IEEE TRANSACTIONS ON SMART GRID, VOL. 15, NO.

2, MARCH 2024 2203

Enabling Efficient and Malicious Secure Data

Aggregation in Smart Grid With
False Data Detection
Haolin Pang , Kai He , Youcai Fu , Jia-Nan Liu , Member, IEEE, Xueqiao Liu , and Wuzheng Tan

Abstract—As the next-generation power grid, the smart grid power grid replacing the traditional power grid. Compared
has significantly improved dependability, flexibility, and efficiency with the traditional power grid, the smart grid is advantageous
compared with the traditional power grid. However, due to on dependability, flexibility, and efficiency [2], [3].
increasingly diverse application requirements, it faces challenges
on balancing data privacy, efficiency, and robustness. In this Smart meters are the core components of the smart grid,
paper, we present a fog computing-based smart grid model. In which gather usage data on home users and inform the service
addition, based on the proposed model, we construct an effi- provider of the electricity demand. This enables the service
cient and privacy-preserving scheme that supports malicious provider to optimize their power generation, transmission, dis-
secure smart grid usage data aggregation communication. To tribution, and control [4]. However, individual electricity usage
our best knowledge, this is the first concrete smart grid solution
that concurrently achieves secure aggregation communication, data contains sensitive information which can be exploited by
data privacy, and data robustness (e.g., false data detection). adversaries. For example, a thief may learn the living habits
Specifically, benefiting from Boolean/Arithmetic secret-sharing of a home user according to her/his fine-grained electricity
methods, our proposed scheme allows home users to report their usage data. Therefore, finding a balance between the usability
electricity usage data to the cloud and fogs securely. Besides, and the privacy of the data on electricity usage is not only a
a false data detection protocol is proposed to resist false data
injection attacks launched by malicious home users. Theoretical crucial research gap, but also a technical barrier for the smart
analysis and experimental implementation show that our scheme grid.
efficiently achieves data security, anonymity, and robustness. To protect the privacy of usage data, several smart grid
Index Terms—Smart grid, false data detection, robustness, schemes, based on cloud computing and/or fog comput-
privacy-preserving, malicious secure. ing, were recently presented. In cloud-based smart grid
schemes [5], [6], [7], smart meters transfer their usage data
to a cloud. The data can then be used for billing, predictive
I. I NTRODUCTION analytics to estimate power demands, and other purposes. For
a large number of smart meters, the transmission of such data
HE ADVANCEMENT and widespread deployment of the
T Internet of Things (IoT) has fundamentally changed our
way of life by providing desirable comfort and flexibility [1].
can result in significant latency at the cloud, and the cloud
may not be able to handle all of these requests promptly.
However, in the big data era, users have higher expectations
A typical IoT network is the smart grid network which com- for quality of service and network performance [8]. Therefore,
prises millions of smart appliances and is the next-generation it is preferable to move some functionalities of the cloud to
the fog node [9]. Fog computing has made it possible to
Manuscript received 8 November 2022; revised 6 February 2023, 24 May
2023, and 24 August 2023; accepted 10 September 2023. Date of publica- extend the capabilities of cloud computing to the network
tion 18 September 2023; date of current version 21 February 2024. This edge by facilitating communication, processing, and storage
work was supported in part by the National Key Research and Development between the cloud and end-users. In cloud-fog-based aggrega-
Program of China under Grant 2021ZD0112802, and in part by the
National Natural Science Foundation of China under Grant 62102166, Grant tion schemes [10], [11], [12], [13], most of the tasks of data
62332007, Grant 62272199, and Grant 62102165. Paper no. TSG-01672-2022. aggregation are performed by fog nodes, which effectively mit-
(Corresponding author: Jia-Nan Liu.) igates the computational and communication overhead at the
Haolin Pang, Kai He, and Youcai Fu are with the School of Computer
Science and Technology, Dongguan University of Technology, Dongguan cloud.
523808, China. Although prior cloud-based and cloud-fog-based solutions
Jia-Nan Liu is with the School of Computer Science and Technology, can prevent sensitive information from being disclosed to
Dongguan University of Technology, Dongguan 523808, China,
also with Guangzhou Fongwell Data Limited Company, Guangzhou adversaries or the service provider, malicious home users may
511400, China, and also with Pazhou Lab, Guangzhou 510000, China still compromise the meter software or tamper with the traf-
(e-mail: [email protected]). fic of communication channels between smart meters and the
Xueqiao Liu is with the School of Computing and Information Technology,
University of Wollongong, Wollongong, NSW 2522, Australia. service provider [14], [15], so that the electricity usage data
Wuzheng Tan is with the College of Cyber Security, Jinan University, can be manipulated. Tertytchny et al. [16] proposed a man-in-
Guangzhou 510632, China. the-middle attack to overload a targeted feeder by injecting
Color versions of one or more figures in this article are available at
https://doi.org/10.1109/TSG.2023.3316730. false data to all packets between the smart meter and the
Digital Object Identifier 10.1109/TSG.2023.3316730 ancillary services controller, generating excess current. This
1949-3053 
c 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 2204 IEEE TRANSACTIONS ON SMART GRID, VOL. 15, NO. 2, MARCH 2024

