Académique Documents
Professionnel Documents
Culture Documents
fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 1
AbstractThe recent proposed solutions for demand side energy management leverage the two-way communication infrastructure
provided by modern smart-meters and sharing the usage information with the other users. In this paper, we first highlight the privacy
and security issues involved in the distributed demand management protocols. We propose a novel protocol to share required
information among users providing privacy, confidentiality, and integrity. We also propose a new clustering-based, distributed
multi-party computation (MPC) protocol. Through simulation experiments we demonstrate the efficiency of our proposed solution. The
existing solutions typically usually thwart selfish and malicious behavior of consumers by deploying billing mechanisms based on total
consumption during a few time slots. However, the billing is typically based on the total usage in each time slot in smart grids. In the
second part of this paper, we formally prove that under the per-slot based charging policy, users have incentive to deviate from the
proposed protocols. We also propose a protocol to identify untruthful users in these networks. Finally, considering a repeated
interaction among honest and dishonest users, we derive the conditions under which the smart grid can enforce cooperation among
users and prevents dishonest declaration of consumption.
Index TermsSmart Grid, Energy Consumption Schedule, Security and Privacy, Game Theory.
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 2
is different from the actual optimal result. In this case, 2 S YSTEM M ODEL
the participating users after optimization may not get the The main objective of this work is to formulate a secure and
expected benefit; rather, they can end up paying much more private mechanism for distributed protocols, in which the
than the regular price. participating users need to share their private information to
Moreover, some participating users may lie (i.e., defect) execute the protocols, while the integrity of the information
about their energy consumption behaviors. Though such is vulnerable to internal and external adversaries. To achieve
defection will not give the global optimal benefit, one might this objective, in this work we consider the energy con-
be motivated to defect if he can get better payoff than being sumption scheduling model, in which users participate in
truthful. In terms of complexity, the algorithm is not time- a distributed protocol to optimize the energy usage cost. We
efficient, as the algorithm requires a user to communicate believe that our proposed solution can easily be deployed
all other users repeatedly until the global optimization is within other distributed scheduling protocols in smart grids,
reached. Therefore, with the number of users, the time where the scheduler needs the cooperation of smart meters.
required for the convergence increases rapidly. In this paper,
we propose some novel mechanisms for the distributed
2.1 Energy Consumption Model
customer-side demand management in order to thwart se-
curity and privacy attacks by malicious outsiders or insiders In our model, the energy source provides the energy to the
in smart grids. We propose a mechanism for optimizing users by power lines. Each user is equipped with a smart
energy cost that meets the security challenges and performs meter. The smart meters are connected through the power
efficiently that is developed on top of the typical energy line or Wi-Fi communication media, which forms a Local
consumption scheduling model. Our contributions in this Area Network (LAN). The energy provider is connected to
paper are fivefold1 : this LAN through the Wide Area Network (WAN). Each
smart meter has an energy consumption scheduling (ECS) unit,
First, we propose an efficient secure multi-party com-
which is capable of doing some arithmetic computation or
puting (MPC) solution to preserve the privacy and
processing.
security of the usage schedules. We have adopted the
The electricity cost function is defined as Ch (Lh ), where
energy consumption scheduling model and manage-
Lh is the hourly consumption of electricity and Ch (.) re-
ment protocol proposed in [9] as a use case.
turns the cost of consumed electricity at time h H. H
Second, we enhance the efficiency of the distributed
denotes the set of the time slots in a day. The cost per unit
demand management protocol by clustering the par-
of electricity usage can be different at different times, which
ticipants and executing the optimization protocol
depends on the total electrical usage of all the users. The
over the clusters.
