A Practical Smart Metering System Supporting Privacy Preserving Billing

and Load Monitoring

Hsiao-Ying LinNational Chiao Tung University

Joint work with Wen-Guey Tzeng, Shiuan-Tzuo Shen, Bao-Shuh P. Lin

2

Smart Grid =Intelligence + Automation + Power Grid

▫ Increase energy efficiency ▫ Improve system reliability & quality

Massive electricity generator

Grid operator

MeterElectricity

transmission & distribution

Substation

Resident area

Renewable energy generator

Intra/Internet

Power flow Communication flow

3

Smart Grid Features

•Features▫Two-way power flows▫Communication systems among electricity entities

Automatic Meter Reading

Advanced Meter Infrastructure

Smart Grid Application

4

Meter & Meter Reading

•Measurement of power consumption▫Traditional:

manually record per month

▫Smart meter: automatically record per minute ~ millisecond

5

Smart Grid Applications

•Automatic billing▫Support many price policies

•Load monitoring▫Monitor current state of smart grid

Electricity Service Provider(ESP)Price information

Time Price

Power consumption

Bill

Power consumption

Load Monitoring Center(LMC)

6

Example: Ontario Time-of-use Pricing

•During Winter Midnight

Noon

A.M.P.M.

7

5

11

7

Off-Peak6.5 ￠ /kWh

Mid-Peak10 ￠ /kWh

On-Peak11.7 ￠ /kWh

7

Privacy Issue•Detailed meter readings reveal daily activities

▫When and what appliances are used

Hart, G.W: Nonintrusive appliance load monitoring, IEEE Proceedings 1992

Refrigerator

Stove Burner

Time(Min)

8

Privacy Preserving Automatic Billing• Trusted third party computes the bill

▫The grid operator

• Homomorphic commitment + zero knowledge proof (ZKP)▫Meter readings are committed ▫The bill is computed by the consumer▫Only the bill is opened to ESP▫ESP verifies correctness of the bill by using ZKP

9

Privacy Preserving Load Monitoring• Trusted third party aggregates the power consumption

• Secret shares of 0 among meters▫Need handling meter leaving and joining

• Random noises on meter readings▫LMC gets approximate sum of meter readings

LMC

ELMC(reading1)

ELMC(reading3)

ELMC(reading2)

ELMC(sum of readings)TTP

sum of readings

Reading1+secret share1

Reading3+secret share3

Reading2+secret share2 sum of readings

LMC

10

Our Contribution

•A smart metering system ▫Supporting automatic billing & load monitoring▫Privacy preserving against service providers

Electricity service provider (ESP) Load monitoring center (LMC) Storage service provider

▫Using pseudo-random numbers & TPM▫Without a trusted third party ▫Without mutual communication among meters

11

System Model

displayBarcode IDTPM module

MeterMeter readings

Area 1Area 2

Time……………

…

Area 2

Area 1

Storage system

Load monitoring center (LMC)

H1 M1H2 M2

Electricity Service Provider (ESP)

12

Meter Model

• A meter has a trusted platform module• Power consumption is measured in Wh per 5 min• Present meter readings in integers

13

Arrange Encrypted Meter Readings

Area 1

Area 2

H2 M2

H3 M3

H4 M4

H5 M5

H6 M6

H7 M7

H8 M8

10987654321 tttttttttt10,19,18,17,16,15,14,13,12,11,1 cccccccccc10,29,28,27,26,25,24,23,22,21,2 cccccccccc10,39,38,37,36,35,34,33,32,31,3 cccccccccc

10,49,48,47,46,45,44,43,42,41,4 cccccccccc10,59,58,57,56,55,54,53,52,51,5 cccccccccc

10,69,68,67,66,65,64,63,62,61,6 cccccccccc 8,77,76,75,74,73,72,71,7 cccccccc

10,89,88,87,86,85,84,83,82,81,8 cccccccccc

Current time unitCurrent time window W (L time units)

Area 3

H9 M9 10,99,98,97,96,95,94,9 ccccccc

H1 M1

L = 4

14

Requirements

•Assume all entities are semi-honest•ESP can only query a meter for power consumption

of aL continuous time units (each query)

•LMC can only query meters for meter readingsat a time unit in a current time window W

15

Arrange Encrypted Meter Readings

Area 1

Area 2

H2 M2

H3 M3

H4 M4

H5 M5

H6 M6

H7 M7

H8 M8

10987654321 tttttttttt10,19,18,17,16,15,14,13,12,11,1 cccccccccc10,29,28,27,26,25,24,23,22,21,2 cccccccccc10,39,38,37,36,35,34,33,32,31,3 cccccccccc

10,49,48,47,46,45,44,43,42,41,4 cccccccccc10,59,58,57,56,55,54,53,52,51,5 cccccccccc

