<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article  PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd"><article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article"><front><journal-meta><journal-id journal-id-type="publisher-id">SGRE</journal-id><journal-title-group><journal-title>Smart Grid and Renewable Energy</journal-title></journal-title-group><issn pub-type="epub">2151-481X</issn><publisher><publisher-name>Scientific Research Publishing</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.4236/sgre.2013.44038</article-id><article-id pub-id-type="publisher-id">SGRE-33928</article-id><article-categories><subj-group subj-group-type="heading"><subject>Articles</subject></subj-group><subj-group subj-group-type="Discipline-v2"><subject>Earth&amp;Environmental Sciences</subject><subject> Engineering</subject></subj-group></article-categories><title-group><article-title>
 
 
  Privacy Preservation Scheme for Multicast Communications in Smart Buildings of the Smart Grid
 
</article-title></title-group><contrib-group><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>epeng</surname><given-names>Li</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref><xref ref-type="corresp" rid="cor1"><sup>*</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Zeyar</surname><given-names>Aung</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref><xref ref-type="corresp" rid="cor1"><sup>*</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Srinivas</surname><given-names>Sampalli</given-names></name><xref ref-type="aff" rid="aff2"><sup>2</sup></xref><xref ref-type="corresp" rid="cor1"><sup>*</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>John</surname><given-names>Williams</given-names></name><xref ref-type="aff" rid="aff3"><sup>3</sup></xref><xref ref-type="corresp" rid="cor1"><sup>*</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Abel</surname><given-names>Sanchez</given-names></name><xref ref-type="aff" rid="aff3"><sup>3</sup></xref><xref ref-type="corresp" rid="cor1"><sup>*</sup></xref></contrib></contrib-group><aff id="aff2"><addr-line>Faculty of Computer Science, Dalhousie University, Halifax, Canada</addr-line></aff><aff id="aff1"><addr-line>Computing and Information Science Program, Masdar Institute of Science and Technology, Abu Dhabi, UAE</addr-line></aff><aff id="aff3"><addr-line>Massachusetts Institute of Technology (MIT), Cambridge, USA.</addr-line></aff><author-notes><corresp id="cor1">* E-mail:<email>dli@masdar.ac.ae(EL)</email>;<email>zaung@masdar.ac.ae(ZA)</email>;<email>srini@cs.dal.ca(SS)</email>;<email>jrw@mit.edu(JW)</email>;<email>doval@mit.edu(AS)</email>;</corresp></author-notes><pub-date pub-type="epub"><day>04</day><month>07</month><year>2013</year></pub-date><volume>04</volume><issue>04</issue><fpage>313</fpage><lpage>324</lpage><history><date date-type="received"><day>January</day>	<month>10th,</month>	<year>2013</year></date><date date-type="rev-recd"><day>February</day>	<month>10th,</month>	<year>213</year>	</date><date date-type="accepted"><day>February</day>	<month>18th,</month>	<year>2013</year></date></history><permissions><copyright-statement>&#169; Copyright  2014 by authors and Scientific Research Publishing Inc. </copyright-statement><copyright-year>2014</copyright-year><license><license-p>This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/</license-p></license></permissions><abstract><p>
 
 
  Privacy preservation is a crucial issue for smart buildings where all kinds of messages, e.g., power usage data, control commands, events, alarms, etc. are transmitted to accomplish the management of power. Without appropriate privacy protection schemes, electricity customers are faced with various privacy risks. Meanwhile, the natures of smart grids and smart buildings—such as having limited computation power of smart devices and constraints in communication network capabilities, while requiring being highly reliable—make privacy preservation a challenging task. In this paper, we propose a group key scheme to safeguard multicast privacy with the provisions of availability, fault-tolerance, and efficiency in the context of smart buildings as a part the smart grid. In particular, hybrid architecture accommodating both centralized and contributory modes is constructed in order to achieve both fault-tolerance and efficiency with only one set of group key installed. Key trees are sophisticatedly managed to reduce the number of exponentiation operations. In addition, an individual rekeying scheme is introduced for occasional joining and leaving of member smart meters. Experimental results, on a simulation platform, show that our scheme is able to provide significant performance gains over state-of-the-art methods while effectively preserving the participants’ privacy.
 
</p></abstract><kwd-group><kwd>AMI; Building Area Networks; Group Key; Multicasting; Privacy; Smart Building; Smart Grid</kwd></kwd-group></article-meta></front><body><sec id="s1"><title>1. Introduction</title><p>Smart grids, or the intelligent electricity grid that utilize modern IT/communication/control technologies, become a global trend nowadays [<xref ref-type="bibr" rid="scirp.33928-ref1">1</xref>] . As a novel emerging technology of smart grids, Advanced Metering Infrastructure (AMI) is composed of Home Area Networks (HANs), Building Area Networks (BANs), Neighbor Area Networks (NANs) and grid infrastructure which are used to measure, collect, aggregate, store and process data [2,3].</p><sec id="s1_1"><title>1.1. Motivations</title><p>AMI introduces substantial benefits and opportunities to our society, but it also raises challenges concerning privacy as a side effect. For example, fine-grained smart metering data and control messages provide utility companies with the information about ongoing electricity status. However, if misused, these data significantly increase the probability of leaking customers’ privacy including personal information, daily activities, individual behaviors, etc., more frequently [<xref ref-type="bibr" rid="scirp.33928-ref4">4</xref>] as shown in <xref ref-type="fig" rid="fig1">Figure 1</xref>.</p><p>Some pioneer studies, e.g. [<xref ref-type="bibr" rid="scirp.33928-ref5">5</xref>] , explore means to identify major appliance usages in a building by examining the power usage data collected every 15 minutes within 24 hours. This exposes its residents’ daily activities.</p><p>To address privacy risks and concerns, most existing researches are more focused on hiding power usage data that is recorded at smart meter ends or unicasted in NAN via encryption schemes [6,7] or perturbation means [<xref ref-type="bibr" rid="scirp.33928-ref8">8</xref>] or extra battery [<xref ref-type="bibr" rid="scirp.33928-ref9">9</xref>]; but they did not take the HAN and BAN and their characteristics into account.</p><p>This paper aims to develop an efficient privacy preservation scheme for Communications in Smart Buildings (CSB) in the smart grid, which is still an unexploited area. CSB [<xref ref-type="bibr" rid="scirp.33928-ref3">3</xref>] are consisted of BAN and HAN where resourceconstrained wireless networks such as Zigbee [<xref ref-type="bibr" rid="scirp.33928-ref10">10</xref>] and Wi-Fi [<xref ref-type="bibr" rid="scirp.33928-ref11">11</xref>] are deployed. In CSB, not only unicast but broadcast/multicast is popularly utilized due to wireless communications’ characteristics. In our viewpoint, the major challenges to preserve privacy in CSB include:</p><p>&#160; Requirement of efficient privacy-preserving schemes which should be specifically designed for smart buil-</p><p>dings;</p><p>&#160; Safeguarding of not only unicast but broadcast/multicast for both BAN and HAN in an efficient way;</p><p>&#160; Preservation of not only power usage data but other messages in CSB such as power control commands, events, alarms and so on.