ProvidingAnonymousCommunication,
Privacy-PreservingDataAggregationand
Dynamic BillingSysteminSmartGridUsing
PermissionedBlockchain
Ozgur Oksuz
FacultyofEngineering,AdiyamanUniversity,
Adiyaman,Turkey
Abstract.
This paper proposes an efficient data aggregation and dynamic billing system that it uses anonymous communication for exchanging information between smart meters and CC. Moreover, the given scheme consists of a permissioned blockchain. This blockchain contains the ledger that keeps users’ anonymized identities and electricity consumption for predefined time ranges. Using consumption data of users, a billing mechanism can bill the users accordingly. In the construction, since all the parties in the system have the ledger, every party has the aggregated usage of the electricity without using very heavy cryptographic operations such as homomorphic encryption, bilinear pairing, etc. Using the ledger in our model, the aggregation of the users’ electricity consumption can be computed by anyone in the system. Moreover, users can verify their bills and check any data using a signature scheme. This results in that the integrity of all data is going to be preserved. The proposed approach mainly uses hash functions to provide the same functionality (aggregation of the users’ data consumption, data integrity check, and dynamic pricing and billing) with preserving data privacy of the users.
1 .Introduction
A smart grid (SG) uses a two-way digital communication system to supply electricity to consumers. This system provides consumers to monitor, control and analyze their usage and communicate with the entities to improve efficiency, reduce energy consumption and cost. Furthermore, another useful application of the smart grid is to integrate renewable energy resources (solar, wind, wave). This integration makes the energy grid more sustainable and environmentally friendly. Advanced metering infrastructure (AMI) is an important part of SG that it integrates costumers and the energy companies to get involved in utility management. An AMI consists of smart meters (SMs), customers, the control center (CC), and service provider (SP). An SM measures the customer’s consumption data and sends it to SP which aggregates the users’ data. The data then is used by SP for the real-time energy management systems such as dynamic pricing and billing. Moreover, based on this information, a service provider (SP) can balance and manage bulk generation and consumption for future use of the electricity. A CC provides system parameters and sends it to the parties.
Sending usage consumption data by users to SP introduces some security and privacy problems. Since users’ consumption data is used for dynamic pricing and billing purposes, a third party (an attacker/hacker) can inject false consumption data that would unbalance the load management and dynamic pricing. So the user pays much more money than the user is supposed to pay. It
is possible that an attacker can send the manipulated meters’ reading ( [18]) and these false information results unbalancing the load management. This causes higher energy generation costs and even causes energy blackouts in a region. Furthermore, a customer can also send incorrect usage information to CC so it gets lowered its bill.
Another privacy issue in the smart grid is to leak individual user’s consumption data to third
parties. In this case, the attacker can learn users’ daily life routine [4], [27]. For example, if a user’s consumption is very low or there is no consumption in a certain time interval then the user is not at home. So this information is enough for thieves for getting into user’s home to steal valuable things. So the user’s data consumption should be sent to an aggregator (SP) that aggregates the users’ usage of data in a privacy-preserving way.
The most important problem in smart grid is to keep users’ anonymity. It is known that a smart
meter sends periodically the users’ consumption data to data aggregator (SP) that collects all users’ consumption data. Therefore, any message that was sent by a smart meter is going to be known by the aggregator and any outsiders. So, any internal or external adversary sees messages coming from a specific smart meter.
The collection of electricity consumption data is very useful for a bunch of smart-grid applications.
To compute dynamic electricity pricing, SP needs to have all the users’ aggregated consumption data without learning each user’s data consumption. Another application is that users might know their energy usage information in a given period to manage their energy consumption. So, SP needs to collect smart meter readings at arbitrary intervals or periods. This collection should be efficient. Therefore, SP needs to aggregate users’ data consumption without performing heavy cryptographic operations such as homomorphic encryption. Although several existing techniques have been proposed for privacy-preserving data aggregation for billing of energy in smart grids, most of the existing schemes are based on computationally expensive cryptographic operations for encrypting user’s data or generating a signature on its data, and aggregating all users’ consump- tion data such as Paillier crypto system, lattice-based encryption, ElGamal encryption, functional encryption etc. On the other hand, in the existing masking-based schemes, for verifying the correct- ness of the masking secrets, they also use the computationally expensive cryptographic operations like Bilinear mapping, or homomorphic hashing. These cryptographic operations are not suitable for resource-limited smart meters.