cost equation is a strictly increasing function as follows:
Third, we demonstrate a scenario wherein a partici-
pating user can benefit by telling lies about its usage, Ch (b) < Ch (c), b < c
if the price of electricity is computed based on con-
The power generation cost is often represented using
sumers usage in each slot (we call it per-slot billing
convex functions [17]. In the case of thermal power gen-
mechanism in this paper). We also formally prove
erators, a quadratic cost function is considered. In order
the incentive to deviate in such a scenario. Then we
to reflect the generation cost accurately while charging the
discuss assumptions for which there is no incentive
customers for their energy usage, the cost function is often
for defecting. We also devise a truthful verifier-based
considered as strictly convex [9], [18], [19]. Such functions
solution in order to ensure the truthfulness of the
indirectly motivate the customers to use electricity during
participating users, where the verifier could be one
off-peak hours. The convex function is represented as fol-
of the users.
lows:
Fourth, considering repeated interactions among
users, we derive the conditions under which we Ch (b + (1 )c) < Ch (b) + (1 )Ch (c),
can enforce cooperation among users and prevents b < c, and (0, 1)
dishonest declaration of consumption by a simple tit-
The set of users are denoted as N. The number of
for-tat mechanism.
Finally, we evaluate the scalability and efficiency of users is denoted by N (i.e., N = |N|). The vector ux =
u1x , u2x , ..., u24
x denotes the usage vector for a user x N
our solution by executing simulation experiments.
in 24 hours (i.e., H = {1, 2, ..., 24}), where uhx denotes
The rest of this paper is organized as follows. We briefly the hourly consumption of x at the time h. Hence, the
discuss the demand management problem and its formal- summation of the usage vectors of all the users is denoted
ization in Section 2. We present our proposed solution for as follows:
privacy and secrecy in Section 3. In Section 4, we present an "
X X X
#
1 2 24 1 2 24
incentive design to make scheduling protocol robust again
u = u , u , ..., u = ux , ux , ..., ux
selfish behaviors. We present the simulation experiments xN xN xN
and evaluation results in Section 5. In the following section, The summation is also a vector, which is named as the
we discuss some points regarding our proposed solution. summation P usage vector. The total cost of all the users is
We briefly present related work in Section 7 and conclude defined as hH Ch (uh ), where the uh is the hourly usage
the paper in Section 8. of all users at time h H .
1. An early versiion of this work has been presented in IEEE TRUST- For each user x N, we define the set of household
COM 2012 [16], including the first and second contributions. appliances as Ax . Each appliance a Ax has an individual
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 3
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 4
Fig. 1. The MPC technique for summing the usage vectors of the participating nodes that includes authentication and confidentiality security
measures also.
Algorithm 1 Executed by each node x N. the actual data, and thus the optimal value will be incorrect.
repeat As a result, the nodes will not benefit from participating in
if a random time instance to compute optimization the optimizing process. This encryption is known as signing
then the message.
Execute Secure MPC to get the summation Sx of all In the case of second encryption, if the message is
the users usage vectors. not encrypted by the receiving nodes public key, anyone
Solve local optimization Equation (1) of ux . can eavesdrop on the message breaking the confidentiality.
end if Though the message content (i.e., the summation usage
until There is no significant update in ux for a number of vector and the participating nodes) does not allow an attack
last consecutive rounds. on the protocol, the MPC initiating node x0 can eavesdrop
on the messages and decrypt them to find the usage vectors
of the other nodes. In Fig. 1, x0 eavesdrops on the message
node (i.e., x0) along with the list of participating nodes sent by x1 to x2 and decrypts the message using the public
applying the same encryption steps onto the message. Note key of x1 (as it is not encrypted using the x2s public key).
that at least three nodes are required to participate in the Hence, the node can easily figure out the usage vector of x1.
MPC technique. In the case of two nodes, the MPC initiating Similarly, from the message sent by x2 to x0, the node gets
node can easily figure out the other nodes usage vector. The the usage vector of x2 by subtracting the usage vector of
distributed algorithm for local optimization of the usage x1. If there are more nodes, it can get the usage vectors
vector executed by each node is shown in Algorithm 1. of all the participating nodes in MPC by eavesdropping
Each node continuously executes the local optimization at on all messages between nodes. The communication is also
random time intervals. At each run, the MPC algorithm is susceptible to replay attacks. The random usage vector (R)
executed to get the summation of the usage vectors of all also helps to get rid of such attacks.
users. A node stops executing any further round of the local
optimization process when there is no significant update in
3.1.2 Protection against Sandwich Attack
ux for a number of consecutive rounds.
