Abstract
Recently, several privacy-enhancing technologies for smart grids have been proposed. However, most of these solutions presume the cooperation of all smart grid participants. Hence, the privacy protection of consumers depends on the willingness of the suppliers to deploy privacy-enhancing technologies. Since electrical energy is essential for our modern life, it is impossible for consumers to opt out. We propose a novel consumer-only (do-it-yourself) privacy-enhancing approach under the assumption that users can obtain their energy from multiple suppliers on a distributed market. By splitting the demand over multiple suppliers, the information each of them can collect about a single consumer is reduced. In this context, we suggest two different buying strategies: a time and a sample diversification strategy. To measure their provided level of privacy protection, we introduce a new indistinguishability metric \(\lambda \)-Indistinguishability (\(\lambda \text {-IND}\)) that measures how relative consumption changes can be hidden in the total consumption. We evaluate the presented strategies with \(\lambda \text {-IND}\) and derive first privacy boundaries. The evaluation of our buying strategies on real-world energy data sets indicates their ability to hide load profiles of privacy sensitive appliances at low communication and computational overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For simplification purposes, in this work we make use of discrete instead of continuous probability distributions. This is reasonable when considering a finite metering resolution (e.g., \(10^{(-7)}\) kWh).
References
Ács, G., Castelluccia, C.: I have a DREAM! (DiffeRentially privatE smArt Metering). In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 118–132. Springer, Heidelberg (2011)
Backes, M., Meiser, S.: Differentially private smart metering with battery recharging. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM 2013 and SETOP 2013. LNCS, vol. 8247, pp. 194–212. Springer, Heidelberg (2014)
Baignères, T., Sepehrdad, P., Vaudenay, S.: Distinguishing distributions using chernoff information. In: Heng, S.-H., Kurosawa, K. (eds.) ProvSec 2010. LNCS, vol. 6402, pp. 144–165. Springer, Heidelberg (2010)
Bohli, J.-M., Sorge, C., Ugus, O.: A privacy model for smart metering. In: 2010 IEEE International Conference on Communications Workshops, pp. 1–5. IEEE, May 2010
Clark, S.S., Mustafa, H., Ransford, B., Sorber, J., Fu, K., Xu, W.: Current events: identifying webpages by tapping the electrical outlet. In: Jajodia, S., Mayes, K., Crampton, J. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 700–717. Springer, Heidelberg (2013)
Csisz, I., et al.: Information-type measures of difference of probability distributions and indirect observations. Studia Sci. Math. Hungar. 2, 299–318 (1967)
Danezis, G., Kohlweiss, M., Rial, A.: Differentially private billing with rebates. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 148–162. Springer, Heidelberg (2011)
Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)
Dwork, C., Naor, M., Pitassi, T., Rothblum, G.N.: Differential privacy under continual observation. In: Proceedings of the 42nd ACM Symposium on Theory of Computing (STOC), pp. 715–724 (2010)
Efthymiou, C., Kalogridis, G.: Smart grid privacy via anonymization of smart metering data. In: International Conference on Smart Grid Communications (SmartGridComm), pp. 238–243. IEEE (2010)
Garcia, F.D., Jacobs, B.: Privacy-friendly energy-metering via homomorphic encryption. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 226–238. Springer, Heidelberg (2011)
Greveler, U., Justus, B., Loehr, D.: Multimedia content identification through smart meter power usage profiles. Computers, Privacy and Data Protection CPDP, Brussels, Belgium (2012)
Hart, G.W.: Residential energy monitoring and computerized surveillance via utility power flows. IEEE Technol. Soc. Mag. 8(2), 12–16 (1989)
Jawurek, M., Kerschbaum, F., Danezis, G.: Privacy technologies for smart grids - a survey of options. Technical report, Microsoft Research - Tech Report - 2012 - 119 (2012)
Kalogridis, G., Efthymiou, C., Denic, S.Z., Lewis, T.A., Cepeda, R.: Privacy for smart meters: towards undetectable appliance load signatures. In: IEEE International Conference on Smart Grid Communications (SmartGridComm), pp. 232–237 (2010)
Kolter, J.Z., Johnson, M.J.: REDD: a public data set for energy disaggregation research. In: SustKDD Workshop on Data Mining Applications in Sustainability, San Diego, CA, pp. 1–6 (2011)
Kursawe, K., Danezis, G., Kohlweiss, M.: Privacy-friendly aggregation for the smart-grid. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 175–191. Springer, Heidelberg (2011)
Lin, H.-Y., Tzeng, W.-G., Shen, S.-T., Lin, B.-S.P.: A practical smart metering system supporting privacy preserving billing and load monitoring. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 544–560. Springer, Heidelberg (2012)
Makonin, S., Popowich, F., Bartram, L., Gill, B., Bajic, I.V.: AMPds: a public dataset for load disaggregation and eco-feedback research. In: IEEE Electrical Power and Energy Conference, pp. 1–6 (2013)
