Efficient Privacy-Preserving Data Collection Scheme for Smart Grid AMI Networks

Transcription

1 Efficient Privacy-Preserving Data Collection Scheme for Smart Grid AMI Networks Hawzhin Mohammed, Samet Tonyali, Khaled Rabieh, Mohamed Mahmoud, and Kemal Akkaya Department of Electrical and Computer Engineering, Tennessee Tech University, Cookeville, TN, USA Department of Electrical and Computer Engineering, Florida International University, Miami, FL, USA Department of Computer Science, Sam Houston State University, TX, USA Abstract In this paper, we propose an efficient scheme that utilizes symmetric-key-cryptography and hashing operations to collect consumption data. The idea is based on sending masked power consumption readings from the meters and removing these masks by adding all the meters messages, so that the utility can learn the aggregated reading but cannot learn the individual readings. We also introduce a key management procedure that uses asymmetric key operations, but unlike the power consumption collection that is done very frequently, the key management procedure is run every long time for key renewals. Our evaluations indicate that the cryptographic operations needed in our scheme are much more efficient than the operations needed in the existing schemes. In addition, we have shown that the proposed scheme can preserve the consumers privacy and provide high protection level against collusion attacks. Finally, ns-3 simulation results demonstrate that the network performance of the proposed scheme outperforms the performance of the existing schemes due to reducing the packet size and computational overhead. Keywords: Privacy Preservation, AMI Network, Data Aggregation, Smart Meter and Smart Grid. I. INTRODUCTION The smart grid uses smart devices that have communication and computation capabilities to upgrade the existing power grid [1]. This new upgrade aims to use electricity more efficiently, reduce the CO2 emission, and integrate renewable energy resources. One of the main applications in the smart grid that is currently being implemented is the Advanced Metering Infrastructure (AMI) [1]. The AMI networks have smart meter (SM) installed at the consumer side to connect the consumers to the utility company. The smart meters send fine-grained power consumption data to the utility company to monitor the power demands over short periods. However, the finegrained meter data being collected could be used to infer the activities and behavior patterns of consumers [2]. It can reveal the types of activities going on in the house like the appliances that are currently used, whether a consumer is traveling, when consumers leave home and when they return back, etc. Obviously, exposing such sensitive information is a threat to the privacy of the consumers and eventually may make them to opt out from such programs. To address this well-known issue, several schemes have been proposed recently to enable the utility company to collect the fine-grained data while preserving the consumers privacy [3] [5]. Most of these schemes either extensively use asymmetrickey cryptography operations, such as homomorphic encryption techniques or rely on power batteries to hide the actual power consumption. However, these techniques are costly in terms of hardware (such as installing batteries) or communication/computation. In particular, due to using asymmetric-key cryptography operations in the collection of readings, ciphertext size is very large and computation time is long because they need expensive computations. In this paper, we propose an efficient scheme that mostly uses lightweight symmetric-key-cryptography and hashing operations to collect consumption data while preserving consumer privacy. The idea is based on sending masked power consumption readings by the meters and removing these masks by aggregating all the meters messages, so that the utility company can learn the aggregated reading but it cannot learn the individual readings. Each meter shares secret mask values with proxies among other meters, a gateway, and the utility. The meter masks its reading with the summation of all the mask values shared with the proxies. In order to remove the mask by aggregating all the readings, each proxy adds to its reading the shared mask value with the meter so that after aggregating all the readings, the added values by the proxies cancel the mask added by the meter. Note that our scheme can be used for both multihop AMI networks and single-hop networks where each meter is connected directly to the utility via a wireless WAN. In our scheme, each meter should share a symmetric key with each child meter and parent meter to secure the communications. To enable a meter and each proxy to compute a different secret mask for each reading, they should share a symmetric key and use it to compute the shared mask. Efficient hashing operations can be used to compute the masks. We also introduce a key management procedure that uses asymmetrickey operations, but unlike the power consumption collection that is done very frequently, the key management procedure is run every long time for key renewals. Our measurements indicate that the cryptographic operations needed in our scheme are much more efficient than the operations needed in the existing schemes. Our analysis indicates that the proposed scheme can preserve the consumers privacy and provide high protection level against collusion attacks. We have also conducted experimentation by implementing the approach in an AMI network using IEEE s mesh standard. Ns-3 simulation results demonstrate that the network performance of our scheme outperforms the existing schemes.

