Methods for data management and data privacy. Private data aggregation

Seminar Paper, 2014

17 Pages, Grade: 1,0


Table of Contents

1 Introduction
1.1 Smart meters
1.2 Privacy risks
1.3 Private data aggregation
1.4 Adversary model

2 Smart meter requirements
2.1 Cryptographic operations
2.2 Peer-to-Peer communication
2.3 Digital certificates

3 Components for privacy-preserving data aggregation
3.1 Trusted third party
3.2 Secret sharing
3.3 Masking
3.4 Homomorphic encryption

4 Fault-tolerant and privacy-preserving data aggregation
4.1 Proactive fault-tolerant aggregation protocol
4.2 Multiparty computation under multiple keys
4.3 Comparison

5 Conclusion

1 Introduction

Following the nuclear disaster in Fukushima in 2011, the German federal gov- ernment has decided to shut down half of the existing nuclear power plants in Germany immediately and to not have any nuclear power plants at all running by 2022. To compensate the loss of energy, formerly produced by these power plants, many solar collectors, windmills and other sources of renewable energy are being installed. So instead of having a few big power plants, delivering a predictable amount of energy at all time, the situation will soon be a decentral- ized grid of less powerful energy sources whose production is dependent on the weather. Also, many of those solar collectors are owned by the general public and are not under the direct control of any big utility company.

1.1 Smart meters

To make this change to renewable energy possible, conventional electric meters need to be replaced with so called ”smart meters”. A smart meter allows the energy provider to gain a finer granular view of the power consumption in a specific region at a given time. Such information is necessary to manage the many different electricity producers and thereby guarantee a constant supply voltage.

1.2 Privacy risks

On the other hand, obtaining detailed information about the power consumption of a household poses a serious privacy risk for the corresponding residents:9 has shown that it is possible to determine the movie shown on a LCD TV, solely by analysing the overall power consumption given by a smart meter. Therefore, sending the actual power consumption of a certain household in short intervals to the utility provider should be avoided.

1.3 Private data aggregation

Slightly based on5, this work will show some protocols to aggregate energy consumption data from multiple smart meters. The aggregation will hide the individual consumption of a single household while still revealing the necessary total consumption of a regional limited area to the utility provider. This way, the electrical supply company still gets the needed information about the demand in an area and can take necessary steps to ensure the supply. On the other hand, the power consumption of all of the participating households is indistinguishable from each other and thereby protects their privacy. As people already submit their power consumption measurement data once or twice a year for billing purposes, we do not assume any privacy issues by aggregating the data of a single household over such a long time. Therefore, we will focus on geographical aggregation of smart meters which submit their measurement in short intervals.

1.4 Adversary model

The aggregated data of several households can not be used for billing purposes as each household should still be billed individually. Therefore, the motivation to manipulate a smart meter or to not correctly participate in an aggregation protocol is small as no one would gain any financial advantage in doing so. However, we consider the utility provider as well as each smart meter to be curious about the consumption of other individual smart meters. Some of the presented protocols even allow to have a small group of malicious or collaborating smart meters, but most of them assume just an honest-but-curious adversary model.

2 Smart meter requirements

In Germany, every new build house has to be equipped with a smart meter al- ready. According to §21d I Energiewirtschaftsgesetz (EnWG), all a device has to do to be called a ”smart meter” is to show the actual power consumption and to be integrated in some sort of communication network. For most of the presented protocols, these requirements are not enough and additional assumptions about the used smart meters are made, as shown in the following section.

2.1 Cryptographic operations

First of all, the smart meters have to be able to run different kind of crypto- graphic operations, like encrypting data or digitally sign outgoing packets. Some of these operations, like the use of an asymmetric and partial homomorphic encryption schemes, require quite a lot of computing power, especially if no spe- cial hardware chips are build in the smart meter and the operations have to be executed entirely in software.

2.2 Peer-to-Peer communication

Some of the proposed protocols need to establish a data connection with other nearby smart meters. As we don’t want to rely on the utility company to provide such information, the meters need be able to discover other smart meters in their neighbourhood on their own. In some papers, a wireless communication module like WiFi, Bluetooth or ZigBee is assumed to be build in the smart meter to establish these peer-to-peer connections.

2.3 Digital certificates

Especially if the smart meters communicate with each other, some way to en- sure the integrity and authenticity of the connection has to be found. In general, digital certificates which contain a public encryption key and some kind of iden- tification are used for that. To verify another certificate, each smart meter has to trust a certification authority (CA), which has signed the certificates of the other smart meters. The CA can for example be a governmental institution and its public key has to be preloaded on each smart meter by the manufacturer.