would not only trip the overcurrent protection relay, caus- in a reasonable range will not only affect the property of
ing blackout in the area, but also severely impact load shifts electricity companies and home users, but also influence
and redistribution in the grid [17]. Sethi et al. [18] used false the accuracy of demand forecasting, pricing strategies,
data injection attacks to inject malicious code into the system, etc. With Boolean shares, our scheme allows the cloud
corrupting pricing data, and thereby disrupting scheduling and fog to detect whether the usage data is in a reason-
and pricing operations. In this attack, the attacker decreased able range, thereby ensuring the stability and security of
the price of electricity bills by 15% on the customer’s side. smart grid.
Corrupting electricity bills can be profitable for customers in • On the other hand, the security and privacy proofs
the long run and cause financial losses for the electricity com- show that our scheme achieves the privacy preserva-
pany. In addition, lower electricity prices can also affect the tion, anonymity, and robustness against any probabilistic
magnitude of oscillation of energy demand and distribution polynomial-time honest-but-curious internal adversaries
system voltage [19]. Ismail et al. [20] introduced several cyber and malicious internal adversaries. Furthermore, the com-
attacks, namely partial increment attack, minimum generation parisons and experimental results also indicate that our
attack, and peak generation attack. Malicious users can hack scheme is effective and efficient for smart grid scenarios.
their smart meters to increase solar generation readings, caus- The remainder of the paper is organized as follows. In
ing electricity companies to overcharge. In summary, these Section II, we review the related works. Then we formalize the
attacks will not only affect the property of electricity compa- system model and threat model in Section III. In Section IV,
nies and home users, but may even have adverse effects on we review the preliminaries used in this paper. We show our
demand forecasting, pricing strategies, residential area gen- proposed scheme in Section V. The security and privacy proofs
eration/scheduling mechanisms, and power supply stability, are shown in Section VI. Finally, we give the evaluation and
thereby affecting the security of smart grids [21]. Therefore, in conclusion in Sections VII and VIII, respectively.
the smart grid, a robust mechanism is needed to detect whether
the electricity usage data of home users is false, ensuring that
the usage data is within a reasonable range. II. R ELATED W ORK
A series of existing schemes achieve the robustness Recently, a series of cloud-based and fog-based privacy
and data privacy via zero-knowledge proofs (ZKPs) tech- aggregation schemes have been introduced into the smart grid
niques [22], [23], [24]. ZKPs allow one party to prove a fact filed. The majority of these schemes [5], [6], [29], [30], [31],
to another without revealing the fact. For example, a home [32] implement usage data aggregation based on the Paillier
user can prove that it reports a certain encrypted data to the homomorphic encryption [33]. Saleem et al. [29] described
cloud without disclosing the data value. With this property, an efficient fog-enabled privacy-preserving data aggrega-
ZKPs can indeed be used to detect false data. However, ZKPs tion scheme designed to prevent reply attacks. Chen et al.
require a lot of computation in the verification or proof phase. scheme [30] supported the service provider to perform the
Considering that home users periodically report their elec- variance analysis and the one-way analysis of variance on
tricity usage, ZKPs, or any other computationally intensive the data. Lu et al. [5] proposed a protocol called EPPA,
cryptographic primitives, are not suitable for being adopted in which utilizes the Paillier homomorphic encryption to guaran-
the smart grid. Furthermore, although some cloud-based solu- tee the confidentiality and integrity of messages. Liu et al. [13]
tions using Arithmetic secret-sharing schemes [25], [26] or constructed a fog-enabled privacy-preserving smart grid data
lightweight cryptographic primitives (such as hash functions aggregation using the double trapdoor decryption cryptosys-
or exclusive-OR operations) [27], [28] can significantly reduce tem [34], which allows the service provider to launch various
the computational cost, they still haven’t considered whether function queries on encrypted metering data. Ding et al. [7]
the electricity usage data is within a reasonable range. utilized the additive homomorphic identity-based scheme to
To address the aforementioned problems, we propose a accomplish data aggregation, which supports batch verifica-
novel fog computing-based smart grid model in this paper. tion by the cloud and service provider. Zhao et al. [35]
Then, we construct an efficient and privacy-preserving smart employed the somewhat homomorphic encryption [36] to
grid scheme under this model. It utilizes the secret-sharing construct a one-dimensional aggregation for fog-based smart
methods to achieve aggregated communication and supports grids, enabling multifunctional statistics.
the cloud and fog to detect whether the usage data is false, We note that the aforementioned researches have two
i.e., whether it exceeds the reasonable range set by the system, crucial flaws. On the one hand, most works utilize
without sacrificing privacy. Specifically, the contributions of bilinear pairing and homomorphic encryption to achieve
this work are as follows. the data privacy aggregation, which requires the gener-
• On the one hand, we propose a new smart grid model ation of additional parameters, such as group parame-
based on fog computing and cloud computing, and con- ters, pairing parameters, and public/secret key pairs. We
struct a concrete scheme under this model. In this scheme, believe that the smart grid is a lightweight applica-
the secret usage data of home users can be split into two tion and should not involve too many public-key encryp-
Boolean shares, which are outsourced to the cloud and tion parameters. For example, Danezis et al. [25] and
fog, respectively, to prevent abuse by service providers, Mustafa et al. [26] provided support for computing aggregation
while being efficiently aggregated by the cloud and fog. In functions on fine-grained electricity usage data, implemented
addition, failing to ensure that the electricity usage data is by adopting efficient Arithmetic secret-sharing-based secure

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 PANG et al.: ENABLING EFFICIENT AND MALICIOUS SECURE DATA AGGREGATION IN SMART GRID 2205

area consists a number of adjacent home users. Each user is

equipped with a smart meter to collect the user’s electricity
usage data and periodically reports its electricity usage data to
its local fog and the cloud. Specifically, during each electricity
usage data reporting period, the home user computes its usage
data into two Boolean shares and sends the two shares to the
cloud and fog, respectively.
After receiving enough usage report shares from registered
users in a period, the cloud and fog will check the valid-
ity of these data together, and then aggregate received shares
of the residential area into their respective local accumula-
tors. Finally, they send their accumulated values to the SP in
Fig. 1. System Model.
time. When the SP obtains enough aggregation values of the
period from the cloud and fogs, it can reconstruct aggregations
multi-party computation techniques. Gope and Sikdar [27] and of residential areas’ electricity usages and dynamically adjust
Knirsch et al. [28] utilized lightweight cryptographic prim- its power distribution and control strategies, such as dynamic
itives (such as hash functions or exclusive-OR operations) price, power distribution and so on.
to construct lightweight and privacy-friendly masking-based
data aggregation schemes. Lightweight schemes can greatly
B. Threat Model
improve the aggregation efficiency of the smart grid; however,
on the other hand, the above works lack robust mechanisms for In this work, we consider a practical threat model, which
detecting false electricity usage data submitted by malicious contains honest-but-curious internal adversaries and malicious
home users. internal adversaries. An honest-but-curious internal adversary
There are several ZKPs schemes [22], [23], [24], [37], can be a corrupt participant, such as the cloud, the fog, or the
[38], [39] providing robust mechanisms. The scheme proposed SP. These entities will follow protocols faithfully but want
in [22], [24], [39] consider a setting in which a client secretly to infer more knowledge about others’ inputs and results.
shares a big input x among two or more servers, and the servers Specifically, this work is based on the following assumptions.
want to confirm that the input shared by the client is some- 1) The cloud, the fog, and the SP are honest-but-curious.
how “well-formed.” The sublinear interactive oracle proofs That is, they will follow the protocol, but they are curi-
for low-degree languages proposed by [37] can be applied to ous to know the readings of smart meters. Besides, they
get sublinear protocols for proving in zero-knowledge that a will not collude with either of them.
secret-shared input x satisfies a set of low-degree constraints. 2) An internal adversary, such as a malicious home user,
Recently, Yang and Wang [23] and Applebaum et al. [38] also may deliberately report false electricity usage data,
proposed ZKPs schemes, claiming that their schemes are more making the usage data within an unreasonable range,
efficient than [24]. thereby affecting the final aggregated results. This would
The above schemes utilize ZKPs to provide robustness, cause the failure of the dynamic distribution strategy
where client-side computation and client-to-server communi- and power supply stability of the smart grid, thereby
cation increase linearly with the size of user data. However, the affecting the stability and security of the smart grid.
smart meter is a lightweight device that should not undertake Note that, an external adversary may eavesdrop on com-
too many computational tasks. Recently, Addanki et al. [40] munication channel and try to retrieve information from the
proposed a new aggregation scheme called Prio+, which is a channel. However, an internal malicious adversary can do
new and improved version of Prio [24]. Prio+ [40] was opti- more aggressive actions than an external malicious adversary.
mized to reduce the overall burden on the client rather than Therefore, in order to simplify the construction, we assume
on the server, and utilized the Boolean secret-sharing scheme that the communication channel in the system is secure.
so that clients can prove their data falls in a reasonable range That is, all communications will not be obtained or modi-
at essentially zero computational cost. fied by external adversaries. This assumption can be realized
by standard public-key encryption, signatures, and Public Key
Infrastructure (PKI).
III. P ROBLEM F ORMULATION
Under the aforementioned system model and threat model,
A. System Model the following security requirements are considered in our
As shown in Fig. 1, in the proposed system model, we con- scheme.
sider four types of entities: a service provider (SP), a cloud, a • Privacy preservation. The privacy of home users’ electric-
set of fogs {F1 , F2 , . . . , Fk , . . .}, and a large number of home ity usage data should be preserved to prevent disclosure
users U = {U1 , U2 , . . . , Ui , . . . , Un } in a residential area. In to other entities. Although the SP can obtain the aggre-
which, a fog is responsible for linking and managing a residen- gation of home users’ usage data, it still doesn’t know
tial area, a cloud links a large amount of residential areas, and individual electricity usage reports.
the SP represents an electricity company that provides elec- • Anonymity. The anonymity of home users should be
tricity services and charges from home users. A residential maintained in our proposed scheme. Even if a cloud or

