On Privacy-Preserving Protocols for Smart Metering Systems Defense - - PowerPoint PPT Presentation

On Privacy-Preserving Protocols for Smart Metering Systems

Defense - Verteidigung - Seminário de Pós-Graduação Fábio Borges

Laboratório Nacional de Computação Científica (LNCC) Coordenação de Sistemas e Redes (CSR)

Table of Contents

Outline

Introduction Privacy-Preserving Protocols (PPPs) PPP1 - Based on SDC-Nets PPP2 - Based on Commitment PPP3 - Based on Asymmetric DC-Net (ADC-Net) PPP4 - Based on Quantum Cryptography ADC-Nets Simulation Using Real-World Data Conclusion and Outlook

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 2/59

Smart Metering Projects Map

Google Maps

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 3/59

Non-smart Grid

Supplier Meters . . .

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 4/59

Non-smart Grid

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 5/59

Supplier Meters . . .

Non-smart Grid

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 6/59

Supplier Meters . . .

Problems

◮ Cost ◮ Inefficiency ◮ Fraud

Getting Smart

Collecting on a yearly basis Supplier Meters . . . Year: 2015

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 7/59

Getting Smart

Collecting on a yearly basis

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 8/59

Supplier Meters . . . Year: 2015

m1,j, 2015 m2,j, 2015 m3,j, 2015 mi,2015 m

˜ ı , j

, 2 1 5

Getting Smart

Collecting on a yearly basis

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 9/59

Supplier Meters . . . Year: 2016

m1,j, 2016 m2,j, 2016 m3,j, 2016 mi,2016 m

˜ ı , j

, 2 1 6

Getting Smart

Collecting per round

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 10/59

Supplier Meters . . . Round: 1

m1,1 m2,1 m3,1 mi,1 m

˜ ı , 1

Improvements

◮ Monthly ◮ Weekly ◮ Daily ◮ Real time

Getting Smart

Collecting per round

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 11/59

Supplier Meters . . . Round: 2

m1,2 m2,2 m3,2 mi,2 m

˜ ı , 2

Improvements

◮ Monthly ◮ Weekly ◮ Daily ◮ Real time

Getting Smart

Collecting per round

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 12/59

Supplier Meters . . . Round: 3

m1,3 m2,3 m3,3 mi,3 m

˜ ı , 3

Improvements

◮ Monthly ◮ Weekly ◮ Daily ◮ Real time

Privacy Problem

[NIST] [GJL12] August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 13/59

Privacy Problem

[NIST] [GJL12]

EU - Official Journal L No.315

80% of households equipped with smart meters by 2020 in EU

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 13/59

Need for Encryption

Intercepting all measurements per round Supplier Meters . . . Round: j

m1,j m2,j m3,j mi,j m ˜

ı , j August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 14/59

Need for Encryption

Intercepting all measurements per round Supplier Meters . . . Round: j

m1,j m2,j m3,j mi,j m ˜

ı , j August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 14/59

Need for Encryption

Intercepting all measurements per round Supplier Meters . . . Round: j

m1,j m2,j m3,j mi,j m ˜

ı , j August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 14/59

Need for Aggregation

Supplier Meters . . . Round: j

Enc(m1,j) Enc(m2,j) Enc(m3,j) E n c ( mi,j ) Enc(m ˜

ı , j) August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 15/59

Need for Aggregation

Supplier Meters . . . Round: j

Enc(m1,j) Enc(m2,j) Enc(m3,j) E n c ( mi,j ) Enc(m ˜

ı , j) August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 15/59

Need for Aggregation

Supplier Meters . . . Round: j

Enc(m1,j) Enc(m2,j) Enc(m3,j) E n c ( mi,j ) Enc(m ˜

ı , j) August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 15/59

What Does the Supplier Need?

Consolidated Consumption versus Billing

Round 1 2 · · · ˜  Billing Meter 1 m1,1 m1,2 · · · m1,˜

 ˜ 

• j=1

m1,j Meter 2 m2,1 m2,2 · · · m2,˜

 ˜ 

• j=1

m2,j . . . . . . . . . ... . . . . . . Meter ˜ ı m˜

ı ,1

m˜

ı ,2

· · · m˜

ı ,˜  ˜ 

• j=1

m˜

ı ,j

Consolidated

˜ ı

• i=1

mi,1

˜ ı

• i=1

mi,2 · · ·

˜ ı

• i=1

mi,˜



=

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 16/59

What Does the Supplier Need?

