On Privacy-Preserving Protocols for Smart Metering Systems

Abstract

The global economy and sustainability issues are driving suppliers to new operating modes. Smart grids and their smart metering systems can yield sustainable and profitable operating modes. Thus, smart grids are important enablers of economic development. However, along with benefits, smart grids bring drawbacks. Similar to other interconnected technologies, security and privacy are crucial to smart grids. Neglecting security concerns might eventually compromise, for instance, the supply of electricity, water, or gas. Neglecting privacy concerns might cause the violation of the right to privacy of customers, enable surveillance, and permit manipulation of all customers. Indeed, smart meters are becoming ubiquitous, and smart grids face unprecedented threats. Public infrastructures might be jeopardized, and citizens might be manipulated. Luckily, Privacy-Preserving Protocols (PPPs) can solve this impasse. This work advances state-of-the-art PPPs with the development of several protocols that preserve customers’ privacy secure in smart grid scenarios. Four of them are revisited and improved in this thesis. Such development culminated in the concept of Asymmetric DC-Nets (ADC-Nets)—from “Dining Cryptographers”—, which are generalizations of additive homomorphic encryption primitives. In addition, we can use such primitives to construct ADC-Nets, which are cryptographic primitives for encryption, aggregation, and decryption of aggregated data. ADC-Nets underlie secure, verifiable, efficient, and scalable protocols with low communication overhead, which are independent of trusted parties, and resistant to collusion. Furthermore, smart meters can send the minimum number of required messages directly to their supplier. Thus, they can sign their messages, and as consequence, the protocols can ensure non-repudiation and fault tolerance. The former ensures that customers cannot deny the messages of their smart meters were transmitted. The latter ensures that their supplier can detect smart meters with failure—in themselves or in the communication channel—and can run the protocols without the compromised smart meters. Moreover, ADC-Nets can enforce customers’ privacy. Besides the concept and results of ADC-Nets, this thesis presents other contributions listed as follows. • This thesis contextualizes smart metering systems in smart grids around the world and points out the needed models to have security and privacy in smart grids scenarios. Furthermore, it reviews the state of the art of privacy-enhancing technologies for smart metering systems. • This thesis presents three scenarios that require remote and frequent measurements. In addition, it assesses the minimum requirements for PPPs. Moreover, it is shown how computations can be done over encrypted measurements. • An algebraic and a probabilistic analysis show that PPPs cannot keep customers’ privacy secure using data aggregation with a small number of customers. Counterintuitively, when the number of measurements increases, the effectiveness of PPPs also increases. The optimal effectiveness is achieved when the sum of measurements and the number of smart meters are equal. These results are independent of PPPs. • The four selected PPPs have different interesting properties. The first protocol leads to the conjecture that it has the fastest encryption algorithm, because it requires only a “one-way function”. The second is based on elliptic curves, and further, the encryption algorithm uses only two scalar multiplications that lead to a fast protocol. The third uses an ADC-Net and inherits its benefits. When the level of security is increased, the second and the third protocol become increasingly faster than typical solutions. The fourth follows the laws of quantum mechanics, which surprisingly implies that the smart meters do not need to store a key, but they can send messages directly to their supplier without compromising privacy. • To compare the protocols’ performance, this thesis presents simulations with millions of real-world measurements that validate the theoretical results. It is shown that the raw dataset has inconsistencies that reinforce the necessity to verify the truthfulness of the transactions. Encrypted measurements are necessary and sufficient to determine whether the computations and the measurements are correct. Besides smart grids, several application areas can use the results of this thesis, for instance, electronic voting, reputation systems, sensor networks, electronic money, mobile sensing, multi-party computation, image processing. ADC-Nets can be used to create several protocols provided with security, privacy, verifiability, scalability, reliability, efficiency, etc. More important than efficiency, PPPs should enforce the security of customers’ privacy by means of cryptography. Considering smart grids, PPPs are paramount for suppliers, for customers, and for the proper development of society.