHKE protocol, the challenge–response mechanism and the hash function. The DHKE protocol is used to generate session keys between agents. The challenge–response mechanism is employed to complement the identity authentication function of the DHKE protocol and the hash functions provide security for identity authentication. Therefore, the improved DHKE-based encryption–decryption mechanism can resist MITM attacks and ensure the confidentiality and integrity of information.

2.

Under distributed DoS attacks, an edge-based ET formation control protocol for MASs is designed. This method only requires information from neighbors, and the triggering solely depends on edge events. Compared with [24,25,26], which use node-based ET control, it can save communication resources more effectively.

3.

Under hybrid attacks, the sufficient conditions for MASs to achieve formation control are established which are verified through simulation.

Notations 1.

${\mathbb{R}}^n$ represents the n-dimensional vector, and ${\mathbb{R}}^{n\times m}$ represents the $n\times m$ real matrices. Let $A^T$ represent the transposed matrix of A. $1_N$ denotes the $N\times 1$ column vector with all ones, and $I_N$ denotes the N-dimensional identity matrix. The intersection and union are, respectively, represented as ∩ and ∪. The Kronecker product is denoted by $\otimes . diag\{.\}$ represents the diagonal matrix. The maximum and minimum eigenvalues of symmetric matrix A are, respectively, denoted by ${\lambda }_{min}\left(A\right)$ and ${\lambda }_{max}\left(A\right)$. The notation $Q>0$ $(Q\ge 0)$ implies that Q is symmetric positive definite (positive semidefinite).

2. Preliminaries and Problem Formulation

2.1. System Description

A MAS consisting of N agents is considered, in which each agent satisfies the following dynamic model:

$$\left\{\begin{array}{c}\dot{x_i}\left(t\right)=A{x}_i\left(t\right)+B{u}_i\left(t\right)\hfill \\ y_i\left(t\right)=C{x}_i\left(t\right), i=1, 2, \dots , N\hfill \end{array}\right.$$

(1)

where $x_i\left(t\right)\in {\mathbb{R}}^n$, $u_i\left(t\right)\in {\mathbb{R}}^m$, and $y_i\left(t\right)\in {\mathbb{R}}^q$ are the system state, the control input and the output of the ith agent at instant t, respectively. $A\in {\mathbb{R}}^{n\times n}$, $B\in {\mathbb{R}}^{n\times m}$ and $C\in {\mathbb{R}}^{q\times n}$ are known constant matrices. Assume that $(A, B)$ is stabilizable and $(A, C)$ is detectable. In realistic MASs with output feedback, in order to infer the system state $x_i\left(t\right)$ from the output $y_i\left(t\right)$, the following state observer is used:

$$\begin{array}{c}\hfill \begin{array}{cc}\hfill {\dot{v}}_i\left(t\right)& =A{v}_i\left(t\right)+B{u}_i\left(t\right)+F(C{v}_i\left(t\right)-y_i\left(t\right))\hfill \end{array}\end{array}$$

(2)

where $v_i\left(t\right)$ represents the estimate of $x_i\left(t\right)$ and F is the observer feedback gain matrix such that $A+FC$ is Hurwitz.

An undirected graph $\mathcal{G}=\{\mathcal{V}, \mathcal{E}, \mathcal{A}\}$ of order N is used to indicate the communication relationship of the MAS, where $\mathcal{V}=\{1, 2, \cdots , N\}$ and $\mathcal{E}\subseteq \mathcal{V}\times \mathcal{V}$, respectively, denotes the node set and edge set. $\mathcal{A}=\left[a_{ij}\right]\in {\mathbb{R}}^{N\times N}$ is the adjacency matrix of the graph $\mathcal{G}$. If $(i, j)\in \mathcal{E}$, then $a_{ij}=1$, which indicates that agents i and j exchange data with each other; else, $a_{ij}=0$. ${\mathbf{N}}_i$ represents the set of agent i’s neighbors. A graph $\mathcal{G}$ is said to be connected if there exists a path between any pair of distinct nodes; otherwise, it is disconnected. It is assumed that $a_{ii}=0$. The Laplacian matrix is given by $\mathcal{L}=\mathcal{D}-\mathcal{A}$, where $\mathcal{D}=diag\{d_1, d_2, \cdots , d_N\}$ and $d_i={\sum }_{j=1}^N{a}_{ij}$. The Laplacian matrix under attacks is denoted as ${\mathcal{L}}_{\mathsf{\Phi }}$.

A desired time-varying formation for the agents is denoted by $f\left(t\right)=[f_1^T\left(t\right), f_2^T\left(t\right),$$\dots , f_N^T{\left(t\right)]}^T$, where $f_i\left(t\right)\in {\mathbb{R}}^n$ is the piecewise continuously differentiable formation vector for agent i. Inspired by [31], not all formation functions are achievable, and they need to meet the feasibility condition:

$$\begin{array}{c}\hfill A{f}_i\left(t\right)-{\dot{f}}_i\left(t\right)+B{\kappa }_i\left(t\right)=0\end{array}$$

(3)

where ${\kappa }_i\left(t\right)$ is the formation compensation input of agent i.

2.2. The Improved DHKE-Based Encryption-Decryption Mechanism

Due to the distributed architecture and frequent interaction between agents, the MASs (Equation (1)) are susceptible to network attacks such as MITM attacks. As one of the most common attacks in MASs, an attacker of MITM attempts to act as a legitimate middle agent between two communicating agents, thereby eavesdropping, stealing and even tampering with the data.

In this section, we focus on securing the online communication phase of the MAS against MITM attacks. Attacks targeting the offline initialization phase or physical compromise of agents are not considered.

The Diffie–Hellman key exchange (DHKE) protocol, as a key negotiation method, enables two agents to exchange keys over an insecure public channel without a pre-shared key, and ultimately generate a shared key. Additionally, the challenge–response mechanism can be used for identity authentication between agents, which effectively compensates for the lack of authentication in the DHKE mechanism. In order to detect and prevent MITM attacks to guarantee the confidentiality and integrity of inter-agent data transmission, an improved DHKE-based encryption–decryption mechanism is proposed for MAS (Equation (1)).

The communication structure diagram of the MAS (Equation (1)) with the improved DHKE-based encryption–decryption mechanism is shown in Figure 1a. The event-triggered sequence on edge $(i, j)$ is generated as ${\left\{t_k^{ij}\right\}}_{k\in \mathbb{N}}$, which means agent i only exchanges information with agent j at triggering moments $t_k^{ij}$. Before the data is transmitted, both agents need to first negotiate a key and the sender encrypts the data by the key. After receiving the encrypted data, the receiver decrypts it by using the same key. The improved DHKE-based encryption–decryption mechanism consists of three parts: (a) Initialization, (b) Key exchange and (c) Encryption-decryption.

(a)

Initialization. Before key exchange, agent i generates password $PWD$ and agent j generates random salt $SALT$. Agent i stores the encrypted data $E_{PWD}\left(SALT\right)$ which means $SALT$ is encrypted by $PWD$ and agent j stores $H_3=H\left(PWD\left|\right|SALT\right)$.

It is emphasized that the $PWD$ and $SALT$ are provisioned to agents during an offline secure initialization phase. These parameters are not globally shared across the entire network, but are pairwise long-term credentials. Meanwhile, the encrypted storage of $SALT$ serves as a lightweight protection against accidental or non-invasive credential leakage. It is not intended to protect against full memory inspection attacks, which imply complete agent compromise and are beyond the considered threat model.

(b)

Key exchange. As shown in the key exchange flowchart in Figure 1b, q is a large prime number and a is the primitive root of q. The key exchange part is divided into the following five steps:

• Agent i sends signal C to declare its identity.
• Agent j receives C and sends a random challenge number $R_j$.
• Agent i decrypts $E_{PWD}\left(SALT\right)$ with $PWD$ stored locally to obtain $SALT$. Next, select a secret large number x that satisfies $x<q$ and calculate $a^x$ $mod$ q and $H_1=H\left(PWD\left|\right|SALT\right)$. Then, generate challenge number $R_i$ and calculate $H_2=H(H_1\left|\right|a^{x}modq$$\left|\right|R_j)$. Finally, send $\left(H_2\left|\right|a^{x}modq\left|\right|R_i\right)$ to agent j.
• Agent j retrieves $H_3$ stored locally and calculates $H_4=H\left(H_3\left|\right|a^{x}modq\left|\right|R_j\right)$. If $H_4=H_2$, select a secret large number y that satisfies $y<q$, calculate $a^y$ $mod$ q and $H_5=H\left(H_3\left|\right|a^{y}modq\left|\right|R_i\right)$ and send $\left(H_5\left|\right|a^{y}modq\right)$ to agent i; else, key exchange will fail.
• Agent i calculates $H_6=H(H_1\left|\right|a^{y}modq\left|\right|R_i)$. If $H_6=H_5$, send a acknowledge signal $ACK$ to agent j to indicate successful key exchange; else, key exchange will fail.

