research article perturbation-based schemes with...
TRANSCRIPT
Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2013 Article ID 230140 8 pageshttpdxdoiorg1011552013230140
Research ArticlePerturbation-Based Schemes with Ultra-LightweightComputation to Protect User Privacy in Smart Grid
Wei Ren12 Liangli Ma3 and Yi Ren4
1 School of Computer Science China University of Geosciences Wuhan 430074 China2 Shandong Provincial Key Laboratory of Computer Network Jinan 250014 China3 School of Electronic Engineering Naval University of Engineering Wuhan 430033 China4Department of Computer Science National Chiao Tung University Hsinchu 30010 Taiwan
Correspondence should be addressed to Wei Ren weirencscugeducn
Received 22 August 2012 Revised 4 February 2013 Accepted 5 February 2013
Academic Editor Sunho Lim
Copyright copy 2013 Wei Ren et alThis is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
In smart grid smart meters are deployed to collect power consumption data periodically and the data are analyzed to improvethe efficiency of power transmission and distribution The collected consumption data may leak the usage patterns of domesticappliances so that it may damage the behavior privacy of customers Most related work to protect data privacy in smart gridrelies on cryptographic primitives for example encryption which induces a large amount of power consumption overhead In thispaper we make the first attempt to propose solutions without any cryptographic computation to protect user privacy The privacyin smart grid is formally defined in the paper Three schemes are proposed random perturbation scheme (RPS) random walkscheme (RWS) and distance-bounded random walk with perturbation scheme (DBS) Three algorithms are also proposed in eachscheme respectively All schemes are ultra-lightweight in terms of computation without relying any cryptographic primitive Theprivacy soundness and accuracy of proposed schemes are guaranteed and justified by strict analysis
1 Introduction
Smart grid is a typical application of Internet ofThingsM2Mor IP-based sensor networks It has been envisioned as akey method to reduce the emission of carbon dioxide andretard climate changes by improving the efficiency of powerdistribution and transmission
Smart grid relies on smart meters to collect power con-sumption data at user ends instantly Smart meters report thepower consumption data periodically to smart grid controlcenter (SGCC) SGCC thus can allocate necessary powerdistribution and schedule required power transmission Inaddition the SGCC can relocate the power requirements atuser ends by delivering power price to users Users thus canschedule the usage of their household appliances accordingto the forthcoming price
As smart meters report the power consumption dataperiodically the data may leak user privacy in daily life Forexample the data may be used for deducing user behavior
patterns such as when she gets up according to the dataof using microwave oven or toaster in the morning whenshe goes back home according to the data of using electricstove for cooking at afternoon or when she takes bath orgoes to bed at night according to the data of using waterheater or lamps Such privacy concerns have already beenacknowledged and reported by NIST [1] and significantlyaffect the deployment of smart meters
Although there exist several privacy protection or secu-rity improvement for smart grid currently [2ndash6] most ofthem rely on cryptographic primitives for example encrypt-ing the uploading data at smart meters Cryptographicoperations are usually not lightweight so that theywill induceextra power consumption at smart meters In addition thedata uploading may occur frequently and periodically sothe computation for data encryption occurs extensively Forexample data are uploaded to SGCC once in 10 minutesThe encryption for the data has to be 144 times a dayThus the energy consumption for encryption computation
2 International Journal of Distributed Sensor Networks
would be large for a month even at single smart meterMoreover the extra power consumption will be accumulatedto an unsatisfactory waste because the number of smartmeters in smart grid is huge Furthermore the decryptioncomputation at SGCC has to be conducted if the uploadingdata are encrypted at smart meters The energy consumptionof decryption at SGCC will thus extremely increase Lastbut not least the smart meters usually have resource andpower constraints like traditional sensors As the privacyprotection must be conducted at smart meters any com-putation for privacy protection should cost low energy totackle these constraints The frequent encryption operationsare undesirable Even though the encryption is lightweightin certain situations the key management for encryptionis also a difficult issue for deployment Therefore privacyprotection by encryption unfortunately contradicts the inten-tion of smart grid for saving energy an ultra-lightweightmethod without any cryptographic computation for privacyprotection is mandatory for a long run and a large scale
In this paper we propose perturbation-based schemeswith ultra-lightweight computation without any crypto-graphic computation Besides we strictly and formally defineand proof its privacy protection strengthWe adapt a rigorousmethod to state present and analyze the privacy protectionachievements All our presentations strictly follow the formalexpressions for better clarity and generality
The contributions of the paper are listed as follows(i) we propose ultra-lightweight privacy-protection schemesin terms of computation (and thus energy consumption)without any cryptographic computation (ii) we strictly definethe requirements on privacy soundness and accuracy insmart grid and proof the guarantee of those requirements
The rest of the paper is organized as follows In Section 2we discuss the basic assumption andmodels used throughoutthe paper Section 3 provides the detailed description of ourproposedmodels and analysis Section 4 gives an overview onrelevant prior work Finally Section 5 concludes the paper
2 Problem Formulation
21 Network Model Two major entities exist in smart gridsmart meter (denoted by SM hereafter) and SGCC
SM computes power consumption data and uploads themto SGCC periodically The period for computing powerconsumption data at SM is called sensing period The periodfor uploading power consumption data to SGCC is calleduploading period Without loss of generality suppose thesensing period and uploading period are both 119905minutes Thesensing times and uploading times in a day will thus be 119899 =[24 lowast 60119905] The total sensing data for a day are denoted asa set 119863119860119879119860
119904= 1198891199041 119889119904
119899 The total uploading data for a
day are denoted as a set119863119860119879119860119906= 119889119906
1 119889119906
119899 If SM does
not hide119863119860119879119860119904119863119860119879119860
119904will be the same as119863119860119879119860
119906
In smart grid utility price may vary in different timeslotsThe price information is delivered by SGCC in advanceUsers use such information to guide the power consumptionSM receives such information to calculate utility charge in amonth for users Suppose the prices for 119899 uploading periods
in a day are denoted as a set 119875119877119868119862119864 = 1199011 1199012 119901
119899 Thus
the total utility charge for a day issum119899119894=1119889119906119894lowast119901119894The total utility
charge for amonth is the summation of charges for all days inthismonth If the sensing data are changed into the uploadingdata for protecting privacy the total utility charge for a dayshould be remained correct
22 Attack Model and Trust Model Only adversaries whoattack user privacy are considered in this paper Adversariescan eavesdrop the channels between SM and SGCC those aredenoted asA
119888 Adversaries at SGCC can access all uploading
data by SM those are denoted asA119904 Both adversaries desire
to deduce the user behaviors in a day by analyzing theuploading data fromSM namely119863119860119879119860
119906 AsA
119888andA
119904have
the same viewon119863119860119879119860119906 we further do not distinguish those
two adversaries Both are denoted by the same notationASGCC is untrustworthy as we assume adversaries at
SGCC are interested in user privacy SM should be trustwor-thy It is a prerequisite for any further discussion sensing dataare at SM and all possible solutions are conducted at SMBesides if SM is untrustworthy users will not choose themSM can be easily evaluated and authorized by a TrustedThirdParty (TTP)
23 Security Definition and Design Goal Informally speak-ing the privacy is guaranteed if the adversaries (not only atSGCC but also at channels between SGCC and SM) cannotdeduce the user activities in a day More specifically weformally state the privacy requirement definition as follows
Definition 1 User activities They are the activities thatdamage user privacy and are related to using one or multiplehousehold appliances in a daily life They are denoted as a set119860119862119879 = 119886
1 1198862 119886
119898 where 119886
119894(119894 = 1 119898) is an activity
related to one or multiple appliances
Definition 2 Deduce It means an activity in 119860119862119879 can beinferred by data in119863119860119879119860
119887 If an activity 119886
119895isin 119860119862119879 is inferred
by data 119889119894isin 119863119860119879119860
119887 it is denoted as a relation (119889
119894 119886119895) isin 119877 =
119863119860119879119860119887times 119860119862119879 where 119877 is a deduction relationship set and
defined previously and empirically119863119860119879119860119887is the set of ldquobadrdquo
data that can infer to at least one in 119860119862119879
Definition 3 Perfect full privacy (denoted as Privacy119901
full)
Simply speaking any adversary A cannot deduce fromanyone in119863119860119879119860
119906to one in119860119862119879 after viewing119863119860119879119860
119906More
specifically given anyone 119889119906119894isin 119863119860119879119860
119906 it is impossible for
any adversary A to find 119886119895isin 119860119862119879 such that (119889119906
119894 119886119895) isin 119877
That is
Pr forall119889119906119894isin 119863119860119879119860
119906 119886119895lArr997904 119860119862119879 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
= 0
(1)
where Pr119860 119861 denotes after viewing ldquo119861rdquo the probability ofevent ldquo119860rdquo happens ldquolArrrdquo means ldquois selected fromrdquo ldquordquo meanstwo operations happen consequently ldquostrdquo is a shorthand forldquosuch thatrdquo
International Journal of Distributed Sensor Networks 3
Definition 4 Computational full privacy (denoted asPrivacy119888full) Given anyone 119889119906
119894isin 119863119860119879119860
119906 it is computa-
tionally infeasible for any Probabilistic Polynomial TuringMachine (PPTM) adversary A to find 119886
119895isin 119860119862119879 such that
(119889119906119894 119886119895) isin 119877 That is
Pr forall119889119906119894isin 119863119860119879119860
119906 119886119895lArr997904 119860119862119879 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
lt negl (119911)
(2)
where negl(119911) is a negligible functionwith security parameter119911
Claim 1 Perfect (computational) full privacy can protect userprivacy on all user activities in a day as no activity can bededuced from data in119863119860119879119860
119906by any (PPTM) adversary
In previous claim the content in ldquo()rdquo is correspondedwith each other Similarly the perfect (computational) partialprivacy can be defined in the following
Definition 5 Perfect (computational) partial privacy denot-ed as Privacy119901(119888)
partial Given at least one 119889119906
119894isin 119863119860119879119860
119906 it is
computationally infeasible for any (PPTM) adversary A tofind 119886
119895isin 119860119862119879 such that (119889119906
119894 119886119895) isin 119877 after viewing 119863119860119879119860
119906
Besides given at least one 119886119895isin 119860119862119879 it is computationally
infeasible for any (PPTM) adversaryA to find 119889119906119894isin 119863119860119879119860
119906
such that (119889119906119894 119886119895) isin 119877 after viewing119863119860119879119860
119906 That is
Pr exist119889119906119894isin 119863119860119879119860
119906 119886119895lArr997904 119860119862119879 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
= 0 (lt negl (119911))
Pr exist119886119895isin 119860119862119879 119889119906
119894lArr997904 119863119860119879119860
119906 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
= 0 (lt negl (119911))
(3)
Claim 2 Perfect (computational) partial privacy can protectcertain privacy-sensitive activities as these activities cannotbe deduced by119863119860119879119860
119906by any (PPTM) adversary
Claim 3 Full privacy has stronger strength than partialprivacy in terms of the number of deducible data in119863119860119879119860
119906
Perfect privacy has stronger strength than computationalprivacy due to the adversaryrsquos ability That is
Privacy119888
partical lt Privacy119901
partical lt Privacy119888
full lt Privacy119901
full
(4)
where ldquo119860 lt 119861rdquo means that the privacy protection strength ofldquoArdquo is weaker than that of ldquoBrdquo
Roughly speaking full privacy protects all activities par-tial privacy protects partial activities Perfect privacy defendsagainst any adversary computational privacy defends againstany PPTM adversary As perfect full privacy has the strongestprivacy strength we thus concentrate on the perfect fullprivacy protection in the following
Definition 6 Full privacy attacking experiment on thescheme Π defending against any adversary A-ExpPrivacy
119901AΠ
fullis defined as follows
(1) the scheme Π is executed in the presence of anyadversaryA
(2) A fully accesses 119863119860119879119860119906 119860119862119879 and 119877 Given any
119889119906119894isin 119863119860119879119860
119906 if A can find 119886
119895isin 119860119862119879 such that
(119889119906119894 119886119895) isin 119877A outputs 1 otherwise outputs 0
(3) if and only ifA outputs 1 the experiment outputs 1
Definition 7 The scheme Π that can guarantee the perfectfull privacy in presence of any adversary A (denoted asPrivacy
119901AΠ
full= 1) is defined as follows
For any adversary A that the scheme Π defends againstthe probability that the output of the full privacy attackingexperiment equals one is 0 That is if and only if
Pr [ExpPrivacy119901AΠfull = 1] = 0 (5)
Privacy119901AΠ
full= 1
Therefore the design goal is to propose a scheme Π sat-isfying Privacy
119901AΠ
fulland importantly with ultra-lightweight
computation without any cryptographic computation
3 Proposed Schemes
31 ProblemReduction To protect the privacy of sensing data119863119860119879119860
119904 a naive method is encrypting them at SM and then
uploading them to SGCC As SGCC is untrustworthy SGCCcannot decrypt them and has to consult a TTP The TTPdecrypts the data and the result cannot be sent to SGCCTheTTP should compute accumulative values (or metadata) andsend them to SGCC for further scheduling and charging Itobviously arises multiple overheads a large volume of com-putation overhead at SM extra communication overhead atSM and SGCC extra entity TTP key management overheadbetween SM and TTP
As SM is trustworthy SM is proposed to equip a trustedmixing layer between sensing layer and communication layerThat is SM is modeled as three tuples ⟨119871
119904 119871119898 119871119888⟩ where
119871119904is a sensing layer computing the power consumption
periodically The output of layer 119871119904is 119863119860119879119860
119904 119871119898
is amixing layer that transfers 119863119860119879119860
119904into 119863119860119879119860
119906 119871119888is a
communication layer that uploads119863119860119879119860119906to SGCCThat is
SM = ⟨119871119904 119871119898 119871119888⟩
119871119904997904rArr 119871
119898 119863119860119879119860
119904
119871119898= 119865 119863119860119879119860
119904997888rarr 119863119860119879119860
119906
119871119898997904rArr 119871
119906 119863119860119879119860
119906
(6)
where ldquo=rdquo means ldquois defined asrdquo ldquorArrrdquo means ldquodata trans-ferring between layersrdquo 119865 is a data transforming functionldquorarr rdquo that means the input of the function 119865 is transformedinto the output of the function 119865 Therefore it becomes the
4 International Journal of Distributed Sensor Networks
concentration to search an ultra-lightweight transformationfunction 119865 with Privacy
119901A119865
full= 1 in the rest of the paper
Definition 8 ldquoBadrdquo data set (119863119860119879119860119887) It consists of all
power consumption data that can deduce to one or multipleactivities in119860119862119879119863119860119879119860
119887= 1198891198871 1198891198872 119889119887
119900 where 119900 is the
total number of 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900)
The characteristics of 119863119860119879119860119887 119860119862119879 and deduction
relationship set 119877 are as the following
(1) Without loss of generality 119863119860119879119860119887is a sorted set of
positive numbersThat is1198891198871lt 1198891198872lt sdot sdot sdot lt 119889119887
1199001198891198871is
equal to or greater than the power consumption of theminimum power consumption appliance in a period119889119887119900is equal to or less than the power consumption of
all appliances in a period
(2) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) may represent the
usage of one appliance in a period For example 1198891198871
(30wh) is the power consumption of a lamp for aperiod 119889119887
1is related to an event (eg 119886
1) that means
the lamp is on in the period
(3) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) may also repre-
sent the usage of multiple household appliances Forexample 119889119887
9represents two household appliances
used simultaneously 1198891198879= 1198891198871+ 1198891198872 where 119889119887
1is
the power consumption of the lamp in a period 1198891198872
is the power consumption of the washing machine inthe period Thus 119889119887
9means using lamp and washing
machine simultaneously in the period
(4) Similarly any 119886119895isin 119860119862119879 (119895 = 1 119898)may represent
the usage of one appliance or multiple householdappliances simultaneously
(5) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) is related to at least
one 119886119895isin 119860119862119879 (119895 = 1 119898) any 119886
119895isin 119860119862119879 (119895 =
1 119898) is related to at least one in 119889119887119894isin 119863119860119879119860
119887(119894 =
1 119900)
(6) Different 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) cannot be relat-
ed to the same 119886119895isin 119860119862119879 (119895 = 1 119898) as any 119886
119895isin
119860119862119879 (119895 = 1 119898) has single power consumption ina period
(7) 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900)may be related tomultiple
119886119895 because such 119889119887
119894may be the power consumption
for multiple appliances and those appliances mayhave the same power consumption in total Forexample 119889119887
9= 1198891198871+ 1198891198872= 1198891198873+ 1198891198874 1198891198879is related
to 1198865 1198866isin 119860119862119879 where 119886
5means using lamp and
washing machine simultaneously and 1198866means the
usage of the other two appliances
In summary the deduction relationship set119877 = 119863119860119879119860119887times
119860119862119879 can be further refined from a general relationship set toa relationship set with following properties
Pr forall119889119887119894isin 119863119860119879119860
119887 exist119886119895isin 119860119862119879 st (119889119887
119894 119886119895) isin 119877 = 1
Pr forall119886119895isin 119860119862119879 exist119889119887
119894isin 119863119860119879119860
119887 st (119889119887
119894 119886119895) isin 119877 = 1
Pr exist119889119887119894isin 119863119860119879119860
119887 1198861198951isin 119860119862119879 119886
1198952isin 119860119862119879
st (119889119887119894 1198861198951) isin 119877 (119889119887
119894 1198861198952) isin 119877 gt 0
Pr exist1198891198941isin 119863119860119879119860
119887 1198891198942isin 119863119860119879119860
119887 119886119895isin 119860119862119879
st (1198891198941 119886119895) isin 119877 (119889
1198942 119886119895) isin 119877 = 0
(7)
In other words mapping 119863119860119879119860119887rarr 119860119862119879 is not a
function and mapping 119860119862119879 rarr 119863119860119879119860119887is a surjective and
not a injective function
Definition 9 After transformation 119865 the privacy of119863119860119879119860
119906is guaranteed (denoted as Privacy119865
119863119860119879119860119906
= 1)Privacy119865
119863119860119879119860119906
= 1 if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) notin 119863119860119879119860
119887 (8)
where 119865 119863119860119879119860119904rarr 119863119860119879119860
119906
Definition 10 After transformation 119865 the soundness of119863119860119879119860
119906is guaranteed (Soundness119865
119863119860119879119860119906
= 1) The utilitysummation remains unchanged That is
119899
sum
119894=1
119889119904119894lowast 119901119894=
119899
sum
119894=1
119889119906119894lowast 119901119894 (9)
Due to the concentration in the rest of the paper theresearch problem is reduced to as follows given119863119860119879119860
119904 find
an ultra-lightweight transformation 119865 119863119860119879119860119904rarr 119863119860119879119860
119906
such that the privacy and soundness of 119863119860119879119860119906are both
guaranteed That is given 119863119860119879119860119904 find 119865 119863119860119879119860
119904rarr
119863119860119879119860119906 st Privacy119865
119863119860119879119860119906
= 1 and Soundness119865119863119860119879119860
119906
= 1Next we propose a family of schemes to solve the
problem We list all major notations used in the remainderof the paper in Table 1
32 Random Perturbation Scheme (RPS) We firstly proposea basic scheme-random perturbation scheme (RPS) to illus-trate our motivations In RPS any 119889119904
119894isin 119863119860119879119860
119904is perturbed
into a new value in the middle of 119889119887119895and 119889119887
119895minus1or in the
middle of 119889119887119895and 119889119887
119895+1The two cases are selected randomly
A Random Perturbation Algorithm called RPA is proposedfor transformation 119865 as follows
321 Analysis of Algorithm 1