</p></sec><sec id="s1_2"><title>1.2. Contributions</title><p>We propose a reliable, fault-tolerant, and efficient privacy preserving architecture for CSB in this paper. Our specific contributions are:</p><p>Privacy Leakage Modeling: To our best knowledge, this paper is the first to systematically study privacy leakages for CSB. Furthermore, from an adversary’s perspective, we practically enumerate privacy threats and illustrate corresponding examples.</p><p>Architecture for Privacy Preservation Scheme: Again, we are the first to propose a privacy preservation architecture which is specifically designed for CSB. We analyze the fundamental characteristics of smart buildings, investigate benefits from cryptographic methods and carefully design the most suitable cryptographic components to protect the messages transmitted in smart buildings.</p><p>New Group Key Scheme: Directly using the existing raw group key schemes in BAN poses a formidable challenge, namely the need of efficient and reliable group key management for CSB. 1) The nature of smart grid ranks reliability, safety and availability as the highest priorities</p><p>[<xref ref-type="bibr" rid="scirp.33928-ref12">12</xref>]. Therefore, group key schemes should heavily emphasize the built-in availability as well as minimize the down time during its operation; 2) Most smart devices are equipped with low-capacity devices and limited memory which tends to be restricted in their computation and storage capability. Our group key scheme’s contributions are: a) Hybrid architecture with reliability and self-heaing services to incorporate the centralized and the contributory group key scheme in order to achieve fault-tolerance. b) Efficiency is ensured via individual rekeying for members joining and batch rekeying for member leaving at the end of an interval. For even more efficiency, the key tree is organized using special constructs such the fixed and the child key trees.</p><p>Experimental Validation: Finally, we implement our scheme on emulated smart devices and key servers as well as simulate it on Network Simulator 2 (NS2) [<xref ref-type="bibr" rid="scirp.33928-ref13">13</xref>]. The experimental results demonstrate that our solution incurs dramatically less computational costs and communication overheads when compared to the state-of-the-art methods.</p></sec></sec><sec id="s2"><title>2. Background and Problem Description</title><sec id="s2_1"><title>2.1. Structure of Smart Building</title><p>As depicted in <xref ref-type="fig" rid="fig2">Figure 2</xref>, a smart building communication system comprises of components as follows [<xref ref-type="bibr" rid="scirp.33928-ref3">3</xref>]:</p><sec id="s2_1_1"><title>Smart Appliances or Sensors</title><p>Smart Home Nodes (SHNs) are, generally, embedded devices such as sensors which are located in the custommers’ premises e.g. an apartment in a smart building. They</p><p>can be installed at or embedded within a number of smart appliances, e.g., washing machines, dryers, heating, ventilations, refrigerators, air conditioners, In Home Displays (IHDs), and even solar panels as well as wind turbine generators [<xref ref-type="bibr" rid="scirp.33928-ref14">14</xref>]. They are deployed to monitor and control their host smart appliances.</p></sec><sec id="s2_1_2"><title>Smart Meters</title><p>As a programmable device, the smart meter measures electricity consumption, monitors power status, reports events and remotely enables/disables smart appliances. It also possesses the bi-directional communication functionality to relay the messages from appliance to utilities and vice versa. It enables Demand Response (DR) features which can take charge of appliance control while the system in jeopardy is sensed or at peak times.</p></sec><sec id="s2_1_3"><title>Control Center in Smart Building</title><p>Generally, there is a control center in smart building to manage the automation control system. In this paper, we will utilize one of the servers/PCs in the control center to play the key server role in our privacy preservation scheme.</p></sec><sec id="s2_1_4"><title>Home Area Networks (HAN)</title><p>In a smart building, each apartment could construct a HAN, a local area network (LAN) which connects SHNs (e.g. smart appliance, IHDs, local control devices) and smart meters via Zigbee [<xref ref-type="bibr" rid="scirp.33928-ref10">10</xref>] or other cost-saving wireless networks.</p></sec><sec id="s2_1_5"><title>Building Area Networks (BAN)</title><p>Building Area Networks (BANs) are typically deployed for high rise. A Vertical Back-bone Communication (VBC) [<xref ref-type="bibr" rid="scirp.33928-ref3">3</xref>] system is established for the building to link all smart meters, each of which, generally, measures, controls and connects one HAN. In each floor of the building, the Horizontal Floor Communication (HFC) system [<xref ref-type="bibr" rid="scirp.33928-ref3">3</xref>] is constructed with the utilization of Zigbee to connect each HAN for each apartment in the smart floor.</p></sec></sec><sec id="s2_2"><title>2.2. Communication in BAN and HAN</title><p>Three communication modes are utilized in SGC: unicast, multicast and broadcast [<xref ref-type="bibr" rid="scirp.33928-ref15">15</xref>]. Interactive messages are exchanged via one or more of them. SHNs or smart meters use unicast mode to report metering data such as power usage data, status, and events to utility companies. In contrast, power companies or the smart building control center deploys multicast or broadcast technology to forward control commands to one or more HANs or even the entire BAN in the smart building. Furthermore, DR information including remote load control messages and pricing information and alarms is multicast to correspondding DR project participants.</p><p>In terms of the delay limit for message delivery, we realize that different countries and areas may have their own regulations while accomplishing the multicast/broadcast technologies used in smart buildings. Their values differ. Without lost generality, we follow the standard of State Grid Corporation of China, the time limit of which is defined as less than 15 s [<xref ref-type="bibr" rid="scirp.33928-ref15">15</xref>]. Other countries may set different time limits but it will not impact our solution significantly.</p></sec><sec id="s2_3"><title>2.3. Problem Description</title><p>In CSB, different communication modes demonstrate varied hardness while protecting privacy. Privacy preserving schemes can be easily accomplished for unicast communication technologies even for resource-limited wireless network communication technologies. The reason is that currently deployed wireless networks such as Zigbee [<xref ref-type="bibr" rid="scirp.33928-ref10">10</xref>] or Wi-Fi [<xref ref-type="bibr" rid="scirp.33928-ref11">11</xref>] are utilizing pair-wise keys and encryption algorithms in design. However, it is still a challenge for multicast communication technologies in CSB due to CSB’s own characteristics and specific requirements. The SHNs in a HAN, for example, have to share their messages or statuses or events with each other to achieve some collaborative tasks: a DR project, for example, requires an apartment in the building decrease its power consumption to a defined limit at peak time. However, how the customer-side power management in the apartment complete the goal is out of the DR project’s knowledge. In this case, the SHNs in the apartment need work with each other to reduce the electricity consumption but meanwhile satisfy customers’ comfortableness. It does not conflict with the privacy protection since SHNs in the same HAN belongs to the identical owner. However, these messages cannot be captured by other devices which deployed in the same buildings but different apartment. Otherwise, the privacy leakages discussed in Section 4.2 occur.