Security and Privacy-Preserving Metering Service in the Smart Grid

The deployment of smart metering provides an immense amount of data for power grid operators and energy providers. By using this data, a more efficient and flexible power grid can be realized. However, this data also raises privacy concerns since it contains very sensitive information about customers. In this paper, we present a security and privacy-preserving metering scheme for the community customers, by utilizing the password authenticated key exchange (PAKE) protocol and Elliptic Curve Cryptosystem (ECC). The proposed scheme will protect the community network from possible malicious behavior, and security analysis is also given in the paper.


Introduction
Today's electrical grid is changing rapidly into a smarter grid to address the demands of distributed generation.An important task for the smart grid is accurate monitoring of energy consumption and production.Smart metering is a crucial part for the realization of the vision of smart grid.In its most basic form, it describes a deployment of electric meters that enable two-way communication between meter and distribution system operator.This is often called the Advanced Metering Infrastructure (AMI).
Smart metering provides accurate, near real-time measurements of household consumption.Using this data, energy suppliers can plan their energy production more efficiently and provide users with real-time pricing.However, smart metering data also poses a threat to the privacy of people living in the measured households.Using nonintrusive load monitoring, anyone with access to smart metering data can deduce highly private information [1] [2].Even with measurements taken only every 15 minutes, patterns of usage for appliances can be deduced.Private information like working hours, personal habits and even religious beliefs are at risk of being no longer private through smart metering [3].
At present, extensive studies have been conducted on the information security of smart grid [4] [5] [6] [7].However, most of the results achieved are not applicable to the privacy problems of the smart electricity meters.In this paper, we propose a security and privacy-preserving metering scheme for the community customers, by utilizing the password authenticated key exchange (PAKE) protocol [8] [9] [10] and Elliptic Curve Cryptosystem (ECC) [11] [12] [13].The rest of this paper is organized as follows: Section 2 presents the related background knowledge.Section 3 describes our proposed scheme while its security analysis and algorithm comparison are proved in Section 4. Finally, Section 5 concludes the paper.

Community Energy Management System
In the architecture of smart grid, the user's power consumption data of a community is usually sent to the power grid control center via smart meters through community gateway.In a community with n homes, the gateway need to forward every home electricity consumption data to the grid control center at regular intervals, the control center can use these data to analyze the power usage condition of the energy community.The typical energy community architecture is shown in Figure 1.As shown in the figure, Community Energy Management System (CEMS) is an energy management center of the intelligent community, which is used to manage and record the community household energy consumption, collect user consumption data.Through the analysis of such information the energy suppliers are able to schedule and control of electrical equipment within the community, improve the electricity efficiency of the residents side, and eventually achieve the purpose of energy saving.This paper takes the energy community as the research object to establish safety authentication between the smart meters, the community energy management system, and aggregate the user data in the community.Assuming that all the data are transferred in the encrypted form, for example, the gateway need to forward an encrypted user electricity to the grid control center at regular intervals, the control center can be used to analyze the power usage condition of the community after the decryption of the encrypted power consumption respectively.Obviously the cost of communication is relatively high, and if the adversary breached or compromised the server of control center, they can get the community electricity data of any user, which can analyze the user's habits or even worse.
After data aggregation, the energy management system will decrypt the energy consumption data first, and take aggregation operations.The aggregated data is then encrypted and sent to the power grid control center.Finally, the control center carries out the decryption of the received data to obtain the total electricity consumption of the community.This approach reduces the communication cost from community energy management system to the power grid control center, and the data stored in the control center server is the whole electricity consumption of the community instead of user's personal consumption.Therefore, the adversary cannot obtain the user's electricity consumption through the intrusion control center, so as to protect the user's privacy.

Data Privacy with Shielding Parameter
The electricity information in smart meters is a group of sensitive data to users, which need to preserve its privacy.In order to solve this problem, we introduce shielding parameters for data privacy process.User data statistics held in smart meters is aggregated to CEMS with shielding parameters.Illegal attacks against any user equipment can't obtain the real user consumption data, which ensure the user privacy and data security in the household energy network.
Supposing that a wireless network area contains n acquisition terminals, each terminal of the sensor nodes at the same time send packets to collection centers/aggregators, and no packet losses.As shown in Figure 2 2) When the terminal devices send data i M to the collection center, shiel- ding parameter i R will be added to the data i M to hide the real information.
Then the hidden data { } i i M R + will be sending to collection center.
3) Data collection centers aggregate data from terminal devices, these aggregation can be the real consumption that user use.

The ECC-Based Password Authentication and Privacy Preserving Scheme
To authenticate mutually network devices in the energy community, an enhanced ECC based password authentication scheme in is utilized.As shown in Figure 3.To ensure the reliability and confidentiality of data transferring, the mutual authentication between community energy management systems and smart meters is necessary.As shown in Figure 3, after a secure session has been established, the community user data can be gathered in hidden way, and the aggregated data is the total consumption of the community electricity, attacker can't get user's personal consumption data to pry user's privacy.
More specifically, this proposed scheme is divided into three stages: initialization phase, authentication phase, data privacy phase, which are described as follows.

Initialization Phase
Assuming that password Pw and secret key x are shared between CEMS and smart meters, and the CEMS A does not know the password Pw and ( , , , ) is stored in its database.On the other hand, smart meter B has the plain password and computes π in every session.Furthermore, the trusted center generated a safety elliptic curve.Its basic parameters can be defined as follows: where q F is the prime field of the elliptic curve, E is the elliptic curve, G is the base point of the elliptic curve, n is a prime number and be the order of G, and H is a one-way mapping function that can map any string to domain q F .

