SEARCH

SEARCH BY CITATION

Keywords:

  • smart grid;
  • privacy preserving;
  • keyword search;
  • energy auction

ABSTRACT

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

Distributed energy resources (DERs), which are characterized by small-scale power generation technologies to provide an enhancement of the traditional power system, have been strongly encouraged to be integrated into the smart grid, and numerous trading strategies have recently been proposed to support the energy auction in the emerging smart grid marketing. However, few of them consider the security aspects of energy trading, such as privacy preservation, bid integrity, and pre-filtering ability. In this paper, we propose an efficient searchable encryption scheme for auction (SESA) in emerging smart grid marketing. Specifically, SESA uses a public key encryption with keyword search technique to enable the energy sellers (e.g., DERs) to inquire suitable bids while preserving the privacy of the energy buyers. Additionally, to facilitate the seller to search for detailed information of the bids, we also propose an extension of SESA to support conjunctive keywords search. Security analysis demonstrates that the proposed SESA and its extension can achieve data and keyword privacy, bid integrity and trapdoor unforgeability. Simulation results also show that both SESA and its extension have less computation and communication overhead than the existing searchable encryption approaches. Copyright © 2013 John Wiley & Sons, Ltd.

INTRODUCTION

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

Growing demand for electricity, upcoming fossil-fuel shortage, and CO2 emission crises have recently invoked an urgent need in incorporating renewable energy sources into the power grid. Such a trend is commonly known as distributed generation (DG) [1]. In the trend of DG, distributed energy resources (DERs) have been encouraged to participate in energy marketing to facilitate competition among different energy providers. However, how to negotiate with different energy providers and energy consumers is a challenging issue in DG [2]. In order to address this challenge, smart grid, which is composed of many entities (intelligent electricity distribution devices, advanced sensors, two-way automated metering infrastructure, and specialized computer systems to enhance the operation performance [2]), has received significant attention in recent years. Smart grid can accelerate the integration of distributed energy suppliers, DERs, and microgrids [3], and thus, it potentially makes power generation, transmission, and distribution become the next big e-business operating mostly under autonomous control [4]. As a result, smart grid has been recognized as an emerging electricity market.

In this paper, we consider an energy auction scenario, where DERs and energy consumers respectively act as sellers and buyers in smart grid marketing. The energy trading process between sellers and buyers includes the following steps: each DER publishes a document about its energy description (e.g., starting price, type, mount, announcement date, and expire date). When a buyer wants to buy some energy, he or she first puts his or her bid on an auction server (AS). The AS manages an auction on the basis of the bids and asks from buyers and sellers, respectively. At the end of the auction, DERs decide the winner of the auction by judging the bids on the AS according to some certain selection criterion.

The bids coming from various DERs will refer to the actual market prices. In addition, it should be competitive to the actual market prices. The information from EBs is important and sensitive not only for auction in smart grid marketing but also for market analysis and decision support, predicting future demand and prices, and monitoring in case of unexpected behavior. Conventionally, in an auction of the energy marketing, bids are calculated without considering the security and privacy issues of the DERs and EBs. If one of the bidders wants to win in the auction process, it may maliciously modify the bids from other bidders. These malicious behaviors will lead to unfair auction and be harmful to grid stability and power quality. Furthermore, if the AS is totally trusted and if all the bids are opened and winners are decided by it, the AS will be a vulnerability point of the whole smart grid energy marketing. Thus, another server is needed to help in selecting the bids and winners from the AS. Because of the fact that there may be large amount of bids in the smart grid energy marketing, how to search the bids by a keyword (or some keywords) from AS without exposing the real value of the bids is a new challenge in emerging smart grid energy marketing.

In order to protect users' information privacy and security during the auction process, each buyer should protect their bidding information and let it not be known by the unauthorized users, including the AS. While at the same time, it enables the sellers to query the AS about the demanded bids. Although many auction models (e.g., [2, 10, 12, 13]) were established respectively for smart grid energy marketing, few of them take the privacy or security of the DERs into consideration. Recently, various security vulnerabilities and threats have been studied in the research literatures [11, 17, 18]. Lu et al. [5] used a super-increasing sequence to structure multi-dimensional data and encrypt the structured data by the homomorphic Paillier cryptosystem technique. Li et al. [6] proposed an efficient demand response scheme to achieve privacy preserving demand aggregation and efficient response. However, because these encryption schemes cannot be searched, they are not suitable for auction in smart grid marketing. On the other hand, some of the traditional auction schemes [7, 8] can achieve bidding privacy, but they cannot support keyword search or bids filtering.

In this paper, we propose an efficient searchable encryption scheme for auction (SESA) in smart grid marketing. This scheme considers both the public key-based encryption and keyword search techniques. It can achieve privacy preservation, searchable ability, and bids filtering, as well as other security features including confidentiality, authenticity, and integrity. The contributions of this paper are twofold.

  1. Firstly, we propose a novel SESA to achieve searchable encryption, by modifying the proxy re-encryption with keyword search scheme [9]. The security analysis demonstrates that SESA can achieve confidentiality, data and keyword privacy, authenticity, and data integrity.
  2. Secondly, we construct an extended version of SESA to support conjunctive keywords search. It enables the user to question the AS more flexibly.

The remainder of this paper is organized as follows. In Section section 2, we introduce related works. In Section section 3, we recall some preliminary knowledge. Then, we describe the smart grid marketing architecture, security requirement, and design goal in Section section 4. Next, we present the proposed SESA and its extension in Sections section 5 and section 6, followed by its security analysis and performance evaluation in Sections section 7 and section 8, respectively. Finally, we conclude the paper in Section section 9.

RELATED WORK

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

The traditional auction schemes can be divided into two categories: open outcry and sealed bids. Open outcry can further be separated into English auctions and Dutch auctions [14]. In English auctions, the value of the bid is public, and the price of the bid must be higher than the current price. The highest bidder is the winner at the end of the bidding phase. There are many famous English auction web sites (e.g., Yahoo! and eBay) [8]. The Dutch auction is almost the same as the English auction, except that it begins with the top price. In a sealed bid auction, the bidders write the price and quantity of their bid on a sheet of paper, and then, they seal the sheet and give it to the auctioneer. The auctioneer collects all the sealed sheets and opens them after the deadline to determine the winner. A sealed bid auction can be separated into two kinds, first-price sealed bid and second-price sealed bid.

The bidding manner has been extensively studied and various bidding models are presented in the power market [10, 12]. Among the various methods, the simplest way is to estimate the market clearing price of the next time and then present the bid with a lower price than the estimated one. The second method is to estimate the behaviors of the rivals and to present the bid [12]. The third method is based on the game theory [13] with oligopolistic strategy such as Cournot model and supply function models [10]. But, few of them consider the privacy of the bidders and the energy providers. In electronic auction systems, Chang [7] and Li [8] both present anonymous auction protocol with freewheeling bids. However, bidding privacy cannot be achieved in [7], and both of them cannot support keyword search or any other filtering.

The concept of public key encryption with keyword search (PEKS) was proposed by Boneh et al. [16], which supports the keyword search on encrypted data. Other schemes focusing on constructing keyword encryption were extensively discussed, such as [19]. The Public Key Encryption with Conjunctive-Subset Keywords Search (PECSK) scheme [20] supports conjunctive-subset keywords search. But it is only a keyword search scheme. In [15], Liu et al. presented an efficient privacy preserving keyword search (EPPKS) scheme in cloud computing. It is one of the few schemes that integrate both the message encryption and keyword search properties. However, when the server finds a tag matching the trapdoor in EPPKS [15], the server has to compute an intermediate result to help the user to recover the message, which costs communication and computation overhead.

PRELIMINARIES

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

In this section, we will briefly describe the basic definition and properties of bilinear pairings and PEKS.

Bilinear pairing

Bilinear pairing is an important cryptographic primitive [21]. Let G1 and G2 be two cyclic multiplication groups of prime order q. Let a and b be elements of inline image. We assume that the discrete logarithm problem in both G1 and G2 are hard. g is a generator of G1. A bilinear pairing is a map e : G1 × G1 → G2 with the following properties:

  1. Bilinear: e(ga,hb) = e(g,h)ab for any inline image.
  2. Non-degenerate: inline image whenever inline image.
  3. Computable: There is an efficient algorithm to compute e(g,h) ∈ G2 for all inline image.

Definition 1. A bilinear parameter generator inline image is a probabilistic algorithm that takes a security parameter κ as input, and outputs a five-tuple (q,P,G1,G2,e).

Public key encryption with keyword search

Formally, PEKS studies the problem of searching on data that is encrypted using a public key system. In this setting, the server plays the role of data warehouse for the receiver. The framework of PEKS scheme [20] is illustrated in Figure 1. With the PEKS scheme, the workflow of the underlying application consists of two phases.

  1. In the first phase, a sender encrypts its message, runs PEKS() to generate some keyword tags for the message, and stores the ciphertext and the tags at the server.
  2. In the second phase, the receiver runs Trapdoor() to generate a trapdoor for each selected keyword and sends the trapdoors to the server, which will run Test() to search over the tags attached to each encrypted message.
image

Figure 1. A PECSK scheme framework.