One node randomly selects the next node in the logical
sequence at each MPC execution; in the case of a particular
3.1 Properties of the Proposed MPC Algorithm
node, the node sequence in the ring is usually different
In the following subsections, we briefly review the main than that of a different MPC execution. Even the ring is not
features of the proposed secure and private MPC algorithm known when the execution runs. This random selection is
for energy consumption in smart grids. done because, otherwise, a node can easily be sandwiched
by the preceding node and by the subsequent node in the
3.1.1 Importance of Applying Both Encryptions sequence in order to learn its usage vector.
In our proposed MPC process, each node (e.g., x0) at first The sandwich attack cannot be fully avoided by apply-
encrypts the message using its private key (e.g., pr-x0) and ing randomness; rather this randomness only makes the
then encrypts the same using the public key of the receiving collusive attack less potential. In fact, the probability of
node (e.g., pb-x1). These two encryptions are not required for successful sandwich attack would be 1/N (N is the number
secure MPC execution, i.e., privacy preservation. If the first of participating users), when one of the colluding nodes
encryption is not performed, any malicious person can inject always choosing the victim node as its next node. However,
false data. If false data is injected, the summation will not be the victim node can easily detect this malicious behavior.
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 5
MPC
3.1.3 MPC Executing at Each Local Optimization a1
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 6
User B (Cheater) 2 4 12 3 3 12 -- --
4.1 Benefit by Deviating from the Protocol
User C 5 5 5 6 7 2 456 437.14
As we have already mentioned, we assume a semi-honest
user model [20], i.e., a node may cheat passively (tell a lie User B 3 3 6 Per Slot Bill= 312 Total Bill: 349.71
(Actual Usage)
about its information), but it always follows the protocol
(i.e., the MPC and optimization procedure). Fig. 3 and 4
show an example of how a participating node can get benefit Fig. 4. Node B lies about its consumption during the advertisement at
from lying. We consider three nodes (A, B , and C ), along the third slot and declares 12 instead of 6. In the per-slot based billing
with their arbitrary usage vectors (three time slots in each mechanism, this cheating gives benefits (312) to the node with respect
vector) in the example. In Fig. 3, we show the expected to the honest case (336).
scenario, where each participating node is truthful about
its usage. In this case, we see that B pays $336 for its Proof. In this proof we assume that none of the nodes has
electricity usage whether we apply the per-slot or the total- restriction on the usage time slots of their appliances. That
consumption based charging method. We follow a simple is, a node has freedom to use its appliance at different
convex price function, C(L) = 2L2 for each time slot, time slots. Therefore, if the total usage of all nodes can be
where L is the total consumption at a given time slot. In distributed evenly over the time slots, each nodes payoff
Fig. 4, we show the case when node B lies about its usage will be maximized. Hence, we assume that the total usage is
and pretends it would use 12kWh in the third time slot, evenly distributed over the time slots after the optimization.
though its actual intention is different (i.e., 6kWh). After Let LT be the total load throughout all of the time slots and
the optimization, B is supposed to use 12kWh in the third LA be the load at each time slot:
slot. However, in practice, B uses 6kWh. As a result, when
the smart grid charges with per-slot basis, the price at that h
P P
LT hH x0 N ux0
slot reduces and B pays $312 for its usage. Hence, B gets LA = =
|H| |H|
benefit from cheating. Note that the other nodes (i.e., A and
C ) will need to pay more than that in the case of the truthful In the per-slot based billing mechanism, payoff is com-
scenario, whether they are charged based on per-slot (i.e., puted using Equation (2), where Ch (.) is a strictly increas-
$456) or total-consumption (i.e., $437.14). ing convex function. The total cost at each time slot is
However, if the smart grid employs the total- Ch (LA ). Therefore, ch , the cost of each unit of usage, is
consumption based billing mechanism (as it is shown in [9]), ch = Ch (LA )/LA . Let us rewrite the payoff, given the
there would be no motivation for node B to deviate from the definition of ch :
protocol as it should pay more (i.e., $349.71) comparing to X
the case where the node declares the true value (i.e., $336). Px = uhx ch
Moreover, this false declaration causes a significant increase hH
in the honest nodes bills. We now formally prove that a Now we assume that node x is a dishonest node and it
malicious insider node can increase its payoff by lying about pretends to use Uxh more (i.e., its total usage is Uxh + Uxh )
its consumption. Note that similar examples can be shown
during time slot h (h H), though its actual usage is still
by other convex functions. We consider a simple convex Uxh . Hence, after the optimization process, the usage at each
function in order to avoid complex computations, so that slot would be changed to L A:
it can be easy to grasp the presented example.