Furthermore, once SP computes dynamic electricity prices, computes the usage costs based users’
electricity consumption. When SP is untrusted, each user might want to learn the correctness of their bills and the electricity prices of the corresponding time interval. Then there should be another transparent mechanism that it allows users to check the integrity of their bills and electricity prices. To address all the problems above, we introduce privacy-preserving dynamic billing and data aggregation scheme. Our scheme consists of permissioned blockchain that it provides transparent usage consumption of users. The communication anonymity is preserved by using the onion network that is presented in [26]. In this network, messages are encapsulated in multiple layers of encryption and sent through many nodes in the network. This provides communication anonymity since no single node, except the sender and receiver, knows the origin of the messages. Onion routing is also used in some other studies such as in [16]. The study in [16] examines the anonymous energy trading system between the consumers. The blockchain technology is a seminal work that is presented in [21]. A distributed ledger is the main entity in blockchain technology kept by each player in the system. Once a new transaction is issued it is put into the ledger. Then each user can see it. Using the blockchain in smart grid technology comes with some benefits. In our system, a ledger that keeps the user’s identity with the user’s data usage, a transaction timestamp and a signature that provides integrity. In the ledger, the user’s identity is anonymized and the consumption data is in the cleartext. So each entity in the system (users, CC, SP) can see the other users’ consumption data in the clear but any malicious entity can not figure out which consumption data belongs to which user. Therefore, the attacker (internal or external) can not map any user identity to any consumption data. Making the all users’ consumption in the clear eliminates the heavy use of homomorphic encryption schemes for aggregation of users’ data consumption for dynamic pricing
and billing. Another benefit of using ledger in our scheme is to compute billing. Since each user can see all the usage information in the ledger, each user can compute dynamic price of the electricity and its own bill.
Previous Version of This Paper [24]: This paper is the extended version of the paper presented at CRIS 2020 ( [24]). In [24], in order to provide communication anonymity between smart meters and CC, the IP addresses of the smart meters should be changed by reconfigurating the smart meters each time when each smart meter sends a consumption message to CC. This can be done by disconnecting and reconnecting the smart meter to achieve this goal. But this option is not going to be practical. It may introduce network congestion and blackout time.
Another method to provide anonymous communication could be the anonymous identities (IP addresses) are embedded to smart meter in advance. When each smart meter sends a message to CC, the smart meter sends one by one of the pre-adjusted identities. This can be adjusted by CC since CC is fully trustable. This is also needs to be adjusted by CC in advance. So this requires a special implementation on smart meters.
In this paper, to have anonymous communication between the smart meters and CC, the onion routing protocol [26] is used. To do this new architecture is designed. Using onion routing protocol which has layered encryption of consumption data also solves the problem in [24] that is mentioned in the paper (the discussion section in [24]). Since the whole message consisting of some parts: a user’s consumption data, a time stamp, smart meter’s ID, a signature public key and a signature is encrypted so that any internal/external adversary is not able to change any parts at its will when the message is transmitted. Moreover, in this paper, there are given some improvements such as reducing communication complexity between users/consumers and CC.
Contribution: Our scheme has the following properties:
Outline. The rest of the paper is organized as follows. In Section 2, we introduce state-of-art privacy preserving data aggregation and dynamic pricing and billing schemes. In section 3, we introduce adversarial model and design goals of our system. Section 4 gives technical preliminaries that are used throughout the paper. Section 5 presents the construction for privacy preserving data aggregation and dynamic pricing and billing scheme. In section 7, we provide some discussions for our protocol. In section 8, we provide the security analysis of our construction. Last, section 9 concludes the paper and outlines future directions.