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 2206 IEEE TRANSACTIONS ON SMART GRID, VOL. 15, NO. 2, MARCH 2024

TABLE I
N OTATIONS • Share⊕,l : Z2l → (Z2l )2 , Share⊕,l (x) = (xB0 , xB1 ),
which are random elements of Z2l subject to the con-
straint xB0 ⊕ xB1 = x.
• Rec⊕,l : (Z2l )2 → Z2l , Rec⊕,l (xB
0 , x1 ) = x0 ⊕ x1 .
B B B

Operations: Any efficiently computable function can be rep-

resented as a circuit of XOR and AND gates [40], which can
be computed over Boolean secret-shares. Here we only review
the XOR gate as follows:
zB = xB ⊕ yB . Each server i ∈ {0, 1} locally computes
zBi = xBi ⊕ yBi .
a fog chooses honest home users’ data and controls all Arithmetic secret-sharing: Given an integer x ∈ Z2l , an
other home users, it has no way of knowing which honest Arithmetic secret-sharing of x is a random pair a, b ∈ Z2l
home user submitted which data through the system. subject to the condition a + b = x mod 2l . We will first for-
• Robustness. The electricity usage data of home users mally describe the sharing semantics. Then we will describe
should be in a reasonable range. Even if malicious home the process of adding shared values.
users report data within an unreasonable range, the cloud Semantics: The two-party Arithmetic secret-sharing scheme
and fog can syntactically detect and reject such false data. consists of the following pair of functions:
Thus, the final aggregated result can not be affected by • Share+,l : Z2l → (Z2l )2 , Share+,l (x) = (xA 0 , x1 ),
A

the home users’ false submissions. which are random elements of Z2l subject to the con-
straint xA0 + xA1 = x.
• Rec+,l : (Z2l )2 → Z2l , Rec+,l (xA 0 , x1 ) = x0 +
A A
IV. P RELIMINARIES
x1 mod 2 .
A l
In this section, we first show the used notations in Table I. Operations: Every efficiently computable function can be rep-
Then we briefly review the Boolean secret-sharing scheme, resented as a circuit of multiplication and addition gates [40],
Arithmetic secret-sharing scheme, and Boolean-to-Arithmetic which can each be performed over arithmetically secret-shared
share conversion which are exploited in our scheme. values. Here we only review the addition gate as follows:
zA = xA + yA . Each server i ∈ {0, 1} locally computes
A. Two-Party Secret-Sharing Schemes zAi = xAi + yAi .
First, we review the general concept of two-party secret-
sharing. Two-party secret-sharing is a cryptographic tool B. Boolean-to-Arithmetic (B2A) Share Conversion
which allows a party to“share” a private value x into a vector
of values x = (x0 , x1 ) in such a way that any strict subset The B2A protocol takes as input a pair of Boolean shares
of these values reveals nothing about x, but all values together (xB0 , xB1 ) and outputs a pair of random Arithmetic shares
can be used to reconstruct x completely. We assume that a (xA0 , xA1 ) of the same underlying value x. And the main
home user holding secret value x who wishes to “share” this building block of the B2A protocol is oblivious transfer (OT).
secret value between a cloud and a fog. A general two-party We use 1-out-of-2 OT [41], where the sender inputs two l-bit
secret-sharing scheme consists of two algorithms: strings (s0 , s1 ) and the receiver inputs a bit c ∈ {0, 1} and
• Share(x) takes a secret x and returns shares x0 and x1 .
obliviously obtains sc as output, such that the receiver learns
• Rec(x0 , x1 ) returns x if and only if x0 and x1 are
no information about s1−c and the sender learns no information
produced by Share(x). about c. The procedure of the B2A protocol is as follows:
Two-party secret-sharing scheme must have two properties: The general idea is to perform an OT for each bit where we
privacy and correctness. Privacy in this setting means that obliviously transfer two values that are additively correlated by
any set of less than two shares of x reveals nothing about x. a power of two. Specifically, to convert a pair of l-bit Boolean
Correctness means that the function Rec succeeds on every shares, we need to perform l independent instances of OT. Let
valid set of two shares. Each of these conditions must hold P0 acts as sender and P1 acts as receiver in the OT proto-
except with negligible probability. col. P0 holds a Boolean share xB0 and P1 holds a Boolean
Then, we review the Boolean secret-sharing and Arithmetic share xB1 . In the j-th OT, P0 randomly chooses rj ∈R {0, 1}l
secret-sharing, which are the necessary building blocks for our and inputs (sj,0 , sj,1 ) with sj,0 = (1 − xB0 [j]) · 2j − rj and
construction. We will execute the false data detection protocol sj,1 = xB0 [j] · 2j − rj , whereas P1 inputs xB1 [j] as choice
on the Boolean shares of usage data and then aggregate on the bit and receives sxB [j] = (xB0 [j] ⊕ xB1 [j]) · 2j − rj as out-
1 
Arithmetic shares of usage data. put. Finally, P0 computes xA0 = lj=1 rj and P1 computes
  
Boolean secret-sharing: Given an integer x ∈ Z2l , a Boolean xA1 = lj=1 sxB [j] = lj=1 (xB1 [j] ⊕ xB0 [j]) · 2j − lj=1 rj =
secret-sharing of x is a random pair a, b ∈ Z2l subject to the l 1
l
j=1 x[j] · 2 − j=1 rj = x − x0 .
j A
condition a ⊕ b = x. We will first formally describe the shar-
ing semantics. Then we will describe the process of XORing
shares. V. P ROPOSED S CHEME
Semantics: The two-party l-bit Boolean secret-sharing Here, we will present our privacy-preserving and robust
scheme consists of the following pair of functions: scheme. In the proposed scheme, the SP can obtain the sum

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 PANG et al.: ENABLING EFFICIENT AND MALICIOUS SECURE DATA AGGREGATION IN SMART GRID 2207