Download figure to PowerPoint

Most of the existing literatures focus on the part of keyword search techniques PEKS(), they assume that any public key encryption can be used as En(). It does work in real applications, but if the foundation of En() and PEKS() are different, the overhead may be large. If there is a scheme that can combine the public key encryption En() and keyword search technique PEKS() together, it may improve the performance of the system. As such, it can be a real searchable encryption scheme.

SYSTEM MODEL

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

In this section, we formalize the system model, security requirements, and identify our design goals.

Smart grid marketing architecture

Smart grid marketing refers to a system that enables small producers to generate and sell electricity at the local level. As shown in Figure 2, there are energy sellers (e.g., DERs), energy buyers (EBs), and auction managers. The auction managers are two servers: a registration server (RS) and an AS.

image

Figure 2. Smart grid marketing architecture.

Download figure to PowerPoint

RS

In energy marketing, an RS is used to initiate the system at the beginning of the auction and when the bidding is finished, it will select the winner according to the criteria of the DERs. The RS is trustworthy, and it will send some keywords from the DERs to the AS to search for their wanted bids. The winner may be selected from these pre-filtered bids.

AS

AS is used in a continuous sealed-bid auction in which traders submit offers to buy (bid) or offers to sell (ask) at any time during the trading period. The AS is semi-trusted, and it cannot know the content of the EBs' bids, but it can test if the message has tags such as the seller's query.

DER

DERs can open the bids by themselves. However, because the number of distributed bids from EBs may be large, to improve the efficiency, the RS will act as a proxy for the DERs to select the winners.

EB

Energy is bought from or sold to the grid depending on the availability, demand, and price of energy. Each EB will send its sealed bid to the AS. Because of the large amount of buyers, the bids may be conducted with the competition of others.

Security requirements

We assume that the communication between EBs and server is untrustworthy. That is, various adversaries such as eavesdroppers and tampers may be present. If a large number of EBs are competitive to buy a certain type of energy from DERs, it is reasonable to enable the RS to query the AS and select one or a group of winners according to the criteria of the DERs.

We define the security requirements for our SESA and will show the fulfillment of these requirements after presenting the design details.

  • Data privacy: The data owner can resort to the public key cryptography to encrypt the data before outsourcing and successfully prevent the unauthorized entities, including the AS, from prying into the outsourced data.
  • Bid integrity: The bids information and queries should not be changed by the malicious users or the illegal competitors; that is, if the competitor inline image maliciously modified the price or other information of EBi, it may lead to a situation where EBi cannot be selected by the RS.
  • Keyword privacy: As users usually prefer to keep their search from being exposed to others, including the AS, the most important concern is to hide what in their bids and what the RS is inquiring, that is, the keywords indicated by the corresponding trapdoor. Thus, the trapdoor should be generated in a cryptographic way to protect the query keywords.
  • Trapdoor unforgeability: DER generates his or her trapdoor information on the basis of his or her keyword and secret key. After receiving the trapdoor, the AS can test this trapdoor with keyword tags. The most important thing is that others (including the AS) can achieve nothing from the trapdoor; that is, the AS cannot forge a new trapdoor on the basis of the old ones.

Design goals

To enable searchable encryption for effective utilization of outsourced energy bids under the aforementioned model, our design goal is to develop a SESA in emerging smart grid marketing and achieve the security of the bids and efficient keyword search as follows.

  • The proposed scheme should achieve security as mentioned in the security requirements, that is, the data privacy, keyword privacy, data integrity, and trapdoor unforgeability.
  • The proposed scheme should achieve both one keyword and conjunctive keywords search.
  • The proposed scheme should achieve the communication and computation efficiency, compared with other searchable encryption schemes.

PROPOSED SESA

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

In this section, we propose an efficient SESA in emerging smart grid marketing, which mainly consists of the following four phases: registration phase, bidding phase, pre-filtering phase, and decision-of-winner phase. For our auction system, we assume that there is a local RS that can bootstrap the system. Specifically, in this system initialization phase, given the security parameter 1k, RS first generates (q,g,G1,G2,e) by running inline image, where q is a k-bit prime number. Let G1 and G2 be two cyclic multiplication groups. inline image is an ID-based signature scheme [24]. Furthermore, we will need three hash functions H1 : {0,1} → G1, H2 : {0,1} → G1, H3 : G2 → {0,1}. RS publishes the system parameters as (q,g,G1,G2,e,H1,H2,H3).

Registration phase

In order to maintain security of the network against attacks and the fairness among customers and providers, the local RS may control the access of each DER and EB. The energy marketing announces two prices: the price for selling energy and the price for buying energy in the smart grid marketing. The DERs adjust their bidding price after negotiating with the other units on the basis of the grid prices, considering their operational cost and local demands.