</p><p>However, designing an appropriate privacy preserving scheme for multicast/broadcast in CSB is a challenging task. It should protect aforementioned scenarios and meanwhile overcome the restrictions listed below:</p><p>1) Requirement of suitable cryptographic schemes for multicast: current wireless network e.g. Zigbee or Wi-Fi mainly utilizes the pair-wise key scheme and encryption algorithms to protect messages. It is suitable for unicast communications but not for multicast ones. Designing privacy preserving schemes specifically for multicast communications in CSBs is highly demanded.</p><p>2) Limited resources for receivers: The receivers, i.e., SHNs or smart meters, are usually equipped with lowend processors and limited amount of memory, both of which hamper the execution of heavy computing operations.</p><p>3) Constraints on communication channels: Wireless channels present low-bandwidth. Light-weight communication cost is desirable.</p><p>4) Huge volumes of data: the amount of data for smart building communications will be a significant increase in the future. Hence, the solution needs to be efficient and scalable.</p><p>5) Delay-tolerance: Data forwarded in smart building communications cannot be delayed for more than 15 s.</p><p>6) Vital demands for reliability and fault protection: The nature of smart building highly demands reliability and availability. Hence, to minimize the total outage/fault times, fault-tolerance services are essential.</p></sec></sec><sec id="s3"><title>3. Cryptographic Primitives</title><sec id="s3_1"><title>3.1. Selection of Group Key Schemes</title><p>To satisfy smart grids’ privacy-preserving requirement for multicast communications, a common and efficient solution is to deploy a symmetric group key shared by all multicast participants (group members), e.g. SHNs, smart meters, etc. in the same HAN (group). With the support of this shared key (group key), multicast communication data in the same HAN can be encrypted and decrypted. Outsiders, e.g. SHNs in other HANs cannot peek. Therefore, a group key management protocol that computes the symmetric group key and forwards the partial keys to all legitimate SHNs in the HAN is critical to the privacy preservation scheme for the multicast communication in smart buildings.</p><p>Rekey Strategies: When one or more SHN (group member) leaves or joins the HAN (group), the group key should be updated so that only current group members contain the group key. This procedure is called rekey. There are two kinds of rekey strategies: individual rekey and periodical batch rekey. The former rekeys the group key for every group membership update such as joining/ leaving. The later processes the joining and leaving requests in a batch at the end of each rekey interval.</p><p>In this paper, we utilize individual rekeying to process join request and periodical rekeying to process leaving requests because: 1) In smart grids, most SHNs and the smart meter which play group member roles have stationary membership. The group membership change events e.g. joining/leaving are rare; 2) We use one-way hash operation to update the group key when a SHN joins. Since one way hash function is efficient, the rekey operation cost is light; 3) Periodical rekeying introduces a vulnerability window but also leads efficiency. Considering that some SHNs show low-end processing capacity, the tradeoff between performance and security is reasonable; 4) Periodic rekeying introduces group key refresh at the end of the time interval even there are no membership changes. This promotes the security level.</p><p>Group Key Management Architecture: In view of architecture, group key management schemes can be broadly classified into two categories, namely, centralized and contributory: In a typical centralized group key management scheme e.g. Logical Key Hierarchy (LKH) [<xref ref-type="bibr" rid="scirp.33928-ref16">16</xref>], a trusted third party, known as the key server, is responsible to generate, to encrypt and to distribute the symmetric group key, partial keys and individual keys to all other group members. It has the advantages of efficiency of the symmetric key encryption/decryption. However, it suffers from the following drawbacks. 1) Since all group secrets are generated and stored in one place, the key server could present itself as an attractive attack target for adversaries. 2) The key server can become the single point of failure/bottleneck. In contrast, in contributory group key management schemes e.g. Tree-based Group Diffie-Hellman (TGDH) [<xref ref-type="bibr" rid="scirp.33928-ref17">17</xref>], every group member contributes to the group key generation. It has the advantage of fault-tolerance. However, for group membership changes, it lacks scalability in terms of computational cost. For example, TGDH has the following drawbacks. 1) Every group member performs the expensive DiffieHellman key exchange with <img src="1-6401239\9020c334-c4f5-4492-8692-f7b3c630f939.jpg" /> times exponentiation operations for every group membership update where n is the group size. 2) Every sponsor should sign and forward a large number of rekeying multicast messages to update a group key. It results in expensive communication overhead and computational costs.</p><p>In this paper, we are willing to propose hybrid architecture which combines both centralized and contributory group key schemes in such a way that it takes advantage of both centralized one’s efficiency and contribute one’s reliability to protect the privacy of smart grid multicast service.</p></sec><sec id="s3_2"><title>3.2. TGDH</title><p>The crux of the group key management scheme in TGDH is to use a binary key tree for group key updates. Let <img src="1-6401239\f69379a6-b6fe-44dd-8b37-e7be514956dd.jpg" /> be a binary tree in which every node is represented by <img src="1-6401239\c66b866d-3ddf-488a-a428-a959241ed873.jpg" /> where h is its height (level) and i is its index. Each node in the binary tree, has two keys, <img src="1-6401239\d6c76150-68e2-41ff-8ca0-3b448f0a69d7.jpg" />and<img src="1-6401239\763e42de-e478-4183-aae9-5547f238979c.jpg" />. The node key associated with node</p><p><img src="1-6401239\96569659-e6dd-436a-abb6-e311cbed3af8.jpg" />is <img src="1-6401239\63c97fa1-c457-45cc-bc59-d3fa603c9400.jpg" /> and its blinded key<img src="1-6401239\9179cc88-dc91-4b95-a4eb-8504fbf716f0.jpg" />.</p><p>Each node in the tree is either a leaf or a parent of two nodes. Each leaf represents a group member <img src="1-6401239\51543902-dac8-4b8b-b406-8f433e716f6c.jpg" /> which generates<img src="1-6401239\2284adee-2f01-4389-bee3-e7f39b42eb21.jpg" />, a random integer. It can be treated as the leaf node’s node key. The node key of an internal node<img src="1-6401239\ec66f6d0-c877-4a58-b553-6f6a29d6da77.jpg" />, is derived from keys of its children, <img src="1-6401239\332ff5ca-0d07-4d11-91b7-22d14edf9eb1.jpg" />and<img src="1-6401239\e9de4b0b-ff38-494d-96f3-63c10866c876.jpg" />:</p><disp-formula id="scirp.33928-formula9322"><label>(1)</label><graphic position="anchor" xlink:href="1-6401239\d94ede96-661b-4321-aa06-c3f80c362964.jpg"  xlink:type="simple"/></disp-formula><p>The node key of the root is the group key. While a group member joins, the shallowest leftmost leaf node in the key tree is selected as the sponsor and acts as the sibling for the new group member. When a group member leaves, the sponsor is the shallowest leftmost leaf node of the sub-tree rooted as the leaving member’s sibling node. The sponsor is responsible for updating its secret random integer<img src="1-6401239\17c3f8a2-e861-44a7-bc9f-90a72ccee92f.jpg" />, and all keys on its key path. Then, the sponsor multicasts all updated blinded keys, based on which, other members update keys on their key paths and compute the new group key. Refer to [<xref ref-type="bibr" rid="scirp.33928-ref17">17</xref>] for details about how the sponsor is selected, how key material is prepared among all members and how group key is calculated for each participant.