2 WiMAX/4G Gateway model by assuming that attackers can be both internal and external and all meters, gateway and the utility can be attackers. External attackers can eavesdrop on the transmissions and internal attackers can compromise proxies to learn the masks they add for meters. For collusion attacks, we assume that any number of external and internal attackers can collude, but this includes at most n 1 proxies of a meter, where the meter has n proxies. SM IEEE Fig. 1: Multi-hop AMI network model. Internet SM 1 SM 2 SM n Fig. 2: Single-hop AMI network model. The remainder of this paper is organized as follows. The network and threat models are explained in Section II. The proposed scheme is presented in Section III. The evaluations are presented in Section IV. The related works are given in Section V. Conclusions are drawn in Section VI. A. Network Model II. NETWORK AND THREAT MODELS As indicated in Fig. 1 and 2, our scheme can be used in two different network models: multi and single-hop AMI networks. In multi-hop AMI network, the network has smart meters (SMs), gateway, and utility company [6]. The SMs are connected via a wireless mesh network using Wi-Fi or ZigBee. Meters cannot communicate directly to the utility but the gateway serves as a relay between the meters and the utility company. Each meter acts as a router to relay meters packets to connect them to the gateway. The gateway collects all the meters readings and sends an aggregated reading to the utility through a long distance communication, such as WiMax or LTE. In single-hop AMI networks, each SM can communicate directly to the utility through Internet or cellular networks. B. Adversary and Threat Model We consider honest-but-curious adversary model. Attackers are interested in learning private information on the consumers but they do not want to disrupt the communication or the proper operation of the network. We consider a strong adversary A. Overview III. PROPOSED SCHEME Every SM shares a key with each child meter and a key with the parent meter. These keys are used to secure the communications of the meters. Also, each meter selects a number of proxies that can be meters, gateway, and the utility. It shares a secret key with each proxy. The key is used to calculate secret masks. Each meter masks its reading to preserve privacy, and proxies add mask values to remove the mask added to the meter s reading to obtain an aggregated reading without knowing the individual readings. The more the number of proxies, the more the scheme is robust against collusion attacks. In this section, we first explain the needed cryptography to bootstrap our scheme. Then, we explain the process of adding/removing masks and explain the data collection scheme in multihop and single-hop networks. Finally, we explain an efficient and secure key management procedure. B. System Setup A trusted authority (TA) creates a finite field Z q of order q, where q is a large prime number. Let G 1 and G 2 denote additive and multiplicative groups, respectively. G 1 and G 2 have the same order q and P is the generator of G 1. E k () and D k () are symmetric-key encryption and decryption schemes, where k is the key. There exists a bilinear pairing function ê that maps elements from G 1 to G 2, where P 1 and P 2 G 1, ê(p 1, P 2 ) G 2. There exists three one-way hash functions H 1, H 2 and H K, where H 1 :{0, 1} G 1, H 2 : {0, 1} Z q and a keyed hash function H K : {0, 1} {0, 1} t, where K is a secret key used to compute the hash value and t is the H K s output size. We use the keyed hash function HMAC in our scheme because it is efficient and widely used. For every smart meter SM i, the TA chooses a random element sk i Z q and computes P K i = sk i P, where sk i and P K i are the meter s private and public keys, respectively. The TA publishes the public parameters of the system {q, P, H 1, H 2, H K, ê, E k (), D k ()}. C. Readings Masking Fig. 3 illustrates the concept we used to protect consumers privacy using secret masks. Each smart meter (SM i ) computes secret mask values shared with its proxies, where s i,j is the secret mask shared between smart meter i and proxy P i,j. The meter masks its reading r i by subtracting the summation of all the mask values from the reading. To remove the mask and recover r i, each proxy P i,j computes a secret shared mask s i,j