In our scheme, there are n DERs and m EBs in the energy marketing. For each DERi (i = 1,…, n) and EBj (j = 1,…, m), when they register, the RS picks one random numbers be: inline image and sets inline image, (pdi, xi) is inline images public/private key pair. For each EBj (j = 1,…, m), the RS randomly chooses a master key inline image and assigns an ID-based key pair inline image to DERi for signature and denotes it as (vkj, sskj).

In the energy marketing, the DERi will publish its energy information mi = (pi, GIDi, Ts, Loi, Ami, TN) publicly, where pi is the initial price, GIDi is the identification of the energy, Ts is the timestamp, Loi is the energy resource location, Ami is the amount of the energy, and TN is the unique serial number of the deposit energy information. The RS will store the information from each DERi as a tuple (DERi, mi) in its database. Also, EBj will register its personal information ej = (Loj, Repj, Tyj,△) on the RS, where Loj is its location, Repj is its reputation about its history trades (which also will be verified by the RS, but it is not our paper's focus), Tyj is the demanded energy types, and ∆ is the other information of EBj. The RS also stores the information from each EBj as a tuple (EBj, ei) in its database.

Bidding phase

In order to achieve the nearly real-time energy bidding, each EBj will choose its interested energy to bid. The bidding is performed as following steps.

  1. EBj gets an ID-based signature key pair as (vkj, sskj) from RS. The public key is represented as A = vkj, and the private key sskj is kept secretly.
  2. EBj selects a random inline image and generates a bidj = (EBj, prj, GIDi, Cbj, Repj), where prj is the price of the bid, Cbj is the amount of the energy that EBj wants to buy, Repj is inline images reputation. Then, EBj computes inline image.
  3. In order to maximize the probability of winning in the auction, EBj selects a keyword wj to represent his or her bid (e.g., the reputation or required amount). Next, EBj computes a tag on the keyword as inline image. Then, he or she computes inline image and Fj = H3(tj). He or she outputs inline image.
  4. EBj generates a signature inline image. inline image is the signed message.
  5. EBj sends the encrypted message inline image to the AS.
  6. The AS stores this information from EBj as a tuple (EBj, Kj) in its bid table.

Pre-filtering phase

The goal of bids pre-filtering is to quickly identify potential winner or winners from all the bids in the AS's bid table.

For example, if DERi wants to filter the bids for energy GIDi according to the user's reputation inline image, DERi generates a trapdoor inline image in advance and sends it to the RS. In order to preserve the privacy of DERi and EBj, the trapdoor inline image is a ciphertext of the value inline image. Then, RS will send inline image to the AS. On receiving the message from RS, for each bid in the AS's bid table, the AS will test if the given inline image satisfies the selection criterion inline image of DERi:

  1. Message verification:
    1. The AS verifies signature Sj on message inline image with respect to the public key A.
    2. If it fails, the AS will reject this bid; else the AS will go on testing.
  2. Trapdoor and tag test:

The AS tests if inline image. If so, which means inline image, the encrypted bid Cj will be stored in a filtered array W[]. Later, W[] will be transferred to the RS. If not, AS will go on testing the other bids. The correctness of inline image is as follows:

  • display math(1)

Decision-of-winner phase

On receiving filtered bids array W[] from the AS, the RS can decrypt each Cj in W[] as inline image by using inline image secret key xi; otherwise, Cj will be discarded. The correctness of the decryption is shown as follows:

  • display math(2)

We assume that there are t decrypted bids, and the bids will be put in a sorted array list B[] according to their price in a descending order. Because of the special difficulties in energy storage and profit maximization of the auction in nature, the winner-selection criterion from DERi should achieve two goals: one is that the total sales should be as high as possible; the other is that the sum of the demanded amount of the winners should be as close to the available energy demand Ami as possible. The selected winners will be stored in an array list S[] by using Algorithm 1. Finally, the RS will secretly deliver the winners list S[] to DERi.

EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

The SESA can be extended to support conjunctive keywords search, with which the DERs can get more detailed information about the bids. Because the decision-of-winner phase in this extension is same as that in SESA, we only introduce the registration phase, bidding phase, and pre-filtering phase as follows.

Registration phase

In this extended scheme, there are also n DERs and m EBs in the energy marketing. For each DERi (i = 1,…, n) and EBj (j = 1,…, m), when they register, the RS picks two random numbers inline image and sets inline image. (pdi, xi) is inline images public/private key pair. The RS randomly chooses a master key inline image and assigns an ID-based key pair inline image for each EBj (j = 1,…, m). The key pair is represented as (vkj, sskj). Similar to the SESA, the DERi will publish its energy information mi = (pi, GIDi, Ts, Loi, Ami, TN) publicly. The RS will store the information from each DERi as a tuple (DERi, mi) in its database. Also, EBj will register its personal information ej = (Loj, Repj, Tyj,△) on the RS. The RS also stores the information from each EBj as a tuple (EBj, ei) in its database.

image

In order to provide more convenience for the DERs to have detailed filtering, that is, let them achieve the conjunctive keywords search from the AS, each EBj will select a keywords set Wj = {wj1,wj2, …,wjL} to characterize his or her bid. Without loss of generality, the location of each type of keyword in the keywords set Wj = {wj1,wj2, …,wjL} is fixed. For instance, w1 denotes the type of the source address keyword, w2 denotes the type of energy amount keyword, and so on. Keywords in the inline image tag and inline image trapdoor are in the same order.

