Secure and Privacy-Preserving Concentration of Metering Data in AMI Networks.

Abstract

The industry has recognized the risk of cyber- attacks targeting to the advanced metering infrastructure (AMI). A potential adversary can modify or inject malicious data, and can perform security attacks over an insecure network. Also, the network operators at intermediate devices can reveal private information, such as the identity of the individual home and metering data units, to the third-party. Existing schemes generate large overheads and also do not ensure the secure delivery of correct and accurate metering data to all AMI entities, including data concentrator at the utility and the billing center. In this paper, we propose a secure and privacy-preserving data aggregation scheme based on additive homomorphic encryption and proxy re-encryption operations in the Paillier cryptosystem. The scheme can aggregate metering data without revealing the actual individual information (identity and energy usage) to intermediate entities or to any third-party, hence, resolves identity and related data theft attacks. Moreover, we propose a scalable algorithm to detect malicious metering data injected by the adversary. The proposed scheme protects the system against man-in-the-middle, replay, and impersonation attacks, and also maintains message integrity and undeniability. Our performance analysis shows that the scheme generates manageable compu- tation, communication, and storage overheads and has efficient execution time suitable for AMI networks.