lightweight lattice-based homomorphic privacy-...
TRANSCRIPT
1
Abstract—Customers’ privacy and messages integrity are the main security challenges for home area networks (HANs) in the smart grid, especially during the electricity consumption aggregation. In addition, smart meters and smart appliances,which are the limited-resources home devices, cannot implement complex computation operations. In this paper, we propose a lightweight privacy-preserving aggregation scheme that permits the smart appliances to aggregate their readings without involving the smart meter. The scheme deploys a lightweight lattice-based homomorphic cryptosystem that depends on simple addition and multiplication operations. Security analysis and performance evaluation demonstrate that the proposed scheme guarantees the customers’ privacy and message integrity with lightweight overhead.
Index Terms—Lattice-based homomorphic cryptosystem, home area networks, smart appliances.
I. INTRODUCTION AND RELATED WORKS Smart grid merges the communication technologies with
the power grid to achieve the reliability and efficiency of electricity generation and distribution by exchanging the information among the different parties of the grid, e.g. the communication between the electricity consumers and utility companies for accurate electricity bills. The basis of the smart grid is the home area network (HAN), which is a wireless or wired network at the customer’s home that connects the smart devices located inside or close to the home, including electric vehicles (EVs). Each HAN periodically sends the electricity consumption of the home to the local utility; accordingly the utility can accurately compute the electricity bill and utilize this information in forecasting the future power demand and electricity price for a certain region. To realize such applications, HAN includes certain smart devices: smart meters, and smart appliances. The smart meter is the device that aggregates the appliances’ readings and forwards the aggregated value to the utility through local substations [1-2].
The smart appliances in a home can be classified into four groups according to the type of exchanged information between the smart appliance and the control center (CC) at the utility. Group 1 consists of small-load appliances, such as light bulbs and phone chargers, where an appliance does not significantly impact the total electricity load, and only needs to inform the CC whether the appliance is currently connected or disconnected to the grid. Group 2 consists of large uncontrollable-load appliances, e.g. stoves, which operate according to the consumer needs, and their usage cannot be delayed to a later time. The appliances in that group need to send only their electric power consumption and expected duration of usage to the CC. Group 3 consists of controllable large-load appliances, such as air conditioners and clothes washers. Before any of these appliances is switched on, it should send a request to the CC via the smart meter, including the appliance’s expected electricity requirement, duration of usage, and possible usage times in a day. Based on this
information, the CC can accept or reject the request according to the dynamic electricity pricing and the agreement between the householders and utility company. Finally, group 4 includes only the EVs, which require extensive exchange of information with the CC to schedule the charging/discharging processes [3]. Figure 1 shows the architecture of HAN.
The main security challenges in HAN are the privacy of the homeowners and the integrity of home consumption information. That is, while the different appliances’ consumption readings are aggregated and routed from the smart meter to the CC, some private information, such as the currently used appliances, the times that the home owners are present or away, etc., can be revealed to outsiders: the CC or any malicious adversary. To get access to such private information, a malicious adversary is more likely to attack the home smart meter, rather than the highly protected CC, especially as the smart meter has complete information about all the smart appliances in the HAN [1-5].
To address these security and privacy issues, many studies have been performed, which can be classified into three categories: the first category suggests connecting the smart meter to hardware devices, e.g., temper-resistance devices or electrical batteries, to disguise the real electricity consumption [6, 7]. These procedures reduce the computation and communication overhead at the expense of an additional hardware cost (to connect a temper-resistance or a battery to each smart meter), as well as regular hardware maintenance operations. The second category attempts to create a distortion in the HAN’s information, by inserting a known noise signal at the smart meter side and removing it at the CC [8]. Although this category does not require additional computation capabilities, it sometimes fails to accurately reconstruct the original message. The last category employs cryptographic schemes, such as public key infrastructure [9] or key-policy attribute-based encryption [10], to guarantee information security and customer privacy. Mostly, the existing studies are based on one of three cryptographic techniques:
Fig. .1. The architecture of HAN.