Molina-Markham, A., Shenoy, P., Fu, K., Cecchet, E., Irwin, D.: Private memoirs of a smart meter. In: Proceedings of the 2nd ACM Workshop on Embedded Sensing Systems for Energy-Efficiency in Building, pp. 61–66. ACM (2010)
Neyman, J., Pearson, E.S.: On the problem of the most efficient tests of statistical hypotheses. In: Kotz, S., Johnson, N. (eds.) Breakthroughs in Statistics. Springer Series in Statistics, pp. 73–108 (1992)
Pinsker, M.S.: Information and information stability of random variables and processes (1960)
Rial, A., Danezis, G.: Privacy-preserving smart metering. In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society, pp. 49–60. ACM (2011)
Varodayan, D., Khisti, A.: Smart meter privacy using a rechargeable battery: minimizing the rate of information leakage. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1932–1935 (2011)
Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Wang, S., Cui, L., Que, J., Choi, D.-H., Jiang, X., Cheng, S., Xie, L.: A randomized response model for privacy preserving smart metering. IEEE Trans. Smart Grid 3(3), 1317–1324 (2012)
Acknowledgments
This work has been co-funded by the German Federal Ministry of Education and Research (BMBF) within CRISP, by the DFG as part of project A.1 within the RTG 2050 “Privacy and Trust for Mobile Users” and by the Hessian LOEWE excellence initiative within CASED. At the time this research was conducted, Stefan Schiffner and Mathias Fischer were part of CASED at TU Darmstadt. Stefan Schiffner is currently employed at the European Union Agency for Network and Information Security (ENISA). The content of this article does not reflect the official opinion of ENISA. Responsibility for the information and views expressed in therein lies entirely with the authors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Constructing Minimal Distinguishable Distributions
A Constructing Minimal Distinguishable Distributions
To derive an optimal distribution strategy under \(\lambda \text {-IND}\), multiple steps are necessary. First, we discuss the idea of probability transports. Then, given an input distribution and a new desired mean, we construct a new distribution with the specified mean, which has the least statistical distance to the input distribution. Finally, we compute the distinguishing advantage against this construction.
Probability Transport. A probability transport is the change of occurrence probabilities of two values in a (discrete) distribution. Transporting probability \(y>0\) from \(x_s\) to \(x_d\) implies that the likelihood to observe \(x_s\) decreases, while the likelihood to observe \(x_d\) increases by y. Given two distributions \(P_0\) and \(P_1\) that are separated by one transport, the change of mean \(\varDelta \mu = \mu ^1 - \mu ^0\) can be computed by \(\varDelta \mu = (x_d - x_s) \cdot y\), where y describes the transported probability, \(x_s\) the source, and \(x_d\) the destination value.
Optimal Construction. Given the definition of a transport and an input distribution \(P_0\) with mean \(\mu _0\), we show how to construct the least distinguishable distribution \(P_1\) that has a mean of \(\mu _1 = \lambda \cdot \mu _0\). The best construction of \(P_1\) is by transporting probability from the smallest possible \(x_s\), where \(P_0(x_s) > 0\) holds, to the largest possible \(x_d = d^1 = \lambda \cdot d^0 \). By this construction the mean increases with the least increase in the statistical distance, which only depends on the transported probability y. The accurate value y that is necessary for the transport to achieve a mean \(\mu ^1\) is
Note that multiple transports might be required if \(P_0(x_s)\) does not provide sufficient probability.
Distinguishing Advantage. Given this construction, we show how the first distribution \(P_0\) should be chosen, such that construction produces a pair of distributions that is the least distinguishable pair of distributions for the means \(\mu _0\) and \(\mu _1\). A transport from \(x_s = 0\) to \(x_d = d^1\) provides the best and thus least increase in the adversaries advantage while increasing the mean. Thus, we deduce that distribution \(P_0\) needs sufficient probabilities \(P_0(0) \ge y\) for a transport from 0. If this is the case then only one transport from 0 to \(d^1\) is necessary to construct \(P_1\) from \(P_0\). A transport from some \(x_s > 0\) implies that a larger amount has to be transported and therefore would result in a larger statistical distance.
Given two distributions constructed according the derived properties, we are able to link the advantage with the privacy parameter \(\lambda \) and the number of available suppliers \(|S|\). The latter determines the required mean, when assuming a fair distribution algorithm. With only one transport, we can deduce the following distinguishing advantage:
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Büscher, N., Schiffner, S., Fischer, M. (2016). Consumer Privacy on Distributed Energy Markets. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2016. Lecture Notes in Computer Science(), vol 9857. Springer, Cham. https://doi.org/10.1007/978-3-319-44760-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-44760-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44759-9
Online ISBN: 978-3-319-44760-5
eBook Packages: Computer ScienceComputer Science (R0)