3 SM i ri s i,n-1 Proxies P i,1 Gateway P i,n-1 P i,n P i,n+1 Fig. 3: SM i masks its reading with secrets shared with proxies. and adds it to its reading, so that after adding all the data sent from the meter i and proxies, the proxies masks remove the mask added by meter i. This is because the summation of the mask values added by the proxies n+1 j=1 s i,j should be equal to the mask value subtracted by the SM i from its reading. The reading of SM i can only be exposed when all the proxies collude. If only one proxy does not collude, it is infeasible to recover the reading of SM i. That is why our scheme is more robust to collusion attacks as the number of proxies increase. Fig. 3 shows one reading from one meter to explain the concept of preserving privacy by adding/removing secret masks. However, if all the meters mask their readings and the proxies remove the masks, the resultant value from the aggregation is the summation of all readings ( n i=1 r i). SM i and each proxy use a long-term shared key to calculate the secret masks. To secure our scheme, each mask value is used only for one time. We assume that each power consumption transmission has a serial number Sn that is unique in each day. SM i and P i,j compute the mask value of the power consumption transmission number Sn in day date using the shared key K i,j and keyed hash function H K as follows: H Ki,j (Sn date). Obviously, no other entity can derive the mask value because it does not know the long-term key. The size of the HMAC s output can be 128 or 160 bits. A larger mask value can be produced by concatenating multiple hash values, e.g., H Ki,j (Sn date 1)...H Ki,j (Sn date L), and if the mask size is less than the HMAC s output, the proposed technique in [7] can be used to reduce the output size. To produce a smaller mask, the HMAC output is divided into blocks of log 2 (b) where b is the number of desired bits needed to represent the mask value. Exclusive OR (XOR) bitwise operations are applied to the blocks to reduce the size of the output and ensure randomization. D. Readings Aggregation and Recovery Fig. 4 depicts an example on how the utility recovers the aggregated SMs readings without knowing the individual E k3,4 (m 3 ) Gateway SM 3 E kg,u (m 4 ) m 5 Masked reading of SM1 m 1 = r 1 - s 1,2 - s 1,3 - s 1,g - s 1,u + s 2,1 + s 3,1 m 2 = r 2 - s 2,1 - s 2,3 - s 2,g - s 2,u + s 1,2 + s 3,2 m 3 = r 1 + r 2 + r 3 - s 1,g - s 2,g - s 3,g - s 1,u - s 2,u - s 3,u m 4 = r 1 + r 2 + r 3 - s 1,u - s 2,u - s 3,u m 5 = r 1 + r 2 + r 3 SM 1 SM 2 Fig. 4: recover aggregated reading. Masks for SM2 & SM3 readings. For simplicity, we assume that the AMI network has only three meters, but the idea can be extended to more meters. We also assume that for each meter SM i, all the other meters, gateway, and the utility are proxies. As shown in the figure, each meter s message has a masked reading that has the summation of all masks shared with proxies subtracted from the reading, where, s j,i is the mask that is added by proxy j for meter i. For example, SM 1 masks its reading by subtracting from its reading r 1 the masks {s 1,2, s 1,3, s 1,g, s 1,u } it shares with the proxies {SM 2, SM 3, gateway, utility}, where s 1,g and s 1,u are two secret masks shared between SM 1 and the gateway and the utility, respectively. Moreover, since SM 1 acts as a proxy to SM 2 and SM 3, the figure shows that it adds the masks s 2,1 and s 3,1 for SM 2 and SM 3, respectively. Then, SM 1 encrypts the message with the shared key with the parent meter (SM 3 ) using symmetric encryption scheme like AES. After SM 3 receives the encrypted messages from the child meters (SM 1 and SM 2 ), it decrypts the messages to recover m 1 and m 2. Given these two messages, it is infeasible to recover the readings of SM 1 and SM 2 because SM 3 does not know the secret masks that are added by other proxies. SM 3 aggregates the messages of SM 1 and SM 2 with its own masked reading to compute m 3. Then, it encrypts m 3 with the shared key with the gateway. Obviously, our scheme uses innetwork aggregation where the message sent by each meter has the readings of all the child meters. The gateway decrypts the message and since the gateway acts as a proxy to the three meters, it removes the shared masks by adding them to m 3. The gateway cannot know the individual readings or even the aggregated reading because it does not know the secret masks of the utility. Finally, the gateway encrypts the message and sends it to the utility that removes the masks to obtain the aggregated reading 3 i=1 r i. All the encrypted messages should have hash values and timestamps to ensure message integrity and freshness. So far, we focused on multi-hop AMI networks, but our scheme can also be applied to single-hop AMI networks. In