h h
Theorem 1. In an energy consumption scheduling algorithm A = LT + Ux = LA + Ux
L
|H| |H|
for smart grid with per-slot based billing mechanism, a node can
increase its benefit (get electricity with lower price) by declaring A > LA and Ch (.) is a strictly increasing function
Since L
false information about its consumption while others payoff will for each h H, then we conclude that Ch (LA ) < Ch (L A ). If
be decreased. ch is the per unit usage cost in this dishonest scenario, then
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 7
Fig. 5. The verification protocol to detect any deviation from the protocol, i.e., whether some node is lying during the execution of the optimal energy
consumption protocol.
ch > ch for all h H. Similarly, we can calculate the cost In the following, we provide a solution to the above
, considering the actual usage of dishonest
during the slot h problem. The next theorem shows that if a node z cannot
node. Let us designate this by ch : lie about its total usage, it cannot benefit from lying about
its usage vector (i.e., the potential usage distribution in
A U h )
Ch (L different time slots).
x
ch =
A Uxh
L
Theorem 2. If the declared total usage at the time of participation
Given the properties of the cost function Ch (.), we can in the optimization process is equal to the actual usage, there is no
conclude that ch < ch . Moreover, we know that L A U h < incentive for lying about the usage vector.
x
LA (easily derivable from the equation of L A ). Hence we
conclude that ch < ch . Now we calculate the new payoff of Proof. Let us assume that node x has lied about its usage
node x who has lied in declaring its consumption (i.e., Px ): vector (usage distribution only) at the time of optimization
process. After completing the optimization process, x is
X
Px = (uhx ch + uhx ch ) using a different slot s for the load l, other than the slot
hH,h6=h s that it advertised (and used) at the time of optimization
process. Based on the current optimal usage vectors, Let the
The dishonest node x is benefited from the lie, if Px > total load of the slot s be L. Hence, the current load L is
Px . It is true, when the ratio of the usage at h and the usage
L + l, which eventually increases the electricity price rate of
at the rest of the slots is greater than the ratio of the increase that slot from P to P . If it would use the slot s for the load
of the cost at the slots other than h (i.e., ch ch ) and the
l at the time of optimization, the total load of the slot s, L
decrease of the cost at slot h (i.e., ch ), with respect to the
would not be more than L + l. Therefore, L L + l. The
honest scenario. That is: < L+l is that, at that time
reason behind the possibility of L
uhx ch ch of optimization, other competing nodes might move from s
h
> to a different slot, since they would find one more candidate
ch ch
P
ux
hH,h6=h x with load l for this slot. They might move to s as x would
not be a candidate of load l for this slot. Therefore, there is
no way for x to receive better payoff (i.e., less cost) by lying
In Theorem 1, we consider the assumption of having no
about its usage distribution only.
restriction on the usage time slots for an appliance. This
assumption helps us understand the idea of distributing the Considering the results of Theorem 2, we design the fol-
energy usage within the (permitted) time slots for optimiz- lowing secure protocol to ensure whether any participating
ing the energy cost. node has lied about its total usage. Fig. 5 and Fig. 6 illustrate
how the protocol works.
4.2 Protocol to Detect Dishonest Node Note that in this protocol, each participating node knows
Theorem 1 shows that a malicious node can increase its the summation of the usage vectors of all the participating
payoff by declaring false information about its consumption nodes from the beginning to the end of the optimization
in per-slot based charging mechanism. process (when the process converges).
