Elsevier

Applied Soft Computing

Volume 85, December 2019, 105821
Applied Soft Computing

A privacy-preserving aggregation scheme based on immunological negative surveys for smart meters

https://doi.org/10.1016/j.asoc.2019.105821Get rights and content

Highlights

  • We analyze the privacy-preserving ability of the traditional negative survey when it is used to collect time-series data, and demonstrate that traditional negative survey might disclose the privacy of users’ time-series data.

  • We propose an improved strategy on the negative survey that can be used to collect the time-series data and then apply the improved negative survey to collect the power consumption data.

Abstract

The smart meter is a basic device of the smart grid, which improves the efficiency of the power grid and brings a lot of convenience for the industry and people’s daily life. However, real-time power consumption data contain some sensitive information, and could disclose the privacy of users. As an immunological technique, the negative survey is proposed to preserve the privacy of static data. In this paper, firstly, we demonstrate that traditional negative survey might disclose the privacy of users when it is used to collect time-series data. Secondly, we propose an improved negative survey method for collecting the time-series data. Thirdly, for the first time, we apply the negative survey to preserving the privacy of the power consumption data aggregated from smart meters. Theoretical analysis and experimental results demonstrate that the method proposed in this paper could aggregate the power consumption data while preserving the privacy of users. Compared with existing techniques, our method is simple and efficient, and does not need a trusted third party. Moreover, it could tolerate the failure of some users and resist differential attack.

Introduction

Electricity is a main form of energy, which is also important for the development of industry. As the next generation of power grid, the smart grid has received a lot of attention. The smart meter is one of the basic pieces of equipment for smart grid data collection. It is also the basis of many functions of the smart grid. It plays an important role in load monitoring, charging electricity fee, detecting user behavior patterns, improving electricity efficiency, detecting theft of electricity, anomaly detection and so on [1], [2], [3].

As an important task, load monitoring could improve the efficiency and the security of the power grid, which needs the sum of all user’s power consumption in one area. However, as mentioned in [4], [5], the power consumption data obtained by the smart meter are so fine-grained that an adversary could infer some sensitive information along with the users’ power consumption, such as the customs in daily life, the number of persons in the household, even the information of domestic appliances currently used. Then, the adversary could conduct spam harassment and advertising campaigns according to the sensitive information he obtains. This prospect arouses users’ concern about the privacy of their power consumption data [6]. Although many policies and laws have been proposed to preserve the privacy of power consumption data, users still worry about their privacy. Therefore, it is very important to develop a privacy-preserving aggregation scheme for smart meters. And many researches have been performed to preserve the users’ privacy when smart meters aggregate information from users. There are three primary types of schemes to preserve the privacy when the smart meters aggregate power consumption data from users: the anonymization-based aggregation schemes, the perturbation-based aggregation schemes and the encryption-based aggregation schemes [7]. For the anonymization-based aggregation schemes, they usually require a thrusted third party. For the perturbation-based aggregation schemes, although they are simple and efficient, some of them could not withstand individual failures. And for the encryption-based aggregation schemes, they are time-consuming and could not defend differential attack. Moreover, in order to ensure the security, they usually increase the size of the ciphertext [8]. The details of typical schemes will be reviewed in Section 2.2.

Inspired by human immunological mechanisms, Artificial Immune System was proposed and widely used in optimization [9], computer security [10], data privacy [11] and so on. As a branch of artificial immune system, the negative survey [12] was proposed to collect sensitive information. It could collect the sensitive information while preserving individual privacy. Because it is simple and could preserve privacy without the trusted third party, so the negative survey was used to collect many different kinds of sensitive information [11]. In the negative survey, the participant is just asked to select a category that he does not belong to (called negative category), rather that the category he belongs to (called positive category). And the collector could infer the distribution of positive categories from the distribution of negative categories by some statistical methods (called reconstruction methods), such as NStoPS [12], NStoPS-I [13], and NStoPS-II [13]. However, the traditional negative survey [12] is mainly applied to collecting static data. It does not consider the privacy threat caused by time-series data such as power consumption data.

In this paper, we propose a method based on negative survey for collecting the time-series data from users, and employ it to collect power consumption data. It could provide the aggregated data for the smart grid while preserving the privacy of individual power consumption data. The power consumption is a kind of time-series data. The power consumption will increase/decrease as domestic appliances are turned on/off. Thus, the changes of power consumption highly depend on the users’ behaviors. Our method does not limit the time frame of the time series data, which can work continually. The purpose of our method is to preserve the privacy of users’ power consumption when monitoring the load. The privacy preserved in this paper is the value of user’s power consumption. Because when it is disclosed, the adversary could infer some sensitive information of users, and conduct harassment. For example, the adversary could conduct spam harassment and advertising campaigns according to the information of user’s domestic appliances.

Our contributions in this paper can be summarized as follows.

  • (1)

    We analyze the privacy-preserving ability of the traditional negative survey when it is used to collect time-series data, and demonstrate that traditional negative survey might disclose the privacy of users’ time-series data.

  • (2)

    We propose an improved strategy on the negative survey that can be used to collect the time-series data and then apply the improved negative survey to collect the power consumption data. The theoretical analysis demonstrates that our method could preserve the privacy of user’s power consumption data. Besides, the proposed method does not require a trusted third party and could resist differential attacks. Moreover, it is robust, simple and efficient.

  • (3)

    The experimental results conducted on synthetic and real dataset demonstrate that our method could provide the sum of power consumption data to the smart grid for load monitoring.