Consolidated Consumption versus Billing

Round 1 2 · · · ˜  Billing Meter 1 m1,1 m1,2 · · · m1,˜

 ˜ 

• j=1

m1,j Meter 2 m2,1 m2,2 · · · m2,˜

 ˜ 

• j=1

m2,j . . . . . . . . . ... . . . . . . Meter ˜ ı m˜

ı ,1

m˜

ı ,2

· · · m˜

ı ,˜  ˜ 

• j=1

m˜

ı ,j

Consolidated

˜ ı

• i=1

mi,1

˜ ı

• i=1

mi,2 · · ·

˜ ı

• i=1

mi,˜



=

✗ ✓

PPPs only work with large aggregations

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 16/59

Aggregation

Additive homomorphic encryption primitives (AHEPs) Cj =

˜ ı

• i=1

Enc (mi,j) = Enc

˜

ı

• i=1

mi,j

• Aggregation

Meters . . . Supplier

Enc(m1,j) E n c ( m2,j ) E n c ( m

3 , j

) E n c ( m

i,j

) Enc(m ˜

ı ,j) August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 17/59

Aggregation

AHEPs

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 18/59

Cj =

˜ ı

• i=1

Enc (mi,j) = Enc

˜

ı

• i=1

mi,j

• Aggregation

Meters . . . Supplier

Enc(m1,j) E n c ( m2,j ) E n c ( m

3 , j

) E n c ( m

i,j

) Enc(m

˜ ı ,j

)

Aggregation

AHEPs

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 19/59

Cj =

˜ ı

• i=1

Enc (mi,j) = Enc

˜

ı

• i=1

mi,j

• Aggregation

Meters . . . Supplier

E n c

˜

ı

• i=1

mi,j

Requirements

Requirements for Smart Grids

Requirement 1

Recoverability of consolidated consumption

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 20/59

Requirements

Requirements for Smart Grids

Requirement 1

Recoverability of consolidated consumption

Requirement 2

Recoverability of bill based on dynamic pricing

€

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 20/59

Requirements

Requirements for Smart Grids

Requirement 1

Recoverability of consolidated consumption

Requirement 2

Recoverability of bill based on dynamic pricing

€

Requirement 3

Verification (auditability)

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 20/59

Requirements

Requirements for Smart Grids

Requirement 1

Recoverability of consolidated consumption

Requirement 2

Recoverability of bill based on dynamic pricing

€

Requirement 3

Verification (auditability)

Requirement 4

Efficiency

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 20/59

Table of Contents

Introduction Privacy-Preserving Protocols (PPPs) PPP1 - Based on SDC-Nets PPP2 - Based on Commitment PPP3 - Based on Asymmetric DC-Net (ADC-Net) PPP4 - Based on Quantum Cryptography ADC-Nets Simulation Using Real-World Data Conclusion and Outlook

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 21/59

PPP1 -

• SDC-Nets

SDC-Nets Using In-Network Aggregation [BM14a]

supplier

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 22/59

PPP1 -

• SDC-Nets

SDC-Nets Using In-Network Aggregation [BM14a]

supplier

k1 k2 k3

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 22/59

PPP1 -

• SDC-Nets

SDC-Nets Using In-Network Aggregation [BM14a]

supplier

E n c ( m1,j )

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 22/59

PPP1 -

• SDC-Nets

SDC-Nets Using In-Network Aggregation [BM14a]

supplier

E n c ( m1,j ) Enc(m2,j)

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 22/59

PPP1 -

• SDC-Nets

SDC-Nets Using In-Network Aggregation [BM14a]

supplier

E n c ( m1,j ) Enc(m2,j) Enc(m1,j) + Enc(m2,j) + Enc(m3,j) = Enc(m1,j + m2,j + m3,j)

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 22/59

PPP1 -

• SDC-Nets

SDC-Nets Using In-Network Aggregation [BM14a]

supplier

E n c ( m1,j ) Enc(m2,j) Enc(m1,j) + Enc(m2,j) + Enc(m3,j) = Enc(m1,j + m2,j + m3,j)

Encryption

Enc(mi,j) = mi,j + H(ki||j)

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 22/59

PPP1 -

• SDC-Nets

SDC-Nets Using In-Network Aggregation [BM14a]

supplier

E n c ( m1,j ) Enc(m2,j) Enc(m1,j) + Enc(m2,j) + Enc(m3,j) = Enc(m1,j + m2,j + m3,j)

