Privacy-Preserving Fog Aggregation of Smart Grid Data Using Dynamic Differentially-Private Data Perturbation

The edge of the smart grid has a massive number of power and resource-constrained interconnected devices. Mainly, smart meters report power consumption data from consumer homes, industrial buildings, and other connected infrastructures. Multiple approaches were proposed in the literature to preserve consumers’ privacy by altering the data via additive noise, masking, or other data obfuscation techniques. A significant body of work in the literature employs differential privacy methods with constraining predefined parameters to achieve the optimal trade-off between privacy and utility of the data. However, billing accuracy can be degraded by using such additive noise techniques. We propose a differentially-private model that perturbs data by adding noise obtained from a virtual chargeable battery, while maintaining billing accuracy. Our model utilizes fog-computing data aggregation with lightweight cryptographic primitives to ensure the authenticity and confidentiality of data generated by low-end devices. We describe our differentially-private model with flexible constraints and a dynamic window algorithm to maintain the privacy-budget loss in infinitely generated time-series data. Our experimental results show a possible decrease in data perturbation error by 51.7% and 61.2% for smart meters and fog aggregators perturbed data, respectively, compared to the commonly used Gaussian mechanism.


I. INTRODUCTION
S MART grids (SG) are implemented to fulfill the goals of energy efficiency, optimal energy distribution, seamless integration with renewable energy resources, and a stable supply of energy. The deployment of smart grids can be a requirement in some nations to meet sustainability, and green economy goals [1]. A core component that enables SG is the Advanced Metering Infrastructure (AMI) subsystem, which allows for both-way connectivity between energy service providers and their consumers. This two-way connection facilitates real-time operations of the grid in load-balancing and optimizing workloads of the power grid. That, in turn, converts to more efficiency and cost savings thanks to finegrained metrics collection by the AMI system. The AMI subsystem contains a distributed fleet of smart meter (SM) devices deployed at houses, local businesses, and industries. SMs periodically send power consumption metrics to the utility service providers or intermediate collection points. The availability of such data can allow the service provider to offer better dynamic pricing to consumers, optimize power delivery by predicting consumption patterns, and enhance power transmission planning. Therefore, data aggregation is a core task for every SG implementing a modern AMI.
Effective SG data aggregation requires mega-scale deployments of low-end devices (e.g. smart meters) that are interconnected. With a lack of an effective security model in a smart grid environment, the SG will be exposed to severe threats, some of which are presented in [2]- [6]. For example, a dishonest data aggregator could process the aggregated SM metrics to infer private information. Leaked information can include the number of residents in a given household and their availability. Additionally, the adversary can conclude the types of devices and appliances used within that particular household. The leaked data can be shared or sold without consumers' consent, exposing and violating their privacy. Furthermore, the collected data can be exploited in many other ways [7]. For example, a user load profile can reveal various private information such as time of sleep or time of a specific appliance usage during the day [8] as indicated by Fig. 1.   FIGURE 1. Household electricity demand profile [9] II. PROBLEM FORMULATION While frequent reporting of granular SM metrics to energy suppliers is beneficial, it can introduce major privacy problems. For example, adversaries can infer accurate highresolution readings on power consumption by eavesdropping on the communication data link, violating consumer privacy.
On the other hand, keeping the data hidden makes it unusable and defies the point of deploying smart meters. Therefore, it is crucial to find a solution that retains the utility of the data but preserves users' privacy. Such solutions need to protect the SG data on all levels, from consumers to data collection points and energy providers. The computational cost of these solutions needs to be considered as the SG is made of low-end devices with constrained computation and communication abilities. Bandwidth is another essential key to consider as many low-end smart meter devices typically report their consumption data to a centralized point at a high rate.