of electricity usage data for each residential area, without Algorithm 1: False Data Detection, Share Convert, and
knowing the individual electricity usage data of each home Aggregation Report at the Cloud and Fog Fk
user. More importantly, the cloud and fog can detect whether Input: n pairs of Boolean shares of n home users
the usage data is false, ensure that the usage data is within Output: Two accumulator values of the cloud and Fk
a reasonable range, and prevent the failure of the dynamic 1 Cloud receives n Boolean shares mi,t 0 ;
B
distribution strategy and power supply stability of the smart 2 Fk receives n Boolean shares mi,t 1 ;
B
grid. We will first give an overview of our proposed scheme. /* False Data Detection */
Then, we will divide the scheme into six phases to elabo- 
3 Initially, n = n;
rate separately, which are System Initialization, Usage Report, 4 for i = 1; i ≤ n; i + + do
False Data Detection, Share Convert, Aggregation Report, and 5 Cloud computes tri,0 = Truncl−h (mi,t B0 );
Aggregation Retrieval and Feedback. 6 Fk sends tri,1 = Truncl−h (mi,t B1 ) to cloud;
7 if tri,0 .equal(tri,1 ) then
A. Scheme Overview 8 continue;
The purpose of our proposed scheme is to aggregate the 9 else
total electricity usage in each residential area, while ensur- 10 Cloud sends the index i to Fk ;
ing the electricity usage is in a reasonable range. In the 11 Cloud discards mi,t B0 ;
System Initialization phase, the SP will generate the parame- 12 Fk discards mi,t B1 ;
ters of Boolean and Arithmetic secret-sharing for performing 13 n ← n − 1;
the False Data Detection and Aggregation Report between 14 end
the cloud and fog. Once the system setup is finished, all 15 end
smart meters in the residential area can report a pair of /* Share Convert */
16 Initially, mi,t 0 = mi,t 1 = 0;
Boolean shares of usage data to the cloud and their local A A
fog, respectively. After receiving Boolean shares from smart 
17 for i = 1; i ≤ n ; i + + do
meters, the cloud and fog will verify the legitimacy of Boolean 18 for j = 1; j ≤ l; j + + do
shares, convert Boolean shares into Arithmetic shares, aggre- 19 Cloud chooses rj ∈R {0, 1}l ;
gate Arithmetic shares into a local accumulator, and send them 20 Cloud sets sj,0 = (1 − mi,t B0 [j]) · 2j − rj ;
to the SP, respectively. The SP then adds two received accumu- 21 Cloud sets sj,1 = mi,t B0 [j] · 2j − rj ;
lators to obtain the total electricity usage for the corresponding 22 Fk inputs mi,t B1 [j] as choice bit and gets
residential area. smi,t B [j] = (mi,t B0 [j] ⊕ mi,t B1 [j]) · 2j − rj ;
1
23 Cloud computes mi,t A0 = mi,t A0 + rj ;
B. System Initialization 24 Fk computes mi,t A1 = mi,t A1 + smi,t B [j] ;
1
The SP generates parameters of the Boolean/Arithmetic 25 end
secret-sharing. It sets the length of electricity usage data of 26 end
home users and their Boolean and Arithmetic shares to be /* Aggregation Report */
l-bit. That is, either before or after the Share Convert phase, the 27 Initially, A0 = A1 = 0;
usage data and its secret Boolean and Arithmetic shares are all 
28 for i = 1; i ≤ n ; i + + do
within ring Z2l . And, we assume that the value of usage data 29 Cloud computes A0 = A0 + mi,t A0 ;
is much less than 2l to ensure that the accumulated value does 30 Fk computes A1 = A1 + mi,t A1 ;
not exceed modulo 2l during the Aggregation Report phase. 31 end
In addition, the SP restricts the maximum reasonable electric- 32 return A0 and A1 ;
ity usage data of home users to h-bit, i.e., mi,t ∈ [0, 2h − 1].
That is, if the usage data exceeds 2h − 1, the cloud or fog will
discard it.
aggregation will be inaccurate, thereby affecting dynamic dis-
C. Usage Report
tribution strategy and power supply strategy of the SP. It is
A home user periodically reports its electricity information necessary that the cloud or fog Fk can detect and discard any
in the smart grid. In one reporting period t, home user false data submissions. Therefore, after receiving n pairs of
Ui reports a pair of Boolean shares of its electricity usage Boolean shares mi,t B0 and mi,t B1 of n home users’ electricity
mi,t ∈ Z2l to the cloud and its fog Fk , respectively. Ui runs usage mi,t , the cloud and Fk will detect whether the significant
Share⊕,l (mi,t ) to obtain mi,t B0 ∈ Z2l and mi,t B1 ∈ Z2l , bit of mi,t is less than h-bit, i.e., mi,t ∈ [0, 2h − 1], according
which are random elements of Z2l subject to the constraint to the Algorithm 1 (line 3 to 15).
mi,t B0 ⊕ mi,t B1 = mi,t . Afterwards, each Ui forwards mi,t B0 Assume that the total number of home users is n, and n
to the cloud and mi,t B1 to its fog Fk , respectively. is the number of home users whose submitted data is in a
reasonable range. Initially, n = n. The cloud computes tri,0 =
D. False Data Detection Truncl−h (mi,t B0 ), and the Fk sends tri,1 = Truncl−h (mi,t B1 )
In case, if some malicious home users purposefully report to the cloud, where function Truncl (·) outputs the first l ≤ l
electricity usage data in an unreasonable range, the final bits of its input. Note that the first l − h bits of a reasonable

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 2208 IEEE TRANSACTIONS ON SMART GRID, VOL. 15, NO. 2, MARCH 2024

mi,t do not leak electricity usage information, so the above values by locally summing their shares, and then send these
behavior of the cloud and Fk will not affect the privacy of aggregated shares to the SP for reconstruction. Algorithm 1
mi,t . If tri,0 .equal(tri,1 ) is true, it means that the first l − h bits (line 27 to 32) aggregates n pairs of Arithmetic shares at the
of the shares mi,t B0 and mi,t B1 are equal. In addition, because cloud and Fk , respectively, as shown in the following steps.
the XOR value of the same bit value is 0, it means that the The cloud locally adds all Arithmetic sharesinto anA accu-
first l − h bits of mi,t are 0, and the significant bit of mi,t are mulator A0 , initially zero. That is: A0 = i mi,t 0 . The
at most h bits. At this point, the cloud and Fk consider mi,t to fog F k analogously accumulates its Arithmetic shares into
be reasonable and accept a pair of Boolean shares of mi,t . A1 = i mi,t A1 .
Otherwise, the cloud and Fk consider mi,t to be Once all n pairs of Arithmetic shares have been accumu-
unreasonable: lated, the cloud and Fk report A0 and A1 to the SP.
1) The cloud sends the index i to the Fk ,
2) The cloud discards mi,t B0 , G. Aggregation Retrieval and Feedback
3) The Fk discards mi,t B1 , and
Upon receiving a pair of accumulators from the cloud and
4) n ← n − 1.
fog Fk , the SP recovers the aggregation usage by computing
Finally, there are n pairs of Boolean shares of n valid
A ← A0 + A1 , which is the sum of n honest home users’
electricity usages accepted by the cloud and Fk , respectively.
electricity information in the residential area. With enough
aggregations of residential areas, the SP can control the gen-
E. Share Convert eration and distribution of electricity with an optimal strategy
Since Boolean shares need to be reconstructed via and dynamically adjust the electricity price.
componentwise-XOR rather than standard addition, after the
False Data Detection phase, the cloud and fog Fk cannot VI. S ECURITY AND P RIVACY P ROOFS
directly aggregate Boolean shares by simply adding them up.
In this section, we discuss the privacy, anonymity, and
Therefore, in order to aggregate these shares, we need to
robustness of the proposed scheme.
convert Boolean shares into Arithmetic shares. Algorithm 1
(line 16 to 26) performs the B2A protocol, as shown in the
following steps. A. Sketch
For each pair of shares mi,t B0 and mi,t B1 , the cloud acts as We briefly sketch how the proposed scheme achieves these
sender and the Fk acts as receiver in the B2A protocol. In the three security properties. For the privacy, benefiting from the
j-th OT, for j ∈ [l], the cloud randomly chooses rj ∈R {0, 1}l Boolean/Arithmetic secret-sharing methods and B2A proto-
and sets: col, the proposed scheme can blind the secret electricity usage
data of each home user in a pair of shares. Due to the secu-
sj,0 = (1 − mi,t B0 [j]) · 2j − rj , and
rity of the secret-sharing schemes and B2A protocol, each
sj,1 = mi,t B0 [j] · 2j − rj . Boolean/Arithmetic share is pseudorandom and indistinguish-
Then, the fog Fk inputs mi,t B1 [j] as choice bit and receives: able with real random values, from which the cloud or fog
cannot reveal the original usage data. Then, the proposed
smi,t B [j] = (mi,t B0 [j] ⊕ mi,t B1 [j]) · 2j − rj . scheme can get anonymity as a free corollary of privacy [40],
1
 and the cloud or fog has no way of knowing which honest
Finally, the cloud computes mi,t A0 = lj=1 rj and the fog home user submitted which data through the system. More
Fk computes importantly, the robustness emanates from the correctness of

l the false data detection protocol (proposed in Section V-D).
 A
mi,t 1
= sm B [j] When there are malicious home users in the system report-
i,t 1
j=1 ing “bad-formed” data, that is beyond the reasonable range,
l  the cloud and fog can run the false data detection protocol
  B  B  
l
= mi,t 0 [j] ⊕ mi,t 1 [j] · 2j − rj to correctly identify and reject any of these false data. In the
j=1 j=1 following subsections, we will delve into formal discussions
about the privacy, anonymity, and robustness.