Encryption

Enc(mi,j) = mi,j + H(ki||j)

Aggregation

C =

N

• i=1

Enc (mi,j)

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 22/59

PPP1 -

• SDC-Nets

SDC-Nets Using In-Network Aggregation [BM14a]

supplier

E n c ( m1,j ) Enc(m2,j) Enc(m1,j) + Enc(m2,j) + Enc(m3,j) = Enc(m1,j + m2,j + m3,j)

Encryption

Enc(mi,j) = mi,j + H(ki||j)

Aggregation

C =

N

• i=1

Enc (mi,j)

Decryption

Dec (C) = C −

N

• i=1

H(ki||j) =

N

• i=1

mi,j

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 22/59

PPP1

PPP1 meets the following requirements

Requirement 1 - ✓

Recoverability of consolidated consumption

Requirement 2 - ✗

Recoverability of bill based on dynamic pricing

€

Requirement 3 - ✗

Verification (auditability)

Requirement 4 - ✓

Efficiency

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 23/59

PPP2 -

€

• Commitment

Commitment Based on ECC [BM14a] Supplier Meters . . .

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 24/59

PPP2 -

€

• Commitment

Commitment Based on ECC [BM14a] Supplier Meters . . .

Commit(m

1 , j

)||Sign

1 , j

Commit(m2,j)||Sign2,j Commit(m

3 , j

)||Sign

3 , j

C

• m

m i t ( mi,j ) | | S i g ni,j Commit(m

˜ ı , j

)||Sign

˜ ı , j August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 24/59

PPP2 -

€

• Commitment

Commitment Based on ECC [BM14a] Supplier Meters . . .

Commit(m

1 , j

)||Sign

1 , j

Commit(m2,j)||Sign2,j Commit(m

3 , j

)||Sign

3 , j

C

• m

m i t ( mi,j ) | | S i g ni,j Commit(m

˜ ı , j

)||Sign

˜ ı , j

Commitment

Commit(mi,j) = ki · HΩ (j) + mi,j · P

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 24/59

PPP2

PPP2 meets the following requirements

Requirement 1 - ✗

Recoverability of consolidated consumption

Requirement 2 - ✓

Recoverability of bill based on dynamic pricing

€

Requirement 3 - ✓

Verification (auditability)

Requirement 4 - ✓

Efficiency

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 25/59

PPP2 - Verification

[BDBBM14; BM14b; BM14a; BBM14; BVM15] Meter i Supplier

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 26/59

PPP2 - Verification

[BDBBM14; BM14b; BM14a; BBM14; BVM15] Meter i Supplier

Enc(mi,j), Enc(mi,j+1), . . .

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 26/59

PPP2 - Verification

[BDBBM14; BM14b; BM14a; BBM14; BVM15] Meter i Supplier

Enc(mi,j), Enc(mi,j+1), . . .

Q =

j Enc(mi,j) = j ki · HΩ (j) + mi,j · P August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 26/59

PPP2 - Verification

[BDBBM14; BM14b; BM14a; BBM14; BVM15] Meter i Supplier

Enc(mi,j), Enc(mi,j+1), . . .

Q =

j Enc(mi,j) = j ki · HΩ (j) + mi,j · P

v =

j mi,j and V = j ki · HΩ (j) August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 26/59

PPP2 - Verification

[BDBBM14; BM14b; BM14a; BBM14; BVM15] Meter i Supplier

Enc(mi,j), Enc(mi,j+1), . . .

Q =

j Enc(mi,j) = j ki · HΩ (j) + mi,j · P

v =

j mi,j and V = j ki · HΩ (j)

Verification

v · P

?

= Q − V

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 26/59

PPP2 - Performance

[BM14b; BM14a; BVM15; BDBBM14; LBPN12]

exp

64

9

1/3

+ O(1)

• (ln n)1/3(ln ln n)2/3
• = 2x =

πo

2 ,

100 150 200 250 0.5 1 1.5 ·104 y = 506.526 exp(0.0128886x) y = 2x x gives the level of security by brute force y gives the key bit length Factorization Elliptic Curves

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 27/59

Table of Contents

Outline

Introduction Privacy-Preserving Protocols (PPPs) PPP1 - Based on SDC-Nets PPP2 - Based on Commitment PPP3 - Based on ADC-Net PPP4 - Based on Quantum Cryptography ADC-Nets Simulation Using Real-World Data Conclusion and Outlook

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 28/59

PPP3 -

€

• New Concept

ADC-Net - [BBM14; BM14b; BVM15] Supplier Meters . . .