4 this case, each meter encrypts its message with the shared key with the utility. The utility can know the meters messages but it cannot extract their readings because it does not know the secret masks shared with proxies. However, it can only recover n i=1 r i by adding all the messages and removing its masks. E. Key Agreement Procedure The key agreement procedure should be executed in one of the following cases: 1) at the bootstrap of the system; 2) when a new meter is added to the AMI network; and 3) in key renewals. Although symmetric keys are usually used for a long time, key renewal is a good practice to thwart cryptanalysis attacks. In order to share a long-term secret key with each proxy P i,j, each SM i chooses a random element r i,j Zq and composes a key establishment request packet. The packet has the identifer of SM i (id i ), r i,j P, T S, δ i and cert i, where T S is the current timestamp, δ i is signature (δ i = sk i H 1 (id i r i,j P T S)), and cert i is the certificate of SM i. Then, it sends the packet to its proxies. Each proxy P i,j should verify that the packet is not stale by checking the timestamp T S to thwart replay attacks. Then, it verifies the signature δ i by checking whether ê(δ i, P ) =? ê(h 1 (id i r i,j P T S), P K i ). The signature verification proof is as follows: ê(δ i, P ) = ê(sk i H 1 (id i r i,j P T S), P ) = ê(h 1 (id i r i,j P T S), sk i P ) = ê(h 1 (id i r i,j P T S), P K i )) Then, the proxy P i,j chooses a random element r j,i Zq and computes r j,i P. It calculates the long-term shared key K j,i to be H 2 (ê(p K i, sk j r i,j r j,i P )). Finally, the proxy sends the key establishment reply packet to SM i. The packet has the unique identifier id j, r j,i P, T S, H 1 (K j,i 1), δ j, and cert j, where T S is the current timestamp, δ j is the signature of the packet (δ j = sk j H 1 (id j r j,i P T S H 1 (K j,i 1))) and cert j is the proxy s certificate. H 1 (K j,i 1) is used for key confirmation. When SM i receives the packet, it checks the timestamp and verifies the signature similar to the way discussed earlier. Then, it computes the long-term shared key K i,j to be H 2 (ê(p K j, sk i r i,j r j,i P )). The derived keys by SM i and the proxy are the same. The proof is as follows: K i,j = H 2 (ê(p K i, sk j r i,j r j,i P )) = H 2 (ê(sk i P, sk j r i,j r j,i P )) = H 2 (ê(sk j P, sk i r i,j r j,i P )) = H 2 (ê(p K j, sk i r i,j r j,i P )) = K j,i Finally, SM i sends the key confirmation H 1 (K i,j 2) to P i,j. IV. EVALUATIONS A. Security and privacy analysis Reading privacy: External attackers cannot figure out any information about the readings but parent meters can learn the masked readings. Since each reading is masked with secret TABLE I: Communication and computation overhead. Homomorphic aggregation time (n = 2048) 0.65ms Homomorphic encryption/decryption time Homomorphic packet size AES encryption/decryption time ( 256 bits) AES packet size EtoE packet size 2.4ms 4096 bits 0.061ms 256 bits 128 bits mask values, it is infeasible to extract the reading without knowing the masks. To compute the masks, a keyed hash function is used, and thus it is infeasible to compute the masks if the keys are not known. Each mask value is used for only one reading to make messages look different every time the same reading is sent. Also, if the same mask is used in two different readings, the parent meter can subtract the masked readings to remove the masks and learn the difference between the two readings. Collusion attack: To expose a leaf meter s reading, all the meter s proxies should collude to remove the masks, but this is more complicated in case of non-leaf meters. This is because their messages have all the readings of the child meters and masks from their proxies. There is an interesting tardeoff between robustness against collusion attacks and overhead. Our scheme is more robust against collusion attacks as the number of proxies increases, but more overhead is needed to compute the keys and the