Lightweight Lattice-based Homomorphic Privacy-Preserving Aggregation Scheme for Home Area Networks
Asmaa R. Abdallah and Xuemin (Sherman) Shen Department of Electrical and Computer Engineering, University of Waterloo,
Waterloo, Ontario, N2L 3G1, Canada.
2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP)
978-1-4799-7339-2/14/$31.00 ©2014 IEEE
2
Authentication, anonymization, or homomorphic public key schemes. Several authentication schemes are proposed to efficiently secure the HAN connections [11-13]. However, the authentication operations generally produce high computation and communication overhead. For instance, the lightweight Diffe-Hellman authentication scheme [11] results in an average delay which varies from 1 to 10 s, as the number of smart meters connected to a certain utility increases. Additionally, in the authentication scheme, each smart meter should have a secret seed to create its authentication key, which increases the overhead especially during the initialization phase. Other studies employ anonymization techniques to conceal the link between the real identity of the smart meter and its exchanged information with the CC. These techniques are either based on issuing two identities (real and pseudorandom) for each device, creating binding factors [14], or attaching credentials to prove message validity [15]. Although these methods can guarantee users’ privacy, they rely on the existence of a third trusted party, and they perform many processes, especially at the setup phase, which result a considerable computation overhead.
Certain studies [16-18] utilize the homomorphic feature for some public key schemes, and aggregate the electricity consumption for a certain region without revealing the consumption of individual consumers in the region. However, the currently used homomorphic schemes are computationally complex, such as the Paillier-based homomorphic privacy-preserving aggregation scheme [18], which requires from 100 ms to 220 ms computational time as the number of messages increases. Additionally, the homomorphic schemes are not scalable with respect to the number of smart meters, i.e., their performances degrade when the number of meter increases [5]. Attempting to overcome the aforementioned disadvantages and reduce the communication and computation burden, we have previously proposed an efficient and lightweight security and privacy-preserving scheme that forecasts the future electricity demand for a cluster of HANs in a specific region; the cluster only requires to communicate with the electricity utility when the total demand of the cluster changes [22].
However, only few research works attempt to preserve the home privacy before the smart meter sends the electricity consumption information to the local CC, i.e., during the aggregation of the appliances’ consumption readings. In [19], a secure in-network data aggregation scheme is proposed based on an orthogonal chip code and a circuit shifting operation; the proposed scheme can guarantee the confidentiality and anonymity of the information provided by different appliances. However, this scheme requires sharing the chip code with smart appliances, as well as performing mutual authentications, which subsequently increases the overhead. In addition, the smart meter can reconstruct the original reading for each appliance from the mixed data; accordingly, if the smart meter is compromised, the adversary has access to the information of each appliance in the HAN. Alternatively, in our proposed scheme, the smart meter operates as a relay node, which just forwards the HAN’s total consumption to the CC. In other words, the smart meter does not ‘know’ the electricity consumption of each individual appliance, but receives an encrypted version of the total aggregated consumption of the HAN. Additionally, the smart meter has the ability to check the authenticity of a message sender without revealing the message contents. To the best of our knowledge, no previous research
has considered any role for the appliances in the security and privacy-preserving procedure mainly because of their limited-computation capabilities. In this paper, we study the smart appliance’s participation in the security and privacy-preserving process by utilizing a lightweight lattice-based cryptosystem. Also, we analyze the impact of the appliances’ types on the overall performance of HAN.
The rest of the paper is organized as follows: Section II reviews the lattice-based homomorphic encryption scheme, and Section III describes the network and threat models. The proposed scheme is explained in Sections IV, while the security analysis and performance evaluation are presented in Sections V and VI respectively. Finally, Section VII concludes the paper and suggests some future research issues.
II. PRELIMINARIES The lattice-based homomorphic encryption scheme
Our scheme exploits the lightweight lattice-based homomorphic encryption scheme, which utilizes the space vectors structure and adds noise to the plaintext messages. The scheme encrypts the messages as noisy lattices so that it provides low computation complexity and guarantees the confidentiality and integrity of messages. Thus, this cryptosystem is faster than any of the known homomorphic schemes, as it mainly performs simple addition and multiplication operations in the vector space [20].
Key Generation:
The scheme defines five global integer parameters: is the number of coordinates of the plaintext vectors, is the characteristic of the ring over which they are constructed, is the maximum number of homomorphic operations that can be done, is the number of softly disturbed matrices in the public key, and is an upper bound for the coordinates of the random vectors used to insert noise.
Let , , and is a prime number, . Then, generate two
random matrices over : and , where is invertible and Also, generate a random scrambling matrix , which is an diagonal invertible matrix over
. Compute by multiplying to the left of a random invertible matrix . Subsequently, Generate a soft noise matrix , a random matrix over , for each
. Next compute softly distributed matrix . Similarly, compute a hard noise matrix
by generating a soft noise matrix then replacing the diagonal values by . Then compute the hardly distributed matrix . Next, choose a permutation operation , and compute .
Finally, the matrices , ..., are the public key. While the private key consists of the permutation , the hidden matrix , and the scrambling matrix .
Encryption:
First, the plaintext message is constructed as a message vector in . Then multiplies by the hard noise matrix . The result is disturbed by adding to the summation of soft noise vectors , where are random vectors with coordinates smaller than . Consequently, the ciphertext is
.
3
Decryption:
The decryption operation is based on filtering the noise. First, the permutation is reversed as where
is the cipher text. Then, the receiver computes the scrambled noise , where are the undisturbed and disturbed halves of . Then the unscrambled noise is . For each in , get , where
Lastly, return the original plain text
This cryptographic scheme can guarantee the messages’ confidentiality and integrity and resist the lattice-based and the chosen plaintext attacks. Moreover, it does not increase the computation complexity, as they are mainly simple addition and multiplication operations over vector space. Accordingly, this scheme is appropriate for the smart appliances with restricted computation capabilities.
III. SYSTEM MODEL
A. Network Model The objective of the proposed scheme is to preserve the
privacy of the consumers and secure their electricity consumption, at the same time, lessening the computation and communication overhead. Specifically, we consider a residential area that consists of a local control center (CC) connected to a number of HANs ={HAN1, HAN2,…,HANm}. HAN could be a townhouse or a unit in a building; each HAN has a smart meter (SM) to estimate its electricity consumption. SM connects to the home’s smart appliances APs ={AP1, AP2,…,APn}. APs also can communicate to each other directly without involving SM. The communication inside HAN is through the inexpensive short-range communication technology, such as Bluetooth or ZigBee. Both CC and SM have public keys provided by a trusted authority (TA). Each AP has a unique ID stored in a secured place. The system model is shown in figure 2.
Fig. .2. The system model.
B. The Adversary Model and Security Requirements We consider that both CC and SMs are honest but curious.
However, an adversary can eavesdrop the exchanged messages between the CC and the SMs, attempt to extract the consumers’ personal information or may establish some active attacks, e.g. falsify messages or begin a replay attack; also, may compromise the SMs. We assume that is an outsider attacker; he can intercept the messages among APs and between them and SM; also, may try to modify or replay the captured messages. However, cannot compromise APs and cannot obtain their secure IDs; if can physically compromise the APs, he does not need to snoop or modify the messages. Thus, we should thwart ’s malicious actions by guaranteeing the following:
Users Privacy: It should be assured that any attacker could not gain any knowledge about HAN’s consumption. In addition, CC should not know the detailed consumption pattern for each user in the region.
Authenticity and Data Integrity: The proposed scheme should guarantee the confidentiality of the consumption’s messages; even if already intercepts a message, he cannot extract any knowledge. Likewise, the message integrity should be ensured; suppose attempts to resend or modify a message, his malicious actions should detect.