Load balancing the power load is a common way of perturbing data and adding noise to it as seen in [2], [10]- [16]. Charging and discharging a battery to add noisy data to the power load is a straightforward concept. Negative noise is added to the power load whenever the battery is physically fed with power (electrically charged). However, the opposite is true when a positive noise is later added to the power load whenever the battery is physically drained of energy (discharged). A hardware component is responsible for charging and discharging the physical battery. The physical chargeable battery approach is costly and limited in the sense that the capacity of the battery limits the amount of possible data perturbation. Different methods in the literature use a low amount of noise with differential privacy (DP) techniques to maintain the utility of data [11]. However, differential privacy approaches fall short when it comes to avoiding data loss, such as inability to conduct accurate consumer billing, losing other critical data resolution, or failure to reconstruct data [17].
This article introduces a very lightweight, secure, and nonexpensive aggregation method that preserves consumers' privacy and the safety of transferred data. We employ lightcryptographic techniques to encrypt data, authenticate its sources, and ensure its protection in the presence of an eavesdropper. Moreover, we utilize noise generation from a virtual battery model as a cost-effective alternative to physical batteries, which preserves high-resolution time-series SM data privacy. Our approach protects against potential adversarial data aggregators or untrusted service providers while maintaining data utility, along with proper consumer billing. A technique based on fog-computing data aggregation is discussed, along with a novel dynamic window algorithm for differential privacy. This work is based on a graduate thesis work by the first author [18]. The preliminary idea and concept of virtual battery first appeared in our previous conference publication [19]. This paper expands on our prior work by introducing a novel differentially-private dynamic window algorithm. Additionally, we present new experimental results with a detailed discussion that evaluates and shows the improvements over the current traditional approaches in the literature. Our work ensures the privacy of SM devices while preserving the billing accuracy through fog-enabled data aggregation without trusting the intermediate fog nodes or the service provider.
The remainder of this paper is organized as follows: Section III establishes background knowledge needed to introduce our work in following sections. Section IV describes our proposed model. Section V discusses the main results of our experimental evaluation. Section VI describes related work found in the literature. Section VII concludes this paper with remarks on future work.

A. FOG AGGREGATION
Typically, a large number of power-and resource-constrained IoT devices are deployed on the SG. These IoT devices cannot process the generated data themselves due to their limited capabilities and therefore need to delegate the processing to other resources. Moreover, the data generated by IoT devices must be transmitted using the consumers' network or a separate wireless network, to the backend server. A significant geographical distance between the IoT device and the service provider means more power is required to transmit data between them. Therefore, there is a need for a power-efficient method to transmit data. In addition, the large number of these devices can pose a networking challenge by introducing a communication bottleneck at the centralized receiving service provider server. To overcome these challenges, we use a fog-computing architecture to meet the requirements of SG deployments [11]. The fog nodes compute and aggregate data from many SMs, where the aggregated result is further sent to the backend server. In our scenario the SG service providers manage the backend server. The advantage of applying fog computing is aggregating the data on fog nodes instead of sending all SMs traffic to the service provider, causing network congestion. In addition, fog nodes can perform some processing tasks on data, reducing processing required on backend servers and protecting data from service providers. This architecture performs better by offloading some work from service providers' servers, preventing potential computing and networking bottlenecks. Such limitations can be introduced at the backend server, which handles requests from a massive number of IoT devices. Fog-computing-enabled smart grid architectures usually employ the fog-computing layer as an intermediate layer to save cost, improve scalability and reduce the complexity of the system [20]. Figure 2 depicts a common fogcomputing architecture. The advantages of such architecture are discussed in [21] and [11]. This paper adopts intermediate fog nodes, or data aggregators, in the middle layer of the aggregation architecture. In our architecture, fog nodes are an untrusted component of the system and are not allowed to access the private data produced by smart meters. Therefore, the smart meter data is obfuscated using noise that achieves differential privacy. The main objective of a data aggregator is to compute statistical data for an individual smart meter or a group of smart meters during a given period. By doing this, granular data is kept hidden from the utility provider. Additionally, the communication cost is reduced as aggregators perform the tasks of data collection and computing statistics rather than sending data directly to service providers. This paper interchangeably refers to fog nodes as data aggregators and IoT nodes as smart meters.