Then, the two communication agents negotiate the $KEY=a^{xy}modq$ known only to both of them. The negotiated key is a fresh session key and is independent of long-term credentials. Even if a long-term credential is compromised, only the corresponding communication links are affected, while other links remain secure.

(c)

Encryption-decryption (AES-128-GCM). After completing the authenticated key exchange, the two agents obtain a shared KEY = a^xy mod q. Since KEY is not necessarily 128-bit, a symmetric session key $k_{ij}\in {\left\{0, 1\right\}}^{\left\{128\right\}}$ is derived via a key derivation function (KDF)

$$\begin{array}{c}\hfill k_{ij}=Trun{c}_{128}\left(H\right(KEY\left|\right|i\left|\right|j\left)\right),\end{array}$$

where $Trun{c}_{128}(·)$ extracts the first 128 bits. At each triggering moment $t_k^{ij}$, agent i forms the plaintext $v_{ij}^{\prime }\left(t_k^{ij}\right)={\left(v_i^T\left(t_k^{ij}\right), f_i^T\left(t_k^{ij}\right)\right)}^T$. To ensure both confidentiality and integrity, agent i encrypts $v_{ij}^{\prime }\left(t_k^{ij}\right)$ using an authenticated encryption with associated data (AEAD) scheme, namely AES-128-GCM. A nonce $n_{ij}\left(t_k^{ij}\right)$ is generated using a monotonically increasing counter, which is initialized at session establishment and incremented by one for each transmitted packet, ensuring nonce uniqueness per session key. The associated data $a{d}_{ij}\left(t_k^{ij}\right)$ includes the edge index $(i, j)$ and the triggering instant $t_k^{ij}$, which binds the ciphertext to a specific communication link and transmission time. The encryption process is given by

$$\begin{array}{c}\hfill (c_{ij}\left(t_k^{ij}\right), ta{g}_{ij}\left(t_k^{ij}\right))=AEAD.En{c}_{AES}(k_{ij}, n_{ij}\left(t_k^{ij}\right), v_{ij}^{\prime }\left(t_k^{ij}\right), a{d}_{ij}\left(t_k^{ij}\right).\end{array}$$

(4)

and agent i sends packet $(n_{ij}\left(t_k^{ij}\right), a{d}_{ij}\left(t_k^{ij}\right), c_{ij}\left(t_k^{ij}\right), ta{g}_{ij}\left(t_k^{ij}\right))$ to agent j. Upon receiving a packet, agent j performs authenticated decryption using the shared session key $k_{ij}$. Specifically, agent j computes

$$\begin{array}{c}\hfill v_{ij}^{*}\left(t_k^{ij}\right)=AEAD.De{c}_{AES}(k_{ij}, n_{ij}\left(t_k^{ij}\right), c_{ij}\left(t_k^{ij}\right), a{d}_{ij}\left(t_k^{ij}\right), ta{g}_{ij}\left(t_k^{ij}\right)).\end{array}$$

(5)

If tag verification succeeds, then $v_{ij}^{*}\left(t_k^{ij}\right)=v_{ij}^{\prime }\left(t_k^{ij}\right)$; otherwise, the packet is discarded and treated as invalid, which provides integrity protection against malicious data modification.

By adopting AES-128-GCM, the proposed communication layer achieves authenticated encryption, i.e., confidentiality and integrity simultaneously. Any tampering with the nonce, ciphertext, tag, or associated data will be detected during tag verification, and the corresponding packet will be discarded. Meanwhile, it is noted that the key exchange procedure is executed only after the event trigger is triggered, rather than being executed in real-time within the control loop. The secret values used in the DHKE process are selected as large random integers and do not require online primality testing. Therefore, the computational overhead is acceptable for resource-constrained agents.

In order to present the improved DHKE-based encryption–decryption mechanism more clearly, Algorithm 1 is provided.

Remark 1.

The improved DHKE-based EDM for MAS (Equation (1)) can effectively detect MITM attacks, which is mainly completed by judging the hash value. In addition, assume that the secret information, such as $PWD$ and $SALT$, is shared in a secure manner, which is a prerequisite for the secure key exchange. In this case, $H_1$ and $H_3$ possess sufficient security. Since then, MITM attackers mainly attack through two methods: $\left(\mathbf{1}\right)$ tampering with random challenges $R_i$ or $R_j$. If attackers change $R_j$ by $R_a$ in order to impersonate agent j in step 2, it makes $H_2\ne H_4$ in step 4, and authentication fails. Similarly, if $R_i$ is tampered with, $H_5\ne H_6$ and authentication fails. $\left(\mathbf{2}\right)$ tampering with the key component $a^x$$mod$q or $a^y$$mod$q. If $a^x$$mod$q is changed to $a^z$$mod$q in step 3, it makes $H_2\ne H_4$ and authentication fails. The same goes for changing $a^y$$mod$q by $a^z$$mod$q. Once authentication fails, the data to be transmitted will be discarded. Moreover, the confidentiality of data in MAS (1) is ensured by the negotiated $KEY$. Note in Algorithm 1, x and y are secretly saved by agents i and j, respectively. Take agent i for an example; when receiving $a^y$$mod$q from agent j, agent i can calculate the key $a^{xy}$$mod$q by $a^{y}modq$ and x. Even if the eavesdropper possesses a, q, $a^x$$mod$q and $a^y$$mod$q, the key $a^{xy}$$mod$q cannot be calculated. That is, attackers are unable to obtain the $KEY$, thus ensuring the data security.

Remark 2.

The improved DHKE-based encryption–decryption mechanism is inspired by [32]. In contrast to the network attack environment in [32], this paper adopts a cryptographic-based method to achieve the secure transmission of information under MITM attacks. The data is encrypted through AES-128-GCM using the key generated by the DHKE algorithm. Meanwhile, aiming at the deficiency that the DHKE algorithm cannot perform identity authentication, an improved DHKE-based encryption–decryption mechanism is proposed. This mechanism introduces a challenge–response mechanism to complement its identity authentication function, achieving the authentication and encryption of data in the network environment, thereby resisting MITM attacks.

Algorithm 1 The improved DHKE-based EDM

Require: Hash function $H(·)$; Function $Trun{c}_{128}(·)$; Encryption algorithm $AEAD.En{c}_{AES}(·)$; Decryption algorithm $AEAD.De{c}_{AES}(·)$; Password $PWD$; Random salt $SALT$; Encryption method $E_{PWD}(·)$; Large prime number q and it’s primitive root a; Observer state $v_i\left(t_k^{ij}\right)$; Desired formation $f_i\left(t_k^{ij}\right)$; Ensure: Symmetric keys $a^{xy}modq$.  $Initialization$: Agent i stores $E_{PWD}\left(SALT\right)$ and agent j stores $H_3=H\left(PWD\right|\left|SALT\right)$ locally;  for$k=1:\infty$do     Step 1  Agent i: Send signal C to agent j;     Step 2  Agent j: Generate and send random challenge number $R_j$ to agent i;     Step 3  Agent i: Decrypt $E_{PWD}\left(SALT\right)$ by $PWD$;     Select a secret large prime number $x(x<q)$ and calculate $a^x$ $mod$ q;     Calculate $H_1=H\left(PWD\right|\left|SALT\right)$ and $H_2=H(H_1\left|\right|$$a^x$ $mod$ q$\left|\right|R_j)$;     Generate a challenge number $R_i$;     Send ($H_2\left|\right|$$a^x$ $mod$ q$\left|\right|R_i$) to agent j;     Step 4  Agent j: Retrieves $H_3$;     Calculate $H_4=H(H_3\left|\right|$$a^x$ $mod$ q$\left|\right|R_j)$;     if $H_4=H_2$ then       Select a secret large prime number $y(y<q)$ and calculate $a^y$ $mod$ q;       Calculate $H_5=H(H_3\left|\right|$$a^y$ $mod$ q$\left|\right|R_i)$;       Send ($H_5\left|\right|$$a^y$ $mod$ q) to agent i;     else       False;     end if     Step 5 Agent i: Calculate $H_6=H(H_1\left|\right|$$a^y$ $mod$ q$\left|\right|R_i)$;     if $H_5=H_6$ then       Send acknowledge character $ACK$ to agent j;     else       False;     end if     Agent i: Get $k_{ij}=Trun{c}_{128}\left(H\right(KEY\left|\right|i\left|\right|j\left)\right)$;     Form plaintext $v_i^{j^{\prime }}\left(t_k^{ij}\right)={(v_i^T\left(t_k^{ij}\right), f_i^T\left(t_k^{ij}\right))}^T$;     Generate nonce $n_{ij}\left(t_k^{ij}\right)$ using a session counter;     Set associated data $a{d}_{ij}\left(t_k^{ij}\right)=(i,j,t_k^{ij})$;     Compute $(c_{ij}\left(t_k^{ij}\right), ta{g}_{ij}\left(t_k^{ij}\right))=AEAD.En{c}_{AES}(k_{ij}, n_{ij}\left(t_k^{ij}\right), m_{ij}\left(t_k^{ij}\right), a{d}_{ij}\left(t_k^{ij}\right))$;     Send $(n_{ij}\left(t_k^{ij}\right), a{d}_{ij}\left(t_k^{ij}\right), c_{ij}\left(t_k^{ij}\right), ta{g}_{ij}\left(t_k^{ij}\right))$ to agent j;     Agent j:     if the packet is received by agent j then       $v_{ij}^{*}\left(t_k^{ij}\right)=AEAD.De{c}_{AES}(k_{ij}\left(t_k^{ij}\right), n_{ij}\left(t_k^{ij}\right), c_{ij}\left(t_k^{ij}\right), a{d}_{ij}\left(t_k^{ij}\right), ta{g}_{ij}\left(t_k^{ij}\right))$;       if tag verification succeeds then          Recover $v_i\left(t_k^{ij}\right)$ and $f_i\left(t_k^{ij}\right)$ from $v_{ij}^{\prime }\left(t_k^{ij}\right)$;       else          Discard the packet and set the desired value to 0;       end if     else       Packet loss and set the desired value to 0;     end if  end for

