Embed Size (px)
Citation preview
P2: Privacy-Preserving Communication and P2: Privacy-Preserving Communication and Precise Reward Architecture for V2G Networks in Precise Reward Architecture for V2G Networks in
Smart GridSmart Grid
Presenter: Hongwei Li
Smart Grid Group SeminarSmart Grid Group Seminar
OutlineOutline
• Introduction• System Models• System Design • Security analysis • Performance analysis• Conclusion
• Introduction• System Models• System Design • Security analysis • Performance analysis• Conclusion
2
IntroductionIntroduction
3
Vehicle-to-grid (V2G) network is a system where parked battery vehicles (BVs) communicate with the smart grid to consume electricity.
In addition, BVs also sell electricity storage capability by delivering electricity to grid as required.
BVs charge during off-peak hours. BVs discharge during peak hours
How to do?
How to do?
A good idea
A good idea
IntroductionIntroduction
4
A long-term participation agreement is signed between BVs AND V2G operators.
However !However !
The fixed connection requirement contained in the long-term
agreement will cause inconvenience to the BV owners. An unexpected early leaving from the parking lot. Some other accidental events.
BV owners’ interest in joining the V2G networks are reduced!
BV owners’ interest in joining the V2G networks are reduced!
How to solve this problem!
How to solve this problem!
IntroductionIntroduction
5
A precise reward scheme Does not require BV owners to sign a long-term contract Giving the reward to owners in the form of E-cash
However, Privcay raising!
However, Privcay raising!
The identity and location of BV owners are compromised. By analyzing the monitoring data of specific BV, such as the parking lots it visited and how long it stayed there, the operator of a V2G network can easily deduce the personal activities of
this BV’s owner. The detailed service record for specific BV could result in
privacy leakage too.
How to solve these problems!
How to solve these problems!
Introduction(Introduction(Contributions))
6
The first attempt to identify the privacy protection issues in V2G networks.
A precise and reward scheme for V2G networks. individual BV is rewarded according to its contribution to each service.
A secure communication architecture achieves privacy-preserving for both BV’s monitoring and rewarding
processes. pursues important objectives for secure communication, including
mutual authentication, confidentiality, data integrity, and so forth.
Outline
Introduction System Models System Design Security analysis Performance analysis Conclusion
System Models System Models ((Network architecutre ))
8
Fig. 1 Network architecutreFig. 1 Network architecutre
System Models System Models ((Network model ))
Fig.2 Network model of the V2G networkFig.2 Network model of the V2G network
9
System Models System Models ((Trust Model and Security Goals))
Trust Model TA is trusted by all the other parties. There is no direct trust
relationship between individual BV and CAG(Central
Aggregator) or LAGs (Local Aggregators). Security Goals
Mutual authentication between BV and aggregator. Confidentiality and integrity of the communication Location and identity privacy of BV Anonymous reward Efficient revocation of BVs
Trust Model TA is trusted by all the other parties. There is no direct trust
relationship between individual BV and CAG(Central
Aggregator) or LAGs (Local Aggregators). Security Goals
Mutual authentication between BV and aggregator. Confidentiality and integrity of the communication Location and identity privacy of BV Anonymous reward Efficient revocation of BVs
10
Outline
Introduction System Models System Design Security analysis Performance analysis Conclusion
System Design :InitializationSystem Design :Initialization
TA initializes the V2G network Diffie-Hellman (BDH) parameter generator
generate the public parameters Each entity , including all the BVs, LAGs, and
CAG, submits its ID information to TA to get its public/private key pair.
TA initializes the V2G network Diffie-Hellman (BDH) parameter generator
generate the public parameters Each entity , including all the BVs, LAGs, and
CAG, submits its ID information to TA to get its public/private key pair.
12
System Design :Permit-Based Access Control System Design :Permit-Based Access Control and BV’s Monitoringand BV’s Monitoring
13
Permit Generation BV obtains the permit by restrictive partially
blind signature .