2 .Related Work
There have been several studies about dynamic pricing and billing. The studies in [10], [1], [8], [2], [29], [5], [28], [14], [20], [30] and [19] focus on examining privacy preserving data aggregation problem but do not examine billing mechanism so these studies do not support billing application. They focused on data aggregation. The work in [10] proposed a peer-based privacy for smart grid. The construction in [10] does not hide user identity. The work in [8] use Pallier cryptosystem to encrypt data and use several data aggregators/servers. To extract the aggregated data consumption each server decrypts the aggregated ciphertext. [29] uses identity based encryption scheme to aggregate users consumption. Their scheme has a high computation cost of batch processing. In [5], the authors use Elliptic Curve Diffie Hellman key exchange protocol to aggregate users’
data consumption data. However, their scheme is not secure when there is an internal attacker. The study, [1], uses lattice based cryptography. In [28], the authors achieve privacy using El-Gamal encryption scheme. These studies [1, 28] are computationally expensive.
Some studies [31], [10], [6], [23], [13], [17], [22], have proposed privacy preserving data aggregation and billing. The work in [31] introduced a data aggregation and billing protocol that does not hide user anonymity. In the billing period in [31], each customer sends their total daily load to the utility company for billing purposes. This can be a big problem since the utility company is not trusted and knows each user’s consumption data. In [6], the authors use cryptographic commitments for integrity of data and use homomorphic encryption scheme for data privacy. In [23] also uses a homomorphic commitment and an encryption scheme and a digital signature scheme to have privacy. These studies suffer with high computational and communication complexities. The studies, in [6], [23], [9], [17], [22], focus on mainly focuses static billing with standard tariff plans. But some countries such as UK, Norway, etc. use dynamic price and billing systems. In [9], the authors proposed two protocols mainly focus on the privacy-preserving billing but not the data aggregation. Gope et al. [13] proposed an efficient privacy preserving data aggregation and dynamic pricing and billing protocol. Their scheme uses heavily masking technique to randomize the individual measurements of the users. Their scheme has some problems such as it is not clear how the parties reissue their randomness. In their adversarial model, the aggregator is semi-honest adversary which it is not malicious. The work in [7] proposed a privacy preserving data aggregation and dynamic pricing and billing scheme that uses elliptic curve cryptography scheme for secure data aggregation. In their work the trusted party computes the dynamic prices and generates bills to the users and does not provide anonymity. In our scheme, the service provider (a private company) computes dynamic pricing and issues bill to the users. The study in [15] proposed privacy-preserving electricity billing system using functional encryption using bilinear map structure. In their scheme they sacrifice data quality for privacy. Their scheme has some problems since their scheme is based on bilinear map and it is computationally expensive. The work in [3] made a comperative analysis for privacy-preserving data aggregation schemes. The comparisons are based on computation cost, communication cost, privacy, resistance against malicious aggregator. The studies above do not provide anonymity (except [13]). We use blockchain technology for a transparent data aggregation and billing to have user anonymity.
3 .System and Adversary Model and Design Goals
Our system model is shown in Fig.1. In our system model, there are five major entities: 1) control center (CC) that sets the system parameters for signature scheme and hash functions, 2) ledger that keeps user identities in the encrypted form, a consumption data of each user, a time-stamp of each transaction (message) and a signature of each transaction (message), 3) smart meters (SM),
The work flow of our system is illustrated in Fig.1:
sends electricity prices to CC then CC forwards the all users in the ledger. After determination of the price of electricity for the each time range, SP also issues a bill to each user based on the order of smart meters’ identities in the ledger. SP also sends this information to CC then CC forwards to the all users.
– Each user can verify its bill by computing its usage in the ledger.
Another good thing is that each user and CC are also able to compute dynamic price of the electricity and so their bills by themselves since each ledger (for each time) is kept by the everyone in the system.
