Transcript An Introduction of Joint Encryption and Compressive

Encryption and Compressive
Sensing in Smart Grid
Juntao Gao
2015/7/18
Xidian University
1
Outline
•
•
•
•
•
Introduction
Compressive sensing
Traditional encryption and signature scheme
Cai et al.’s scheme
Our idea
2015/7/18
Xidian University
2
Introduction
• Smart meters play a role to measure the energy
usage in smart grid. They deliver readings to the
control center by one-hop or multi-hop
communications.
• The control center will give some orders to tailor
the power supply and delivery in smart grid
according to the readings.
2015/7/18
Xidian University
3
Introduction
• The readings have three main characteristics.
① Privacy.
② Big data
③ Dynamic nature.
Cai et al. present a `secure compressed reading’
scheme for transmitting the readings by
combining compressive sensing technique and
encryption.
2015/7/18
Xidian University
4
Compressive Sensing Technique
• Compressed sensing(CS ) is a surprising
technology, which can be used for acquiring and
reconstructing a signal from fewer samples than
the Nyquist-Shannon theorem requests.
• The prerequisite of CS is that the signal must be
sparse in some domain.
An 𝑛-dimensional real signal 𝑑 is said to be 𝑘-sparse,
if there is an 𝑛 × 𝑛 matrix 𝑴, such that 𝑑 = 𝑴𝑥,
where 𝑥 has at most 𝑘 non-zero entries(𝑘 < 𝑛).
2015/7/18
Xidian University
5
Compressive Sensing Technique
• CS depends on an 𝑚 × 𝑛 (𝑚 < 𝑛) sensing
matrix 𝚽, which satisfies a Restricted Isometry
Property(RIP).
• The sensing matrix transforms the original
signal 𝑑 into an 𝑚-dimensional vector, i.e., 𝑦=
𝚽𝑑.
2015/7/18
Xidian University
6
Compressive Sensing Technique
• The real vector 𝑑 can be exactly recovered
from the shorter vector 𝑦 by solving the
following convex optimization problem
𝑚𝑖𝑛𝑥
| 𝑥 |𝑙1
s. t.
𝑦 = 𝚽𝑑
𝑑 = 𝐌𝑥 ,
If 𝐌 is orthonormal, 𝚽 satisfies the RIP, and 𝑑 is
a 𝑘-sparse in domain 𝐌.
2015/7/18
Xidian University
7
Compressive Sensing Technique
• The fact is that a long 𝑛-dimensional vector 𝑑
can be obtained from a much shorter 𝑚dimensional vector 𝑦, where 𝑚 = O(𝑘 ∙
log 𝑛/𝑘).
• So CS can be used for improving the efficiency
in data transmission. The performance
depends on the sparse domain of the vector 𝑑 .
• The cost using CS in smart grid is some extra
computation in the terminals.
2015/7/18
Xidian University
8
Traditional encryption and signature
Usually, we assume that an attacker can launch the
following attack.
• The attackers can eavesdrop a user’s readings and
infer his/her consumer behaviors.(privacy)
• The attacker can distort the data or forge the
readings to make the control center perform
wrong reconstructions.(tampering)
• The attacker can imitate a user, send forged data
to the control center.(impersonation)
• The attacker can send previous readings to the
control center to cause error.(replay)
2015/7/18
Xidian University
9
Traditional encryption and signature
• Paillier crypto-system is a public key system. It
is a homomorphic crypto-system but not full.
• Hash function is a one-way trapdoor function,
such as, MD5, SHA-1, which can ensure the
data integrity.
• Signature scheme usually is designed based
on a public key cryptosystem, which can be
used for ensuring the legal user can not be
impersonated.
2015/7/18
Xidian University
10
Cai et al. ‘s Scheme
• The authors wish to apply the CS and
cryptographic techniques to the smart grid.
• They consider arbitrary tree topology for
smart grid transmission. The control center is
the root and each node in the tree represents
a smart meter except the root.
• Each node can communicate with it’s parent
directly with a wireless manner.
2015/7/18
Xidian University
11
Cai et al. ‘s Scheme
2015/7/18
Xidian University
12
Cai et al. ‘s Scheme
• All nodes but the root are divided into two types:
① Forwarder: Acquiring readings from attached
smart meters and forwards to its parent node
together with the data from it’s children nodes.
The number of the children is less than or equal
to 𝑚 − 1.
② Aggregator: Collecting readings from its smart
meter, aggregating the readings with data from
it’s children and sending aggregated data to its
parent. The number of the children is larger
than 𝑚 − 1.
2015/7/18
Xidian University
13
Cai et al. ‘s Scheme
• Every node reports its data synchronously, and
appending its ID, which is signed by a user by
using RSA algorithm.
• All the data will be encrypted by Pallier
cryptosystem. The public key is published by
the control center, and the private key is kept
by the control center.
• The authors use the SHA-1 to check the
integrity of the encrypted data.
2015/7/18
Xidian University
14
Cai et al. ‘s Scheme
• The idea of the CS reading algorithm :
• If there is not aggregator in the network, each
node is a forwarder, which just relay the readings
from its children and its own reading to its parent
node.
• The aggregator calculates the weighted sum of
the readings of its children nodes, and combines
these results with its aggregator children nodes,
then reports to its parent node.
2015/7/18
Xidian University
15
Cai et al. ‘s Scheme
2015/7/18
Xidian University
16
Cai et al. ‘s Scheme
• Cai et al., reconstruct the readings by solving a
convex optimization problem. They give two
cases (snapshot and stream) to deal with the
static data and stream data.
① Snapshot case. They use a piecewise polynomial
(with wavelet transform) and a switching matrix
to arrange the data. But the matrix is unknown
in practice.
② Stream case. They use the differential-codinglike method to deal with the stream data.
2015/7/18
Xidian University
17
Cai et al. ‘s Scheme
• Maybe there is an recovery error in the stream
case, however the authors have proven that
the error will not amplify.
• The security about protecting privacy, integrity
and avoiding tampering, replay is given in
Algorithm 2, 3, 4.
2015/7/18
Xidian University
18
Cai et al. ‘s Scheme
2015/7/18
Xidian University
19
Cai et al. ‘s Scheme
2015/7/18
Xidian University
20
Cai et al. ‘s Scheme
2015/7/18
Xidian University
21
Our idea
• The Pallier cryptosystem has a low efficiency,
especially for a large amount of data
aggregator.
• Gaussian random coefficients are difficult to
generate.
• The sparse domain is not fixed, which leads to
the recovery failure in the control center.
• We must have a further mining on the data of
readings.
2015/7/18
Xidian University
22
Thank you!
2015/7/18
Xidian University
23