Key Distribution and Management for Power ... - Semantic Scholar

Download PDF
2 downloads 78165 Views 285KB Size Report
Comment
Abstract—Advanced Metering Infrastructure (AMI) is a crit- ... Advanced Me- ..... [5] D. Seo, H. Lee, and A. Perrig, “Secure and efficient capability-based.
Key Distribution and Management for Power Aggregation and Accountability in Advance Metering Infrastructure Joseph Kamto, Lijun Qian, John Fuller, John Attia

Yi Qian

Department of Electrical and Computer Engineering Prairie View A&M University, Texas A&M University System Prairie View, TX 77446 Email: {jkamto, liqian, jhfuller, joattia}@pvamu.edu

Department of Computer and Electronics Engineering University of Nebraska-Lincoln Omaha, NE 68182 Email: [email protected]

Abstract— Advanced Metering Infrastructure (AMI) is a critical system in smart grid. While readings of aggregated power consumption are needed for near real time response to energy demand, relatively slow paced readings of power demand in each individual household are also very important, because they account for an accurate billing for energy usage at each household, as well as identifying which households may be cheating or may have compromised their meters to report false data. Investigation on properly designed key distribution and management scheme for securely gathering both individual and aggregated meter’s readings is of paramount importance. Based on this observation, we propose a framework for key distribution and management for both aggregation and accountability in a neighborhood area network employed by a utility company in its power distribution system. Specifically, a key distribution table is set up for each smart meter to carry out homomorphic encryption for secure data aggregation, while a loose time synchronized key scheme is proposed for low rate data collection of each smart meter. Security analysis demonstrate the effectiveness of the proposed scheme.

I. I NTRODUCTION The power grid is a critical infrastructure that carries electricity from the generating plants to the consumers. It includes a large geographic distributed network of substations interconnected by wide system of wires, transformers, switches and diverse remote telemetric units. Transmission lines transfer bulk electricity from the generating plants to the substations in the costumer’s neighborhood from where the household and businesses are directly supplied through the distribution system that form the last link to the grid. Computation and communication capabilities are being incorporated in the power grid to promote it to the smart stage. Advanced Metering Infrastructure (AMI) is one of the major advancement for collecting data on energy consumption more frequently and accurately. As part of the AMI, meters and appliances embedded with chips and storage securely communicate with each other in the short range home area network (HAN), while the smart meters (SMs) also communicate with the collector base station (CBS) in the substation through relays in one or multi-hop fashion within the long range neighborhood area network (NAN) [1]. Today, one of the challenges that the utility companies face is the need for predicting the energy demand of the

customers. Such predictions can only be done statistically in the current electric grid. With the recent development of AMI and using the widely deployed SMs, real time electricity demand prediction and smart energy dispatching becomes attainable, since high rate data aggregation from end users is possible. It is critical to design an aggregation mechanism to provide the real-time bulk energy usage necessary for the proper demand/response operation point of the power grid [2]. Thus, the SM’s reading frequency is expected to be high (1-5min) to the extent of exposing the daily energy load signature of the household [3]. This could raise concerns over the loss of user’s privacy. Several schemes using homomorphic encryption have been proposed to address this concern [4–7]. However, a properly designed key distribution and management is indispensable for the realization of such data aggregation and needs to be investigated. Furthermore, using homomorphic encryption based scheme only provides the sum power consumption, thus cannot provide information of power consumption in each individual household. As a result, accurate billing for energy usage of each household (say, based on energy price every 15 minutes) [1, 8] may not be realized due to lack of data. Furthermore, it would be hard to identify which households may be cheating on their energy usage or may have compromised their meter to report false data. According to the security requirements of AMI [9, 10], accountability and traceability should be considered to facilitate an accurate billing and serve as electricity theft countermeasure, as well as means for detecting potential attacks on AMI. Based on the above observations, we propose a framework for key distribution and management for both aggregation and accountability in a neighborhood area network in this paper. Specifically, a secure pair-wise key agreement scheme is designed to provide the authenticity of the end user in a wireless mesh network configuration of SMs. This scheme works in concert with the homomorphic encryption to provide the utility company with the real-time bulk power demand while keeping the end user’s power usage a secret during the distributed aggregation. Furthermore, we propose a loose time synchronized key mechanism for secure collection of relatively slow paced readings of power consumption recorded by each

individual meter and allocate each end-user’s individual power demand necessary for accurate power usage billing and potential cheaters and attacks identification. The rest of this paper is organized as follows. The system model and security requirements are given in Section II. Section III provides authentication details within an efficient key distribution scheme to secure high rate near real time data aggregation to the utility. In Section IV a loose time synchronized pair-wise keys scheme is proposed to securely collect individual power demand at a low rate. Related works are discussed in section VI, and security analysis is given in Section V. Section VII contains the concluding remarks. II. S YSTEM M ODEL AND S ECURITY R EQUIREMENTS A. System Model We consider a neighborhood area network in AMI as shown in Fig.1. It is a hierarchical and heterogeneous communication network that adopted by many utility companies (such as CenterPoint Energy Inc. [11]) for SM data collection.

2

this network is assumed. At the higher level, substations are directly interconnected and communicate with the SCADA control center through a fiber optic network. A SM located at a user’s premise can sense and transmit user’s data toward a RG. A RG acts as a gateway routing device and aggregates data for the SMs under its control and forwards them to the CBS at the substation. The data are further aggregated and forwarded to the utility’s energy distribution control center (EDCC) for processing and analysis through the existing fiber optic communication network. As such, each meter’s data could be transmitted over one or several hops to the nearest RG depending on the SM’s location and each relay could be involved in the forwarding of a large amount of data originated from many SMs. Since this is a fixed network, communication paths are known in advance provided that a routing paths are established and also gateway devices and SMs can be added in a controllable fashion to extend the coverage area of a CBS substation. Two kinds of meter’s readings are necessary to provide both the real-time bulk power demand for the system’s optimum demand/response operating point and the individual household power usage for accountability and electricity theft countermeasure [3]. 1) Energy demand sensed at each meter is aggregated to the data originated from possibly many other SMs and forwarded on a regular basis (every 10 seconds) to a single RG on the path toward the CBS at the substation. 2) The sensed energy consumption at each meter is collected at a much lower frequency, e.g., hourly, for accountability. B. Security Requirements

Fig. 1. Neighborhood Area Network Architecture in AMI. EDCC: Energy Distribution Control Center; CBS: Collector Base Station; RG: Relay Gateway; SM: Smart Meter.

At the lower level, SMs are configured in a star, tree or mesh topology and communicate in one or multi-hop within a short range with the closest (RG) using Zigbee radio. The various RGs at the intermediate level are interconnected via predominantly wireless links in a wireless mesh network configuration centered around the dedicated (CBS) at the substation. This offers the major attribute of removing the single point of failure inherent to the classical star and tree networks [12]. Data rate is predicted to be huge in the AMI. WiMAX is a promising solution for the last mile broadband wireless access with high data rate, wide coverage and is thus the appropriate communication technology in the mesh network of RGs and CBS. The mesh network of CBS and RGs is a property of the utility company and thus, the communication security within

Prior to sending its request to the substation, a newly installed SM first connects to the nearest RG or SM with an existing path to a RG. In this paper, we are mainly concerned with the mesh configuration of SMs where each user relies on other user’s SM to forward its data to the closest RG (e.g. RG5 in Fig.1) and then to the CBS. Here, the electricity usage privacy (load signature) of the consumers is a major concern as intermediate SMs should not be able to access the content of the received data while aggregating and forwarding. However, at the RG stage, we are dealing with a bulk electricity demand within the RG coverage area and thus, the individual consumer’s electricity usage signature is not the main concern but false data injection or data manipulation from outside attackers. The main goal of the security design thus is to ascertain the authenticity of a SM that requests service through the mesh network while avoiding the power usage pattern of a legitimate end-user to be disclosed. As such, the following security requirements are necessary: 1) User Privacy: The energy usage pattern and the electricity amount of a customer should be kept unveiled, so that an intruder should not have access to the load signature (daily power usage habit) of a user. Only the CBS should be able to link these two entities.