Authentication Phase
After initialization, CEMS and smart meters must be authenticated mutually

Data Privacy Phase
After the authentication, the agreement needs to be further strengthened to ensure the privacy of user data.In the energy community, smart meters are grouped in different buildings, shielding parameter i R can be distributed randomly by the trusted center to all the smart meters.And the condition ∑ must be satisfied.Before the user's electricity data transmission begin, Shielding parameters are mixed into smart meters to hide real data , and then all the hidden consumption are posted to Community Energy Management System encrypted by the session key generated from the previous phase.CEMS aggregates all data received from smart meters ( ) to get the real total consumption.

Security Analysis of the Proposed Scheme
In this section, the security of proposed protocol is analyzed and it is shown that the proposed scheme has resilience to several well-known attacks, such as replay attack, dictionary attack and man-in the middle attack.Here, we briefly explain the security properties for the proposed protocol.
Known session key security: The session keys of different sessions are inde-pendent from each other, and it is difficult for attackers to acquire a new session key from the revealed session keys of the past sessions.Because the session key AB K is calculated from two random numbers A r and B r that are indepen- dently selected by Community EMS A and smart meter B, respectively.These random numbers will change for every session.Therefore, the proposed protocol provides the known session key security properties.
The current session key security: In the security authentication stage, the selection of random number A r , B r and generation of session key AB K occur inside their own devices of both parties without transmitting through the wireless channel, the attacker can't steal Meaningful results.In addition, because of the collision-resistant property of a one-way hash function, adversary can't ob- Resilience to dictionary attack: In the authentication phase between CEMS and smart meters, the password information Pw shared between the two sides does not appear in the transmission process, an attacker can't get a clear confirmation of the password.Assuming that the adversary guesses Pw′ as a password of smart meter, but he/she does not have the pre-shared secret key x, so he/she cannot compute the expected values ( , , , ) . Therefore, A cannot acquire the correct value π and obtains a different value and validates ( , , , ) . Obviously, A recognizes that the opposite party is not the real one, the attack take places and then A stops protocol run with error, so the attack on password is discernible.
Resilience to password compromised impersonation attack: It is assumed that the smart meter's password Pw leaks, the attacker knows Pw, but doesn't aware the pre-shared keys x, the correct π is still unknown.Thus the check fails and the attack cannot be carried out.Moreover, even if calibration is successful, Resilience to key compromise impersonation attack: Suppose that private key a s of energy management system compromises, the attacker still cannot get the correct session key AB K .Because the attacker does not know the random number EMS selected A r , and also can't get the corresponding password Pw and pre distribution key x from the smart meter, unable to get the correct B S from the B S′ .Therefore, the correct session key AB A a B K r s S = is not calculated.Similarly, even if the smart meter's private key b s leaks, the results also cannot solve the correct session key.
Privacy preserving: This scheme adopts the way of adding shielding parameters, hiding the real power data of the users, and cannot get the valid data from the users, user's actual energy consumption is only in the community energy management system, nor can it be a threat to the user's behavior and the stability of the power grid.

Conclusion
In this paper, the password authentication and elliptic curve cryptography are combined to realize the two-way secure authentication between smart meter and community energy management system in energy community.Under the pre-

Figure 1 .
Figure 1.Smart community energy management system.
before communication.Now assuming that they have determined their public and private keys.Each intelligent device has its own identity ID, the trusted center store the hash value of all the smart meter ID instead of the meter ID, which can saving storage space of database.If a smart meter B want to communicate with CEMS, the meter need to calculate the H(ID_b) and sent to the trusted center, then the trusted center will compare the transmitted data with H(ID_b) stored in the database.If it has, then begin to authenticate.If not, then refuse authentication.Authentication steps are shown in Figure 4. Step 1: Community EMS A select two random number , ,and is selected as its private key, and compute as its public key, then transmit and to Smart Meter B. Step 2: Smart Meter B select two random numbers , , and is selected as its private key, and compute as its public key.B gets AA receives the message from B, and checks if extracted from A's database or not.If it is not verified, it halts the protocol run with error.Otherwise, it believes that another party has knowledge of the valid B's password and secret key x.A then compute .After got the real , A constructs the session key as using its private key .Step 4: Smart Meter B get the message from A, and then acquires as
the attacker cannot get the selected random number B r from formula B B A S r P = because of the difficulty of solving ECDLP.Consequently, the password compromise impersonation attack cannot take place on the proposed protocol.Resilience to illegal devices masquerading attack: Each device in the network has its unique ID, before the authentication phase, all smart meter ID's hash value will be stored in the database of the trusted center.If an attacker with illegal equipment want to camouflage smart meter to communicate with CEMS, he/she need to send the device ID of the hash function H(ID) to a trusted center to check first.If no hash function satisfies the requirement, the protocol can be stopped.Resilience to replay attack: In this protocol, Two random numbers A r and B r generated from A and B separately are used in constructing the session key and other factors.The selection of random number ensures the novelty of session, and guarantees us that the proposed scheme is secure against replay attack.
mise of ensuring the security, reliability and non-repudiation of communication, the user's privacy is protected.The security of the ECC based password authentication algorithm is better under the condition of the same key length because of the particularity of the short distance wireless communication.Compared with other encryption algorithm, elliptic curve cryptography (ECC) has great advantages in computational demand, key length and security, especially suitable for resource constrained environment.Due to the intractability of the elliptic curve discrete logarithm problem, the protocol can effectively resist the impersonation attack, replay attack, password compromise impersonation attack, dictionary attack etc.