3 Components for privacy-preserving data aggregation

Instead of listing some existing aggregation protocols, this section presents some common cryptographic primitives which might be helpful to design such a protocol. Most of the proposed protocols for privacy-aware smart meter data aggregation are build by using one of the following components or a combination of those. Some short examples of actual protocols will be given for each component, before in section 4 two protocols are discussed in detail.

3.1 Trusted third party

One simple approach to gain privacy through the aggregation of multiple smart meter data is presented in2 and uses a trusted third party, the so called ”ag- gregator”. The aggregator is not part of any electricity provider and both the consumers as well as the providers rely on the trustworthiness of it: The con- sumers grant the aggregator access to their fine granulated smart meter data while the provider has only access to this aggregated results and therefore re- lies on the correct computation of these by the aggregator. As the electricity provider does not have access to individual smart meter data, this process en- sures privacy if there is enough data combined in the aggregated result and the aggregator does not leak any other information. The drawback of this approach is that it just shifts the users necessary trust from the UC to the aggregator - however, as the aggregator does not have access to the UC’s customer informa- tion, it might be more difficult for him to map a given smart meter to an exact household. The protocol explained in13 also relies on third parties, however no entity in the protocol does get access to enough information to require any party to be fully trustworthy - two semi-trusted parties are sufficient here, as shown in section 4.2. Another drawback of these protocols is that the third party or parties each pose as a single point of failure.

The method shown in4 can also be classified in this section, though it does not require one trustworthy aggregator but some trustworthy neighbours: Organized in a tree layout, each smart meter send its data in plaintext to its parent node in the tree through a short-range communication network. The parent sums all the data received by its child nodes and sends the aggregated data to its parent respectively. The utility company UC finally gets the data from the root node of this tree and therefore only receives the aggregated data of all smart meters in this neighbourhood. This method does not need any cryptography at all but the neighbours and everybody who’s eavesdropping on the channel might be able to get individual smart meter data.

3.2 Secret sharing

A way to avoid the need for a trusted third party is to use secret sharing: In the protocol shown in8, one smart meter splits its actual value v into multiple ∑k random chunks vi so that v = v0 + i=1vi. Now, v0 is kept private and each 6 Methods for data management and data privacy: Private data aggregation other vi is encrypted with the public key of one of k other smart meters. Those k ciphertexts are then send to the UC. Once receiving all ciphertexts, the UC sends to each smart meter those ciphertexts, which are encrypted with his public key, so that each smart meter receives k encrypted chunks from k different smart meters. The smart meters then can decrypt those chunks, add their private v0 and send the sum of all those plaintext chunks back to the UC. As every smart meter only receives a random part of another smart meters consumption, no smart meter learns any actual measurement data. Additionally, each of the sums, which the UC receives from the smart meters in plaintext, consists of random chunks from k different smart meters - so the UC does not get any information about the individual power consumption either. However, it can compute the total consumption of all k participants, which is good enough if those are all in the same geographical area.

The protocol is shown in figure 1, in which one also notices the obvious drawbacks of this method: Many different messages have to be sent and each of these has to be encrypted with the public key of another smart meter. This means an huge communication and computation overhead, and those resources are critical on devices like a smart meter. A way to minimize the necessary communication at the expense of an increased computation overhead is to also use homomorphic encryption (see section 3.4): In an additive homomorphic encryption scheme, the UC can sum encrypted data, without knowing the key needed for the decryption. So the UC then does not need to send k ciphertexts to each smart meter, but can sum the encrypted data and only send the encrypted sum to the smart meter for decryption.

illustration not visible in this excerpt

Fig. 1. Smart meter A splits its measurement in random chunks, each encrypted with the public key of another smart meter. After receiving ciphertexts from other smart meters, A can send the sum of those to the UC.


Excerpt out of 17 pages


Methods for data management and data privacy. Private data aggregation
Karlsruhe Institute of Technology (KIT)
Catalog Number
ISBN (eBook)
ISBN (Book)
File size
1209 KB
Data management, Data Privacy, Private Data Aggregation
Quote paper
Thomas Hoffmann (Author), 2014, Methods for data management and data privacy. Private data aggregation, Munich, GRIN Verlag,


  • No comments yet.
Read the ebook
Title: Methods for data management and data privacy. Private data aggregation

Upload papers

Your term paper / thesis:

- Publication as eBook and book
- High royalties for the sales
- Completely free - with ISBN
- It only takes five minutes
- Every paper finds readers

Publish now - it's free