B. DIFFERENTIAL PRIVACY
A trial for privacy in SGs was presented in [22] where the possibilities of data leakage were tested in various scenarios with or without a trusted party. First, perturbed data is submitted by the service provider and analyzed for a possible information leak. Then, if the probability of finding the actual data is higher than random guessing, privacy is considered breached. However, when accessing a larger dataset, initial conditions can vary for the adversary, rendering this approach to be inaccurate [12]. Many methods for data obfuscation are present in the literature; however, the current state of the art mainly uses implementations of differential privacy.
Differential privacy as introduced in [23], is a mechanism that presents dataset semantics and patterns while preserving the privacy of any individual data point in that dataset. In differential privacy, if any user's contributions to the dataset were insignificant enough, then the result from a query to that dataset would not leak a significant amount of information about that individual user. Consequently, the overall result of a dataset query should not change when the data record of any individual user is altered (added, removed, or modified), thus assuring dataset contributors' privacy. DP is a powerful concept for providing privacy guarantees with intriguing properties, namely post-processing, closure, and composition. In the context of smart grids, DP can obfuscate aggregated SM readings to ensure privacy while maintaining the benefits of data analysis.

1) Definition of Differential Privacy
Assuming a mechanism M : X n → Y . For any two neighbouring data-sets X, X ′ ∈ X n that are different in one entry. We say that M is ε-differentially private if, for all neighboring X, X ′ , and all T ⊆ Y , we have: where M is a randomization mechanism and can be an algorithm that introduces additive noise to the original data X. In the literature related to differential privacy, the word mechanism is often used; however, both terms "mechanism" and "algorithm" are used interchangeably.
In the literature, usually, Laplacian or Gaussian noise is introduced. Several algorithms and differential privacy properties are discussed in [24]. The previous definition states that if the effect of making an arbitrary single replacement in the data-set is small enough, the query result cannot infer a single individual's data. Here, the difference between X and X ′ is the data belonging to one entity in the data-set. Therefore, we can get one data set from another by either adding, removing or changing this entity's data.
There are algorithms that, by perturbing data, can turn query results into differentially private ones. In a smart grid, we consider a single query equivalent to one aggregate. In differential privacy, a parameter ε shows the privacy strength and is referred to as the privacy budget. The perturbation applied to the data in differential privacy is inversely proportional to ε, where a smaller ε produces better privacy but less accuracy and vise versa. It is a challenge in smart metering to balance ε value to tweak the amount of added noise that does not violate privacy yet preserves data utility. A trade-off between privacy and accuracy is presented in [22]. VOLUME 4, 2016 2) Properties of Differential Privacy Differential privacy offers several properties that make it modular and trivial to implement. 1) Post-Processing: A valuable property of differential privacy is that once the data is privatized with differential privacy, the privacy will not be breached if the data is not used again. Let M : X n → Y be ε-differentially private and F : Y → Z be an arbitrary randomized mapping. Then differentially private and the algorithms M i 's are potentially chosen sequentially and adaptively. Then M is It is not always clear what the value of ε should be to maintain privacy since differential privacy is usually added to static data by a trusted curator [25]. In time-series and growing data-sets, it is unfeasible to apply differential privacy with a constant ε as the data is continuously growing. One crucial property to solve this is the composition of differential privacy. In a composition of T independent queries, the privacy parameters ε, δ must be accumulated.
For example, at each time iteration, t i when applying differential privacy on the power load at a window of time w j and each power load X(t) is summarized for a window; for the first period of 10 minutes t = 0 to t = 10 the w 0 value is w 0 = 10 t=0 X(t). Therefore the window w j between t = i and t = i ′ values can be calculated by: For example, applying differential privacy with parameters ε 1 , ε 2 and ε 3 on time windows w 1 , w 2 and w 3 respectively; the composition property states that the overall privacy of all three windows is: ε total = ε 1 + ε 2 + ε 3 . The previous equation 1 shows that the values of ε will increase over time.
We found that many solutions in the literature ignore the deterioration of ε over time, and we will present our solution for this in later sections. Sensitivity is another parameter to consider when implementing differential privacy. Sensitivity captures the influence by which a single data entry can affect the mechanism and therefore change the perturbation level needed to hide all data. Thus, the sensitivity of a function bounds the perturbation level we must introduce to preserve privacy.