</p></sec><sec id="s3_3"><title>3.3. ID-Based Key Agreement</title><p>In the group key scheme, security channels between two parties/members are required. Its purpose is to deliver secret messages between them. For example, when a new group member joins, the sponsor needs to establish the secure channel with the new group member. In our solution, it is fulfilled by a shared key between them: we adapt an ID-based key agreement [<xref ref-type="bibr" rid="scirp.33928-ref18">18</xref>] to generate the secret key.</p><p>1) Set-up Following the RSA algorithm, TC (trusted key generation center) generates and publishes <img src="1-6401239\c9afcc28-c914-44a7-a912-06ad3e352010.jpg" /> but keeps <img src="1-6401239\62bf2312-c85b-4ea4-99ff-f61bc36094c9.jpg" /> secret.</p><p>2) Key generation For an authorized user A, TC assigns it randomly generated ID, <img src="1-6401239\0922eef1-c6f0-4c3d-ae7a-a4382543076b.jpg" />and computes<img src="1-6401239\d941e57a-a8ec-4a41-ae0e-5200e92da67d.jpg" />;</p><p>For an authorized user B, TC assigns it randomly generated ID, <img src="1-6401239\4280c6bf-50b0-4669-888e-746916ceeb58.jpg" />, and computes<img src="1-6401239\b57ab67f-07ba-443f-89ac-a0ebb461e0e1.jpg" />;</p><p>TC issues (n, g, e, ID<sub>q</sub>, s<sub>q</sub>) to user A and (n, g, e, ID<sub>b</sub>, s<sub>b</sub>) to user B via secure channel.</p><p>3) Key Agreement Step 1:</p><p>A randomly generates an integer<img src="1-6401239\9161c31f-fadd-4554-a2c5-bb22f73c8d73.jpg" />, and, computes</p><disp-formula id="scirp.33928-formula9323"><label>(2)</label><graphic position="anchor" xlink:href="1-6401239\a549dee1-0bad-451e-85ac-e368525402fc.jpg"  xlink:type="simple"/></disp-formula><p>B randomly generates an integer<img src="1-6401239\07d5da84-be4d-4ceb-b2c2-1e8cca3efcca.jpg" />, and, computes</p><disp-formula id="scirp.33928-formula9324"><label>(3)</label><graphic position="anchor" xlink:href="1-6401239\294443c7-bf0c-414a-9dae-dbd4d71564af.jpg"  xlink:type="simple"/></disp-formula><p>Step 2:</p><p>A and B exchange <img src="1-6401239\da692f68-8601-481c-a850-2f0cf30da8e0.jpg" /> and <img src="1-6401239\78f54f7a-beae-46ac-ac73-00b00e583af9.jpg" /> via authenticated channels;</p><p>Step 3:</p><p>A and B computes formula (4) and (5) respectively:</p><disp-formula id="scirp.33928-formula9325"><label>(4)</label><graphic position="anchor" xlink:href="1-6401239\e6502551-de79-475f-b9b0-08b49ae9d7b6.jpg"  xlink:type="simple"/></disp-formula><disp-formula id="scirp.33928-formula9326"><label>(5)</label><graphic position="anchor" xlink:href="1-6401239\f3521dc5-04f7-48c8-9e23-3616008b1c6e.jpg"  xlink:type="simple"/></disp-formula></sec></sec><sec id="s4"><title>4. Our Proposed System</title><sec id="s4_1"><title>4.1. Adversary Model, Assumption and Scope</title><p>Adversary Model: Like other researches in areas of privacy preservations [6,19,20] we follow the semi-honest adversary model in which smart devices (e.g. SHNs, smart meters, etc.) obey regulations of the smart buildings. Meanwhile they are also curious about messages they learn (or share) and have the intension to combine these information if possible. Therefore, any participating smart devices should relay packets and also intend to uncover other HANs’ privacy by studying sensitive messages received.</p><p>Security Assumption: We assume that smart devices such as smart meters, etc. are tamper-resistant. Furthermore, we also assume the availability of the TC and the key server deployed in smart buildings or utilities. Moreover, we assume that device attestations are deployed to validate SHNs, smart meters, etc.</p><p>Scope: Our scheme mainly focuses on the confidentiality service to protect privacy in multicast. In terms of unicast, the pair-wise key schemes are already implemented in wireless networks e.g. Zigbee. Efficient encryption algorithms e.g. AES are utilized in sensor networks as well. We will use them in our solution directly rather than proposing new components. The authentication and integrity services guaranteed by digital signatures and one-way hash functions are also important but beyond our paper’s scope.</p></sec><sec id="s4_2"><title>4.2. Privacy Leakage</title><p>Privacy threats occur when an adversary associates customers’ power usage data and buildings’ control commands with their daily activities e.g. breakfast, laundry, wakeup cycles, etc. [<xref ref-type="bibr" rid="scirp.33928-ref21">21</xref>] .</p><p>Privacy for residence occupancy: An appliance control command <img src="1-6401239\42b3f8b1-f822-4dd2-bb38-5f8c9da497ff.jpg" /> can let an adversary infer that the resident is presence or absence (also referred as absence privacy).</p><p>Example I: A remote control command is sent to “<img src="1-6401239\f53fc541-2c00-463a-b302-f76121d6d74e.jpg" />” aiming to shut down the air conditioner when the local temperature outdoor is high (e.g. &gt;104˚F/40˚C). Eve can probably infer that residents living in “<img src="1-6401239\0564a93a-dd90-4588-9f32-4bf1801e710f.jpg" />” may possible be absence and he then takes risks to break in.</p><p>Privacy for appliance ownership: The history of appliance control commands <img src="1-6401239\ecfd0210-dbf9-448d-bce0-bf773f29ff62.jpg" /> let an adversary compile a list of household appliances and surmise the lack one.</p><p>Example II: Alice had sent home the remote appliance control commands associated with heaters, dish washers or dryers but otherwise air conditioners. Eve extrapolates that it is highly possible for Alice to not own an air conditioner yet. The commercial information is valuable.</p><p>Privacy for personal activities model: The appliance control commands <img src="1-6401239\235f4333-ecf6-46eb-89d4-f24c1fa820e5.jpg" /> can let the adversary generalize the residence’s activity model.</p><p>Example III: Alice always remotely turns on his air conditioner half an hour earlier before arriving at home. Eve finds that theses control commands are sent out at 5:30 pm from every Tuesday to Thursday but, 6:30 pm every Monday. Eve can draw Alice’s life pattern in the future based on it.</p></sec><sec id="s4_3"><title>4.3. System Overview</title><p>In this paper, we present a privacy preserving multicast for CSB via using an efficient, reliable, and periodic group key management scheme. As depicted in <xref ref-type="fig" rid="fig3">Figure 3</xref>, a server in the control center of the building plays the Key Server <img src="1-6401239\9de825de-82fb-40bf-9815-f3eb835497ae.jpg" /> role. It generates a group key tree, <img src="1-6401239\3c3d3969-18f2-40c3-b4b8-7509551f1a03.jpg" />, for every HAN,<img src="1-6401239\83ad5096-643a-43d5-ab66-bc050625d0c0.jpg" />.</p><p>We assume that there are <img src="1-6401239\ad11ef8f-95e0-42c8-a92c-7a90272f1066.jpg" /> HANs in the smart building. Therefore, there are <img src="1-6401239\92508bb7-6ab9-42be-a5e0-75de09f77d1e.jpg" /> group key trees, <img src="1-6401239\4fc2bb44-63cd-497b-8a89-ae191df0215b.jpg" /> and <img src="1-6401239\c28ec305-c677-4e2d-9b45-cd75936aa8e0.jpg" /> group keys <img src="1-6401239\f4a791f1-0a06-461c-aba9-dc8adce0f8c9.jpg" /> generated in<img src="1-6401239\f7997dfd-bb25-470b-aa8e-c2e7b1c1b6b8.jpg" />. The <img src="1-6401239\5b7a543f-907f-4413-ad52-fb2b6334f093.jpg" /> multicasts key material associated with each group key tree <img src="1-6401239\e18e69ff-6b56-4538-b0e2-90006db4a88b.jpg" /> to SHNs that belong to <img src="1-6401239\d2ca21ef-140c-422d-9491-6358a996a86b.jpg" /> where<img src="1-6401239\3b04d4b9-2f02-4d0d-b749-d5b7d58c3f01.jpg" />. The SHNs, after receiving the key material, will calculate its group key<img src="1-6401239\27afdb77-1718-4b35-a72f-938511b019d1.jpg" />. Afterward, multicast messages toward <img src="1-6401239\d58301b6-68ac-413e-b2f5-e24e8718c371.jpg" /> are encrypted by the group key,<img src="1-6401239\0ac3b74a-991b-4b94-8c36-c7a0d3f326d4.jpg" />. SHNs inside <img src="1-6401239\8a947cd0-ba34-421c-8447-5b17abd3bbdb.jpg" /> can decrypt cipher text but other SHNs outside <img src="1-6401239\23dca33e-adc1-4665-a458-35be431fdc41.jpg" /> cannot since they do not obtain<img src="1-6401239\8cb4319c-7d95-4d1e-8eb6-cb82a4776672.jpg" />. The encryption algorithm can be AES, which is out of the scope of this paper.