Proposition 11 After the transformation of algorithmRPA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119875119860119863119860119879119860
119906
= 1)
International Journal of Distributed Sensor Networks 5
Table 1 Notation
A Adversary119863119860119879119860
119904= 119889119904
1 119889119904
119899 Sensing power consumption data set
119863119860119879119860119906= 119889119906
1 119889119906
119899 Uploading power consumption data set
119865 Transforming function from119863119860119879119860119904to119863119860119879119860
119906
119863119860119879119860119887= 119889119887
1 119889119887
119900 ldquoBadrdquo power consumption data set
119875119877119868119862119864 = 1199011 1199012 119901
119899 Price set
119860119862119879 = 1198861 1198862 119886
119898 Activity set
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRPA
119863119860119879119860119906
=1 SoundnessRPA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904) Get a data from119863119860119879119860
119904
for 119894 = 1 to 119899 minus 1 doif ((119889119904
119894== 119889119887
1)OR (119889119887
1lt 119889119904119894lt 1198891198872)) then
119889119906119894lArr (119889119887
1+ 1198891198872)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif ((119889119904
119894== 119889119887
119900)OR (119889119887
119900minus1lt 119889119904119894lt 119889119887119900)) then
119889119906119894lArr (119889119887
119900minus1+ 119889119887119900)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end iffor 119895 = 2 to 119900 minus 1 do
if (119889119904119894== 119889119887
119895) then
119889119906119894lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119887
119895+ 119889119887119895+1)2 (119889119887
119895+ 119889119887119895minus1)2)
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif (119889119887
119895lt 119889119904119894lt 119889119887119895+1)then
119889119906119894lArr (119889119887
119895+ 119889119887119895+1)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifend for
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899For soundness
Algorithm 1 Random Perturbation AlgorithmmdashRPA
Proof The biases of 119889119906119894(119894 = 1 119899 minus 1) comparing to
119889119904119894(1 119899minus1) are accumulated into a total value119861119868119860119878119861119868119860119878
is changed into extra power consumption and added to thelast one 119889119906
119899 Thussum119899
119894=1119889119904119894lowast119901119894= sum119899
119894=1119889119906119894lowast119901119894 The total cost
of power consumption in a day maintains the correct valueso SoundnessRPA
119863119860119879119860119906
= 1
Proposition 12 The scheme RPS is ultra-lightweight
Proof As algorithm RPA is ultra-lightweight the number ofloops is (119899 minus 1) lowast (119900 minus 2) The computation in each loop isonly simple operations such asmodulo minus plus divisionandmultiplicationThe computation complexity of algorithmRPA is 119874(119899 lowast 119900)
Proposition 13 The scheme RPS can guarantee the perfect fullprivacy (Privacy119901A119877119875119878
119891119906119897119897= 1)
Proof It is clear that for all 119889119904119894isin 119863119860119879119860
119904 119889119906119894= 119865(119889119904
119894) notin
119863119860119879119860119887 Thus PrivacyRPA
119863119860119879119860119906
= 1 According to the definitionof the perfect full privacy Privacy119901ARPS
full= 1
33 RandomWalk Scheme (RWS) If the gap between 119889119887119895and
119889119887119895+1
(119895 = 1 119900minus1) is small the perturbation (namely 120575) inRPSwill be small It can be proofed as a claim in the following
Claim 4 If the gap between 119889119887119895and 119889119887
119895+1(119895 = 1 119900 minus 1) is
small the perturbation in RPS will be small
Proof Suppose max(|119889119887119895minus 119889119887119895+1|) = 119892(119895 = 1 119899 minus 1) If
119889119904119894= 119889119887119895isin 119863119860119879119860
119887) in RPA max(120575) le 1198922 If 119889119904
119894= 119889119887119895isin
119863119860119879119860119887 max(120575) lt 1198922 Thus the perturbation 120575 is small if 119892
is small
6 International Journal of Distributed Sensor Networks
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRWA
119863119860119879119860119906
= 1 SoundnessRWA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 do119895 lArr (119903119886119899119889119900119898()119900 + 1)119889119906119894lArr 119889119887
119895
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 2 RandomWalk Algorithm (RWA)
If the perturbation is small adversaries may guess the 119889119904119894
correctly and adversaries can guess the activity is either oftwo activities To address this issue we propose a randomwalk scheme called RWS in which 119889119904
119894isin 119863119860119879119860
119904randomly
jumps to a value in119863119860119879119860119887 In this case the privacy definition
is extended to include unlinkability inwhich the possibility of119889119887119895isin 119863119860119879119860
119887for 119889119904
119894is equal Thus the revealed user activity
occurs with equal possibility
Definition 14 After transformation 119865 the privacy of119863119860119879119860119906
is guaranteed (denoted as Privacy119865119863119860119879119860
119906
= 1) if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) isin 119863119860119879119860
119906
forall119889119887119901 119889119887
119902isin 119863119860119879119860
119887 119889119887
119901= 119889119887119902
Pr 119889119906119894= 119889119887119901 = Pr 119889119906
119894= 119889119887119902
(10)
The definition for privacy is thus extended to include thedefinition here and Definition 9
In RWS any 119889119904119894isin 119863119860119879119860
119904(119894 = 1 119899 minus 1) is perturbed
to a value 119889119887119895isin 119863119860119879119860
119887(119895 = 1 119900) which is randomly
selected This algorithm is thus especially ultra-lightweightin terms of computation A randomwalk algorithm (RWA) isproposed for the transformation function 119865 as follows
331 Analysis of Algorithm 2
Proposition 15 After the transformation of algorithmRWA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119882119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Proposition 11As sum119899119894=1119889119904119894lowast 119901119894= sum119899
119894=1119889119906119894lowast 119901119894 the total cost of power
consumption in a day maintains the correct value Thus thesoundness of RWA is guaranteed
Proposition 16 The scheme RWS is ultra-lightweight
Proof The number of loops is 119899 minus 1 so algorithm RPA isultra-lightweight The computations in loops are only simpleoperations such as modulo minus plus and multiplication
Moreover algorithm RWA is more lightweight than algo-rithm RPA Thus scheme RWS is ultra-lightweight
Proposition 17 The scheme RWS can guarantee the perfectfull privacy (Privacy119901A119877119882119878
119891119906119897119897= 1)
Proof According to the algorithm for for all 119889119904119894isin 119863119860119879119860
119904
if 119889119906119894= 119865(119889119904
119894) isin 119863119860119879119860
119906 we have forall119889119887
119901 119889119887119902isin 119863119860119879119860
119887
119889119887119901= 119889119887119902 and Pr119889119906
119894= 119889119887
119901 = Pr119889119906
119894= 119889119887
119902 Thus
PrivacyRWA119863119860119879119860
119906
= 1 According to the definition of the privacyin Definition 14 Privacy119901ARWS
full= 1
34 Distance-Bounded Random Walk with PerturbationScheme (DBS) In smart grid the uploading data will beused as a feedback for future scheduling of distribution andtransmission It thus requires the uploading data can accu-rately present the power consumption (namely sensing data)However thanks to the power distribution and transmissionserve not for a single SM but a large number of SMs (eg acampus a community or a county scale) only the accuracyfor a scale of SMs is sufficient for scheduling
In RPS and RWS although the bias exists (that isuploading data is not equal to sensing data) at single SMthe uploading data for a large number of SMs can stillrepresent power consumption in a scaleMore specifically thedeviation between the summation of uploading data and thesummation of sensing data is randomly positive or negativein one SM thus the overall summation remains almostunchanged in expectation in a large scale It is explained asfollows
Definition 18 After the transformation 119865 the accuracy of119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(denoted as Accuracy119865119863119860119879119860
119906
= 1) The summation of119863119860119879119860119906
equals the summation of 119863119860119879119860119904 in scheduling area and
scheduling period More specifically suppose that eachscheduling period consists of 119909 sensing (uploading) periodand each scheduling area consists of 119910 SMs The uploadingdata for them is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 The
sensing data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894
International Journal of Distributed Sensor Networks 7
Required119863119860119879119860119904 119863119860119879119860
119887 BOUND
Ensure119863119860119879119860119906 PrivacyDBA
119863119860119879119860119906
= 1 SoundnessDBA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 doWHILE (1)
119895 lArr (119903119886119899119889119900119898()(119900 minus 2) + 2)120575 lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119904
119894minus (119889119887119895+ (119889119887119895+1minus 119889119887119895)2)) (119889119904
119894minus (119889119887119895+ (119889119887119895minus 119889119887119895minus1)2)))
if (119886119887119904(120575) le 119861119874119880119873119863) then119889119906119894lArr 119889119904
119894minus 120575
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
EXITelse
CONTINUEend if
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 3 Distance-Bounded Algorithm (DBA)
The accuracy of119863119860119879119860119906is guaranteed if and only if SUM
119904=
SUM119906
Proposition 19 After the transformation 119877119875119860 or 119877119882119860 theaccuracy of119863119860119879119860
119906is guaranteed in expectation for a schedul-
ing area (Accuracy119877119875119860119877119882119860119863119860119879119860
119906
= 1)
Proof In each sensing (uploading) period 119889119904119894is changed into
119889119906119894at single SM 120575 = 119889119904
119894minus 119889119906119894 Suppose that each scheduling
period consists of 119909 sensing (uploading) period and eachscheduling area consists of 119910 SMs The uploading data forthem is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 the sensing
data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894 The
expectation of both is equal as the expectation of 120575 is 0 ina scheduling area That is SUM
119904= SUM
119906 as 120575 = 0 where119867
means the expectation of119867
To further guarantee the scheduling accuracy we proposea distance-bounded scheme in which the perturbation value(ie 120575) is bounded The accuracy is thus guaranteed withina threshold value It takes the advantages of former twoalgorithms RPA and RWA A distance-bounded algorithm(DBA) for the transformation 119865 is proposed as follows
341 Analysis of Algorithm 3
Proposition 20 After the transformation of algorithmDBA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Propositions 11 and15
Proposition 21 The scheme DBS is ultra-lightweight
Proof The proof can be reduced to the proof of Propositions12 and 16
Proposition 22 The scheme DBS can guarantee the perfectfull privacy (Privacy119901A119863119861119878
119891119906119897119897= 1)
Proof Theproof is similar to the proof of Propositions 13 and17
Proposition 23 After the transformation 119863119861119860 the accuracyof 119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(Accuracy119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is reduced to the proof of Proposition 19
Proposition 24 The summation of uploading data equals thesummation of the sensing data with deviation bounded by 120572 lowast120573lowast119861119874119880119873119863 where 120572 is the number of SMs in a schedule area120573 is the number of sensing (uploading) period in a scheduleperiod (That is |119878119880119872
119906minus 119878119880119872
119904| le 120572 lowast 120573 lowast 119861119874119880119873119863)
Proof The schedule accuracy is the deviation between thesummation of uploading data and the summation of sensingdata As it is proofed in Proposition 19 it depends on thenumber of SMs in the schedule area and the number ofsensing (uploading) period in the schedule period Theexpectation value is proofed to be 0 as the expectation of120575 is 0 Concerning the accuracy of one schedule periodthe maximal bias between the summation of uploading dataand the summation of sensing data is bounded by 120572 lowast 120573 lowast119861119874119880119873119863
4 Related Work
The security architectures and overall security requirementsin smart grid were discussed in the recent years [3 7] Cur-rently the privacy issue in smart grid starts to attract moreattentions The requirements of privacy were explored insome previousworks [8ndash11]They pointed out the importance
8 International Journal of Distributed Sensor Networks
and urgency of privacy issues Efthymiou and Kalogridisproposed a privacy protection scheme via anonymizationof data [12] Their work relied on Escrow and Public KeyInfrastructure (PKI) thus the flexibility and scalability maybe tampered Tomosada and Sinohara proposed to use virtualenergy demand to estimate the energy load and protectingconsumer privacy [13] but the estimation may take muchcomputation overhead and accuracy may be damaged Lu etal [10] proposed an efficient and privacy-preserving aggrega-tion scheme (EPPA) Their scheme relied on homomorphicPaillier cryptosystem and induces much computation over-head Cheung et al [14] proposed a credential-based privacy-preserving power request scheme for smart grid which reliedon an advanced cryptographic primitive-blind signature Heet al [15] proposed to use homomorphic encryption for smartgrid communications Comparing with all aforementionedrelated work our final scheme does not rely on any crypto-graphic primitive but fulfils provable privacy and restrainsultra-lightweight in computation
5 Conclusions
In this paper we proposed three schemes to protect user pri-vacy in smart grid without any cryptographic primitive andwith ultra-lightweight computation They are random per-turbation scheme (RPS) random walk scheme (RWS) anddistance-bounded random walk with perturbation scheme(DBS) We also proposed three algorithms for three schemesrespectively Our schemes do not rely on any cryptographiccomputations are sound in terms of maintaining the correctutility charge can guarantee the privacy that were strictlyproofed and can ensure the scheduling accuracy in powertransmission and distribution All proposed schemes andalgorithms were extensively analyzed which justified theirapplicability
Acknowledgments
W Renrsquos research was financially supported by NationalNatural Science Foundation of China (61170217) the OpenResearch Fund from Shandong provincial Key Laboratoryof Computer Network (SDKLCN-2011-01) and FundamentalResearch Funds for the Central Universities (CUG110109) YRenrsquos research was sponsored in part by the ldquoAim for the TopUniversity Projectrdquo of the National Chiao Tung Universityand the Ministry of Education Taiwan
References
[1] The Smart Grid Interoperability Panel Cyber Security Work-ing Group ldquoNistir 7628 guidelines for smart grid cybersecurityrdquo in Privacy and the smart grid vol 2 2010 httpcsrcnistgovpublicationsnistirir7628nistir-7628 vol2pdf
[2] H Khurana M Hadley N Lu and D A Frincke ldquoSmart-gridsecurity issuesrdquo IEEE Security and Privacy vol 8 no 1 pp 81ndash85 2010
[3] P McDaniel and S McLaughlin ldquoSecurity and privacy chal-lenges in the smart gridrdquo IEEE Security and Privacy vol 7 no3 pp 75ndash77 2009
[4] A R Metke and R L Ekl ldquoSecurity technology for smart gridnetworksrdquo IEEE Transactions on Smart Grid vol 1 no 1 pp99ndash107 2010
[5] G N Ericsson ldquoCyber security and power system commu-nicationessential parts of a smart grid infrastructurerdquo IEEETransactions on Power Delivery vol 25 no 3 pp 1501ndash15072010
[6] A Vaccaro M Popov D Villacci and V Terzija ldquoAn integratedframework for smart microgrids modeling monitoring con-trol communication and verificationrdquo Proceedings of the IEEEvol 99 no 1 pp 119ndash132 2010
[7] T M Overman R W Sackman T L Davis and B S CohenldquoHigh-assurance smart grid a three-part model for smart gridcontrol systemsrdquo Proceedings of the IEEE vol 99 no 6 pp1046ndash1062 2011
[8] J Liu Y Xiao S Li W Liang and C Chen ldquoCyber security andprivacy issues in smart gridsrdquo IEEE Communications SurveysTutorials vol 99 pp 1ndash17 2012
[9] F Maandrmol C Sorge O Ugus and G Peandrez ldquoDo notsnoop my habits preserving privacy in the smart gridrdquo IEEECommunications Magazine vol 50 no 5 pp 166ndash172 2012
[10] R Lu X Liang X Li X Lin and X Shen ldquoEppa anefficient and privacypreserving aggregation scheme for securesmart grid communicationsrdquo IEEE Transactions on Parallel andDistributed Systems vol 23 no 9 pp 1621ndash1631 2012
[11] S Wang L Cui J Que et al ldquoA randomized response modelfor privacy preserving smart meteringrdquo IEEE Transactions onSmart Grid vol 3 no 3 pp 1317ndash1324 2012
[12] C Efthymiou and G Kalogridis ldquoSmart grid privacy viaanonymization of smart metering datardquo in Proceedings of the 1stIEEE International Conference on Smart Grid Communications(SmartGridComm rsquo10) pp 238ndash243 October 2010
[13] M Tomosada and Y Sinohara ldquoVirtual energy demand dataestimating energy load and protecting consumersrsquo privacyrdquo inProceedings of the IEEE PES Innovative Smart Grid Technologies(ISGT rsquo11) pp 1ndash8 January 2011
[14] J Cheung T Chim S Yiu L Hui and V Li ldquoCredential-based privacy-preserving power request scheme for smart gridnetworkrdquo in Proceedings of the IEEE Global TelecommunicationsConference (GLOBECOM rsquo11) pp 1ndash5 December 2011
[15] X He M Pun and C Kuo ldquoSecure and efficient cryptosystemfor smart grid using homomorphic encryptionrdquo in Proceedingsof the IEEE PES Innovative Smart Grid Technologies (ISGT rsquo12)pp 1ndash8 January 2012
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
2 International Journal of Distributed Sensor Networks
would be large for a month even at single smart meterMoreover the extra power consumption will be accumulatedto an unsatisfactory waste because the number of smartmeters in smart grid is huge Furthermore the decryptioncomputation at SGCC has to be conducted if the uploadingdata are encrypted at smart meters The energy consumptionof decryption at SGCC will thus extremely increase Lastbut not least the smart meters usually have resource andpower constraints like traditional sensors As the privacyprotection must be conducted at smart meters any com-putation for privacy protection should cost low energy totackle these constraints The frequent encryption operationsare undesirable Even though the encryption is lightweightin certain situations the key management for encryptionis also a difficult issue for deployment Therefore privacyprotection by encryption unfortunately contradicts the inten-tion of smart grid for saving energy an ultra-lightweightmethod without any cryptographic computation for privacyprotection is mandatory for a long run and a large scale
In this paper we propose perturbation-based schemeswith ultra-lightweight computation without any crypto-graphic computation Besides we strictly and formally defineand proof its privacy protection strengthWe adapt a rigorousmethod to state present and analyze the privacy protectionachievements All our presentations strictly follow the formalexpressions for better clarity and generality
The contributions of the paper are listed as follows(i) we propose ultra-lightweight privacy-protection schemesin terms of computation (and thus energy consumption)without any cryptographic computation (ii) we strictly definethe requirements on privacy soundness and accuracy insmart grid and proof the guarantee of those requirements
The rest of the paper is organized as follows In Section 2we discuss the basic assumption andmodels used throughoutthe paper Section 3 provides the detailed description of ourproposedmodels and analysis Section 4 gives an overview onrelevant prior work Finally Section 5 concludes the paper
2 Problem Formulation
21 Network Model Two major entities exist in smart gridsmart meter (denoted by SM hereafter) and SGCC
SM computes power consumption data and uploads themto SGCC periodically The period for computing powerconsumption data at SM is called sensing period The periodfor uploading power consumption data to SGCC is calleduploading period Without loss of generality suppose thesensing period and uploading period are both 119905minutes Thesensing times and uploading times in a day will thus be 119899 =[24 lowast 60119905] The total sensing data for a day are denoted asa set 119863119860119879119860
119904= 1198891199041 119889119904
119899 The total uploading data for a
day are denoted as a set119863119860119879119860119906= 119889119906
1 119889119906
119899 If SM does
not hide119863119860119879119860119904119863119860119879119860
119904will be the same as119863119860119879119860
119906
In smart grid utility price may vary in different timeslotsThe price information is delivered by SGCC in advanceUsers use such information to guide the power consumptionSM receives such information to calculate utility charge in amonth for users Suppose the prices for 119899 uploading periods
in a day are denoted as a set 119875119877119868119862119864 = 1199011 1199012 119901
119899 Thus
the total utility charge for a day issum119899119894=1119889119906119894lowast119901119894The total utility
charge for amonth is the summation of charges for all days inthismonth If the sensing data are changed into the uploadingdata for protecting privacy the total utility charge for a dayshould be remained correct
22 Attack Model and Trust Model Only adversaries whoattack user privacy are considered in this paper Adversariescan eavesdrop the channels between SM and SGCC those aredenoted asA
119888 Adversaries at SGCC can access all uploading
data by SM those are denoted asA119904 Both adversaries desire
to deduce the user behaviors in a day by analyzing theuploading data fromSM namely119863119860119879119860
119906 AsA
119888andA
119904have