Enc(m

1 , j

)||Sign

1 , j

Enc(m2,j)||Sign2,j Enc(m

3 , j

)||Sign

3 , j

. . . Enc(m

˜ ı , j

)||Sign

˜ ı , j August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 29/59

PPP3 -

€

• New Concept

ADC-Net - [BBM14; BM14b; BVM15] Supplier Meters . . .

Enc(m

1 , j

)||Sign

1 , j

Enc(m2,j)||Sign2,j Enc(m

3 , j

)||Sign

3 , j

. . . Enc(m

˜ ı , j

)||Sign

˜ ı , j

Encryption

Enc : Zn × Zn → Zn2 Enci(mi,j) → (1 + n)mi,j · ghj ·ki mod n2

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 29/59

PPP3 -

€

• New Concept

ADC-Net - [BBM14; BM14b; BVM15] Supplier Meters . . .

Enc(m

1 , j

)||Sign

1 , j

Enc(m2,j)||Sign2,j Enc(m

3 , j

)||Sign

3 , j

. . . Enc(m

˜ ı , j

)||Sign

˜ ı , j

Encryption

Enc : Zn × Zn → Zn2 Enci(mi,j) → (1 + n)mi,j · ghj ·ki mod n2

Aggregation

Cj = ˜

ı i=1 Enci(mi,j) August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 29/59

PPP3 -

€

• New Concept

ADC-Net - [BBM14; BM14b; BVM15] Supplier Meters . . .

Enc(m

1 , j

)||Sign

1 , j

Enc(m2,j)||Sign2,j Enc(m

3 , j

)||Sign

3 , j

. . . Enc(m

˜ ı , j

)||Sign

˜ ı , j

Encryption

Enc : Zn × Zn → Zn2 Enci(mi,j) → (1 + n)mi,j · ghj ·ki mod n2

Aggregation

Cj = ˜

ı i=1 Enci(mi,j)

Decryption

Dec : Zn2 → Zn Dec (Cj) → (Cj ·g−ht ·s

mod n2)−1 n August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 29/59

PPP3

PPP3 meets the following requirements

Requirement 1 - ✓

Recoverability of consolidated consumption

Requirement 2 - ✓

Recoverability of bill based on dynamic pricing

€

Requirement 3 - ✓

Verification (auditability)

Requirement 4 - ✓

Efficiency

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 30/59

PPP4 -

• Quantum Cryptography

No Keys [BSM14; BPP12] Supplier Meters . . .

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 31/59

PPP4 -

• Quantum Cryptography

No Keys [BSM14; BPP12] Supplier Meters . . .

| ψ

1

• U1

|ψ2U2 |ψ ˜

ı U ˜

ı

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 31/59

PPP4 -

• Quantum Cryptography

No Keys [BSM14; BPP12] Supplier Meters . . .

| ψ

1

• U1

|ψ2U2 |ψ ˜

ı U ˜

ı

exp( ı ˆ NU1δ1)|ψ1U1 exp( ı ˆ N

U 2

δ

2

)|ψ

2

• U

2

exp( ı ˆ NU ˜

ı δ ˜

ı )|ψ ˜ ı U ˜

ı

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 31/59

PPP4

PPP4 meets the following requirements

Requirement 1 - ✓

Recoverability of consolidated consumption

Requirement 2 - ✗

Recoverability of bill based on dynamic pricing

€

Requirement 3 - ✗

Verification (auditability)

Requirement 4 - depends on quantum devices

Efficiency

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 32/59

Table of Contents

Introduction Privacy-Preserving Protocols (PPPs) PPP1 - Based on SDC-Nets PPP2 - Based on Commitment PPP3 - Based on Asymmetric DC-Net (ADC-Net) PPP4 - Based on Quantum Cryptography ADC-Nets Simulation Using Real-World Data Conclusion and Outlook

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 33/59

Symmetric DC-Nets (SDC-Nets)

[Cha88] - Dining Cryptographers Problem

Agent A B C

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 34/59

SDC-Nets

[Cha88] - Dining Cryptographers Problem

Agent A B C

KBA KAB

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 34/59

SDC-Nets

[Cha88] - Dining Cryptographers Problem

Agent A B C

KBA KAB KCB KBC

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 34/59

SDC-Nets

[Cha88] - Dining Cryptographers Problem

Agent A B C

KBA KAB KCB KBC KAC KCA

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 34/59

SDC-Nets

Unconditional Secure [Cha88]