Permit Generation BV obtains the permit by restrictive partially
blind signature .
To ensure that verifier can not link BV’s real identity with this permit when it sees the permit later.
To ensure that verifier can not link BV’s real identity with this permit when it sees the permit later.
Why?Why?
System Design :Permit-Based Access Control System Design :Permit-Based Access Control and BV’s Monitoringand BV’s Monitoring
14
Fig.3 Permit Generation AlgorithmFig.3 Permit Generation Algorithm
System Design :Permit-Based Access Control System Design :Permit-Based Access Control and BV’s Monitoringand BV’s Monitoring
Permit Verification: When accessing the V2G network, each BV presents a permit and
a pseudonym PS to the LAG (local aggregators).
Permit Verification: When accessing the V2G network, each BV presents a permit and
a pseudonym PS to the LAG (local aggregators).
15
System Design :Permit-Based Access Control System Design :Permit-Based Access Control and BV’s Monitoringand BV’s Monitoring
16
Permit-Based Access Control and BV’s Monitoring After Permit Verification, a session key will be used in the
following communication between this BV and LAG. When the next monitoring cycle comes, this BV reports its
current status ST to the LAG. After collecting STs for this monitoring period
from all the BVs in the local area. LAG forwards them to the CAG(central aggregator) in batch
mode. Since each ST is identified by pseudonym PS , both the LAG and CAG
could not link the monitoring data with the real identity of the BV.
Permit-Based Access Control and BV’s Monitoring After Permit Verification, a session key will be used in the
following communication between this BV and LAG. When the next monitoring cycle comes, this BV reports its
current status ST to the LAG. After collecting STs for this monitoring period
from all the BVs in the local area. LAG forwards them to the CAG(central aggregator) in batch
mode. Since each ST is identified by pseudonym PS , both the LAG and CAG
could not link the monitoring data with the real identity of the BV.
System Design :Anonymous Service Providing and System Design :Anonymous Service Providing and RewardingRewarding
After receiving those monitoring data from LAGs, CAG computes the current available electricity storage capacity and makes bids for providing some services which are publicly requested by smart grid in the electricity market.
After receiving those monitoring data from LAGs, CAG computes the current available electricity storage capacity and makes bids for providing some services which are publicly requested by smart grid in the electricity market.
17
System Design :BV’s RevocationSystem Design :BV’s Revocation
18
Consider two types of revocations. In the first case, if the operator of the V2G network wants
to revoke a BV’s right to access the V2G network, what it needs to do is just deny this BV’s new requests for permit.
In another case, the BV is compromised. The BV needs to report all its permits . the operator will immediately notify all LAGs to deny all attempts to access the V2G network.
Consider two types of revocations. In the first case, if the operator of the V2G network wants
to revoke a BV’s right to access the V2G network, what it needs to do is just deny this BV’s new requests for permit.
In another case, the BV is compromised. The BV needs to report all its permits . the operator will immediately notify all LAGs to deny all attempts to access the V2G network.
Outline
Introduction System Models System Design Security analysis Performance analysis Conclusion
Security analysisSecurity analysis
20
Location and identity privacy of BV. Due to the adoption of restrictive partially blind signature
technique in the generation of permit, the LAG which verified the permit can not deduce the BV’s real identity from the permit and the related pseudonym, even with the help of CAG.
Further, for each pair of permit and pseudonym, a BV only uses it within single parking period, thus LAGs can not link a specific BV’s multiple parking activities with the same BV..
Location and identity privacy of BV. Due to the adoption of restrictive partially blind signature
technique in the generation of permit, the LAG which verified the permit can not deduce the BV’s real identity from the permit and the related pseudonym, even with the help of CAG.
Further, for each pair of permit and pseudonym, a BV only uses it within single parking period, thus LAGs can not link a specific BV’s multiple parking activities with the same BV..
