THE smart grid is promising to revolutionize the provision

Transcription

1 IEEE COMMUNICATIONS MAGAZINE 1 Do not Snoop my Habits. Preserving Privacy in the Smart Grid Félix Gómez Mármol, Christoph Sorge, Osman Ugus, and Gregorio Martínez Pérez Member, IEEE Abstract The recent deployment of smart grids has proved to bring numerous advantages in terms of energy consumption reduction in both homes and businesses. A more accurate measurement of up-to-date electricity necessities through smart meters utilization leads to an enhancement in the ability of monitoring, controlling and predicting energy use. Nevertheless, it has associated drawbacks related to the privacy of customers as well, since such management might reveal their personal habits and behavior, which electrical appliances they are using at each moment, whether they are at home or not, etc. In this paper we present a privacy enhanced architecture for smart metering aimed to tackle this threat by means of a new and novel protocol encrypting individual measurements while allowing the electricity supplier to access the aggregation of the corresponding decrypted values. The technique being used is named additively homomorphic encryption and enables the direct connection and exchange of data between electricity suppliers and final users, while preserving the privacy of the latter. Index Terms Smart grid, Smart meters, Privacy, Bihomomorphisms I. INTRODUCTION THE smart grid is promising to revolutionize the provision of electrical energy. Electricity suppliers receive more precise information about the state of their networks, and consumers are enabled to adapt their consumption behavior to the current supply situation. As the share of renewable energy sources in the production of electricity increases, this becomes more important. In contrast to coal, gas or nuclear power plants, sun or wind energy are not always available to the desired extent. This drawback, combined with the high costs of storing electrical energy, has had astonishing effects. During times of strong winds, negative electricity prices have been reported in some regions; at the European Energy Exchange, minus 500 Euros per MWh were reached during a peak hour. Better information about consumption patterns of energy consumers may contribute to improved forecasts about demand in the near future, allowing for appropriate reactions on the supply side. Customers can also help avoiding the problem by shifting their electricity consumption to different times. Obviously, this Félix Gómez Mármol works for NEC Europe Ltd., Kurfürsten-Anlage 36, Heidelberg, Germany, felix.gomez-marmol@neclab.eu Christoph Sorge is with the Department of Computer Science, University of Paderborn, Warburger Str. 100, Paderborn, Germany, christoph.sorge@upb.de Osman Ugus is with the Fachbereich Informatik, Hochschule für Angewandte Wissenschaften (HAW) Hamburg, Berliner Tor 7, Hamburg, Germany, osman.ugus@haw-hamburg.de Gregorio Martínez Pérez is with the Department of Information and Communications Engineering, University of Murcia, Murcia, Spain, gregorio@um.es Manuscript received July 1, 2011; revised February 8, is not always possible or appropriate. If, however, electricity is used to generate heat (which can be stored to some extent), to charge the batteries of an electric car, or to accomplish household functions like washing, customers will usually be flexible. One obvious way of influencing the electricity consumption by end users is the price mechanism. Prices might be updated every 15 minutes, and automated mechanisms on the customers premises can react to price changes in a previously configured way. For that purpose, electricity meters have to become smart; there must be a way for the electricity supplier to be sure that its customers pay the correct price for each period. Smart meters can also help customers save energy even without a dynamic pricing mechanism. Purely by displaying up-to-date information, awareness of electricity consumption is increased. An energy saving potential of around 15% has been suggested in a number of studies [1]. Nowadays, the positive effects of smart metering are achieved by transmitting up-to-date information to the electricity supplier in certain intervals, typically 15 minutes. It is possible for a consumer to see his/her electricity consumption in a web interface, and the information can also be used by the supplier for billing purposes. Unfortunately, this approach also threatens privacy. Even assuming that all data transmitted from the consumer s home is using a secure channel, the electricity supplier receives much more personal data than today. Using this data, it is possible to infer whether or not a customer is at home. Many devices even have individual consumption patterns, making it possible to find out when the washing machine or the TV set is in use. The fact that information provision and analysis for customers is sometimes outsourced to Google, for instance, does not help easing privacy concerns. The solution to this privacy problem cannot be to refrain from developing the smart grid. At least in the European Union, there is also a strong political will to introduce smart meters on a large scale. However, we are convinced that smart metering benefits can be kept without the electricity suppliers learning any personally identifiable information about individual customers, except what is strictly needed for billing. In this article, we do not address billing itself using trusted devices, billing can be done entirely by the meters themselves. Once per billing period, the sum to be paid by the customer can be sent to the supplier. Due to the aggregation over a long time span (e.g., one month), this information is not problematic. Instead, we focus on providing up-to-date and accurate aggregated information about the electricity consumption of customer groups to an electricity supplier, without revealing information about individual customers. In order to achieve