In our model, CC is fully trusted (it is owned by a government). SP is malicious that is run by a private company. It can deviate from the protocol execution by sending incorrect values. SP also gets the aggregated consumption data from all the users but also it tries to find out individual users’ consumption data. Moreover, SP tries to learn each user’s bill. In our system each consumer can also be malicious to reduce its bill. We consider the following attacks in our system:
2 . Technical Preliminaries
Deftnition 1 (Pseudo Random Generator). A pseudorandom generator (PRG) outputs strings that are computationally indistinguishable from random strings. More precisely, we say that a func- tion tt : {0, 1}n → {0, 1}m, where m > n is a (t, g, q)-pseudo-random generator if
| Pr[A(tt(s)) = 0|s ← {0, 1}n] − Pr[A(r) = 0|r ← {0, 1}m]| ≤ g
Deftnition 2 (Pseudo Random Function). A pseudo-random function is computationally in- distinguishable from a random function — given pairs
(x1, fk(x1)), . . . , (xm, fk(xn)), an adversary cannot predict fk(xn+1) for any xn+1. More precisely, we say that a function f : {0, 1}n × {0, 1}s → {0, 1}m is a (t, g, q)-pseudo-random function if
| Pr[Afk (.) = 0|k ← {0, 1}s] − Pr[Ag = 0|g ← F : {0, 1}s → {0, 1}m]| ≤ g
As an example, Fig. 2 depicts a GGM tree with 4 levels. The leaves are labeled with a decimal number from 0 to 15, sorted in ascending order. Every edge is labeled with 0 (resp. 1) if it connects a left (resp. right), child. Every internal node is labeled with the binary string determined by the labels of the edges along the path from the root to this node.
Deftnition 4 (Computational Diffie-Hellman problem). Consider tt is a cyclic multiplica- tive group of order q and its generator is g. A probabilistic polynomial time adversary has a negli- gible probability of computing gab from given g, ga, gb, where a, b ∈ Zq are random elements.
Deftnition 5 ( [12]). A digital signature scheme, Sig, consists of three algorithms,
Sig = (sigKeytten; sigSign; sigV erify), where sigKeytten generates public and private keys sigPk; sigSk, sigSign generates a signature for a message, and sigV erify determines if a sig- nature is generated under the corresponding message. We say that a digital signature scheme is secure if the signature scheme is existentially unforgeable under adaptive chosen message attack (UF-CMA). UF-CMA means that an adversary who is given signatures for some messages of its choice adaptively should not be able to produce a signature for a new message.
sigKeytten: Select z ∈ Zq as the secret key, sigSk and Z = g as the public key, sigPk. sigSign: Select r ∈ Zq, set R = g and c = H(msg||R), where || denotes concatenation and R is represented as a bit string. The signature on msg ∈ {0, 1}∗ is ρ = (y, R) where y = r + zc.
sigV erify: Let c = H(msg||R) and ρ = (y, R), ρ is valid if g = RZ .
In our scheme, we use an onion routing network in order not to reveal each smart meter’s identity (IP address) to the public. Only the sender and receiver know the source of the messages. As an example of an onion network is given in Figure 3. In this example, smart meter A sends a message M which is the consumption data of a user to CC, through a network of onion routers. To do this, smart meter A encrypts M multiple times with a bunch of smart meters’ public keys that the destination is going to be CC. Each node (smart meter) decrypts the layered ciphertexts with its corresponding secret key and forwards the message to another node (smart meter) so the final ciphertext is going to be decrypted by CC and then CC recovers the message.