Information encryption

Each EBj publishes its bid as the following steps:

  1. EBj gets an ID-based signature key pair as (vkj, sskj). The public key is denoted as A = vkj, and the private key sskj is kept secretly.
  2. EBj selects a random number inline image and generates a bidj = (EBj, prj, GIDi, Cbj, Tsj,△), where prj is the price of the bid, Cbj is the amount of the energy that EBj want to buy, and ∆ is the other information of EBj. Then, EBj computes inline image.
  3. EBj computes a tag for each keyword as inline image, inline image. EBj outputs inline image.
  4. EBj generates a signature inline image, where the message to be signed is the tuple inline image.
  5. EBj sends the encrypted messages inline image to the AS.
  6. The AS will store this information from EBj as a tuple (EBj, Kj) in its bid table.

Pre-filtering phase

If the DERi needs to filter the bids by using some criteria (e.g., reputation and location). It will generate a keywords set Qi = {wE1,wE2, …,wEt}. Then, DERi generates a trapdoor inline image and sends it to the RS. At the end of the auction, the RS will transfer this trapdoor inline image to the AS to filter the bids. Without loss of generality, we assume that {E1, E2, …, Et} is the subset of {j1, j2, …, jL}.

  1. DERi generates a trapdoor on the keywords Qi as inline image. DERi sends inline image to the RS. The RS transfers them to the AS.
  2. For each Cj in inline image bid table, the AS will test if inline image satisfies EBj's reqirement:
    1. Message verification:
      1. The AS verifies signature Sj on message inline image with respect to the public key A.
      2. If it fails, the AS will reject this bid; else the AS will go on testing.
    2. The AS tests if inline image. If so, Cj will be stored in an array list W[]; if not, Cj will be rejected. The correctness of the test is shown as follows:
      • display math(3)

SECURITY ANALYSIS

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

In this subsection, we analyze the security properties of the proposed SESA. In particular, following the security requirements discussed earlier, our analysis will focus on how the proposed SESA can achieve the goals. The extension can also achieve these properties.

  • The individual EB's bid is privacy preserving in the proposed SESA: In the proposed SESA, EB's bidding information is encrypted by its secret number rj as inline image. Anyone, including the AS, who does not know the secret number rj cannot recover bidj from the ciphertext Cj. Thus, if a bidder does not win the auction, in the proposed SESA, nobody can have any information about the bidder from its bid.
  • The authentication and data integrity of the individual EB's bid is achieved in the proposed SESA: In SESA, each EB's bidding information is signed by the ID-based signature scheme [24]. Because the ID-based signature inline image is provably secure, the source authentication and data integrity can be guaranteed. As a result, adversary inline image malicious behaviors in the smart grid communications can be detected in the proposed SESA.
  • The EB's keyword privacy and DER's trapdoor privacy are also achieved in the proposed SESA: In the proposed SESA, on one hand, the keyword that EB chose to append on the encrypted bid is protected by a hash function. Anyone, including the AS, cannot recover wj with the message inline image. On the other hand, when RS delivers DER's query to the AS to search for certain type of bids, the query is also not delivered by plaintext; it is protected by a hash function. Thus, anyone who gets the trapdoor only knows the hash value of the keyword inline image, and they do not know what the DER is really inquiring. Even when the AS does the verification of the tag and the trapdoor, it cannot know anything about the keyword except for whether they match or not.
  • The DER's trapdoor cannot be forged in the proposed SESA: In the proposed SESA, although the AS can have lots of trapdoors from DERs, it cannot forge a valid new one from the existing old ones. That is, because all the keywords are blinded by a hash function, the AS cannot get the real value of the keywords.

It is illustrated in Table 1 that most of the auction schemes [12-14] for power market are lack of security concerns. While, in traditional electronic auction system, the work in [7] only achieves the confidentiality and data integrity, the work in [8] achieves confidentiality, data privacy, and data integrity. Only the proposed SESA can achieve additional keyword privacy and trapdoor unforgeability compared with [8].

Table 1. Comparison of security properties.
Properties[12-14][7][8]SESA
  1. SESA, searchable encryption scheme for auction.