the same viewon119863119860119879119860119906 we further do not distinguish those
two adversaries Both are denoted by the same notationASGCC is untrustworthy as we assume adversaries at
SGCC are interested in user privacy SM should be trustwor-thy It is a prerequisite for any further discussion sensing dataare at SM and all possible solutions are conducted at SMBesides if SM is untrustworthy users will not choose themSM can be easily evaluated and authorized by a TrustedThirdParty (TTP)
23 Security Definition and Design Goal Informally speak-ing the privacy is guaranteed if the adversaries (not only atSGCC but also at channels between SGCC and SM) cannotdeduce the user activities in a day More specifically weformally state the privacy requirement definition as follows
Definition 1 User activities They are the activities thatdamage user privacy and are related to using one or multiplehousehold appliances in a daily life They are denoted as a set119860119862119879 = 119886
1 1198862 119886
119898 where 119886
119894(119894 = 1 119898) is an activity
related to one or multiple appliances
Definition 2 Deduce It means an activity in 119860119862119879 can beinferred by data in119863119860119879119860
119887 If an activity 119886
119895isin 119860119862119879 is inferred
by data 119889119894isin 119863119860119879119860
119887 it is denoted as a relation (119889
119894 119886119895) isin 119877 =
119863119860119879119860119887times 119860119862119879 where 119877 is a deduction relationship set and
defined previously and empirically119863119860119879119860119887is the set of ldquobadrdquo
data that can infer to at least one in 119860119862119879
Definition 3 Perfect full privacy (denoted as Privacy119901
full)
Simply speaking any adversary A cannot deduce fromanyone in119863119860119879119860
119906to one in119860119862119879 after viewing119863119860119879119860
119906More
specifically given anyone 119889119906119894isin 119863119860119879119860
119906 it is impossible for
any adversary A to find 119886119895isin 119860119862119879 such that (119889119906
119894 119886119895) isin 119877
That is
Pr forall119889119906119894isin 119863119860119879119860
119906 119886119895lArr997904 119860119862119879 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
= 0
(1)
where Pr119860 119861 denotes after viewing ldquo119861rdquo the probability ofevent ldquo119860rdquo happens ldquolArrrdquo means ldquois selected fromrdquo ldquordquo meanstwo operations happen consequently ldquostrdquo is a shorthand forldquosuch thatrdquo
International Journal of Distributed Sensor Networks 3
Definition 4 Computational full privacy (denoted asPrivacy119888full) Given anyone 119889119906
119894isin 119863119860119879119860
119906 it is computa-
tionally infeasible for any Probabilistic Polynomial TuringMachine (PPTM) adversary A to find 119886
119895isin 119860119862119879 such that
(119889119906119894 119886119895) isin 119877 That is
Pr forall119889119906119894isin 119863119860119879119860
119906 119886119895lArr997904 119860119862119879 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
lt negl (119911)
(2)
where negl(119911) is a negligible functionwith security parameter119911
Claim 1 Perfect (computational) full privacy can protect userprivacy on all user activities in a day as no activity can bededuced from data in119863119860119879119860
119906by any (PPTM) adversary
In previous claim the content in ldquo()rdquo is correspondedwith each other Similarly the perfect (computational) partialprivacy can be defined in the following
Definition 5 Perfect (computational) partial privacy denot-ed as Privacy119901(119888)
partial Given at least one 119889119906
119894isin 119863119860119879119860
119906 it is
computationally infeasible for any (PPTM) adversary A tofind 119886
119895isin 119860119862119879 such that (119889119906
119894 119886119895) isin 119877 after viewing 119863119860119879119860
119906
Besides given at least one 119886119895isin 119860119862119879 it is computationally
infeasible for any (PPTM) adversaryA to find 119889119906119894isin 119863119860119879119860
119906
such that (119889119906119894 119886119895) isin 119877 after viewing119863119860119879119860
119906 That is
Pr exist119889119906119894isin 119863119860119879119860
119906 119886119895lArr997904 119860119862119879 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
= 0 (lt negl (119911))
Pr exist119886119895isin 119860119862119879 119889119906
119894lArr997904 119863119860119879119860
119906 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
= 0 (lt negl (119911))
(3)
Claim 2 Perfect (computational) partial privacy can protectcertain privacy-sensitive activities as these activities cannotbe deduced by119863119860119879119860
119906by any (PPTM) adversary
Claim 3 Full privacy has stronger strength than partialprivacy in terms of the number of deducible data in119863119860119879119860
119906
Perfect privacy has stronger strength than computationalprivacy due to the adversaryrsquos ability That is
Privacy119888
partical lt Privacy119901
partical lt Privacy119888
full lt Privacy119901
full
(4)
where ldquo119860 lt 119861rdquo means that the privacy protection strength ofldquoArdquo is weaker than that of ldquoBrdquo
Roughly speaking full privacy protects all activities par-tial privacy protects partial activities Perfect privacy defendsagainst any adversary computational privacy defends againstany PPTM adversary As perfect full privacy has the strongestprivacy strength we thus concentrate on the perfect fullprivacy protection in the following
Definition 6 Full privacy attacking experiment on thescheme Π defending against any adversary A-ExpPrivacy
119901AΠ
fullis defined as follows
(1) the scheme Π is executed in the presence of anyadversaryA
(2) A fully accesses 119863119860119879119860119906 119860119862119879 and 119877 Given any
119889119906119894isin 119863119860119879119860
119906 if A can find 119886
119895isin 119860119862119879 such that
(119889119906119894 119886119895) isin 119877A outputs 1 otherwise outputs 0
(3) if and only ifA outputs 1 the experiment outputs 1
Definition 7 The scheme Π that can guarantee the perfectfull privacy in presence of any adversary A (denoted asPrivacy
119901AΠ
full= 1) is defined as follows
For any adversary A that the scheme Π defends againstthe probability that the output of the full privacy attackingexperiment equals one is 0 That is if and only if
Pr [ExpPrivacy119901AΠfull = 1] = 0 (5)
Privacy119901AΠ
full= 1
Therefore the design goal is to propose a scheme Π sat-isfying Privacy
119901AΠ
fulland importantly with ultra-lightweight
computation without any cryptographic computation
3 Proposed Schemes
31 ProblemReduction To protect the privacy of sensing data119863119860119879119860
119904 a naive method is encrypting them at SM and then
uploading them to SGCC As SGCC is untrustworthy SGCCcannot decrypt them and has to consult a TTP The TTPdecrypts the data and the result cannot be sent to SGCCTheTTP should compute accumulative values (or metadata) andsend them to SGCC for further scheduling and charging Itobviously arises multiple overheads a large volume of com-putation overhead at SM extra communication overhead atSM and SGCC extra entity TTP key management overheadbetween SM and TTP
As SM is trustworthy SM is proposed to equip a trustedmixing layer between sensing layer and communication layerThat is SM is modeled as three tuples ⟨119871
119904 119871119898 119871119888⟩ where
119871119904is a sensing layer computing the power consumption
periodically The output of layer 119871119904is 119863119860119879119860
119904 119871119898
is amixing layer that transfers 119863119860119879119860
119904into 119863119860119879119860
119906 119871119888is a
communication layer that uploads119863119860119879119860119906to SGCCThat is
SM = ⟨119871119904 119871119898 119871119888⟩
119871119904997904rArr 119871
119898 119863119860119879119860
119904
119871119898= 119865 119863119860119879119860
119904997888rarr 119863119860119879119860
119906
119871119898997904rArr 119871
119906 119863119860119879119860
119906
(6)
where ldquo=rdquo means ldquois defined asrdquo ldquorArrrdquo means ldquodata trans-ferring between layersrdquo 119865 is a data transforming functionldquorarr rdquo that means the input of the function 119865 is transformedinto the output of the function 119865 Therefore it becomes the
4 International Journal of Distributed Sensor Networks
concentration to search an ultra-lightweight transformationfunction 119865 with Privacy
119901A119865
full= 1 in the rest of the paper
Definition 8 ldquoBadrdquo data set (119863119860119879119860119887) It consists of all
power consumption data that can deduce to one or multipleactivities in119860119862119879119863119860119879119860
119887= 1198891198871 1198891198872 119889119887
119900 where 119900 is the
total number of 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900)
The characteristics of 119863119860119879119860119887 119860119862119879 and deduction
relationship set 119877 are as the following
(1) Without loss of generality 119863119860119879119860119887is a sorted set of
positive numbersThat is1198891198871lt 1198891198872lt sdot sdot sdot lt 119889119887
1199001198891198871is
equal to or greater than the power consumption of theminimum power consumption appliance in a period119889119887119900is equal to or less than the power consumption of
all appliances in a period
(2) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) may represent the
usage of one appliance in a period For example 1198891198871
(30wh) is the power consumption of a lamp for aperiod 119889119887
1is related to an event (eg 119886
1) that means
the lamp is on in the period
(3) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) may also repre-
sent the usage of multiple household appliances Forexample 119889119887
9represents two household appliances
used simultaneously 1198891198879= 1198891198871+ 1198891198872 where 119889119887
1is
the power consumption of the lamp in a period 1198891198872
is the power consumption of the washing machine inthe period Thus 119889119887
9means using lamp and washing
machine simultaneously in the period
(4) Similarly any 119886119895isin 119860119862119879 (119895 = 1 119898)may represent
the usage of one appliance or multiple householdappliances simultaneously
(5) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) is related to at least
one 119886119895isin 119860119862119879 (119895 = 1 119898) any 119886
119895isin 119860119862119879 (119895 =
1 119898) is related to at least one in 119889119887119894isin 119863119860119879119860
119887(119894 =
1 119900)
(6) Different 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) cannot be relat-
ed to the same 119886119895isin 119860119862119879 (119895 = 1 119898) as any 119886
119895isin
119860119862119879 (119895 = 1 119898) has single power consumption ina period
(7) 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900)may be related tomultiple
119886119895 because such 119889119887
119894may be the power consumption
for multiple appliances and those appliances mayhave the same power consumption in total Forexample 119889119887
9= 1198891198871+ 1198891198872= 1198891198873+ 1198891198874 1198891198879is related
to 1198865 1198866isin 119860119862119879 where 119886
5means using lamp and
washing machine simultaneously and 1198866means the
usage of the other two appliances
In summary the deduction relationship set119877 = 119863119860119879119860119887times
119860119862119879 can be further refined from a general relationship set toa relationship set with following properties
Pr forall119889119887119894isin 119863119860119879119860
119887 exist119886119895isin 119860119862119879 st (119889119887
119894 119886119895) isin 119877 = 1
Pr forall119886119895isin 119860119862119879 exist119889119887
119894isin 119863119860119879119860
119887 st (119889119887
119894 119886119895) isin 119877 = 1
Pr exist119889119887119894isin 119863119860119879119860
119887 1198861198951isin 119860119862119879 119886
1198952isin 119860119862119879
st (119889119887119894 1198861198951) isin 119877 (119889119887
119894 1198861198952) isin 119877 gt 0
Pr exist1198891198941isin 119863119860119879119860
119887 1198891198942isin 119863119860119879119860
119887 119886119895isin 119860119862119879
st (1198891198941 119886119895) isin 119877 (119889
1198942 119886119895) isin 119877 = 0
(7)
In other words mapping 119863119860119879119860119887rarr 119860119862119879 is not a
function and mapping 119860119862119879 rarr 119863119860119879119860119887is a surjective and
not a injective function
Definition 9 After transformation 119865 the privacy of119863119860119879119860
119906is guaranteed (denoted as Privacy119865
119863119860119879119860119906
= 1)Privacy119865
119863119860119879119860119906
= 1 if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) notin 119863119860119879119860
119887 (8)
where 119865 119863119860119879119860119904rarr 119863119860119879119860
119906
Definition 10 After transformation 119865 the soundness of119863119860119879119860
119906is guaranteed (Soundness119865
119863119860119879119860119906
= 1) The utilitysummation remains unchanged That is
119899
sum
119894=1
119889119904119894lowast 119901119894=
119899
sum
119894=1
119889119906119894lowast 119901119894 (9)
Due to the concentration in the rest of the paper theresearch problem is reduced to as follows given119863119860119879119860
119904 find
an ultra-lightweight transformation 119865 119863119860119879119860119904rarr 119863119860119879119860
119906
such that the privacy and soundness of 119863119860119879119860119906are both
guaranteed That is given 119863119860119879119860119904 find 119865 119863119860119879119860
119904rarr
119863119860119879119860119906 st Privacy119865
119863119860119879119860119906
= 1 and Soundness119865119863119860119879119860
119906
= 1Next we propose a family of schemes to solve the
problem We list all major notations used in the remainderof the paper in Table 1
32 Random Perturbation Scheme (RPS) We firstly proposea basic scheme-random perturbation scheme (RPS) to illus-trate our motivations In RPS any 119889119904
119894isin 119863119860119879119860
119904is perturbed
into a new value in the middle of 119889119887119895and 119889119887
119895minus1or in the
middle of 119889119887119895and 119889119887
119895+1The two cases are selected randomly
A Random Perturbation Algorithm called RPA is proposedfor transformation 119865 as follows
321 Analysis of Algorithm 1
Proposition 11 After the transformation of algorithmRPA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119875119860119863119860119879119860
119906
= 1)
International Journal of Distributed Sensor Networks 5
Table 1 Notation
A Adversary119863119860119879119860
119904= 119889119904
1 119889119904
119899 Sensing power consumption data set
119863119860119879119860119906= 119889119906
1 119889119906
119899 Uploading power consumption data set
119865 Transforming function from119863119860119879119860119904to119863119860119879119860
119906
119863119860119879119860119887= 119889119887
1 119889119887
119900 ldquoBadrdquo power consumption data set
119875119877119868119862119864 = 1199011 1199012 119901
119899 Price set
119860119862119879 = 1198861 1198862 119886
119898 Activity set
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRPA
119863119860119879119860119906
=1 SoundnessRPA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904) Get a data from119863119860119879119860
119904
for 119894 = 1 to 119899 minus 1 doif ((119889119904
119894== 119889119887
1)OR (119889119887
1lt 119889119904119894lt 1198891198872)) then
119889119906119894lArr (119889119887
1+ 1198891198872)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif ((119889119904
119894== 119889119887
119900)OR (119889119887
119900minus1lt 119889119904119894lt 119889119887119900)) then
119889119906119894lArr (119889119887
119900minus1+ 119889119887119900)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end iffor 119895 = 2 to 119900 minus 1 do
if (119889119904119894== 119889119887
119895) then
119889119906119894lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119887
119895+ 119889119887119895+1)2 (119889119887
119895+ 119889119887119895minus1)2)
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif (119889119887
119895lt 119889119904119894lt 119889119887119895+1)then
119889119906119894lArr (119889119887
119895+ 119889119887119895+1)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifend for
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899For soundness
Algorithm 1 Random Perturbation AlgorithmmdashRPA
Proof The biases of 119889119906119894(119894 = 1 119899 minus 1) comparing to
119889119904119894(1 119899minus1) are accumulated into a total value119861119868119860119878119861119868119860119878
is changed into extra power consumption and added to thelast one 119889119906
119899 Thussum119899
119894=1119889119904119894lowast119901119894= sum119899
119894=1119889119906119894lowast119901119894 The total cost
of power consumption in a day maintains the correct valueso SoundnessRPA
119863119860119879119860119906
= 1
Proposition 12 The scheme RPS is ultra-lightweight
Proof As algorithm RPA is ultra-lightweight the number ofloops is (119899 minus 1) lowast (119900 minus 2) The computation in each loop isonly simple operations such asmodulo minus plus divisionandmultiplicationThe computation complexity of algorithmRPA is 119874(119899 lowast 119900)
Proposition 13 The scheme RPS can guarantee the perfect fullprivacy (Privacy119901A119877119875119878
119891119906119897119897= 1)
Proof It is clear that for all 119889119904119894isin 119863119860119879119860
119904 119889119906119894= 119865(119889119904
119894) notin
119863119860119879119860119887 Thus PrivacyRPA
119863119860119879119860119906
= 1 According to the definitionof the perfect full privacy Privacy119901ARPS
full= 1
33 RandomWalk Scheme (RWS) If the gap between 119889119887119895and
119889119887119895+1
(119895 = 1 119900minus1) is small the perturbation (namely 120575) inRPSwill be small It can be proofed as a claim in the following
Claim 4 If the gap between 119889119887119895and 119889119887
119895+1(119895 = 1 119900 minus 1) is
small the perturbation in RPS will be small
Proof Suppose max(|119889119887119895minus 119889119887119895+1|) = 119892(119895 = 1 119899 minus 1) If
119889119904119894= 119889119887119895isin 119863119860119879119860
119887) in RPA max(120575) le 1198922 If 119889119904
119894= 119889119887119895isin
119863119860119879119860119887 max(120575) lt 1198922 Thus the perturbation 120575 is small if 119892
is small
6 International Journal of Distributed Sensor Networks
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRWA
119863119860119879119860119906
= 1 SoundnessRWA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 do119895 lArr (119903119886119899119889119900119898()119900 + 1)119889119906119894lArr 119889119887
119895
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 2 RandomWalk Algorithm (RWA)
If the perturbation is small adversaries may guess the 119889119904119894
correctly and adversaries can guess the activity is either oftwo activities To address this issue we propose a randomwalk scheme called RWS in which 119889119904
119894isin 119863119860119879119860
119904randomly
jumps to a value in119863119860119879119860119887 In this case the privacy definition
is extended to include unlinkability inwhich the possibility of119889119887119895isin 119863119860119879119860
119887for 119889119904
119894is equal Thus the revealed user activity
occurs with equal possibility
Definition 14 After transformation 119865 the privacy of119863119860119879119860119906
is guaranteed (denoted as Privacy119865119863119860119879119860
119906
= 1) if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) isin 119863119860119879119860
119906
forall119889119887119901 119889119887
119902isin 119863119860119879119860
119887 119889119887
119901= 119889119887119902
Pr 119889119906119894= 119889119887119901 = Pr 119889119906
119894= 119889119887119902
(10)
The definition for privacy is thus extended to include thedefinition here and Definition 9
In RWS any 119889119904119894isin 119863119860119879119860
119904(119894 = 1 119899 minus 1) is perturbed
to a value 119889119887119895isin 119863119860119879119860
119887(119895 = 1 119900) which is randomly
selected This algorithm is thus especially ultra-lightweightin terms of computation A randomwalk algorithm (RWA) isproposed for the transformation function 119865 as follows
331 Analysis of Algorithm 2
Proposition 15 After the transformation of algorithmRWA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119882119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Proposition 11As sum119899119894=1119889119904119894lowast 119901119894= sum119899
119894=1119889119906119894lowast 119901119894 the total cost of power
consumption in a day maintains the correct value Thus thesoundness of RWA is guaranteed
Proposition 16 The scheme RWS is ultra-lightweight
Proof The number of loops is 119899 minus 1 so algorithm RPA isultra-lightweight The computations in loops are only simpleoperations such as modulo minus plus and multiplication
Moreover algorithm RWA is more lightweight than algo-rithm RPA Thus scheme RWS is ultra-lightweight
Proposition 17 The scheme RWS can guarantee the perfectfull privacy (Privacy119901A119877119882119878
119891119906119897119897= 1)
Proof According to the algorithm for for all 119889119904119894isin 119863119860119879119860
119904
if 119889119906119894= 119865(119889119904
119894) isin 119863119860119879119860
119906 we have forall119889119887
119901 119889119887119902isin 119863119860119879119860
119887
119889119887119901= 119889119887119902 and Pr119889119906
119894= 119889119887
119901 = Pr119889119906
119894= 119889119887
119902 Thus
PrivacyRWA119863119860119879119860
119906
= 1 According to the definition of the privacyin Definition 14 Privacy119901ARWS
full= 1
34 Distance-Bounded Random Walk with PerturbationScheme (DBS) In smart grid the uploading data will beused as a feedback for future scheduling of distribution andtransmission It thus requires the uploading data can accu-rately present the power consumption (namely sensing data)However thanks to the power distribution and transmissionserve not for a single SM but a large number of SMs (eg acampus a community or a county scale) only the accuracyfor a scale of SMs is sufficient for scheduling
