Privacy-preserving power usage control in smart grids

The smart grid (SG) has been emerging as the next-generation intelligent power grid system because of its ability to efficiently monitor, predicate, and control energy generation, transmission, and consumption by analyzing users\u27 real-time electricity information. Consider a situation in which the utility company would like to smartly protect against a power outage. To do so, the company can determine a threshold for a neighborhood. Whenever the total power usage from the neighborhood exceeds the threshold, some or all of the households need to reduce their energy consumption to avoid the possibility of a power outage. This problem is referred to as threshold-based power usage control (TPUC) in the literature. In order to solve the TPUC problem, the utility company is required to periodically collect the power usage data of households. However, it has been well documented that these power usage data can reveal consumers\u27 daily activities and violate personal privacy. To avoid the privacy concerns, privacy-preserving power usage control (P-PUC) protocols are proposed under two strategies: adjustment based on maximum power usage and adjustment based on individual power usage. These protocols allow a utility company to manage power consumption effectively and at the same time, preserve the privacy of all involved parties. Furthermore, the practical value of the proposed protocols is empirically shown through various experiments --Abstract, page iii

PUF-BASED SOLUTIONS FOR SECURE COMMUNICATIONS IN ADVANCED METERING INFRASTRUCTURE (AMI)

Advanced Metering Infrastructure (AMI) provides two-way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols to provide the security of unicast and broadcast communications in AMI is an essential part of AMI design. The security of all existing cryptographic protocols are based on the assumption that secret information are stored in the non-volatile memory of each party. These information must be kept unknown to the adversary. Unfortunately, in an AMI network, the attackers can obtain some or all of the stored secret information from non-volatile memories by a great variety of inexpensive and fast side channel attacks. Especially, the smart meters which are located in physically insecure environments are more vulnerable to these attacks. Thus, all existing AKE and BA protocols are no longer secure against such attacks. In this paper, we investigate how to develop secure AKE and BA protocols with the presence of memory attack. As a solution, we propose to embed a Physical Unclonable Function (PUF) in each communicating party which generate the secret values as required without need to store them. By combining PUFs and two well-known and secure protocols, we propose a PUF-based Authenticated Key Exchange protocol (PUF-AKE) for unicast communications and a PUF-based Broadcast Authentication (PUF-BA) for broadcast communications. We show that our proposed protocols are memory leakage resilient. Also, we prove the security of them in a standard model. Performance analysis of both of the protocols show they are efficient for AMI applications. The proposed protocols can be easily implemented in AMI networks

An efficient privacy-preserving authentication scheme for energy internet-based vehicle-to-grid communication

The energy Internet (EI) represents a new electric grid infrastructure that uses computing and communication to transform legacy power grids into systems that support open innovation. EI provides bidirectional communication for analysis and improvement of energy usage between service providers and customers. To ensure a secure, reliable, and efficient operation, the EI should be protected from cyber attacks. Thus, secure and efficient key establishment is an important issue for this Internet-based smart grid environment. In this paper, we propose an efficient privacy-preserving authentication scheme for EI-based vehicle-to-grid communication using lightweight cryptographic primitives such as one-way non-collision hash functions. In our proposed scheme, a customer can securely access services provided by the service provider using a symmetric key established between them. Detailed security and performance analysis of our proposed scheme are presented to show that it is resilient against many security attacks, cost effective in computation and communication, and provides an efficient solution for the EI

Secure and Scalable Data Collection With Time Minimization in the Smart Grid

Deployment of data generation devices such as sensors and smart meters have been accelerating toward the vision of smart grid. The volume of data to be collected increases tremendously. Secure, efficient, and scalable data collection becomes a challenging task. In this paper, we present a secure and scalable data communications protocol for smart grid data collection. Under a hierarchical architecture, relay nodes [also known as data collectors (DCs)] collect and convey the data securely from measurement devices to the power operator. While the DCs can verify the integrity, they are not given access to the content, which may pave the way for third party providers to deliver value-added services or even the data collection itself. We further present optimization solutions for minimizing the total data collection time.This work was supported by the Department of Energy under Award DE-OE0000097Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/111642/3/Uludag2015Secure_ToSG.pd

Network security for augmented reality application in health care sector

Abstract. The recent advances in mobile devices and wireless communication sector transformed Mobile Augmented Reality (MAR) from science fiction to a reality. Incorporating this MAR technology in health care sector elevates the quality of diagnosis and treatment for the patients. However, due to the highly sensitive nature of the data being circulated in this process, it is also highly vulnerable to the security threats. In the thesis, an architecture is proposed for a MAR health care application based on Multi-access Edge Computing (MEC). This includes key features such as displaying augmented view of patient information on the mobile device, augmenting the X-ray or scan image on top of the patient’s actual body parts to assist the doctor, and enabling the doctor to interact with an expert and get real time consultancy. Based on the proposed architecture, all the possible network security threats are analyzed. Furthermore, a secure key management scheme is proposed for registration and authentication phases to establish a secure end-to-end communication between the participating entities in the system. The security features of the proposed scheme are formally verified by using Automated Validation of Internet Security Protocols and Applications (AIVSPA) tool, Moreover, an informal verification is provided to discuss the protection against other possible attacks. It has justified that the proposed scheme is able to provide the required level of security for the system

IEEE TRANSACTIONS ON SMART GRID 1 Multilayer Consensus ECC-Based Password Authenticated Key-Exchange (MCEPAK) Protocol for Smart Grid System

Abstract—This paper aims at providing a key agreement protocol for smart grid to cope with access control of appliances/devices located inside a Home Area Network (HAN) by a set of controllers outside the HAN. The commands/packets initiated by the controllers in crisis cases should be delivered fast and immune from any interruption. The HAN controller, which acts as a gateway, should not cause any delay by decrypting and re-encrypting the packets, nor should it has any chance to modify them. Considering the required level of security and quality of service, we design our protocol with an Elliptic Curve Cryptography (ECC) approach. We improve and implement the Password Authenticated Key Exchange (PAKE) protocol in two steps. First, we propose an auxiliary mechanism that is an ECC version of PAKE, and then extend it to a multilayer consensus model. We reduce the number of hash functions to one, and utilize a primitive password shared between an appliance and HAN controller to construct four valid individual consensus and authenticated symmetric keys between the appliance and upstream controllers by exchanging only 12 packets. Security analysis presents that our protocol is resilient to various attacks. Furthermore, performance analysis shows that the delay caused by the security process is reduced by more than one half