Security Assumptions and Discussion: This part clarifies the security assumptions, threat model, and design rationale of the proposed authentication and key exchange mechanism as follows:

(1)

Threat model and trust assumptions: We consider an open network environment where communication channels among agents are insecure and vulnerable to MITM attacks, eavesdropping, and message tampering. The proposed DHKE-based key establishment is designed under a classical adversary model. Resistance to quantum attacks (e.g., Shor’s algorithm) is beyond the scope of this work and is not considered in the present threat model. This work primarily focuses on secure formation control of MASs under classical computational assumptions. The investigation of quantum-resistant key establishment mechanisms in the context of formation control are an important direction, which is also one of the future research focuses. The primary objective of the proposed mechanism is to prevent impersonation and unauthorized key establishment during the online communication phase. It is assumed that each agent operates in a trusted execution environment. Physical capture or full logical compromise of an agent, including unrestricted access to its internal storage or runtime memory, is beyond the scope of this work. Once an agent is fully compromised, it is regarded as untrusted, and secure communication involving that agent cannot be guaranteed. This assumption is reasonable in secure control and MAS research.

(2)

Long-term credential provisioning: Each legitimate agent is provisioned with long-term credentials ($PWD$ and $SALT$) during an offline and secure initialization phase. These credentials are pairwise and used solely for authentication purposes. The encrypted local storage of $SALT$ provides a lightweight safeguard against accidental disclosure or non-invasive leakage of credentials. It is not intended to defend against full memory inspection attacks, which imply complete agent compromise and fall outside the considered threat model.

(3)

Setup and cryptographic specification: Each agent is initialized during an offline and secure setup phase. During this phase, legitimate agents are provisioned with long-term authentication credentials (e.g., $PWD$ and $SALT$), as well as public system parameters (e.g., a and q) of the DHKE group. Meanwhile, the proposed mechanism relies on standard cryptographic primitives. The hash function $H(·)$ is instantiated by a cryptographic hash (e.g., SHA-256). A symmetric session key $k_{ij}=Trun{c}_{128}\left(H\right(KEY\left|\right|i\left|\right|j\left)\right)$ is derived from the DHKE shared secret $KEY$ via a hash-based KDF. Data confidentiality and integrity are ensured by an authenticated encryption with the AEDA scheme, namely AES-128-GCM, with a 128-bit key. In addition, all random values used in the protocol, including the DHKE secrets and the initial nonce counter value, are generated using a cryptographically secure pseudo-random number generator (CSPRNG).

(4)

Session key security and impact of compromise: A fresh session key is established through an authenticated DHKE. The session key is independent of long-term credentials and is used exclusively for subsequent data encryption and decryption. As a result, the compromise of a long-term credential affects only the corresponding communication links, while other links remain secure. This decentralized structure avoids system-wide security failure.

(5)

Computational considerations: The key exchange and authentication procedures are executed only after the event trigger is triggered, rather than being executed in real-time within the control loop. The secret parameters in the DHKE process are selected as large random integers and do not require online primality testing. Therefore, the computational overhead is acceptable for resource-constrained agents.

(6)

Comparison with PKI-based solutions: As shown in

Table 1. Comparison between PKI-based mechanism and the proposed lightweight DHKE-based mechanism.

	PKI-Based Mechanism	Proposed DHKE-Based Mechanism
Authentication mechanism	Digital certificates with public-key signatures (e.g., RSA)	Challenge–response authentication based on long-term credentials
Trusted third party	Required	Not required
Runtime certificate management	Certificate validation and revocation	No certificate management required
Long-term credentials	Private key and digital certificate	PWD and SALT
Credential update	Certificate re-issuance and redistribution	Offline re-provisioning
Suitability for decentralized MASs	Limited by infrastructure	More suitable for infrastructure-less MASs

, the PKI-based authentication mechanism relies on digital certificates and trusted third-party institutions, as well as online management processes such as certificate issuance, verification, and revocation. This often introduces higher management and communication costs in decentralized MASs. In contrast, the proposed mechanism in this paper does not rely on certificates or third-party institutions during the system operation phase. Although $PWD$ and $SALT$ require offline configuration during the initialization stage; they do not require online management mechanisms such as certificate verification or revocation afterwards. Thus, in specific MASs formation control scenarios, they have lower management complexity and operating costs. It is important to note that this proposed mechanism is not intended to replace the mature PKI-based solutions. Instead, it offers a lightweight alternative for MASs where certificate management is inconvenient or the infrastructure is limited.

(7)

Random number generation: The proposed scheme relies on cryptographically secure random numbers for generating ephemeral Diffie–Hellman private exponents and nonces used in authenticated encryption. Each agent employs a cryptographically secure pseudo-random number generator (CSPRNG) instantiated as a hash-based deterministic random bit generator (Hash-DRBG) using SHA-256. The adopted CSPRNG follows a standard DRBG architecture, in which an internal state is initialized and periodically refreshed using entropy provided by the underlying platform, and random bits are generated through iterative hash-based expansion. The Hash-DRBG is seeded by the operating system’s entropy pool, which aggregates platform-dependent entropy sources, such as system-level noise sources and, when available, hardware-assisted randomness. These entropy sources are managed by the operating system and are not controlled directly by the proposed scheme. The CSPRNG is provided by the underlying operating system or cryptographic library and utilizes standard computational resources already available on each agent, without requiring additional hardware modules or trusted third-party infrastructures.

2.3. Edge-Based ET Formation Control Protocol

The improved DHKE-based encryption–decryption mechanism proposed can effectively detect and resist MITM attacks, ensuring that the key exchange process will not be deciphered by attackers. However, in the real network environment, MASs can also be threatened by DoS attacks. The purpose of DoS attacks is to block communication between agents, thereby disrupting the normal operation of MASs. DoS attacks on MASs are typically divided into global attacks and distributed attacks. Different from the global attacks in [32,33] that occur simultaneously on all channels, the distributed DoS attacks are independent on different channels, which are more covert and complex. Inspired by [34], a distributed DoS attack model is constructed. The union of time intervals over which the channels indexed by $\mathsf{\Phi }\subseteq \mathcal{E}$ are attacked can be expressed as

$$\begin{array}{c}\hfill {\mathsf{\Psi }}_{\mathsf{\Phi }}(t_1, t_2)=\left({\cap }_{(i, j)\in \mathsf{\Phi }}{\mathcal{D}}_{ij}(t_1, t_2)\right)\cap \left({\cap }_{ij\notin \mathsf{\Phi }}{\overline{\mathcal{D}}}_{(i, j)}(t_1, t_2)\right), \end{array}$$