Security analysisSecurity analysis
21
Anonymity and incontestability of the reward. To protect the identity privacy of the well-behaved BVs and
at the same time keep the capability of tracing BVs which commit double redeeming, the generation of reword, similar as that of the permit, also adopts the restrictive partially blind signature technique.
Anonymity and incontestability of the reward. To protect the identity privacy of the well-behaved BVs and
at the same time keep the capability of tracing BVs which commit double redeeming, the generation of reword, similar as that of the permit, also adopts the restrictive partially blind signature technique.
Security analysisSecurity analysis
22
Basic security requirements. The scheme can also achieve security objectives, including
mutual authenticaition between BV and aggregators, confidentiality of the communications, validation of the communicating messages,
Through the adoption of the standard cryptographic primitives: namely, symmetric key-based encryption, secure hashed message authentication, digital signature. The use of timestamp in all the communicating messages could effectively prevent replay attack.
Basic security requirements. The scheme can also achieve security objectives, including
mutual authenticaition between BV and aggregators, confidentiality of the communications, validation of the communicating messages,
Through the adoption of the standard cryptographic primitives: namely, symmetric key-based encryption, secure hashed message authentication, digital signature. The use of timestamp in all the communicating messages could effectively prevent replay attack.
Outline
Introduction System Models System Design Security analysis Performance analysis Conclusion
Performance analysisPerformance analysis
Computation: BV
generation process: 8 pairings+9 exponentiations on G+ 9 scalar multiplications G1.
Monitoring process: BV needs to periodically report its current status to LAG. Those reports will be encrypted with AES. this will incur negligible computational cost for BV.
Aggregator CAG needs to do 4 pairings + 5 scalar multiplications
for the generation of single permit and reward, respectively.
In the verification process of permit and the redeeming process of permit , Aggregators need to do 6 pairings, 5 exponentiations, and 1 scalar multiplication.
These operations will be scattered throughout the whole day. In addition, considering that those aggregators are dedicated equipment with cloud computing.
Computation: BV
generation process: 8 pairings+9 exponentiations on G+ 9 scalar multiplications G1.
Monitoring process: BV needs to periodically report its current status to LAG. Those reports will be encrypted with AES. this will incur negligible computational cost for BV.
Aggregator CAG needs to do 4 pairings + 5 scalar multiplications
for the generation of single permit and reward, respectively.
In the verification process of permit and the redeeming process of permit , Aggregators need to do 6 pairings, 5 exponentiations, and 1 scalar multiplication.
These operations will be scattered throughout the whole day. In addition, considering that those aggregators are dedicated equipment with cloud computing.
24
Performance analysisPerformance analysis
Communication: The communication overhead incurred by mostly comes
from the periodical monitoring. where each BV needs to report its current status ST to
LAG. Since the information contained in the ST only occupies very short message (no larger than 100 bytes) and the period of reporting is usually several or even tens of seconds.
this communication overhead is totally tolerable for current communication techniques.
Communication: The communication overhead incurred by mostly comes
from the periodical monitoring. where each BV needs to report its current status ST to
LAG. Since the information contained in the ST only occupies very short message (no larger than 100 bytes) and the period of reporting is usually several or even tens of seconds.
this communication overhead is totally tolerable for current communication techniques.
25
ConclusionConclusion
26
The first attempt to identify and formulate the privacy protection and precise reward problems in V2G networks, both of which are important for bring the V2G concept into practice.A secure and privacy- preserving communication and precise reward architecture for V2G networks,
not only provide satisfiable privacy protection and precise reward to the BVs. but also achieves other important security objectives including mutual authentication, confidential communication, data integrity, etc.
The first attempt to identify and formulate the privacy protection and precise reward problems in V2G networks, both of which are important for bring the V2G concept into practice.A secure and privacy- preserving communication and precise reward architecture for V2G networks,
not only provide satisfiable privacy protection and precise reward to the BVs. but also achieves other important security objectives including mutual authentication, confidential communication, data integrity, etc.
27
Thank you !Thank you !