l 
l
= mi,t [j] · 2j − rj
j=1 j=1 B. Privacy
 A
= mi,t − mi,t 0 . In our scheme, the privacy of home users’ electricity usage
data should be preserved to prevent disclosure to the cloud,
After performing the above steps, the resulting Arithmetic fog, or SP. Specifically, we use the following theorem to define
shares are in the ring Z2l . This is sufficient for calculating the the privacy preservation of our scheme.
sum of these Arithmetic shares. Theorem 1: The proposed scheme achieves fsum -privacy
against any probabilistic polynomial-time (PPT) internal
F. Aggregation Report adversaries. Specifically, for any two home user electricity
If a home user’s usage data is arithmetically secret-shared, usage data report sets S0 = {m01,t , m02,t , . . . , m0n,t } and S1 =
 
the cloud and fog Fk can efficiently compute the sum of shared {m11,t , m12,t , . . . , m1n,t } satisfied mbi,t ≤ 2h − 1 and S0 = S1

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 PANG et al.: ENABLING EFFICIENT AND MALICIOUS SECURE DATA AGGREGATION IN SMART GRID 2209

where b ∈ {0, 1}, the PPT internal adversaries have negligible C. Anonymity
probability to distinguish S0 and S1 . According to [40], if a data-collection scheme that provides
Proof: In the proposed scheme, during the Usage Report fsum -privacy (described by Section VI-A) for a symmetric
and False Data Detection phases, the secret electricity usage function f (where a symmetric function is one that is indepen-
data mi,t is blinded by a pair of Boolean shares mi,t B0 and dent of the order of its inputs), it provides anonymity. We use
mi,t B1 in the ring Z2l . Ui sends mi,t B0 to the cloud and mi,t B1 sum to represent the aggregation function used in our proposed
to the fog, respectively, instead of sending mi,t directly. Due scheme. Note that for all permutations π on n elements,
to the security of Boolean secret-sharing scheme, mi,t B0 and the equation sum(m1,t , . . . , mn,t ) = sum(mπ(1),t , . . . , mπ(n),t )
mi,t B1 are pseudorandom and indistinguishable with real ran- always holds, indicating that the aggregation function sum is
dom values in Z2l . Thus, the cloud or fog is unable to reveal a symmetric function. Therefore, we get anonymity as a free
the received share mi,t Bb or to read the sensitive data mi,t corollary of Section VI-A.
without knowing the other share mi,t B1−b unless the secret
electricity usage data mi,t > 2h − 1 and is disclosed by the D. Robustness
cloud and fog. Since all electricity usage data are less or equal
Recall that each home user in the system holds a value
to 2h − 1, thus the cloud or fog cannot distinguish the two
mi ∈ Z2l . Some malicious home users may report false elec-
sets S0 , S1 during the Usage Report and False Data Detection
tricity usage data beyond [0, 2h − 1]. Robustness requires that
phases.
when the cloud and fog follow the false data detection protocol
In the Share Convert phase, the cloud and fog will convert
faithfully, no malicious home users can influence the output of
all valid usage data from Boolean sharing form into Arithmetic
our proposed scheme beyond misreporting their private usage
sharing form by invoking the B2A protocol. As far as we
data as some other reasonable input value.
know, the B2A protocol is proven to be secure in [41]. This
In our protocol, as long as the cloud or fog receives a
means that the cloud or fog cannot retrieve any information
Boolean share with less than h significant bits during one
of original usage data from Boolean shares, Arithmetic
reporting period, the home user is considered to have submit-
shares, or the processes of the conversion with non-negligible
ted a valid input. For a home user to submit anything besides
probability.
a reasonable input, he must send to either the cloud or fog a
During the Aggregation Report phase, the cloud and fog
Boolean share with significant bit over h-bit, at which point the
perform aggregation operation locally on Arithmetic shares,
cloud and fog will detect it with certainty, discard his shares,
respectively. According to the security of Arithmetic secret-
and continue as if that he submitted a zero.
sharing scheme, the two accumulators computed by the cloud
and fog are also indistinguishable with real random values in
VII. C OMPARISON AND E VALUATION
Z2l . Therefore, when the SP obtains the two accumulators and
recovers the sum of electricity usage data set, it still cannot In this section, we compare the functionality of our
proposed scheme with earlier related works. Then, we evaluate
distinguishwhich set  of S0 , S1 the current calculation belongs the scheme’s overhead for computation and communication.
to due to S0 = S1 .
This proofs the Theorem 1.
Furthermore, our proposed scheme ensures that even if the A. Comparison
cloud or fog (assume the cloud w.l.o.g.) corrupts s home We perform a detailed functionality comparison between
users Un−s+1 , . . . , Un , where s ≤ n, it cannot compromise our proposed scheme and existing ones [7], [13], [25], [26],
the privacy of other home users. Suppose honest home users [27], [28], [29], as shown in Table II.
U1 , . . . , Un−s hold inputs m1,t , . . . , mn−s,t ∈ Z2l . In fact, if Firstly, for the privacy aggregation and anonymity,
the cloud compromises s home users, the cloud’s actual view Ding et al. [7] utilized the additive homomorphic identity-
(excluding malicious home users’ inputs) is a single share of based scheme, Liu et al. [13] utilized the double trapdoor
other honest home users’ data and the fog’s aggregated value decryption cryptosystem [34], and Saleem et al. [29] uti-
A1 , i.e., lized the Paillier homomorphic cryptosystem [33] to achieve
these two functions. It’s worth noting that using public-key
{m1,t B0 , . . . , mn−s,t B0 , m1,t A0 , . . . , mn−s,t A0 , A1 }. encryption requires generating additional parameters, such as
group parameters, pairing parameters, and public/secret key
A1 can be computed as sum(m1,t , . . . , mn,t ) − A0 , since
pairs. For lightweight application scenarios, such as smart
A0 + A1 = sum(·). In the Boolean and Arithmetic secret-
grids, there will be a large number of home users report-
sharing schemes, there is no correlation between two randomly
ing electricity usage data in each reporting period, so using
generated shares of secret values, so the cloud does not have
public-key encryption to achieve the privacy aggregation and
the another Boolean or Arithmetic shares of honest home
anonymity will significantly increase the computational and
users’ electricity usage data m1,t , . . . , mn−s,t , i.e.,
communication cost. However, we use the Boolean/Arithmetic
{m1,t B1 , . . . , mn−s,t B1 , m1,t A1 , . . . , mn−s,t A1 }. secret-sharing methods, which not only achieve the privacy
aggregation and anonymity, but also effectively alleviate the
Consequently, even if the cloud corrupts s home users, it above shortcomings.
will not reveal the secret electricity usage data of the remaining Secondly, we have implemented functionalities not found in
n − s honest home users. earlier lightweight aggregation schemes [25], [26], [27], [28].

