Privacy-Enhancing Decentralized Anonymous Credential in Smart Grids
Introduction
The smart grid is a network comprising computers and power infrastructures, which monitors and manages real-time energy usage [1], [2]. Its typical architecture comprises control center, collector and smart meter (see Figure 1). Smart meter is responsible for recording and transmitting message (i.e. energy usage) to the collector. On basis of the collected energy usage information from smart meters, the collector performs the statistical analysis and sends the results to the control center. Correspondingly, the control center is connected with the electricity distribution network, and can respond to the user demand upon the received results [3].
This not only provides reliability and efficiency of timely controlling the energy generation or consumption by forecasting users’ demands, but also owns potential benefits for minimizing climate impact by incorporating energy sources such as geothermal and wind power. However, the connectivity between smart meter and collector for reporting energy usage information will incur vulnerabilities in Smart Grid Cyber Security [4]. For example, attackers can clearly sketch out user’s daily life, including time of getting up and coming back from work, through a statistical analysis on its long-time and sufficient energy usage data.
To address these privacy issues, there are many techniques have been proposed, which could be classified into two types namely, aggregation and anonymity techniques [3], [5], [6]. The former focuses on the energy usage data protection to achieve privacy protection, but the latter is concerned about hiding users’ identities. In this paper, we mainly study the anonymity techniques, for which are much closer to practical habits but the other (such as data aggregations [7], [8]) may hinder the aforementioned potential benefits of smart grids. Specifically, we focus on the design of anonymous credentials in smart grids.
In the anonymous credential architecture, a smart meter can adopt an anonymous credential to report its energy usage information such that the collector cannot tell which smart meter is reporting. The anonymous credential, on the other hand, can also help the supplier to confirm that the report is from a valid smart meter by verifying the signature [3]. But unfortunately, existing anonymous credential systems such as [9], [10] face a fundamental limitation, namely, using blind signatures requires a central, trusted party to issue credentials. This entity may cause a single point of failure and its signing key seems to be a compromise target obviously, either of which can seriously threaten the reliability of anonymous credential systems.
To solve these issues, several decentralized anonymous credential (DAC) protocols have been proposed (e.g. [11], [12]). Nevertheless, in these DAC protocols, a user needs to provide a full list of its attributes for showing credentials. To mitigate this privacy issue, Garman et al. in [11] further suggested using range proofs to show those attributes that the user wants to display. However, it is not so easy as that described in [11], especially when the current range proofs are not practical enough for constructing DAC protocols.
Recently, to the best of our knowledge, the most widely used range proofs are proposed by Bünz et al. [13] and Camenisch et al. [14], both of which have achieved relatively short proofs with both practicality and cost efficiency. However, the former involves linearly increasing number of public key operations with circuit size [15], and the latter requires the intractable bilinear paring operation which is intolerable in the environment of smart grids. Hence, before constructing a privacy-enhancing DAC (PEDAC) protocol, we first design a more efficient range proof with shorter proof size.
Inspired by the techniques of Camenisch et al. [14], we also require that the verifier provides signatures on a set of digits, and the prover proves in zero-knowledge that the secret value in its given commitment matches one of these digits, and that its commitment corresponds to one of the signatures. Instead of using Boneh-Boyen signature mentioned in [14], we adopt the Chinese standard SM2 digital signature scheme (which is also incorporated into ISO/IEC 14888-3 1) to achieve pairing-free constructions with higher efficiency and shorter proof size.
Contributions. Concretely, we propose a SM2 digital signature-based set membership protocol, which could then be adopted to construct range proofs for range and arbitrary range . Moreover, we integrate our non-interactive range proofs (using Fiat-Shamir heuristic [16]) with permissioned blockchain (e.g. Hyperledger Fabric) to construct a novel DAC protocol with enhanced privacy, namely, not only the real identity, but even the attributes can be successfully hided. Finally, to show the advantage of our range proofs in constructing PEDAC protocols, we evaluate our proposed protocols by implementing a prototype of our proposal and comparing it with Camenisch et al.’s [14] and Poelstra et al.’s [17] in terms of the communication and computation costs.
Organization. We organize the reminder of this paper as follows. In Section 2, we will review the related work of anonymous credentials and blockchain in smart grids and range proofs. Then, some preliminaries will be introduced in Section 3. We further propose our protocols with security analysis in Section 4, as well as performance evaluation in Section 5. Finally, Section 6 concludes this paper.
Section snippets
Anonymous Credentials and Blockchain in Smart Grids
The first anonymous credential architecture using blind signatures was proposed by Cheung et al. [18] for protecting users’ privacy information such as daily energy usage pattern. Then, there are variant solutions inspired by anonymous credentials have been proposed. For instance, Chu et al. [19] adopted a physical anonymous channel and signature to blur the relationship between a user and its signature. Diao et al. [3] proposed a linkable anonymous credential for constructing
Preliminaries
This section briefly reviews the related preliminaries in our paper.