2 IEEE COMMUNICATIONS MAGAZINE 2 this goal, we have designed a novel solution that combines grouping of smart meters as well as the use of homomorphic encryption of the consumption reports. Obviously, an electricity network operator already receives some kind of aggregate information even nowadays; measurements on a large scale are possible and necessary for planning the use of power plants. Unfortunately, this information is very coarse-grained and does not even allow distinguishing customers of different electricity suppliers (which typically use the same network), let alone customer groups. One consequence is that electricity suppliers have to buy energy not based on the actual consumption of their customers at a certain point in time, but on an estimate. The electricity market could work more efficiently using the up-to-date information, which we can provide without intruding into customers privacy. The remainder of this article is structured as follows: At first, we give an overview on the background of our work in Section II, especially related work in the field of smart meter privacy. We then present our basic solution based on the use of homomorphic encryption (Section III); we extend this solution to avoid certain Denial-of-Service attacks. We then compare our results to previous work in Section IV before concluding the article in Section V. II. BACKGROUND Smart meters, besides their appealing social and technical benefits, have several problems concerning privacy [2]. Customer habits and behaviors can be detected by having a precise energy use information which is provided by smart meters. Any entity that knows the fine-grained energy consumptions can infer the customers lifestyle and habits (e.g., times of absence and even concrete activities like watching TV or cooking). Consequently, the customer privacy has to be protected while at the same time keeping all the benefits of smart meters by allowing detailed energy measurement reports of customers. The high frequency and volume of data transactions in the smart grid poses new challenges both from a technical and a regulatory perspective. Existing privacy laws, for example in the US, are not yet clearly defined to meet these challenges or are not applicable [2]. While the legal situation seems clearer in Europe with its more generalized approach to privacy regulations, the practical implementation of these rules is also an open issue. This leaves an open door for companies to share this information with third parties e.g., for marketing purposes. Privacy issues arisen by the use of smart meters are also discussed by government agencies. In the US, the NIST has issued guidelines for smart grid cyber security including privacy recommendations [3]. Its focus is on securing access to meter data, and on limiting the collection of data. In Germany, the Federal Office for Information Security (BSI) [4] has provided a protection profile for the gateway of a smart metering system. Additionally, it proposes to use pseudonyms for reporting energy measurements instead of real identifiers to protect customers privacy. In this work, we propose a solution for the smart meter privacy problem that allows to hide the individual smart meter measurements from the energy supplier while allowing it to access the aggregated energy usage information. The idea is to encrypt individual smart meter measurements with an encryption mechanism that allows the energy supplier to get their aggregation without decrypting them. That aim can be achieved by using a cryptographic scheme that allows performing a transformation (e.g., multiplication) on the ciphertext space, which is equivalent to evaluating a certain function on the plaintext space. In our case, the resulting function performed on the plaintext space is a simple addition. An encryption mechanism with this property is known as additively homomorphic encryption. The solution proposed in this work allows the delivery of individual smart meter measurements directly to the energy supplier while preserving the privacy of smart meter users. It is based on a bihomomorphic encryption function which is additively homomorphic on the plaintext and key space. Such an encryption mechanism is proposed in [5] as part of a previous work also done at NEC Laboratories Europe. We note that any secure additively bihomomorphic encryption mechanism can be used in the framework we provide in this paper. To the best of our knowledge, this paper is presenting one of the first works combining grouping of smart meters and use of a novel homomorphic encryption protocol in order to achieve real privacy in the smart grid. III. HOW TO PRESERVE USERS PRIVACY A. Scenario definition In our scenario, an Energy Supplier (from now on, ES) receives electricity measurements from smart meters sm in a given period. However, we do not want the ES to know individual measurements from smart meters, but the aggregation of the latter, instead. Additionally, we want to avoid the figure of an intermediate aggregator, since it might constitute a centralized point of failure and it should be universally trusted by every single smart meter. Hence, the ES must receive all the individual values encrypted, without being able to decrypt them. However, once the aggregation has been performed, it should be able to decrypt such aggregated value. Fig. 1. Scenario definition: distributed smart metering Figure 1 depicts this scenario definition. As it can be observed, smart meters encrypt their consumption reports