In RPS and RWS although the bias exists (that isuploading data is not equal to sensing data) at single SMthe uploading data for a large number of SMs can stillrepresent power consumption in a scaleMore specifically thedeviation between the summation of uploading data and thesummation of sensing data is randomly positive or negativein one SM thus the overall summation remains almostunchanged in expectation in a large scale It is explained asfollows
Definition 18 After the transformation 119865 the accuracy of119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(denoted as Accuracy119865119863119860119879119860
119906
= 1) The summation of119863119860119879119860119906
equals the summation of 119863119860119879119860119904 in scheduling area and
scheduling period More specifically suppose that eachscheduling period consists of 119909 sensing (uploading) periodand each scheduling area consists of 119910 SMs The uploadingdata for them is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 The
sensing data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894
International Journal of Distributed Sensor Networks 7
Required119863119860119879119860119904 119863119860119879119860
119887 BOUND
Ensure119863119860119879119860119906 PrivacyDBA
119863119860119879119860119906
= 1 SoundnessDBA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 doWHILE (1)
119895 lArr (119903119886119899119889119900119898()(119900 minus 2) + 2)120575 lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119904
119894minus (119889119887119895+ (119889119887119895+1minus 119889119887119895)2)) (119889119904
119894minus (119889119887119895+ (119889119887119895minus 119889119887119895minus1)2)))
if (119886119887119904(120575) le 119861119874119880119873119863) then119889119906119894lArr 119889119904
119894minus 120575
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
EXITelse
CONTINUEend if
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 3 Distance-Bounded Algorithm (DBA)
The accuracy of119863119860119879119860119906is guaranteed if and only if SUM
119904=
SUM119906
Proposition 19 After the transformation 119877119875119860 or 119877119882119860 theaccuracy of119863119860119879119860
119906is guaranteed in expectation for a schedul-
ing area (Accuracy119877119875119860119877119882119860119863119860119879119860
119906
= 1)
Proof In each sensing (uploading) period 119889119904119894is changed into
119889119906119894at single SM 120575 = 119889119904
119894minus 119889119906119894 Suppose that each scheduling
period consists of 119909 sensing (uploading) period and eachscheduling area consists of 119910 SMs The uploading data forthem is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 the sensing
data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894 The
expectation of both is equal as the expectation of 120575 is 0 ina scheduling area That is SUM
119904= SUM
119906 as 120575 = 0 where119867
means the expectation of119867
To further guarantee the scheduling accuracy we proposea distance-bounded scheme in which the perturbation value(ie 120575) is bounded The accuracy is thus guaranteed withina threshold value It takes the advantages of former twoalgorithms RPA and RWA A distance-bounded algorithm(DBA) for the transformation 119865 is proposed as follows
341 Analysis of Algorithm 3
Proposition 20 After the transformation of algorithmDBA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Propositions 11 and15
Proposition 21 The scheme DBS is ultra-lightweight
Proof The proof can be reduced to the proof of Propositions12 and 16
Proposition 22 The scheme DBS can guarantee the perfectfull privacy (Privacy119901A119863119861119878
119891119906119897119897= 1)
Proof Theproof is similar to the proof of Propositions 13 and17
Proposition 23 After the transformation 119863119861119860 the accuracyof 119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(Accuracy119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is reduced to the proof of Proposition 19
Proposition 24 The summation of uploading data equals thesummation of the sensing data with deviation bounded by 120572 lowast120573lowast119861119874119880119873119863 where 120572 is the number of SMs in a schedule area120573 is the number of sensing (uploading) period in a scheduleperiod (That is |119878119880119872
119906minus 119878119880119872
119904| le 120572 lowast 120573 lowast 119861119874119880119873119863)
Proof The schedule accuracy is the deviation between thesummation of uploading data and the summation of sensingdata As it is proofed in Proposition 19 it depends on thenumber of SMs in the schedule area and the number ofsensing (uploading) period in the schedule period Theexpectation value is proofed to be 0 as the expectation of120575 is 0 Concerning the accuracy of one schedule periodthe maximal bias between the summation of uploading dataand the summation of sensing data is bounded by 120572 lowast 120573 lowast119861119874119880119873119863
4 Related Work
The security architectures and overall security requirementsin smart grid were discussed in the recent years [3 7] Cur-rently the privacy issue in smart grid starts to attract moreattentions The requirements of privacy were explored insome previousworks [8ndash11]They pointed out the importance
8 International Journal of Distributed Sensor Networks
and urgency of privacy issues Efthymiou and Kalogridisproposed a privacy protection scheme via anonymizationof data [12] Their work relied on Escrow and Public KeyInfrastructure (PKI) thus the flexibility and scalability maybe tampered Tomosada and Sinohara proposed to use virtualenergy demand to estimate the energy load and protectingconsumer privacy [13] but the estimation may take muchcomputation overhead and accuracy may be damaged Lu etal [10] proposed an efficient and privacy-preserving aggrega-tion scheme (EPPA) Their scheme relied on homomorphicPaillier cryptosystem and induces much computation over-head Cheung et al [14] proposed a credential-based privacy-preserving power request scheme for smart grid which reliedon an advanced cryptographic primitive-blind signature Heet al [15] proposed to use homomorphic encryption for smartgrid communications Comparing with all aforementionedrelated work our final scheme does not rely on any crypto-graphic primitive but fulfils provable privacy and restrainsultra-lightweight in computation
5 Conclusions
In this paper we proposed three schemes to protect user pri-vacy in smart grid without any cryptographic primitive andwith ultra-lightweight computation They are random per-turbation scheme (RPS) random walk scheme (RWS) anddistance-bounded random walk with perturbation scheme(DBS) We also proposed three algorithms for three schemesrespectively Our schemes do not rely on any cryptographiccomputations are sound in terms of maintaining the correctutility charge can guarantee the privacy that were strictlyproofed and can ensure the scheduling accuracy in powertransmission and distribution All proposed schemes andalgorithms were extensively analyzed which justified theirapplicability
Acknowledgments
W Renrsquos research was financially supported by NationalNatural Science Foundation of China (61170217) the OpenResearch Fund from Shandong provincial Key Laboratoryof Computer Network (SDKLCN-2011-01) and FundamentalResearch Funds for the Central Universities (CUG110109) YRenrsquos research was sponsored in part by the ldquoAim for the TopUniversity Projectrdquo of the National Chiao Tung Universityand the Ministry of Education Taiwan
References
[1] The Smart Grid Interoperability Panel Cyber Security Work-ing Group ldquoNistir 7628 guidelines for smart grid cybersecurityrdquo in Privacy and the smart grid vol 2 2010 httpcsrcnistgovpublicationsnistirir7628nistir-7628 vol2pdf
[2] H Khurana M Hadley N Lu and D A Frincke ldquoSmart-gridsecurity issuesrdquo IEEE Security and Privacy vol 8 no 1 pp 81ndash85 2010
[3] P McDaniel and S McLaughlin ldquoSecurity and privacy chal-lenges in the smart gridrdquo IEEE Security and Privacy vol 7 no3 pp 75ndash77 2009
[4] A R Metke and R L Ekl ldquoSecurity technology for smart gridnetworksrdquo IEEE Transactions on Smart Grid vol 1 no 1 pp99ndash107 2010
[5] G N Ericsson ldquoCyber security and power system commu-nicationessential parts of a smart grid infrastructurerdquo IEEETransactions on Power Delivery vol 25 no 3 pp 1501ndash15072010
[6] A Vaccaro M Popov D Villacci and V Terzija ldquoAn integratedframework for smart microgrids modeling monitoring con-trol communication and verificationrdquo Proceedings of the IEEEvol 99 no 1 pp 119ndash132 2010
[7] T M Overman R W Sackman T L Davis and B S CohenldquoHigh-assurance smart grid a three-part model for smart gridcontrol systemsrdquo Proceedings of the IEEE vol 99 no 6 pp1046ndash1062 2011
[8] J Liu Y Xiao S Li W Liang and C Chen ldquoCyber security andprivacy issues in smart gridsrdquo IEEE Communications SurveysTutorials vol 99 pp 1ndash17 2012
[9] F Maandrmol C Sorge O Ugus and G Peandrez ldquoDo notsnoop my habits preserving privacy in the smart gridrdquo IEEECommunications Magazine vol 50 no 5 pp 166ndash172 2012
[10] R Lu X Liang X Li X Lin and X Shen ldquoEppa anefficient and privacypreserving aggregation scheme for securesmart grid communicationsrdquo IEEE Transactions on Parallel andDistributed Systems vol 23 no 9 pp 1621ndash1631 2012
[11] S Wang L Cui J Que et al ldquoA randomized response modelfor privacy preserving smart meteringrdquo IEEE Transactions onSmart Grid vol 3 no 3 pp 1317ndash1324 2012
[12] C Efthymiou and G Kalogridis ldquoSmart grid privacy viaanonymization of smart metering datardquo in Proceedings of the 1stIEEE International Conference on Smart Grid Communications(SmartGridComm rsquo10) pp 238ndash243 October 2010
[13] M Tomosada and Y Sinohara ldquoVirtual energy demand dataestimating energy load and protecting consumersrsquo privacyrdquo inProceedings of the IEEE PES Innovative Smart Grid Technologies(ISGT rsquo11) pp 1ndash8 January 2011
[14] J Cheung T Chim S Yiu L Hui and V Li ldquoCredential-based privacy-preserving power request scheme for smart gridnetworkrdquo in Proceedings of the IEEE Global TelecommunicationsConference (GLOBECOM rsquo11) pp 1ndash5 December 2011
[15] X He M Pun and C Kuo ldquoSecure and efficient cryptosystemfor smart grid using homomorphic encryptionrdquo in Proceedingsof the IEEE PES Innovative Smart Grid Technologies (ISGT rsquo12)pp 1ndash8 January 2012
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of Distributed Sensor Networks 3
Definition 4 Computational full privacy (denoted asPrivacy119888full) Given anyone 119889119906
119894isin 119863119860119879119860
119906 it is computa-
tionally infeasible for any Probabilistic Polynomial TuringMachine (PPTM) adversary A to find 119886
119895isin 119860119862119879 such that
(119889119906119894 119886119895) isin 119877 That is
Pr forall119889119906119894isin 119863119860119879119860
119906 119886119895lArr997904 119860119862119879 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
lt negl (119911)
(2)
where negl(119911) is a negligible functionwith security parameter119911
Claim 1 Perfect (computational) full privacy can protect userprivacy on all user activities in a day as no activity can bededuced from data in119863119860119879119860
119906by any (PPTM) adversary
In previous claim the content in ldquo()rdquo is correspondedwith each other Similarly the perfect (computational) partialprivacy can be defined in the following
Definition 5 Perfect (computational) partial privacy denot-ed as Privacy119901(119888)
partial Given at least one 119889119906
119894isin 119863119860119879119860
119906 it is
computationally infeasible for any (PPTM) adversary A tofind 119886
119895isin 119860119862119879 such that (119889119906
119894 119886119895) isin 119877 after viewing 119863119860119879119860
119906
Besides given at least one 119886119895isin 119860119862119879 it is computationally
infeasible for any (PPTM) adversaryA to find 119889119906119894isin 119863119860119879119860
119906
such that (119889119906119894 119886119895) isin 119877 after viewing119863119860119879119860
119906 That is
Pr exist119889119906119894isin 119863119860119879119860
119906 119886119895lArr997904 119860119862119879 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
= 0 (lt negl (119911))
Pr exist119886119895isin 119860119862119879 119889119906
119894lArr997904 119863119860119879119860
119906 st (119889119906
119894 119886119895) isin 119877 119863119860119879119860
119906
= 0 (lt negl (119911))
(3)
Claim 2 Perfect (computational) partial privacy can protectcertain privacy-sensitive activities as these activities cannotbe deduced by119863119860119879119860
119906by any (PPTM) adversary
Claim 3 Full privacy has stronger strength than partialprivacy in terms of the number of deducible data in119863119860119879119860
119906
Perfect privacy has stronger strength than computationalprivacy due to the adversaryrsquos ability That is
Privacy119888
partical lt Privacy119901
partical lt Privacy119888
full lt Privacy119901
full
(4)
where ldquo119860 lt 119861rdquo means that the privacy protection strength ofldquoArdquo is weaker than that of ldquoBrdquo
Roughly speaking full privacy protects all activities par-tial privacy protects partial activities Perfect privacy defendsagainst any adversary computational privacy defends againstany PPTM adversary As perfect full privacy has the strongestprivacy strength we thus concentrate on the perfect fullprivacy protection in the following
Definition 6 Full privacy attacking experiment on thescheme Π defending against any adversary A-ExpPrivacy
119901AΠ
fullis defined as follows
(1) the scheme Π is executed in the presence of anyadversaryA
(2) A fully accesses 119863119860119879119860119906 119860119862119879 and 119877 Given any
119889119906119894isin 119863119860119879119860
119906 if A can find 119886
119895isin 119860119862119879 such that
(119889119906119894 119886119895) isin 119877A outputs 1 otherwise outputs 0
(3) if and only ifA outputs 1 the experiment outputs 1
Definition 7 The scheme Π that can guarantee the perfectfull privacy in presence of any adversary A (denoted asPrivacy
119901AΠ
full= 1) is defined as follows
For any adversary A that the scheme Π defends againstthe probability that the output of the full privacy attackingexperiment equals one is 0 That is if and only if
Pr [ExpPrivacy119901AΠfull = 1] = 0 (5)
Privacy119901AΠ
full= 1
Therefore the design goal is to propose a scheme Π sat-isfying Privacy
119901AΠ
fulland importantly with ultra-lightweight
computation without any cryptographic computation
3 Proposed Schemes
31 ProblemReduction To protect the privacy of sensing data119863119860119879119860
119904 a naive method is encrypting them at SM and then
uploading them to SGCC As SGCC is untrustworthy SGCCcannot decrypt them and has to consult a TTP The TTPdecrypts the data and the result cannot be sent to SGCCTheTTP should compute accumulative values (or metadata) andsend them to SGCC for further scheduling and charging Itobviously arises multiple overheads a large volume of com-putation overhead at SM extra communication overhead atSM and SGCC extra entity TTP key management overheadbetween SM and TTP
As SM is trustworthy SM is proposed to equip a trustedmixing layer between sensing layer and communication layerThat is SM is modeled as three tuples ⟨119871
119904 119871119898 119871119888⟩ where
119871119904is a sensing layer computing the power consumption
periodically The output of layer 119871119904is 119863119860119879119860
119904 119871119898
is amixing layer that transfers 119863119860119879119860
119904into 119863119860119879119860
119906 119871119888is a
communication layer that uploads119863119860119879119860119906to SGCCThat is
SM = ⟨119871119904 119871119898 119871119888⟩
119871119904997904rArr 119871
119898 119863119860119879119860
119904
119871119898= 119865 119863119860119879119860
119904997888rarr 119863119860119879119860
119906
119871119898997904rArr 119871
119906 119863119860119879119860
119906
(6)
where ldquo=rdquo means ldquois defined asrdquo ldquorArrrdquo means ldquodata trans-ferring between layersrdquo 119865 is a data transforming functionldquorarr rdquo that means the input of the function 119865 is transformedinto the output of the function 119865 Therefore it becomes the
4 International Journal of Distributed Sensor Networks
concentration to search an ultra-lightweight transformationfunction 119865 with Privacy
119901A119865
full= 1 in the rest of the paper
Definition 8 ldquoBadrdquo data set (119863119860119879119860119887) It consists of all
power consumption data that can deduce to one or multipleactivities in119860119862119879119863119860119879119860
119887= 1198891198871 1198891198872 119889119887
119900 where 119900 is the
total number of 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900)
The characteristics of 119863119860119879119860119887 119860119862119879 and deduction
relationship set 119877 are as the following
(1) Without loss of generality 119863119860119879119860119887is a sorted set of
positive numbersThat is1198891198871lt 1198891198872lt sdot sdot sdot lt 119889119887
1199001198891198871is
equal to or greater than the power consumption of theminimum power consumption appliance in a period119889119887119900is equal to or less than the power consumption of
all appliances in a period
(2) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) may represent the
usage of one appliance in a period For example 1198891198871
(30wh) is the power consumption of a lamp for aperiod 119889119887
1is related to an event (eg 119886
1) that means
the lamp is on in the period
(3) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) may also repre-
sent the usage of multiple household appliances Forexample 119889119887
9represents two household appliances
used simultaneously 1198891198879= 1198891198871+ 1198891198872 where 119889119887
1is
the power consumption of the lamp in a period 1198891198872
is the power consumption of the washing machine inthe period Thus 119889119887
9means using lamp and washing
machine simultaneously in the period
(4) Similarly any 119886119895isin 119860119862119879 (119895 = 1 119898)may represent
the usage of one appliance or multiple householdappliances simultaneously
(5) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) is related to at least
one 119886119895isin 119860119862119879 (119895 = 1 119898) any 119886
119895isin 119860119862119879 (119895 =
1 119898) is related to at least one in 119889119887119894isin 119863119860119879119860
119887(119894 =
1 119900)
(6) Different 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) cannot be relat-
ed to the same 119886119895isin 119860119862119879 (119895 = 1 119898) as any 119886
119895isin
119860119862119879 (119895 = 1 119898) has single power consumption ina period
(7) 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900)may be related tomultiple
119886119895 because such 119889119887
119894may be the power consumption
for multiple appliances and those appliances mayhave the same power consumption in total Forexample 119889119887
9= 1198891198871+ 1198891198872= 1198891198873+ 1198891198874 1198891198879is related
to 1198865 1198866isin 119860119862119879 where 119886
5means using lamp and
washing machine simultaneously and 1198866means the
usage of the other two appliances
In summary the deduction relationship set119877 = 119863119860119879119860119887times
119860119862119879 can be further refined from a general relationship set toa relationship set with following properties
Pr forall119889119887119894isin 119863119860119879119860
119887 exist119886119895isin 119860119862119879 st (119889119887
119894 119886119895) isin 119877 = 1
Pr forall119886119895isin 119860119862119879 exist119889119887
119894isin 119863119860119879119860
119887 st (119889119887
119894 119886119895) isin 119877 = 1
Pr exist119889119887119894isin 119863119860119879119860
119887 1198861198951isin 119860119862119879 119886
1198952isin 119860119862119879
st (119889119887119894 1198861198951) isin 119877 (119889119887
119894 1198861198952) isin 119877 gt 0
Pr exist1198891198941isin 119863119860119879119860
119887 1198891198942isin 119863119860119879119860
119887 119886119895isin 119860119862119879
st (1198891198941 119886119895) isin 119877 (119889
1198942 119886119895) isin 119877 = 0
(7)
In other words mapping 119863119860119879119860119887rarr 119860119862119879 is not a
function and mapping 119860119862119879 rarr 119863119860119879119860119887is a surjective and
not a injective function
Definition 9 After transformation 119865 the privacy of119863119860119879119860
119906is guaranteed (denoted as Privacy119865
119863119860119879119860119906
= 1)Privacy119865
119863119860119879119860119906
= 1 if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) notin 119863119860119879119860
119887 (8)
where 119865 119863119860119879119860119904rarr 119863119860119879119860
119906
Definition 10 After transformation 119865 the soundness of119863119860119879119860
119906is guaranteed (Soundness119865
119863119860119879119860119906
= 1) The utilitysummation remains unchanged That is
119899
sum
119894=1
119889119904119894lowast 119901119894=
119899
sum
119894=1
119889119906119894lowast 119901119894 (9)
Due to the concentration in the rest of the paper theresearch problem is reduced to as follows given119863119860119879119860
119904 find
an ultra-lightweight transformation 119865 119863119860119879119860119904rarr 119863119860119879119860
119906
such that the privacy and soundness of 119863119860119879119860119906are both
guaranteed That is given 119863119860119879119860119904 find 119865 119863119860119879119860
119904rarr
119863119860119879119860119906 st Privacy119865
119863119860119879119860119906
= 1 and Soundness119865119863119860119879119860
119906
= 1Next we propose a family of schemes to solve the
problem We list all major notations used in the remainderof the paper in Table 1
32 Random Perturbation Scheme (RPS) We firstly proposea basic scheme-random perturbation scheme (RPS) to illus-trate our motivations In RPS any 119889119904
119894isin 119863119860119879119860
119904is perturbed
into a new value in the middle of 119889119887119895and 119889119887
119895minus1or in the
middle of 119889119887119895and 119889119887
119895+1The two cases are selected randomly
A Random Perturbation Algorithm called RPA is proposedfor transformation 119865 as follows
321 Analysis of Algorithm 1
Proposition 11 After the transformation of algorithmRPA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119875119860119863119860119879119860
119906
= 1)
International Journal of Distributed Sensor Networks 5
Table 1 Notation
A Adversary119863119860119879119860
119904= 119889119904
1 119889119904