(6)

where $\mathsf{\Phi }\left(t\right)=\{(i, j)\in \mathcal{E}|t\in {\mathcal{D}}_{ij}(0, \infty )\}$ refers to the set of edges under attacks at time t, ${\mathcal{D}}_{ij}(t_1, t_2)$ is the union of time intervals with attack for edge $\left(i, j\right)\in \mathcal{E}$ over $\left[t_1, t_2\right)$ and ${\overline{\mathcal{D}}}_{ij}(t_1, t_2)=\left[t_1, t_2\right)\setminus {\mathcal{D}}_{ij}(t_1, t_2)$ is the union of the time intervals without attacks. It is obvious that $\left[t_1, t_2\right)={\cup }_{\mathsf{\Phi }\in \mathcal{E}}{\mathsf{\Psi }}_{\mathsf{\Phi }}(t_1, t_2)$ and

$${\mathcal{D}}_{ij}(t_1, t_2)={\cup }_{(i, j)\in \mathsf{\Phi }, \mathsf{\Phi }\in \mathcal{E}}{\mathsf{\Psi }}_{\mathsf{\Phi }}(t_1, t_2)$$

(7)

hold. It can be inferred that there could be $2^{\left|\mathcal{E}\right|/2}$ different sets $\mathsf{\Phi }\left(t\right)$ from $\mathsf{\Phi }\left(t\right)=ø$ to $\mathsf{\Phi }\left(t\right)=\mathcal{E}$, which means that the timeline is divided into $2^{\left|\mathcal{E}\right|/2}$ different types by the $2^{\left|\mathcal{E}\right|/2}$ different systems topology under attacks. For the sake of simplicity, they are referred to as the attack modes. The following provides an example to intuitively explain the division of attack modes. Assume that a MAS consists of 4 agents with edges $(1, 2), (2, 3)$ and $(2, 4)$. Then, there are $2^{\left|\mathcal{E}\right|/2}=8$ different cases indexed by $\mathsf{\Phi }\left(t\right)$, which correspond to 8 different topologies. ${\mathsf{\Psi }}_1\text{–}{\mathsf{\Psi }}_8$ correspond to the time intervals for each system topology and attack mode as shown in Figure 2.

Additionally, attackers need to consume energy before launching attacks, which means that they need to switch to a dormant state to prepare for the next attack after the last attack. Therefore, the frequency and duration of MITM and DoS attacks on each transmission channel should satisfy the following assumptions.

Assumption 1

([34]). (Attack Duration). For channel $(i, j)\in \mathcal{E}$, there exist $T_d^{ij}>1$ and ${\mu }_d^{ij}>0$ satisfying

$$\begin{array}{c}\hfill \left|{\mathcal{D}}_{ij}(t_1, t_2)\right|\le {\mu }_d^{ij}+{\displaystyle \frac{t_2-t_1}{T_d^{ij}}}\end{array}$$

(8)

for any $t_1<t_2$, where ${\mathcal{D}}_{ij}(t_1, t_2)$ is the union of attack intervals of edge $\left(i, j\right)\in \mathcal{E}$ over $\left[t_1, t_2\right)$.

Edge $(i, j)$ may have been under attack at time $t_1$, and ${\mu }_d^{ij}$ represents the length of the interval from $t_1$ to the end of that attack. For edge $(i, j)$, $T_d^{ij}$ represents the average dwell time of two consecutive attacks off/on transitions.

The information transmission among agents in MAS (Equation (1)) is not only affected by external attacks but also constrained by internal communication resources. Frequent communication between agents will take up a large amount of bandwidth. In order to alleviate the communication burden of MAS (Equation (1)) under distributed DoS attacks, an edge-based ET formation control protocol is established as follows:

$$u_i\left(t\right)=pK\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)+{\kappa }_i\left(t\right), t\in [t_k^{ij}, t_{k+1}^{ij})$$

(9)

where ${\tilde{\vartheta }}_{ij}\left(t\right)=({\tilde{v}}_{ij}\left(t\right)-f_i\left(t\right))-({\tilde{v}}_{ji}\left(t\right)-f_j\left(t\right))$, ${\tilde{v}}_{ij}\left(t\right)=e^{A(t-t_k^{ij})}{v}_i\left(t_k^{ij}\right)$, p is a constant, K is a feedback gain matrix to be solved and ${\kappa }_i\left(t\right)$ is the formation compensation input defined in (3). As shown in Equation (9), the control input of agent i relies on the reachability of its adjacent agents.

Then, define the estimation error as $e_{ij}\left(t\right)={\tilde{v}}_{ij}\left(t\right)-v_i\left(t\right)$. The event-triggering moments of edge $(i, j)$ are determined by

$$t_{k+1}^{ij}=\left\{t_k^{ij}+min\{{\tau }_k^{ij}, \tau \}|{\tau }_k^{ij}=t-t_k^{ij}>0,when{h}_{ij}\left(t\right)\ge 0\right\},$$

(10)

where $\tau$ is an upper bound on the interval between two triggering moments and the triggering function of edge $(i, j)$ is

$$\begin{array}{c}\hfill h_{ij}\left(t\right)=-{\displaystyle \frac{1}{4}}{\tilde{\mathrm{\vartheta }}}_{ij}^T\left(t\right)\mathrm{\Gamma }{\tilde{\mathrm{\vartheta }}}_{ij}\left(t\right)+e_{ij}^T\left(t\right)\mathrm{\Gamma }{e}_{ij}\left(t\right)-{\mu }_{ij}{e}^{-{\nu }_{ij}t}\end{array}$$

(11a)

$$\begin{array}{c}\hfill h_{ji}\left(t\right)=-{\displaystyle \frac{1}{4}}{\tilde{\mathrm{\vartheta }}}_{ji}^T\left(t\right)\mathrm{\Gamma }{\tilde{\mathrm{\vartheta }}}_{ji}\left(t\right)+e_{ji}^T\left(t\right)\mathrm{\Gamma }{e}_{ji}\left(t\right)-{\mu }_{ji}{e}^{-{\nu }_{ji}t},\end{array}$$

(11b)

where $\mathrm{\Gamma }$ is a constant design matrix and ${\mu }_{ij}{e}^{-{\nu }_{ij}t}$ is the threshold of triggering function with ${\mu }_{ij}$ and ${\nu }_{ij}$ being given positive constants.

Remark 3.

The ET mechanism has been widely used to save communication resources. As the edge-based ET mechanism (Equations (10) and (11)) is designed, events on each edge connected to agent i are triggered independently, and only when the trigger condition is met will the two agents on edge $(i, j)$ exchange information. In the meantime, τ is used to force events on edge $(i, j)$ to be triggered in case there is no communication for a long time. Therefore, compared with the node-based trigger mechanism in [35,36,37], which needs to broadcast information to all neighbors at triggering moments, the method proposed in Equations (10) and (11) can alleviate the communication pressure in MAS (Equation (1)) because not all neighbor agents need to update their status at triggering moments.

Define $\vartheta \left(t\right)={\left[{\vartheta }_1^T\left(t\right), {\vartheta }_2^T\left(t\right), \cdots , {\vartheta }_N^T\left(t\right)\right]}^T$, $\eta \left(t\right)=\left[{\eta }_1^T\left(t\right), {\eta }_2^T\left(t\right)\cdots , {\eta }_N^T\left(t\right)\right]$ and the formation error $\xi \left(t\right)={\left[{\xi }_1^T\left(t\right), \cdots , {\xi }_N^T\left(t\right)\right]}^T$, where ${\vartheta }_i\left(t\right)=v_i\left(t\right)-f_i\left(t\right)$, ${\eta }_i\left(t\right)={\vartheta }_i\left(t\right)-(1/N){\sum }_{j=1}^N{\vartheta }_j\left(t\right)$ and ${\xi }_i\left(t\right)=(x_i\left(t\right)-f_i\left(t\right))-(1/N){\sum }_{j=1}^N(x_j\left(t\right)-f_j\left(t\right)),i=1, \cdots , N$. It can be obtained from Equations (1), (2), (3) and (9) that the following applies:

Let ${\omega }_i\left(t\right)=x_i\left(t\right)-f_i\left(t\right)$. From Equations (1) and (3) we can obtain

$$\begin{array}{cc}\hfill {\dot{\omega }}_i\left(t\right)& =A{\omega }_i\left(t\right)+A{f}_i\left(t\right)+B{u}_i\left(t\right)-{\dot{f}}_i\left(t\right)\hfill \\ \hfill & =A{\omega }_i\left(t\right)+B(u_i\left(t\right)-{\kappa }_i\left(t\right)).\hfill \end{array}$$

(12)