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 2210 IEEE TRANSACTIONS ON SMART GRID, VOL. 15, NO. 2, MARCH 2024

TABLE II
F UNCTIONALITY C OMPARISON

Fig. 2. Experiment results. (a) False data detection cost. (b) Share convert cost. (c) Aggregation report cost. (d) Total cost. (e) Total cost for aggregating
false data. (f) Communication cost.

Danezis et al. [25] and Mustafa et al. [26] utilized Arithmetic range with almost zero cost. For the false data detection, the
secret-sharing-based secure multi-party computation to aggre- cloud and fog can also detect the legitimacy of usage data sent
gate usage data. Gope and Sikdar [27] and Knirsch et al. [28] by the home user with almost zero cost during the False Data
utilized lightweight cryptographic primitives (such as hash Detection phase.
functions or exclusive-OR operations) to construct lightweight
and privacy-friendly masking-based data aggregation schemes.
However, the aforementioned lightweight aggregation schemes B. Computation and Communication Complexity
did not perform the false data detection protocol on the usage We evaluate the computational and communication over-
data, and it is difficult to ensure that the usage data is within a head of the proposed scheme and compare it with other
reasonable range. Although Prio [24] can use Arithmetic cir- schemes. More specifically, we have:
cuits to detect whether the electricity usage data in the form of • Analyzed the False Data Detection cost, Share Convert
Arithmetic shares is false, the cost of completing secret-shared cost, and total cost at the cloud and fog, as shown in
non-interactive proofs (SNIPs) for smart meters is high. In the Fig. 2(a), 2(b) and 2(d).
proposed scheme, a Boolean secret-sharing share generated by • Evaluated the Aggregation Report cost at the cloud
a home user during the Usage Report phase itself provides a and fog by providing a comparison with the existing
legitimate proof, i.e., SNIPs. That is to say, the home user can schemes [7], [13], [26], [27], [29], as shown in Fig. 2(c)
prove to the cloud and fog that its usage data is in a reasonable and Table III.

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 PANG et al.: ENABLING EFFICIENT AND MALICIOUS SECURE DATA AGGREGATION IN SMART GRID 2211

TABLE III
AGGREGATION R EPORT C OST ( MS )

TABLE IV
S IGNIFICANT N UMBER OF H OME U SERS

• Considered that additional 10%, 20%, and 30% home 3.33 ms, respectively, which are also in terms of the number
users are malicious. The robust aggregation cost at the of usage reports. We can observe that the cloud has a longer
cloud and fog are shown in Fig. 2(e). runtime than the fog during the False Data Detection phase,
• Calculated the communication cost from smart meters but the opposite is true during the Share Convert phase.
to the cloud and fog, and provided a comparison with Then we evaluate the average runtime of Aggregation
existing schemes [13], [29], as shown in Fig. 2(f). Report by making a comparison with other schemes [7],
• Evaluated the cost of the above indexes when the number [13], [26], [27], [29]. The aggregation cost comparison com-
of home users is significant, as shown in Table IV. puted using Algorithm 1 (line 27 to 32) as shown in
We implement the proposed scheme by C++ program lan- Fig. 2(c) and Table III. Fig. 2(c) shows that the proposed
guage with emp-ot [42] and Flint 2.7.0+ [43] libraries, and run scheme (the cloud line almost coincides with the fog line;
our experiments on three virtual machines, simulating a home detailed data can be found in Table III) has less aggre-
user, a cloud, and a fog, respectively. Three virtual machines gation cost than [7], [13], [29]. The proposed scheme uti-
are installed Ubuntu 18.04.6 LTS system with Intel Core i5- lizes the Arithmetic secret-sharing scheme for aggregation
4210M CPU @2.60 GHz processor and 2GB DDR3 memory. report with essentially zero computational cost. However,
In order to generate the ring Z2l , we take into consideration the Ding et al. [7], Liu et al. [13], and Saleem et al. [29]
security parameter with 28-bit l. We also restrict the maximum utilized the homomorphic encryption to achieve data aggre-
electricity usage data of home users to h-bit, where h = 8, gation, requiring significant computational cost, as discussed
i.e., mi,t ∈ [0, 255]. All experiment results are averaged over in Section VII-A. Therefore, the proposed scheme has lower
1000 runs. aggregation cost than [7], [13], [29]. In addition, Table III
We first observe the average runtime of Usage Report on shows that the proposed scheme has lower aggregation
a virtual machine is about 0.01 ms. That’s a very low com- cost compared to earlier cloud-based lightweight aggregation
putational overhead compared to other schemes, significantly schemes [26], [27], which demonstrates that the cloud-fog-
reducing the computational cost of smart meters. based model proposed in Section III-A is more effective and
As we fix the maximum electricity usage data, there is actu- the aggregation based on Arithmetic secret-sharing is more
ally a factor that may affect the performance obviously, i.e., the efficient.
number of home users. The experiment results of False Data Fig. 2(d) indicates that the total runtime of the cloud
Detection (shown in Fig. 2(a)) indicate that the cloud and fog and fog during the False Data Detection, Share Convert,
can verify the legitimacy of Boolean shares of electricity usage and Aggregation Report phases, which are averagely about
data averagely in 2.14 ms and 0.8 ms, respectively, which are 24.14 ms and 23.90 ms, respectively. It is obvious that the total
in terms of the number of usage reports. And the experiment runtime of the cloud and fog are almost equal. The proposed
results of Share Convert (shown in Fig. 2(b)) indicate that scheme is a robust aggregation scheme, which means that the
the cloud and fog can convert the electricity usage data from collection of data from other devices will not be affected even
Boolean share to Arithmetic share averagely in 2.41 ms and if some home users are malicious. In other words, malicious