10,69,68,67,66,65,64,63,62,61,6 cccccccccc 8,77,76,75,74,73,72,71,7 cccccccc

10,89,88,87,86,85,84,83,82,81,8 cccccccccc

LMC

Current time unit

ESP

Area 3

H9 M9 10,99,98,97,96,95,94,9 ccccccc

H1 M1

L = 4

16

Main Idea

•Encrypt meter readings:

•Let ESP know

prdc jijiji mod,,,

4,13,12,11,1

4,13,12,11,14,13,12,11,1 mod))((

dddd

prrrrcccc

Power consumption of Meter 1 during t1 to t4

prrrr mod4,13,12,11,1

17

Main Idea

•Encrypt meter readings:

•Service providers interact with meters▫ESP queries a meter for a sum of random numbers

spanning over aL time units (horizontal block)

▫LMC queries a set of meters for noised random numbers

at a time unit in current time window W (vertical block)

prdc jijiji mod,,,

A meter has to remember all used random numbers

18

Arranging Random Numbers of a Meter• TPM generates random numbers • Driver computes random numbers

prR Lj

jk kiji mod1,,

1,1r 2,1r 1,1 Lr Lr ,1 1,1 Lr 2,1 Lr

1,1R

2,1R

3,1R

… …

…

3,1r

L FIFO memory slots

19

Construction • System parameter: A large number p• Meter Initialization

▫Pseudorandom number generator g▫Hash functions h and h’

Seed si

Master key ki =h’(si||SNi)

Mi

SNi

L FIFO memory slots

g(ki,t1) g(ki,t2) g(ki,tL-1)

prRr L

k kiiLi mod1

1 ,1,,

))||...||(,( 211, Lii ttthkgR

20

Storage of meter readings• At time unit tj

▫ Encrypt current reading d by using current r and store c

▫ Generate a new R:▫ Compute a new r from R and store it in a memory slot

ri,j ri,j+1 ri,j+L-2

prdc jijiji mod,,,

prRr Lj

jk kijiLji mod1

1 ,1,,

prdc jijiji mod,,,

ri,j+L

ri,j+L-1

))||...||(,( 211, Ljjjiji ttthkgR

ri,j+L-2 ri,j+L-1ri,j+1

21

Supporting Automatic Billing• ESP accesses the storage system

• ESP queries Mi for L continuous time units

• Mi returns Ri,j where

• ESP computes the power consumption

• ESP can query aL continuous time units for any integer a>0

Area 1

10987654321 tttttttttt10,19,18,17,16,15,14,13,12,11,1 ccccccccccH1 M1

11,...,, Ljjj ttt

))||...||||(,( 11, Ljjjiji ttthkgR

pddd

pRccc

Ljijiji

jiLjijiji

mod)...(

mod)...(

1,1,,

,1,1,,

22

Privacy Requirement

• We consider honest-but-curious ESP• ESP cannot get individual meter readings of a household

• We prove that ESP cannot distinguish two sets of meter readings which have the same sum

• The proof relies on pseudorandom number generator g

23

Supporting Load Monitoring• LMC accesses the storage system • W is the current time window containing L time units• LMC queries meters in an area for data in time unit tj in W

A meter cannot directly return the random number r

24

Supporting Load Monitoring• A meter returns [random number + noise]

▫ Normal distribution ▫ Select a random noise according to▫ Read the random number from the FIFO memory slot ▫ Compute

• LMC computes [meter reading – noise]▫

),0( 2Njin , ),0( 2N

random number + noise

ppnrr jijiji mod)(~,,,

Prevent overflowing

))mod~(~,,, pprcd jijiji

pppnd jiji )mod( ,,

jiji nd ,,

25

Correctness & Privacy• LMC gets an approximate sum of m meter readings

▫ Real sum ▫ Define error ratio

▫ ▫ By Chebyshev inequality

• LMC gets only an approximate value

S~

dmdSi ji

ˆ,

SSS /|~|

22

2

ˆ1]|~Pr[|]Pr[

dm

SSS

Average of meter reading per time unit

i jinSS ,

~),0( 2mN

Tradeoff : correctness and privacy

A smaller a better approximate

2,,, 41

21]0Pr[]~Pr[

jijiji ndd

26

Performance Analysis

• |p|=64, a time unit is 5 min

• Commercial TPM chip▫1024-bit RSA signature: 100ms

• Assumption▫1024-bit random number generation:100ms▫64-bit random number is about 7ms▫64-bit modular addition: 7ms

Computation can be done in a time unit

27

Summary

•Design a smart metering system▫Using external storage service▫Supporting privacy preserving billing & load monitoring▫W/O a trusted third party and heavy crypto-operation

28

Future Work

•Consider integrity of meter readings•Evaluate performance by prototype systems •Eliminate interactions between meters & providers•Consider a bidirectional smart meter model