I2PA : An Efficient ABC for IoT

Internet of Things (IoT) is very attractive because of its promises. However, it brings many challenges, mainly issues about privacy preserving and lightweight cryptography. Many schemes have been designed so far but none of them simultaneously takes into account these aspects. In this paper, we propose an efficient ABC scheme for IoT devices. We use ECC without pairing, blind signing and zero knowledge proof. Our scheme supports block signing, selective disclosure and randomization. It provides data minimization and transactions' unlinkability. Our construction is efficient since smaller key size can be used and computing time can be reduced. As a result, it is a suitable solution for IoT devices characterized by three major constraints namely low energy power, small storage capacity and low computing power

Privacy-preserving power usage control in smart grids

The smart grid (SG) has been emerging as the next-generation intelligent power grid system because of its ability to efficiently monitor, predicate, and control energy generation, transmission, and consumption by analyzing users\u27 real-time electricity information. Consider a situation in which the utility company would like to smartly protect against a power outage. To do so, the company can determine a threshold for a neighborhood. Whenever the total power usage from the neighborhood exceeds the threshold, some or all of the households need to reduce their energy consumption to avoid the possibility of a power outage. This problem is referred to as threshold-based power usage control (TPUC) in the literature. In order to solve the TPUC problem, the utility company is required to periodically collect the power usage data of households. However, it has been well documented that these power usage data can reveal consumers\u27 daily activities and violate personal privacy. To avoid the privacy concerns, privacy-preserving power usage control (P-PUC) protocols are proposed under two strategies: adjustment based on maximum power usage and adjustment based on individual power usage. These protocols allow a utility company to manage power consumption effectively and at the same time, preserve the privacy of all involved parties. Furthermore, the practical value of the proposed protocols is empirically shown through various experiments --Abstract, page iii

Enabling privacy in a gaming framework for smart electricity and water grids

Serious games are potentially powerful tools to influence users' preferences and attitudes. However, privacy concerns related to the misuse of data gathered from the players may emerge in online-gaming interactions. This work proposes a privacy-friendly framework for a gaming platform aimed at reducing energy and water usage, where players are grouped in teams with the challenge of maintaining the aggregated consumption of its members below a given threshold. We discuss a communication protocol which enables the team members to compute their overall consumption with- out disclosing individual measurements. Moreover, the protocol prevents the gaming platform from learning the consumption data and challenge objectives of the players. Correctness and truthfulness checks are included in the protocol to detect cheaters declaring false consumption data or providing altered game results. The security and performance of the framework are assessed, showing that scalability is ensured thanks to the limited data exchange and lightweight cryptographic operations

MobileTrust: Secure Knowledge Integration in VANETs

Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy

A privacy-friendly gaming framework in smart electricity and water grids

Serious games can be used to push consumers of common-pool resources toward socially responsible consumption patterns. However, gamified interactions can result in privacy leaks and potential misuses of player-provided data. In the Smart Grid ecosystem, a smart metering framework providing some basic cryptographic primitives can enable the implementation of serious games in a privacy-friendly manner. This paper presents a smart metering architecture in which the users have access to their own high-frequency data and can use them as the input data to a multi-party secure protocol. Authenticity and correctness of the data are guaranteed by the usage of a public blockchain. The framework enables a gaming platform to administer a set of team game activities aimed at promoting a more sustainable usage of energy and water. We discuss and assess the performance of a protocol based on Shamir secret sharing scheme, which enables the members of the teams to calculate their overall consumption and to compare it with those of other teams without disclosing individual energy usage data. Additionally, the protocol impedes that the game platform learns the meter readings of the players (either individual or aggregated) and their challenge objectives

Towards secure end-to-end data aggregation in AMI through delayed-integrity-verification

The integrity and authenticity of the energy usage data in Advanced Metering Infrastructure (AMI) is crucial to ensure the correct energy load to facilitate generation, distribution and customer billing. Any malicious tampering to the data must be detected immediately. This paper introduces secure end-to-end data aggregation for AMI, a security protocol that allows the concentrators to securely aggregate the data collected from the smart meters, while enabling the utility back-end that receives the aggregated data to verify the integrity and data originality. Compromise of concentrators can be detected. The aggregated data is protected using Chameleon Signatures and then forwarded to the utility back-end for verification, accounting, and analysis. Using the Trapdoor Chameleon Hash Function, the smart meters can periodically send an evidence to the utility back-end, by computing an alternative message and a random value (m', r) such that m' consists of all previous energy usage measurements of the smart meter in a specified period of time. By verifying that the Chameleon Hash Value of (m', r) and that the energy usage matches those aggregated by the concentrators, the utility back-end is convinced of the integrity and authenticity of the data from the smart meters. Any data anomaly between smart meters and concentrators can be detected, thus indicating potential compromise of concentrators

Techniques, Taxonomy, and Challenges of Privacy Protection in the Smart Grid

As the ease with which any data are collected and transmitted increases, more privacy concerns arise leading to an increasing need to protect and preserve it. Much of the recent high-profile coverage of data mishandling and public mis- leadings about various aspects of privacy exasperates the severity. The Smart Grid (SG) is no exception with its key characteristics aimed at supporting bi-directional information flow between the consumer of electricity and the utility provider. What makes the SG privacy even more challenging and intriguing is the fact that the very success of the initiative depends on the expanded data generation, sharing, and pro- cessing. In particular, the deployment of smart meters whereby energy consumption information can easily be collected leads to major public hesitations about the tech- nology. Thus, to successfully transition from the traditional Power Grid to the SG of the future, public concerns about their privacy must be explicitly addressed and fears must be allayed. Along these lines, this chapter introduces some of the privacy issues and problems in the domain of the SG, develops a unique taxonomy of some of the recently proposed privacy protecting solutions as well as some if the future privacy challenges that must be addressed in the future.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/111644/1/Uludag2015SG-privacy_book-chapter.pd