IV. THE PROPOSED SCHEME Our proposed scheme has two phases: The initialization
phase, which setups the secure connection between smart home appliances and control center via smart meter; while the reading aggregation phase organizes the aggregation operation of the reading of electricity consumption.
A. Initialization Phase: TA assigns a pair of public private keys for the CC and the
SM. For CC, its public key parameters are , …, , where is the hard noise matrix, and { …, are the soft noise matrices. APs use this key to
encrypt their readings. The CC’s private key parameters are , . According to SM, its public key is ,
…, , and the private key is , - Each AP has a unique ID issued by the TA, { …, where is the number of the appliances in the HAN. The APs are arranged in a fixed order the according to their IDs. The aggregator is known for each aggregation round; for instance, if there are five APs in the house, AP1, AP2, AP3, AP4, and AP5The smart meter arranges the appliances so that AP1 is the aggregator for the first round, AP2 is the aggregator for the second round, and so on. This order is fixed and securely sent to the appliances so that each one automatically knows its turn to be the aggregator. - Each AP stores its encrypted ID ( ) in a secure place.
= * + The ID is encrypted by SM’s public key and used to proof the AP’s identity to SM during the aggregation phase.
B. Reading Aggregation Phase: In a reading period, each appliance in the HAN
constructs its reading value as a vector , and encrypts it using the CC public key.
4
= * + Then it sends the encrypted reading to the aggregator appliance APs for the current aggregation round. APs computes the total reading by aggregating the encrypted
readings employing the homomorphic addition feature. =
- APs attaches its encrypted ID ( ) to the aggregated message and then forwards the message to SM. - After checking the validity of the aggregator’s ID, SM signs the received message using , .
| | .
For each , SM computes , where
,
SM then forwards to CC - SM works as a relay node; it does not know the content of the message. However, SM checks the validity before signs the message and forwards it to CC. CC first verifies SM’s signature and obtains the message ( | | )
= * + Also, it checks the validity of timestamp and nonce . Then CC decrypts using its private parameters
For each , SM computes
, where
,
CC now obtains the aggregated value for all APs’ readings in that HAN in plaintext. - If group 3 or 4 appliances need to send a request to CC, it can directly send the request to CC via SM and does not wait for the new aggregation round. It encrypts its request by CC’s public key; these messages are called control messages. For instance, if wants to send request , it first adds a timestamp and random nonce to the message and concatenates its ID, . Then it encrypts the result by CC’s public key: = * + , and sends the control message to SM, which signs and forwards it to CC.
V. SECURITY ANALYSIS The main target of the proposed scheme is to preserve the
privacy of the HAN customers in addition to satisfy the basic security requirements: confidentiality and message integrity.
Privacy: The electricity consumption for HAN can reveal the daily behaviors of the householders so that preserving the privacy is a major concern. The proposed scheme guarantees that no one even SM can know the individual reading for each AP. The aggregator APs cannot analyze the daily life pattern
for the householders too, as the received individual readings are encrypted; in addition, APs is varied every reading period. Although we assume that the appliances’ IDs are protected, does not gain much if he compromises any appliance; he can only know the reading for that appliance and cannot analyze the personal habits for the householders by this data only. Furthermore, if the compromised appliance by chance is APs,
cannot extract any data too, as the received messages to APs are encrypted and only CC has the decryption key. The same is happened if attempts to compromise SM. Since SM is just a relay node, it only forwards the received encrypted message and does not have the decryption key. According to CC, it receives the total house’s consumption for the period, but this received information does not discern the consumption pattern of the house.