ConfidentialityNoYesYesYes
Data privacyNoNoYesYes
Bid integrityNoYesYesYes
Keyword privacyNoNoNoYes
Trapdoor unforgeabilityNoNoNoYes

Figure 3 shows that if the AS is compromised, the bids information and bidder's privacy will be disclosed in schemes [8, 12-14]; only those in [8] and the proposed SESA can remain secure. But [8] cannot support keyword search on the bids, and there is only one winner in [8]; it is not applicable for energy auction in the smart grid. From the aforementioned analysis, we can see that the proposed SESA can provide enough security guarantees for auction in smart grid marketing.

image

Figure 3. Fraction of compromised bids when the auction server is compromised. SESA, searchable encryption scheme for auction.

Download figure to PowerPoint

PERFORMANCE ANALYSIS

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

SESA versus EPPKS

In this subsection, we will compare our SESA with the privacy preserving keyword search scheme (EPPKS) [15] in terms of the computation and communication overhead in the one keyword search process.

Computation: In our proposed SESA, the computation tasks include pairing operations and exponentiation operations, where the pairing operations are the most time-consuming tasks. Since the hash operation and number multiplication are too fast compared with the pairing operations, we will not take them into consideration in this subsection. For simplicity of description, the pairing operation and exponentiation operation are denoted as Cp and Ce, respectively.

For the proposed SESA, when EBj generates an encrypted bid inline image, it requires three exponentiation operations and two pairing operations for bid encryption generation, i.e., 2Cp + 3Ce. The DERi or the RS needs one exponentiation operation to compute a trapdoor inline image. After receiving the trapdoor from DERi, the local AS needs to compute two pairings to verify the signature [24] and one pairing to test if there is a bid satisfying DERi's query. Finally, DERi or the RS requires one pairing operation and one exponentiation operation to decrypt the ciphertext if there are suitable bids.

In comparison, for EPPKS [15], it needs three pairing operations and six exponentiation operations to generate a data encryption on one keyword, i.e., 3Cp + 6Ce. The seeker needs one exponentiation operation to compute a trapdoor inline image. And the server needs one pairing operation to test whether a given tag contains keyword inline image. Then, the server needs 2Cp + 2Ce more computation overhead to obtain an intermediate result of the partial decipherment. At last, it will cost the seeker Ce to recovery the ciphertext.

Table 2 indicates that SESA is more efficient than EPPKS [15]. Detailed experiments also are conducted on a Pentium IV 3-GHz system to study the execution time [22, 23]. For G1 over the Freeman-Scott-Teske (FST) curve, a single exponentiation operation in G1 with 161 bits costs 1.1 ms, and the corresponding pairing operation costs 3.1 ms. The comparison of computation overhead is shown in Figure 4. We can see that SESA achieves totally lower execution times compared with EPPKS. Moreover, SESA can guarantee the integrity of the message, whereas EPPKS cannot achieve this property.

Table 2. Comparison of computation complexity.
ComputationSESAEPPKS
  1. SESA, searchable encryption scheme for auction; EPPKS, efficient privacy preserving keyword search; EB, energy buyer; AS, auction server; DER, distributed energy resource; RS, registration server.

EB2Cp + 3Ce3Cp + 6Ce
AS3Cp3Cp + 2Ce
DERi or RSCp + 2Ce2Ce
image

Figure 4. Comparison of computation overhead between searchable encryption scheme for auction (SESA) and efficient privacy preserving keyword search (EPPKS) schemes.

Download figure to PowerPoint

Communication: Most pairing-based cryptosystems need to work in a subgroup of the elliptic curve E(Fq). By representing elliptic curve points using point compression [25], the length of the elements in G1 and G2 will be roughly 161 bits (using point compression) and 1024 bits, respectively. SHA-1 is used to compute the hash function, which yields a 160-bit output. Let the parameter n in EPPKS be 160 bits. The communications among the three entities of the proposed SESA can be divided into three parts: EB-to-AS, DER-to-AS, and AS-to-RS communications.

We first consider the EB-to-AS communication in SESA. In the information encryption phase, the data report is in the form of inline image. Because the length of ID-based signature [24] is two G1 elements, the size of Kj should be 160 + 160 + 161 ∗ 2 + 160 + 161 = 963 bits. In the DER-to-AS communication, DER needs to deliver a trapdoor inline image to the AS, which is 160 bits, whereas in AS-to-RS communication, the AS will reply a ciphertext Cj to the EB if there is energy matching EB's demand, which is 160 bits.