masks. Since non-leaf meters enjoy more protection, the number of proxies should be large for the leaf meters but the number decreases as the meter have more child meters. Attacks against key agreement: The key generation is not controlled by one party but the two parties contribute by random numbers. This usually results in a more secure key. Singing the key establishment packets can thwart man-in-themiddle attack and ensure packet integrity. In our scheme, each key can be used for a long time securely because if a key is compromised, the attacker can learn only one mask but all the masks should be computed to extract a meter s reading. Attacks against packet integrity and freshness: To ensure packet integrity and freshness, all the key establishment packets have timestamps and signatures, and the reading packets have timestamps and hash values. B. Simulation and Measurement Results 1) Experimental Setup: In order to evaluate the cryptographic computation overhead, we have implemented the cryptosystems used in our scheme and in the existing schemes, using MIRACL cryptographic library [8] running on an Intel processor core i7 CPU 2.00 GHz and 1 GB RAM. The computation measurements and also the communication overhead are given in Table I. It can be seen that the computation time to encrypt a reading using homomorphic encryption is 40 times the time needed to encrypt the same reading using symmetric key cryptography (AES-256). The size of the ciphertext of the homomorphic encryption is 8 times the size of the ciphertext

5 TP (kbps) Paillier RMT EtoE Number of Meters CT (sec) Number of Meters (a) Throughput for various number of SMs. (b) Completion time for various number of SMs. (c) Retransmissions ratio for various number of SMs. Fig. 5: Performance comparison among Paillier, RMT and EtoE of AES-256. We used network simulator ns-3 [9] to assess the impact of the communication/computation overhead reduction on the network performance. We implemented AMI network using IEEE s mesh networking and created random network topologies of size N, where N {36, 49, 64, 81, 100}. For each N, we created 30 random topologies and reported the average. For each topology, a minimum spanning tree is generated and parent-child relationships are assigned to the nodes according to this tree. A mesh node acts as the gateway/data collector and (N-1) mesh nodes act as smart meters that send their readings to the gateway. Leaf meters of the tree send their reading to their parent meter periodically every 60 seconds [10]. The parent meters aggregate their own reading with the reading(s) sent from the child meter(s) and they transmit the aggregated reading to their parent meter. This process goes on up until to the gateway. Finally, the gateway aggregates the reading(s) sent from its child meter(s) and sends the resultant aggregated reading to the utility. 2) Baselines and Performance Metrics: We use two baselines to compare the performance of the proposed scheme. The first baseline uses Paillier cryptosystem to perform data aggregation using homomorphic encryption. In the second baseline the meters send their readings in plaintext directly to the gateway, and the data aggregation is performed at the gateway. This approach does not protect consumer privacy and we call it end-to-end aggregation (EtoE). For performance evaluation, we used the following metrics: Throughput (TP): This is the total amount of data received by the gateway per second. Average Completion Time (CT): This is the average e- lapsed time for receiving all the readings from all meters at the gateway in one round. It is measured at the application layer so that it takes into account the cryptosystem and arithmetic operations. Retransmission Ratio (RR): This is the percentage of the number of retransmissions in the number of all transmission attempts at the transport layer. 