2) Usage Traceability/Accountability: To the end of accountability and billing, the security design should incorporate means for properly allocating any users exact amount of electricity consumption. This could further thwart against energy theft as SMs located in insecure environment at the user’s premises are subject to tampering. 3) System Availability: Power grid is a critical infrastructure whose interruption could be detriment to human life. It should thus be less prone if not immune to interruption. The smart grid security system should be designed to sustain the high availability of electrical infrastructure. Single points of failure are target point for attackers and should be avoided. 4) User Authenticity: a SM requesting the service of the network should be authenticated prior to its request being granted. This will prevent any outside attacker from impersonating a legitimate SM and injecting bogus request that could possibly overwhelm the grid. III. H IGH R ATE S ECURE DATA AGGREGATION Considering the NAN structure in Fig.1, for a SM in direct communication with a RG, privacy is not an issue as its data is directly forwarded to the CBS through the secure network of RGs with no intermediate SM involved. However, for the mesh network of SMs, where a SM relies on other SMs to forward its data to the closest RG, privacy issue is paramount: intermediate SMs involved in the process could access each other’s power demand as the bulk power demand information is aggregated and forwarded towards the nearest RG. The privacy security requirement for AMI where energy usage pattern and power demand of a customer should be kept unrevealed to prevent anyone to guess the load signature (daily habit) of other users makes the use of classical link-by-link encryption-decryption inappropriate in this case. Homomorphic encryption technique is a promising candidate that enables meaningful computation on encrypted data allowing algebraic plain text operations to be performed on cipher text with meaningful outcome. Significant works in this regard have been done: [4–7]. M. Onen and R. Molva in [6] developed an additive homomorphic encryption scheme that provides secure end-to-end confidential data aggregation and can very well adapt to the electricity usage privacy requirement. In order to implement this scheme, a novel key deployment and management scheme is proposed here. A. In Network Pair-wise Keys Distribution The notations for cryptographic operations are given below: • Hk (m): keyed (k) hash function of message (m); • Ek (m): encryption of message (m) using key (k); • Sigk (m): Signature of message (m) using key (k); In a NAN, the (RGs) are under the control of the CBS at the substation that acts on behalf of the utility control center as the Certificate Authority (CA) and possesses an asymmetric key pair (SkU, P kU ), where (P kU ) is only distributed to legitimate RGs and SMs. Secure aggregation and transmission

3

between RGs toward the CBS is assumed in the existing mesh network and the CBS has access to the data and ID of the SMs. Each RG holds an asymmetric key pair (SkRG, P kRG) and a digital membership certificate (CertRG) provided by the CA. The certificate contains the public key (P kRG) concatenated to a random number (RAN RG) that the utility sign with its private key (SkU ). CertRG = [P kRG, SigSkU (RAN RG||P kRG)]. On the other hand, at the registration to the utility, each user provides necessary information as address, name [3] and unique identifier (ID) such as date of birth or last 4 digits of social security number. The utility locates the RG in the coverage area, generates a random number (RAN SM ) that it links to the user’s ID. The random number is used to generate the user’s membership certificate on the same basis as follow: CertSM = [P kSM, RAN SM, SigSkU (RAN SM ||P kSM )]. Prior to installation at the user’s premise, the SM hard-coded with an asymmetric key pair (SkSM, P kSM ) is loaded with the utility’s public key (P kU ) and the RG’s random number (RAN RG). It is also assumed the following: 1) Secure transmission paths toward the RG exist between active SMs in the mesh network [12]. 2) RGs and active SMs in the heterogeneous mesh network constantly publicize their public key by broadcasting a hello message containing their certificate. HELLO=[HELid , CertX, t, HRAN RG (HELid || CertX||t)]. The hello message can be detected by any SM in a normal range. t is a time stamp to counter a replay attack. 3) All active SMs involved in a secure path to a RG maintain a table (see Table 1) containing the random number (RAN SMi ) and the public key (P kSMi ) for each of its children SMs, first grandchildren SMs, parent SM and first grandparent SM and a shared secret key (K(SMi , SMi−1 )) with only its first grandchildren SMs and its first grandparent SM as explained here after. A new SM seeking connection to the network intercepts the strongest beacon from either a RG (see SM5 -RG5 ) or an active SM (see SM1 -SM2 ). 1) SMs-RG Star Network Configuration: In the case of star configuration (SM5 -RG5 ), the communication happens in one hop with the relay gateway. The requesting SM SM5 after confirming the gateway authenticity uses the public key (P kRG5 ) to encrypt a session key (K(SM5 , RG5 )) that it wants to share and sends the message REQ=[REQid , CertSM5 , EP kRG5 (K(SM5 , RG5 )), HRAN RG5 (REQid ||EP kRG5 (K(SM5 , RG5 )))]. Upon reception of the request, RG5 crosschecks the authenticity of SM5 and uses the public key (P kSM5 ) to encrypt and send a confirmation message back to the requesting SM. Thereafter, the shared secret key (K(SM5 , RG5 )) will be used to encrypt and protect their communication. 2) SMs-RG Mesh Network Configuration: Here we consider a mesh configuration where a new SM cannot directly communicate with RGs. For example, in Fig.1, a