5 Construction
Before diving into our construction first we want to explain the design of it. First of all, we use a signature scheme (Schnorr) to provide data integrity and use an onion routing network for anonymous communication (hiding IP addresses of the smart meters) between smart meters and CC. In the network, each smart meter acts as the onion routers. Each smart meter sends its consumption data with a signature as a message to some other smart meters in the network using smart meters public keys. The last node is going to be CC. CC extracts the message and checks if it is an authorized message and comes from an authorized smart meter, CC creates a ledger
and sends to every user and SP. Therefore, any other user can check if the data is intact and not changed by any internal adversary. Secondly, to eliminate internal and external attacks where the attackers can change the value before it is transmitted or any external attacker pretends it is a real smart meter but in the reality, it is not in the system, our scheme includes a fully trusted party which is CC. An external attack can happen when the adversary sets a fake smart meter and sends fake data consumption data. The attack happens as follows: an external attacker can send a consumption value by creating an anonymized identity and signature. If this attack is not eliminated or checked by a trusted party, it results that the load is going to be unbalanced. Also, it results in incorrect billing management. To eliminate these attacks CC checks every message whether the sender of the message is an authorized smart meter. Thirdly, we also introduce a long term key management system between users and CC for keeping the users’ identity hidden to any other parties (except CC) and let CC eliminate internal and external attacks. This mechanism comes to play in the signature algorithm. The long term key management means that a key is shared by the users and CC in advance in the beginning of the protocol, then this key is derived by those parties non-interactively time to time when a new message is issued. This can be called as generating multiple secret keys from a single secret key. So for each message, each party does not need to share another key interactively. This approach reduces computation and communication costs. Every message is coded with a different identity and a different signature value by a smart meter (these both hide user’s identity) thanks to pseudorandom functions (PRF) and hardness of Computational Diffie Hellman (CDH) assumption that is given in Def. 4. This function is generated from a pseudorandom generator which is going to be explained in section 5.1.
To protect the data privacy of a consumer from any internal/external adversaries we split the consumption of each user based on the average consumption data. The average consumption data of a region can be obtained from a statistical analysis of previous data of this region. According to this statistical analysis, we split the consumption data into 5 categories where the 3rd category is the average consumption category. Using this method, each smart meter first starts sending the data value (user’s consumption data) to permissioned ledger via CC when the data consumption value of the user is met with average consumption value which it is the third category consumption data. Then, the smart meter sends its data value (user’s consumption value) to permissioned ledger when the data consumption value of the user is met with the second category consumption value. This process continues whenever customer usage is presented. With this approach, the minimum consumption value of a user is less or equal to first category consumption data in the ledger. Each message consists of some public values, a user’s consumption data, a timestamp, smart meter’s ID, a signature public key and a signature. The user’s ID is kept in the permissioned ledger anonymously. Users’ consumption data values are in the cleartexts but any insider or external party is not able to map any consumption values to any individual user since each smart meter ID is changing for each message in the ledger. Moreover, there are bunch of the same consumption values that are seen in the ledger and each smart meter sends average consumption data to the ledger via CC. We can also say that this model is a kind of k−anonymized database model. That means there are at least k − 1 values that are the same (identical). Any third party except CC can not retrieve the electricity consumption of a user for a specific time range (ledger). CC and each party (smart meters, SP) have shared secret keys for generating signatures and anonymizing their IDs for each message. Thus, CC is able to retrieve the usage of individual user’s data consumption by having the permissioned ledger. As an example, in Tab.1, CC is able to figure out the consumption 1 and 3 belong to the same user which it is user 1, while the consumption 2 and 5 belong to user 2. In the table, each row concatenation of a hash value of a secret key and identity of a smart meter, a timestamp, a consumption data, a signature public key (belongs to the sender) and a signatures of these values for an integrity check by any party to show that the consumption data has not been changed by any untrusted party (internal or external parties).
All messages are kept in the ledgers and we introduce three types of the ledger. The first one is outsourcing consumption data ledger, LOCD as short. The second one is data aggregation and
pricing ledger, LDAP as short and the last ledger is bill calculation and pricing ledger, LBC as short.
5.1 Protocol
Our protocol consists of four steps: Initialization, Outsourcing Consumption Data, Aggregation and Dynamic Pricing and Bill Calculation steps.
Remark 1. Public key of a signature is also sent by the issuer in the outsourcing computation data step (as a part of a message). Everyone can be able to see this signature public key in the transaction/message and everyone can easily extract this value to use in the signature verification algorithm.