119899 Sensing power consumption data set
119863119860119879119860119906= 119889119906
1 119889119906
119899 Uploading power consumption data set
119865 Transforming function from119863119860119879119860119904to119863119860119879119860
119906
119863119860119879119860119887= 119889119887
1 119889119887
119900 ldquoBadrdquo power consumption data set
119875119877119868119862119864 = 1199011 1199012 119901
119899 Price set
119860119862119879 = 1198861 1198862 119886
119898 Activity set
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRPA
119863119860119879119860119906
=1 SoundnessRPA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904) Get a data from119863119860119879119860
119904
for 119894 = 1 to 119899 minus 1 doif ((119889119904
119894== 119889119887
1)OR (119889119887
1lt 119889119904119894lt 1198891198872)) then
119889119906119894lArr (119889119887
1+ 1198891198872)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif ((119889119904
119894== 119889119887
119900)OR (119889119887
119900minus1lt 119889119904119894lt 119889119887119900)) then
119889119906119894lArr (119889119887
119900minus1+ 119889119887119900)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end iffor 119895 = 2 to 119900 minus 1 do
if (119889119904119894== 119889119887
119895) then
119889119906119894lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119887
119895+ 119889119887119895+1)2 (119889119887
119895+ 119889119887119895minus1)2)
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif (119889119887
119895lt 119889119904119894lt 119889119887119895+1)then
119889119906119894lArr (119889119887
119895+ 119889119887119895+1)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifend for
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899For soundness
Algorithm 1 Random Perturbation AlgorithmmdashRPA
Proof The biases of 119889119906119894(119894 = 1 119899 minus 1) comparing to
119889119904119894(1 119899minus1) are accumulated into a total value119861119868119860119878119861119868119860119878
is changed into extra power consumption and added to thelast one 119889119906
119899 Thussum119899
119894=1119889119904119894lowast119901119894= sum119899
119894=1119889119906119894lowast119901119894 The total cost
of power consumption in a day maintains the correct valueso SoundnessRPA
119863119860119879119860119906
= 1
Proposition 12 The scheme RPS is ultra-lightweight
Proof As algorithm RPA is ultra-lightweight the number ofloops is (119899 minus 1) lowast (119900 minus 2) The computation in each loop isonly simple operations such asmodulo minus plus divisionandmultiplicationThe computation complexity of algorithmRPA is 119874(119899 lowast 119900)
Proposition 13 The scheme RPS can guarantee the perfect fullprivacy (Privacy119901A119877119875119878
119891119906119897119897= 1)
Proof It is clear that for all 119889119904119894isin 119863119860119879119860
119904 119889119906119894= 119865(119889119904
119894) notin
119863119860119879119860119887 Thus PrivacyRPA
119863119860119879119860119906
= 1 According to the definitionof the perfect full privacy Privacy119901ARPS
full= 1
33 RandomWalk Scheme (RWS) If the gap between 119889119887119895and
119889119887119895+1
(119895 = 1 119900minus1) is small the perturbation (namely 120575) inRPSwill be small It can be proofed as a claim in the following
Claim 4 If the gap between 119889119887119895and 119889119887
119895+1(119895 = 1 119900 minus 1) is
small the perturbation in RPS will be small
Proof Suppose max(|119889119887119895minus 119889119887119895+1|) = 119892(119895 = 1 119899 minus 1) If
119889119904119894= 119889119887119895isin 119863119860119879119860
119887) in RPA max(120575) le 1198922 If 119889119904
119894= 119889119887119895isin
119863119860119879119860119887 max(120575) lt 1198922 Thus the perturbation 120575 is small if 119892
is small
6 International Journal of Distributed Sensor Networks
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRWA
119863119860119879119860119906
= 1 SoundnessRWA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 do119895 lArr (119903119886119899119889119900119898()119900 + 1)119889119906119894lArr 119889119887
119895
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 2 RandomWalk Algorithm (RWA)
If the perturbation is small adversaries may guess the 119889119904119894
correctly and adversaries can guess the activity is either oftwo activities To address this issue we propose a randomwalk scheme called RWS in which 119889119904
119894isin 119863119860119879119860
119904randomly
jumps to a value in119863119860119879119860119887 In this case the privacy definition
is extended to include unlinkability inwhich the possibility of119889119887119895isin 119863119860119879119860
119887for 119889119904
119894is equal Thus the revealed user activity
occurs with equal possibility
Definition 14 After transformation 119865 the privacy of119863119860119879119860119906
is guaranteed (denoted as Privacy119865119863119860119879119860
119906
= 1) if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) isin 119863119860119879119860
119906
forall119889119887119901 119889119887
119902isin 119863119860119879119860
119887 119889119887
119901= 119889119887119902
Pr 119889119906119894= 119889119887119901 = Pr 119889119906
119894= 119889119887119902
(10)
The definition for privacy is thus extended to include thedefinition here and Definition 9
In RWS any 119889119904119894isin 119863119860119879119860
119904(119894 = 1 119899 minus 1) is perturbed
to a value 119889119887119895isin 119863119860119879119860
119887(119895 = 1 119900) which is randomly
selected This algorithm is thus especially ultra-lightweightin terms of computation A randomwalk algorithm (RWA) isproposed for the transformation function 119865 as follows
331 Analysis of Algorithm 2
Proposition 15 After the transformation of algorithmRWA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119882119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Proposition 11As sum119899119894=1119889119904119894lowast 119901119894= sum119899
119894=1119889119906119894lowast 119901119894 the total cost of power
consumption in a day maintains the correct value Thus thesoundness of RWA is guaranteed
Proposition 16 The scheme RWS is ultra-lightweight
Proof The number of loops is 119899 minus 1 so algorithm RPA isultra-lightweight The computations in loops are only simpleoperations such as modulo minus plus and multiplication
Moreover algorithm RWA is more lightweight than algo-rithm RPA Thus scheme RWS is ultra-lightweight
Proposition 17 The scheme RWS can guarantee the perfectfull privacy (Privacy119901A119877119882119878
119891119906119897119897= 1)
Proof According to the algorithm for for all 119889119904119894isin 119863119860119879119860
119904
if 119889119906119894= 119865(119889119904
119894) isin 119863119860119879119860
119906 we have forall119889119887
119901 119889119887119902isin 119863119860119879119860
119887
119889119887119901= 119889119887119902 and Pr119889119906
119894= 119889119887
119901 = Pr119889119906
119894= 119889119887
119902 Thus
PrivacyRWA119863119860119879119860
119906
= 1 According to the definition of the privacyin Definition 14 Privacy119901ARWS
full= 1
34 Distance-Bounded Random Walk with PerturbationScheme (DBS) In smart grid the uploading data will beused as a feedback for future scheduling of distribution andtransmission It thus requires the uploading data can accu-rately present the power consumption (namely sensing data)However thanks to the power distribution and transmissionserve not for a single SM but a large number of SMs (eg acampus a community or a county scale) only the accuracyfor a scale of SMs is sufficient for scheduling
In RPS and RWS although the bias exists (that isuploading data is not equal to sensing data) at single SMthe uploading data for a large number of SMs can stillrepresent power consumption in a scaleMore specifically thedeviation between the summation of uploading data and thesummation of sensing data is randomly positive or negativein one SM thus the overall summation remains almostunchanged in expectation in a large scale It is explained asfollows
Definition 18 After the transformation 119865 the accuracy of119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(denoted as Accuracy119865119863119860119879119860
119906
= 1) The summation of119863119860119879119860119906
equals the summation of 119863119860119879119860119904 in scheduling area and
scheduling period More specifically suppose that eachscheduling period consists of 119909 sensing (uploading) periodand each scheduling area consists of 119910 SMs The uploadingdata for them is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 The
sensing data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894
International Journal of Distributed Sensor Networks 7
Required119863119860119879119860119904 119863119860119879119860
119887 BOUND
Ensure119863119860119879119860119906 PrivacyDBA
119863119860119879119860119906
= 1 SoundnessDBA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 doWHILE (1)
119895 lArr (119903119886119899119889119900119898()(119900 minus 2) + 2)120575 lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119904
119894minus (119889119887119895+ (119889119887119895+1minus 119889119887119895)2)) (119889119904
119894minus (119889119887119895+ (119889119887119895minus 119889119887119895minus1)2)))
if (119886119887119904(120575) le 119861119874119880119873119863) then119889119906119894lArr 119889119904
119894minus 120575
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
EXITelse
CONTINUEend if
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 3 Distance-Bounded Algorithm (DBA)
The accuracy of119863119860119879119860119906is guaranteed if and only if SUM
119904=
SUM119906
Proposition 19 After the transformation 119877119875119860 or 119877119882119860 theaccuracy of119863119860119879119860
119906is guaranteed in expectation for a schedul-
ing area (Accuracy119877119875119860119877119882119860119863119860119879119860
119906
= 1)
Proof In each sensing (uploading) period 119889119904119894is changed into
119889119906119894at single SM 120575 = 119889119904
119894minus 119889119906119894 Suppose that each scheduling
period consists of 119909 sensing (uploading) period and eachscheduling area consists of 119910 SMs The uploading data forthem is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 the sensing
data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894 The
expectation of both is equal as the expectation of 120575 is 0 ina scheduling area That is SUM
119904= SUM
119906 as 120575 = 0 where119867
means the expectation of119867
To further guarantee the scheduling accuracy we proposea distance-bounded scheme in which the perturbation value(ie 120575) is bounded The accuracy is thus guaranteed withina threshold value It takes the advantages of former twoalgorithms RPA and RWA A distance-bounded algorithm(DBA) for the transformation 119865 is proposed as follows
341 Analysis of Algorithm 3
Proposition 20 After the transformation of algorithmDBA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Propositions 11 and15
Proposition 21 The scheme DBS is ultra-lightweight
Proof The proof can be reduced to the proof of Propositions12 and 16
Proposition 22 The scheme DBS can guarantee the perfectfull privacy (Privacy119901A119863119861119878
119891119906119897119897= 1)
Proof Theproof is similar to the proof of Propositions 13 and17
Proposition 23 After the transformation 119863119861119860 the accuracyof 119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(Accuracy119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is reduced to the proof of Proposition 19
Proposition 24 The summation of uploading data equals thesummation of the sensing data with deviation bounded by 120572 lowast120573lowast119861119874119880119873119863 where 120572 is the number of SMs in a schedule area120573 is the number of sensing (uploading) period in a scheduleperiod (That is |119878119880119872
119906minus 119878119880119872
119904| le 120572 lowast 120573 lowast 119861119874119880119873119863)
Proof The schedule accuracy is the deviation between thesummation of uploading data and the summation of sensingdata As it is proofed in Proposition 19 it depends on thenumber of SMs in the schedule area and the number ofsensing (uploading) period in the schedule period Theexpectation value is proofed to be 0 as the expectation of120575 is 0 Concerning the accuracy of one schedule periodthe maximal bias between the summation of uploading dataand the summation of sensing data is bounded by 120572 lowast 120573 lowast119861119874119880119873119863
4 Related Work
The security architectures and overall security requirementsin smart grid were discussed in the recent years [3 7] Cur-rently the privacy issue in smart grid starts to attract moreattentions The requirements of privacy were explored insome previousworks [8ndash11]They pointed out the importance
8 International Journal of Distributed Sensor Networks
and urgency of privacy issues Efthymiou and Kalogridisproposed a privacy protection scheme via anonymizationof data [12] Their work relied on Escrow and Public KeyInfrastructure (PKI) thus the flexibility and scalability maybe tampered Tomosada and Sinohara proposed to use virtualenergy demand to estimate the energy load and protectingconsumer privacy [13] but the estimation may take muchcomputation overhead and accuracy may be damaged Lu etal [10] proposed an efficient and privacy-preserving aggrega-tion scheme (EPPA) Their scheme relied on homomorphicPaillier cryptosystem and induces much computation over-head Cheung et al [14] proposed a credential-based privacy-preserving power request scheme for smart grid which reliedon an advanced cryptographic primitive-blind signature Heet al [15] proposed to use homomorphic encryption for smartgrid communications Comparing with all aforementionedrelated work our final scheme does not rely on any crypto-graphic primitive but fulfils provable privacy and restrainsultra-lightweight in computation
5 Conclusions
In this paper we proposed three schemes to protect user pri-vacy in smart grid without any cryptographic primitive andwith ultra-lightweight computation They are random per-turbation scheme (RPS) random walk scheme (RWS) anddistance-bounded random walk with perturbation scheme(DBS) We also proposed three algorithms for three schemesrespectively Our schemes do not rely on any cryptographiccomputations are sound in terms of maintaining the correctutility charge can guarantee the privacy that were strictlyproofed and can ensure the scheduling accuracy in powertransmission and distribution All proposed schemes andalgorithms were extensively analyzed which justified theirapplicability
Acknowledgments
W Renrsquos research was financially supported by NationalNatural Science Foundation of China (61170217) the OpenResearch Fund from Shandong provincial Key Laboratoryof Computer Network (SDKLCN-2011-01) and FundamentalResearch Funds for the Central Universities (CUG110109) YRenrsquos research was sponsored in part by the ldquoAim for the TopUniversity Projectrdquo of the National Chiao Tung Universityand the Ministry of Education Taiwan
References
[1] The Smart Grid Interoperability Panel Cyber Security Work-ing Group ldquoNistir 7628 guidelines for smart grid cybersecurityrdquo in Privacy and the smart grid vol 2 2010 httpcsrcnistgovpublicationsnistirir7628nistir-7628 vol2pdf
[2] H Khurana M Hadley N Lu and D A Frincke ldquoSmart-gridsecurity issuesrdquo IEEE Security and Privacy vol 8 no 1 pp 81ndash85 2010
[3] P McDaniel and S McLaughlin ldquoSecurity and privacy chal-lenges in the smart gridrdquo IEEE Security and Privacy vol 7 no3 pp 75ndash77 2009
[4] A R Metke and R L Ekl ldquoSecurity technology for smart gridnetworksrdquo IEEE Transactions on Smart Grid vol 1 no 1 pp99ndash107 2010
[5] G N Ericsson ldquoCyber security and power system commu-nicationessential parts of a smart grid infrastructurerdquo IEEETransactions on Power Delivery vol 25 no 3 pp 1501ndash15072010
[6] A Vaccaro M Popov D Villacci and V Terzija ldquoAn integratedframework for smart microgrids modeling monitoring con-trol communication and verificationrdquo Proceedings of the IEEEvol 99 no 1 pp 119ndash132 2010
[7] T M Overman R W Sackman T L Davis and B S CohenldquoHigh-assurance smart grid a three-part model for smart gridcontrol systemsrdquo Proceedings of the IEEE vol 99 no 6 pp1046ndash1062 2011
[8] J Liu Y Xiao S Li W Liang and C Chen ldquoCyber security andprivacy issues in smart gridsrdquo IEEE Communications SurveysTutorials vol 99 pp 1ndash17 2012
[9] F Maandrmol C Sorge O Ugus and G Peandrez ldquoDo notsnoop my habits preserving privacy in the smart gridrdquo IEEECommunications Magazine vol 50 no 5 pp 166ndash172 2012
[10] R Lu X Liang X Li X Lin and X Shen ldquoEppa anefficient and privacypreserving aggregation scheme for securesmart grid communicationsrdquo IEEE Transactions on Parallel andDistributed Systems vol 23 no 9 pp 1621ndash1631 2012
[11] S Wang L Cui J Que et al ldquoA randomized response modelfor privacy preserving smart meteringrdquo IEEE Transactions onSmart Grid vol 3 no 3 pp 1317ndash1324 2012
[12] C Efthymiou and G Kalogridis ldquoSmart grid privacy viaanonymization of smart metering datardquo in Proceedings of the 1stIEEE International Conference on Smart Grid Communications(SmartGridComm rsquo10) pp 238ndash243 October 2010
[13] M Tomosada and Y Sinohara ldquoVirtual energy demand dataestimating energy load and protecting consumersrsquo privacyrdquo inProceedings of the IEEE PES Innovative Smart Grid Technologies(ISGT rsquo11) pp 1ndash8 January 2011
[14] J Cheung T Chim S Yiu L Hui and V Li ldquoCredential-based privacy-preserving power request scheme for smart gridnetworkrdquo in Proceedings of the IEEE Global TelecommunicationsConference (GLOBECOM rsquo11) pp 1ndash5 December 2011
[15] X He M Pun and C Kuo ldquoSecure and efficient cryptosystemfor smart grid using homomorphic encryptionrdquo in Proceedingsof the IEEE PES Innovative Smart Grid Technologies (ISGT rsquo12)pp 1ndash8 January 2012
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
4 International Journal of Distributed Sensor Networks
concentration to search an ultra-lightweight transformationfunction 119865 with Privacy
119901A119865
full= 1 in the rest of the paper
Definition 8 ldquoBadrdquo data set (119863119860119879119860119887) It consists of all
power consumption data that can deduce to one or multipleactivities in119860119862119879119863119860119879119860
119887= 1198891198871 1198891198872 119889119887
119900 where 119900 is the
total number of 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900)
The characteristics of 119863119860119879119860119887 119860119862119879 and deduction
relationship set 119877 are as the following
(1) Without loss of generality 119863119860119879119860119887is a sorted set of
positive numbersThat is1198891198871lt 1198891198872lt sdot sdot sdot lt 119889119887
1199001198891198871is
equal to or greater than the power consumption of theminimum power consumption appliance in a period119889119887119900is equal to or less than the power consumption of
all appliances in a period
(2) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) may represent the
usage of one appliance in a period For example 1198891198871
(30wh) is the power consumption of a lamp for aperiod 119889119887
1is related to an event (eg 119886
1) that means
the lamp is on in the period
(3) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) may also repre-
sent the usage of multiple household appliances Forexample 119889119887
9represents two household appliances
used simultaneously 1198891198879= 1198891198871+ 1198891198872 where 119889119887
1is
the power consumption of the lamp in a period 1198891198872
is the power consumption of the washing machine inthe period Thus 119889119887
9means using lamp and washing
machine simultaneously in the period
(4) Similarly any 119886119895isin 119860119862119879 (119895 = 1 119898)may represent
the usage of one appliance or multiple householdappliances simultaneously
(5) Any 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) is related to at least
one 119886119895isin 119860119862119879 (119895 = 1 119898) any 119886
119895isin 119860119862119879 (119895 =
1 119898) is related to at least one in 119889119887119894isin 119863119860119879119860
119887(119894 =
1 119900)
(6) Different 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900) cannot be relat-
ed to the same 119886119895isin 119860119862119879 (119895 = 1 119898) as any 119886
119895isin
119860119862119879 (119895 = 1 119898) has single power consumption ina period
(7) 119889119887119894isin 119863119860119879119860
119887(119894 = 1 119900)may be related tomultiple
119886119895 because such 119889119887
119894may be the power consumption
for multiple appliances and those appliances mayhave the same power consumption in total Forexample 119889119887
9= 1198891198871+ 1198891198872= 1198891198873+ 1198891198874 1198891198879is related
to 1198865 1198866isin 119860119862119879 where 119886
5means using lamp and
washing machine simultaneously and 1198866means the
usage of the other two appliances
In summary the deduction relationship set119877 = 119863119860119879119860119887times
119860119862119879 can be further refined from a general relationship set toa relationship set with following properties
Pr forall119889119887119894isin 119863119860119879119860
119887 exist119886119895isin 119860119862119879 st (119889119887
119894 119886119895) isin 119877 = 1
Pr forall119886119895isin 119860119862119879 exist119889119887
119894isin 119863119860119879119860
119887 st (119889119887
119894 119886119895) isin 119877 = 1
Pr exist119889119887119894isin 119863119860119879119860
119887 1198861198951isin 119860119862119879 119886
1198952isin 119860119862119879
st (119889119887119894 1198861198951) isin 119877 (119889119887
119894 1198861198952) isin 119877 gt 0
Pr exist1198891198941isin 119863119860119879119860
119887 1198891198942isin 119863119860119879119860
119887 119886119895isin 119860119862119879
st (1198891198941 119886119895) isin 119877 (119889
1198942 119886119895) isin 119877 = 0
(7)
In other words mapping 119863119860119879119860119887rarr 119860119862119879 is not a
function and mapping 119860119862119879 rarr 119863119860119879119860119887is a surjective and
not a injective function
Definition 9 After transformation 119865 the privacy of119863119860119879119860
119906is guaranteed (denoted as Privacy119865
119863119860119879119860119906
= 1)Privacy119865
119863119860119879119860119906
