Date post: | 31-Mar-2015 |
Category: |
Documents |
Upload: | corbin-grennell |
View: | 222 times |
Download: | 0 times |
I have a DREAM! (DiffeRentially privatE smArt Metering)
Gergely Acs and Claude Castelluccia{gergely.acs, claude.castelluccia}@inria.fr
INRIA2011
Smart Metering
• Electricity suppliers are deploying smart meters– Devices@home that report energy
consumption periodically (every 10-20-30 minutes).
• Should improve energy management (for suppliers and customers) …
• Part of the Smart Grid (Critical Infrastructure)
Privacy?
Privacy?
Hoover
Microwave
Kettle
Fridge
Lighting
Motivation: Privacy/Security• Potential threats– Profiling• Increase in the granular collection, use and
disclosure of personal energy information;• Data linkage of personally identifiable
information with energy use;• Creation of an entirely new "library" of
personal information– Security• Is someone at home?
• We want to prevent– Suppliers from profiling customers– Attackers from getting private information
Contributions
• First provably private scheme for smart metering– No need for trusted aggregator– No assumptions about the adversary’s
power (knowledge) – Remains useful for the supplier– Robust against node failures!! – Secure against colluding malicious users
• Validated by simulations– a new simulator to generate synthetic
consumption data
Overview
• Model– Adversary model– Network model– Privacy model
• Our scheme: Distributed aggregation with encryption
• Performance and privacy analysis • Conlusions
Model
• Dishonest-but-non-intrusive adversary – does not follow the protocol correctly– collude with malicious users– BUT: cannot access the distribution network
(like to install wiretapping devices)
• Network model– No communication between meters!– Each meter has a public/private key pair
• Privacy model– Differential privacy model
Why Differential Privacy?
• There are different possible models (k-anonymity, l-diversity, …)
• We are using the Differential Privacy model– Only model that does not make any
assumptions about the attacker model– Proposes a simple off-the-shelf
sanitization technique– Strong (too strong?) and provides
provable privacy!
The Differential Privacy Model• Informally, a sanitization algorithm A is
differentially private if its output is insensitive to changes in any individual value
• Definition: A is ε-differential private if given 2 datasets (set of traces) I and I’ differing in only one user, and any output x, then:
• First model that provides provable privacy!• …and make no assumptions about the
adversary!• Very strong (too strong?)
Sanitization
• It was shown that a simple solution is to add noise to each sample in each slot such that:
• It can be shown that if:1. noise follows a Laplacian distribution 2. where is the scale parameter of the
laplace distribution, and Δ is the sensitivity (i.e. maximum value a sample can take)
Then is ε-private in each slot
Sanitization: Example
Time slot Original (Wh) Max user (Wh)1 200 1002 500 9003 300 2004 200 150
Noised data (Wh)200 + Lap(1350/0.1)500 + Lap(1350/0.1)300 + Lap(1350/0.1)200 + Lap(1350/0.1)
(sum over 4 slots)
(over 4 slots)
Aggregating Data
Electricity Supplier
Aggregator
Supplier gets (noisy) aggregated value but can’t recover individual sample!
Error/utility
• The larger the cluster, the better the utility…but the smaller the granularity
Noised Aggregated Data: Sum of N samples + Lapl. noise
N=200
N=600
Aggregating DataPros/Cons
• Pros:– Great solution to reduce noise/error– … and still generate useful (aggregated) data to
the supplier– …with strict privacy guarantees.
• Cons:– Aggregators have to be trusted !– Who can be the aggregator? Supplier? Network?
Can we get ride of the aggregator and still perform aggregation??
Distributed Aggregation
Electricity Supplier
Our Approach: Distributed Aggregation
• Step 1: Distributed noise generation– We use the fact that a Laplacian noise can be
generated as a sum of Gamma noises
– Each node adds to its sample and sends result to the supplier
– When noised samples are aggregated by the supplier, the noise gets added to a Laplacian noise…
– No more aggregator needed!
Problem:
original data: gamma noised data:
•The added gamma noise is too small to guarantee privacy of individual measurements!•The supplier can possibly retrieve sample value from noised samples!
Step 2: Encrypting noised samples
Electricity Supplier
Performance and privacy analysis
• A new trace generator• Error depending on the number of
users• Privacy over multiple slots– Privacy of appliance usages and
different activities (cooking, watching TV, …)
– Privacy of being home
Trace generation
Error and the number of users
ε over a single slot!
Privacy of appliances
Noise is added to guarantee ε=1 per slot
= error is 0.17 with 100 users
Privacy of the simultanous usage of active appliances
(Are you at home?)
ε
0.17 error for 100 users (ε=1 per slot)
Privacy of the simultanous usage of all appliances
ε
0.17 error for 100 users (ε=1 per slot)
Conclusion
• First practical scheme that provides formal privacy and utility guarantees…
• Our scheme uses aggregation + noise• Validation based on realistic datasets
(generated by simulator)• We can guarantee meaningful privacy
for some activities (or appliances) but cannot hide everything!
• Privacy can be increased by adding more noise but we have to add more users to ensure low error!
Encryption
• Modulo-addition based:
where • ki is not known to the supplier
where
Key generation• Each node pair shares a symmetric key• Each node randomly picks x other nodes such that if v
selects w then w also selects v. Example for two nodes:1. v selects w (and w selects v) if:
2. v and w generate the encryption key:
3. v supplier:
4. w supplier:
• Supplier decrypts by adding the ciphertexts:
Security analysis
• misbehaving users:– supplier can deploy fake meters (α fraction of
N nodes) or some users collude with the supplier and omit adding noise
– each user adds extra noise to tolerate this attack…
• supplier lies about the cluster size• …
• see report for proofs/details
Error and the number of misbehaving users (ε=1 per slot)
Why aggregation is not enough?
• Why noise has to be added?
• Because we don’t make any assumption about the adversary model….– E.g., if he knows (N-1) values, it can get the
N th value… even with aggregation and encryption
– But can’t get any info about Nth value if noise is added ;-)
– Very strong guarantee!
Laplace Distribution
Privacy over multiple slots• Composition property of diff. privacy:
If we have ε1 and ε2 privacy in two different slots, then we have ε1+ε2 privacy over the two slots
• Note ε=1 is an upper bound (for all users) in each slot! The exact bound by adding if we have consumption c(t)
• Over multiple slots:
Example
Differential Privacy Model: interpretation
I or I’Was the input I or
I’ ???Similar idea than indistinguishability in crypto….
• If ε = 1:
• If ε = 0.5:
• If ε = 0.1: