Smart grid security

Download Report

Transcript Smart grid security

Yee Wei Law (罗裔纬)
ARC Research Network on Intelligent Sensors,
Sensor Networks and Information Processing
(ISSNIP)
The University of Melbourne
1



A. Ginter, “Smart Grid Security Guest Lecture: CPSC 529 Information and Network Security,” University of Calgary,
2011.
Sense of Security, “Securing the Smart Grid,” Smart Electricity
World Conference, Melbourne, 2011.
P. Will, “IT and the Smart Grid,” USC Information Sciences
Institute, 2010.
2
Corporate
network
Industrial
control system
(SCADA)
Cyber processes
Physical processes
Critical infrastructures
Electricity grid
Gas distribution
network
Sewage system
Dams
Telecommunications
Hospitals
Lighthouses
Rail roads
Cyber-physical security: study of the impact of cyber attacks on the
physical processes of a control system, and the prevention or mitigation of
these attacks
2008
2009
2010
2011
2012
4
2011 CyberSecurity Watch Survey
by CERT (Aug 2009 – Jul 2010)
58% threats
from outsiders
(e.g., hackers)
21% threats
from insiders
(employees
or
contractors)
Fact 1: Insider attacks render
cryptographic protection
inadequate
55% say SCADA
/ operational
control systems
targeted most
often
Fact 2: Control systems are prime
targets
5





United States Cyber Command
(USCYBERCOM) embraces the philosophy of
“active defense”
North Korea’s No. 91 Office
South Korea teamed up with Korea
University to establish a cyber-defense
school
From Wikipedia: the world’s largest hackers’
school is the military school of FAPSI
(Federal Agency of Government
Communications and Information) in
Voronezh, i.e., Voronezh Military Aviation
Engineering University, Russia
China’s Blue Army
FAPSI’s coat of arms
6





From power grid to smart grid
Smart grid vs sensor network: conceptual similarities and
differences
Smart grid standards and guidelines
Risk assessment (风险评估)
Wide-area measurement system
◦ Threats and countermeasures

State estimation
◦ Threats and countermeasures

Automatic Generation Control (AGC)
◦ Threats and countermeasures
7
Australian Standard:
AS 60038-2000
“Standard voltages”:
Transmission
EHV: 275kV, 330kV,
500 kV
HV: 220kV
MV: 66kV
Distribution
LV: 11kV, 22kV
Smart Grid: The integration of power, communications, and information technologies for an
improved electric power infrastructure serving loads while providing for an ongoing evolution of
end-use applications.
8

Two main drivers: (1) sustainable generation, (2) sustainable
return on investment in infrastructure
Motivates
demand
response
Resource
-efficient
Resilient
to
failures,
disasters,
attacks
Qualityfocused
Accommodates
distributed
generation
Steve Jetson, “Smart meters – helping industry save money by using energy efficiently,” Sustainability and Technology Forum, 2011.
9
3 Computing /
information
technology
2 Communications
infrastructure
1 Energy
infrastructure
Servers
Data storage
Web
presentment
Transactions
Usage / demand
Modeling
Smart
agents
Intelligence
Fiber/MPL
RF Mesh
Home Area Network (HAN)
Broadband WWAN
Energy information network
3G Cellular
Cap banks
Reclosers
Substation
Switches
Sensors
Wires
Energy mgmt systems
Power quality management
In home displays
Prepay
Load control
Interval billing
Outage management
Micro-grid
Fault prediction
Load limiting
T&D
Transformers
Security
Generation / supply
T&D Automation
SCADA
Distributed storage
Distributed generation
Grid appliances
Grid 2 Vehicle / Vehicle to Grid
Backup generation
Solar monitoring & dispatch
4 Business
applications –
“Smart Energy
Web”
Meters
Storage
Customers
Source: P. Will, “IT and the Smart Grid,” USC Information Sciences Institute, 2010.
10
Key technologies
 Communications
 Sensing
 Intelligence
Same pillars of
wireless sensor
networks
Wang et al., “A survey on the communication architectures in smart grid,” Computer Networks, vol. 55, pp. 3604-3629, 2011.
11
Similarities:
 Large number of “nodes” both a boon (resilience) and a bane
(every node is open to attacks)
 Data-centricity means false data often adverse consequences
Differences:
Smart grid
 “Control center” is a fleet of
interconnected components
only a few of which are
assumed secure
Wireless sensor networks
 “Control center” is a single
base station assumed to be
secure
12