Then, we can obtain the derivative of ${\xi }_i\left(t\right)$ from Equation (12) and the fact that ${\tilde{\vartheta }}_{ij}\left(t\right)=-{\tilde{\vartheta }}_{ji}\left(t\right)$,

$$\begin{array}{cc}\hfill {\dot{\xi }}_i\left(t\right)& ={\dot{\omega }}_i\left(t\right)-(1/N)\sum _{j=1}^N{\dot{\omega }}_j\left(t\right)\hfill \\ \hfill & =A{\omega }_i\left(t\right)+B(u_i\left(t\right)-{\kappa }_i\left(t\right))-(1/N)\sum _{j=1}^N\left(A{\omega }_j\left(t\right)+B(u_j\left(t\right)-{\kappa }_j\left(t\right))\right)\hfill \\ \hfill & =A({\omega }_i\left(t\right)-(1/N)\sum _{j=1}^N{\omega }_j\left(t\right))+pBK(\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)\hfill \\ \hfill & -(1/N)\sum _{k=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{kj}{\tilde{\vartheta }}_{kj}\left(t\right))\hfill \\ \hfill & =A{\xi }_i\left(t\right)+pBK\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right).\hfill \end{array}$$

(13)

From Equations (2) and (3) and the definition of ${\theta }_i\left(t\right)$, the derivative of ${\theta }_i\left(t\right)$ can be obtained as

$$\begin{array}{cc}\hfill {\dot{\theta }}_i\left(t\right)& ={\dot{v}}_i\left(t\right)-{\dot{f}}_i\left(t\right)\hfill \\ \hfill & =A{v}_i\left(t\right)+B{u}_i\left(t\right)+F(C{v}_i\left(t\right)-y_i\left(t\right))-{\dot{f}}_i\left(t\right)\hfill \\ \hfill & =A{\theta }_i\left(t\right)+(A{f}_i\left(t\right)-{\dot{f}}_i\left(t\right))+B{u}_i\left(t\right)+FC{\theta }_i\left(t\right)+(FC{f}_i\left(t\right)-FC{x}_i\left(t\right))\hfill \\ \hfill & =(A+FC){\theta }_i\left(t\right)+pBK\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)-FC{\omega }_i\left(t\right).\hfill \end{array}$$

(14)

Then the derivative of ${\eta }_i\left(t\right)$ is

$$\begin{array}{cc}\hfill {\dot{\eta }}_i\left(t\right)& ={\dot{\theta }}_i\left(t\right)-(1/N)\sum _{j=1}^N{\dot{\theta }}_j\left(t\right)\hfill \\ \hfill & =(A+FC)\left({\theta }_i\left(t\right)-(1/N)\sum _{j=1}^N{\theta }_j\left(t\right)\right)-FC\left({\omega }_i\left(t\right)-\sum _{j=1}^N{\omega }_j\left(t\right)\right)\hfill \\ \hfill & +B\left(pK\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)-{\displaystyle \frac{1}{N}}pK\sum _{k=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{kj}{\tilde{\vartheta }}_{kj}\left(t\right)\right)\hfill \\ \hfill & =(A+FC){\eta }_i\left(t\right)+pBK\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)-FC{\xi }_i\left(t\right)\hfill \\ \hfill & =A{\eta }_i\left(t\right)+pBK\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)+FC({\eta }_i\left(t\right)-{\xi }_i\left(t\right))\hfill \end{array}$$

(15)

Let the observer error be defined as ${\epsilon }_i\left(t\right)={\eta }_i\left(t\right)-{\xi }_i\left(t\right)$. Then, it follows that

$$\begin{array}{c}\hfill \begin{array}{cc}\hfill {\dot{\epsilon }}_i\left(t\right)& =(A+FC){\epsilon }_i\left(t\right)\hfill \end{array}\end{array}$$

(16)

and

$${\dot{\eta }}_i\left(t\right)=A{\eta }_i\left(t\right)+pBK\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)+FC{\epsilon }_i\left(t\right).$$

(17)

The objective of this article is to design an edge-based ET formation control protocol (Equation (9)) for MAS (Equation (1)) such that the formation can be achieved under hybrid attacks. That is, ${lim}_{t\to \infty }{\epsilon }_i\left(t\right)=0$ and ${lim}_{t\to \infty }{\eta }_i\left(t\right)=0$ hold.

The subsequent proof relies on the following lemma:

Lemma 1

([38]). For an undirected graph, zero is a simple eigenvalue of $\mathcal{L}$, if and only if the graph is connected. The smallest nonzero eigenvalue ${\lambda }_2$ of $\mathcal{L}$ satisfies ${\lambda }_2\left(\mathcal{L}\right)={min}_{x\ne \mathbf{0}, {\mathbf{1}}^{T}x=0}{\displaystyle \frac{x^T\mathcal{L}x}{x^{T}x}}$.

3. Results

In this part, Theorem 1 provides sufficient conditions for the MAS (Equation (1)) formation to be achievable in the presence of hybrid attacks. Meanwhile, Theorem 2 proves that Zeno behavior will not occur under the trigger mechanism (Equation (10)).

Theorem 1.

Suppose that $(A, B, C)$ is stabilizable and detectable. Consider the MAS (1) with the edge-based ET mechanism (Equation (10)) and control protocol (Equation (9)) under hybrid attacks, for given scalars ${\alpha }_{\mathsf{\Phi }}$, if there exist symmetric matrices P, Q such that $P>0$ and $Q>0$, matrices $K=-B^{T}P$, $F=-Q{C}^T$, $\mathrm{\Gamma }=PB{B}^{T}P$, scalars ${\varkappa }_1^{ij}$ and ${\varkappa }_2^{ij}$ subject to the following conditions:

$$\begin{array}{c}\hfill \begin{array}{c}\hfill \phi \left(t\right)+\dot{\phi }\left(t\right)<{\alpha }_{\mathsf{\Phi }}\phi \left(t\right),\end{array}\end{array}$$

(18)

$$\begin{array}{c}\hfill \begin{array}{c}\hfill PA+A^{T}P+{\displaystyle \frac{1}{2}}I-PB{B}^{T}P<{\alpha }_{\mathsf{\Phi }}P,\end{array}\end{array}$$

(19)

$$\begin{array}{c}\hfill \begin{array}{c}\hfill Q{A}^T+AQ-Q{C}^{T}CQ+I=0,\end{array}\end{array}$$

(20)

$$\begin{array}{c}\hfill {\varkappa }_1^{ij}-{\varkappa }_2^{ij}\ge 0,\end{array}$$

(21)

$$\begin{array}{c}\hfill {\alpha }_{\mathsf{\Phi }}\le (\sum _{(i, j)\in \mathsf{\Phi }}{\varkappa }_1^{ij}+\sum _{(i, j)\in \mathcal{E}\setminus \mathsf{\Phi }}{\varkappa }_2^{ij}),\end{array}$$

(22)

$$\begin{array}{c}\hfill {\displaystyle \frac{1}{\overline{T}}}=\sum _{(i, j)\in \mathcal{E}}({\displaystyle \frac{1}{T_d^{ij}}}{\varkappa }_1^{ij}+(1-{\displaystyle \frac{1}{T_d^{ij}}}){\varkappa }_2^{ij})<0,\end{array}$$

(23)

where $\phi \left(t\right)=p{\sum }_{i=1}^N{\sum }_{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{ij}{\mu }_{ij}{e}^{-v_{ij}t}$, $p>[1/\left({\lambda }_2\left({\mathcal{L}}_{\mathsf{\Phi }}\right)\right)]$ and $\rho -{\left|\right|PFC\left|\right|}^2>0$, the desired time-varying formation under distributed hybrid attacks can be achieved.

Proof. 

Consider the Lyapunov candidate function $V\left(t\right)=V_{\epsilon }\left(t\right)+V_{\eta }\left(t\right)+\phi \left(t\right)$ with

$$\begin{array}{c}\hfill \begin{array}{c}\hfill V_{\eta }\left(t\right)={\displaystyle \frac{1}{2}}\sum _{i=1}^N{\eta }_i{\left(t\right)}^{T}P{\eta }_i\left(t\right),\end{array}\end{array}$$

$$\begin{array}{c}\hfill \begin{array}{c}\hfill V_{\epsilon }\left(t\right)={\epsilon }^T\left(t\right)(I_N\otimes H)\epsilon \left(t\right),\end{array}\end{array}$$

$$\begin{array}{c}\hfill \begin{array}{c}\hfill \phi \left(t\right)=p\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}^N{a}_{ij}{\mu }_{ij}{e}^{-{\nu }_{ij}t}.\end{array}\end{array}$$

According to Equations (16) and (17), the time derivative of $V_{\eta }\left(t\right)$ is given by

$$\begin{array}{c}\hfill {\dot{V}}_{\eta }\left(t\right)={\eta }^T\left(t\right)(I_N\otimes PA)\eta \left(t\right)+p\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\eta }_i{\left(t\right)}^{T}PBK{\tilde{\vartheta }}_{ij}\left(t\right)+{\eta }^T\left(t\right)(I_N\otimes PFC)\epsilon \left(t\right).\end{array}$$

(24)