3 IEEE COMMUNICATIONS MAGAZINE 3 Fig. 2. Privacy enhanced architecture for smart metering before transmitting them to the ES. As the ES gathers all the encrypted values, it aggregates them in order to obtain a unique value representing the encryption of the total energy consumption of smart meters. Thus, the ES does not have access to the individual keys used to encrypt the users measurements, but it needs a mechanism that allows it to obtain the unique key K needed to decrypt the encrypted aggregation of plain values. Additionally, it should not be possible to obtain the individual keys of smart meters even if the ES knows the decryption key K. B. Physical and network layer While our approach prevents identification of customers based on application-layer (authentication) information, lower layers of the communication stack might reveal identity information. Different solutions have been suggested (and implemented) for these lower layers, either based on customers existing internet connection, or using power-line communication. In the first case (use of an existing internet connection, e.g., using DSL), users can have static or dynamically assigned IP addresses. The customer s internet service provider can always map IP address and customer identity, but will usually be a separate entity from the ES. Therefore, this mapping is not a major privacy threat. However, when a smart meter communicates with the ES, the IP address can be used to build a profile over an extended period of time if static IP addresses are used, or over a short period in case of dynamically assigned addresses. Anonymization above the network layer, using onion routing or the Crowds approach [6], is helpful in both cases. Both approaches can be used within a group of smart meters, so no external network nodes would be involved. As they are already existing standard techniques, we do not provide a detailed description as part of this work. Routing information through other nodes than the respective smart meter and the ES is not a security problem, as we use authentication and encryption on the application layer. The second case is the use of powerline communication (the reasoning also applies for several other techniques, such as dedicated ethernet lines in a block of buildings or WiMAX). Here, regular changes of MAC addresses suffice for anonymization within a broadcast domain if each anonymity group of smart meters is located within such a broadcast domain, no additional measures are required. This setup has the second advantage of allowing the ES to detect local bottlenecks. If a group of customers within one neighborhood uses (or generates) a lot of power at the same time, an overload situation may occur. With current setups, the ES cannot reliably detect such local overload situations before they lead to actual problems. Smart meters can help with this detection. C. Privacy-preserving protocol for smart metering In order to prevent an ES from snooping its customers habits and to preserve the privacy of individual measurements made by the smart meters, while allowing the ES to get an aggregation of such energy consumption reports, we have designed an effective as well as accurate solution consisting of hiding those measurements behind a smart meters grouping (see Figure 2). These groups of smart meters could be formed in a natural way by putting into the same group, for instance, all the smart meters belonging to the same building, or even those ones in the same street or neighborhood. In a practical deployment, groups would be limited to smart meters of one electricity suppliers customers (even though, in some markets, dozens or hundreds of suppliers use the same physical electricity network). We argue that such a grouping approach does not limit the benefits of the smart grid. For planning purposes,

4 IEEE COMMUNICATIONS MAGAZINE 4 the knowledge on the total energy consumption of a specific geographical region is the primary interest of an ES. The knowledge about the energy consumption of individual customers is not required for planning purposes and energy demand forecasts. Aggregation of the energy consumptions of groups allows precisely computing the total energy consumptions of certain buildings, neighborhoods, or even cities. Our scheme basically allows each smart meter sm to send a measurement, each encrypted with an individual key, to its corresponding ES, which does not get these individual keys. Instead, it receives an aggregate key allowing only the decryption of an aggregate measurement. The communication between smart meter and ES uses a secure channel, hiding the meter s real identity as a member of group G. The establishment of a secure channel requires the use of an authentication mechanism. In theory, any authentication mechanism could be used; the most suitable ones, in order to authenticate the smart meter only as a member of a group of authorized smart meters, would be group