Inter-control
centre
comm.
A complex computer system
Virus outbreak in Integral
Energy’s IT network
http://bit.ly/16wskS
Microsoft’s shortcut bug
exploited to attack grid
control centres
http://bbc.in/d9usyE
Communication
I/O controllers
Open-access
same-time
information
system
A. P. Sakis Meliopoulos, “Power System Modeling, Analysis and
Control,” lecture notes, Georgia Institute of Technology
13


NERC CIP

◦ Identify critical assets
◦ Perimeter protection
(firewalls, logging, remote
access)
◦ Host hardening, anti-virus,
patching, etc.

IEEE 1686: Substation IEDs
Cyber Security Capabilities

◦ Recommendations for
Standards Developers
◦ Passwords, alerts, audit logs

IEC 62351: Security of IEC
communications protocols
◦ Encryption, authentication,
spoofing resistance,
intrusion detection
DHS Cyber Security
Procurement Language for
Control Systems
DHS Catalog of Control
System Security:


ISA SP-99 Industrial
Automation and Control
Systems Security
ISA SP-100 Wireless Systems
for Industrial Automation
American Gas Association
(AGA) Report No. 12
◦ Cryptographic protection of
SCADA communications
14

UCA International Users Group (ABB, Alstom, Cisco, etc.):
◦ Security Profile for Wide-Area Monitoring, Protection, and Control
◦ AMI System Security Requirements


NIST 800-82: Guide to Industrial Control System Security
NIST IR 7628: Guidelines for Smart Grid Cyber Security
◦ “The differences between information technology (IT), industrial,
and Smart Grid security need to be accentuated...”
Resilient control system: A system that maintains state awareness and
an accepted level of operational normalcy in response to disturbances,
including threats of an unexpected or malicious nature.
– Rieger et al., Idaho National Laboratory
See also reports

United States Government Accountability Office: “Electricity Grid Modernization: Progress
Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed”

Idaho National Laboratory: “NSTB Assessments Summary Report: Common Industrial
Control System Cyber Security Weaknesses”
15

EU project CRUTIAL: Security and resilience of SCADA systems
•
•
•
•
Enforces
policies in
a
distributed
manner
Access
control
Intrusion
tolerance
Selfhealing
16


EU project VIKING: To enhance data integrity, reliability and
resilience of SCADA systems, through the development and
application of cyber-physical models (hybrid system models) for the
interaction between the (cyber-) IT systems and the (physical) power
transmission and distribution systems
Australia Government established Trusted Information Sharing
Network (TISN) for Critical Infrastructure Resilience to let business
and government share vital information on security issues relevant
to the protection of national critical infrastructure
17





Simply speaking, risk = the probability and magnitude of an undesirable
event
Risk assessment/analysis=process of identifying the risks to system security
and determining the likelihood of occurrence, the resulting impact, and the
additional safeguards that mitigate this impact
Ultimate objective is to reduce total risk for a given expected return/utility
Most standards and guidelines stress the importance of risk assessment
Australian Government advocates the use of AS/NZS ISO 31000:2009 by
owners and operators of critical infrastructure
18

Leitch says ISO 31000:2009
◦
◦
◦
◦

is unclear
leads to illogical conclusions if followed
is Impossible to comply with
is not mathematically based, having little to say about probability, data,
and models
Risk map
References:

D. W. Hubbard, “The Failure of Risk Management: Why It’s Broken and How to Fix It,”
Wiley, 2009.

M. Leitch, “ISO 31000:2009—The New International Standard on Risk Management,” Risk
Analysis, 30(6):887–892, 2010.
19

Multi-attribute utility theory
◦ Risk-versus-return curve (an
example of utility curve)

Analytic Hierarchy Process
(extension: Analytic Network
Process)
◦ Does not satisfy some statistical
axioms including transitivity
◦ Problem with its mathematical
foundation
References:

C. A. Bana e Costa and J.-C. Vansnick, “A critical
analysis of the eigenvalue method used to derive
priorities in AHP,” European Journal of Operational
Research, vol. 187, pp. 1422–1428, 2008.
20
Power system is complex
Logical Reference Model (NIST IR 7628): 47 actors, 137 inter-actor interfaces
21
Energy management system
• The “central nervous system” of a transmission grid
• A suite of software tools for monitoring, controlling as well as optimizing
generation and transmission operations
Transmission network
Distribution network
Substation
Generators
Control center
EMS
servers
Substation
WAN
WAN
SCADA
master
Modem
DB
VPN
server
Substation bus
Relays
Firewall
Meters
Advanced
Metering
Infrastructure
Residential
consumers
Process bus
Internet
Internet
Merging units
Corporate LAN
Other control centers
Site engineers
Industrial
consumers
Cyber intruders
22
+ Wide-area
Measurement System
Source: A. P. Sakis Meliopoulos,
“Power System Modeling, Analysis
and Control,” lecture notes, Georgia
Institute of Technology
23
Energy management system
State estimator
WAN
PDC
Automatic generation
control
Consumers
PMU
Substation
Consumers
Generators
Control centre

PMU
Substation
PMU
Substation
= Attacker
Attacker model/assumptions:
◦ Core components (state estimator, automatic generation control) cannot
be compromised but their I/O can
◦ All other components can be compromised


False data injection can lead to wrong estimated states, cascading
failures, or widespread blackouts
General multilayered defence:
◦ Cryptography (auth + optionally enc) against outsider attackers
◦ Redundancy + heterogeneity + intrusion detection
24
Examples of phasor measurement units:
Macrodyne’s 1690
MiCOM P847
ABB’s RES521
GPS
•
PMU
PMU
...
PMU
PMU
Layer 1: Data acquisition
WAN
•
•
•
PDC
PDC
Applications
Data Buffer
Real-time
database and
data archiver
...
Layer 2: Data management
PDC
EMS
Layer 3: Data services
Emerging applications for real- Layer 4: Applications
time wide-area monitoring,
control, protection
Oscillation
control
Voltage control
Frequency
control
Line temperature
monitoring
NIST IR 7628:
• Authentication
• Availability
25
North American SynchroPhasor Initiative network architecture




Synchrophasors rely on GPS
GPS is vulnerable to jamming
(weak signal) and spoofing
(see Nighswander et al. 2012)
◦ T. Nighswander et al., “GPS
Software Attacks,” CCS’12.
A portable
GPS and
mobile
jammer
Short-term solution: Enhanced
Long Range Navigation
(eLORAN)
Long-term solution: atomic
clocks
A LORAN transmitter
27


PMU -> PDCs
PDC -> PDCs
Further example: System
Integrity Protection Scheme
(SIPS)
1 SIPS action
PDC
2
to
PM other
Us
...

WAN
WAN
IEC 61850
station bus

IEC 61850-90-5 governs
the IEC 61850-compliant
transmission of IEEE
C37.118-formatted WAMS
data
◦ Specifies GDOI (RFC 6407)
for securing the distribution
of group keys
◦ Specifies Ipsec (RFC 4301) for
securing IP multicast using
group keys
3
Relay
Relay
PMU
Relay
Relay
28

(1) Based on conventional
digital signatures
◦ signature amortization

(2) Multiple-time signature
schemes (incl. one-time)

Well known MTS schemes
◦ Lamport
◦ Perrig: BiBa, TESLA, μTESLA
◦ Reyzin & Reyzin: HORS
◦ +packet individually
verifiable
◦ +resilient to packet loss
◦ +small code
◦ +lower computational cost
(?)
◦ +lower memory cost (?)
◦ -long signatures
References:
J. Pieprzyk, H. Wang, and C. Xing, “Multiple-time signature
schemes against adaptive chosen message attacks,” in
Selected Areas in Cryptography, ser. LNCS. Springer Berlin /
Heidelberg, 2004, vol. 3006, pp. 88–100.
29

Comparison metrics:
◦ SigLen/SecLvl
◦ SigComp/SecLvl
◦ VerComp/SecLvl
Note: Not all schemes support more than 2 signatures per epoch,
under the comparison constraint

Comparison constraints:
◦
◦
◦
◦


security > 80 bits
signature length ≤ 300 bytes
hash length = 80 bits
number of private key elements
= 1024
BiBa1: SigComp≤10VerComp
TSV+1: SigComp≤ 10VerComp
SigLen/SecLvl vs. number of signatures per epoch 𝑟. Lower is
and VerComp≤ 10SigComp
better.
30
SigComp/SecLvl vs. number of signatures per epoch 𝑟. Lower is
better.