The rest of this paper is organized as follows. Some related work is introduced in Section 2. The system model used in this paper is described in Section 3. Section 4 analyzes the privacy of traditional negative survey when it collects time-series data. The details of our method are given in Section 5. The privacy analysis is shown in Section 6. The experimental results and corresponding analysis are given in Section 7. In Section 8, we discuss proposed method. Section 9 gives the conclusion and future work.

Section snippets

Negative survey

As a branch of Artificial Immune System, the negative survey [12] is inspired by the self-nonself discrimination paradigm from human immune systems. In the negative survey proposed in [12], the user just needs to randomly return a category that he does not belong to with the probability 1c1, rather than a category he belongs to, where c is the number of the categories. In the negative survey, the category which the user belongs to is called positive category, while the categories he does not

System model

Usually the electric current of a smart meter for an endpoint user has a maximum value. Thus the power consumption of each endpoint user also has a maximum value. And we can use this maximum value to determine users’ ranges of power consumption. Then, we split it into c small ranges, i.e., c categories. For each user, we use a small range of power consumption to represent the exact one. Then, the negative survey could be employed to collect the power consumption range.

For example, support that

The privacy analysis of traditional negative survey

The traditional negative survey mentioned in [12] might compromise the privacy of users when it collects time-series data such as power consumption data. If the adversary knows when the category that a user belongs to remains unchanged, and during this time the user participates the negative survey for many times. Then the adversary could reduce the size of the set that contains the user’s positive category according to a series of negative categories selected by the user. Therefore, if the

The negative categories collecting strategy

From the analysis in Section 4, we see that the traditional negative survey might disclose the privacy when it collects time-series data such as power consumption data. To solve this problem, we make some improvements on the traditional negative survey.

Suppose that c small power consumption ranges comprise a set H. In our method, when a user participates in the negative survey for the first time, before he selects a negative category, he should randomly select k (0<k<c1) categories that do

Attack model

Even though the users in our model just send power consumption ranges to the collector, when the size of power consumption ranges are small, the adversary could still infer some sensitive information of users. Therefore, the adversary considered in this paper is the one who wants to uniquely confirm the user’s positive power consumption range. For this purpose, he could collude with the collector and get the information that is sent by users, and the information that is stored by collector. In

Experiments and analysis

Our method proposed in this paper is used to collect the sum of power consumption at each time slice. In Section 6, we have theoretically demonstrated that our method could preserve the privacy of users’ power consumption even collecting users’ power consumption continuously. In this section, we simulate time-series data attack to further test the security of our method. Furthermore, we also use users’ power consumption at one time slice to test the utility of our method.

The privacy of our method

Certainly, for the improved version of our method, the adversary could obtain more information about user’s real power consumption. Because he could obtain the difference between the user’s real power consumption and the mid-value of user’s positive power consumption range. However, since he does not know the positive power consumption range of the user, the adversary could still not get the value of user’s real power consumption, even a close value. Therefore, the improved method could still

Conclusion and future work

Power consumption data are fundamental to the functions of the smart grid. As the data source of load monitoring, the power consumption data are important to improve the efficiency and the security of power grid. However, they contain much sensitive information of users, which causes an increasing number of users worrying about their privacy. For the development of smart meters and smart grids, we must preserve the privacy of users when aggregating the power consumption. In this paper, we

Declaration of Competing Interest

No author associated with this paper has disclosed any potential or pertinent conflicts which may be perceived to have impending conflict with this work. For full disclosure statements refer to https://doi.org/10.1016/j.asoc.2019.105821.

References (46)

  • AsgharM.R. et al.

    Smart meter data privacy: A survey

    IEEE Commun. Surv. Tutor.

    (2017)
  • YangL. et al.

    Cost-effective and privacy-preserving energy management for smart meters

    IEEE Trans. Smart Grid

    (2015)
  • JawurekM. et al.

    Sok: Privacy Technologies for Smart Grids–A Survey of Options

    (2012)
  • LuR. et al.

    Eppa: An efficient and privacy-preserving aggregation scheme for secure smart grid communications

    IEEE Trans. Parallel Distrib. Syst.

    (2012)
  • LuoW. et al.

    Recent advances in clonal selection algorithms and applications

  • LuoW. et al.

    Three branches of negative representation of information: A survey

    IEEE Trans. Emerg. Top. Comput. Intell.

    (2018)
  • EspondaF. et al.

    A statistical approach to provide individualized privacy for surveys

    PLoS One

    (2016)
  • LuoW. et al.

    On location and trace privacy of the moving object using the negative survey

    IEEE Trans. Emerg. Top. Comput. Intell.

    (2017)
  • AokiS. et al.

    Limited negative surveys: privacy-preserving participatory sensing

  • HoreyJ. et al.

    Reconstructing spatial distributions from anonymized locations

  • JiangH. et al.

    A novel negative location collection method for finding aggregated locations

    IEEE Trans. Intell. Transp. Syst.

    (2018)
  • HoreyJ. et al.

    Anonymous data collection in sensor networks

  • JiangH. et al.

    On the reconstruction method for negative surveys with application to education surveys

    IEEE Trans. Emerg. Top. Comput. Intell.

    (2017)

    • Cited by (0)

    This work is supported by the National Natural Science Foundation of China (No. 61175045) and the open foundation of the Anhui Province Key Laboratory of Intelligent Building & Building Energy Saving (No. IBBE2018KX01ZD).

    View full text
    © 2019 Elsevier B.V. All rights reserved.