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 8
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 9
TABLE 1 the fact that a node may have the temptation to lie only if
Normal form of the game between Cooperative and Defective users. 2 > 2 .
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 10
The Initial (total) Energy Usage per Time Slot The Optimal (total) Energy Usage per Time Slot
100 100
80 80
Energy Usage (in kWh)
40 40
20 20
0 0
0 5 10 15 20 25 0 5 10 15 20 25
Time of the Day (in 24 Time Slots) Time of the Day (in 24 Time Slots)
(a) (b)
Fig. 7. (a) The initial total usage vector in different time slots (15 users), and (b) the corresponding optimal total usage vector (after executing
optimization process).
The Time of Convergence towards the Optimal Usage Number of Iterations w.r.t. Numbers of Users
60400 6000
60300 5000
Number of Iterations
Energy Cost (in Dollar)
60200 4000
60100 3000
60000 2000
59900 1000
59800 0
0 10 20 30 40 50 60 70 80 5 10 15 20 25 30 35 40
Number of Iterations Number of Users
(a) (b)
Fig. 8. (a) The energy cost (reduction) trend towards the optimal value with the number of iterations of the optimization algorithm, and (b)the number
of iterations that our proposed solution takes for convergence value.
5.1.1 Convergence to Optimal Results shows the number of iterations that our solution takes to
The summation of the usage vectors of all users prior to the converge in case of different numbers of users.
optimal demand scheduling process is shown in Fig. 7(a).
After the convergence, the summation of the optimal usage 5.1.2 Comparison with the Existing Solution
vectors of all users is shown in Fig. 7(b). We can see that the
loads during different time slots in the case of the second In order to compare our proposed algorithm with the ex-
figure are more balanced than those slots in the former isting algorithm [9], we perform a number of experiments
figure. The peak hourly usage value is reduced from 84 (as by simulating 10, 15, 20, and 25 users. In the case of our
in Fig. 7(a)) to 75 (as in Fig. 7(b)). Since the total load of slot method, the experiments are done taking 2, 3, 4, and 5
increases the electricity price following a convex function, clusters, where each cluster has 5 users. The running time
the users try to shift from the peak slots to the off-peak of the simulation program is measured by the built-in timer
slots. of Netbeans, which gives the running time in seconds. The
The cost reduction pattern with the execution of the average running time of our method and that of the existing
algorithm (in case of 5 users) is shown in Fig. 8(a). This method [9] are shown in Table 2. From the table we can
pattern shows that at the very beginning of the iterations the clearly observe that the running time of the existing method
cost reduces very quickly. After the few initial iterations the increases significantly with the number of users. We observe
algorithm starts converging slowly. We see from the figure that if the number of users is equal or larger than 30, this
that the overall energy cost is reduced from $6.04 104 algorithm takes a significantly high running time. This is
to about $5.99 104 . As we discussed before, due to the why we do not run the simulation for 30 or more users
reduction of the usage in peak-hours, not only will the users for the existing method. The optimal result produced by
save money, but so too will the power company by reducing our method is very close to that produced by the existing
the investment in the capacity of their power plants. Fig. 8(b) method, but according to the computational complexity, our
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 11
w.r.t. the Ratio of and Minimum Number of Game Repetitions for Grim Strategy
1 200
= 1.5 x = 1.5 x
150
0.8
0.7
100
0.6
0.5
50
0.4
0.3 0
0 20 40 60 80 100 70 75 80 85 90 95 100
(in Percentage w.r.t. ) (in Percentage w.r.t. )
(a) (b)
Fig. 9. (a) The value of (i.e., the probability of playing the next game) with respect to the values of and , and (b) the minimum number of times
(i.e., days) the game needs to be repeated after the deviation (in the case of grim strategy), so that the grim strategy works correctly.
