Skip to main content
QUICK REVIEW

[论文解读] A Security Architecture for Data Aggregation and Access Control in Smart Grids

Sushmita Ruj, Amiya Nayak|arXiv (Cornell University)|Nov 10, 2011
Cryptography and Data Security参考文献 25被引用 32
一句话总结

本文提出了一种用于智能电网的去中心化安全架构,结合同态加密与基于属性的加密(ABE),实现隐私保护的数据聚合以及细粒度的、选择性访问控制。该方案通过同态加密确保隐私,并利用去中心化的访问控制实现安全的协同抵抗,降低对单一可信机构的依赖,同时保持较低的计算开销。

ABSTRACT

We propose an integrated architecture for smart grids, that supports data aggregation and access control. Data can be aggregated by home area network, building area network and neighboring area network in such a way that the privacy of customers is protected. We use homomorphic encryption technique to achieve this. The consumer data that is collected is sent to the substations where it is monitored by remote terminal units (RTU). The proposed access control mechanism gives selective access to consumer data stored in data repositories and used by different smart grid users. Users can be maintenance units, utility centers, pricing estimator units or analyzing and prediction groups. We solve this problem of access control using cryptographic technique of attribute-based encryption. RTUs and users have attributes and cryptographic keys distributed by several key distribution centers (KDC). RTUs send data encrypted under a set of attributes. Users can decrypt information provided they have valid attributes. The access control scheme is distributed in nature and does not rely on a single KDC to distribute keys. Bobba \emph{et al.} \cite{BKAA09} proposed an access control scheme, which relies on a centralized KDC and is thus prone to single-point failure. The other requirement is that the KDC has to be online, during data transfer which is not required in our scheme. Our access control scheme is collusion resistant, meaning that users cannot collude and gain access to data, when they are not authorized to access. We theoretically analyze our schemes and show that the computation overheads are low enough to be carried out in smart grids. To the best of our knowledge, ours is the first work on smart grids, which integrates these two important security components (privacy preserving data aggregation and access control) and presents an overall security architecture in smart grids.

研究动机与目标

  • 解决智能电网数据管理中集成隐私保护与访问控制的关键需求。
  • 保护消费者数据在家庭、建筑及社区网络中的聚合过程中的隐私。
  • 使不同智能电网利益相关方(如电网控制中心和定价单位)能够选择性地、安全地访问聚合数据。
  • 消除现有访问控制方案中集中式密钥分发所导致的单点故障风险。
  • 设计一种可扩展的去中心化访问控制机制,具备抗共谋攻击能力,并支持高效的用户撤销。

提出的方法

  • 使用同态加密,使数据在不解密个体消费者数据的情况下实现聚合,从而在网路层保护隐私。
  • 采用基于双线性对的去中心化基于属性的加密(ABE),根据用户属性实施细粒度访问控制。
  • 通过多个密钥分发中心(KDCs)分发密码学密钥,消除对单一可信权威的依赖。
  • 每个RTU基于一组属性对数据进行加密;只有当用户的属性满足访问策略时,才能解密。
  • 使用配对运算和标量乘法等密码学技术,确保安全性和效率。
  • 通过仅重新加密必要组件,支持动态用户撤销,最大限度减少重新计算与通信开销。

实验结果

研究问题

  • RQ1如何在多层网络中安全聚合消费者数据,同时保护隐私?
  • RQ2如何根据用户角色和属性,选择性地授予不同智能电网用户对聚合数据的访问权限?
  • RQ3能否设计一种去中心化的访问控制方案,以避免集中式KDC模型中存在的单点故障漏洞?
  • RQ4在实际智能电网部署中,该方案的计算与通信开销如何?
  • RQ5该方案如何抵抗共谋攻击,即多个未经授权用户联合其密钥以获取访问权限?

主要发现

  • 所提出的架构通过同态加密实现了隐私保护的数据聚合,确保个体消费者数据在聚合过程中保持机密。
  • 去中心化的ABE方案支持选择性访问控制,无需依赖单一在线KDC,提升了系统的鲁棒性与可用性。
  • 该方案具备抗共谋能力,可防止未经授权用户通过组合其属性获得数据访问权限。
  • 对于包含10个属性的访问策略,每位用户的解密时间为124.5毫秒,计算时间与属性数量呈线性增长。
  • 通信开销为O(m² + m|G_T| + |Data|),其中m为属性数量,在实际部署中保持高效。
  • 撤销操作每KDC仅需2m′ + 1次标量乘法,重新加密与通信成本极低,支持高效的用户撤销。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。