</p></sec><sec id="s4_4"><title>4.4. Hybrid Architecture</title><p>In the centralized group key scheme, a server in the control center of the building plays the key server’s role since it is equipped with powerful computation capacity. Following TGDH, for each HAN, the server generates the symmetric group key, partial keys, individual keys,</p><p>key path and key tree which are forwarded to the corre sponding group members—SHNs and smart meters in a HAN,<img src="1-6401239\2d194e30-3b54-4c9d-bb6e-eb8d464d0302.jpg" />. It takes advantages of symmetric key encryption/decryption’s efficiency but the key server is the single-point failure: when it is out of control, the centralized group key scheme ceases and therefore reliability cannot be provided. In contrast, a contributory group key scheme is fault-tolerant. But it is expensive in both computation and communication. Consequently, low-capacity SHNs and smart meters and limited wireless communication channels, e.g., Zigbee, cannot afford the cost.</p><p>A na&#239;ve/straightforward method to fix this problem is to install one set of centralized scheme and one set of contributory scheme simultaneously on every smart device to guarantee both fault-tolerance and efficiency. However, deployments of two sets of schemes not only make the system more complicated but require more resources such as storages.</p><p>In this paper, we propose a hybrid protocol which combines the advantages of the centralized approach’s efficiency and the contributory scheme’s fault tolerance. The basic idea behind the hybrid architecture is that when the key server is off-line, then group key management will utilize a contributory scheme. If the key server is on-line, there will be two possibilities. If all the group members are able to access the key server (no partitioning of the group), a centralized scheme e.g. LKH is used in which the key server is responsible for calculating and delivering the intermediate keys associated with the binary key tree since the key server is deemed to have a high processing capability. On the other hand, if the group is partitioned (some of the members are not able to access the key server), then a combination of the two schemes is used—the members with access to the key server use the centralized scheme while the others use the contributory scheme. Both of them follow the TGDH key tree to update the node keys and blinded keys associated with the nodes on the binary key tree.</p><p>Figures 4(a) and (b) demonstrate the required components for implementing the centralized and the contributory key management schemes, respectively. The key tree structure follows that of TGDH or of binary tree-based LKH (TGDH is a binary tree-based LKH in terms of key tree structure). In both centralized and contributory group key scheme, the key tree structure maintenance components within the key server or the group members modify their key tree structures according to the group member joining or leaving.</p><p>Generally, the centralized scheme is the primary mechanism: the key server maintains and distributes the key tree. Every group member, e.g. SHNs and the smart meter in the same HAN, receives and stores its key path. Once the key server fails, a contributory scheme takes in charge automatically—every SHN and smart meter in the</p><p>same HAN, <img src="1-6401239\12462ab2-fa28-49a0-a48b-9ec1fc577ddc.jpg" />cooperates with each other to manage the group key and the key tree as well. When the key server restores, every meter delivers its latest key path to the gateway via secure channels. The scheme is controlled in centralized way again. Thus, self-healing is ensured. Since both centralized and contributory key management use the same key tree structure, no rekey operations are processed and no rekey messages are forwarded to implement the switch between the centralized scheme and the contributory scheme. Due to space limit, we will not address each component listed in Figures 4(a) and (b) in detail.</p></sec><sec id="s4_5"><title>4.5. Efficient Group Rekeying Scheme</title><p>In this subsection, we address our key tree structure, how to arrange nodes in a key tree while members join/leave and how to compute the shared group key for key server and each group member as well.</p><p>Like [16,17,22], our scheme uses a binary key tree <img src="1-6401239\d3e866d9-6ee7-4250-96ed-7e988ab4c797.jpg" /> in which every node is associated with a node key and a blinded key. Each leaf node represents one and only one group member. The node key of a leaf node is also called individual key.</p><p>According to our observation, we find that the stationary smart devices will not leave as long as it is legal, works in a good condition and no plan to be replaced. Therefore, even they appear not online sometimes because of device out-of-control or its jammed communication channel, we still do not mark it as leaving. Furthermore, since some roaming devices e.g. customer’s PEV intends to return, its node still stays in the key tree and no leaving request should be sent out. They are treated as stationary nodes. However, other devices e.g. rented smart appliance cannot be treated as stationary nodes. Expired/ broken/compromised SHNs. are marked as leaving and will finally be deleted in rekeying process.</p><p>The layout of the key tree is demonstrated in <xref ref-type="fig" rid="fig5">Figure 5</xref>(a), in which the fixed key tree, <img src="1-6401239\367b6547-d661-463e-8d04-db20cf919033.jpg" />contains all stationary smart devices. The rest group members are located in the subtree<img src="1-6401239\f49cfa33-a43d-4a57-9c2c-13cbbd0cb1da.jpg" />. Notice that <img src="1-6401239\f79a7a3a-8f5a-4d3d-9765-303c29783774.jpg" /> is<img src="1-6401239\9f5b2588-9866-4266-9a8b-70ff19f4676b.jpg" />’s sibling and at the same time, the child key tree, <img src="1-6401239\1b5fa00e-77c0-47f5-bb5d-cef518b11bd0.jpg" />is part of<img src="1-6401239\265eec8d-482f-4000-bd04-3d35a5411295.jpg" />. <img src="1-6401239\98601043-53fc-41e7-afcd-a01ee7850f65.jpg" />stores the new incoming smart devices, e.g., newly installed SHNs.</p><p>In our scheme, to lessen member’s waiting time, a joining request is processed immediately. All leaving requests are handled at the end of the rekeying time interval for the sake of efficiency. This may introduce trivial vulnerability but it is affordable. The reason is that the nature of smart grids informs us that almost all smart devices are stationary and membership changes rarely happen. Therefore, the rekeying interval (e.g. 60 minutes) defined in our scheme is sufficiently secure.</p><p>Individual Rekeying for Joining Member:</p><p>New joining group members should contain its attributes: stationary or non-stationary. The former will be inserted into the fixed key tree,<img src="1-6401239\e0625945-5498-4125-9dd3-358e55d6e0e1.jpg" />. The later is associated with nodes representing rented SHNs. It will be inserted into the main key tree <img src="1-6401239\fe85fd96-a415-416a-ae5f-c5309b8f541d.jpg" /> at the group key initiation phase. After then, new member will be inserted at child key tree,<img src="1-6401239\42265915-f47b-41aa-a89a-45fe525f46ab.jpg" />. The insertion point for<img src="1-6401239\7085ee47-96f5-475d-90bb-4471fd240aca.jpg" />, <img src="1-6401239\f0a09418-1c1b-41d1-98b4-0bf867dec512.jpg" />or <img src="1-6401239\f3a97ea0-9e7e-4931-9d1e-0b52d76eec7b.jpg" /> is its corresponding shallowest leftmost nodes. Meanwhile, every current group member calculates the new group key via one way hash function <img src="1-6401239\80d3301a-edf9-4d97-bd26-b84a8c1daf59.jpg" /> where <img src="1-6401239\fb8b1295-7715-4bce-9ab3-69ca0972a16b.jpg" /> is the current group key and <img src="1-6401239\a68a9198-2ad7-4a0a-a63d-11ffa85629cc.jpg" /> the new one. The new member receives <img src="1-6401239\a2f93904-5c30-4e4d-bd63-fbfc8251ccd8.jpg" /> from the sponsor via secure channels e.g. ID-based DiffieHellman. Refer to TGDH about how the sponsor node delivers partial keys to the new member.