newly joined SM SM1 seeking connection to the NAN intercepts the strongest beacon from, say SM2 , from which it retrieves public key (P kSM2 ). SM1 then generates a session key (K(SM1 , SM2 )) that it wants to share with SM2 and sends the request message1 REQ=[REQid , CertSM1 , HRAN RG5 (REQid ||CertSM1 )]. At the reception of the request, SM2 uses its private key to retrieve the secret key (K(SM1 , SM2 )). It then formulates a response to the request and sends back to SM1 the message. RSP =[RSPid , CertSM2 , EP kSM1 (K(SM1 , SM2 )), HRAN RG5 (RSPid ||EP kSM1 (K(SM1 , SM2 )))] SM2 also sends to its parent say SM3 on the path to the relay gateway RG5 an acknowledgment message reporting the request ACK=[ACKid , CertSM1 , HRAN RG5 (ACKid ||P kSM1 )]. SM3 in return, generates a secret key (K(SM1 , SM3 )) that it wants to share with SM1 and replies to SM1 via SM2 with the message. RP L=[RP Lid , CertSM3 , EP kSM1 (K(SM1 , SM3 )), HRAN RG5 (RP Lid ||EP kSM1 (K(SM1 , SM3 )))]. The acknowledgment task is proceeded at the extent of two closest parents level. As the new SM1 ’s request is granted, the immediate parents SM2 and SM3 on the path to the RG5 update their list (see table I) inserting SM1 ’s random number (RAN SM1 ), public key (P kSM1 ) retrieved from the successively transmitted acknowledgment messages and the shared key (K(SMi , SMi−1 )).

4

the certificates included in the messages. The hash values are computed to confirm the integrity of the messages. Throughout the process, each involved entity updates its list including first grandparent, parent, children and first-grand children as shown in table I. B. End-to-end confidential data aggregation

Provided the key distribution scheme developed above, the secure end-to-end confidential distributed data aggregation at each intermediate SM toward the nearest RG is proceeded as described in the flow chart Fig.2.

TABLE I K EY DISTRIBUTION TABLE FOR SMART METER SMi First Grandchildren SMi−2 1 RAN SMi−2 1 P kSMi−2 1 K(SM ,SM i

Children SMi−1

Parent SMi+1

1 RAN SMi−1 1 P kSMi−1

RAN SMi+1 P kSMi+1

i−2 )

First Grandparent SMi+2 RAN SMi+2 P kSMi+2 K(SMi ,SMi+2 )

1 RAN SMi−2 1 P kSMi−2 1 K(SM ,SM i

i−2 )

i

i−2 )

i

i−2 )

2 RAN SMi−2 2 P kSMi−2 2 K(SM ,SM

2 RAN SMi−1 2 P kSMi−1

2 RAN SMi−2 2 P kSMi−2 2 K(SM ,SM

Thereafter, each of them generates a secret key to be shared with the new SM1 , encrypts it with SM1 ’s public key (P kSM1 ) and sends it back to SM1 together with their random number (RAN SMi ) and public key (P kSMi ). SM1 will use its private key to decrypt all the messages, retrieve the different informations and build its own key distribution table for its two parents SMs on the path to RG5 . All along the process, the involved SMs ascertain the authenticity of each other by using the utility’s public key to crosscheck 1 This key however should be different from the group key used to secure the communication within the HAN as described in our previous work [13].