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 2212 IEEE TRANSACTIONS ON SMART GRID, VOL. 15, NO. 2, MARCH 2024

home users’ false usage data will not be added to the two accu- the Boolean secret-sharing scheme, the Arithmetic secret-
mulators of the cloud and fog. For implementation, we have sharing scheme, and the B2A protocol as building blocks, the
considered that additional 10%, 20%, and 30% home users secret electricity usage data can be efficiently aggregated by
are malicious. The robust aggregation cost at the cloud and the cloud and fog. Furthermore, the proposed scheme supports
fog are shown in Fig. 2(e). Note that false data will be dis- the cloud and fog to detect and discard false usage data with-
carded during the False Data Detection phase and will not be out sacrificing privacy, ensuring the stability and security of
calculated during the Share Convert and Aggregation Report the smart grid. We also analyze our scheme in terms of the
phases. And the running time of the False Data Detection privacy, anonymity, and robustness. Finally, the comparisons
phase is very short. Thus, regardless of the number of mali- show that our scheme has more valuable properties than other
cious home users, the robust aggregation cost of the cloud and related works and the experimental results indicate that our
fog are almost equal to the aggregation cost in Fig. 2(d). scheme is efficient for smart grid scenarios.
The communication cost is calculated in terms of size of
the electricity usage data transmitted from smart meters to R EFERENCES
the cloud and fog, as shown in Fig. 2(f). In the proposed
[1] S. Li, L. D. Xu, and S. Zhao, “The Internet of Things: A survey,” Inf.
scheme, the size of Boolean share or Arithmetic share is a Syst. Front., vol. 17, no. 2, pp. 243–259, 2015.
constant 40 B (per home user per cloud or fog). The com- [2] X. Fang, S. Misra, G. Xue, and D. Yang, “Smart grid—The new and
munication cost of [13] was averagely about 343.16 B for improved power grid: A survey,” IEEE Commun. Surveys Tuts., vol. 14,
no. 4, pp. 944–980, 4th Quart., 2011.
each encrypted usage report, while that of [29] was 1312×N [3] M. L. Tuballa and M. L. Abundo, “A review of the development of smart
bits from N smart meters to the fog. In smart grid usage grid technologies,” Renew. Sustain. Energy Rev., vol. 59, pp. 710–725,
data aggregation scenarios, smart meters need to encrypt and Jun. 2016.
[4] B. Li, R. Lu, K.-K. Raymond Choo, W. Wang, and S. Luo, “On relia-
forward their usage data to the cloud and fog every short bility analysis of smart grids under topology attacks: A stochastic petri
period. Again as described in Section VII-A, Liu et al. [13] net approach,” ACM Trans. Cyber Phys. Syst., vol. 3, no. 1, pp. 1–25,
and Saleem et al. [29] encrypt usage data via homomorphic 2018.
[5] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “EPPA: An effi-
encryption, which significantly increases the communication cient and privacy-preserving aggregation scheme for secure smart grid
cost. However, we use the Boolean secret-sharing scheme to communications,” IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 9,
split usage data into two Boolean secret shares, resulting in pp. 1621–1631, Sep. 2012.
[6] S. Li, K. Xue, Q. Yang, and P. Hong, “PPMA: Privacy-preserving mul-
a smaller ciphertext size. Consequently, our proposed scheme tisubset data aggregation in smart grid,” IEEE Trans. Ind. Informat.,
is more suitable for the smart grid and reduces the communi- vol. 14, no. 2, pp. 462–471, Feb. 2018.
cation cost by 75% when compared with [13] and 50% when [7] Y. Ding, B. Wang, Y. Wang, K. Zhang, and H. Wang, “Secure metering
data aggregation with batch verification in industrial smart grid,” IEEE
compared with [29]. Trans. Ind. Informat., vol. 16, no. 10, pp. 6607–6616, Oct. 2020.
Moreover, when a significant number of home users report [8] W. Liang, M. Tang, J. Long, X. Peng, J. Xu, and K.-C. Li, “A secure fab-
electricity usage data to the grid system at the same time, ric blockchain-based data transmission technique for Industrial Internet-
of-Things,” IEEE Trans. Ind. Informat., vol. 15, no. 6, pp. 3582–3592,
we re-evaluate the cost of the above indexes, as shown in Oct. 2020.
Table IV. The experimental results further verify the effi- [9] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, “Fog computing and its
ciency of the proposed scheme and the authenticity of the role in the Internet of Things,” in Proc. 1st Ed. MCC Workshop Mobile
Cloud Comput., 2012, pp. 13–16.
above experimental results. It can be seen that when the [10] L. Lyu, K. Nandakumar, B. Rubinstein, J. Jin, J. Bedo, and
number of usage reports increases from 100 to 10000, each M. Palaniswami, “PPFA: Privacy preserving fog-enabled aggregation in
index increases almost linearly. Based on this observation, smart grid,” IEEE Trans. Ind. Informat., vol. 14, no. 8, pp. 3733–3744,
Aug. 2018.
we can estimate the cost of each index for the larger num- [11] H. Wang, Z. Wang, and J. Domingo-Ferrer, “Anonymous and secure
ber of home users. However, it is worth noting that the fog, aggregation scheme in fog-based public cloud computing,” Future Gener.
being the edge computing device closest to the residential Comput. Syst., vol. 78, pp. 712–719, Jan. 2018.
[12] Z. Guan et al., “APPA: An anonymous and privacy preserving data
area, has limited data processing capabilities. If a residential aggregation scheme for fog-enhanced IoT,” J. Netw. Comput. Appl.,
area has a significant number of home users, it can be split vol. 125, pp. 82–92, Jan. 2019.
into several residential areas with a small number of home [13] J.-N. Liu, J. Weng, A. Yang, Y. Chen, and X. Lin, “Enabling efficient
and privacy-preserving aggregation communication and function query
users, and then increase the corresponding number of fogs for fog computing-based smart grid,” IEEE Trans. Smart Grid, vol. 11,
to cooperate with the cloud to perform the same operations, no. 1, pp. 247–257, Jan. 2020.
as shown in Fig. 1. In this way, not only can the challenge [14] M. Costache, V. Tudor, M. Almgren, M. Papatriantafilou, and
C. Saunders, “Remote control of smart meters: Friend or foe?” in Proc.
posed by a significant number of home users be mitigated, 7th Eur. Conf. Comput. Netw. Defense, 2011, pp. 49–56.
but also the calculation tasks of the fog can be reduced, and [15] O. Kosut, L. Jia, R. J. Thomas, and L. Tong. “Malicious data attacks
the efficiency of the smart grid system can be effectively on the smart grid,” IEEE Trans. Smart Grid, vol. 2, no. 4, pp. 645–658,
Dec. 2011.
improved. [16] G. Tertytchny et al., “Demonstration of man in the middle attack on a
commercial photovoltaic inverter providing ancillary services,” in Proc.
IEEE CyberPELS, 2020, pp. 1–7.
VIII. C ONCLUSION [17] S. Mishra, X. Li, T. Pan, A. Kuhnle, M. T. Thai, and J. Seo, “Price
modification attack and protection scheme in smart grid,” IEEE Trans.
In this paper, we construct a fog computing-based smart grid Smart Grid, vol. 8, no. 4, pp. 1864–1875, Jul. 2017.
model and then, based on the proposed model, we propose a [18] B. K. Sethi, D. Mukherjee, D. Singh, R. K. Misra, and S. R. Mohanty,
“Smart home energy management system under false data injec-
practical, efficient, and privacy-preserving fog-enabled smart tion attack,” Int. Trans. Electr. Energy Syst., vol. 30, Jul. 2020,
metering aggregation scheme for the smart gird. With utilizing Art. no. e12411.

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.
 PANG et al.: ENABLING EFFICIENT AND MALICIOUS SECURE DATA AGGREGATION IN SMART GRID 2213