TABLE 2 TABLE 3
Comparison between proposed and existing methods (cost in dollars Execution time in relaxed convergence condition
and time in seconds)
Users Iterations Time (Seconds)
Existing Method Proposed Method 25 1713 0.21
Users Initial Time Cost Time Cost 50 5207 0.56
Cost 100 20831 2.02
10 281541.3 0.099 276733.4 0.240 276730.3 500 471476 21.87
20 1094853.1 0.655 1074111.0 0.420 1074105.1 1000 2122834 102.56
25 1456517.5 27.038 1440312.5 0.526 1440307.2
30 2087363.4 - - 0.698 2053263.8
40 3772814.5 - - 2.753 3615380.5
50 6999563.1 - - 10.044 6785863.3 group lies and while the honest group continues to coop-
100 16538176.50 - - 46.68 15868284.50 erate cooperates, respectively. We take as a ratio with
respect to . In one scenario, is 1.5, while in the second
scenario is 2. We also consider as a percentage of
method performs exceptionally well. In the case of 25 users, . We vary from 0% of to 100% of . In Fig. 9(a),
our solution is around 50 times faster than that of [9]. we see that increases exponentially with the decrease of
the difference between and (i.e., increase of the ratio
5.1.3 Relaxed Convergence Condition and Execution Time between them). When there is no difference, i.e., is equal to
We have defined convergence in Algorithm 1 as the con- , the game must be (i.e., is 1) played infinitely. Remember
dition when there is no significant update, let , in the that Theorem 3 shows that if 1, i.e., , the
consumption schedule for a good number (e.g., equal to grim strategy is not required and deviation will always be
the number of users) of last consecutive rounds. We have preferred to cooperate.
used = 0, i.e., no update in the consumption schedule, in We also calculate the minimum number of times or
our experiments. However, we have already seen in Fig. 8(a) repetitions, n that the game needs to be played to neu-
that the algorithm converges fast in the beginning, while the tralize the benefit of dishonesty by applying the grim or
change becomes insignificant after some iterations (e.g., 30 punishment strategy. We calculate n by solving the equation
iterations for 5 users). Let us relax the convergence condition = n ( ). Here, is the benefit of deviating,
by taking as 0.001% of the initial energy cost, i.e., the while is the loss due to the punishment strategy.
algorithm is assumed to reach the convergence when there Fig. 9(b) shows the value of n in different cases by varying
is no change larger than 0.001% of the initial energy cost for . It shows that the closer is to , the higher is n. This
many consecutive rounds. Table 3 shows convergence times behavior states that the participation of a player should be
by varying the number of users. We see that the execution ensured to be sufficiently long participation, so that after
time is reduced a lot comparing to the case when = 0 (as any deviation a node has to play for a number of times until
seen in Table 2). Our algorithm takes around 100 seconds the extra benefit received from deviation become zero due
for 1000 users. to the punishment strategy.
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 12
6.1 A utility collector based energy consumption only 5 to 10 iterations for 5 users), and further convergence
scheduling becomes negligible after some iterations. Thus, the partici-
Smart meters often forms a mesh network and they are pating nodes can relax the convergence condition to stop the
connected to a data collector through this mesh network. optimal scheduling process early within an acceptable time
A common framework for the communications often in- frame (as shown in Table 3). In addition, our cluster based
cludes home area networks, building area networks, and solution keeps the size of the participating nodes in the
neighborhood area networks, where we need many different MPC process small. Thus, the application of MPC has less
communications between meters before sending data to the impact on the protocol convergence time with the increase
grid [23]. If we consider the usage data aggregation only, a of the number of users. Moreover, parallel executions are
smart meter needs to send its data to the collector through also possible in such a cluster based design, which can
other meters, which does not preserve the privacy. There- significantly reduce the convergence time.
fore, an aggregation scheme taking the help of a collector
still needs to apply some privacy-preserving protocols. In
7 R ELATED W ORK
addition, it is good to have privacy as well as resiliency In this section, first we briefly discuss the research done so
against single node failure. Therefore, we choose distributed far for optimizing the energy usage cost. Then, we present
algorithm for optimal scheduling of energy consumptions. a brief discussion on the research work that address the
The similar motivation has been presented in previous security and privacy problems related to this area.