Fig. 2.

Confidential data aggregation at intermediate SM.

If the scheme is honestly proceeded at each intermediate SM involved in the distributed aggregation, the nearest RG will end up with the total electricity demand. Thereafter, the bulk electricity demand for the sub area will be forwarded to the CBS through the secure network of RGs. To illustrate the process, we want to use the case scenario as depicted in Fig.1 for RG5 . Say SM1 intends to send a demand to the CBS. It simply adds its data to the key (K(SM1 , SM3 )) it shares with it first grandparent SM3 , appends its random number and sends the message DEMAND1 to its immediate parent SM2 . DEM AN D1 = [Data1 + K(SM1 , SM3 ), RAN SM1 ] SM2 receives DEM AN D1 and notices the message comes from SM1 (RAN SM1 ). Realizing that it doesn’t have neither a grandchild SM from SM1 nor a grandparent SM from SM3 , it adds its Data2 and the secret key (K(SM2 , RG5 )) it shares with relay gateway RG5 who act as his grandparent, appends its random number (RAN SM2 ) and sends the DEMAND2 message to the next SM SM3 . DEM AN D2 = [Data1 + Data2 + K(SM1 , SM3 ) + K(SM2 , RG5 ), RAN SM2 ]

5

Receiving DEM AN D2 , SM3 realizes the message comes from SM2 from whom it has one grandkid SM1 . It then subtracts the key K(SM3 , SM1 ) = K(SM1 , SM3 ) it shares with SM1 , adds its sensed Data3 and the incoming packet [Data4 + K(SM4 , RG5 ), RAN SM4 ] from SM4 . Having no grandparent in the path, it simply sends the message DEMAND3 appended to its random number (RAN SM3 ) to the gateway RG5 . DEM AN D3 = [Data1 + Data2 + Data3 + Data4 + K(SM4 , RG5 ) + K(SM2 , RG5 ), RAN SM3 ] The relay gateway RG5 receiving the message DEM AN D3 notices that it comes from SM3 , from whom it has two grandchildren SM2 and SM4 . Then RG5 subtracts the secret keys (K(SM2 , RG5 )) and (K(SM4 , RG5 )) and obtains the overall power demand for the sub area. DEM AN D = [Data1 + Data2 + Data3 + Data4 ] This process can take place at high rate at each RG level with the bulk electricity demand securely sent to the CBS very frequently through the secure mesh network of RGs. The security of the scheme however depends on one-time utilization of a key. As such, each next round of aggregation operation is proceeded using a new key resulting from a keyed hash value 0 of the previous shared key as follow: K (SM X, SM Y ) = HRAN RG (K(SM X, SM Y )) Both SMs SM X and SM Y are loaded with the RG’s random number (RAN RG) at the registration and can simultaneously compute the same new key.

On the basis of only a loose time synchronization, both utility and the end-user use the random number as key for the keyed hash function (SHA-1, MD5) to compute a secret instantaneous session key (K(t)). A SM stores a copy of its power demand and at a lower frequency (say, every 15 min) uses the key (K(t)) to encrypt the total power demand that it sends together with its random number to its parent on the path to the CBS. DEM AN D = [EK(t) (P ower), RAN SM ]. Along the path towards the CBS, each forwarding SMi appends its own encrypted demand and random number to the received message and sends the resulting message to its parent SM. The CBS ends up receiving a concatenation of individual encrypted power demand of each and every SM on the aggregation path. P OW ER=[EK1 (t) (P ower1 , RANSM1 )|| EK2 (t) (P ower2 , RAN SM2 )||...||EKi(t) (P oweri , RAN SMi )] Upon reception of the message, knowing each user’s identity associated to the random number included in the message, the control center can compute the exact loose time synchronized secret key (Ki (t)) that it uses to decrypt and obtain each user’s exact amount of electricity usage for the time period. It is also possible to match these readings with the high frequency readings for consistency checking. Any inconsistence may reveal potential meter errors or attacks.