Confidentiality and Message Integrity: The proposed scheme guarantees the confidentiality and integrity, as none of the participated parties can know the consumption of each AP; only the authorized party, CC, can decrypt the total aggregated message. Furthermore, the message is protected from different attackers. If successes to compromise SM, he cannot interpret or modify the message contents, as SM does not own the decryption key. Therefore, eavesdropping attack does not succeed. The AP’s reading does not revealed to anybody even APs, which receives only the encrypted version. For the total aggregated message, neither APs nor SM can decrypt it, only CC can. In addition, the proposed scheme guarantees the message integrity; any cannot forge the APs’ messages, as
does not know their secret IDs and cannot extract them; in addition, cannot forge the aggregated message before SM forwards it, as it cannot reach to SM’s private key to falsify its signature.
The lattice-based homomorphic encryption scheme exploits the hardness of hidden lattice problem (HLP), which is an NP-hard problem [21], during the selection of security parameters. HLP disorganizes the lattice by a specific technique so that no one can extract the original lattice from the disturbed one. The utilized cryptosystem relies on the secrecy of its private parameters: , , and . Thus, should obtain the secret permutation and the disturbed columns’ indexes to retrieve the original lattice. To guarantee the security and robustness against attacks specially the chosen plaintext and the lattice-based attacks, the main parameters, , and a high-dimension lattice, e.g. 600, are selected. Then non-disturbed columns searching operation is too expensive; if , the cost is . Following these constraints during parameters’ selection enhances the scheme’s security and resistance to attacks [28].
VI. PERFORMANCE EVALUATION The proposed scheme not only guarantees the privacy and
security requirements but also provides low computation overhead for APs, as they only perform simple addition and multiplication operations. As for the communication burden, limited number of messages is exchanged every reading period.
A. Communication overhead The number of exchanged messages between the different
parties during the reading period is tiny. According to the limited capabilities devices SM and APs, the number of
5
sending messages is trivial; each AP sends only one reading message every period, as well as APs just sends the aggregated message. Likewise, SM only forwards the total aggregated readings message to CC. For control messages, only group 3 and 4 APs require sending their statuses to CC. AP sends its message directly to SM, which forwards it to CC. Generally, the house may contain two or three of these appliances, e.g. one EV, one air conditioner, and one clothes washer. Assume the house has three group 3 and 4 appliances, which require three control messages for maximum. These messages are sent occasionally; assume each AP needs to send one or two control messages per day so that the maximum number of control messages per day is six messages, which is a light communication load. In summary, the communication burden for SM and APs considers insignificant load.
Figure 3-(a) illustrates the communication complexity for the house every reading round. As shown, the communication delay is increased from 2 messages in two-appliances case to 20 messages in twenty-appliances case. Although the communication overhead increases, as the number of APs increases, the communication delay growth is limited and affordable by the restricted-resources devices. Figure 3-(b) shows the total communication delay for the house per day after adding the control messages overhead. It can be seen that the control messages slightly increase the overhead.
B. Computation complexity During the reading aggregation phase, SM signs the
aggregated message before forwarding it to CC. In addition, SM needs to sign the control messages received from APs but these messages sent occasionally. Assume a house with three appliances that can send up to six control messages per day, then the total computation burden for SM per day is +6 signing processes, where is number of reading rounds per day. Thus, the signing operation is the only computation load for SM, which is not a significant burden. According to APs, each one performs an encryption process for its reading message, which does not require high computation capabilities too, because the deployed cryptographic scheme consists of
simple addition and multiplication operations, which is a trivial computation duty for APs and SM. Moreover, up to three appliances need to encrypt up to six control messages maximally. As a result, the total load per day for each group 1 and 2 appliances is encryption processes, while group 3 and 4 appliances require +2 encryption processes each, where is the number of reading round per day. APs sums the received encrypted messages from other Aps; however, this operation considers trivial computation and can be neglected. Table 1 presents the number of operations per reading round and per day for each AP and SM, where is the time for one encryption process, is the decryption time, is the signing time, is the verification time, and is the number of rounds per day.