signatures or anonymous credential schemes [7]. Anonymous credential schemes are schemes that allow users to prove an authorization without revealing their identity. Group signatures achieve a similar goal: each user has different key material, but can sign messages on behalf of the group. Third parties cannot distinguish the signatures made by different group members, but most schemes use a group manager that can revoke this anonymity. A natural way to establish a secure channel in our scheme is for the smart meter and the ES to perform a key exchange (e.g., Diffie-Hellman key exchange). Afterwards, the ES signs the previously exchanged messages with a traditional signature scheme and the smart meter uses the group signature scheme for authentication (and to detect possible man-in-the middle attacks). Besides, one smart meter per group is periodically designated as the key aggregator, so the rest of members send it their keys, in a secure way. Thus, i) the aggregator cannot decrypt the values sent by each smart meter, even if it knows their keys, since such measurements are sent directly to the ES through a secure channel (and therefore the key aggregator has no access to them), ii) nobody knows other members keys (except the current key aggregator), and iii) it does not matter if the key aggregator acts maliciously and shares those keys with the ES since in such case the latter would need to try all the possible combinations between the set of keys and the set of received values from that group to disclose the actual measurements; but since those individual keys change every round (as we will see next), and the key aggregator is elected periodically, it is computationally expensive and therefore not worthy for the ES to perform such an attack. Once the key aggregator has received all the group members keys, it aggregates (sums) them in order to obtain key K and sends it to the ES through a secure channel. Note that this key K has to be sent to the ES only once when bootstrapping the system (and every time one smart meter leaves/fails or enters/joins the group). To achieve this, each smart meter actually uses a different random key per period. However, the aggregation of all the keys, i.e., key K, remains constant. To this end, smart meters within the same group form a ring 1. In each period, each smart meter in this ring selects a random value. It subtracts this random value from its own key and, at the same time, it sends that random value to its successor through a secure channel. The random value received from the predecessor is added to each smart meter s own key. Each random value added to one smart meter s key is therefore subtracted from another one s to keep the key K constant. So, in summary, the steps to be followed by our protocol in order to send encrypted measurements to the ES, while allowing it to decrypt the aggregation of such reports, are: 1) Each smart meter updates its key in a smart ring and sends the new one to the key aggregator. 2) The key aggregator computes the aggregation of all received keys in order to obtain the aggregated key K. 3) The key aggregator then sends the aggregated key K to the ES (only once at the beginning or every time a smart meter leaves/fails or enters/joins the group). The key aggregator, in any case, checks that the aggregation of received keys is equal to K every round, for consistency. 4) Each smart meter encrypts its consumption measurement at time using its current key and sends it to the ES. 5) The ES aggregates the encrypted consumption values. Through the use of bihomomorphic encryption, the result equals the aggregate of the original values, encrypted with the aggregated key K. The ES is therefore able to decrypt the aggregation just by subtracting the aggregated key K from the aggregated encrypted consumption value. The application of such bihomomorphic encryption in order to preserve users privacy in the smart grid while still allowing its numerous benefits, is one of our major contributions in this work. In short, a bihomomorphic encryption is an encryption which is additive homomorphic both on the plaintext space and on the key space, as described in a previous work [5] performed at NEC Laboratories Europe. As mentioned before, this type of encryption allows the ES to decrypt the aggregation of encrypted reports, but not those encrypted measurements individually. The key aggregator only knows the individual keys, while the ES only knows both the aggregated key K and the individual encrypted measurements. We note that any secure additive bihomomorphic encryption mechanism with these features might be suitable for this proposal. As the key aggregator only has to perform quite simple operations, its role can be played by any smart meter and does not require, say, a state-of-the-art personal computer. Unfortunately, an important issue might arise if a smart meter within a group fails, or even acts maliciously, and sends its key to the key aggregator, but does not send the corresponding encrypted measurement (or vice versa), since in such a situation the ES would not be able to perform the decryption of the aggregation of received encrypted reports. In order to tackle this problem, we also propose an additional mechanism named tokens solution that would execute on top of the previously described one, and that would be enabled just for the round where this threat is detected 1 The formation and updating of this ring is out of the scope of this paper.