In contrast, the user-to-server communication overhead in EPPKS is the message (Cm,Cw), which includes one G1 element, two n-bit elements, and one hash element. The size is 161 + 2n + 160 = 641 bits. Then, the trapdoor inline image with the size of 160 bits will be sent from the user to the server. In the server-to-receiver communication, if there is a keyword match, the server will reply (Cm,Cρ,Cw) to the receiver. Here, Cρ is an element of G2. The size of the reply is 161 + 160 + 2n + 1024 = 1665 bits. Table 3 and Figure 5 show the comparison of communication overhead between SESA and EPPKS. It can be seen that the SESA significantly reduces the communication overhead.

Table 3. Comparison of communication complexity (bit).
CommunicationSESAEPPKS
  1. SESA, searchable encryption scheme for auction; EPPKS, efficient privacy preserving keyword search; EB, energy buyer; AS, auction server; DER, distributed energy resource; RS, registration server.

EB to AS803640
DER to AS160160
AS to RS1601665
image

Figure 5. Comparison of communication overhead between searchable encryption scheme for auction (SESA) and efficient privacy preserving keyword search (EPPKS) schemes.

Download figure to PowerPoint

Extended SESA versus EPPKS

In this subsection, we will compare our extension of SESA with EPPKS [15] in terms of the computation overhead in the conjunctive keywords search process. Suppose there are 10 keywords tags on each bid and five keywords in the inline image conjunctive search trapdoor. In the extension, it costs the EBj 10 + 1 pairing operations and 10 + 2 exponentiation operations to generate an energy encryption inline image, i.e., 11Cp + 13Ce. On the other hand, the DERi or the RS needs 5 + 2 hash operations and one exponentiation operation to compute the trapdoor. On receiving the trapdoor inline image from RS, the local AS needs five pairing operations and one hash operation to test DERi's query. If there is a suitable bid, the local AS needs to compute two pairings to verify the signature and one pairing to test if there is energy to satisfy DERi's load demand. The DERi or RS requires 1 pairing operation and 1 exponentiation operation to decrypt the ciphertext.

In comparison, the EPPKS needs 10 + 2 pairing operations and 10 * 2 + 4 exponentiation operations to generate an energy encryption on 10 keywords, i.e., 12Cp + 24Ce. Because EPPKS can do one keyword search at a time, for five-keyword search, the seeker needs to compute five trapdoors and sends them to the server, which needs five exponentiation operations. Thus, the server needs to test five times. Each time, the server needs one pairing operation to test whether a given tag contains keyword inline image or not. Thus, the server totally needs 5Cp to test all of the trapdoors. If there is a matching item, the server needs 2Cp + 2Ce more computation overhead to have an intermediate result of the partial decipherment. At last, it will cost the seeker Ce to recover the ciphertext.

In Table 4 and Figure 6, it can be seen that the extension of SESA requires much less computation overhead than the EPPKS for the conjunctive keywords search. In addition, the extension is also more efficient than the EPPKS in terms of communication overhead because more trapdoors need to be sent to the server in EPPKS.

Table 4. Comparison of computation complexity.
CommunicationSESAEPPKS
  1. SESA, searchable encryption scheme for auction; EPPKS, efficient privacy preserving keyword search; EB, energy buyer; AS, auction server; DER, distributed energy resource; RS, registration server.

EB11Cp + 12Ce12Cp + 24Ce
AS3Cp7Cp + 2Ce
DERi or RSCp + 2Ce6Ce
image

Figure 6. Comparison of computation between extended searchable encryption scheme for auction (SESA) and efficient privacy preserving keyword search (EPPKS) schemes.

Download figure to PowerPoint

CONCLUSION

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

In this paper, we have discussed the security and privacy concerns associated with energy auction in smart grid marketing and proposed an efficient SESA. We use PEKS to enable the energy sellers (DERs) to inquire potential winner from the AS while preserving the privacy of the EBs. In addition, an extension of SESA was presented to support detailed filtering of the bids. Security and performance analysis demonstrate that both our proposed SESA and its extension can achieve data and keyword privacy, bid integrity, and trapdoor unforgeability, and they are more efficient than the existing keyword search approach EPPKS in terms of computation and communication overhead. In the future, we will consider more complex conditions, such as efficient range search and filtering of energy trading in smart grid marketing.

ACKNOWLEDGEMENTS

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES

This work is supported by the National Natural Science Foundation of China under grant no. 60903188, 61103207, and 61272437, and NSERC, Canada.