Based on the fact ${\sum }_{i=1}^N{\sum }_{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{\eta }_i\left(t\right)\mathrm{\Gamma }{\tilde{\vartheta }}_{ij}\left(t\right)={\sum }_{i=1}^N{\sum }_{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{\eta }_j\left(t\right)\mathrm{\Gamma }{\tilde{\vartheta }}_{ji}\left(t\right)$, $\mathrm{\Gamma }=PB{B}^{T}P$ and $K=-B^{T}P$, it can be deduced that

$$\begin{array}{cc}\hfill & \sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\eta }_i{\left(t\right)}^{T}PBK{\tilde{\vartheta }}_{ij}\left(t\right)\hfill \\ \hfill & =-\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\eta }_i\left(t\right)\mathrm{\Gamma }{\tilde{\vartheta }}_{ij}\left(t\right)\hfill \\ \hfill & =-{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}[{\eta }_i^T\left(t\right)\mathrm{\Gamma }{\tilde{\vartheta }}_{ij}\left(t\right)+{\eta }_j^T\left(t\right)\mathrm{\Gamma }{\tilde{\vartheta }}_{ji}\left(t\right)]\hfill \\ \hfill & =-{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{({\eta }_i\left(t\right)-{\eta }_j\left(t\right))}^T\mathrm{\Gamma }{\tilde{\vartheta }}_{ij}\left(t\right).\hfill \end{array}$$

(25)

Meanwhile, according to the definition of ${\tilde{\vartheta }}_{ij}\left(t\right)$, one obtains

$$\begin{array}{cc}\hfill {\tilde{\vartheta }}_{ij}\left(t\right)& =({\tilde{v}}_{ij}\left(t\right)-f_i\left(t\right))-({\tilde{v}}_{ji}\left(t\right)-f_j\left(t\right))\hfill \\ \hfill & =\left(v_i\left(t\right)+e_{ij}\left(t\right)-f_i\left(t\right)\right)-\left(v_j\left(t\right)+e_{ji}\left(t\right)-f_j\left(t\right)\right)\hfill \\ \hfill & =\left(v_i\left(t\right)-f_i\left(t\right)\right)-\left(v_j\left(t\right)-f_j\left(t\right)\right)+\left(e_{ij}\left(t\right)-e_{ji}\left(t\right)\right)\hfill \\ \hfill & =\left({\vartheta }_i\left(t\right)-{\vartheta }_j\left(t\right)\right)+\left(e_{ij}\left(t\right)-e_{ji}\left(t\right)\right)\hfill \\ \hfill & =\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)+\left(e_{ij}\left(t\right)-e_{ji}\left(t\right)\right).\hfill \end{array}$$

(26)

Then, the following formula holds:

$$\begin{array}{cc}\hfill & \sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\eta }_i{\left(t\right)}^{T}PBK{\tilde{\vartheta }}_{ij}\left(t\right)\hfill \\ \hfill & =-{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)}^T\mathrm{\Gamma }\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)\hfill \\ \hfill & -{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)}^T\mathrm{\Gamma }\left(e_{ij}\left(t\right)-e_{ji}\left(t\right)\right)\hfill \\ \hfill & =-{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)}^T\mathrm{\Gamma }\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)\hfill \\ \hfill & -{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{\displaystyle \frac{1}{2}}{a}_{ij}[{\tilde{\vartheta }}_{ij}^T\left(t\right)\mathrm{\Gamma }{\tilde{\vartheta }}_{ij}^T\left(t\right)-{\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)}^T\mathrm{\Gamma }\left(({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)\hfill \\ \hfill & -{\left(e_{ij}\left(t\right)-e_{ji}\left(t\right)\right)}^T\mathrm{\Gamma }\left(e_{ij}\left(t\right)-e_{ji}\left(t\right)\right)]\hfill \\ \hfill & =-{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\eta }_i^T\left(t\right)\mathrm{\Gamma }\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)-{\displaystyle \frac{1}{4}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\tilde{\vartheta }}_{ij}^T\left(t\right)\mathrm{\Gamma }{\tilde{\vartheta }}_{ij}^T\left(t\right)\hfill \\ \hfill & +{\displaystyle \frac{1}{4}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}\left(e_{ij}^T\left(t\right)-e_{ji}^T\right)\mathrm{\Gamma }\left(e_{ij}\left(t\right)-e_{ji}^T\left(t\right)\right)\hfill \\ \hfill & \le -{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\eta }_i^T\left(t\right)\mathrm{\Gamma }({\eta }_i\left(t\right)-{\eta }_j\left(t\right))-{\displaystyle \frac{1}{4}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\tilde{\vartheta }}_{ij}^T\left(t\right)\mathrm{\Gamma }{\tilde{\vartheta }}_{ij}\left(t\right)\hfill \\ \hfill & +\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{e}_{ij}^T\left(t\right)\mathrm{\Gamma }{e}_{ij}\left(t\right)\hfill \\ \hfill & \le -{\displaystyle \frac{1}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\eta }_i^T\left(t\right)\mathrm{\Gamma }\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)+\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\mu }_{ij}{e}^{-{\nu }_{ij}t}.\hfill \end{array}$$

(27)

By using Young’s inequality $x^{T}y\le {\displaystyle \frac{a}{2}}{x}^2+{\displaystyle \frac{1}{2a}}{y}^2$, it can be obtained that

$$\begin{array}{c}\hfill \begin{array}{c}\hfill {\eta }^T\left(t\right)(I_N\otimes PFC)\epsilon \left(t\right)\le {\Vert PFC\Vert }^2{\epsilon }^T\left(t\right)\epsilon \left(t\right)+{\displaystyle \frac{{\eta }^T\left(t\right)\eta \left(t\right)}{4}}.\end{array}\end{array}$$

(28)

Owing to $A+FC$ being Hurwitz, there exists a matrix R satisfying $R>0$ and ${(A+FC)}^{T}R+R(A+FC)=-\varrho I$ with $\varrho \ge 0$ [39]. Then, taking the time derivative of $V_{\epsilon }$ yields

$$\begin{array}{c}\hfill \begin{array}{cc}\hfill {\dot{V}}_{\epsilon }\left(t\right)& ={\epsilon }^T\left(t\right)\{I_N\otimes [{(A+FC)}^{T}R+R(A+FC)]\}\epsilon \left(t\right)\hfill \\ & =-\varrho {\epsilon }^T\left(t\right)\epsilon \left(t\right).\hfill \end{array}\end{array}$$

(29)

Combining Equations (24)–(29) yields

$$\begin{array}{cc}\hfill \dot{V}\left(t\right)& \le {\eta }^T\left(t\right)(I_N\otimes PA)\eta \left(t\right)-{\displaystyle \frac{p}{2}}\sum _{i=1}^N\sum _{j\in {\mathbf{N}}_i, (i, j)\notin \mathsf{\Phi }\left(t\right)}{a}_{ij}{\eta }_i^T\left(t\right)\mathrm{\Gamma }\left({\eta }_i\left(t\right)-{\eta }_j\left(t\right)\right)+\phi \left(t\right)\hfill \\ \hfill & +{\displaystyle \frac{{\eta }^T\left(t\right)\eta \left(t\right)}{4}}+\dot{\phi }{\left(t\right)-(\rho -|\left|PFC\right||}^2){\epsilon }^T\left(t\right)\epsilon \left(t\right)\hfill \\ \hfill & ={\displaystyle \frac{1}{2}}{\eta }^T\left(t\right)\left[I_N\otimes (PA+A^{T}P+{\displaystyle \frac{1}{2}}I)-p{\mathcal{L}}_{\mathsf{\Phi }}\otimes \mathrm{\Gamma }\right]{\eta \left(t\right)-(\rho -|\left|PFC\right||}^2){\epsilon }^T\left(t\right)\epsilon \left(t\right)+\phi \left(t\right)\hfill \\ \hfill & +\dot{\phi }\left(t\right)\hfill \end{array}$$

(30)

Noting the fact that $({\mathbf{1}}^T\otimes I_n)\eta \left(t\right)=0$ and using Lemma 1, we can obtain that ${\eta }^T\left(t\right)({\mathcal{L}}_{\mathsf{\Phi }}\otimes \mathrm{\Gamma })\eta \left(t\right)\ge {\lambda }_2\left({\mathcal{L}}_{\mathsf{\Phi }}\right){\eta }^T\left(t\right)(I_N\otimes \mathrm{\Gamma })\eta \left(t\right)$. Since $p\ge [1/{\lambda }_2\left({\mathcal{L}}_{\mathsf{\Phi }}\right)]$, it is obvious that $-p{\eta }^T\left(t\right)({\mathcal{L}}_{\mathsf{\Phi }}\otimes \mathrm{\Gamma })\eta \left(t\right)\le -{\eta }^T\left(t\right)(I\otimes \mathrm{\Gamma })\eta \left(t\right)$ holds, and hence, it can be concluded that

$$\begin{array}{cc}\hfill \dot{V}\left(t\right)& \le {\displaystyle \frac{1}{2}}{\eta }^T\left(t\right)\left[I_N\otimes (PA+A^{T}P+{\displaystyle \frac{1}{2}}I-PB{B}^{T}P)\right]\eta \left(t\right)-\beta {\epsilon }^T\left(t\right)\epsilon \left(t\right)+\phi \left(t\right)+\dot{\phi }\left(t\right)\hfill \end{array}$$