VerComp/SecLvl vs. number of signatures per epoch 𝑟.
Lower is better
BiBa0: best performer in signature length but has far poorer efficiency in signing than
the others.
BiBa1: slightly longer signatures but has significantly better signing efficiency than BiBa0.
SCU+: efficient in signing and verification but requires far longer signatures than the
others for the same security level.
TSV+ is more efficient than TV-HORS in signature length for r = 1.
TSV+ is several orders of magnitude slower than TV-HORS in signing and verification.
Despite its algorithmic simplicity, TV-HORS is a good performer in all categories.
SCU and TSV do not offer clear advantages over BiBa.
Yee Wei Law et al., ”WAKE: Key Management Scheme for Wide-Area Measurement Systems in
Smart Grid,” IEEE Communications Magazine, accepted 10 Oct 2012, to appear.
31
+ Wide-area
Measurement System
Source: A. P. Sakis Meliopoulos,
“Power System Modeling, Analysis
and Control,” lecture notes, Georgia
Institute of Technology
32
Possible insider
attack: inject
bad data to foil
detection
Measurements
State estimator
Network topology
processor
Bad data detection
Y. Liu et al., “False data injection attacks against state
estimation in electric power grids,” Proc. 16th ACM
Computer and Communications Security, 2009.
33

Attack scenario: given k compromised meters (RTUs/IEDs/
PMUs), find a vector of k false values that bypass detection
Larger networks
IEEE test systems
34
The attacker earns
$2/MWh here
The attacker loses
$1/MWh here
The attacker earns
$1/MWh net
Actually
congested,
faked not
congested
Actually
congested,
faked not
congested
IEEE 14-bus test system
L. Xie, Y. Mo, and B. Sinopoli, “False data
injection attacks in electricity markets,” in
Proc. 1st International Conference on
Smart Grid Communications, 2010.
35
A multilayered
architecture with a
perimeter network
Firewall + VPN
Stewart et al., “Synchrophasor
Security Practices,” white paper





It is impractical to tamper-proof a whole PMU, for maintenance
reasons, etc.
Even if tamper-proofing all PMUs is achievable, impractical for all
RTUs and IEDs
Using redundant PMUs could reduce the risk, but also costly
Most (academic) research so far designed attacks under different
constraints
We are investigating anomaly detection methods to detect false data
36

Attacker exploits assumptions about ‘bad data’
◦ χ2 test assumes bad data cause errors to not be Gaussian
◦ Largest normalized residual test assumes bad data cause measurement
residuals to not be Gaussian distributed

Among latest solutions
◦ Bobba et al.’s solution determines and makes critical PMUs tamperresistant
◦ Vuković et al.’s solution assumes a core subset of substations are beyond
attacks, and espouses multipath routing


State estimation: secure centralized estimation problem
Multi-area state estimation: secure distributed estimation problem
◦ linear time-invariant average-consensus (linear consensus)
Selected references:
R. B. Bobba, K. M. Rogers, Q. Wang, H. Khurana, K. Nahrstedt, and T. J. Overbye, “Detecting False Data Injection Attacks on DC
State Estimation,” in First Workshop on Secure Control Systems, ser. SCS, 2010.
O. Vukovic, K. C. Sou, G. Dan, and H. Sandberg, “Network-layer protection schemes against stealth attacks on state estimators
in power systems,” 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm), pp.184-189, 2011.
S. Zheng, et al., “Robust State Estimation Under False Data Injection in Distributed Sensor Networks,” in IEEE GLOBECOM 2010.
37
Rotor
angle
Voltage
+ Wide-area
Measurement System
Frequency
Source: A. P. Sakis Meliopoulos,
“Power System Modeling, Analysis
and Control,” lecture notes, Georgia
Institute of Technology
38
Load


System frequency
Load
System frequency
Most standards tolerate a deviation from nominal of only 1%
Three levels of control:
◦ Simple electro-mechanical proportional feedback control leaves a
steady-state error residue
◦ Load-frequency control
◦ Manual control
G. Anderson, “Dynamics and control of electric power systems,”
lecture notes 227-0528-00, ETH Zürich, February 2010.
control area 2
tie line
control area 1
control area 3
AGC regulates system frequency and
maintains power interchanges via the tie line
at scheduled values
39
Effects of a successful attack:

AGC is one of few automatic closed
loops between the IT department and
the power system
Control
Control area
area 11
Control
signal
PAGC1
AGC1
Error signal
to AGC1
Error signal
to AGC2
Area 1
frequency
Area 1 generation and
transmission network
Control
Control area
area 22
AGC2
Area 2
frequency
Tie line
Control
signal
PAGC2
Oscillatory growth in phase angle diff.
Area 2 generation and
transmission network
References:
P. M. Esfahani et al., “A Robust Policy for Automatic Generation Control Cyber Attack in Two
Area Power Network,” in IEEE Conference on Decision and Control, Atlanta, Dec. 2010.
P. M. Esfahani et al., “Cyber Attack in a Two-Area Power System: Impact Identification using
Reachability,” in American Control Conference, Baltimore, MD, USA, Jun. 2010.
Y. W. Law et al., “Security games and risk minimization for automatic generation control in
smart grid,” in J. Grossklags and J. Walrand, editors, Proc. 3rd Conference on Decision and
Game Theory for Security (GameSec 2012), volume 7638 of LNCS, pp. 281–295. Springer
Heidelberg, 2012.
Oscillatory growth in interchanged power
40
Control
area 1
Tie line
Underfrequency
load shedding
Control
area 2
Area 1
1/R
Centralized
Distributed
Area 2
41




Frequency deviation exceeds threshold ->
overfrequency/underfrequency protection relays
When frequency deviation rises above 1.5 Hz, overfrequency
relays start tripping thermal plants
When frequency deviation drops below 0.35 Hz,
underfrequency relays shed load:
Goal: To model and quantify the risks posed by an attacker
whose intention is to inflict revenue loss on the electricity
provider by injecting false data to the automatic generation
controller in the hope of triggering load shedding
S. K. Mullen, “Plug-In Hybrid Electric Vehicles as a Source of Distributed Frequency Regulation,”
Ph.D. thesis, University of Minnesota, 2009.
42


Motivation: model interaction between attacker and defender
to derive optimal defense strategy (optimal resource alloc)
Terminology:
Matrix game
Multi-agent
Single-state
Markov decision
process
Single-agent
Multi-state
Stochastic/Markov game
Multi-agent
Multi-state
Security game
Two-agent
Noncooperative
Zero-sum
Risk model
Zero-sum: matrix games
Nonzero-sum: bi-matrix
games
Dynamic programming
M. Bowling and M. Veloso, “Multiagent learning using a variable learning rate,” Artificial
Intelligence, vol. 136, pp. 215-250, 2002.
43
Attacker action space:
Defender action space:
Attacker strategy:
Transition probability determined by state transition matrix M:
Attacker action 𝑎
𝑠0
𝑠1
𝑠2
Defender action 𝑑
A cost (from the defender’s perspective) of Ga,d(s(t)) is incurred by actions
a and d, thus constituting the game matrix:
44


In the future-discounted cost model, aggregate cost over an
infinite horizon:
Discount factor 𝛾 is for convergence, and emphasizing
immediate cost
For infinite horizon problems like this, the value iteration
algorithm from dynamic programing is most widely used
Bellman
equations
t is incremented until |Qt+1-Qt|<ε
saddle-point
strategy
45
Solve for saddle-point strategy:
Minimum upper bound for cost
46
Risk state





𝑠0
𝑠1
𝑠2
Risk is the probability and magnitude of an undesirable event
Simplistic definition:
Risk ≝ the probability of attack × impact of attack
Risk measures from finance being explored:
value-at-risk (VaR), conditional value-at-risk (CVaR)
VaR at confidence level 𝛼 ≝ the smallest number 𝑙 such that
Pr 𝐿 > 𝑙 ≤ 1 − 𝛼 (𝑙 is the 1/𝛼-quantile of the loss distribution)
CVaR (expected shortfall):
47
IEC 60870-6
Control center
EMS
servers
Substation
Fire
VPN
wall
server
WAN
WAN
SCADA
master
Modem
DB
VPN
server
Substation bus (IEC 61850-8-1)
Relays
Firewall
Meters
Process bus (IEC 61850-9-1/9-2)
Merging units
Corporate LAN
Site engineers




Other control centers
Internet
Internet
Generators
Transmission lines
Turbine governors
Energy management system

Cyber intruders
Underfrequency load
shedding relays
48
Attacker
false Δfrequency
= 𝑘Δ𝑓 + 𝑏