= 1 if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) notin 119863119860119879119860
119887 (8)
where 119865 119863119860119879119860119904rarr 119863119860119879119860
119906
Definition 10 After transformation 119865 the soundness of119863119860119879119860
119906is guaranteed (Soundness119865
119863119860119879119860119906
= 1) The utilitysummation remains unchanged That is
119899
sum
119894=1
119889119904119894lowast 119901119894=
119899
sum
119894=1
119889119906119894lowast 119901119894 (9)
Due to the concentration in the rest of the paper theresearch problem is reduced to as follows given119863119860119879119860
119904 find
an ultra-lightweight transformation 119865 119863119860119879119860119904rarr 119863119860119879119860
119906
such that the privacy and soundness of 119863119860119879119860119906are both
guaranteed That is given 119863119860119879119860119904 find 119865 119863119860119879119860
119904rarr
119863119860119879119860119906 st Privacy119865
119863119860119879119860119906
= 1 and Soundness119865119863119860119879119860
119906
= 1Next we propose a family of schemes to solve the
problem We list all major notations used in the remainderof the paper in Table 1
32 Random Perturbation Scheme (RPS) We firstly proposea basic scheme-random perturbation scheme (RPS) to illus-trate our motivations In RPS any 119889119904
119894isin 119863119860119879119860
119904is perturbed
into a new value in the middle of 119889119887119895and 119889119887
119895minus1or in the
middle of 119889119887119895and 119889119887
119895+1The two cases are selected randomly
A Random Perturbation Algorithm called RPA is proposedfor transformation 119865 as follows
321 Analysis of Algorithm 1
Proposition 11 After the transformation of algorithmRPA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119875119860119863119860119879119860
119906
= 1)
International Journal of Distributed Sensor Networks 5
Table 1 Notation
A Adversary119863119860119879119860
119904= 119889119904
1 119889119904
119899 Sensing power consumption data set
119863119860119879119860119906= 119889119906
1 119889119906
119899 Uploading power consumption data set
119865 Transforming function from119863119860119879119860119904to119863119860119879119860
119906
119863119860119879119860119887= 119889119887
1 119889119887
119900 ldquoBadrdquo power consumption data set
119875119877119868119862119864 = 1199011 1199012 119901
119899 Price set
119860119862119879 = 1198861 1198862 119886
119898 Activity set
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRPA
119863119860119879119860119906
=1 SoundnessRPA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904) Get a data from119863119860119879119860
119904
for 119894 = 1 to 119899 minus 1 doif ((119889119904
119894== 119889119887
1)OR (119889119887
1lt 119889119904119894lt 1198891198872)) then
119889119906119894lArr (119889119887
1+ 1198891198872)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif ((119889119904
119894== 119889119887
119900)OR (119889119887
119900minus1lt 119889119904119894lt 119889119887119900)) then
119889119906119894lArr (119889119887
119900minus1+ 119889119887119900)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end iffor 119895 = 2 to 119900 minus 1 do
if (119889119904119894== 119889119887
119895) then
119889119906119894lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119887
119895+ 119889119887119895+1)2 (119889119887
119895+ 119889119887119895minus1)2)
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif (119889119887
119895lt 119889119904119894lt 119889119887119895+1)then
119889119906119894lArr (119889119887
119895+ 119889119887119895+1)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifend for
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899For soundness
Algorithm 1 Random Perturbation AlgorithmmdashRPA
Proof The biases of 119889119906119894(119894 = 1 119899 minus 1) comparing to
119889119904119894(1 119899minus1) are accumulated into a total value119861119868119860119878119861119868119860119878
is changed into extra power consumption and added to thelast one 119889119906
119899 Thussum119899
119894=1119889119904119894lowast119901119894= sum119899
119894=1119889119906119894lowast119901119894 The total cost
of power consumption in a day maintains the correct valueso SoundnessRPA
119863119860119879119860119906
= 1
Proposition 12 The scheme RPS is ultra-lightweight
Proof As algorithm RPA is ultra-lightweight the number ofloops is (119899 minus 1) lowast (119900 minus 2) The computation in each loop isonly simple operations such asmodulo minus plus divisionandmultiplicationThe computation complexity of algorithmRPA is 119874(119899 lowast 119900)
Proposition 13 The scheme RPS can guarantee the perfect fullprivacy (Privacy119901A119877119875119878
119891119906119897119897= 1)
Proof It is clear that for all 119889119904119894isin 119863119860119879119860
119904 119889119906119894= 119865(119889119904
119894) notin
119863119860119879119860119887 Thus PrivacyRPA
119863119860119879119860119906
= 1 According to the definitionof the perfect full privacy Privacy119901ARPS
full= 1
33 RandomWalk Scheme (RWS) If the gap between 119889119887119895and
119889119887119895+1
(119895 = 1 119900minus1) is small the perturbation (namely 120575) inRPSwill be small It can be proofed as a claim in the following
Claim 4 If the gap between 119889119887119895and 119889119887
119895+1(119895 = 1 119900 minus 1) is
small the perturbation in RPS will be small
Proof Suppose max(|119889119887119895minus 119889119887119895+1|) = 119892(119895 = 1 119899 minus 1) If
119889119904119894= 119889119887119895isin 119863119860119879119860
119887) in RPA max(120575) le 1198922 If 119889119904
119894= 119889119887119895isin
119863119860119879119860119887 max(120575) lt 1198922 Thus the perturbation 120575 is small if 119892
is small
6 International Journal of Distributed Sensor Networks
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRWA
119863119860119879119860119906
= 1 SoundnessRWA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 do119895 lArr (119903119886119899119889119900119898()119900 + 1)119889119906119894lArr 119889119887
119895
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 2 RandomWalk Algorithm (RWA)
If the perturbation is small adversaries may guess the 119889119904119894
correctly and adversaries can guess the activity is either oftwo activities To address this issue we propose a randomwalk scheme called RWS in which 119889119904
119894isin 119863119860119879119860
119904randomly
jumps to a value in119863119860119879119860119887 In this case the privacy definition
is extended to include unlinkability inwhich the possibility of119889119887119895isin 119863119860119879119860
119887for 119889119904
119894is equal Thus the revealed user activity
occurs with equal possibility
Definition 14 After transformation 119865 the privacy of119863119860119879119860119906
is guaranteed (denoted as Privacy119865119863119860119879119860
119906
= 1) if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) isin 119863119860119879119860
119906
forall119889119887119901 119889119887
119902isin 119863119860119879119860
119887 119889119887
119901= 119889119887119902
Pr 119889119906119894= 119889119887119901 = Pr 119889119906
119894= 119889119887119902
(10)
The definition for privacy is thus extended to include thedefinition here and Definition 9
In RWS any 119889119904119894isin 119863119860119879119860
119904(119894 = 1 119899 minus 1) is perturbed
to a value 119889119887119895isin 119863119860119879119860
119887(119895 = 1 119900) which is randomly
selected This algorithm is thus especially ultra-lightweightin terms of computation A randomwalk algorithm (RWA) isproposed for the transformation function 119865 as follows
331 Analysis of Algorithm 2
Proposition 15 After the transformation of algorithmRWA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119882119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Proposition 11As sum119899119894=1119889119904119894lowast 119901119894= sum119899
119894=1119889119906119894lowast 119901119894 the total cost of power
consumption in a day maintains the correct value Thus thesoundness of RWA is guaranteed
Proposition 16 The scheme RWS is ultra-lightweight
Proof The number of loops is 119899 minus 1 so algorithm RPA isultra-lightweight The computations in loops are only simpleoperations such as modulo minus plus and multiplication
Moreover algorithm RWA is more lightweight than algo-rithm RPA Thus scheme RWS is ultra-lightweight
Proposition 17 The scheme RWS can guarantee the perfectfull privacy (Privacy119901A119877119882119878
119891119906119897119897= 1)
Proof According to the algorithm for for all 119889119904119894isin 119863119860119879119860
119904
if 119889119906119894= 119865(119889119904
119894) isin 119863119860119879119860
119906 we have forall119889119887
119901 119889119887119902isin 119863119860119879119860
119887
119889119887119901= 119889119887119902 and Pr119889119906
119894= 119889119887
119901 = Pr119889119906
119894= 119889119887
119902 Thus
PrivacyRWA119863119860119879119860
119906
= 1 According to the definition of the privacyin Definition 14 Privacy119901ARWS
full= 1
34 Distance-Bounded Random Walk with PerturbationScheme (DBS) In smart grid the uploading data will beused as a feedback for future scheduling of distribution andtransmission It thus requires the uploading data can accu-rately present the power consumption (namely sensing data)However thanks to the power distribution and transmissionserve not for a single SM but a large number of SMs (eg acampus a community or a county scale) only the accuracyfor a scale of SMs is sufficient for scheduling
In RPS and RWS although the bias exists (that isuploading data is not equal to sensing data) at single SMthe uploading data for a large number of SMs can stillrepresent power consumption in a scaleMore specifically thedeviation between the summation of uploading data and thesummation of sensing data is randomly positive or negativein one SM thus the overall summation remains almostunchanged in expectation in a large scale It is explained asfollows
Definition 18 After the transformation 119865 the accuracy of119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(denoted as Accuracy119865119863119860119879119860
119906
= 1) The summation of119863119860119879119860119906
equals the summation of 119863119860119879119860119904 in scheduling area and
scheduling period More specifically suppose that eachscheduling period consists of 119909 sensing (uploading) periodand each scheduling area consists of 119910 SMs The uploadingdata for them is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 The
sensing data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894
International Journal of Distributed Sensor Networks 7
Required119863119860119879119860119904 119863119860119879119860
119887 BOUND
Ensure119863119860119879119860119906 PrivacyDBA
119863119860119879119860119906
= 1 SoundnessDBA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 doWHILE (1)
119895 lArr (119903119886119899119889119900119898()(119900 minus 2) + 2)120575 lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119904
119894minus (119889119887119895+ (119889119887119895+1minus 119889119887119895)2)) (119889119904
119894minus (119889119887119895+ (119889119887119895minus 119889119887119895minus1)2)))
if (119886119887119904(120575) le 119861119874119880119873119863) then119889119906119894lArr 119889119904
119894minus 120575
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
EXITelse
CONTINUEend if
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 3 Distance-Bounded Algorithm (DBA)
The accuracy of119863119860119879119860119906is guaranteed if and only if SUM
119904=
SUM119906
Proposition 19 After the transformation 119877119875119860 or 119877119882119860 theaccuracy of119863119860119879119860
119906is guaranteed in expectation for a schedul-
ing area (Accuracy119877119875119860119877119882119860119863119860119879119860
119906
= 1)
Proof In each sensing (uploading) period 119889119904119894is changed into
119889119906119894at single SM 120575 = 119889119904
119894minus 119889119906119894 Suppose that each scheduling
period consists of 119909 sensing (uploading) period and eachscheduling area consists of 119910 SMs The uploading data forthem is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 the sensing
data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894 The
expectation of both is equal as the expectation of 120575 is 0 ina scheduling area That is SUM
119904= SUM
119906 as 120575 = 0 where119867
means the expectation of119867
To further guarantee the scheduling accuracy we proposea distance-bounded scheme in which the perturbation value(ie 120575) is bounded The accuracy is thus guaranteed withina threshold value It takes the advantages of former twoalgorithms RPA and RWA A distance-bounded algorithm(DBA) for the transformation 119865 is proposed as follows
341 Analysis of Algorithm 3
Proposition 20 After the transformation of algorithmDBA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Propositions 11 and15
Proposition 21 The scheme DBS is ultra-lightweight
Proof The proof can be reduced to the proof of Propositions12 and 16
Proposition 22 The scheme DBS can guarantee the perfectfull privacy (Privacy119901A119863119861119878
119891119906119897119897= 1)
Proof Theproof is similar to the proof of Propositions 13 and17
Proposition 23 After the transformation 119863119861119860 the accuracyof 119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(Accuracy119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is reduced to the proof of Proposition 19
Proposition 24 The summation of uploading data equals thesummation of the sensing data with deviation bounded by 120572 lowast120573lowast119861119874119880119873119863 where 120572 is the number of SMs in a schedule area120573 is the number of sensing (uploading) period in a scheduleperiod (That is |119878119880119872
119906minus 119878119880119872
119904| le 120572 lowast 120573 lowast 119861119874119880119873119863)
Proof The schedule accuracy is the deviation between thesummation of uploading data and the summation of sensingdata As it is proofed in Proposition 19 it depends on thenumber of SMs in the schedule area and the number ofsensing (uploading) period in the schedule period Theexpectation value is proofed to be 0 as the expectation of120575 is 0 Concerning the accuracy of one schedule periodthe maximal bias between the summation of uploading dataand the summation of sensing data is bounded by 120572 lowast 120573 lowast119861119874119880119873119863
4 Related Work
The security architectures and overall security requirementsin smart grid were discussed in the recent years [3 7] Cur-rently the privacy issue in smart grid starts to attract moreattentions The requirements of privacy were explored insome previousworks [8ndash11]They pointed out the importance
8 International Journal of Distributed Sensor Networks
and urgency of privacy issues Efthymiou and Kalogridisproposed a privacy protection scheme via anonymizationof data [12] Their work relied on Escrow and Public KeyInfrastructure (PKI) thus the flexibility and scalability maybe tampered Tomosada and Sinohara proposed to use virtualenergy demand to estimate the energy load and protectingconsumer privacy [13] but the estimation may take muchcomputation overhead and accuracy may be damaged Lu etal [10] proposed an efficient and privacy-preserving aggrega-tion scheme (EPPA) Their scheme relied on homomorphicPaillier cryptosystem and induces much computation over-head Cheung et al [14] proposed a credential-based privacy-preserving power request scheme for smart grid which reliedon an advanced cryptographic primitive-blind signature Heet al [15] proposed to use homomorphic encryption for smartgrid communications Comparing with all aforementionedrelated work our final scheme does not rely on any crypto-graphic primitive but fulfils provable privacy and restrainsultra-lightweight in computation
5 Conclusions
In this paper we proposed three schemes to protect user pri-vacy in smart grid without any cryptographic primitive andwith ultra-lightweight computation They are random per-turbation scheme (RPS) random walk scheme (RWS) anddistance-bounded random walk with perturbation scheme(DBS) We also proposed three algorithms for three schemesrespectively Our schemes do not rely on any cryptographiccomputations are sound in terms of maintaining the correctutility charge can guarantee the privacy that were strictlyproofed and can ensure the scheduling accuracy in powertransmission and distribution All proposed schemes andalgorithms were extensively analyzed which justified theirapplicability
Acknowledgments
W Renrsquos research was financially supported by NationalNatural Science Foundation of China (61170217) the OpenResearch Fund from Shandong provincial Key Laboratoryof Computer Network (SDKLCN-2011-01) and FundamentalResearch Funds for the Central Universities (CUG110109) YRenrsquos research was sponsored in part by the ldquoAim for the TopUniversity Projectrdquo of the National Chiao Tung Universityand the Ministry of Education Taiwan
References
[1] The Smart Grid Interoperability Panel Cyber Security Work-ing Group ldquoNistir 7628 guidelines for smart grid cybersecurityrdquo in Privacy and the smart grid vol 2 2010 httpcsrcnistgovpublicationsnistirir7628nistir-7628 vol2pdf
[2] H Khurana M Hadley N Lu and D A Frincke ldquoSmart-gridsecurity issuesrdquo IEEE Security and Privacy vol 8 no 1 pp 81ndash85 2010
[3] P McDaniel and S McLaughlin ldquoSecurity and privacy chal-lenges in the smart gridrdquo IEEE Security and Privacy vol 7 no3 pp 75ndash77 2009
[4] A R Metke and R L Ekl ldquoSecurity technology for smart gridnetworksrdquo IEEE Transactions on Smart Grid vol 1 no 1 pp99ndash107 2010
[5] G N Ericsson ldquoCyber security and power system commu-nicationessential parts of a smart grid infrastructurerdquo IEEETransactions on Power Delivery vol 25 no 3 pp 1501ndash15072010
[6] A Vaccaro M Popov D Villacci and V Terzija ldquoAn integratedframework for smart microgrids modeling monitoring con-trol communication and verificationrdquo Proceedings of the IEEEvol 99 no 1 pp 119ndash132 2010
[7] T M Overman R W Sackman T L Davis and B S CohenldquoHigh-assurance smart grid a three-part model for smart gridcontrol systemsrdquo Proceedings of the IEEE vol 99 no 6 pp1046ndash1062 2011
[8] J Liu Y Xiao S Li W Liang and C Chen ldquoCyber security andprivacy issues in smart gridsrdquo IEEE Communications SurveysTutorials vol 99 pp 1ndash17 2012
[9] F Maandrmol C Sorge O Ugus and G Peandrez ldquoDo notsnoop my habits preserving privacy in the smart gridrdquo IEEECommunications Magazine vol 50 no 5 pp 166ndash172 2012
[10] R Lu X Liang X Li X Lin and X Shen ldquoEppa anefficient and privacypreserving aggregation scheme for securesmart grid communicationsrdquo IEEE Transactions on Parallel andDistributed Systems vol 23 no 9 pp 1621ndash1631 2012
[11] S Wang L Cui J Que et al ldquoA randomized response modelfor privacy preserving smart meteringrdquo IEEE Transactions onSmart Grid vol 3 no 3 pp 1317ndash1324 2012
[12] C Efthymiou and G Kalogridis ldquoSmart grid privacy viaanonymization of smart metering datardquo in Proceedings of the 1stIEEE International Conference on Smart Grid Communications(SmartGridComm rsquo10) pp 238ndash243 October 2010
[13] M Tomosada and Y Sinohara ldquoVirtual energy demand dataestimating energy load and protecting consumersrsquo privacyrdquo inProceedings of the IEEE PES Innovative Smart Grid Technologies(ISGT rsquo11) pp 1ndash8 January 2011
[14] J Cheung T Chim S Yiu L Hui and V Li ldquoCredential-based privacy-preserving power request scheme for smart gridnetworkrdquo in Proceedings of the IEEE Global TelecommunicationsConference (GLOBECOM rsquo11) pp 1ndash5 December 2011
[15] X He M Pun and C Kuo ldquoSecure and efficient cryptosystemfor smart grid using homomorphic encryptionrdquo in Proceedingsof the IEEE PES Innovative Smart Grid Technologies (ISGT rsquo12)pp 1ndash8 January 2012
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of Distributed Sensor Networks 5
Table 1 Notation
A Adversary119863119860119879119860
119904= 119889119904
1 119889119904
119899 Sensing power consumption data set
119863119860119879119860119906= 119889119906
1 119889119906
119899 Uploading power consumption data set
119865 Transforming function from119863119860119879119860119904to119863119860119879119860
119906
119863119860119879119860119887= 119889119887
1 119889119887
119900 ldquoBadrdquo power consumption data set
119875119877119868119862119864 = 1199011 1199012 119901
119899 Price set
119860119862119879 = 1198861 1198862 119886
119898 Activity set
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRPA
119863119860119879119860119906
=1 SoundnessRPA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904) Get a data from119863119860119879119860
119904
for 119894 = 1 to 119899 minus 1 doif ((119889119904
119894== 119889119887
1)OR (119889119887
1lt 119889119904119894lt 1198891198872)) then
119889119906119894lArr (119889119887
1+ 1198891198872)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif ((119889119904
119894== 119889119887
119900)OR (119889119887
119900minus1lt 119889119904119894lt 119889119887119900)) then
119889119906119894lArr (119889119887
119900minus1+ 119889119887119900)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end iffor 119895 = 2 to 119900 minus 1 do
if (119889119904119894== 119889119887
119895) then
119889119906119894lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119887
119895+ 119889119887119895+1)2 (119889119887
119895+ 119889119887119895minus1)2)
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifif (119889119887
119895lt 119889119904119894lt 119889119887119895+1)then
119889119906119894lArr (119889119887
119895+ 119889119887119895+1)2
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end ifend for
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899For soundness
Algorithm 1 Random Perturbation AlgorithmmdashRPA
Proof The biases of 119889119906119894(119894 = 1 119899 minus 1) comparing to
119889119904119894(1 119899minus1) are accumulated into a total value119861119868119860119878119861119868119860119878
is changed into extra power consumption and added to thelast one 119889119906
119899 Thussum119899
119894=1119889119904119894lowast119901119894= sum119899
119894=1119889119906119894lowast119901119894 The total cost
of power consumption in a day maintains the correct valueso SoundnessRPA
119863119860119879119860119906
= 1
Proposition 12 The scheme RPS is ultra-lightweight