IV. L OW R ATE DATA C OLLECTION

V. S ECURITY A NALYSIS

Contrary to high rate data aggregation, low rate data collection is necessary for traceability/accountability and management. It is proceeded very scarcely enough (e.g. every 15 minutes) to offer adequate privacy as far as end-user’s electricity usage pattern is concerned. However, classical symmetric key encryption is used here mostly to protect the user’s data from any outside intruder thus preserving the security of the overall system [3].

In this section, we assess the proposed scheme according to the security requirements listed in II-B.

A. SM-to-CBS Loose Time Synchronized Pair-wise Key The loose time synchronized key is specifically used to secure the low rate data collection as described in IV-B. Each end user uses its random number as the key for the keyed hash function to compute a secret loose time synchronized session key (K(t)). K(t) = HRAN SM (ID||t). Only the control center and the user are capable of computing the instantaneous key as they exclusively know the user’s identification. However, the time stamp (t) should be slotted instead of continue to allow both user and the control center to be able to compute the same secret key for a giving period of time. It should be determinant to match the time slot to the time granularity of the SM’s reading so as to allow the user and the utility to share a one-time key for each transmission. The hash function is intractable, and its strong collision resistance property makes it impossible to have the same key for different identifications, thus eliminating any risk of key mismatch at any given time slot.

B. Low Rate Data Collection

A. User Authentication Prior to accessing the AMI network and participating in the energy request, a newly installed SM captures the strongest hello message (see III-A) from which it retrieves the certificate that it uses to confirm the legitimacy and retrieves the public key that it uses to encrypt a secret key that it wants to share with the corresponding RG or SM. The keyed hash value contained in the request message is computed with the RG’s random number as the key. Because the RG’s random number and the utility’s public key (P kU ) are disclosed only to legitimate users at the registration, an intruder SM with no knowledge of the RG’s random number will fail to compute a meaningful request and consequently will fail to prove its authenticity. On the other hand, message redundancy is used to further verify the authenticity at the intermediate SMs and RGs thus preventing the network from intruder SMs. B. Usage Privacy End-to-end communication confidentiality between any requesting SM and the utility is critical to promote the trustworthiness of the system. For the high rate data aggregation, an additive homomorphic encryption scheme prevents disclosure of the electricity demand of any SM from other SMs involved in the distributed aggregation as well as any outside intruder. However, this scheme allows the utility to access the

bulk energy demand as a whole at high frequency with low overhead. For low frequency data, loose time synchronized pair-wise key computation scheme is proposed to allow any SM and the utility to share a unique one-time key based on the user’s identification known only to them. Except the utility company, no one can decrypt and discover end user’s individual electricity demand. C. Usage Accountability The usage accountability is important to thwart against electricity theft and promote the billing. End user’s electricity usage is known only to the utility as explained previously (low rate data collection). Thus, the user is accountable for the amount of electricity demand and is billed accordingly. Furthermore, the utility can sum up the individual electricity demand and compare the result to the bulk energy demand to detect fraud in case of a significant mismatch. On the basis of electricity consumption trend from its database, the utility can detect odd individual demand and initiate an investigation target a suspicious end user. D. System Availability The RGs are interconnected in a mesh network configuration as well as SMs in a hierarchical structure. Mesh network is redundant and self healing in such a way that in case of node or link failure, the system can reconfigure and provide continuous connectivity. Thus, unlike the star or tree configuration, it is immune against single point of failure and makes the system robust. VI. R ELATED W ORKS Homomorphic encryption is used to provide user data privacy within AMI, such as in [4–7]. However, key deployment and management that can accommodate these schemes are not discussed. There are a couple of works address the key management and distribution in AMI. Baumeister in [14] enumerates different modifications necessary to adapt the public key infrastructure to the AMI as regard to it unique requirements and predominantly its availability and real time response. In [2], T.W.Chim proposed a privacy preserving mechanism to mask the consumer’s power usage pattern. The scheme however mostly relies on public key infrastructure which is not efficient for storage and computation constrained devices. In our previous work [13], we have used the Diffie Helman scheme to develop an identification based group key to provide the communication security within a short-range home area network. The scheme had been proved efficient in terms of round trip complexity compared to similar work by Vaidya et. al in [15]. However, these works are not tailored to data aggregation and accountability in AMI. VII. C ONCLUSIONS A framework for key distribution and management for aggregation and accountability in a utility company’s neighborhood area network is proposed. This framework is designed for a hierarchical network structure and can accommodate

