View
218
Download
0
Category
Tags:
Preview:
Citation preview
EPPA: An Efficient and Privacy-Preserving
Aggregation Scheme for Secure Smart Grid Communications
Rongxing Lu, Xiaohui Liang, Xu Li, Xiaodong Lin, Xuemin (Sherman) ShenIEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS
VOL. 23, NO. 9, SEPTEMBER 2012
Presenter : 周新偉Date:2014/10/27
1
Outline
• Intorduction• Systrm Model,Security Requirement And Design Model• Preliminaries• EPPA Schmem• Security Analysis• Performance• Conclusions
2
Outline
• Intorduction• Systrm Model,Security Requirement And Design Model• Preliminaries• EPPA Schmem• Security Analysis• Performance• Conclusions
3
Intorduction
4
Outline
• Intorduction• Systrm Model,Security Requirement And Design Model• Preliminaries• EPPA Schmem• Security Analysis• Performance• Conclusions
5
6
System Model
7
Security Requirements
• Confidentiality
• Authentication and Data Integrity
8
Design Goal
• The secure requirement should be guaranteed in the proposed scheme
• The communication effectiveness should be achieved in the proposed scheme
9
Outline
• Intorduction• Systrm Model,Security Requirement And Design Model• Preliminaries• EPPA Schmem• Security Analysis• Performance• Conclusions
10
Preliminaries
Bilinear Pairing
en(κ) = (q,P,T,e)
Computational Diffie-Hellman(CDH) Problem
Bilinear Diffie-Hellman(BDH) Problem
Decisional BDH(DBDH) Problem
Preliminaries-----Paillier Cryptosystem(1/3)
Key Generationsecurity parameter κ1
large prime p1 , q1
| p1|=|q1|=|κ1|RSA modulus : n=p1 * q1
λ=lcm(p1-1, q1-1)
L(u)=(u-1)/nμ=(L(gλmodn2))-1 mod n
Public key pk = (n,g)Privite key sk = (λ, μ)
11
12
Preliminaries-----Paillier Crypyosystem(2/3)
Encryptionmessage m ∈random number r ∈ciphertext c=E(m)=gm*rn mod n2
ℤ𝑛∗
13
Decryptionciphertext c ∈
m=D(c)=L() *μ mod n
Preliminaries-----Paillier Crypyosystem(3/3)
ℤ𝑛 2
∗
14
Outline
• Introduction• System Model, Security Requirement And Design Model• Preliminaries• EPPA Scheme• Security Analysis• Performance• Conclusions
15
EPPA Scheme---System Initialization(1/3)
Security parameters κ, κ1
en(κ) = (q,P,T,e)
Calculate public key pk = (n,g) //n=p1q1
privite key sk = (λ, μ)
Electricity usage data (T1 ,T2 ,…,Tl )
Superincreasing sequence = (a1 =1,a2 ,…,al) //a2,…,al are large prime
gi=, for i=1,2,…,l
16
EPPA Scheme---System Initialization(2/3)
2 random element Q1,Q2 ∈2 random number ∈Computes e(P,P) , Y=P
2 secure cryptographic hash function H,H1 H : {0,1}*
H1: {0,1}*
ℤ𝑞∗
ℤ𝑞∗
17
EPPA Scheme---System Initialization(3/3)
Keep Master keys (λ, μ ) security
While when a HAN user Ui ∈ U of the RA joins in the system , Ui choose a random number i as the private key ,and compute the ∈corresponding public key Yi=iP
ℤ𝑞∗
18
EPPA Scheme---User Report Generation
Step 1. choose a random number r and compute∈
Step 2. use private key to make sinature
Step 3.report encrypted electricity usage data C to local GW in the RA
ℤ𝑛∗
19
EPPA Scheme---Privacy-Preserving Report Aggregation
After receiving C for i = 1,2,…,wLocal GW check TS & if hold?Hold, the signature is accept . In order to make verification efficientlyGW perform as
The time-consuming pairing operation can be reduce from 2w to w+1 time.
20
EPPA Scheme---Privacy-Preserving Report Aggregation
After validity checking, the following steps for privacy-preserving report aggregation :
21
EPPA Scheme---Secure Report Reading And Response(1/6)
After receiving C ,OA checkC is implicitly formed by
22
EPPA Scheme---Secure Report Reading And Response(2/6)
Taking
And the report C=gMRn mod n2 is still ciphertext for Paillier Cryptosystem
OA use master key to recover M
23
EPPA Scheme---Secure Report Reading And Response(3/6)
By invoking algorithm 1,OA can recover and store the aggregated data
24
EPPA Scheme---Secure Report Reading And Response(4/6)
Correctness of algorithm 1,assume Xl=M
Since any type of data is less than d,
25
EPPA Scheme---Secure Report Reading And Response(5/6)
With the same procedure, we can also prove each
Dj= ,for j = 1,2,…,l-1.
After analyzing the near real-time electricity usage data,OA send a message mT to inform user in RA
step1. OA first choose a random number s , and compute =(,,,),where
Then OA make signature =H() ,and send back to local GW at RA
ℤ𝑞∗
26
EPPA Scheme---Secure Report Reading And Response(6/6)step2. upon receiving GW check
e(P)=e(Y,H() )if hold,GW broadcast in RA
step3. authorized key
=(P+Y,P, P, Q1+Q2) to recover m form :
27
Outline
• Intorduction• Systrm Model,Security Requirement And Design Model• Preliminaries• EPPA Schmem• Security Analysis• Performance• Conclusions
28
Security Analysis(1/2)
User’s data (di1,di2,…,dil) sensed by smart meters are formed as
Ci= ,…, mod n2 ,which can be express as
Since Paillier Crytosystem is semantic secure against the chosen plaintext attack . Thus the data is secure and privacy-preserving.
29
Security Analysis(2/2)
After GW collect all report C1,C2,…,Cw from residential user ,
GW compute C= Ci mod n2 to perform report aggregation.
After receiving C from GW, the OA recover C as (l),and store the entry in the database.
Dj=
∏𝑖=1
𝑤
❑
30
Outline
• Intorduction• Systrm Model,Security Requirement And Design Model• Preliminaries• EPPA Schmem• Security Analysis• Performance• Conclusions
31
Performance(1/3)
32
Performance(1/3)
33
Performance(2/3)
34
Performance(3/3)
35
Outline
• Intorduction• Systrm Model,Security Requirement And Design Model• Preliminaries• EPPA Schmem• Security Analysis• Performance• Conclusions
36
Conclusions
In this paper, we have proposed an efficient and privacypreserving aggregation scheme for secure smart grid communications. It realizes a multidimensional data aggregation approach based on the homomorphic Paillier cryptosystem.
Compared with the traditional one-dimensional data aggregation methods, EPPA can significantly reduce computational cost and significantly improve communication efficiency, satisfying the real-time high-frequency data collection requirements in smart grid communications.
We have also provided security analysis to demonstrate its security strength and privacy-preserving ability, and performance analysis to show the efficiency improvement.
For the future work, we will study the possible behavior by internal attackers and extend the EPPA scheme to effectively resist such attacks.
37
心得
38
Thanks for your listening
Recommended