</p><p>Batch Rekeying for Leaving Member:</p><p>When a group member is going to leave as it is malfunctioning, legacy or expelled, the group key need to be updated at the end of the rekeying interval. The child key tree, <img src="1-6401239\fb208c33-26a0-4470-bc11-8dfb63254bf8.jpg" />, may be moved to replace a leaving leaf node’s place if any, for sake of computation efficiency. For details, suppose that the group member M<sub>i</sub>, is represented by the leaf <img src="1-6401239\066cdec6-57d8-4751-8496-521885422913.jpg" /> which leaves the group. Four cases follow:</p><p>Case 1: If <img src="1-6401239\f40a97bf-5470-4edd-bce8-9a937bc7524b.jpg" /> is not available, our leave protocol is the same as that of TGDH.</p><p>Case 2: If <img src="1-6401239\76a1cc73-d3c0-474c-8193-14f17f25cdfb.jpg" /> is available and <img src="1-6401239\822d37f2-9936-4127-a098-da3a4d609fe7.jpg" /> is within<img src="1-6401239\a2a6b8de-d282-40a6-809c-eafba2866958.jpg" />, the key tree structure stays the same.</p><p>Cases 3 and 4: If <img src="1-6401239\6fb11b73-46ae-4276-8b33-58dd6aeeb83b.jpg" /> is available and <img src="1-6401239\3752a3c5-f13b-46e0-bce6-b7872944fc93.jpg" /> is not within<img src="1-6401239\fdaca07d-8388-4bc9-82b9-aa2190f29bc4.jpg" />, there are two possibilities, moving <img src="1-6401239\b5e3d16f-38a9-4adf-90f8-d7a70fefe672.jpg" /> which is shown as <xref ref-type="fig" rid="fig5">Figure 5</xref>(a), or not. The leaf node<img src="1-6401239\a0784e95-d270-4469-a9dd-826c08f64d41.jpg" />’s position and computational cost decide whether <img src="1-6401239\f578c156-b086-440e-a07d-e5d692b44077.jpg" /> should be moved. If moving <img src="1-6401239\a22bd45c-750f-442b-872a-a70938905cf1.jpg" /> cannot result in the performance gain, <img src="1-6401239\f41a1aba-9fca-4cbe-97a6-cdd3f4d4e876.jpg" />should stay. This scenario is called case 3. Otherwise, <img src="1-6401239\8b4acbfd-3d07-4234-b1e0-96189c178f2c.jpg" />should be moved to take<img src="1-6401239\2443e687-7fbf-433a-a2f4-68e2b36bf512.jpg" />’s position and <img src="1-6401239\90d73625-acdd-4420-b535-d11544b44fbe.jpg" /> is cut off. It is called case 4.</p><p>For example, <xref ref-type="fig" rid="fig5">Figure 5</xref>(b) is the original key tree. <xref ref-type="fig" rid="fig5">Figure 5</xref>(c) shows that <img src="1-6401239\dcdf37f5-81e4-409e-a0c3-6c342f4a5435.jpg" /> leaves. Since <img src="1-6401239\c727aaf6-6a1b-4030-b7b1-e74342c365f0.jpg" /> is not within <img src="1-6401239\99f98f67-7f00-426a-b04e-65e2620341f4.jpg" /> and moving <img src="1-6401239\8c037e53-e31b-4ad8-949c-b08ea6b70594.jpg" /> costs less, <img src="1-6401239\df749bef-e155-493d-9f31-3aba9a92f0e7.jpg" />rooted at <img src="1-6401239\90ab9298-fadf-49c5-a8f4-d1d6e90bfe2a.jpg" /> is moved to replace the position of node<img src="1-6401239\dbfce5d8-6262-4318-9e24-252dea371ae5.jpg" />. The former node <img src="1-6401239\b1c3e7f0-8d16-420a-8df8-f5ca06c5cf84.jpg" /> is cut off. As its left child node is removed, node <img src="1-6401239\2287ca66-f6a4-4541-bcc5-557e7a03c076.jpg" /> is deleted.<img src="1-6401239\2861f142-539c-43a5-8373-6399591a5037.jpg" />’s right node</p><p><img src="1-6401239\fd8e3d5c-4a59-4f3e-979f-610e829ca99c.jpg" />is renamed as <img src="1-6401239\b4ca02ea-b86c-4c5f-9cee-8de5afe1ef7a.jpg" /> and promoted to its parent’s position. <xref ref-type="fig" rid="fig5">Figure 5</xref>(d) demonstrates that, when <img src="1-6401239\99eec7b1-893a-4e46-950a-f3dca01d20f5.jpg" /> leaves, <img src="1-6401239\c538800c-ed5e-4a50-98d7-a92c51999354.jpg" />need not be moved since <img src="1-6401239\774f7f08-6f39-419a-9a8f-ad7efcdbbe0d.jpg" /> is within<img src="1-6401239\9aa1430c-cbf4-4ba9-9e0f-e843fca439d9.jpg" />.</p></sec></sec><sec id="s5"><title>5. Implementation and Experiments</title><sec id="s5_1"><title>5.1. Implementation</title><p>During our implementation, we utilize ID-based DiffieHellman key exchange agreement introduced in Section 2.4 to calculate the node key for intermediate nodes in the key tree. It can protect our scheme against the Manin-the-Middle attack.</p><p>We implement the adapted ID-based key agreement by C language based on Pairing-Based Cryptography (PBC) library [<xref ref-type="bibr" rid="scirp.33928-ref23">23</xref>] built on the GNU Multiple Precision arithmetic (GMP) library [<xref ref-type="bibr" rid="scirp.33928-ref24">24</xref>]: GMP library provides arbitrary precision arithmetic APIs which are invoked by PBC to support pairing-based cryptosystem. Our implementation has been executed on Virtual Machine hosted by Oracle’s VirtualBox. Here is the detailed configuretion of VM-OS: Ubuntu 11.10; Memory: 4GB; Processor: Intel Core i5-M560 2.67GHz; and HDD 7.9 GB.</p></sec><sec id="s5_2"><title>5.2. Experimental Results</title><p>The goals of our experiments are to estimate the performance of our group key scheme specifically focusing schemes. Furthermore, it can help us determine the performance gains or additional cost introduced by our scheme at different scenarios.</p><sec id="s5_2_1"><title>Computational Cost:</title><p>In this paper, we use the group membership change data set (duration: 3 months; group size: 250 nodes) collected in MBone [<xref ref-type="bibr" rid="scirp.33928-ref25">25</xref>], a famous and practicing multicast services on Internet. We demonstrate the times used to generate/update a group key for different group size in <xref ref-type="fig" rid="fig6">Figure 6</xref>(a) based on the number of exponentiation operations required to accomplish our group key scheme. As a comparison, GDOI [<xref ref-type="bibr" rid="scirp.33928-ref26">26</xref>] is also executed and its result is depicted at <xref ref-type="fig" rid="fig6">Figure 6</xref>(a). The numbers of computing operations for TGDH and our proposal are depicted in <xref ref-type="fig" rid="fig7">Figure 7</xref>. Thus, as shown in Figures 6(a) and 7, our proposed group key scheme is significantly efficient than GDOI/TGDH concerning with the overall execution times/number of operations. While the key server is out of control, in terms of computational cost, the hybrid architecture requires no computational operations and the straightforward solution needs a number of operations to generate a new contributory group key.</p><p>The developed ID-based key agreement is used as a test bed for experimental evaluation. The test is executed for 10 repetitions (randomly selected number), the average of which is utilized to represent the running time to accomplish the two party key agreement. Our test result</p><p>shows that it is 37.625 ms for each party.</p></sec><sec id="s5_2_2"><title>Communication Overhead:</title><p>In this sub-section, hybrid architecture and straight-forward methods are simulated via Network Simulation-2 (ns-2) [<xref ref-type="bibr" rid="scirp.33928-ref13">13</xref>], a widely used simulation tool. In this test, to achieve the routing function, AODV, a routing protocol, is deployed to connect wireless nodes and forward packets from one node to another. A multicast AODV (MAODV) module is extended at ns-2 to multicast packets for this project. Specially, this simulation utilized the test scenario components listed below:</p><p>NS2 version: ns-2.27 Network: Mobile Ad Hoc Network (MANET)</p><p>Routing Protocol: AODV Multicast Protocol: MAODV Area: 1500 &#215; 300 meters Number of nodes: 50 Physical/Mac layer: IEEE 802.11 at 2 Mbps, 250 meter transmission range Mobility model: random waypoint model with no pause time, maximum speed 20 m/s (high mobility scenarios).