The increasing diffusion of Automatic Meter Reading (AMR) and the possibility to open the system to third party services has raised many concerns about the protection of personal data related to energy, water or gas consumption, from which details about the habits of the users can be inferred. This paper proposes an infrastructure and a communication protocol for allowing utilities and third parties (data Consumers) to collect measurement data with different levels of spatial and temporal aggregation from smart meters without revealing the individual measurements to any single node of the architecture. The proposed infrastructure introduces a set of functional nodes in the smart grid, namely the Privacy Preserving Nodes (PPNs), which collect customer data encrypted by means of Shamir’s Secret Sharing Scheme, and are supposed to be controlled by independent parties. By exploiting the homomorphic properties of the sharing scheme, the measurements can be aggregated directly in the encrypted domain. Therefore, an honest-but-curious attacker can obtain neither disaggregated nor aggregated data. The PPNs perform different spatial and temporal aggregation for each Consumer according to its needs and access rights. The information Consumers recover the aggregated data by collecting multiple shares from the PPNs. The paper also discusses the problem of deploying the information flows from the customers to the PPNs and, then, to the information Consumers in a resource constrained environment. We prove that minimizing the number of PPNs is a NP-hard problem and propose a fast greedy algorithm. The scalability of the infrastructure is first analyzed under the assumption that the communication network is reliable and timely, then in presence of communication errors and node failures. The paper also evaluates the anonymity of external attackers.

Privacy-preserving smart metering with multiple data Consumers

ROTTONDI, CRISTINA EMMA MARGHERITA;VERTICALE, GIACOMO;CAPONE, ANTONIO
2013-01-01

Abstract

The increasing diffusion of Automatic Meter Reading (AMR) and the possibility to open the system to third party services has raised many concerns about the protection of personal data related to energy, water or gas consumption, from which details about the habits of the users can be inferred. This paper proposes an infrastructure and a communication protocol for allowing utilities and third parties (data Consumers) to collect measurement data with different levels of spatial and temporal aggregation from smart meters without revealing the individual measurements to any single node of the architecture. The proposed infrastructure introduces a set of functional nodes in the smart grid, namely the Privacy Preserving Nodes (PPNs), which collect customer data encrypted by means of Shamir’s Secret Sharing Scheme, and are supposed to be controlled by independent parties. By exploiting the homomorphic properties of the sharing scheme, the measurements can be aggregated directly in the encrypted domain. Therefore, an honest-but-curious attacker can obtain neither disaggregated nor aggregated data. The PPNs perform different spatial and temporal aggregation for each Consumer according to its needs and access rights. The information Consumers recover the aggregated data by collecting multiple shares from the PPNs. The paper also discusses the problem of deploying the information flows from the customers to the PPNs and, then, to the information Consumers in a resource constrained environment. We prove that minimizing the number of PPNs is a NP-hard problem and propose a fast greedy algorithm. The scalability of the infrastructure is first analyzed under the assumption that the communication network is reliable and timely, then in presence of communication errors and node failures. The paper also evaluates the anonymity of external attackers.
2013
File in questo prodotto:
File Dimensione Formato  
2013-compnetw.pdf

Accesso riservato

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 1.47 MB
Formato Adobe PDF
1.47 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/733376
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 86
  • ???jsp.display-item.citation.isi??? 69
social impact