Our proposed protocols
In this section, we will construct a novel set membership protocol based on the SM2 digital signature scheme, which could be further used to construct range proofs. Both of them are zero-knowledge arguments (satisfying completeness, soundness and honest-verifier zero-knowledge). Here, we only describe the interactive instantiation, but the Fiat-Shamir heuristic [16] can also work for us to achieve non-interactive ones. The resulting non-interactive protocols are subsequently integrated with
Performance Evaluation
To evaluate the performance of our proposed PEDAC, we first implement the prototype on basic of Hyperledger Fabric 3. Specifically, we build a permissioned test chain comprising two organizations and each organization is with one peer node, where the simulation platform is with the operation system (Ubuntu TLS 16.04), CPU (Intel(R) Xeon(R) CPU E5-2667 v4 @ 3.20GHz), memory (4 GB RAM), and Hyperledger Fabric (version 1.4.0). In the built chain, we create two
Conclusion
Anonymous credentials are widely adopted technologies in privacy protection of smart grids. However, the existing anonymous credential protocols have a fundamental limitation (i.e. depending on a trusted party to issue credentials). While the existing DAC protocols can avoid the trusted parties, in which the provided full list of attributes during showing credentials still compromise user privacy. Range proofs can work to further hide the user’s attributes, but the current range proofs are
Data Availability
The data used to support the findings of this study are available from the corresponding author upon request.
Declaration of Competing Interest
The authors declare that they have no conflicts of interest.
Acknowledgements
The work was supported by the National Natural Science Foundation of China (Nos.61972294, 61932016, 62032005), the Special Project on Science and Technology Program of Hubei Provience (No. 2020AEA013), the Natural Science Foundation of Hubei Province (No. 2020CFA052) and the Wuhan Municipal Science and Technology Project (No. 2020010601012187).
References (35)
- et al.
Cyber security of a power grid: State-of-the-art
International Journal of Electrical Power & Energy Systems
(2018) - et al.
Privacy-preserving protocols for secure and reliable data aggregation in iot-enabled smart metering systems
Future Generation Comp. Syst.
(2018) - et al.
PRAC: efficient privacy protection for vehicle-to-grid communications in the smart grid
Computers & Security
(2016) - et al.
Introduction to smart grid architecture
Smart Grids and Their Communication Systems
(2019) - et al.
Smart-grid security issues
IEEE Security & Privacy
(2010) - et al.
A privacy-preserving smart metering scheme using linkable anonymous credential
IEEE Trans. Smart Grid
(2015) - C. Ge, W. Susilo, Z. Liu, J. Xia, P. Szalachowski, F. Liming, Secure keyword search and data sharing mechanism for...
- et al.
Revocable identity-based broadcast proxy re-encryption for data sharing in clouds
IEEE Transactions on Dependable and Secure Computing
(2019) - et al.
A practical privacy-preserving data aggregation (3PDA) scheme for smart grid
IEEE Trans. Industrial Informatics
(2019) - et al.
DAA-A: direct anonymous attestation with attributes
Probably secure efficient anonymous credential scheme
IJSI
Decentralized anonymous credentials
21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014
Decentralized blacklistable anonymous credentials with reputation
Bulletproofs: Short proofs for confidential transactions and more
2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21-23 May 2018, San Francisco, California, USA
Efficient protocols for set membership and range proofs
Efficient non-interactive zero-knowledge proofs in cross-domains without trusted setup
On the non-malleability of the fiat-shamir transform
Cited by (9)
Blockchain-based dynamic energy management mode for distributed energy system with high penetration of renewable energy
2023, International Journal of Electrical Power and Energy SystemsA flexible and lightweight privacy-preserving handshake protocol based on DTLShps for IoT
2022, Computer NetworksCitation Excerpt :Our scheme is also compared with DTLShps [16], on which our scheme is based. We compare FLPP-DTLShps with the other four schemes in [10,12,14,16] on the aspect of functionality attributes in Table 5. The DTLShps scheme [16] does not support the function of certificate anonymity and works without the ZKP.
TPPSUPPLY: A traceable and privacy-preserving blockchain system architecture for the supply chain
2022, Journal of Information Security and ApplicationsCitation Excerpt :The proposed structure enables operation without central authorities and intermediaries. In [58], it is stated that DAC protocols are flexible in terms of credential confidentiality and range proofs can be used for this situation. In the study, a range-proof protocol-based SM2 digital signature scheme is proposed to protect the privacy of smart grids.
MOOCsChain: A blockchain-based secure storage and sharing scheme for MOOCs learning
2022, Computer Standards and InterfacesRepudiable ring signature: Stronger security and logarithmic-size
2022, Computer Standards and InterfacesCitation Excerpt :The repudiability for a ring signature scheme is a necessary property in some situations. For example, if we use a completely anonymous ring signature scheme in the blockchain, we will get a completely Decentralized Anonymous Payment (DAP) system, such as Monero [2,9]. But this system can be exploited by criminal activities [10], such as money laundering, payment of ransom for ransomware, online extortion, etc.
ATRC: An Anonymous Traceable and Revocable Credential System Using Blockchain for VANETs
2024, IEEE Transactions on Vehicular Technology