Agent A B C

m1,j + kAB + kAC − kBA − kCA

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 35/59

SDC-Nets

Unconditional Secure [Cha88]

Agent A B C

m1,j + kAB + kAC − kBA − kCA m

2,j

+ k

BA

+ k

BC

− k

AB

− k

CB August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 35/59

SDC-Nets

Unconditional Secure [Cha88]

Agent A B C

m1,j + kAB + kAC − kBA − kCA m

2,j

+ k

BA

+ k

BC

− k

AB

− k

CB

m

3,j

+ k

CA

+ k

CB

− k

AC

− k

BC August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 35/59

SDC-Nets

Unconditional Secure [Cha88]

Agent A B C

m1,j +kAB +kAC − kBA − kCA m

2,j

+ k

BA

+ k

BC

− k

AB

− k

CB

m

3,j

+ k

CA

+ k

CB

− k

AC

− k

BC August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 35/59

SDC-Nets

Unconditional Secure [Cha88]

Agent A B C

m1,j +kAB +kAC − kBA − kCA m

2,j

+ k

BA

+ k

BC

− k

AB

− k

CB

m

3,j

+ k

CA

+ k

CB

− k

AC

− k

BC August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 35/59

SDC-Nets

Unconditional Secure [Cha88]

Agent A B C

m1,j +kAB +kAC − kBA − kCA m

2,j

+ k

BA

+ k

BC

− k

AB

− k

CB

m

3,j

+ k

CA

+ k

CB

− k

AC

− k

BC August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 35/59

SDC-Nets

[GJ04]

Agent A B C

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 36/59

SDC-Nets

[GJ04]

Agent A B C

m1,j +H(kAB||j) +H(kAC||j) − H(kBA||j) − H(kCA||j)

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 36/59

SDC-Nets

[GJ04]

Agent A B C

m1,j +H(kAB||j) +H(kAC||j) − H(kBA||j) − H(kCA||j) m

2,j

+ H ( k

BA

| | j ) + H ( k

BC

| | j ) − H ( k

AB

| | j ) − H ( k

CB

| | j )

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 36/59

SDC-Nets

[GJ04]

Agent A B C

m1,j +H(kAB||j) +H(kAC||j) − H(kBA||j) − H(kCA||j) m

2,j

+ H ( k

BA

| | j ) + H ( k

BC

| | j ) − H ( k

AB

| | j ) − H ( k

CB

| | j ) m

3,j

+ H ( k

CA

| | j ) + H ( k

CB

| | j ) − H ( k

AC

| | j ) − H ( k

BC

| | j )

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 36/59

SDC-Net

Keys for 10 users

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 37/59

SDC-Net

Keys for 10 users

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 37/59

SDC-Net

Keys for 10 users

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 37/59

SDC-Nets versus AHEPs

Symmetric DC-Nets (SDC-Nets)

Agent A B C

m1,j + H(kAB||j) + H(kAC||j) − H(kBA||j) − H(kCA||j) m2,j + H(kBA||j) + H(kBC||j) − H(kAB||j) − H(kCB||j) m3,j + H(kCA||j) + H(kCB||j) − H(kAC||j) − H(kBC||j)

Additive homomorphic encryption primitives (AHEPs)

Agent

E n c ( m

1 , j

) Enc(m2,j) Enc(m1,j) · Enc(m2,j) · Enc(m3,j) = Enc(m1,j + m2,j + m3,j)

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 38/59

ADC-Net

Required Properties [BBM14; BM14b; BVM15]

Properties SDC-Nets AHEPs ADC-Net Collusion of O(˜ ı ) ✓ ✗ Set of trusted users ✓ ✗ Messages to the counting agent ✓ ✗ Minimum number of messages ✓ ✓ Scalable ✗ ✓ Permanent keys ✓ ✓ Based on trapdoors ✓ ✓ Keys stored per user 2(˜ ı − 1) 1 Total of keys O(˜ ı 2) 2 Polynomial time ✓ ✓ One cannot disrupt ✗ ✗ Verification as commitment ✗ ✗

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 39/59

ADC-Net

Required Properties [BBM14; BM14b; BVM15]

