EPPA: An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications Rongxing Lu, Xiaohui Liang, Xu Li, Xiaodong Lin, Xuemin

EPPA: An Efficient and Privacy-Preserving

Aggregation Scheme for Secure Smart Grid Communications

Rongxing Lu, Xiaohui Liang, Xu Li, Xiaodong Lin, Xuemin (Sherman) ShenIEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS

VOL. 23, NO. 9, SEPTEMBER 2012

Presenter : 周新偉Date:2014/10/27

1

Outline

• Intorduction• Systrm Model,Security Requirement And Design Model• Preliminaries• EPPA Schmem• Security Analysis• Performance• Conclusions

2

Outline


3

Intorduction

4

Outline


5

6

System Model

7

Security Requirements

• Confidentiality

• Authentication and Data Integrity

8

Design Goal

• The secure requirement should be guaranteed in the proposed scheme

• The communication effectiveness should be achieved in the proposed scheme

9

Outline


10

Preliminaries

Bilinear Pairing

en(κ) = (q,P,T,e)

Computational Diffie-Hellman(CDH) Problem

Bilinear Diffie-Hellman(BDH) Problem

Decisional BDH(DBDH) Problem

Preliminaries-----Paillier Cryptosystem(1/3)

Key Generationsecurity parameter κ1

large prime p1 , q1

| p1|=|q1|=|κ1|RSA modulus : n=p1 * q1

λ=lcm(p1-1, q1-1)

L(u)=(u-1)/nμ=(L(gλmodn2))-1 mod n

Public key pk = (n,g)Privite key sk = (λ, μ)

11

12

Preliminaries-----Paillier Crypyosystem(2/3)

Encryptionmessage m ∈random number r ∈ciphertext c=E(m)=gm*rn mod n2

ℤ𝑛∗

13

Decryptionciphertext c ∈

m=D(c)=L() *μ mod n

Preliminaries-----Paillier Crypyosystem(3/3)

ℤ𝑛 2

∗

14

Outline

• Introduction• System Model, Security Requirement And Design Model• Preliminaries• EPPA Scheme• Security Analysis• Performance• Conclusions

15

EPPA Scheme---System Initialization(1/3)

Security parameters κ, κ1

en(κ) = (q,P,T,e)

Calculate public key pk = (n,g) //n=p1q1

privite key sk = (λ, μ)

Electricity usage data (T1 ,T2 ,…,Tl )

Superincreasing sequence = (a1 =1,a2 ,…,al) //a2,…,al are large prime

gi=, for i=1,2,…,l

16


2 random element Q1,Q2 ∈2 random number ∈Computes e(P,P) , Y=P

2 secure cryptographic hash function H,H1 H : {0,1}*

H1: {0,1}*

ℤ𝑞∗

ℤ𝑞∗

17


Keep Master keys (λ, μ ) security

While when a HAN user Ui ∈ U of the RA joins in the system , Ui choose a random number i as the private key ,and compute the ∈corresponding public key Yi=iP

ℤ𝑞∗

18

EPPA Scheme---User Report Generation

Step 1. choose a random number r and compute∈

Step 2. use private key to make sinature

Step 3.report encrypted electricity usage data C to local GW in the RA

ℤ𝑛∗

19

EPPA Scheme---Privacy-Preserving Report Aggregation

After receiving C for i = 1,2,…,wLocal GW check TS & if hold?Hold, the signature is accept . In order to make verification efficientlyGW perform as

The time-consuming pairing operation can be reduce from 2w to w+1 time.

20

EPPA Scheme---Privacy-Preserving Report Aggregation

After validity checking, the following steps for privacy-preserving report aggregation :

21

EPPA Scheme---Secure Report Reading And Response(1/6)

After receiving C ,OA checkC is implicitly formed by

22


Taking

And the report C=gMRn mod n2 is still ciphertext for Paillier Cryptosystem

OA use master key to recover M

23


By invoking algorithm 1,OA can recover and store the aggregated data

24


Correctness of algorithm 1,assume Xl=M

Since any type of data is less than d,

25


With the same procedure, we can also prove each

Dj= ,for j = 1,2,…,l-1.

After analyzing the near real-time electricity usage data,OA send a message mT to inform user in RA

step1. OA first choose a random number s , and compute =(,,,),where

Then OA make signature =H() ,and send back to local GW at RA

ℤ𝑞∗

26

EPPA Scheme---Secure Report Reading And Response(6/6)step2. upon receiving GW check

e(P)=e(Y,H() )if hold,GW broadcast in RA

step3. authorized key

=(P+Y,P, P, Q1+Q2) to recover m form :

27

Outline


28

Security Analysis(1/2)

User’s data (di1,di2,…,dil) sensed by smart meters are formed as

Ci= ,…, mod n2 ,which can be express as

Since Paillier Crytosystem is semantic secure against the chosen plaintext attack . Thus the data is secure and privacy-preserving.

29

Security Analysis(2/2)

After GW collect all report C1,C2,…,Cw from residential user ,

GW compute C= Ci mod n2 to perform report aggregation.

After receiving C from GW, the OA recover C as (l),and store the entry in the database.

Dj=

∏𝑖=1

𝑤

❑

30

Outline


31

Performance(1/3)

32

Performance(1/3)

33

Performance(2/3)

34

Performance(3/3)

35

Outline


36

Conclusions

In this paper, we have proposed an efficient and privacypreserving aggregation scheme for secure smart grid communications. It realizes a multidimensional data aggregation approach based on the homomorphic Paillier cryptosystem.

Compared with the traditional one-dimensional data aggregation methods, EPPA can significantly reduce computational cost and significantly improve communication efficiency, satisfying the real-time high-frequency data collection requirements in smart grid communications.

We have also provided security analysis to demonstrate its security strength and privacy-preserving ability, and performance analysis to show the efficiency improvement.

For the future work, we will study the possible behavior by internal attackers and extend the EPPA scheme to effectively resist such attacks.

37

心得

38

Thanks for your listening

Documents

EPPA: An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications Rongxing Lu, Xiaohui Liang, Xu Li, Xiaodong Lin, Xuemin