(31)

where $\beta =\varrho -{\Vert PFC\Vert }^2$. If the conditions in Equations (18)–(20) hold, it is easy to obtain that

$$\begin{array}{c}\hfill \dot{V}\left(t\right)<{\alpha }_{\mathsf{\Phi }}V\left(t\right).\end{array}$$

(32)

Define ${\varsigma }_k$ ($k\in \mathrm{N}$, ${\varsigma }_0=0$) as the time instants where the attack mode changes. For $t\in [{\varsigma }_k, {\varsigma }_{k+1})$, it can be concluded from $\dot{V}\left(t\right)<{\alpha }_{\mathsf{\Phi }}V\left(t\right)$ that

$$\begin{array}{cc}\hfill V\left(t\right)& \le e^{{\alpha }_{\mathsf{\Phi }\left({\varsigma }_k\right)}(t-{\varsigma }_k)}V\left({\varsigma }_k\right)\hfill \\ \hfill & \le e^{{\mathcal{J}}_k}V\left({\varsigma }_0\right)\hfill \\ \hfill & =e^{\mathcal{J}(0, t)}V\left(0\right),\hfill \end{array}$$

(33)

where ${\mathcal{J}}_k={\alpha }_{\mathsf{\Phi }\left({\varsigma }_k\right)}(t-{\varsigma }_k)+{\sum }_{s=1}^k{\alpha }_{\mathsf{\Phi }\left({\varsigma }_{s-1}\right)}({\varsigma }_s-{\varsigma }_{s-1})$ and $\mathcal{J}(0, t)={\sum }_{\mathsf{\Phi }\in \mathcal{E}}{\alpha }_{\mathsf{\Phi }}\left|{\mathsf{\Psi }}_{\mathsf{\Phi }}(0, t)\right|$. Then, from Equations (7), (8) and (22) and the fact that ${\sum }_{\mathsf{\Phi }\subseteq \mathcal{E}, (i, j)\notin \mathsf{\Phi }}|{\mathsf{\Psi }}_{\mathsf{\Phi }}(0, t)|=|[0, t]\setminus {\mathcal{D}}_{ij}(0, t)|=t-|{\mathcal{D}}_{ij}(0, t)|$,

$$\begin{array}{cc}\hfill \mathcal{J}(0, t)& \le \sum _{\mathsf{\Phi }\subseteq \mathcal{E}}\left(\sum _{(i, j)\in \mathsf{\Phi }}{\varkappa }_1^{ij}+\sum _{(i, j)\in \mathcal{E}\setminus \mathsf{\Phi }}{\varkappa }_2^{ij}\right)\left|{\mathsf{\Psi }}_{\mathsf{\Phi }}(0, t)\right|\hfill \\ \hfill & =\sum _{(i, j)\in \mathcal{E}}\left({\varkappa }_1^{ij}\sum _{\mathsf{\Phi }\subseteq \mathcal{E}, (i, j)\in \mathsf{\Phi }}|{\mathsf{\Psi }}_{\mathsf{\Phi }}(0, t)|+{\varkappa }_2^{ij}\sum _{\mathsf{\Phi }\subseteq \mathcal{E}, (i, j)\notin \mathsf{\Phi }}\left|{\mathsf{\Psi }}_{\mathsf{\Phi }}(0, t)\right|\right)\hfill \\ \hfill & =\sum _{(i, j)\in \mathcal{E}}\left(({\varkappa }_1^{ij}-{\varkappa }_2^{ij})\left|{\mathcal{D}}_{ij}(0, t)\right|+{\varkappa }_2^{ij}t\right)\hfill \\ \hfill & \le \sum _{(i, j)\in \mathcal{E}}({\varkappa }_1^{ij}-{\varkappa }_2^{ij}){\mu }_d^{ij}+\sum _{(i, j)\in \mathcal{E}}\left({\varkappa }_1^{ij}{\displaystyle \frac{1}{T_d^{ij}}}+{\varkappa }_2^{ij}(1-{\displaystyle \frac{1}{T_d^{ij}}})\right)t\hfill \\ \hfill & =\overline{\mu }+{\displaystyle \frac{1}{\overline{T}}}t.\hfill \end{array}$$

(34)

Based on Equations (33) and (34), it can be obtained that $V(t)<V(0)e^{(\overline{\mu }-||{\displaystyle \frac{1}{\overline{T}}}||t)}$, that is, ${lim}_{t\to \infty }\epsilon \left(t\right)=0$ and ${lim}_{t\to \infty }\eta \left(t\right)=0$. □

Remark 4.

In Algorithm 1, when some of the links are subjected to MITM attacks, the transmitted data packets will be directly discarded, which is equivalent to a blockage occurring at these links. Therefore, Algorithm 1 treats the MITM attacks on the links as DoS attacks. Hence, in an environment that may be subject to both MITM and DoS attacks, any attack received can be regarded as a DoS attack. So, the stability analysis holds for any combination of the two types of attacks.

Theorem 2.

Zeno behavior will not occur under the trigger mechanism (Equation (10)).

Proof. 

Assume that Zeno behavior occurs at the edge $(i, j)$, which means there exists T such that ${lim}_{k\to \infty }{t}_k^{ij}=T$. Then for any $\mathsf{\Xi }>0$, there exists ${\rm Y}\in {\mathbf{Z}}_{\ge 0}$, such that $T-\mathsf{\Xi }<t_m^{ij}\le T$ for any $m\ge {\rm Y}$. Because $\eta$ and $\xi$ are bounded, ${\tilde{\vartheta }}_{ij}$ is bounded too in finite time. Compute the derivative of $e_{ij}\left(t\right)$ as

$$\begin{array}{c}\hfill {\dot{e}}_{ij}\left(t\right)=A{e}_{ij}\left(t\right)-pBK\sum _{j=0}^N{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)\end{array}$$

(35)

It follows that

$$\begin{array}{c}\hfill \begin{array}{c}\hfill \left|\right|{\dot{e}}_{ij}\left(t\right)\left|\right|\le \left|\right|A\left|\right|\left|\right|e_{ij}\left(t\right)\left|\right|+{\zeta }_{ij}\left(t\right)\end{array}\end{array}$$

(36)

where ${\zeta }_{ij}\left(t\right)$ is the upper bound of $\left|\right|pBK{\sum }_{j=0}^N{a}_{ij}{\tilde{\vartheta }}_{ij}\left(t\right)\left|\right|$ for $t\in \left[t_k^{ij}, t_{k+1}^{ij}\right)$.

Define a non-negative function $\varpi \left(t\right)$ satisfying

$$\begin{array}{c}\hfill \begin{array}{c}\hfill \dot{\varpi }\left(t\right)=\left|\right|A\left|\right|\varpi \left(t\right)+{\zeta }_{ij}\left(t\right)\end{array}\end{array}$$

(37)

and $\varpi \left(0\right)=\left|\right|e_{ij}\left(t_k^{ij}\right)\left|\right|=0$. Therefore, $\left|\right|e_{ij}\left(t\right)\left|\right|\le \varpi (t-t_k^{ij})$, where $\varpi \left(t\right)=[{\zeta }_{ij}\left(t\right)/\left|\right|A\left|\right|](e^{\left|\right|A\left|\right|t}-1)$ satisfies Equation (37).