3) Performance Results: In this section, we use EtoE, Paillier and RMT abbreviations for end-to-end aggregation, Paillier cryptosystem, and our proposed readings masking technique, respectively. First, we investigate the throughput performance to analyze Paillier RMT EtoE RR (%) Paillier RMT EtoE Number of Meters the bandwidth usage of the approaches. The goal is to use as less channel bandwidth as possible to accommodate other types of traffic. As shown in Fig. 5a, the throughput is almost constant for RMT as the number of meters increases. Actually, it fluctuates slightly but all values are around kbps. This is because the data size of RMT is too small, and a small number of meters (the child meter(s) of the gateway) transmit their readings directly to the gateway. The throughput of EtoE increases as the network scales due to the increment in the number of packets received by the gateway. It is higher than the throughput of RMT because EtoE does not perform data aggregation at intermediate meters, i.e., the gateway receives all readings from all of the meters directly. Paillier cryptosystem shows an interesting tendency. The values for 36 and 49-node topologies are almost the same. Then, it decreases till 81-node topologies. Finally, it increases at 100-node topologies. This is related to the number of meters that transmit their reading directly to the gateway, and the packet delivery delay within the network as the network scales. As the number of meters in the network increases, the time lag between the beginning of a data collection round and the moment at which the gateway receives aggregated meter readings increases. However, the number of child meters of the gateway does not increase with the same ratio. This causes a decrease in throughput. The increment at 100-node topologies can be attributed to a significant increment in the number of the child meters of the gateway. As seen in Fig. 5b, RMT requires less time than Paillier to complete a data collection round. This can be attributed to the cryptographic operations done by the approaches because the computation time in RMT is much less than the time of Paillier. In the beginning, EtoE takes longer time than Paillier does. We attribute this to the large number of meters that want to send their readings to the same meter, i.e., to the gateway. All of the meters attempt to send their readings to the gateway at the same time. This causes more backoff waitings compared to those of RMT and Paillier. For 81 and 100-node topologies, the CT of Paillier exceeds the CT of EtoE due to the increased number of heavyweight cryptographic operations. In Fig. 5c, we give the retransmission ratio values at the transport layer. All of the values are above 50% and almost constant for Paillier and RMT at each topology size. This means that slightly more than half of the transmission attempts fails.

6 This can be attributed to that the leaf meters send their readings at the same time and the packets transmitted collide at the receiver meter. The retransmission ratio of Paillier is slightly higher than that of RMT. We attribute this to difference in the data sizes because the data size affects the probability of congestion collapses. This is the underlying reason for the Paillier s slightly higher retransmission ratio. However, the retransmission ratio of EtoE is higher than that of RMT although EtoE sends half size of a packet RMT sends. This is due to its way of data collection. In RMT, the meters send their readings to a meter which is closer to the gateway. Therefore, an ACK can be received from the receiver within a reasonable time. However, in EtoE, the meters send their reading to the gateway directly and this increases the number of dropped reading packets and the number of ACKs sent by the receiver, and so the number of retransmissions. The retransmission ratio of EtoE rises as the network scales because the more packet traffic in the network, the more number of dropped packets. V. RELATED WORK The cryptography-based schemes use cryptosystems to hide the fine-grained power consumption data. However, the existing schemes extensively use asymmetric key cryptography such as homomorphic encryption technique that is widely used to hide the meters readings by sending an aggregated reading to the utility. In [2], [3], [11], homomorphic encryption based aggregation techniques are used to protect consumers privacy by aggregating readings at the in-network meters. However, these techniques are vulnerable to collusion attacks. Since the utility has the private key of the homomorphic encryption, it can decrypt the meters readings if it colludes with eavesdroppers. Erkin el. al. [12] propose a scheme to protect homomorphic encryption based aggregation techniques against collusion attacks by adding random numbers to the readings before applying the homomorphic encryption. They also propose