Properties SDC-Nets AHEPs ADC-Net Collusion of O(˜ ı ) ✓ ✗ ✓ Set of trusted users ✓ ✗ ✓ Messages to the counting agent ✓ ✗ ✓ Minimum number of messages ✓ ✓ ✓ Scalable ✗ ✓ ✓ Permanent keys ✓ ✓ ✓ Based on trapdoors ✓ ✓ ✓ Keys stored per user 2(˜ ı − 1) 1 1 Total of keys O(˜ ı 2) 2 O(˜ ı ) Polynomial time ✓ ✓ ✓ One cannot disrupt ✗ ✗ ✓ Verification as commitment ✗ ✗ ✓

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 40/59

Interesting Results

Beyond the State of the Art

Result:

Asymmetric DC-Nets are abstractions of Symmetric DC-Nets [BBM14]

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 41/59

Interesting Results

Beyond the State of the Art

Result:

Asymmetric DC-Nets are abstractions of Symmetric DC-Nets [BBM14]

Result:

AHEPs are particular cases of ADC-Nets

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 41/59

Interesting Results

Beyond the State of the Art

Result:

Asymmetric DC-Nets are abstractions of Symmetric DC-Nets [BBM14]

Result:

AHEPs are particular cases of ADC-Nets

Example

Paillier is a particular case of an ADC-Net

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 41/59

Table of Contents

Introduction Privacy-Preserving Protocols (PPPs) PPP1 - Based on SDC-Nets PPP2 - Based on Commitment PPP3 - Based on Asymmetric DC-Net (ADC-Net) PPP4 - Based on Quantum Cryptography ADC-Nets Simulation Using Real-World Data Conclusion and Outlook

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 42/59

Dataset

Raw Dataset ✗

The raw dataset has inconsistencies

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 43/59

Dataset

Raw Dataset ✗

The raw dataset has inconsistencies

Sanitized Dataset ✓

◮ 6 435 meters ◮ 25 726 rounds ◮ 165 546 810 measurements

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 43/59

Dataset

Raw Dataset ✗

The raw dataset has inconsistencies

Sanitized Dataset ✓

◮ 6 435 meters ◮ 25 726 rounds ◮ 165 546 810 measurements

Verification

Inconsistencies ⇒ measurements collected without verification

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 43/59

Comparison of requirements

between Privacy-Preserving Protocol (PPP)

Protocol

€

Efficiency Enc Agg Dec PPP1 ✓ ✗ ✗ O(1) O(˜ ı ) O(˜ ı ) PPP2 ✗ ✓ ✓ O(log(k)) O(˜ ı ) O(k) PPP3 ✓ ✓ ✓ O(log(k)) O(˜ ı ) O(log(k)) EPPP4SMS ✓ ✓ ✓ 2O(log(k)) O(˜ ı ) O(log(n)) LOP - SDC-Net ✓ ✗ ✗ O(˜ ı ) NA O(˜ ı ) Paillier - AHEP ✓ ✗ ✗ O(log(n)) O(˜ ı ) O(log(n))

IEEE Trans. Smart Grid - Impact Factor: 4.334

“EPPP4SMS: Efficient Privacy-Preserving Protocol for Smart Metering Systems and Its Simulation Using Real-World Data”

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 44/59

Overall Performance

Race protocols

Telecooperation

Smart Grids Smart Meters

Efficient Protocols

PPP1 PPP2 PPP3 EPPP4SMS LOP Paillier

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 45/59

Overall Performance

Race protocols

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 46/59

Horst Görtz Foundation

PPP1: the Fastest Efficient Protocols

TK Maxx Darmstadt

PPP1 PPP2 PPP3 EPPP4SMS LOP Paillier

Overall Performance

Race protocols

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 47/59

PPP3 is the Favorite PPP3: the Complete

One Selected Award 10 Selected Papers

PPP1 PPP2 PPP3 EPPP4SMS LOP Paillier

Table of Contents

Introduction Privacy-Preserving Protocols (PPPs) PPP1 - Based on SDC-Nets PPP2 - Based on Commitment PPP3 - Based on Asymmetric DC-Net (ADC-Net) PPP4 - Based on Quantum Cryptography ADC-Nets Simulation Using Real-World Data Conclusion and Outlook

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 48/59

Conclusion

◮ Privacy-Preserving Protocols (PPPs) only work for large

aggregations

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 49/59

Conclusion

◮ PPPs only work for large aggregations ◮ PPP1 has the fastest Enc (mi,j)

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 49/59

Conclusion

◮ PPPs only work for large aggregations ◮ PPP1 has the fastest Enc (mi,j) ◮ PPP2 and PPP3 are exponentially faster than others

