A Practical Smart Metering System Supporting Privacy Preserving Billing
and Load Monitoring
Hsiao-Ying LinNational Chiao Tung University
Joint work with Wen-Guey Tzeng, Shiuan-Tzuo Shen, Bao-Shuh P. Lin
2
Smart Grid =Intelligence + Automation + Power Grid
▫ Increase energy efficiency ▫ Improve system reliability & quality
Massive electricity generator
Grid operator
MeterElectricity
transmission & distribution
Substation
Resident area
Renewable energy generator
Intra/Internet
Power flow Communication flow
3
Smart Grid Features
•Features▫Two-way power flows▫Communication systems among electricity entities
Automatic Meter Reading
Advanced Meter Infrastructure
Smart Grid Application
4
Meter & Meter Reading
•Measurement of power consumption▫Traditional:
manually record per month
▫Smart meter: automatically record per minute ~ millisecond
5
Smart Grid Applications
•Automatic billing▫Support many price policies
•Load monitoring▫Monitor current state of smart grid
Electricity Service Provider(ESP)Price information
Time Price
Power consumption
Bill
Power consumption
Load Monitoring Center(LMC)
6
Example: Ontario Time-of-use Pricing
•During Winter Midnight
Noon
A.M.P.M.
7
5
11
7
Off-Peak6.5 ¢ /kWh
Mid-Peak10 ¢ /kWh
On-Peak11.7 ¢ /kWh
7
Privacy Issue•Detailed meter readings reveal daily activities
▫When and what appliances are used
Hart, G.W: Nonintrusive appliance load monitoring, IEEE Proceedings 1992
Refrigerator
Stove Burner
Time(Min)
8
Privacy Preserving Automatic Billing• Trusted third party computes the bill
▫The grid operator
• Homomorphic commitment + zero knowledge proof (ZKP)▫Meter readings are committed ▫The bill is computed by the consumer▫Only the bill is opened to ESP▫ESP verifies correctness of the bill by using ZKP
9
Privacy Preserving Load Monitoring• Trusted third party aggregates the power consumption
• Secret shares of 0 among meters▫Need handling meter leaving and joining
• Random noises on meter readings▫LMC gets approximate sum of meter readings
LMC
ELMC(reading1)
ELMC(reading3)
ELMC(reading2)
ELMC(sum of readings)TTP
sum of readings
Reading1+secret share1
Reading3+secret share3
Reading2+secret share2 sum of readings
LMC
10
Our Contribution
•A smart metering system ▫Supporting automatic billing & load monitoring▫Privacy preserving against service providers
Electricity service provider (ESP) Load monitoring center (LMC) Storage service provider
▫Using pseudo-random numbers & TPM▫Without a trusted third party ▫Without mutual communication among meters
11
System Model
displayBarcode IDTPM module
MeterMeter readings
Area 1Area 2
Time……………
…
Area 2
Area 1
Storage system
Load monitoring center (LMC)
H1 M1H2 M2
Electricity Service Provider (ESP)
12
Meter Model
• A meter has a trusted platform module• Power consumption is measured in Wh per 5 min• Present meter readings in integers
13
Arrange Encrypted Meter Readings
Area 1
Area 2
H2 M2
H3 M3
H4 M4
H5 M5
H6 M6
H7 M7
H8 M8
10987654321 tttttttttt10,19,18,17,16,15,14,13,12,11,1 cccccccccc10,29,28,27,26,25,24,23,22,21,2 cccccccccc10,39,38,37,36,35,34,33,32,31,3 cccccccccc
10,49,48,47,46,45,44,43,42,41,4 cccccccccc10,59,58,57,56,55,54,53,52,51,5 cccccccccc
10,69,68,67,66,65,64,63,62,61,6 cccccccccc 8,77,76,75,74,73,72,71,7 cccccccc
10,89,88,87,86,85,84,83,82,81,8 cccccccccc
Current time unitCurrent time window W (L time units)
Area 3
H9 M9 10,99,98,97,96,95,94,9 ccccccc
H1 M1
L = 4
14
Requirements
•Assume all entities are semi-honest•ESP can only query a meter for power consumption
of aL continuous time units (each query)
•LMC can only query meters for meter readingsat a time unit in a current time window W
15
Arrange Encrypted Meter Readings
Area 1
Area 2
H2 M2
H3 M3
H4 M4
H5 M5
H6 M6
H7 M7
H8 M8
10987654321 tttttttttt10,19,18,17,16,15,14,13,12,11,1 cccccccccc10,29,28,27,26,25,24,23,22,21,2 cccccccccc10,39,38,37,36,35,34,33,32,31,3 cccccccccc
10,49,48,47,46,45,44,43,42,41,4 cccccccccc10,59,58,57,56,55,54,53,52,51,5 cccccccccc