In smart metering data, which is a time-series data, the maximum global value is unknown, making it challenging to measure sensitivity because future unknown readings with the highest values can break differential privacy.

IV. PROPOSED MODEL
Our proposed virtual battery (VB) system model assumes that the SM devices are resistant to physical attacks such as physically tampering with the device to change the values it produces. Some approaches in the literature aid in protecting against physical as well as software adversaries known as trusted execution environments [26]. We propose a fog-computing hierarchical architecture that ensures accurate billing and provides data perturbation via additive noise received from the VB. Adopting this VB approach offers the advantage of using more power loads without enduring the costs of having a large physical battery. Our proposed VB system utilizes a distributed data aggregation architecture based on fog computing, producing perturbation noise on each SM and data aggregator. We consider data aggregators and utility providers in our model to not be trusted, hence our use of differential privacy techniques on SMs and data aggregators.

A. A VIRTUAL VALUE AS A BATTERY
Essentially, our VB is a shared value known to the fogcomputing data collecting node, the power utility provider, and the smart meter device. Figure 3 depicts the architecture for establishing this value. Table 1 contains a list of symbols used in this paper. We use V B(t, m) to denote the value of the VB at a point in time t of a period m where m starts at t 0 = 0 and ends with t f . Therefore, at the start of period m j , the initial value of VB is V B(t 0 , m j ). VB value should be V B(t f , m) after the entire period m has passed. For the first update of the SM at the first period m 0 , the value of V B(t 0 , m 0 ) is zero; the SM then transmits this value to the utility provider at the end of m 0 for the next period m 1 . Below, we describe the steps of perturbing the original data with additive noise using a VB on an individual SM: 1) At the beginning of a relatively long period m j , for example a month, the SM sends V B(t 0 , m j ) value to the utility provider for acknowledgment. For the first Power load reading of smart meter n at time t Ln(t) Encrypted power load reading plus noise of smart meter n at time t V Bn(t) Virtual Battery value of smart meter n at time t Nn(t) Noise added at time t to power load of smart meter n Na(t) Noise added at time t to power load of an aggregator a An(t) Coarse grained aggregated value of smart meter n load plus noise T Cn(t) Total consumption for the smart meter n U (t) Total consumption of all smart meters at time t SM update to utility provider of the first period m 0 : V B(t 0 , m 0 ) = 0. 2) After a short period t 1 , the SM perturbs its original data by adding some noise N to it and then forwards this noisy data to the data aggregation node. Then, the SM device subtracts the noisy data from the VB value to preserve the accuracy of billing as shown in equation (2): 3) When reaching the end of time period m j , the SM sends V B(t i , m j ) to the utility provider: It is important to note that the utility provider is unaware of the fine grained values V B(t i , m j ) and N (t i , m j ) and only recieves the end value V B(t f , m j ) from the SM. 4) The aggregator recieves periodic perturbed readings (X(t i , m j ) + N (t i , m j )) from the SM and calculates is sent to the utility provider: It is worth mentioning that the aggregator calculates . By subtracting m j , which is the VB power consumption of the period m j , the utility provider can calculate V B(t 0 , m j ) − V B(t f , m j ) to get the total consumption T C: 5) After a reasonably long period, a month for example, the final VB value is exchanged. The exchange of VB value guarantees billing accuracy since the added noise was subtracted from the VB value. The reason behind monthly updates of VB value exchanges is to prevent the utility provider from inferring further information, such as individually added noise, from the fine-grained VB values. Furthermore, since subtracting individual noise from the VB value happens only at the SM device, the utility provider is unaware of distinct noise values added to the VB. Section IV-D discusses the aspects of security in terms of communicating the value of VB in more detail.
For dynamic billing, it is possible to use multiple virtual batteries; for example, when billing is different between daytime and night-time, we can use V B day , V B night . Noise added at daytime is added to V B day , and night-time noise is added to V B night . Both values are sent from the smart meter to the utility provider.