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 49/59

Conclusion

◮ PPPs only work for large aggregations ◮ PPP1 has the fastest Enc (mi,j) ◮ PPP2 and PPP3 are exponentially faster than others ◮ PPP4 is resistant against quantum attacks

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 49/59

Conclusion

◮ PPPs only work for large aggregations ◮ PPP1 has the fastest Enc (mi,j) ◮ PPP2 and PPP3 are exponentially faster than others ◮ PPP4 is resistant against quantum attacks ◮ The concept of ADC-Nets is introduced

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 49/59

Selected Publications

Journal Papers

[BM14b] Fábio Borges and Max Mühlhäuser. EPPP4SMS: efficient privacy- preserving protocol for smart metering systems and its simulation using real-world data. IEEE trans. smart grid, 5(6):2701–2708, 2014 Impact Factor 4.334 h5-index 54 [BSM14] Fábio Borges, Raqueline A. M. Santos, and Franklin L. Marquezino. Preserving privacy in a smart grid scenario using quantum mechan- ics. Security and communication networks:n/a–n/a, 2014 Impact Factor 0.433 h5-index 19 [LBPN12] Pedro Lara, Fábio Borges, Renato Portugal, and Nadia Nedjah. Par- allel modular exponentiation using load balancing without precom- putation. Journal of computer and system sciences, 78(2):575– 582, 2012 Impact Factor 1.091 h5-index 30

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 50/59

Selected Publications

Award

[BBM14] Fábio Borges, Johannes Buchmann, and Max Mühlhäuser. Introducing asymmetric dc-nets. In Communications and network security (CNS), 2014 IEEE conference on, 2014, pages 508–509 Best Poster Award - IEEE Communications Society

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 51/59

Selected Publications

Conference Papers

[BBM14] Fábio Borges, Johannes Buchmann, and Max Mühlhäuser. Introducing asymmetric dc-nets. In Communications and network security (CNS), 2014 IEEE conference on, 2014, pages 508–509 [BM14a] Fábio Borges and Leonardo A. Martucci. iKUP keeps users’ privacy in the smart grid. In Communications and network security (CNS), 2014 IEEE conference on, 2014, pages 310–318 [BDBBM14] Fábio Borges, Denise Demirel, Leon Böck, Johannes Buchmann, and Max Mühlhäuser. A privacy- enhancing protocol that provides in-network data aggregation and verifiable smart meter billing. In Computers and communication (ISCC), 2014 IEEE symposium on, 2014, pages 1–6 [BMBM14] Fábio Borges, Leonardo A. Martucci, Filipe Beato, and Max Mühlhäuser. Secure and privacy- friendly public key generation and certification. In Trust, security and privacy in computing and communications (TrustCom), 2014 IEEE 13th international conference on, 2014, pages 114–121 [BMM12] Fábio Borges, Leonardo A. Martucci, and Max Mühlhäuser. Analysis of privacy-enhancing pro- tocols based on anonymity networks. In Smart grid communications (SmartGridComm), 2012 IEEE third international conference on, 2012, pages 378–383 [BPP12] Fábio Borges, Albrecht Petzoldt, and Renato Portugal. Small private keys for systems of mul- tivariate quadratic equations using symmetric cryptography. In XXXIV CNMAC - congrasso nacional de matemática aplicada e computacional. Águas de Lindóia - SP, 2012, pages 1085– 1091 [BVM15] Fábio Borges, Florian Volk, and Max Mühlhäuser. Efficient, verifiable, secure, and privacy-friendly computations for the smart grid. In Innovative smart grid technologies conference (ISGT), 2015 IEEE power energy society, 2015, pages 1–5 August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 52/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets ◮ AHEPs

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets ◮ AHEPs

◮ electronic voting August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets ◮ AHEPs

◮ electronic voting ◮ reputation systems August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets ◮ AHEPs

◮ electronic voting ◮ reputation systems ◮ sensor networks August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets ◮ AHEPs

◮ electronic voting ◮ reputation systems ◮ sensor networks ◮ electronic money August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets ◮ AHEPs

◮ electronic voting ◮ reputation systems ◮ sensor networks ◮ electronic money ◮ mobile sensing August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets ◮ AHEPs

◮ electronic voting ◮ reputation systems ◮ sensor networks ◮ electronic money ◮ mobile sensing ◮ multi-party computation August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Outlook

ADC-Nets can be used in applications that require:

◮ SDC-Nets ◮ AHEPs

◮ electronic voting ◮ reputation systems ◮ sensor networks ◮ electronic money ◮ mobile sensing ◮ multi-party computation ◮ image processing August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 53/59

Thank You!