5 IEEE COMMUNICATIONS MAGAZINE 5 (disabling it right afterwards the problem is overcome). As the main focus of this paper is the privacy protection, we skip the details and describe it briefly. The basic idea is that the key aggregator (KA) and the ES accept inputs from smart meters iff they are authenticated by the ES and the KA, respectively. That is to say, before aggregating the individual keys received from smart meters to obtain the key K, the KA generates a token for each key and sends them back to the corresponding smart meters. Each smart meter reports its encrypted measurement together with the received token to the ES. The ES sends an acknowledgement message for each measurement received with a valid token to the KA. The KA then aggregates only the keys which are acknowledged by the ES to obtain the key K. By applying the described bihomomorphic encryption/decryption of energy consumption measurements generated by smart meters, together with the constitution of smart meters groups, the explained keys updating mechanism and, when necessary, the tokens solution, we achieve a system in which the ES can still benefit from the instantaneous reports from smart meters in order to better monitor, control, and predict energy use, while preserving the privacy of final users in terms of their daily habits at home or their appliances usage patterns, for instance. IV. DISCUSSION In this section we carried out a concise survey of some of the current works aimed to preserve the privacy of end users in the smart grid. For instance, [8] presents two solutions for smart metering both with and without involvement of a trusted third party (TTP). In the former case, smart meters report their encrypted measurements to an intermediate aggregation proxy rather than directly to the ES. The proxy sums up the individual measurements and sends the aggregation result to the ES. The solution is based on using a conventional encryption mechanism which allows no aggregation on the encrypted measurements. Thus, the aggregation proxy can see the measurements in clear text (though it does not necessarily have the ability to map them to a specific smart meter or customer). Hence, this scheme guarantees privacy as long as the trusted party and the ES do not collaborate. In the paper at hand, the aggregator is not a typical intermediary, but a smart meter like all other participants. The main advantage of this work compared to the TTP solution presented in [8] is the amount of trust that has to be placed in the aggregator (a key aggregator, in our case). Our solution does not even allow the key aggregator to see the measurements, let alone map them to a customer. Moreover, even in case of collaboration with the ES, the potential damage is limited due to constant changes of the role. We achieve this advantageous solution by exploiting a bihomomorphic encryption which allows aggregating encrypted measurements without decrypting them at the ES. Smart meter anonymity is achieved by hiding the real identity of smart meters behind groups. We note that in [8], a solution without involvement of a trusted intermediate aggregator is also proposed. The approach is based on adding a random noise to the smart meter measurements which sums up to zero in the final aggregation. Random values are chosen from a distribution such that the sum of all random values chosen by smart meters is zero with some deviation. The solution protects the privacy of customers as the individual measurements from smart meters are randomized. The ES can still compute the aggregation of the energy consumption with some deviation from the actual value as the sum of all smart meter measurements has a lower variance than caused in individual readings by the added noise. In contrast to the approach presented in this paper, such solution only leads to an acceptable precision if group sizes become very large. Our approach also allows relatively small group sizes. However, the main disadvantage of our solution is the loss of precision e.g., in case some readings from smart meters are missed. This problem is solved in our protocol with the token based approach as described in Section III-C. Note that our work is not the first to suggest using homomorphic encryption to achieve privacy for smart metering. Garcia and Jacobs [9] suggest a provably secure two-round protocol that allows the energy supplier to learn only an aggregate value by using a combination of additively homomorphic encryption and additive secret sharing. In every reporting period, every smart meter performs n 1 encryptions and a decryption for the aggregation of measurements from a group of n smart meters. This causes a large computation and communication overhead on the smart meters which is the drawback of this scheme. In contrast to this solution, we place a lower burden on the aggregating node by using only computationally cheap symmetric encryption, which makes it possible to choose that node from the set of smart meters. Furthermore, authors of [10] present a homomorphic encryption solution to perform in-network aggregation while keeping the outputs and intermediate results secure, which is in turn based on [5]. Smart meter data is forwarded using other smart meters as intermediate hops to perform an aggregation of homomorphically encrypted meter data on each hop. Smart meters are arranged in a tree structure, in which the collector node is the root node. However, they assume that smart meters follow the honest-but-curious model, which means that smart meters will never act maliciously (either intentionally or unintentionally). In our opinion this a too strong and even not valid assumption for realistic scenarios. Thus, we have also addressed and provided a successful solution by means of which the adverse situations caused by malicious or failing smart meters are tackled. Table I shows a brief summary of the aforementioned works, analyzing some of their most critical features. V. CONCLUSIONS AND FUTURE WORK Smart meters usually record consumption of end users in different intervals and then communicate all this data back to the electricity supplier for billing and monitoring purposes. They are used as near real-time sensors providing a bidirectional communication channel between the suppliers and these devices and thus establishing the base for smart grids. They allow providing added-value services such as the provision of