Other privacy-preserving approaches that rely on physical batteries perturbation, such as [10] [13], can take advantage of our virtual system; the benefits can be in terms of cost and perturbation level. Cost is less since maintenance and initial battery costs are no longer needed. Perturbation is enhanced since the capacity is no longer tied to the actual capability of the physical battery. Additionally, our VB method is agnostic to the used resource and can be used with non-electric utilities, such as natural gas or water. Moreover, other models that rely on noise from power storage devices or consumer devices such as [14] can replace that reliance with noise from a VB system. Methods that adopt differential privacy [11] can utilize the Gaussian mechanism noise from the VB to achieve robust and correct consumer bill estimation. For instance, when a consumer suddenly demands a huge amount of power, causing a spike in demand, the amount of perturbation noise needed to obfuscate that spike is relatively large. Therefore, if this perturbation noise is not adequately addressed in calculating the consumer's bill, it will lead to inaccurate billing. Thus, we can effectively guarantee the power-load demand from the consumer to be limited via thresholding the power load at a maximum value and adding the subtracted value to the VB. For example, if P peak is exceeded at time Furthermore, it is possible to use excessive noise in any data perturbation method while adding its consumption to the VB to maintain billing correctness since VB value will be sent later for billing. Differential privacy can achieve an extra level of privacy by using the VB noise with a lower value of ε and, therefore, a better privacy budget loss. This ensures greater privacy guarantees at some cost of data utility. Our system adopts a distributed scheme of differential privacy. VOLUME 4, 2016

B. DISTRIBUTED DATA COLLECTION SYSTEM
Our fog-computing distributed system is comprised of three layers, as shown in Fig. 4. The lowest layer is all SM devices, the data aggregator fog nodes are in the middle layer, and the service provider backend servers are at the highest. Multiple methods that can be utilized for the SM-to-aggregator communication are shown in [27].

1) Aggregation of Smart Meter Data
Fog nodes reduce the cost of computation and communication as they offload work from the service provider's server. Coarse-grained statistics of each SM are sent to the aggregators. Furthermore, neighborhood power loads from multiple SM devices can be aggregated on fog nodes, and then results are forwarded to the service provider. Apart from the setup phase, our system assumes uni-directional communications only from SM devices to aggregators and from aggregators to the utility provider.
Our proposed architecture has some assumptions in place where we consider aggregators and the utility provider as adversaries and therefore are not allowed to read private information about SG consumers. We assume SM devices are resistant to physical tampering. SMs locally store their encryption keys safely and apply differential privacy on power consumption readings in a defined period we call a window before transmitting the readings to aggregators. This window can be a value between an already established parameters w min , w max , which will be discussed in a later section IV-C3. Our VB model uses fog nodes as aggregation points we call aggregators. A set of SMs directly communicate with multiple data aggregation points that gather and accumulate data to forward them to a specific utility provider. Each SM device adds perturbation noise to its original data with noise generated from a VB. The perturbed data is encrypted and forwarded to the nearest aggregator.
The aggregator decrypts, accumulates values, encrypts the results, and finally delivers these results to the utility provider; further details regarding the cryptographic techniques used are discussed in Section IV-D. At last, the utility provider decrypts the aggregated results. Then, at recurring intervals, SMs forward encrypted VB data to the utility provider to be compared and accumulated to generate a correct power bill for consumers.