techniques for spatial and temporal power reading aggregation. Although most of the existing schemes use homomorphic encryption aggregation techniques, other ideas have been proposed [13], [14]. Efthymiou el. at. [13] proposed a scheme that is based on anonymizing readings instead of aggregating them. The idea is based on sending actual readings but hiding the identities of the readings owners. In [14], gateways are trusted to distribute obfuscation values to the meters to distort their readings, so that the utility still can use the distorted readings for state estimation. However, comparing to the aggregation techniques, the proposed schemes in [13], [14] need to trust some parties like gateways, and they leak some data (like the actual readings) that can be used to identify the reading owners. VI. CONCLUSION We have proposed an efficient scheme to enable the utility company to collect the power consumption data while preserving the consumer privacy. Our scheme mostly uses lightweight symmetric key cryptography and hashing operations to collect readings. The asymmetric key cryptography operations are needed only for key management that is executed every long time. Our measurements have indicated that our scheme not only can reduce the packet size, but it can also reduce the computation time at each meter. We used NS-3 simulator to assess the impact of this overhead reduction on the network performance. The simulation results have demonstrated that our scheme consumes much less bandwidth, has less packet retransmission rate, and less delay comparing to the homomorphic encryption based schemes. Our analysis has demonstrated that the proposed scheme is secure and can preserve privacy. VII. ACKNOWLEDGMENTS This work is supported in part by US National Science Foundation under the grants numbers and This publication was made possible by NPRP grant number from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors. REFERENCES [1] W. Wang, Y. Xu, and M. Khanna, A survey on the communication architectures in smart grid, Computer Networks, vol. 55, no. 15, pp , [2] F. D. Garcia and B. Jacobs, Privacy-friendly energy-metering via homomorphic encryption, in Springer Security and Trust Management, 2010, pp [3] F. Li, B. Luo, and P. Liu, Secure information aggregation for smart grids using homomorphic encryption, in the First IEEE International Conference on Smart Grid Communications (SmartGridComm). [4] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, Eppa: An efficient and privacy-preserving aggregation scheme for secure smart grid communications, IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 9, pp , Sept [5] N. Saputro and K. Akkaya, On preserving user privacy in smart grid advanced metering infrastructure applications, Security and Communication Networks, vol. 7, no. 1, pp , [6] V. C. Gungor, D. Sahin, T. Kocak, S. Ergut, C. Buccella, C. Cecati, and G. P. Hancke, Smart grid technologies: Communication technologies and standards, IEEE Transactions on Industrial Informatics, vol. 7, no. 4, pp , Nov [7] K. Rabieh, M. Mahmoud, K. akkaya, and S. Tonyali, Scalable Certificate Revocation Schemes for Smart Grid AMI Networks Using Bloom Filters, IEEE Transactions on Dependable and Secure Computing, in press, [8] Miracl, Multiprecision integer and rational arithmetic c/c++ library. [9] ns 3, ns-3: network simulator 3, Release , [Online]. Available: [10] A. Beussink, K. Akkaya, I. F. Senturk, and M. M. Mahmoud, Preserving consumer privacy on ieee s-based smart grid ami networks using data obfuscation, in Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on. IEEE, 2014, pp [11] M. Bae, K. Kim, and H. Kim, Preserving privacy and efficiency in data communication and aggregation for AMI network, Journal of Network and Computer Applications, vol. 59, pp , [12] Z. Erkin and G. Tsudik, Private computation of spatial and temporal power consumption with smart meters, in Applied Cryptography and Network Security. Springer, 2012, pp [13] C. Efthymiou and G. Kalogridis, Smart Grid Privacy via Anonymization of Smart Metering Data, in IEEE International Conference on Smart Grid Communications (SmartGridComm), Oct 2010, pp [14] S. Tonyali, O. Cakmak, K. akkaya, M. Mahmoud, and I. Guvenc, Secure Data Obfuscation Scheme to Enable Privacy-Preserving State Estimation in Smart Grid AMI Networks, IEEE Internet of Things Journal, in press, 2015.