Proof As algorithm RPA is ultra-lightweight the number ofloops is (119899 minus 1) lowast (119900 minus 2) The computation in each loop isonly simple operations such asmodulo minus plus divisionandmultiplicationThe computation complexity of algorithmRPA is 119874(119899 lowast 119900)
Proposition 13 The scheme RPS can guarantee the perfect fullprivacy (Privacy119901A119877119875119878
119891119906119897119897= 1)
Proof It is clear that for all 119889119904119894isin 119863119860119879119860
119904 119889119906119894= 119865(119889119904
119894) notin
119863119860119879119860119887 Thus PrivacyRPA
119863119860119879119860119906
= 1 According to the definitionof the perfect full privacy Privacy119901ARPS
full= 1
33 RandomWalk Scheme (RWS) If the gap between 119889119887119895and
119889119887119895+1
(119895 = 1 119900minus1) is small the perturbation (namely 120575) inRPSwill be small It can be proofed as a claim in the following
Claim 4 If the gap between 119889119887119895and 119889119887
119895+1(119895 = 1 119900 minus 1) is
small the perturbation in RPS will be small
Proof Suppose max(|119889119887119895minus 119889119887119895+1|) = 119892(119895 = 1 119899 minus 1) If
119889119904119894= 119889119887119895isin 119863119860119879119860
119887) in RPA max(120575) le 1198922 If 119889119904
119894= 119889119887119895isin
119863119860119879119860119887 max(120575) lt 1198922 Thus the perturbation 120575 is small if 119892
is small
6 International Journal of Distributed Sensor Networks
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRWA
119863119860119879119860119906
= 1 SoundnessRWA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 do119895 lArr (119903119886119899119889119900119898()119900 + 1)119889119906119894lArr 119889119887
119895
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 2 RandomWalk Algorithm (RWA)
If the perturbation is small adversaries may guess the 119889119904119894
correctly and adversaries can guess the activity is either oftwo activities To address this issue we propose a randomwalk scheme called RWS in which 119889119904
119894isin 119863119860119879119860
119904randomly
jumps to a value in119863119860119879119860119887 In this case the privacy definition
is extended to include unlinkability inwhich the possibility of119889119887119895isin 119863119860119879119860
119887for 119889119904
119894is equal Thus the revealed user activity
occurs with equal possibility
Definition 14 After transformation 119865 the privacy of119863119860119879119860119906
is guaranteed (denoted as Privacy119865119863119860119879119860
119906
= 1) if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) isin 119863119860119879119860
119906
forall119889119887119901 119889119887
119902isin 119863119860119879119860
119887 119889119887
119901= 119889119887119902
Pr 119889119906119894= 119889119887119901 = Pr 119889119906
119894= 119889119887119902
(10)
The definition for privacy is thus extended to include thedefinition here and Definition 9
In RWS any 119889119904119894isin 119863119860119879119860
119904(119894 = 1 119899 minus 1) is perturbed
to a value 119889119887119895isin 119863119860119879119860
119887(119895 = 1 119900) which is randomly
selected This algorithm is thus especially ultra-lightweightin terms of computation A randomwalk algorithm (RWA) isproposed for the transformation function 119865 as follows
331 Analysis of Algorithm 2
Proposition 15 After the transformation of algorithmRWA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119882119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Proposition 11As sum119899119894=1119889119904119894lowast 119901119894= sum119899
119894=1119889119906119894lowast 119901119894 the total cost of power
consumption in a day maintains the correct value Thus thesoundness of RWA is guaranteed
Proposition 16 The scheme RWS is ultra-lightweight
Proof The number of loops is 119899 minus 1 so algorithm RPA isultra-lightweight The computations in loops are only simpleoperations such as modulo minus plus and multiplication
Moreover algorithm RWA is more lightweight than algo-rithm RPA Thus scheme RWS is ultra-lightweight
Proposition 17 The scheme RWS can guarantee the perfectfull privacy (Privacy119901A119877119882119878
119891119906119897119897= 1)
Proof According to the algorithm for for all 119889119904119894isin 119863119860119879119860
119904
if 119889119906119894= 119865(119889119904
119894) isin 119863119860119879119860
119906 we have forall119889119887
119901 119889119887119902isin 119863119860119879119860
119887
119889119887119901= 119889119887119902 and Pr119889119906
119894= 119889119887
119901 = Pr119889119906
119894= 119889119887
119902 Thus
PrivacyRWA119863119860119879119860
119906
= 1 According to the definition of the privacyin Definition 14 Privacy119901ARWS
full= 1
34 Distance-Bounded Random Walk with PerturbationScheme (DBS) In smart grid the uploading data will beused as a feedback for future scheduling of distribution andtransmission It thus requires the uploading data can accu-rately present the power consumption (namely sensing data)However thanks to the power distribution and transmissionserve not for a single SM but a large number of SMs (eg acampus a community or a county scale) only the accuracyfor a scale of SMs is sufficient for scheduling
In RPS and RWS although the bias exists (that isuploading data is not equal to sensing data) at single SMthe uploading data for a large number of SMs can stillrepresent power consumption in a scaleMore specifically thedeviation between the summation of uploading data and thesummation of sensing data is randomly positive or negativein one SM thus the overall summation remains almostunchanged in expectation in a large scale It is explained asfollows
Definition 18 After the transformation 119865 the accuracy of119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(denoted as Accuracy119865119863119860119879119860
119906
= 1) The summation of119863119860119879119860119906
equals the summation of 119863119860119879119860119904 in scheduling area and
scheduling period More specifically suppose that eachscheduling period consists of 119909 sensing (uploading) periodand each scheduling area consists of 119910 SMs The uploadingdata for them is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 The
sensing data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894
International Journal of Distributed Sensor Networks 7
Required119863119860119879119860119904 119863119860119879119860
119887 BOUND
Ensure119863119860119879119860119906 PrivacyDBA
119863119860119879119860119906
= 1 SoundnessDBA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 doWHILE (1)
119895 lArr (119903119886119899119889119900119898()(119900 minus 2) + 2)120575 lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119904
119894minus (119889119887119895+ (119889119887119895+1minus 119889119887119895)2)) (119889119904
119894minus (119889119887119895+ (119889119887119895minus 119889119887119895minus1)2)))
if (119886119887119904(120575) le 119861119874119880119873119863) then119889119906119894lArr 119889119904
119894minus 120575
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
EXITelse
CONTINUEend if
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 3 Distance-Bounded Algorithm (DBA)
The accuracy of119863119860119879119860119906is guaranteed if and only if SUM
119904=
SUM119906
Proposition 19 After the transformation 119877119875119860 or 119877119882119860 theaccuracy of119863119860119879119860
119906is guaranteed in expectation for a schedul-
ing area (Accuracy119877119875119860119877119882119860119863119860119879119860
119906
= 1)
Proof In each sensing (uploading) period 119889119904119894is changed into
119889119906119894at single SM 120575 = 119889119904
119894minus 119889119906119894 Suppose that each scheduling
period consists of 119909 sensing (uploading) period and eachscheduling area consists of 119910 SMs The uploading data forthem is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 the sensing
data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894 The
expectation of both is equal as the expectation of 120575 is 0 ina scheduling area That is SUM
119904= SUM
119906 as 120575 = 0 where119867
means the expectation of119867
To further guarantee the scheduling accuracy we proposea distance-bounded scheme in which the perturbation value(ie 120575) is bounded The accuracy is thus guaranteed withina threshold value It takes the advantages of former twoalgorithms RPA and RWA A distance-bounded algorithm(DBA) for the transformation 119865 is proposed as follows
341 Analysis of Algorithm 3
Proposition 20 After the transformation of algorithmDBA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Propositions 11 and15
Proposition 21 The scheme DBS is ultra-lightweight
Proof The proof can be reduced to the proof of Propositions12 and 16
Proposition 22 The scheme DBS can guarantee the perfectfull privacy (Privacy119901A119863119861119878
119891119906119897119897= 1)
Proof Theproof is similar to the proof of Propositions 13 and17
Proposition 23 After the transformation 119863119861119860 the accuracyof 119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(Accuracy119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is reduced to the proof of Proposition 19
Proposition 24 The summation of uploading data equals thesummation of the sensing data with deviation bounded by 120572 lowast120573lowast119861119874119880119873119863 where 120572 is the number of SMs in a schedule area120573 is the number of sensing (uploading) period in a scheduleperiod (That is |119878119880119872
119906minus 119878119880119872
119904| le 120572 lowast 120573 lowast 119861119874119880119873119863)
Proof The schedule accuracy is the deviation between thesummation of uploading data and the summation of sensingdata As it is proofed in Proposition 19 it depends on thenumber of SMs in the schedule area and the number ofsensing (uploading) period in the schedule period Theexpectation value is proofed to be 0 as the expectation of120575 is 0 Concerning the accuracy of one schedule periodthe maximal bias between the summation of uploading dataand the summation of sensing data is bounded by 120572 lowast 120573 lowast119861119874119880119873119863
4 Related Work
The security architectures and overall security requirementsin smart grid were discussed in the recent years [3 7] Cur-rently the privacy issue in smart grid starts to attract moreattentions The requirements of privacy were explored insome previousworks [8ndash11]They pointed out the importance
8 International Journal of Distributed Sensor Networks
and urgency of privacy issues Efthymiou and Kalogridisproposed a privacy protection scheme via anonymizationof data [12] Their work relied on Escrow and Public KeyInfrastructure (PKI) thus the flexibility and scalability maybe tampered Tomosada and Sinohara proposed to use virtualenergy demand to estimate the energy load and protectingconsumer privacy [13] but the estimation may take muchcomputation overhead and accuracy may be damaged Lu etal [10] proposed an efficient and privacy-preserving aggrega-tion scheme (EPPA) Their scheme relied on homomorphicPaillier cryptosystem and induces much computation over-head Cheung et al [14] proposed a credential-based privacy-preserving power request scheme for smart grid which reliedon an advanced cryptographic primitive-blind signature Heet al [15] proposed to use homomorphic encryption for smartgrid communications Comparing with all aforementionedrelated work our final scheme does not rely on any crypto-graphic primitive but fulfils provable privacy and restrainsultra-lightweight in computation
5 Conclusions
In this paper we proposed three schemes to protect user pri-vacy in smart grid without any cryptographic primitive andwith ultra-lightweight computation They are random per-turbation scheme (RPS) random walk scheme (RWS) anddistance-bounded random walk with perturbation scheme(DBS) We also proposed three algorithms for three schemesrespectively Our schemes do not rely on any cryptographiccomputations are sound in terms of maintaining the correctutility charge can guarantee the privacy that were strictlyproofed and can ensure the scheduling accuracy in powertransmission and distribution All proposed schemes andalgorithms were extensively analyzed which justified theirapplicability
Acknowledgments
W Renrsquos research was financially supported by NationalNatural Science Foundation of China (61170217) the OpenResearch Fund from Shandong provincial Key Laboratoryof Computer Network (SDKLCN-2011-01) and FundamentalResearch Funds for the Central Universities (CUG110109) YRenrsquos research was sponsored in part by the ldquoAim for the TopUniversity Projectrdquo of the National Chiao Tung Universityand the Ministry of Education Taiwan
References
[1] The Smart Grid Interoperability Panel Cyber Security Work-ing Group ldquoNistir 7628 guidelines for smart grid cybersecurityrdquo in Privacy and the smart grid vol 2 2010 httpcsrcnistgovpublicationsnistirir7628nistir-7628 vol2pdf
[2] H Khurana M Hadley N Lu and D A Frincke ldquoSmart-gridsecurity issuesrdquo IEEE Security and Privacy vol 8 no 1 pp 81ndash85 2010
[3] P McDaniel and S McLaughlin ldquoSecurity and privacy chal-lenges in the smart gridrdquo IEEE Security and Privacy vol 7 no3 pp 75ndash77 2009
[4] A R Metke and R L Ekl ldquoSecurity technology for smart gridnetworksrdquo IEEE Transactions on Smart Grid vol 1 no 1 pp99ndash107 2010
[5] G N Ericsson ldquoCyber security and power system commu-nicationessential parts of a smart grid infrastructurerdquo IEEETransactions on Power Delivery vol 25 no 3 pp 1501ndash15072010
[6] A Vaccaro M Popov D Villacci and V Terzija ldquoAn integratedframework for smart microgrids modeling monitoring con-trol communication and verificationrdquo Proceedings of the IEEEvol 99 no 1 pp 119ndash132 2010
[7] T M Overman R W Sackman T L Davis and B S CohenldquoHigh-assurance smart grid a three-part model for smart gridcontrol systemsrdquo Proceedings of the IEEE vol 99 no 6 pp1046ndash1062 2011
[8] J Liu Y Xiao S Li W Liang and C Chen ldquoCyber security andprivacy issues in smart gridsrdquo IEEE Communications SurveysTutorials vol 99 pp 1ndash17 2012
[9] F Maandrmol C Sorge O Ugus and G Peandrez ldquoDo notsnoop my habits preserving privacy in the smart gridrdquo IEEECommunications Magazine vol 50 no 5 pp 166ndash172 2012
[10] R Lu X Liang X Li X Lin and X Shen ldquoEppa anefficient and privacypreserving aggregation scheme for securesmart grid communicationsrdquo IEEE Transactions on Parallel andDistributed Systems vol 23 no 9 pp 1621ndash1631 2012
[11] S Wang L Cui J Que et al ldquoA randomized response modelfor privacy preserving smart meteringrdquo IEEE Transactions onSmart Grid vol 3 no 3 pp 1317ndash1324 2012
[12] C Efthymiou and G Kalogridis ldquoSmart grid privacy viaanonymization of smart metering datardquo in Proceedings of the 1stIEEE International Conference on Smart Grid Communications(SmartGridComm rsquo10) pp 238ndash243 October 2010
[13] M Tomosada and Y Sinohara ldquoVirtual energy demand dataestimating energy load and protecting consumersrsquo privacyrdquo inProceedings of the IEEE PES Innovative Smart Grid Technologies(ISGT rsquo11) pp 1ndash8 January 2011
[14] J Cheung T Chim S Yiu L Hui and V Li ldquoCredential-based privacy-preserving power request scheme for smart gridnetworkrdquo in Proceedings of the IEEE Global TelecommunicationsConference (GLOBECOM rsquo11) pp 1ndash5 December 2011
[15] X He M Pun and C Kuo ldquoSecure and efficient cryptosystemfor smart grid using homomorphic encryptionrdquo in Proceedingsof the IEEE PES Innovative Smart Grid Technologies (ISGT rsquo12)pp 1ndash8 January 2012
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
6 International Journal of Distributed Sensor Networks
Required119863119860119879119860119904119863119860119879119860
119887
Ensure119863119860119879119860119906 PrivacyRWA
119863119860119879119860119906
= 1 SoundnessRWA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 do119895 lArr (119903119886119899119889119900119898()119900 + 1)119889119906119894lArr 119889119887
119895
120575 lArr 119889119904119894minus 119889119906119894
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 2 RandomWalk Algorithm (RWA)
If the perturbation is small adversaries may guess the 119889119904119894
correctly and adversaries can guess the activity is either oftwo activities To address this issue we propose a randomwalk scheme called RWS in which 119889119904
119894isin 119863119860119879119860
119904randomly
jumps to a value in119863119860119879119860119887 In this case the privacy definition
is extended to include unlinkability inwhich the possibility of119889119887119895isin 119863119860119879119860
119887for 119889119904
119894is equal Thus the revealed user activity
occurs with equal possibility
Definition 14 After transformation 119865 the privacy of119863119860119879119860119906
is guaranteed (denoted as Privacy119865119863119860119879119860
119906
= 1) if
forall119889119904119894isin 119863119860119879119860
119904 119889119906
119894= 119865 (119889119904
119894) isin 119863119860119879119860
119906
forall119889119887119901 119889119887
119902isin 119863119860119879119860
119887 119889119887
119901= 119889119887119902
Pr 119889119906119894= 119889119887119901 = Pr 119889119906
119894= 119889119887119902
(10)
The definition for privacy is thus extended to include thedefinition here and Definition 9
In RWS any 119889119904119894isin 119863119860119879119860
119904(119894 = 1 119899 minus 1) is perturbed
to a value 119889119887119895isin 119863119860119879119860
119887(119895 = 1 119900) which is randomly
selected This algorithm is thus especially ultra-lightweightin terms of computation A randomwalk algorithm (RWA) isproposed for the transformation function 119865 as follows
331 Analysis of Algorithm 2
Proposition 15 After the transformation of algorithmRWA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119877119882119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Proposition 11As sum119899119894=1119889119904119894lowast 119901119894= sum119899
119894=1119889119906119894lowast 119901119894 the total cost of power
consumption in a day maintains the correct value Thus thesoundness of RWA is guaranteed
Proposition 16 The scheme RWS is ultra-lightweight
Proof The number of loops is 119899 minus 1 so algorithm RPA isultra-lightweight The computations in loops are only simpleoperations such as modulo minus plus and multiplication
Moreover algorithm RWA is more lightweight than algo-rithm RPA Thus scheme RWS is ultra-lightweight
Proposition 17 The scheme RWS can guarantee the perfectfull privacy (Privacy119901A119877119882119878
119891119906119897119897= 1)
Proof According to the algorithm for for all 119889119904119894isin 119863119860119879119860
119904
if 119889119906119894= 119865(119889119904
119894) isin 119863119860119879119860
119906 we have forall119889119887
119901 119889119887119902isin 119863119860119879119860
119887
119889119887119901= 119889119887119902 and Pr119889119906
119894= 119889119887
119901 = Pr119889119906
119894= 119889119887
119902 Thus
PrivacyRWA119863119860119879119860
119906
= 1 According to the definition of the privacyin Definition 14 Privacy119901ARWS
full= 1
34 Distance-Bounded Random Walk with PerturbationScheme (DBS) In smart grid the uploading data will beused as a feedback for future scheduling of distribution andtransmission It thus requires the uploading data can accu-rately present the power consumption (namely sensing data)However thanks to the power distribution and transmissionserve not for a single SM but a large number of SMs (eg acampus a community or a county scale) only the accuracyfor a scale of SMs is sufficient for scheduling
In RPS and RWS although the bias exists (that isuploading data is not equal to sensing data) at single SMthe uploading data for a large number of SMs can stillrepresent power consumption in a scaleMore specifically thedeviation between the summation of uploading data and thesummation of sensing data is randomly positive or negativein one SM thus the overall summation remains almostunchanged in expectation in a large scale It is explained asfollows
Definition 18 After the transformation 119865 the accuracy of119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(denoted as Accuracy119865119863119860119879119860
119906
= 1) The summation of119863119860119879119860119906
equals the summation of 119863119860119879119860119904 in scheduling area and
scheduling period More specifically suppose that eachscheduling period consists of 119909 sensing (uploading) periodand each scheduling area consists of 119910 SMs The uploadingdata for them is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 The
sensing data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894
International Journal of Distributed Sensor Networks 7
Required119863119860119879119860119904 119863119860119879119860
119887 BOUND
Ensure119863119860119879119860119906 PrivacyDBA
119863119860119879119860119906
= 1 SoundnessDBA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 doWHILE (1)
119895 lArr (119903119886119899119889119900119898()(119900 minus 2) + 2)120575 lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119904
119894minus (119889119887119895+ (119889119887119895+1minus 119889119887119895)2)) (119889119904
119894minus (119889119887119895+ (119889119887119895minus 119889119887119895minus1)2)))
if (119886119887119904(120575) le 119861119874119880119873119863) then119889119906119894lArr 119889119904
119894minus 120575
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
EXITelse
CONTINUEend if
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 3 Distance-Bounded Algorithm (DBA)
The accuracy of119863119860119879119860119906is guaranteed if and only if SUM
119904=
SUM119906
Proposition 19 After the transformation 119877119875119860 or 119877119882119860 theaccuracy of119863119860119879119860
119906is guaranteed in expectation for a schedul-
ing area (Accuracy119877119875119860119877119882119860119863119860119879119860
119906
= 1)
Proof In each sensing (uploading) period 119889119904119894is changed into
119889119906119894at single SM 120575 = 119889119904
119894minus 119889119906119894 Suppose that each scheduling
period consists of 119909 sensing (uploading) period and eachscheduling area consists of 119910 SMs The uploading data forthem is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 the sensing
data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894 The
expectation of both is equal as the expectation of 120575 is 0 ina scheduling area That is SUM