works, such as [9]. Moreover, the collector is responsible M. Fahrioglu et al. proposed a game [3] that models
for sending individual billing data and command controls the interaction between a utility and its customers to let
to and from the meters and utility or control center. Thus, it the customers help a utility solve a variety of problems. K.
will be overwhelming for a collector to process the optimal Herter in [4] proposed a mechanism to minimize the gener-
scheduling of energy usage. In our proposed mechanism, ation cost with the indirect interaction between the energy
we employ a trusted third party only when there is a users and the energy provider by providing incentive for
suspicion of cheating. using energy at off-peak hours with the help of time-varying
energy prices.
A. Gomes et al. discussed a load control strategy in [25].
6.2 The existing security in the smart metering commu- The paper implemented the elastic electrical price. The
nication authors pointed out that the complexity is increased by
A utility collector often sends collected usage data to the the diversity and volatility in power systems, because the
utility center by creating a secure channel with the utility individuals have different aim.
server. However, in practice such secure channel is yet to be N. Ruiz et al. in [7] introduced a direct load control
implemented in many places properly or fully, particularly algorithm based on linear programming to operate the
for the communication among smart meters and collectors. virtual power plant composed of a large number of users
For example, LonTalk is often used for communication with load reduction capabilities. The author in [26] made
among meters and collectors, which mainly ensures au- an investigation on relationship between the critical-peak
thentication of the two communicating parties [24]. After pricing and the households with different income and usage
all, the privacy is not considered as a concern in this com- in California State. This work justifies the need of a good
munication which is mainly taken place from a meter to a cost function which can affect the behavior of users and their
collector for reporting usage data to the utility center. On usage. However, the automation of the optimal demand side
the other hand, the optimal scheduling protocol is executed management solely by the interactions among the partici-
among nodes (smart meters), where each node needs to pating users (i.e., without an involvement of the utility) can
know and use the received data for the optimal scheduling offer an open, independent, and creative solution.
of energy consumptions. Therefore, the security, integrity, Mohsenian-Rad and Leon-Garcia proposed an optimal
and privacy issues are required to be addressed together and automatic residential energy consumption scheduling
and comprehensively taking the protocol execution into framework in [27] that minimizes the electricity payment
consideration. In our work, we identify the potential threats as well as the operational waiting time of each household
of eavesdropping and false data injection with respect to appliance under a real-time pricing model. The authors
the optimal energy usage scheduling protocol and thus addressed a similar problem in [28], [9] for autonomous
provide a defense mechanism by ensuring data privacy demand side management within a neighborhood. They
along with the data authentication and integrity. We also considered the deployment of energy consumption schedul-
provide security against semi-honest participating nodes, ing devices in smart meters, which can communicate with
especially when they provide false information about their each other. The game theory is applied to distributively
potential energy usage. find the optimal consumption scheduling for all the users.
There are also other autonomous demand side management
solutions presented by different researchers in [11], [12],
6.3 Scalability of the proposed energy consumption [13], [14], [15]. In this solutions, the overall energy produc-
scheduling algorithm tion or usage cost is minimized by controlling the energy
From our simulation results, we find that the number of consumption directly with optimal scheduling or indirectly
iterations to reach the convergence point grows rapidly in with suitably chosen energy prices. Another demand re-
the number of users. However, we also find that the opti- sponse system is designed in [29] by minimizing the peak-
mization process starts to converge after few iterations (e.g., to-average ratio of the aggregate load demand.