6

various topologies of the communications among smart meters. It is shown to secure the near real time meter’s power aggregation necessary for real time response of the power grid to energy demand and obtain individual user’s power demand for accountability and traceability. The end-user’s energy usage privacy is well preserved all along the distributed aggregation. A loose time synchronized pair-wise key is proposed to securely collect individual power demand despite a slight overhead as message grows in between relay gateways and smart meters.The scheme is scalable as each SM stores a limited number of pair-wise keys that it shares only with its first grandparent and all its first grandchildren at any time. Both low and high frequency readings could be compared to reveal any potential meter error or attack as significant discrepancy occurs. This is one of our future research topics. VIII. ACKNOWLEDGMENT

The first author is supported by the HBGI Scholarship. This research work is supported in part by the DOE Sam Massie Chair Program. R EFERENCES [1] NETL, “Advanced metering infrastructure (v1.0),” Feb 2008. [Online]. Available: http://www.netl.doe.gov/smartgrid/referenceshelf/whitepapers [2] T. Chim, S. Yiu, L. Hui, and V. Li, “Pass: Privacy-preserving authentication scheme for smart grid network,” in IEEE SmartGridComm, oct. 2011, pp. 196 –201. [3] C. Efthymiou and G. Kalogridis, “Smart grid privacy via anonymization of smart metering data,” in IEEE SmartGridComm, oct. 2010, pp. 238 –243. [4] F. Li, B. Luo, and P. Liu, “Secure information aggregation for smart grids using homomorphic encryption,” in IEEE SmartGridComm, oct. 2010, pp. 327 –332. [5] D. Seo, H. Lee, and A. Perrig, “Secure and efficient capability-based power management in the smart grid,” in 2011 Ninth IEEE International Symposium on Parallel and Distributed Processing with Applications Workshops (ISPAW), may 2011, pp. 119 –126. ¨ [6] M. Onen and R. Molva, “Secure data aggregation with multiple encryption,” in Proceedings of the 4th European conference on Wireless sensor networks, ser. EWSN’07. Berlin, Heidelberg: Springer-Verlag, 2007, pp. 117–132. [7] P. Deng and L. Yang, “A secure and privacy-preserving communication scheme for advanced metering infrastructure,” in 2012 IEEE PES Innovative Smart Grid Technologies (ISGT), jan. 2012, pp. 1 –5. [8] C. Wright, “Advanced metering implementation team update,” Oct 2008. [Online]. Available: www.ercot.com/content/meetings/tac/keydocs/2008/1002/04 [9] Advanced Metering Infrastructure Security Considerations. Sandia National Lab, 2007. [Online]. Available: http://www.oe.energy.gov/DocumentsandMedia/20AMI Security Considerations.pdf [10] AMI System Security Requirements. AMI SEC Task Force, 2008. [Online]. Available: http://www.oe.energy.gov/DocumentsandMedia/14AMI System Security Requirements.pdf [11] CenterPoint Energy AMI Deployment. CenterPoint Energy Smart Grid Team (private communication). [12] X. Li, L. Qian, and J. Kamto, “Secure anonymous routing in wireless mesh networks,” in International Conference on E-Business and Information System Security, 2009. EBISS ’09., may 2009, pp. 1 –5. [13] J. Kamto, L. Qian, J. Fuller, and J. Attia, “Light-weight key distribution and management for advanced metering infrastructure,” in 2011 IEEE GLOBECOM Smart Grid Workshop, dec. 2011, pp. 1216 –1220. [14] T. Baumeister, “Adapting pki for the smart grid,” in IEEE SmartGridComm, oct. 2011, pp. 249 –254. [15] B. Vaidya, D. Makrakis, and H. Mouftah, “Device authentication mechanism for smart energy home area networks,” in Consumer Electronics (ICCE), jan. 2011, pp. 787 –788.