119904= SUM
119906 as 120575 = 0 where119867
means the expectation of119867
To further guarantee the scheduling accuracy we proposea distance-bounded scheme in which the perturbation value(ie 120575) is bounded The accuracy is thus guaranteed withina threshold value It takes the advantages of former twoalgorithms RPA and RWA A distance-bounded algorithm(DBA) for the transformation 119865 is proposed as follows
341 Analysis of Algorithm 3
Proposition 20 After the transformation of algorithmDBA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Propositions 11 and15
Proposition 21 The scheme DBS is ultra-lightweight
Proof The proof can be reduced to the proof of Propositions12 and 16
Proposition 22 The scheme DBS can guarantee the perfectfull privacy (Privacy119901A119863119861119878
119891119906119897119897= 1)
Proof Theproof is similar to the proof of Propositions 13 and17
Proposition 23 After the transformation 119863119861119860 the accuracyof 119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(Accuracy119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is reduced to the proof of Proposition 19
Proposition 24 The summation of uploading data equals thesummation of the sensing data with deviation bounded by 120572 lowast120573lowast119861119874119880119873119863 where 120572 is the number of SMs in a schedule area120573 is the number of sensing (uploading) period in a scheduleperiod (That is |119878119880119872
119906minus 119878119880119872
119904| le 120572 lowast 120573 lowast 119861119874119880119873119863)
Proof The schedule accuracy is the deviation between thesummation of uploading data and the summation of sensingdata As it is proofed in Proposition 19 it depends on thenumber of SMs in the schedule area and the number ofsensing (uploading) period in the schedule period Theexpectation value is proofed to be 0 as the expectation of120575 is 0 Concerning the accuracy of one schedule periodthe maximal bias between the summation of uploading dataand the summation of sensing data is bounded by 120572 lowast 120573 lowast119861119874119880119873119863
4 Related Work
The security architectures and overall security requirementsin smart grid were discussed in the recent years [3 7] Cur-rently the privacy issue in smart grid starts to attract moreattentions The requirements of privacy were explored insome previousworks [8ndash11]They pointed out the importance
8 International Journal of Distributed Sensor Networks
and urgency of privacy issues Efthymiou and Kalogridisproposed a privacy protection scheme via anonymizationof data [12] Their work relied on Escrow and Public KeyInfrastructure (PKI) thus the flexibility and scalability maybe tampered Tomosada and Sinohara proposed to use virtualenergy demand to estimate the energy load and protectingconsumer privacy [13] but the estimation may take muchcomputation overhead and accuracy may be damaged Lu etal [10] proposed an efficient and privacy-preserving aggrega-tion scheme (EPPA) Their scheme relied on homomorphicPaillier cryptosystem and induces much computation over-head Cheung et al [14] proposed a credential-based privacy-preserving power request scheme for smart grid which reliedon an advanced cryptographic primitive-blind signature Heet al [15] proposed to use homomorphic encryption for smartgrid communications Comparing with all aforementionedrelated work our final scheme does not rely on any crypto-graphic primitive but fulfils provable privacy and restrainsultra-lightweight in computation
5 Conclusions
In this paper we proposed three schemes to protect user pri-vacy in smart grid without any cryptographic primitive andwith ultra-lightweight computation They are random per-turbation scheme (RPS) random walk scheme (RWS) anddistance-bounded random walk with perturbation scheme(DBS) We also proposed three algorithms for three schemesrespectively Our schemes do not rely on any cryptographiccomputations are sound in terms of maintaining the correctutility charge can guarantee the privacy that were strictlyproofed and can ensure the scheduling accuracy in powertransmission and distribution All proposed schemes andalgorithms were extensively analyzed which justified theirapplicability
Acknowledgments
W Renrsquos research was financially supported by NationalNatural Science Foundation of China (61170217) the OpenResearch Fund from Shandong provincial Key Laboratoryof Computer Network (SDKLCN-2011-01) and FundamentalResearch Funds for the Central Universities (CUG110109) YRenrsquos research was sponsored in part by the ldquoAim for the TopUniversity Projectrdquo of the National Chiao Tung Universityand the Ministry of Education Taiwan
References
[1] The Smart Grid Interoperability Panel Cyber Security Work-ing Group ldquoNistir 7628 guidelines for smart grid cybersecurityrdquo in Privacy and the smart grid vol 2 2010 httpcsrcnistgovpublicationsnistirir7628nistir-7628 vol2pdf
[2] H Khurana M Hadley N Lu and D A Frincke ldquoSmart-gridsecurity issuesrdquo IEEE Security and Privacy vol 8 no 1 pp 81ndash85 2010
[3] P McDaniel and S McLaughlin ldquoSecurity and privacy chal-lenges in the smart gridrdquo IEEE Security and Privacy vol 7 no3 pp 75ndash77 2009
[4] A R Metke and R L Ekl ldquoSecurity technology for smart gridnetworksrdquo IEEE Transactions on Smart Grid vol 1 no 1 pp99ndash107 2010
[5] G N Ericsson ldquoCyber security and power system commu-nicationessential parts of a smart grid infrastructurerdquo IEEETransactions on Power Delivery vol 25 no 3 pp 1501ndash15072010
[6] A Vaccaro M Popov D Villacci and V Terzija ldquoAn integratedframework for smart microgrids modeling monitoring con-trol communication and verificationrdquo Proceedings of the IEEEvol 99 no 1 pp 119ndash132 2010
[7] T M Overman R W Sackman T L Davis and B S CohenldquoHigh-assurance smart grid a three-part model for smart gridcontrol systemsrdquo Proceedings of the IEEE vol 99 no 6 pp1046ndash1062 2011
[8] J Liu Y Xiao S Li W Liang and C Chen ldquoCyber security andprivacy issues in smart gridsrdquo IEEE Communications SurveysTutorials vol 99 pp 1ndash17 2012
[9] F Maandrmol C Sorge O Ugus and G Peandrez ldquoDo notsnoop my habits preserving privacy in the smart gridrdquo IEEECommunications Magazine vol 50 no 5 pp 166ndash172 2012
[10] R Lu X Liang X Li X Lin and X Shen ldquoEppa anefficient and privacypreserving aggregation scheme for securesmart grid communicationsrdquo IEEE Transactions on Parallel andDistributed Systems vol 23 no 9 pp 1621ndash1631 2012
[11] S Wang L Cui J Que et al ldquoA randomized response modelfor privacy preserving smart meteringrdquo IEEE Transactions onSmart Grid vol 3 no 3 pp 1317ndash1324 2012
[12] C Efthymiou and G Kalogridis ldquoSmart grid privacy viaanonymization of smart metering datardquo in Proceedings of the 1stIEEE International Conference on Smart Grid Communications(SmartGridComm rsquo10) pp 238ndash243 October 2010
[13] M Tomosada and Y Sinohara ldquoVirtual energy demand dataestimating energy load and protecting consumersrsquo privacyrdquo inProceedings of the IEEE PES Innovative Smart Grid Technologies(ISGT rsquo11) pp 1ndash8 January 2011
[14] J Cheung T Chim S Yiu L Hui and V Li ldquoCredential-based privacy-preserving power request scheme for smart gridnetworkrdquo in Proceedings of the IEEE Global TelecommunicationsConference (GLOBECOM rsquo11) pp 1ndash5 December 2011
[15] X He M Pun and C Kuo ldquoSecure and efficient cryptosystemfor smart grid using homomorphic encryptionrdquo in Proceedingsof the IEEE PES Innovative Smart Grid Technologies (ISGT rsquo12)pp 1ndash8 January 2012
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of Distributed Sensor Networks 7
Required119863119860119879119860119904 119863119860119879119860
119887 BOUND
Ensure119863119860119879119860119906 PrivacyDBA
119863119860119879119860119906
= 1 SoundnessDBA119863119860119879119860
119906
= 1119889119904119894lArr 119866119890119905119863119886119905119886(119863119860119879119860
119904)
for 119894 = 1 to 119899 minus 1 doWHILE (1)
119895 lArr (119903119886119899119889119900119898()(119900 minus 2) + 2)120575 lArr 119894119891119891(119903119886119899119889119900119898()2 (119889119904
119894minus (119889119887119895+ (119889119887119895+1minus 119889119887119895)2)) (119889119904
119894minus (119889119887119895+ (119889119887119895minus 119889119887119895minus1)2)))
if (119886119887119904(120575) le 119861119874119880119873119863) then119889119906119894lArr 119889119904
119894minus 120575
119861119868119860119878 lArr 119861119868119860119878 + 120575 lowast 119901119894
EXITelse
CONTINUEend if
end for119889119906119899lArr 119889119904
119899+ 119861119868119860119878119901
119899
Algorithm 3 Distance-Bounded Algorithm (DBA)
The accuracy of119863119860119879119860119906is guaranteed if and only if SUM
119904=
SUM119906
Proposition 19 After the transformation 119877119875119860 or 119877119882119860 theaccuracy of119863119860119879119860
119906is guaranteed in expectation for a schedul-
ing area (Accuracy119877119875119860119877119882119860119863119860119879119860
119906
= 1)
Proof In each sensing (uploading) period 119889119904119894is changed into
119889119906119894at single SM 120575 = 119889119904
119894minus 119889119906119894 Suppose that each scheduling
period consists of 119909 sensing (uploading) period and eachscheduling area consists of 119910 SMs The uploading data forthem is SUM
119906= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119906119894 the sensing
data for them is SUM119904= sum119910
119905=1SM119905 SM119905= sum119909
119894=1119889119904119894 The
expectation of both is equal as the expectation of 120575 is 0 ina scheduling area That is SUM
119904= SUM
119906 as 120575 = 0 where119867
means the expectation of119867
To further guarantee the scheduling accuracy we proposea distance-bounded scheme in which the perturbation value(ie 120575) is bounded The accuracy is thus guaranteed withina threshold value It takes the advantages of former twoalgorithms RPA and RWA A distance-bounded algorithm(DBA) for the transformation 119865 is proposed as follows
341 Analysis of Algorithm 3
Proposition 20 After the transformation of algorithmDBA the soundness of 119863119860119879119860
119906is guaranteed
(Soundness119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is similar to the proof of Propositions 11 and15
Proposition 21 The scheme DBS is ultra-lightweight
Proof The proof can be reduced to the proof of Propositions12 and 16
Proposition 22 The scheme DBS can guarantee the perfectfull privacy (Privacy119901A119863119861119878
119891119906119897119897= 1)
Proof Theproof is similar to the proof of Propositions 13 and17
Proposition 23 After the transformation 119863119861119860 the accuracyof 119863119860119879119860
119906is guaranteed in expectation for a scheduling area
(Accuracy119863119861119860119863119860119879119860
119906
= 1)
Proof The proof is reduced to the proof of Proposition 19
Proposition 24 The summation of uploading data equals thesummation of the sensing data with deviation bounded by 120572 lowast120573lowast119861119874119880119873119863 where 120572 is the number of SMs in a schedule area120573 is the number of sensing (uploading) period in a scheduleperiod (That is |119878119880119872
119906minus 119878119880119872
119904| le 120572 lowast 120573 lowast 119861119874119880119873119863)
Proof The schedule accuracy is the deviation between thesummation of uploading data and the summation of sensingdata As it is proofed in Proposition 19 it depends on thenumber of SMs in the schedule area and the number ofsensing (uploading) period in the schedule period Theexpectation value is proofed to be 0 as the expectation of120575 is 0 Concerning the accuracy of one schedule periodthe maximal bias between the summation of uploading dataand the summation of sensing data is bounded by 120572 lowast 120573 lowast119861119874119880119873119863
4 Related Work
The security architectures and overall security requirementsin smart grid were discussed in the recent years [3 7] Cur-rently the privacy issue in smart grid starts to attract moreattentions The requirements of privacy were explored insome previousworks [8ndash11]They pointed out the importance
8 International Journal of Distributed Sensor Networks
and urgency of privacy issues Efthymiou and Kalogridisproposed a privacy protection scheme via anonymizationof data [12] Their work relied on Escrow and Public KeyInfrastructure (PKI) thus the flexibility and scalability maybe tampered Tomosada and Sinohara proposed to use virtualenergy demand to estimate the energy load and protectingconsumer privacy [13] but the estimation may take muchcomputation overhead and accuracy may be damaged Lu etal [10] proposed an efficient and privacy-preserving aggrega-tion scheme (EPPA) Their scheme relied on homomorphicPaillier cryptosystem and induces much computation over-head Cheung et al [14] proposed a credential-based privacy-preserving power request scheme for smart grid which reliedon an advanced cryptographic primitive-blind signature Heet al [15] proposed to use homomorphic encryption for smartgrid communications Comparing with all aforementionedrelated work our final scheme does not rely on any crypto-graphic primitive but fulfils provable privacy and restrainsultra-lightweight in computation
5 Conclusions
In this paper we proposed three schemes to protect user pri-vacy in smart grid without any cryptographic primitive andwith ultra-lightweight computation They are random per-turbation scheme (RPS) random walk scheme (RWS) anddistance-bounded random walk with perturbation scheme(DBS) We also proposed three algorithms for three schemesrespectively Our schemes do not rely on any cryptographiccomputations are sound in terms of maintaining the correctutility charge can guarantee the privacy that were strictlyproofed and can ensure the scheduling accuracy in powertransmission and distribution All proposed schemes andalgorithms were extensively analyzed which justified theirapplicability
Acknowledgments
W Renrsquos research was financially supported by NationalNatural Science Foundation of China (61170217) the OpenResearch Fund from Shandong provincial Key Laboratoryof Computer Network (SDKLCN-2011-01) and FundamentalResearch Funds for the Central Universities (CUG110109) YRenrsquos research was sponsored in part by the ldquoAim for the TopUniversity Projectrdquo of the National Chiao Tung Universityand the Ministry of Education Taiwan
References
[1] The Smart Grid Interoperability Panel Cyber Security Work-ing Group ldquoNistir 7628 guidelines for smart grid cybersecurityrdquo in Privacy and the smart grid vol 2 2010 httpcsrcnistgovpublicationsnistirir7628nistir-7628 vol2pdf
[2] H Khurana M Hadley N Lu and D A Frincke ldquoSmart-gridsecurity issuesrdquo IEEE Security and Privacy vol 8 no 1 pp 81ndash85 2010
[3] P McDaniel and S McLaughlin ldquoSecurity and privacy chal-lenges in the smart gridrdquo IEEE Security and Privacy vol 7 no3 pp 75ndash77 2009
[4] A R Metke and R L Ekl ldquoSecurity technology for smart gridnetworksrdquo IEEE Transactions on Smart Grid vol 1 no 1 pp99ndash107 2010
[5] G N Ericsson ldquoCyber security and power system commu-nicationessential parts of a smart grid infrastructurerdquo IEEETransactions on Power Delivery vol 25 no 3 pp 1501ndash15072010
[6] A Vaccaro M Popov D Villacci and V Terzija ldquoAn integratedframework for smart microgrids modeling monitoring con-trol communication and verificationrdquo Proceedings of the IEEEvol 99 no 1 pp 119ndash132 2010
[7] T M Overman R W Sackman T L Davis and B S CohenldquoHigh-assurance smart grid a three-part model for smart gridcontrol systemsrdquo Proceedings of the IEEE vol 99 no 6 pp1046ndash1062 2011
[8] J Liu Y Xiao S Li W Liang and C Chen ldquoCyber security andprivacy issues in smart gridsrdquo IEEE Communications SurveysTutorials vol 99 pp 1ndash17 2012
[9] F Maandrmol C Sorge O Ugus and G Peandrez ldquoDo notsnoop my habits preserving privacy in the smart gridrdquo IEEECommunications Magazine vol 50 no 5 pp 166ndash172 2012
[10] R Lu X Liang X Li X Lin and X Shen ldquoEppa anefficient and privacypreserving aggregation scheme for securesmart grid communicationsrdquo IEEE Transactions on Parallel andDistributed Systems vol 23 no 9 pp 1621ndash1631 2012
[11] S Wang L Cui J Que et al ldquoA randomized response modelfor privacy preserving smart meteringrdquo IEEE Transactions onSmart Grid vol 3 no 3 pp 1317ndash1324 2012
[12] C Efthymiou and G Kalogridis ldquoSmart grid privacy viaanonymization of smart metering datardquo in Proceedings of the 1stIEEE International Conference on Smart Grid Communications(SmartGridComm rsquo10) pp 238ndash243 October 2010
[13] M Tomosada and Y Sinohara ldquoVirtual energy demand dataestimating energy load and protecting consumersrsquo privacyrdquo inProceedings of the IEEE PES Innovative Smart Grid Technologies(ISGT rsquo11) pp 1ndash8 January 2011
[14] J Cheung T Chim S Yiu L Hui and V Li ldquoCredential-based privacy-preserving power request scheme for smart gridnetworkrdquo in Proceedings of the IEEE Global TelecommunicationsConference (GLOBECOM rsquo11) pp 1ndash5 December 2011
[15] X He M Pun and C Kuo ldquoSecure and efficient cryptosystemfor smart grid using homomorphic encryptionrdquo in Proceedingsof the IEEE PES Innovative Smart Grid Technologies (ISGT rsquo12)pp 1ndash8 January 2012
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
8 International Journal of Distributed Sensor Networks
and urgency of privacy issues Efthymiou and Kalogridisproposed a privacy protection scheme via anonymizationof data [12] Their work relied on Escrow and Public KeyInfrastructure (PKI) thus the flexibility and scalability maybe tampered Tomosada and Sinohara proposed to use virtualenergy demand to estimate the energy load and protectingconsumer privacy [13] but the estimation may take muchcomputation overhead and accuracy may be damaged Lu etal [10] proposed an efficient and privacy-preserving aggrega-tion scheme (EPPA) Their scheme relied on homomorphicPaillier cryptosystem and induces much computation over-head Cheung et al [14] proposed a credential-based privacy-preserving power request scheme for smart grid which reliedon an advanced cryptographic primitive-blind signature Heet al [15] proposed to use homomorphic encryption for smartgrid communications Comparing with all aforementionedrelated work our final scheme does not rely on any crypto-graphic primitive but fulfils provable privacy and restrainsultra-lightweight in computation
5 Conclusions
In this paper we proposed three schemes to protect user pri-vacy in smart grid without any cryptographic primitive andwith ultra-lightweight computation They are random per-turbation scheme (RPS) random walk scheme (RWS) anddistance-bounded random walk with perturbation scheme(DBS) We also proposed three algorithms for three schemesrespectively Our schemes do not rely on any cryptographiccomputations are sound in terms of maintaining the correctutility charge can guarantee the privacy that were strictlyproofed and can ensure the scheduling accuracy in powertransmission and distribution All proposed schemes andalgorithms were extensively analyzed which justified theirapplicability
Acknowledgments
W Renrsquos research was financially supported by NationalNatural Science Foundation of China (61170217) the OpenResearch Fund from Shandong provincial Key Laboratoryof Computer Network (SDKLCN-2011-01) and FundamentalResearch Funds for the Central Universities (CUG110109) YRenrsquos research was sponsored in part by the ldquoAim for the TopUniversity Projectrdquo of the National Chiao Tung Universityand the Ministry of Education Taiwan
References
[1] The Smart Grid Interoperability Panel Cyber Security Work-ing Group ldquoNistir 7628 guidelines for smart grid cybersecurityrdquo in Privacy and the smart grid vol 2 2010 httpcsrcnistgovpublicationsnistirir7628nistir-7628 vol2pdf
[2] H Khurana M Hadley N Lu and D A Frincke ldquoSmart-gridsecurity issuesrdquo IEEE Security and Privacy vol 8 no 1 pp 81ndash85 2010
[3] P McDaniel and S McLaughlin ldquoSecurity and privacy chal-lenges in the smart gridrdquo IEEE Security and Privacy vol 7 no3 pp 75ndash77 2009
[4] A R Metke and R L Ekl ldquoSecurity technology for smart gridnetworksrdquo IEEE Transactions on Smart Grid vol 1 no 1 pp99ndash107 2010
[5] G N Ericsson ldquoCyber security and power system commu-nicationessential parts of a smart grid infrastructurerdquo IEEETransactions on Power Delivery vol 25 no 3 pp 1501ndash15072010
[6] A Vaccaro M Popov D Villacci and V Terzija ldquoAn integratedframework for smart microgrids modeling monitoring con-trol communication and verificationrdquo Proceedings of the IEEEvol 99 no 1 pp 119ndash132 2010
[7] T M Overman R W Sackman T L Davis and B S CohenldquoHigh-assurance smart grid a three-part model for smart gridcontrol systemsrdquo Proceedings of the IEEE vol 99 no 6 pp1046ndash1062 2011
[8] J Liu Y Xiao S Li W Liang and C Chen ldquoCyber security andprivacy issues in smart gridsrdquo IEEE Communications SurveysTutorials vol 99 pp 1ndash17 2012
[9] F Maandrmol C Sorge O Ugus and G Peandrez ldquoDo notsnoop my habits preserving privacy in the smart gridrdquo IEEECommunications Magazine vol 50 no 5 pp 166ndash172 2012
[10] R Lu X Liang X Li X Lin and X Shen ldquoEppa anefficient and privacypreserving aggregation scheme for securesmart grid communicationsrdquo IEEE Transactions on Parallel andDistributed Systems vol 23 no 9 pp 1621ndash1631 2012
[11] S Wang L Cui J Que et al ldquoA randomized response modelfor privacy preserving smart meteringrdquo IEEE Transactions onSmart Grid vol 3 no 3 pp 1317ndash1324 2012
[12] C Efthymiou and G Kalogridis ldquoSmart grid privacy viaanonymization of smart metering datardquo in Proceedings of the 1stIEEE International Conference on Smart Grid Communications(SmartGridComm rsquo10) pp 238ndash243 October 2010
[13] M Tomosada and Y Sinohara ldquoVirtual energy demand dataestimating energy load and protecting consumersrsquo privacyrdquo inProceedings of the IEEE PES Innovative Smart Grid Technologies(ISGT rsquo11) pp 1ndash8 January 2011
[14] J Cheung T Chim S Yiu L Hui and V Li ldquoCredential-based privacy-preserving power request scheme for smart gridnetworkrdquo in Proceedings of the IEEE Global TelecommunicationsConference (GLOBECOM rsquo11) pp 1ndash5 December 2011
[15] X He M Pun and C Kuo ldquoSecure and efficient cryptosystemfor smart grid using homomorphic encryptionrdquo in Proceedingsof the IEEE PES Innovative Smart Grid Technologies (ISGT rsquo12)pp 1ndash8 January 2012
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of