Consumer Privacy on Distributed Energy Markets

Abstract

Recently, several privacy-enhancing technologies for smart grids have been proposed. However, most of these solutions presume the cooperation of all smart grid participants. Hence, the privacy protection of consumers depends on the willingness of the suppliers to deploy privacy-enhancing technologies. Since electrical energy is essential for our modern life, it is impossible for consumers to opt out. We propose a novel consumer-only (do-it-yourself) privacy-enhancing approach under the assumption that users can obtain their energy from multiple suppliers on a distributed market. By splitting the demand over multiple suppliers, the information each of them can collect about a single consumer is reduced. In this context, we suggest two different buying strategies: a time and a sample diversification strategy. To measure their provided level of privacy protection, we introduce a new indistinguishability metric \(\lambda \)-Indistinguishability (\(\lambda \text {-IND}\)) that measures how relative consumption changes can be hidden in the total consumption. We evaluate the presented strategies with \(\lambda \text {-IND}\) and derive first privacy boundaries. The evaluation of our buying strategies on real-world energy data sets indicates their ability to hide load profiles of privacy sensitive appliances at low communication and computational overhead.

A Constructing Minimal Distinguishable Distributions

To derive an optimal distribution strategy under \(\lambda \text {-IND}\), multiple steps are necessary. First, we discuss the idea of probability transports. Then, given an input distribution and a new desired mean, we construct a new distribution with the specified mean, which has the least statistical distance to the input distribution. Finally, we compute the distinguishing advantage against this construction.

Probability Transport. A probability transport is the change of occurrence probabilities of two values in a (discrete) distribution. Transporting probability \(y>0\) from \(x_s\) to \(x_d\) implies that the likelihood to observe \(x_s\) decreases, while the likelihood to observe \(x_d\) increases by y. Given two distributions \(P_0\) and \(P_1\) that are separated by one transport, the change of mean \(\varDelta \mu = \mu ^1 - \mu ^0\) can be computed by \(\varDelta \mu = (x_d - x_s) \cdot y\), where y describes the transported probability, \(x_s\) the source, and \(x_d\) the destination value.

Optimal Construction. Given the definition of a transport and an input distribution \(P_0\) with mean \(\mu _0\), we show how to construct the least distinguishable distribution \(P_1\) that has a mean of \(\mu _1 = \lambda \cdot \mu _0\). The best construction of \(P_1\) is by transporting probability from the smallest possible \(x_s\), where \(P_0(x_s) > 0\) holds, to the largest possible \(x_d = d^1 = \lambda \cdot d^0 \). By this construction the mean increases with the least increase in the statistical distance, which only depends on the transported probability y. The accurate value y that is necessary for the transport to achieve a mean \(\mu ^1\) is

$$\begin{aligned} y&= \frac{\varDelta \mu }{x_d - x_s} = \frac{\mu ^1 - \mu ^0}{d^1 - x_s}. \end{aligned}$$

Note that multiple transports might be required if \(P_0(x_s)\) does not provide sufficient probability.

Distinguishing Advantage. Given this construction, we show how the first distribution \(P_0\) should be chosen, such that construction produces a pair of distributions that is the least distinguishable pair of distributions for the means \(\mu _0\) and \(\mu _1\). A transport from \(x_s = 0\) to \(x_d = d^1\) provides the best and thus least increase in the adversaries advantage while increasing the mean. Thus, we deduce that distribution \(P_0\) needs sufficient probabilities \(P_0(0) \ge y\) for a transport from 0. If this is the case then only one transport from 0 to \(d^1\) is necessary to construct \(P_1\) from \(P_0\). A transport from some \(x_s > 0\) implies that a larger amount has to be transported and therefore would result in a larger statistical distance.

Given two distributions constructed according the derived properties, we are able to link the advantage with the privacy parameter \(\lambda \) and the number of available suppliers \(|S|\). The latter determines the required mean, when assuming a fair distribution algorithm. With only one transport, we can deduce the following distinguishing advantage:

$$\begin{aligned} \mathbf{Adv }^{\lambda \text {-IND}}_{SD,1}&= y = \frac{\varDelta \mu }{x_d - x_s} = \frac{\mu ^1 - \mu ^0}{d^1 - 0} = \frac{d^1/|S| - d^0/|S|}{d^1} \\&= \frac{\lambda \cdot d^0 - d^0}{|S| \cdot \lambda \cdot d^0} = \frac{(\lambda -1) \cdot d^0}{|S| \cdot \lambda \cdot d^0} \\&= \frac{\lambda -1}{|S| \cdot \lambda }. \end{aligned}$$