[19] K. Jhala, B. Natarajan, A. Pahwa, and H. Wu, “Stability of transac- [43] D. Harvey and W. Hart. “Flint: Fast library for number theory.” 2021.
tive energy market-based power distribution system under data integrity [Online]. Available: https://flintlib.org
attack,” IEEE Trans. Ind. Informat., vol. 15, no. 10, pp. 5541–5550,
Oct. 2019. Haolin Pang received the B.S. degree from
[20] M. Ismail, M. F. Shaaban, M. Naidu, and E. Serpedin, “Deep learn- Guangdong Polytechnic Normal University in 2020,
ing detection of electricity theft cyber-attacks in renewable distributed and the M.S. degree from the Dongguan University
generation,” IEEE Trans. Smart Grid, vol. 11, no. 4, pp. 3428–3437, of Technology in 2023. His research interests include
Jul. 2020. cryptography, smart grid security, and cloud comput-
[21] Y. Wu et al., “False load attack to smart meters by synchronously ing security.
switching power circuits,” IEEE Trans. Smart Grid, vol. 10, no. 3,
pp. 2641–2649, May 2019.
[22] E. Boyle, N. Gilboa, and Y. Ishai, “Function secret sharing:
Improvements and extensions,” in Proc. ACM SIGSAC Conf. Comput.
Commun. Security (CCS), 2016, pp. 1292–1303.
[23] K. Yang and X. Wang, “Non-interactive zero-knowledge proofs to Kai He received the M.S. and Ph.D. degrees
multiple verifiers,” in Proc. 28th Int. Conf. Theory Appl. Cryptol. Inf. from the College of Information Science and
Security, 2023, pp. 517–546. Technology, Jinan University in 2012 and 2016,
[24] H. Corrigan-Gibbs and D. Boneh, “Prio: Private, robust, and scalable respectively. Since 2019, she has been an Associate
computation of aggregate statistics,” in Proc. 14th USENIX Symp. Netw. Professor with the School of Computer Science and
Syst. Design Implement. (NSDI), 2017, pp. 259–282. Technology, Dongguan University of Technology.
[25] G. Danezis, C. Fournet, M. Kohlweiss, and S. Zanella-Béguelin, “Smart She has published several papers in journals and
meter aggregation via secret-sharing,” in Proc. 1st ACM Workshop Smart conferences, such as Theoretical Computer Sciences,
Energy Grid Security, 2013, pp. 75–80. AsiaCCS 2016, ACISP 2016, NSS 2016, and IEEE
[26] M. A. Mustafa, S. Cleemput, A. Aly, and A. Abidin, “A secure and TDSC 2020. Her research interests include cryptog-
privacy-preserving protocol for smart metering operational data col- raphy and information security.
lection,” IEEE Trans. Smart Grid, vol. 10, no. 6, pp. 6481–6490,
Nov. 2019. Youcai Fu received the B.S. degree from Qufu
[27] P. Gope and B. Sikdar, “Lightweight and privacy-friendly spatial Normal University in 2020, and the M.S. degree
data aggregation for secure power supply and demand management from the Dongguan University of Technology in
in smart grids,” IEEE Trans. Inf. Forensics Security, vol. 14, no. 6, 2023. His research interests include cryptography,
pp. 1554–1566, Jun. 2019. provable security, and broadcast encryption.
[28] F. Knirsch, G. Eibl, and D. Engel, “Error-resilient masking approaches
for privacy preserving data aggregation,” IEEE Trans. Smart Grid, vol. 9,
no. 4, pp. 3351–3361, Jul. 2018.
[29] A. Saleem et al., “FESDA: Fog-enabled secure data aggregation in smart
grid IoT network,” IEEE Internet Things J., vol. 7, no. 7, pp. 6132–6142,
Jul. 2020.
[30] Y. Chen, J. Martínez-Ortega, P. Castillejo, and L. López, “A Jia-Nan Liu (Member, IEEE) received the B.S.
homomorphic-based multiple data aggregation scheme for smart grid,” degree from Zhengzhou University in 2013, and
IEEE Sensors J., vol. 19, no. 10, pp. 3921–3929, May 2019. the M.S. and Ph.D. degrees from Jinan University
[31] L. Zhu et al., “Privacy-preserving authentication and data aggregation for in 2016 and 2020, respectively. He held a
fog-based smart grid,” IEEE Commun. Mag., vol. 57, no. 6, pp. 80–85, postdoctoral position with Jinan University from
Jun. 2019. 2020 to 2022. He is currently an Associate
[32] O. R. Merad-Boudia and S. M. Senouci, “An efficient and secure Professor with the School of Computer Science and
multidimensional data aggregation for fog-computing-based smart grid,” Technology, Dongguan University of Technology.
IEEE Internet Things J., vol. 8, no. 8, pp. 6143–6153, Apr. 2021. He has published more than 20 international
[33] P. Paillier, “Public-key cryptosystems based on composite degree resid- papers, including journals and conferences, such as
uosity classes,” in Proc. Int. Conf. Theory Appl. Cryptograph. Techn., NDSS, IEEE T RANSACTIONS ON I NFORMATION
1999, pp. 223–238. F ORENSICS AND S ECURITY, IEEE T RANSACTIONS ON D EPENDABLE AND
[34] E. Bresson, D. Catalano, and D. Pointcheval, “A simple public-key S ECURE C OMPUTING, IEEE T RANSACTIONS ON S MART G RID, IEEE
cryptosystem with a double trapdoor decryption mechanism and its T RANSACTIONS ON V EHICULAR T ECHNOLOGY, and IEEE N ETWORKS.
applications,” in Proc. Int. Conf. Theory Appl. Cryptol. Inf. Security, His research interests include cryptography, smart grid security, and cloud
2003, pp. 37–54. computing security.
[35] S. Zhao et al., “Smart and practical privacy-preserving data aggregation
for fog-based smart grids,” IEEE Trans. Inf. Forensics Security, vol. 16, Xueqiao Liu received the B.S. degree from the
pp. 521–536, 2020. Hefei University of Technology, China, in 2011,
[36] M. van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, “Fully homo- the M.S. degree from Jinan University, China, in
morphic encryption over the integers,” in Proc. Annu. Int. Conf. Theory 2014, and the Ph.D. degree from the University
Appl. Cryptograph. Techn., 2010, pp. 24–43. of Wollongong, Australia, where she is cur-
[37] D. Boneh, E. Boyle, H. Corrigan-Gibbs, N. Gilboa, and Y. Ishai, “Zero- rently a Lecturer with the School of Computing
knowledge proofs on secret-shared data via fully linear PCPs,” in Proc. and Information Technology. Her major research
Annu. Int. Cryptol. Conf., 2019, pp. 67–97. interests include cryptography, data security and
[38] B. Applebaum, E. Kachlon, and A. Patra, “Verifiable relation sharing and privacy in cloud computing, and network security.
multi-verifier zero-knowledge in two rounds: Trading nizks with honest
majority,” in Proc. 42nd Annu. Int. Cryptol. Conf., 2022, pp. 33–56.
[39] E. Boyle, N. Gilboa, and Y. Ishai, “Function secret sharing,” in Proc. Wuzheng Tan received the B.S. degree from East
Annu. Int. Conf. Theory Appl. Cryptograph. Techn., 2015, pp. 337–367. China Jiao Tong University, Nanchang, China, in
[40] S. Addanki, K. Garbe, E. Jaffe, R. Ostrovsky, and A. Polychroniadou, 1999, the M.S. degree from Guang Xi University,
“Prio+: Privacy preserving aggregate statistics via boolean shares,” in Nanning, China, in 2004, and the Ph.D. degree from
Proc. Int. Conf. Security Cryptogr. Netw., 2022, pp. 516–539. the School of Computer Science and Technology,
[41] D. Demmler, T. Schneider, and M. Zohner, “ABY–A framework for Shanghai Jiao Tong University, Shanghai, China, in
efficient mixed-protocol secure two-party computation,” in Proc. NDSS, 2008. He is currently a Full Professor with Jinan
2015, pp. 1–15. University, Guangzhou, China. His research interests
[42] X. Wang, A. J. Malozemoff, and J. Katz. “EMP-toolkit: Efficient include security in digital assets, security in indus-
MultiParty computation toolkit.” 2016. [Online]. Available: https:// trial control, and security in agricultural Internet of
github.com/emp-toolkit Things.

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on July 18,2024 at 04:54:30 UTC from IEEE Xplore. Restrictions apply.