REFERENCES

  1. Top of page
  2. ABSTRACT
  3. INTRODUCTION
  4. RELATED WORK
  5. PRELIMINARIES
  6. SYSTEM MODEL
  7. PROPOSED SESA
  8. EXTENDED SESA WITH CONJUNCTIVE KEYWORDS SEARCH
  9. SECURITY ANALYSIS
  10. PERFORMANCE ANALYSIS
  11. CONCLUSION
  12. ACKNOWLEDGEMENTS
  13. REFERENCES
  • 1
    Yuen C, Oudalov A, Timbus A. The provision of frequency control reserves from multiple micro-grids. IEEE Transactions on Industrial Electronics 2011; 587(1): 173183.
  • 2
    Ramachandran B, Srivastava SK, Edrington CS, et al. An intelligent auction scheme for smart grid market using a hybrid immune algorithm. IEEE Transactions on Industrial Electronics 2011; 58(10): 46034612.
  • 3
    Forte VJ. Smart grid at national grid. In Proceeding of ISGT 2010, Gaithersburg, MD, Jan. 2010; 14.
  • 4
    Chakraborty S, Weiss MD, Simoes MG. Distributed intelligent energy management system for a single-phase high-frequency AC microgrid. IEEE Transactions on Industrial Electronics 2007; 54(1): 97109.
  • 5
    Lu R, Liang X, Li X, Lin X, Shen X. EPPA: an efficient and privacy-preserving aggregation scheme for secure smart grid communications. IEEE Transactions on Parallel and Distributed Systems 2012; 23(9): 16211632.
  • 6
    Li H, Liang X, Lu R, Lin X, Shen X. EDR: an efficient demand response scheme for achieving forward secrecy in smart grid. In Proceedings of 2012 IEEE Global Telecommunications Conference (GLOBECOM 2012), to appear.
  • 7
    Chang YF, Chang CC. Enhanced anonymous auction protocols with freewheeling bids. In Proceedings of 20th International Conference on Advanced Information Networking and Application (AINA06), 2006; 353358.
  • 8
    Li MJ, Justie STJ, Jennifer HCT. Practical electronic auction scheme with strong anonymity and bidding privacy. Information Sciences 2011; 181(12): 25762586.
  • 9
    Shao J, Cao Z, Liang X, Lin H. Proxy re-encryption with keyword search. Information Sciences 2010; 180(13): 25762587.
  • 10
    Bompard E, Lu W, Napoli R. Network constraint impacts on the competitive electrically markets under supply-side strategic bidding. IEEE Transactions on Power Systems 2006; 21(1): 160170.
  • 11
    Li X, Liang X, Lu R, Lin X, Zhu H, Shen X. Securing smart grid: cyber attacks, countermeasures and challenges. IEEE Communications Magazine 2012; 50(8): 3845.
  • 12
    Song Y, Ni Y, Wen F. An improvement of generation firm's bidding strategies based on conjectural variation regulation via dynamic learning. In proceedings of the CSEE 2003; 23(12): 2327.
  • 13
    Kanga DJ, Kimb BH, Hur D. Supplier bidding strategy based on non-cooperative game theory concepts in single auction power pools. Electric Power Systems Research 2007; 77(5–6): 630636.
  • 14
    Liaw HT, Juang WS, Lin CK. An electronic online bidding auction protocol with both security and efficiency. Applied Mathematics and Computation 2006; 174(2): 14871497.
  • 15
    Liu Q, Wang G, Wu J. An efficient privacy preserving keyword search scheme in cloud computing. In Proceeding of 2009 International Conference on Computational Science and Engineering, 2009; 715720.
  • 16
    Boneh D, Crescenzo DG, Ostrovsky R, Persiano G. Public key encryption with keyword search. In Proceeding of EUROCRYPT 2004. LNCS, vol. 3027, 506522.
  • 17
    Fadlullah ZM, Kato N, Lu R, Shen X, Nozaki Y. Towards secure targeted broadcast in smart grid. IEEE Communications Magazine 2012; 50(5): 150156.
  • 18
    Fouda M, Fadlullah ZM, Kato N, Lu R, Shen X. A light-weight message authentication scheme for smart grid communications. IEEE Transactions on Smart Grid 2011; 2(4): 675685.
  • 19
    Lin X, Lu R, Foxton K, Shen X. An efficient searchable encryption scheme and its application in network forensics. In Proceeding of E-Forensics 2010, LNICST 56, 6678.
  • 20
    Zhang B, Zhang FG. An efficient public key encryption with conjunctive-subset keywords search. Journal of Network and Computer Applications 2011; 34(1): 262267.
  • 21
    Dan B, Ben L, Hovav S. Short signatures from the Weil pairing. Journal of Cryptology 2004; 17(4): 297319.
  • 22
    Scott M. Efficient implementation of cryptographic pairings. Available: http://ecrypt-ss07.rhul.ac.uk/Slides/Thursday/mscottsamos07.pdf
  • 23
  • 24
    Libert B, Quisquater JJ. The exact security of an identity based signature and its applications. Preprint available at http://eprint.iacr.org/2004/102.
  • 25
    Galbraith SD. Pairings. Advances in Elliptic Curve Cryptography, Chapter 9, Cambridge University Press: New York, NY, USA; 2005; 183213.