All comments and suggestions are welcomed. Contact: borges@lncc.de

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 54/59

Contributions

• 1. Detection of profile in

protocols based on noise

• 2. Reasons for frequent

measurements

◮ Detection of fraud and

energy loss

◮ Virtualization of a

commodity network

◮ Fair Distribution

(challenge)

• 3. Minimal requirements for

PPPs

• 4. Limitations for all PPPs

◮ Algebraic properties ◮ Probabilistic properties

• 5. The concept of ADC-Nets

◮ Abstractions of SDC-Nets ◮ Generalization of AHEPs

• 6. Four new PPPs

◮ PPP1 is the fastest ◮ PPP2 uses commitment

with elliptic curve

◮ PPP3 is an ADC-Net ◮ PPP4 is resistant against

quantum attacks

• 7. An SDC-Net that behaves

as AHEPs

• 8. Detection of inconsistencies

in the dataset

• 9. Theoretical analysis

validated with simulation

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 55/59

Bibliography I

Fábio Borges, Johannes Buchmann, and Max Mühlhäuser. Introducing asymmetric dc-nets. In Communications and network security (CNS), 2014 IEEE conference on, 2014, pages 508–509. Fábio Borges, Denise Demirel, Leon Böck, Johannes Buchmann, and Max Mühlhäuser. A privacy-enhancing protocol that provides in-network data aggregation and verifiable smart meter billing. In Computers and communication (ISCC), 2014 IEEE symposium on, 2014, pages 1–6. Fábio Borges and Leonardo A. Martucci. iKUP keeps users’ privacy in the smart grid. In Communications and network security (CNS), 2014 IEEE conference on, 2014, pages 310–318. Fábio Borges and Max Mühlhäuser. EPPP4SMS: efficient privacy-preserving protocol for smart metering systems and its simulation using real-world data. IEEE trans. smart grid, 5(6):2701–2708, 2014.

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 56/59

Bibliography II

Fábio Borges, Leonardo A. Martucci, Filipe Beato, and Max Mühlhäuser. Secure and privacy-friendly public key generation and certification. In Trust, security and privacy in computing and communications (TrustCom), 2014 IEEE 13th international conference on, 2014, pages 114–121. Fábio Borges, Leonardo A. Martucci, and Max Mühlhäuser. Analysis of privacy-enhancing protocols based on anonymity

• networks. In Smart grid communications (SmartGridComm), 2012

IEEE third international conference on, 2012, pages 378–383. Fábio Borges, Albrecht Petzoldt, and Renato Portugal. Small private keys for systems of multivariate quadratic equations using symmetric cryptography. In XXXIV CNMAC - congrasso nacional de matemática aplicada e computacional. Águas de Lindóia - SP, 2012, pages 1085–1091. Fábio Borges, Raqueline A. M. Santos, and Franklin L. Marquezino. Preserving privacy in a smart grid scenario using quantum

• mechanics. Security and communication networks:n/a–n/a, 2014.

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 57/59

Bibliography III

Fábio Borges, Florian Volk, and Max Mühlhäuser. Efficient, verifiable, secure, and privacy-friendly computations for the smart

• grid. In Innovative smart grid technologies conference (ISGT),

2015 IEEE power energy society, 2015, pages 1–5.

• D. Chaum. The dining cryptographers problem: unconditional

sender and recipient untraceability. J. cryptol., 1(1):65–75, March 1988. Philippe Golle and Ari Juels. Dining cryptographers revisited.

• English. In Christian Cachin and JanL. Camenisch, editors,

Advances in cryptology - eurocrypt 2004. Volume 3027, in Lecture Notes in Computer Science, pages 456–473. Springer Berlin Heidelberg, 2004. Ulrich Greveler, Benjamin Justus, and Dennis Löhr. Identifikation von videoinhalten über granulare stromverbrauchsdaten. In

• Sicherheit. Neeraj Suri and Michael Waidner, editors. Volume 195.

In LNI. GI, 2012, pages 35–45.

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 58/59

Bibliography IV

Pedro Lara, Fábio Borges, Renato Portugal, and Nadia Nedjah. Parallel modular exponentiation using load balancing without

• precomputation. Journal of computer and system sciences,

78(2):575–582, 2012.

August 31, 2015 – LNCC – CSR – Pós – TU Darmstadt – FB – 59/59