A Practical Smart Metering System
Supporting Privacy Preserving Billing
and Load Monitoring
Hsiao-Ying Lin
National Chiao Tung University
Joint work with Wen-Guey Tzeng, Shiuan-Tzuo Shen, Bao-Shuh P. Lin
Smart Grid
=Intelligence + Automation + Power Grid
▫ Increase energy efficiency
▫ Improve system reliability & quality
Meter
Massive electricity
generator
Electricity transmission
& distribution
Grid operator
Substation
Resident area
Intra/Internet
Renewable energy
generator
Power flow
Communication flow
2
Smart Grid Features
• Features
▫ Two-way power flows
▫ Communication systems among electricity entities
Smart Grid Application
Advanced Meter Infrastructure
Automatic Meter Reading
3
Meter & Meter Reading
• Measurement of power consumption
▫ Traditional:
manually record per month
▫ Smart meter:
automatically record per minute ~ millisecond
4
Smart Grid Applications
• Automatic billing
▫ Support many price policies
Power consumption
Electricity Service
Provider(ESP)
Price information
Time Price
Bill
• Load monitoring
▫ Monitor current state of smart grid
Power consumption
Load Monitoring
Center(LMC)
5
Example: Ontario Time-of-use Pricing
• During Winter
Midnight
Off-Peak
6.5 ￠/kWh
7
P.M.
5
A.M.
Mid-Peak
10 ￠/kWh
7
On-Peak
11.7 ￠/kWh
Noon
11
6
Privacy Issue
• Detailed meter readings reveal daily activities
▫ When and what appliances are used
Stove Burner
Refrigerator
Time(Min)
Hart, G.W: Nonintrusive appliance load monitoring, IEEE Proceedings 1992
7
Privacy Preserving Automatic Billing
• Trusted third party computes the bill
▫ The grid operator
• Homomorphic commitment + zero knowledge proof (ZKP)
▫ Meter readings are committed
▫ The bill is computed by the consumer
▫ Only the bill is opened to ESP
▫ ESP verifies correctness of the bill by using ZKP
8
Privacy Preserving Load Monitoring
• Trusted third party aggregates the power consumption
ELMC(reading1)
ELMC(reading2)
TTP
ELMC(sum of readings)
LMC
sum of readings
ELMC(reading3)
• Secret shares of 0 among meters
▫ Need handling meter leaving and joining
Reading1+secret share1
Reading2+secret share2
LMC
sum of readings
Reading3+secret share3
• Random noises on meter readings
▫ LMC gets approximate sum of meter readings
9
Our Contribution
• A smart metering system
▫ Supporting automatic billing & load monitoring
▫ Privacy preserving against service providers
 Electricity service provider (ESP)
 Load monitoring center (LMC)
 Storage service provider
▫ Using pseudo-random numbers & TPM
▫ Without a trusted third party
▫ Without mutual communication among meters
10
System Model
Electricity Service
Provider (ESP)
Storage system
Time
H1 M1
Area 1 H2 M2
Load monitoring
center (LMC)
…
Area 2
…
Meter
display
Barcode ID
…
…
…
…
Meter readings
TPM module
Area 2
Area 1
11
Meter Model
• A meter has a trusted platform module
• Power consumption is measured in Wh per 5 min
• Present meter readings in integers
12
Arrange Encrypted Meter Readings
Current time window W (L time units)
Current time unit
t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 L = 4
Area 1
H1 M1
H2 M2
H3 M3
Area 2
H4 M4
H5 M5
H6 M6
H7 M7
H8 M8
Area 3
H9 M9
c1,1 c1, 2 c1,3 c1, 4 c1,5 c1,6 c1,7 c1,8 c1,9 c1,10
c2,1 c2,2 c2,3 c2, 4 c2,5 c2,6 c2,7 c2,8 c2,9 c2,10
c3,1 c3, 2 c3,3 c3, 4 c3,5 c3,6 c3,7 c3,8 c3,9 c3,10
c4,1 c4,2 c4,3 c4, 4 c4,5 c4,6 c4,7 c4,8 c4,9 c4,10
c5,1 c5, 2 c5,3 c5, 4 c5,5 c5,6 c5,7 c5,8 c5,9 c5,10
c6,1 c6, 2 c6,3 c6, 4 c6,5 c6,6 c6,7 c6,8 c6,9 c6,10
c7,1 c7, 2 c7,3 c7, 4 c7,5 c7,6 c7,7 c7,8
c8,1 c8, 2 c8,3 c8, 4 c8,5 c8,6 c8,7 c8,8 c8,9 c8,10
c9, 4 c9,5 c9,6 c9,7 c9,8 c9,9 c9,10
13
Requirements
• Assume all entities are semi-honest
• ESP can only query a meter for power consumption
of aL continuous time units (each query)
• LMC can only query meters for meter readings
at a time unit in a current time window W
14
Arrange Encrypted Meter Readings
Current time unit
t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 L = 4
Area 1
H1 M1
H2 M2
H3 M3
Area 2
H4 M4
H5 M5
H6 M6
H7 M7
H8 M8
Area 3
H9 M9
c1,1 c1, 2 c1,3 c1, 4 c1,5 c1,6 c1,7 c1,8 c1,9 c1,10
c2,1 c2,2 c2,3 c2, 4 c2,5 c2,6 c2,7 c2,8 c2,9 c2,10
c3,1 c3, 2 c3,3 c3, 4 c3,5 c3,6 c3,7 c3,8 c3,9 c3,10
c4,1 c4,2 c4,3 c4, 4 c4,5 c4,6 c4,7 c4,8 c4,9 c4,10
c5,1 c5, 2 c5,3 c5, 4 c5,5 c5,6 c5,7 c5,8 c5,9 c5,10