As an example, for a SM that updates its power load every minute, we add noise . Therefore, the perturbed load can be computed with: is sent from the SM to utility provider at the end of m j to be accounted for in billing. The actual load can be computed using: where actual load is equal to the noise subtracted from the perturbed load. To stop the utility provider from inferring other information by observing perturbed data and power consumption, we send VB values after a long period. Each SM device SM n contains a V B n value with an initial value V B n (t 0 , m j ). Initially, at the start of the first period m 0 , the value V B n (t 0 , m 0 ) is equal to zero. For the next period m 1 , V B(t 0 , m 1 ) is already sent from the SM to the utility provider. It is worth mentioning that V B(t 0 , m 1 ) for the period m 1 is equal to V B(t f , m 0 ) at the end of period m 0 : Fig. 4 shows the aggregation architecture and Table 1 explains the used symbols. The following steps describe the complete aggregation process of a period m where Enc and Dec are encryption and decryption methods discussed in Section IV-D: 1) Virtual batteries V B n for each smart meter device SM n with values V B n (t 0 , m j ) are encrypted using methods discussed in Section IV-D and sent to the utility provider by the SMs. At the first update by SMs, or when SMs are first powered-on, V B n (t 0 , m 0 ) is equal to zero. 2) The SM device SM n containing a VB value of V B n sends the initial value V B n (t 0 , m j ) to the utility provider. SM n then performs data perturbation on its original raw data at time period (t 1 , m j ) : X n (t 1 , m j ) with noise N n (t 1 , m j ). The added noise is taken from V B n (t 0 , m j ) by setting the new value V B n (t 1 , m j ) from (2). SM n then sends L n (t 1 , m j ) to the data aggregator, which is calculated by Depending on the granularity of the data, the value of period m j is determined. During the period m j , possibly a month, V B n (t f , m j ) is calculated by adding all generated noise over this m j period to the VB.
V B n (t f , m j ) value is then encrypted before transmission to the service provider to bill the corresponding SM n device 3) During a window of time w, an aggregator A n receives a number of perturbed and encrypted values of consumption L sm1 (t i , m j ) from (7) and calculates i∈w L sm1 (t i , m j ) during w from SM 1 . Each value of L sm1 (t i , m j ) at time t i is decrypted and the aggregation is done on the new coarse grained w. Aggregator adds its own noise to this load for a parallel differential privacy N a (t i ′ , m j ). With the aggregated value starting at (t i , m j ) and finishing at the end of w with (t i ′ , m j ) we calculate and encrypt the consumption of sm 1 by: 5) The utility provider calculates A n (t f , m j ) which is the power load plus noise for an individual SM n. The utility provider subtracts the consumed value of the VB from A n (t f , m j ) to compute the total consumption T C for the period (t f , m j ): 2) Regional Aggregation Regional aggregation is when the service provider requires an instant power consumption report of a neighborhood or a region. Regional aggregation is not related to billing, and it is mainly used for planning power distribution and optimizing power generation. However, applying differential privacy by aggregating SM readings to more coarse-grained data causes a delay in transmitting the final result as either the SM or the aggregator is waiting for the following values to be accounted for. Therefore, this section discusses the aggregation of SM devices connected to an aggregator summarizing regional data. Our proposed system utilizes an algorithm that uses a dynamic window size which is discussed in section IV-C3. For example, in our model, if the SM power reading is low, resulting in a small error value, the window size w, which is adaptively set by the algorithm, might be selected to be repeatedly large. Therefore, if an aggregator utilizes our algorithm to summarize the power load of a region, then the large w value may cause an undesirable delay in updating power readings to the service provider. Hence, regional aggregation readings are sent separately in case a large window size causes a large delay in updating regional power consumption. The regional aggregation is conducted over high-resolution data generated by SM devices. Here, the level of granularity is limited only by the max window size w max of the SM device, which in our system is relatively small compared to the aggregator's w max . Therefore, the delay for regional aggregation will be small since its value is limited by the SMs w max value. The aggregated summaries do not contain SM identifiable information. Moreover, neither cost nor VB values are sent, preventing the inferral of private data. Aggregators send only the total load consumption of the neighborhood for their connected SM devices to the utility provider. [11] describes a similar approach. 1) For a window specified for regional aggregation w reg = w sm,max where w sm,max is the w max parameter set for SMs, an aggregator A receives a number of perturbed and encrypted values of consumption for n number of smart meters L smn from equation 7 and receives ( i∈wreg L smx (t i )) during w reg from each SM in the region; where x is the number of connected regional SMs. Each value of L smx is decrypted, and the aggregators perturbs the sum of all SMs readings during w reg . With the aggregated value starting at t i and finishing at the end of w reg with t i ′ we calculate regional consumption of A by: 2) The perturbed regional aggregated value of N aggregators are sent to the utility provider individually. Each aggregated value can be analysed for power distribution and prediction for the area connected to the specific aggregator. The utility provider decrypts and summarizes values from all regions power consumption: C. DIFFERENTIAL PRIVACY VOLUME 4, 2016 Gaussian mechanism decomposition implements noise collected from all participants. Each participant produces little amounts of noise, and the privacy of the consumer is ensured if the summarized noise from all participants has a σ standard deviation. Theorem A.1. IV-C1a from [24] gives us the following definition: Let f : N |x| → R d be a function of d-dimensions, and its ℓ 2 sensitivity is defined as The Gaussian mechanism that has the δ parameter adds noise scaled to N (0, σ 2 ) to every d components of the output.