Table 2: Permissioned Ledger LDAPj : Data Aggregation and Pricing Ledger for time interval j
ledger’s identity, two bits 00 is used for the ledger’s type which is outsourcing consumption data ledger. For calculation of a bill, smart meter SMisends H(H1(ski,CC)||IDi) (or sigPki) to its user in a private way (using encryption). A consumer can share a secret key with the smart meter in order to send/receive messages from/to the smart meter. The shared secret key can be embedded into the smart meter using USB ( [7]). This communication is needed when the user/consumer receives LOCDj ledger and calculates its bill. Since the user does not know the keys of the smart meter, the user needs the identity of the smart meter for each transaction to extract its bill from LOCDj ledger.
Remark 2. This kind of blockchain is kind of permissioned blockchain (or private blockchain) that it is needed for preventing an attacker (outside or inside) to inject false consumption data.
Remark 3. Since smart meters and SP’s keys are known by CC, CC can compute all the related shared keys and public keys for the signature verification in advance.
Remark 4. Another way to anonymize a smart meter’s identity (it is located between m/2 + 3 and 3m/2 + 2 most significant bits in each message) is to use randomized encryption. A CPA secure AES encryption can be used. When a smart meter sends messages to CC using randomized encryption, smart meter’s ID is going to be different for each time. So any attacker can not figure out the source of the message.
Data Aggregation and Dynamic Pricing In this step, the service provider first checks the ledger LOCDj , its time-stamp and its signature which are sent by CC. If the verification passes,SP retrieves the each individual consumption ci,j,k value in ledger LOCDj and adds them together. Then it does some analysis to compute price for each time slot. Since each ledger keeps consumption values for a time range, each ledger has its own electricity price. The service provider sends
As a note that the user is able to extract its bills from the ledgers since the smart meter’s identity is given to the user by the smart meter in the outsourcing data subsection. The smart meter sends each anonymized identity in each message to the user.
Remark 5. It is possible that each user can be able to compute dynamic prices and its bill since all the ledgers are kept by the users. Moreover, each user can check if its bill honestly computed.
In this case, instead of CC, SP sends all the pricing and billing information to the users (Fig. 4). Thus, CC does not need to compute and generate any Ledger. Computational complexity is going to be decreased for CC. Moreover, the communication complexity between CC and users are going to be decreased. Users can be able to verify the electricity prices and their bills themselves.
7 Discussion
When a smart meter sends a consumption data to CC, the smart meter also needs to send its identification part (H(H1(ski,CC )||IDi)) to its consumer/user for allowing to compute its bill. But the sending time of this message somehow needs to be anonymized as well to eliminate leaking privacy of the user. For example, it is going to be a problem if a consumption data is sent to CC
at the time of t1 and H(H1(ski,CC )||IDi) is sent to Ui at the time of t1 + g, where g is a small number (probably seconds). Since these messages are very closed to each other, any external or internal attacker even the service provider can be able to map usages to users easily. In order to eliminate this attack, users/consumers also need to be included in the onion routing network. In this case, the smart meters and consumers can act as onion routers. Another way to tackle this problem is to program smart meters to send messages to their consumers/users every predefined time ranges (every 5-10 minutes) even there is no consumption is done by a consumer. In this case, there should be a global time clock that every smart meter needs to have.
In this paper, there is a fully trusted party, CC, that is run and control by a government. CC is trusted in order to eliminate fake smart meters to send fake consumption data. Since all the smart meters’ identities are anonymized, CC needs to distinguish authorized smart meters from fake smart meters. Otherwise, there is no control on the system and this results in unbalancing loads and blackout on the system.
8 Security Analysis
In this section, we show that our scheme satisfies the following security goals.