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 13
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TDSC.2015.2446492, IEEE Transactions on Dependable and Secure Computing
SECURE AND PRIVATE DATA AGGREGATION FOR ENERGY CONSUMPTION SCHEDULING IN SMART GRIDS 14
[22] A. C. Yao. Protocols for secure computations. In 23rd Annual Mohammad Hossein Manshaei received the
Symposium on Foundations of Computer Science, pages 160164, BSc degree in Electrical Engineering and the
November 1982. MSc degree in Communication Engineering from
[23] M. M. Fouda, Z. M. Fadlullah, N. Kato, R. Lu, and X. Shen. the Isfahan University of Technology in 1997
A lightweight message authentication scheme for smart grid and 2000. He earned another MSc degree in
communications. IEEE Transactions on Smart Grid, 2(4):675685, Computer Science and his Ph.D. in Computer
December 2011. Science and Distributed Systems from the Uni-
[24] Lontalk protocol specification. http://www.enerlon.com/ versity of Nice Sophia-Antipolis, France, in 2002
JobAids/Lontalk%20Protocol%20Spec.pdf. and 2005. He did his thesis work at INRIA,
[25] A. Gomes, C.H. Antunes, and A.G. Martins. A multiple objective Sophia Antipolis, France. He is an Assistant Pro-
evolutionary approach for the design and selection of load control fessor at the Isfahan University of Technology,
strategies. IEEE Transactions on Power Systems, 19(2):11731180, Iran. From 2006 to 2011, he was a senior researcher and lecturer at
May 2004. EPFL, Switzerland. He was a visiting researcher at the UNCC, during
[26] P. Centolella. The integration of price responsive demand into re- summer 2013. His research interests include wireless networking, wire-
gional transmission organization (RTO) wholesale power markets less security and privacy, social networks, cognitive radios, and game
and system operations. Energy, 35(4):1568 1574, April 2010. theory.
[27] A.-H. Mohsenian-Rad and A. Leon-Garcia. Optimal residential
load control with price prediction in real-time electricity pricing
environments. IEEE Transactions on Smart Grid, 1(2):120133,
September 2010.
[28] A.-H. Mohsenian-Rad, V. W. S. Wong, J. Jatskevich, and R. Schober. Ehab Al-Shaer is a Professor and the Director
Optimal and autonomous incentive-based energy consumption of the Cyber Defense and Network Assurability
scheduling algorithm for smart grid. In Innovative Smart Grid (CyberDNA) Center in the College of Computing
Technologies (ISGT), pages 16, January 2010. and Informatics at University of North Carolina
[29] H. K. Nguyen, J.B. Song, and Z. Han. Demand side management Charlotte. He received his MSc and Ph.D. in
to reduce peak-to-average ratio using game theory in smart grid. Computer Science from the Northeastern Uni-
In IEEE Conference on Computer Communications (INFOCOM) Work- versity (Boston, MA) and Old Dominion Univer-
shops, pages 9196, March 2012. sity (Norfolk, VA) in 1998 and 1994 respectively.
[30] F. Li, B. Luo, and P. Liu. Secure information aggregation for smart His primary research areas are network security,
grids using homomorphic encryption. In First IEEE International security management, fault diagnosis, and net-
Conference on Smart Grid Communications (SmartGridComm), pages work assurability. Prof. Al-Shaer edited/co-edited
327332, October 2010. more than 10 books and book chapters, and published about 150
[31] A. Molina-Markham, P. Shenoy, K. Fu, E. Cecchet, and D. Irwin. refereed journals and conferences papers in his area. Prof. Al-Shaer
Private memoirs of a smart meter. In 2nd ACM Workshop on is the General Chair of ACM CCS 2009-2010 and NSF Workshop in
Embedded Sensing Systems for Energy-Efficiency in Building, pages Assurable and Usable Security Configuration, August 2008. Prof. Al-
61 66, 2010. Shaer also served as a Workshop Chair and Program Co-chair for a
[32] S. R. Rajagopalan, L. Sankar, S. Mohajer, and H. V. Poor. Smart number of well-established conferences/workshops in his area including
meter privacy: A utility-privacy framework. In 2nd Annual IEEE IM 2007, POLICY 2008, ANM-INFOCOM 2008, ACM CCS 2010. He
Conference on Smart Grid Communications (SmartGridComm), pages also served as a member in the technical programs and organization
1720, October 2011. committees for many IEEE and ACM conferences.
[33] L. Sankar, S. Kar, R. Tandon, and H. V. Poor. Competitive privacy:
An information-theoretic approach. In IEEE Conference on Smart
Grid Communications (SmartGridComm), pages 1720, October 2011.
1545-5971 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.