c6,1 c6, 2 c6,3 c6, 4 c6,5 c6,6 c6,7 c6,8 c6,9 c6,10
c7,1 c7, 2 c7,3 c7, 4 c7,5 c7,6 c7,7 c7,8
c8,1 c8, 2 c8,3 c8, 4 c8,5 c8,6 c8,7 c8,8 c8,9 c8,10
c9, 4 c9,5 c9,6 c9,7 c9,8 c9,9 c9,10
LMC
ESP
15
Main Idea
• Encrypt meter readings:
ci, j  di , j  ri, j mod p
• Let ESP know r1,1  r1, 2  r1,3  r1, 4 mod p
 (c1,1  c1, 2  c1,3  c1, 4  (r1,1  r1, 2  r1,3  r1, 4 )) mod p
 d1,1  d1, 2  d1,3  d1, 4
Power consumption of Meter 1 during t1 to t4
16
Main Idea
• Encrypt meter readings:
ci, j  di , j  ri, j mod p
• Service providers interact with meters
▫ ESP queries a meter for a sum of random numbers
spanning over aL time units (horizontal block)
▫ LMC queries a set of meters for noised random numbers
at a time unit in current time window W (vertical block)
A meter has to remember all used random numbers
17
Arranging Random Numbers of a Meter
• TPM generates random numbers
• Driver computes random numbers
R1, 2
r1,1
r1, 2
r1,3
… r1, L1 r1, L
r1, L1 r1, L2
L FIFO memory slots
…
Ri , j  k  j ri ,k mod p
j  L 1
R1,1
R1,3 …
18
Construction
• System parameter: A large number p
• Meter Initialization
▫ Pseudorandom number generator g
▫ Hash functions h and h’
Ri,1  g (ki , h(t1 || t2 ...|| tL ))
L 1
Mi Master key ki
ri , L  Ri ,1  k 1 ri ,k mod p
Seed si
=h’(si||SNi)
SNi
g(ki,t1) g(ki,t2)
g(ki,tL-1)
L FIFO memory slots
19
Storage of meter readings
• At time unit tj
▫ Encrypt current reading d by using current r and store c
ci, j  di , j  ri, j mod p
▫ Generate a new R: Ri , j 1  g (ki , h(t j 1 || t j 2 ...|| t j  L ))
▫ Compute a new r from R and store it in a memory slot
ri , j  L  Ri , j 1  k  j 1 ri ,k mod p
j  L 1
ci, j  di , j  ri, j mod p
ri,j
ri,j+1
ri,j+L-2
ri,j+L-1
ri,j+1
ri,j+L-2
ri,j+L-1 ri,j+L
20
Supporting Automatic Billing
• ESP accesses the storage system
t1 t2 t3 t4 t5 t6 t7 t8 t9 t10
Area 1
H1 M1
c1,1 c1, 2 c1,3 c1, 4 c1,5 c1,6 c1,7 c1,8 c1,9 c1,10
• ESP queries Mi for L continuous time units t j , t j 1 ,...,t j  L1
• Mi returns Ri,j whereRi , j
 g (ki , h(t j || t j 1 || ...|| t j L1 ))
• ESP computes the power consumption
(ci , j  ci , j 1...  ci , j  L 1 )  Ri , j mod p
 (di , j  di , j 1...  di , j  L 1 ) mod p
• ESP can query aL continuous time units for any integer a>0
21
Privacy Requirement
• We consider honest-but-curious ESP
• ESP cannot get individual meter readings of a household
• We prove that
ESP cannot distinguish two sets of meter readings which
have the same sum
• The proof relies on pseudorandom number generator g
22
Supporting Load Monitoring
• LMC accesses the storage system
• W is the current time window containing L time units
• LMC queries meters in an area for data in time unit tj in W
A meter cannot directly return the random number r
23
Supporting Load Monitoring
• A meter returns [random number + noise]
▫ Normal distribution N (0,  2 )
▫ Select a random noise ni , j according to N (0,  2 )
▫ Read the random number from the FIFO memory slot
▫ Compute
~
ri , j  (r i , j ni , j 
 p ) mod p
random number + noise
Prevent overflowing
• LMC computes [meter reading – noise]
▫ ~
di , j  (ci , j ~
r i , j mod p)  p )
 
 ( d i , j n i , j 
 di , j ni , j
 p mod p)   p 
24
Correctness & Privacy
~
• LMC gets an approximate sum S of m meter readings
▫ Real sum S  i d i , j  mdˆ Average of meter reading per time unit
▫ Define error ratio
~
 | S  S | / S
~
S
N (0, m 2 )
▫  S  i ni , j
Tradeoff : correctness and privacy
▫ By Chebyshev inequality
2
~
Pr[   ]  Pr[|S  S | S ]  1 

mdˆ 2 2
• LMC gets only an approximate value
A smaller 
a better approximate
~
1
1
Pr[ d i , j  d i , j ]  Pr[ ni , j  0]  
2 4 2
25
Performance Analysis
• |p|=64, a time unit is 5 min
Computation can be
done in a time unit
• Commercial TPM chip
▫ 1024-bit RSA signature: 100ms
• Assumption
▫ 1024-bit random number generation:100ms
▫ 64-bit random number is about 7ms
▫ 64-bit modular addition: 7ms
26
Summary
• Design a smart metering system
▫ Using external storage service
▫ Supporting privacy preserving billing & load monitoring
▫ W/O a trusted third party and heavy crypto-operation
27
Future Work
•
•
•
•
Consider integrity of meter readings
Evaluate performance by prototype systems
Eliminate interactions between meters & providers
Consider a bidirectional smart meter model
28