Table. .1. The number of operations for smart devices. Number of Operations Per Round Per Day Smart Appliance (Group 1&2) 1* Smart Appliance (Group 3&4) 1* ( Smart Meter 1* (
Following the key parameters’ constraints in [28], we assume that the hidden lattice dimension is 600 to resist the lattice-based attack, = 9, = 2, ≈ 260, = 1024, ≈ 219, and = 221.238. Using a MATLAB simulator on a 3.20 GHz-processor with 6.00 GB RAM, we estimate the elapsed time for both encryption and decryption operations per message; the experimental results indicate that a single encryption (verification) operation approximately costs 1.5 ms, while the decryption (signing) time on average equals 4.8 ms. From these outcomes, we notice that the cryptosystem, which consists of simple multiplication and addition operations, considers a light load for APs.
Figure 4-(a) demonstrates the computation load for each AP and for SM every reading period. We can notice that the computation overhead for each AP is the same and does not effected by the increase in the APs’ number. Moreover, SM load does not change, which is expected, as it requires only signing one message, the total aggregated message, regardless the number of the included readings messages. Figure 4-(b) points out the total computation load per a day in presence of control messages for different devices: the regular APs, APs that send control messages, and SM. As indicated in the figure, the regular APs’ load equals load for one round multiplied by the number of rounds per day. We can recognize that the total load for the group 3 and 4 appliances is slightly higher than regular ones because of the extra messages that APs have to encrypt. Furthermore, the figure denotes an increase in SM load; SM also has to perform more signing operations. However, the total increase in the load is not significant.
The existing privacy schemes cannot be applied on APs, since they perform complex operations, such as exponentiation and pairing, which require high computation capabilities not owned by APs. Although the current cryptosystem are not applicable in these restricted-resources APs, we compare the performance of the proposed scheme with traditional homomorphic Paillier-based cryptosystems to evince the advantages of the proposed scheme in terms of computation. Figure 5 shows the computation delay for the proposed scheme versus the traditional scheme as APs’ number increase. Figure 5-(a) shows the delay per round, while figure 5-(b) shows the
(b) Communication Overhead per Day.
Fig. .3. Communication Overhead.
(a) Communication Overhead per Round.
6
delay per day. As expected, the delay in both cases increases as the APs’ number increases. However, there is a big gap between the two schemes; our scheme consumes much less computation time compared with Paillier-based schemes especially as APs’ number increases. Although the computation overhead increases in our scheme, the delay increase is limited and affordable by APs. In brief, the proposed scheme guarantees HAN’s security requirements with lightweight communication and computation overhead.
VII. CONCLUSION A lightweight security scheme has been proposed to secure
the consumption aggregation operation inside the home and at the same time keep the householders' confidentiality. The analysis shows that the proposed scheme guarantees the customers' privacy and messages integrity with low communication and computation overhead, which is suitable for the limited-resources appliances. For future work, we will study the expected behavior of the malicious insiders and adjust the proposed scheme to resist their attacks.