</p><p>This test was developed to simulate a scenario which lasts 10 minutes. In the middle of the test, the key server is out-of-service. The purpose of this case study is to compare the communication overhead while managing a group key for straight-forward method and for the proposed hybrid architecture. Specially, in the hybrid architecture, the messages multicast to notify other group members that the key sever is out of service if the key server cannot be detected with heartbeats. Then, a notation to let all group members switch from the centralized method to the contributory one is forwarded. In contrast, in the straightforward method, a new group key will be generated via contributory solutions. <xref ref-type="fig" rid="fig6">Figure 6</xref>(b) shows experimental results which indicate that our hybrid scheme is efficient in terms of communication overhead. Notice that background messages e.g. routing data, keepalive data are also counted in <xref ref-type="fig" rid="fig6">Figure 6</xref>(b).</p></sec></sec><sec id="s5_3"><title>5.3. Security Analysis and Performance Evaluation</title><p>As the group key security has already been formally proved in TGDH, LKH, etc., we will not discuss them in this paper due to limited space.</p><p>The realization of our scheme presents an exciting conesquence to preserve privacy multicast communications in smart buildings since: 1) The hybrid architecture to accommodate the centralized and contributory schemes and individual rekey for member joining are designed for multicast in CSB. It presents not only the efficiency but also the availability; 2) The periodic rekeying scheme and the centralized scheme provide receivers (SHNs or smart meters) the lightweight operations to calculate their new group keys; 3) The hybrid architecture reduces the communication overhead by around 50% while the key server is out-line; 4) Our scheme provides a fault tolerance architecture against single point failures; 5) Most importantly, a couple of novel rekeying algorithms e.g. the child key tree, the fixed key tree, etc. are proposed, designed and implemented for rekeying schemes in practice; 6) Despite that our scheme introduces delay, it still complies with the delay limit, 15 s.</p></sec></sec><sec id="s6"><title>6. Related Works</title><p>We now summarize the privacy preservations of smart grids. Main approaches such as cryptographic primitives [6,7,19,20,27] battery [<xref ref-type="bibr" rid="scirp.33928-ref9">9</xref>], ID anonymization [<xref ref-type="bibr" rid="scirp.33928-ref28">28</xref>], and disturbance [<xref ref-type="bibr" rid="scirp.33928-ref8">8</xref>] are reviewed.</p><p>Cryptographic primitives: Zhang and Gunter [<xref ref-type="bibr" rid="scirp.33928-ref7">7</xref>] propose an approach to secure multicast in smart grid via deploying IPsec protocol and Group Internet Key Exchange (GIKE)/Group Domain of Interpretation (GDOI). Both IPsec and GIKE/GDOI [<xref ref-type="bibr" rid="scirp.33928-ref26">26</xref>] are standards for multicast applications: video broadcast and multicast file transfer; nevertheless, it is less efficient as not specifically designed for multicast in smart grid. Furthermore, its goal is confidentiality instead of privacy.</p><p>Li, Luo, and Liu [<xref ref-type="bibr" rid="scirp.33928-ref6">6</xref>] focus on privacy preservation for smart metering data aggregation in which all messages are encrypted by using homomorphic encryption algorithm. Garcia and Jacobs [<xref ref-type="bibr" rid="scirp.33928-ref19">19</xref>] proposed a privacy-friendly protocol by using homomorphic (Paillier) encrypttion and additive secret sharing to realize tasks such as billing, leakage detections, etc. Rial and Danezis [<xref ref-type="bibr" rid="scirp.33928-ref20">20</xref>] use zero knowledge proofs and commitments to preserve smart meters’ privacy. This protocol facilitates the accurate bill payment and derives the correctness of power bills without exposing any message about customers’ power usage. In [<xref ref-type="bibr" rid="scirp.33928-ref27">27</xref>], Kursawe, Danezis, and Kohlweiss proposed four different protocols, e.g. Diffie-Hellman (DH) Key-exchange based protocol, DH and Bilinearmap based protocol etc. for metering data aggregation services with no privacy disclosure. In [<xref ref-type="bibr" rid="scirp.33928-ref22">22</xref>], Li et al. proposed a privacy preservation scheme for smart home in smart grids based on hybrid group key scheme.</p><p>These privacy preservation solutions relying on cryptographic schemes (except GDOI) cannot secure group communication. The reason is because they are designed for privacy of an individual device or unicast communications. Invoking them in multicast settings cannot be scalable.</p><p>Battery: McLaughlin, McDaniel, and Aiello [<xref ref-type="bibr" rid="scirp.33928-ref9">9</xref>] propose the Non-Intrusive Load Leveling (NILL), a new class of algorithms and systems to mask the appliance’s fine-grained power usage signature. Ten particular deepcycle batteries are deployed. However, there are still a few privacy leakages after deploying extra batteries. Furthermore, they show expensive installment and maintenance cost.</p><p>ID Anonymization: In [<xref ref-type="bibr" rid="scirp.33928-ref28">28</xref>], Efthymiou and Kalogridis proposed a trusted key escrow service to enhance privacy during services such as smart metering data collection, billing service, etc. The approach anonymizes frequent readings with pseudonymous IDs along with randomized time intervals.</p><p>Disturbance: Li et al. [<xref ref-type="bibr" rid="scirp.33928-ref8">8</xref>] proposed a compressed meter reading approach that enhances its privacy through the use of random sequence. This solution integrates with pseudo-random spreading codes and channel gains from smart meters to the Access Points (AP). However, AP is assumed never to be compromised.</p></sec><sec id="s7"><title>7. Conclusions</title><p>The privacy preservation in smart grids over multicast communication is a challenging task. The well-known group key scheme cannot be directly used to protect the privacy of multicast service. The central issues are the reliability and efficiency considering that the prompt restoration and the minimum overall fault times are highly demanded in smart grids. Previous solutions are not appropriate for smart grid settings because of heavyweight rekeying operations, poor scalability or single-point failure architecture.</p><p>This paper presents the design and specification of a fault-tolerant and efficient group key agreement to safeguard the privacy of multicast messages in smart grids. The performance result demonstrates that our scheme is efficient and acceptable. It satisfies smart grid system’s reliability and efficiency requirement.</p></sec><sec id="s8"><title>REFERENCES</title></sec></body><back><ref-list><title>References</title><ref id="scirp.33928-ref1"><label>1</label><mixed-citation publication-type="other" xlink:type="simple">T. Vijayapriya and D. P. Kothari, “Smart Grid: An Overview,” Smart Grid and Renewable Energy, Vol. 2, No. 4, 2011, pp. 305-311. doi:10.4236/sgre.2011.24035</mixed-citation></ref><ref id="scirp.33928-ref2"><label>2</label><mixed-citation publication-type="other" xlink:type="simple">D. Li, Z. Aung, J. Williams and A. Sanchez, “Efficient Authentication Scheme for Data Aggregation in Smart Grid with Fault Tolerance and Fault Diagnosis,” IEEE Power and Energy Society Conference on Innovative Smart Grid Technologies, Washington DC, 19-22 February 2012, pp. 1-8.</mixed-citation></ref><ref id="scirp.33928-ref3"><label>3</label><mixed-citation publication-type="other" xlink:type="simple">H. Y. Tung, K. F. Tsang, H. C. Tung, V. Rakocevic, K. T. Chui and Y. W. Leung, “A WiFi-ZigBee Building Area Network Design of High Traffics AMI for Smart Grid,” Smart Grid and Renewable Energy, Vol. 3, No. 4, 2012, pp. 253-259. doi:10.4236/sgre.2012.34043</mixed-citation></ref><ref id="scirp.33928-ref4"><label>4</label><mixed-citation publication-type="other" xlink:type="simple">NIST, “Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid,” NISTIR 7628, August 2010.</mixed-citation></ref><ref id="scirp.33928-ref5"><label>5</label><mixed-citation publication-type="other" xlink:type="simple">E. L. Quinn, “Privacy and the New Energy Infrastructure,” Social Science Research Network (SSRN), 2009.  