6 IEEE COMMUNICATIONS MAGAZINE 6 Aggregator (Scaling) [8] with TTP same TTP as aggregator in each round [8] without no explicit TTP aggregator needed; ES aggregates data [9] data aggregator for each group [10] each smart meter as intermediate aggregator; explicit aggregator for each group Paper at key aggregator hand for each group; ES aggregates data Computation Overhead: Smart Meter negligible (symmetric negligible (symmetric high (asymmetric high (asymmetric negligible (symmetric Computation Overhead: Aggregator negligible negligible high medium medium TABLE I PRIVACY PRESERVING SOLUTIONS FOR SMART GRID different prices for consumption based on different criteria, detection of service outage, etc. Even if these advantages are of interest for both electricity suppliers and final customers, the latter will need privacy-aware ways for recollecting and transmitting their consumption information, so the use of these devices do not reveal private information, habits and behaviors of these customers. This paper proposes a privacy-aware protocol applicable to the collection of smart meter information. It allows hiding individual measurements from the electricity supplier while allowing it to access the information on the aggregated energy use. The tool in use for that is additively homomorphic encryption, which allows the supplier to get the aggregation of the encrypted individual measurements without decrypting them. Our proposed solution also enables the direct communication between nodes of the smart grid and the supplier while preserving the privacy of the smart meter users, which some other existing models are not allowing. As future work, we are planning to perform a thorough security analysis of our suggested protocol. We are also preparing an evaluation of its scalability, and plan comparing the solution to alternative approaches defined in our own groups as well as by other researchers. Moreover, we will also investigate how to detect a corrupted electricity measurement in order to trigger the tokens solution accordingly. ACKNOWLEDGMENT The work presented in this paper was partially supported by the BMWI within the project SmartPowerHamburg. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements of the SmartPowerHamburg project. Thanks also to the Funding Program for Research Groups of Excellence granted as well by the Séneca Foundation with code 04552/GERM/06. REFERENCES [1] G. Wood and M. Newborough, Dynamic energy-consumption indicators for domestic appliances: environment, behaviour and design, Elsevier Energy and Buildings, vol. 35, no. 8, pp , [2] P. McDaniel and S. McLaughlin, Security and privacy challenges in the smart grid, IEEE Security and Privacy, vol. 7, pp , [3] National Institute of Standards and Technology Interagency Report 7628: Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, August 2010, nistir-7628 vol2.pdf. [4] Bundesamt fuer Sicherheit in der Informationstechnik, Federal Office for Information Security, Protection profile for the gateway of a smart metering system, BSI/SmartMeter/PP-SmartMeter.pdf, September 02, [5] F. Armknecht, D. Westhoff, J. Girao, and A. Hessler, A lifetimeoptimized end-to-end encryption scheme for sensor networks allowing in-network processing, Computer Communications, vol. 31, no. 4, pp , [6] M. K. Reiter and A. D. Rubin, Anonymous web transactions with crowds, Communications of the ACM, vol. 42, pp , February [7] J. Camenisch and A. Lysyanskaya, Signature schemes and anonymous credentials from bilinear maps, in Advances in Cryptology CRYPTO 04, 2004, pp [8] J.-M. Bohli, C. Sorge, and O. Ugus, A privacy model for smart metering, in IEEE International Conference on Communications, 2010, May [9] F. D. García and B. Jacobs, Privacy-friendly energy-metering via homomorphic encryption, in In 6th Workshop on Security and Trust Management (STM 2010), [10] F. Li, B. Luo, and P. Liu, Secure information aggregation for smart grids using homomorphic encryption, in First IEEE International Conference on Smart Grid Communications. Gaithersburg, USA: IEEE Communications Society, Oct 2010, pp Félix Gómez Mármol is a research scientist in the security group at NEC Laboratories Europe, Heidelberg, Germany. His research interests include authorization, authentication and trust management in distributed and heterogeneous systems, security management in mobile devices and design and implementation of security solutions for mobile and heterogeneous environments. He received an MSc and PhD in computer engineering from the University of Murcia. Contact him at felix.gomez-marmol@neclab.eu Christoph Sorge is an assistant professor in the computer science department at the University of Paderborn. His research interests include security and privacy of computer networks from both a technical and a legal perspective. Sorge has a PhD in computer science from the Karlsruhe Institute of Technology. Contact him at christoph.sorge@uni-paderborn.de.

7 IEEE COMMUNICATIONS MAGAZINE 7 Osman Ugus received his Diploma degree in 2007 from Technische Universität Darmstadt with a focus on IT-security. From April 2007 until December 2010, he worked at NEC Europe Network Laboratories as a Research Associate. He is currently a Research Assistant at HAW Hamburg. He is interested in security and lightweight cryptography especially in wireless sensor networks and mobile devices. Contact him at osman.ugus@haw-hamburg.de Gregorio Martínez Pérez is an associate professor in the Department of Information and Communications Engineering of the University of Murcia. His research interests include security, privacy and management of IP-based communication networks. He received an MSc and PhD in computer engineering from the University of Murcia. Contact him at gregorio@um.es