REFERENCES
[1] X. Fang, S. Misra, G. Xue, and D. Yang, Smart Grid – The New and Improved Power Grid: A Survey, IEEE Communications Surveys & Tutorials, Vol. 14, no. 4, pp. 944 - 980, 2012. [2] J. Liu, Y. Xiao, S. Li, W. Liang, and C. Chen, Cyber Security and Privacy Issues in Smart Grids, IEEE Communications Surveys & Tutorials, Vol. 14, No. 4, pp: 981 – 997, Fourth Quarter 2012. [3] V.Aravinthan, V. Namboodiri, S. Sunku, and W. Jewell,” Wireless AMI Application and Security for Controlled Home Area Networks,” IEEE Power and Energy Society General Meeting, July 2011. [4] M. Kuzlu, M. Pipattanasomporn, S. Rahman, Communication network requirements for major smart grid applications in HAN NAN and WAN, Elsevier Editorial System for Computer Networks, August, 2013. [5] Z. Erkin, J. Troncoso-Pastoriza, R. Lagendijk, and F. Perez-Gonzalez, Privacy-Preserving Data Aggregation in Smart Metering Systems, IEEE Signal Processing Magazine, pp: 75 – 86, March 2013. [6] O. Tan, D. Gunduz, and H. Poor, Increasing Smart Meter Privacy Through Energy Harvesting and Storage Devices, IEEE Journal on Selected Areas in Communications, Vol. 31, No. 7, pp: 1331- 1341, July 2013. [7] Zhi Chen, Student Member, IEEE, and Lei Wu, Residential Appliance DR Energy Management With Electric Privacy Protection by Online
Stochastic Optimization, IEEE Transactions on Smart Grid, to appear. [8] X. He, X. Zhang, and C. Kuo, A Distortion-Based Approach to Privacy- Preserving Metering in Smart Grids, IEEE Access: practical innovations: open solutions, Vol. 1, pp: 67 – 78, 2013. [9] A. Metke, and R. Ekl, Security Technology for Smart Grid Networks, IEEE Transactions on Smart Grid, Vol. 1, No. 1, pp: 99 – 107, June 2010. [10] J. Liu, Y. Xiao, and J. Gao, Achieving Accountability in Smart Grid, IEEE Systems Journal, to appear. [11] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, Securing smart grid cyber attacks, countermeasures, and challenges, IEEE Communications Magazine, pp: 38 – 45, August 2012. [12] H. Li, R. Lu, L. Zhou, B. Yang, and X. Shen, An Efficient Merkle-Tree-Based Authentication Scheme for Smart Grid, IEEE Systems Journal, to appear. [13] H. Nicanfar, P. Jokar, K. Beznosov, and V. Leung, Efficient Authentication and Key Management Mechanisms for Smart Grid Communications, IEEE Systems Journal, to appear. [14] C. Fan, S. Huang, and Y. Lai, Privacy Enhanced Data Aggregation Scheme against Internal Attackers in Smart Grid, IEEE Transactions on Industrial informatics, Vol. 10, No. 1, pp: 666 - 675, February 2014. [15] T. Chim, S. Yiu, L. Hui, and V. Li, Privacy-preserving advance power reservation, IEEE Communications Magazine, pp: 18 – 23, August 2012. [16] Y. Kim and J. Heo, Device authentication protocol for smart grid systems using homomorphic hash, Journal of Communications and Networks, Vol. 14, No. 6, pp: 606 – 613, December 2012. [17] H. Li, X. Lin, H. Yang, X, Liang, R. Lu, and X. Shen, EPPDR: An Efficient Privacy-Preserving Demand Response Scheme with Adaptive Key Evolution in Smart Grid, IEEE Transactions on Parallel and Distributed Systems, to appear. [18] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, EPPA: An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications, IEEE Transactions on Parallel and Distributed Systems, Vol. 23, No. 9, pp: 1621 – 1631, September 2012. [19] Y. Yan, Y. Qian, and H. Sharif, A Secure Data Aggregation and Dispatch Scheme for Home Area Networks in Smart Grid, in Proc. IEEE GLOBECOM, Texas, USA, 2011, pp:1-6. [20] C. Melchor, G. Castagnos, and P. Gaborit, Lattice-based homomorphic encryption of vector spaces, in Proc. IEEE ISIT, Toronto, Canada, July 2008,pp: 1858-1862. [21] C. Melchor, P. Gaborit, A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol, in Proc. WEWoRC, Bochum, Germany, 2007, pp: 50–54. [22] A. Abdallah, and X. Shen, A Lightweight Lattice-based Security and Privacy-Preserving Scheme for Smart Grid, in. Proc. IEEE GLOBECOM, 2014, to appear.
(b) Computation Overhead per Day.
Fig. .4. Computation Overhead.
(a) Computation Overhead per Round.
(b) Computation Overhead per Day.
Fig. .5. Computation Overhead in proposed vs. traditional.
(a) Computation Overhead per Round.