8.1 Consumer Privacy
In our protocol, except for CC, no one can gain knowledge of any private information of a user. Thanks to average based usage splitting mechanism, onion routing network protocol and identity anonymizing method, any user’s data consumption is going to be private to untrusted parties (external/internal adversary). Any party except CC can not map any energy usage in the ledger to an individual user. The consumer privacy is based on the well-known cryptographic hardness assumption which is Computational Diffie Hellman (CDH) assumption. This assumption assures that when given group elements g, ga, gb the adversary can not compute gab with non-negligible probability g which it is a function of m, where a, b ∈ Zq values are random values (secret keys). In our protocol, when SMi puts the consumption into the ledger, it computes the CDH value of H1(gskCCski ) which it is observed in the ledger. Since g, gskCC , gski values and H1 are available in public, untrusted party needs to compute gskCCski from g, gskCC , gski to figure out each user’s consumption data. Moreover, using a long term key management mechanism between the smart meters and CC in signature scheme provides user anonymity. Each user generates a different signature and a different signature verification key (SigPk) for each message, then the smart meter sends them in the message. Any attacker is not able to map a given message to any user. Moreover, the adversary can not infer any useful information by having signature public keys of any smart meter since the signature public keys are always random values. For example, SMi’s signature public keys sigPki,1 = gH3(fKi (000001)) and sigPki,2 = gH3(fKi (000010)) are two different random values since H3(fKi (000001)) and H3(fKi (000010)) two random values because of pseudorandom generator and pseudorandom function property that is explained in [11].
8.2 Usage Data Integrity
In our protocol, each user’s consumption data is sent to the ledger by the corresponding smart meter as a message. The integrity of each message is checked three times. Once the message is a valid message that comes from the authorized smart meter, the message is kept in the ledger. Then anyone can be able to check the integrity of the message by the given signature that the combination of values including time stamp, data usage and hash value of identity of the user (this is a secret value to any untrusted party). If CC receives a message from a smart meter, CC
checks the identity of the smart meter. Checking the most significant bits of the message located between m/2 + 3 and 3m/2 + 2 is going to be sufficient (step 1 in the outsourcing consumption subsection). If the message comes from an authorized smart meter, CC checks the signature’s public key (verification key sigPk) inside the message. sigPk can be computed by CC. If the sigPk is also generated from the same smart meter, then CC checks the signature. The signature verification can fail because the message is changed by the user or an internal attacker corrupts the smart meter. In this case CC asks SMi to send the correct message so that CC adds this consumption data to the ledger. If the smart meter does not respond or new message is also wrong, the smart meter is going to be excluded in the system by CC. The user is not able to generate a signature with a fake data consumption since it does not know the secret key for the signature (sigSKi). This secret key (sigSKi) for the signature is generated by Ki and only known by SMi and CC. SP can also give incorrect pricing data and issues an incorrect bill to a user. This attack is also going to be caught by CC and any user in the system. This integrity mechanism prevents our system form any internal/external adversaries. Our system is also resilient to replay attacks since CC has the previous messages from the smart meters. CC can catch these attacks.
8.3 Authentication
In the initialization phase, each party (smart meter, service provider) registers its public key to the control center (CC), then each smart meter’s public key is available to all parties except their secret keys. The secret key of a smart meter is kept private to itself. Using this authentication, any untrusted party can not send any message to the ledger. Any fake message/transaction is going to be caught by CC and is not going to be stored in the ledger. This mechanism protects the system from the untrusted party to launch reply attacks. Moreover, any untrusted party can not unbalanced the load by giving different usage than a user consumes.
9 Conclusion and Future Work
We presented a Privacy-Preserving Data Aggregation and Dynamic Billing System in Smart Grid Using Permissioned Blockchain that efficient in terms of computing aggregation data and billing. In our scheme, each user can compute its bill individually that provides integrity of the billing data. Using permissioned blockchain provides a transparent system that each entity can follow the transactions.
As future work, I would like to implement our scheme to check its performance. I would also like to provide an anonymous payment protocol after each user gets its bill. This is also important that it should be anonymous. Moreover, I would like to design a new protocol that provides anonymous communication to improve the computational cost of users and smart meters.
References
Author
Ozgur Oksuz received his Ph.D. degree at the Computer Science and Engi- neering department from the University of Connecticut, USA in 2016. He was a postdoctoral fellow at Washington State University, USA from October, 2016 to December, 2017. He is an assistant professor at the Computer Engineering department at Adiyaman University in TURKEY. His research interests are in the areas of applied and theoretical cryptography, computer security and blockchain technology.