Note that the edge $(i, j)$ is not triggered, which means the triggering functions (Equation (11)) are less than 0, if the following two inequalities hold:

$$\begin{array}{c}\hfill \left|\right|e_{ij}\left|\right|\le \sqrt{{\displaystyle \frac{{\mu }_{ij}}{\left|\right|PB{B}^{T}P\left|\right|}}}{e}^{-{\displaystyle \frac{{\upsilon }_{ij}}{2}}T}\end{array}$$

(38a)

$$\begin{array}{c}\hfill \left|\right|e_{ji}\left|\right|\le \sqrt{{\displaystyle \frac{{\mu }_{ji}}{\left|\right|PB{B}^{T}P\left|\right|}}}{e}^{-{\displaystyle \frac{{\upsilon }_{ji}}{2}}T}.\end{array}$$

(38b)

Let ${\mathsf{\Xi }}_{ij}={\displaystyle \frac{1}{2}}\left|\right|A\left|\right|ln(1+{\displaystyle \frac{\left|\right|A\left|\right|}{{\zeta }_{ij}}}\sqrt{({\mu }_{ij}/|\left|PB{B}^{T}P\right|\left|\right)}{e}^{-{\displaystyle \frac{{\upsilon }_{ij}}{2}}T})$ and ${\mathsf{\Xi }}_{ji}={\displaystyle \frac{1}{2}}\left|\right|A\left|\right|ln(1+$${\displaystyle \frac{\left|\right|A\left|\right|}{{\zeta }_{ji}}}\sqrt{({\mu }_{ji}/|\left|PB{B}^{T}P\right|\left|\right)}{e}^{-{\displaystyle \frac{{\upsilon }_{ji}}{2}}T})$. Denote $\mathsf{\Xi }=min\{{\mathsf{\Xi }}_{ij}, {\mathsf{\Xi }}_{ji}\}$. Then, according to (38), the time interval between $t_k^{ij}$ and $t_{k+1}^{ij}$ satisfies $t_{k+1}^{ij}-t_k^{ij}\ge 2\mathsf{\Xi }$, which further implies that $t_{k+1}^{ij}\ge t_k^{ij}+2\mathsf{\Xi }>T+\mathsf{\Xi }$. This contradicts the assumption that $T-\mathsf{\Xi }<t_{k+1}^{ij}\le T$. Thus, there does not exist the Zeno behavior. □

4. Simulation Example

In this section, numerical simulations are conducted to verify the effectiveness of the improved DHKE-based encryption–decryption mechanism and the proposed edge-based ET formation control protocol. In this simulation example, a third-order MAS with 5 agents achieves time-varying formation under formation control protocol (Equation (9)) and event trigger mechanism (Equation (10)).

Consider MAS (Equation (1)) with five agents, where

$$A=\left[\begin{array}{ccc}-1& 0& 1\\ 0& -1& 0\\ 0.5& 0& -1\end{array}\right], B=\left[\begin{array}{ccc}2& 0& 0\\ 0& 1& 0\\ 0& 0& -1\end{array}\right], C=\left[\begin{array}{ccc}1& 0& 0\\ 0& 2& 0\\ 0& 0.5& 1\end{array}\right].$$

The communication relationship between agents is shown in Figure 3 and the initial values of each agent are $x_1\left(0\right)={[0.18, 0.04, 0.12]}^T,$$x_2\left(0\right)={[0.13, 0.14, -0.63]}^T,$$x_3\left(0\right)={[-0.03, 0.42, -0.12]}^T,$$x_4\left(0\right)={[-0.55, -0.54, 0.01]}^T$ and $x_5\left(0\right)={[-0.79, 0.03, -0.70]}^T$. The desired formation function is described as

$$\begin{array}{c}\hfill \begin{array}{c}\hfill f_i(t)=\left[\begin{array}{c}sin(2t+{\displaystyle \frac{2}{5}}(i-1)\pi )\\ cos(2t+{\displaystyle \frac{2}{5}}(i-1)\pi )\\ -sin(2t+{\displaystyle \frac{2}{5}}(i-1)\pi )\end{array}\right],\end{array}\end{array}$$

for $i\in \{1, 2, \dots , 5\}$. If the desired time-varying formation $f\left(t\right)={[f_1^T\left(t\right), f_2^T\left(t\right), \dots , f_5^T\left(t\right)]}^T$ is formed, these five agents will be located at the five vertices of a regular pentagon and maintain an angular velocity rotation of $2\mathrm{rad}/\mathrm{s}$.

Choose ${\mu }_{ij}=0.1$, ${\nu }_{ij}=0.4$, $\tau =0.5$ and ${\alpha }_{\mathsf{\Phi }}=0.1$. From Theorem 1, the gain matrices can be obtained as

$$K=\left[\begin{array}{ccc}-0.6953& 0& -0.3576\\ 0& -0.4142& 0\\ 0.0050& 0& 0.4321\end{array}\right], \mathrm{\Gamma }=\left[\begin{array}{ccc}0.4834& 0& 0.2508\\ 0& 0.1715& 0\\ 0.2508& 0& 0.3146\end{array}\right]$$

and

$$\begin{array}{c}\hfill \begin{array}{c}\hfill F=\left[\begin{array}{ccc}-0.4802& 0.0237& -0.2463\\ 0.0118& -0.6106& -0.1279\\ -0.2522& 0.0494& -0.5536\end{array}\right].\end{array}\end{array}$$

Under the condition that the sampling step size is $0.01$ s, the time t was simulated from 0 s to 10 s using MATLAB (version R2025a) software.

Figure 4 shows the attack situation on each edge, with the green area representing the attack interval. For convenience, only the attack situations on edge $(1, 2)$ and $(2, 3)$ are shown. Under the improved DHKE-based encryption–decryption mechanism, the two communicating agents will first generate a confidentiality key based on Algorithm 1, and then the sender encrypts the data with this key before transmitting it. After receiving the encrypted data, the recipient decrypts it using the key to obtain the original data.

Figure 5 shows (a) the norm of the formation error $E\left(t\right)={\displaystyle \frac{1}{2}}\sqrt{\left|\right|{\xi }_4{\left(t\right)\left|\right|}^2+\left|\right|{\xi }_5\left(t\right){\left|\right|}^2}$ of the two agents on edge $(4, 5)$ without MITM attacks and (b) the same for the case with MITM attacks. For the sake of simplicity, since the data packets that suffer from MITM attacks in Algorithm 1 will be directly discarded, this can equivalently convert the MITM attacks into DoS attacks. Therefore, only the MITM attacks are considered here. It can be seen that without MITM attacks, the convergence of $E\left(t\right)$ is relatively gentle. However, when subjected to the MITM attack, $E\left(t\right)$ fluctuates briefly within the attack range, but it can continue to converge after the attack is over. This indicates that the method used in this work can enable the formation to recover from the attack and will not affect the final realization of the formation.

Figure 6 describes the state observation error of each agent, and it can be seen that the error approaches 0. The formation situation of MAS is shown in Figure 7, where Figure 7a presents the agents’ position trajectory within 10 s and Figure 7b shows the formation snapshots of the 5 agents every two seconds. In addition, the formation error is shown in Figure 8, and it is easy to see that the formation shape is gradually stabilizing. The event-triggering instants of each edge are illustrated in Figure 9, which shows that inter-agent communication occurs only when the triggering conditions are satisfied, thereby reducing the communication frequency.

Meanwhile, we compared the mechanism designed in this paper based on DHKE with the mechanism based on PKI authentication. The PKI-based mechanism adopts certificate-based authentication using ECDSA, combined with ECDHE for session key establishment. The computational overhead (CO) and formation convergence time (CT) of MAS formation control are presented in

Table 2. Comparison of CT and CO under Different Security Mechanisms for MAS (1).

Security Scheme	CO (per Event [ms])	CT (s)
PKI-based	16.73	12.55
DHKE-based	9.46	9.27

. It should be noted that the CO calculated in this paper refers to the duration of time from the moment the event is triggered until the completion of data encryption. Moreover, the encryption and decryption methods of both schemes employ AES-128-GCM. As shown in Table 2, the CO of the PKI-based mechanism is 16.73 ms, and the CT is 12.55 s. The CO and CT of the DHKE-based mechanism are 9.46 ms and 9.27 s, respectively. From the above data, it can be seen that compared with the PKI-based mechanism, the designed scheme reduces the CO by 43.4% and the convergence time of the formation by 26.1%. Overall, compared with the PKI-based mechanism, the mechanism designed in this paper has lower CO in the authentication and key establishment stages, and the CT of the formation is also faster. Therefore, this scheme provides a lightweight security communication option for MASs formation control scenarios where certificate management is inconvenient or the infrastructure is limited.

5. Conclusions

This paper studies the formation control problem of general linear MASs subject to hybrid attacks. An improved encryption–decryption mechanism based on DHKE is designed. This mechanism can resist MITM attacks and encrypt the data to guarantee the confidentiality and integrity of the data. Further, by proposing an edge-based ET formation control strategy, the communication frequency between agents is reduced and the influence of DoS attacks is resisted. Finally, under hybrid attacks, stability of the MASs is rigorously analyzed. Numerical simulations further verify that the formation error remains bounded and converges despite malicious interference. The findings indicate that the issues of communication security and formation control stability can be solved by the method we proposed.

Future research will investigate the integration of post-quantum key establishment techniques into secure formation control frameworks, aiming to address emerging threat models while maintaining control performance.