AGC
(integral controller)
Constant injection (𝑘 = 0, 𝑏 ≠ 0): disables the integral control
loop, system frequency converges to non-nominal frequency
◦ Positive constant: below-nominal frequency, loads shed
◦ Negative constant: above-nominal frequency, generators tripped


Bias injection (𝑘 = 1, 𝑏 ≠ 0): similar to constant injection
Overcompensation (𝑘 > 0, 𝑏 = 0): unstable oscillations
◦ When frequency sweeps past the overfrequency/underfrequency
thresholds, generators are tripped, loads are shed
Simulation results for
𝑘 = 8:
49
Attacker
false Δfrequency
= 𝑘Δ𝑓 + 𝑏

AGC
(integral controller)
Negative compensation (𝑘 < 0, 𝑏 = 0):reverses the intended
effect of the integral control loop, causing the frequency to
diverge from the nominal frequency
𝑘 = −1.2
𝑘 = −1
50

Redundancy:

Saturation filter:
AGC
(integral controller)
Filtered Δ𝑓
3.5 Hz
Δ𝑓
-4.5 Hz

Detection: Clustering
Potentially corrupted Δ𝑓
Normal Δ𝑓 data are
clustered around time axis
time
Data that form more than
one cluster are suspicious
51

Simplistic risk model:
𝑠0 ≝ low risk = no load shed; 𝑠1 ≝ high risk = some load shed
𝑠0

𝑠1
Defining the 𝑮 matrix:
Zero gain/loss for
attacker/defender
Expected total
load shed
Ignoring computational and communication costs, which are
presumably dwarfed by the cost of load shed
52

The AGC software reads frequency samples alternately from
two meters, through a saturation filter
Redundancy
measure
…...
Meter 1
samples
Saturation
filter
…...
Meter 2
Start of session
Disinfection
model:
End of session
If Meter 1 is detected
to be compromised
here...
...it will be
disinfected by
this instance
53

Attacker actions:
◦ a1: falsify N/2 frequency samples for overcompensation
◦ a2: falsify N frequency samples for overcompensation

Defender actions:
◦ d1: hypothetical Detection Algo. with det. prob.
◦ d2: hypothetical Detection Algo. with det. prob.
0.2
0.2
N=20
α1=0.2
β1=0.8127
α2=20
β2=0.5203
54
A sample snapshot
Reads from
compromised
meter 1
Reads from
compromised
meter 2
55
56
57
control
area 2
control
area 1

tie line
control area
3
Decentralized AGC
- No communication
between control areas
- Slower convergence vs
- 100s existing schemes
- No comm.
infrastructure cost
- Signal processing
techniques to detect
oscillations in tie-lines
Distributed AGC
- Communication between
control areas
- Faster convergence
- Few existing schemes
- Susceptible DoS attacks
on comm infrastructure
- Signal processing and
machine learning to detect
anomalies in messages
Response to attacks: what to do if control area (say 1) is
compromised?
◦ Reroute power to bypass control area 1?
◦ Replace the surrounding environment of the AGC?
58


Resilience and false data injection important issues for both
sensor networks and smart grid
Smart grid research so far focused on attacks, highlights the
importance of security measures, without prescribing any
◦ no universally recognized attack model, no common solution

Fusion of multi-disciplinary techniques:
◦
◦
◦
◦
security + control = secure control [Cardenas et al. 2008]
security concepts formalized in control theory
AI techniques expected to play an increasingly important role
multilayered defense with crypto on the “front line”
References:
A. Cardenas, S. Amin, and S. Sastry, “Secure Control: Towards Survivable Cyber-Physical Systems,” in 28th International
Conference on Distributed Computing Systems Workshops, ser. ICDCS, Jun. 2008, pp. 495–500.
H. J. LeBlanc and X. D. Koutsoukos, “Consensus in networked multi-agent systems with adversaries,” in Proc. 14th international
conference on Hybrid systems: computation and control (HSCC '11), pp. 281-290, ACM, 2011.
S. Sundaram and C. N. Hadjicostis, "Distributed Function Calculation via Linear Iterative Strategies in the Presence of Malicious
Agents," IEEE Transactions on Automatic Control, vol.56, no.7, pp.1495-1508, July 2011.
59


Email: [email protected] / [email protected]
URL: wsnlabs.com
60