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1370731</mixed-citation></ref><ref id="scirp.33928-ref6"><label>6</label><mixed-citation publication-type="other" xlink:type="simple">F. Li, B. Luo and P. Liu, “Secure Information Aggregation for Smart Grids Using Homomorphic Encryption,” IEEE International Smart Grid Communications, New York, 4-6 October 2010, pp. 327-332.</mixed-citation></ref><ref id="scirp.33928-ref7"><label>7</label><mixed-citation publication-type="other" xlink:type="simple">J. Zhang and C. A. Gunter, “Application-Aware Secure Multicast for Power Grid Communication,” IEEE Conference on Smart Grid Communications, New York, 4-6 October 2010, pp. 339-344.</mixed-citation></ref><ref id="scirp.33928-ref8"><label>8</label><mixed-citation publication-type="other" xlink:type="simple">H. Li, R. Mao, L. Lai and R. C. Qiu, “Compressed Meter Reading for Delay-Sensitive and Secure Load Report in Smart Grid,” IEEE International Conference on Smart Grid Communications, New York, 4-6 October 2010, pp. 114-119.</mixed-citation></ref><ref id="scirp.33928-ref9"><label>9</label><mixed-citation publication-type="other" xlink:type="simple">S. Mclauhlin, P. Mcdaniel and W. Aiello, “Protecting Consumer Privacy from Electric Load Monitoring,” 18th ACM Computer and Communication Security Conference, Chicago, 17-21 October 2011, pp. 87-98.</mixed-citation></ref><ref id="scirp.33928-ref10"><label>10</label><mixed-citation publication-type="other" xlink:type="simple">http://www.zigbee.org/</mixed-citation></ref><ref id="scirp.33928-ref11"><label>11</label><mixed-citation publication-type="other" xlink:type="simple">http://www.wi-fi.org/</mixed-citation></ref><ref id="scirp.33928-ref12"><label>12</label><mixed-citation publication-type="other" xlink:type="simple">SmartGridNews, “IBM Consumer Survey Reveals Where Utilities Are Still Getting It Wrong,” 2011.  
http://www.smartgridnews.com/artman/publish/Business_Stratgy/IBM-consumer-survey-reveals-where-utilities-are-still-getting-it-wrong-3944.html</mixed-citation></ref><ref id="scirp.33928-ref13"><label>13</label><mixed-citation publication-type="other" xlink:type="simple">NS2, “The Network Simulator,” 2013.  
http://www.isi.edu/nsnam/ns</mixed-citation></ref><ref id="scirp.33928-ref14"><label>14</label><mixed-citation publication-type="other" xlink:type="simple">B. Akyol, H. Kirham, S. Clements and M. Hadley, “A Survey of Wireless Communications for the Electric Power System,” US Department of Energy, 2010, in press.  
doi:10.2172/986700</mixed-citation></ref><ref id="scirp.33928-ref15"><label>15</label><mixed-citation publication-type="other" xlink:type="simple">N. Liu, J. Chen, L. Zhu, J. Zhang and Y. He, “A Key Management Scheme for Secure Communications of Advanced Metering Infrastructure in Smart Grid,” IEEE Transactions on Industrial Electronics, Vol. 60, No. 10, 2012, pp. 4746-4756.</mixed-citation></ref><ref id="scirp.33928-ref16"><label>16</label><mixed-citation publication-type="other" xlink:type="simple">C. K. Wong, G. Gouda and S. S. Lam, “Secure Group Communications Using Key Graphs,” IEEE/ACM Transactions on Networking, Vol. 8, No. 1, 2000, pp. 16-30.  
doi:10.1109/90.836475</mixed-citation></ref><ref id="scirp.33928-ref17"><label>17</label><mixed-citation publication-type="other" xlink:type="simple">Y. Kim, A. Perrig and G. Tsudik, “Simple and FaultTolerant Key Agreement for Dynamic Collaborative Groups,” 7th ACM Computer and Communication Security Conference, Athens, 1-4 November 2000, pp. 235244.</mixed-citation></ref><ref id="scirp.33928-ref18"><label>18</label><mixed-citation publication-type="other" xlink:type="simple">E. Okamoto and K. Tanaka, “Key Distribution System Based on Identification Information,” IEEE Journal of Selected Areas in Communications, Vol. 7, No. 4, 1989, pp. 481-485. doi:10.1109/49.17711</mixed-citation></ref><ref id="scirp.33928-ref19"><label>19</label><mixed-citation publication-type="other" xlink:type="simple">F. D. Garcia and B. Jacobs, “Privacy-Friendly EnergyMetering via Homomorphic Encryption,” 6th International Conference on Security and Trust Management, Athens, 23-24 September 2010, pp. 226-238.</mixed-citation></ref><ref id="scirp.33928-ref20"><label>20</label><mixed-citation publication-type="other" xlink:type="simple">A. Rail and G. Danezis, “Privacy-Preserving Smart Meteringm,” ACM CCS Workshop on Privacy in the Electronic Society, Chicago, 17-21 October 2011, pp. 49-60.</mixed-citation></ref><ref id="scirp.33928-ref21"><label>21</label><mixed-citation publication-type="other" xlink:type="simple">M. A. Lisovich, D. K. Mulligan and S. B. Wicker, “Inferring Personal Information from Demand-Response Systems,” IEEE Security &amp; Privacy, Vol. 8, No. 1, 2010, pp. 11-20. doi:10.1109/MSP.2010.40</mixed-citation></ref><ref id="scirp.33928-ref22"><label>22</label><mixed-citation publication-type="other" xlink:type="simple">D. Li, Z. Aung, S. Sampalli, J. Williams and A. Sanchez, “Privacy Preservation for Smart Grid Multicast via Hybrid Group Key Scheme,” International Conference on Electrical Engineering and Computer Science, Shanghai, 17 August 2012, pp. 62-69.</mixed-citation></ref><ref id="scirp.33928-ref23"><label>23</label><mixed-citation publication-type="other" xlink:type="simple">B. Lynn, “The Stanford Pairing Based Crypto Library,” 2013. http://crypto.stanford.edu/pbc/</mixed-citation></ref><ref id="scirp.33928-ref24"><label>24</label><mixed-citation publication-type="other" xlink:type="simple">GNU, “The GNU Multiple Precision Arithmetic Library,” 2013. http://gmplib.org/</mixed-citation></ref><ref id="scirp.33928-ref25"><label>25</label><mixed-citation publication-type="other" xlink:type="simple">K. C. Ameroth, “A Long-Term Analysis of Growth and Usage Patterns in the Multicast Backbone (MBone),” IEEE Conference on Computer Communications, Tel Aviv, 26-30 March 2000, pp. 824-833.</mixed-citation></ref><ref id="scirp.33928-ref26"><label>26</label><mixed-citation publication-type="other" xlink:type="simple">Network Working Group, “IETF RFC 3547, the Group Domain of Interpretation,” 2003.  
http://tools.ietf.org/html/rfc3547#section-1.1</mixed-citation></ref><ref id="scirp.33928-ref27"><label>27</label><mixed-citation publication-type="other" xlink:type="simple">K. Kursawe, G. Danezis and M. Kohlweiss, “PrivacyFriendly Aggregation for the Smart-Grid,” Privacy Enhancing Technologies, Lecture Notes in Computer Science, Vol. 6794, 2011, pp. 175-191.</mixed-citation></ref><ref id="scirp.33928-ref28"><label>28</label><mixed-citation publication-type="other" xlink:type="simple">C. Efthymiou and G. Kaogridis, “Smart Grid Privacy via Anonymization of Smart Metering Data,” IEEE International Smart Grid Communications, New York, 4-6 October 2010, pp. 238-243.</mixed-citation></ref></ref-list></back></article>