10,69,68,67,66,65,64,63,62,61,6 cccccccccc 8,77,76,75,74,73,72,71,7 cccccccc
10,89,88,87,86,85,84,83,82,81,8 cccccccccc
LMC
Current time unit
ESP
Area 3
H9 M9 10,99,98,97,96,95,94,9 ccccccc
H1 M1
L = 4
16
Main Idea
•Encrypt meter readings:
•Let ESP know
prdc jijiji mod,,,
4,13,12,11,1
4,13,12,11,14,13,12,11,1 mod))((
dddd
prrrrcccc
Power consumption of Meter 1 during t1 to t4
prrrr mod4,13,12,11,1
17
Main Idea
•Encrypt meter readings:
•Service providers interact with meters▫ESP queries a meter for a sum of random numbers
spanning over aL time units (horizontal block)
▫LMC queries a set of meters for noised random numbers
at a time unit in current time window W (vertical block)
prdc jijiji mod,,,
A meter has to remember all used random numbers
18
Arranging Random Numbers of a Meter• TPM generates random numbers • Driver computes random numbers
prR Lj
jk kiji mod1,,
1,1r 2,1r 1,1 Lr Lr ,1 1,1 Lr 2,1 Lr
1,1R
2,1R
3,1R
… …
…
3,1r
L FIFO memory slots
19
Construction • System parameter: A large number p• Meter Initialization
▫Pseudorandom number generator g▫Hash functions h and h’
Seed si
Master key ki =h’(si||SNi)
Mi
SNi
L FIFO memory slots
g(ki,t1) g(ki,t2) g(ki,tL-1)
prRr L
k kiiLi mod1
1 ,1,,
))||...||(,( 211, Lii ttthkgR
20
Storage of meter readings• At time unit tj
▫ Encrypt current reading d by using current r and store c
▫ Generate a new R:▫ Compute a new r from R and store it in a memory slot
ri,j ri,j+1 ri,j+L-2
prdc jijiji mod,,,
prRr Lj
jk kijiLji mod1
1 ,1,,
prdc jijiji mod,,,
ri,j+L
ri,j+L-1
))||...||(,( 211, Ljjjiji ttthkgR
ri,j+L-2 ri,j+L-1ri,j+1
21
Supporting Automatic Billing• ESP accesses the storage system
• ESP queries Mi for L continuous time units
• Mi returns Ri,j where
• ESP computes the power consumption
• ESP can query aL continuous time units for any integer a>0
Area 1
10987654321 tttttttttt10,19,18,17,16,15,14,13,12,11,1 ccccccccccH1 M1
11,...,, Ljjj ttt
))||...||||(,( 11, Ljjjiji ttthkgR
pddd
pRccc
Ljijiji
jiLjijiji
mod)...(
mod)...(
1,1,,
,1,1,,
22
Privacy Requirement
• We consider honest-but-curious ESP• ESP cannot get individual meter readings of a household
• We prove that ESP cannot distinguish two sets of meter readings which have the same sum
• The proof relies on pseudorandom number generator g
23
Supporting Load Monitoring• LMC accesses the storage system • W is the current time window containing L time units• LMC queries meters in an area for data in time unit tj in W
A meter cannot directly return the random number r
24
Supporting Load Monitoring• A meter returns [random number + noise]
▫ Normal distribution ▫ Select a random noise according to▫ Read the random number from the FIFO memory slot ▫ Compute
• LMC computes [meter reading – noise]▫
),0( 2Njin , ),0( 2N
random number + noise
ppnrr jijiji mod)(~,,,
Prevent overflowing
))mod~(~,,, pprcd jijiji
pppnd jiji )mod( ,,
jiji nd ,,
25
Correctness & Privacy• LMC gets an approximate sum of m meter readings
▫ Real sum ▫ Define error ratio
▫ ▫ By Chebyshev inequality
• LMC gets only an approximate value
S~
dmdSi ji
ˆ,
SSS /|~|
22
2
ˆ1]|~Pr[|]Pr[
dm
SSS
Average of meter reading per time unit
i jinSS ,
~),0( 2mN
Tradeoff : correctness and privacy
A smaller a better approximate
2,,, 41
21]0Pr[]~Pr[
jijiji ndd
26
Performance Analysis
• |p|=64, a time unit is 5 min
• Commercial TPM chip▫1024-bit RSA signature: 100ms
• Assumption▫1024-bit random number generation:100ms▫64-bit random number is about 7ms▫64-bit modular addition: 7ms
Computation can be done in a time unit
27
Summary
•Design a smart metering system▫Using external storage service▫Supporting privacy preserving billing & load monitoring▫W/O a trusted third party and heavy crypto-operation
28
Future Work
•Consider integrity of meter readings•Evaluate performance by prototype systems •Eliminate interactions between meters & providers•Consider a bidirectional smart meter model