a: Theorem A.1 Let ε ∈ (0, 1) be arbitrary. For c 2 > 2ln(1.25/δ) the Gaussian mechanism with parameter σ ≥ c△ 2 f /ε is (ε, δ)differentially private. Following the parameters of distributed differential privacy, we have: Where the number of user is n, x i is the data generated at time t for user i, the additive noise is r, and σ satisfies the Theorem A.1. IV-C1a.

2) Differential Privacy in Distributed Systems
In a distributed setting, distributed differential privacy uses noise aggregated from several contributors. While approaches to preserve privacy based on differential privacy mechanisms are well discussed in the related field [23], our approach offers a dynamic window algorithm, and a data denoising capability via seamless deduction of the sum of added noise from the VB value. This enables correct billing for consumers while preserving privacy, improving over traditional methods. Looking closely to Theorem A.1 IV-C1a, r is the additive noise which gets deducted from VB value for each SM to preserve the value of overall added noise for a precise billing. Moreover, the utility provider can grant clients the option for absolute privacy with no benefit of data analysis by using high level of perturbation that does not affect billing. A completely different SM software can present data analysis and suggestions to the user since the SM device can get the value of the V B(t) without relying on other parties, such as the aggregation points or utility provider for providing statistics. Although we show a single VB per smart meter device in our experiments, our proposed VB system supports many methods of data perturbation.

a: Sensitivity
From Theorem A.1. IV-C1a in section IV-C1 we have the sensitivity S of our algorithm M is: Various articles in the literature propose frameworks that implement a point-wise sensitivity. However, we argue that this does not guarantee differential privacy, as the sensitivity calculation should account for the entire data-set. In a smart grid, not knowing all power readings in the entire dataset, as future SM readings are continuously updated from SMs, predicting the sensitivity is a non-trivial task. A sensible way is needed to determine the sensitivity in a private manner [12]. We employ an algorithm that uses several parameters to ensure bounds on future sensitivity. The algorithm uses a dynamic window bounded between w min and w max which guarantees a differential privacy and limits the maximum power value at P peak . Furthermore, the algorithm ensures that the error value of the perturbation does not exceed err max . We explain the previously mentioned parameters and algorithm in section IV-C3 and Table 2. The sensitivity can be calculated for the dynamic window w bounded by w min , w max . Within the smart gris that applies differential privacy on a dynamic and bound w we know that the maximum power consumption for w is the maximum power P peak applied on all readings inside w max . On the other hand, the lowest power reading summarized for w will be the lowest power reading possible, which is zero, perturbed by the least differentially private noise N applied in w min . By applying the previous statements, as we have bounded the future maximum consumption by selecting a dynamic window size, we can measure sensitivity by: In a one dimensional dataset, by applying Theorem A.1. IV-C1a we can calculate the standard deviation σ of the Gaussian mechanism where ε ∈ (0, 1) and δ ∈ (0, 1): c: Privacy Budget From the differential privacy composition theorem, we know that for multiple algorithms applies on the same data the privacy budget parameters ε and δ for each algorithm are added up. For example, applying (ε, δ)-differential privacy on each window (w 1 , w 2 , ...w k ) in a space k number of windows. We apply the following differentially-private parameters (ε 1 , ε 2 ...ε k , δ 1 , δ 2 , ..., δ k ). Therefore the overall privacy budget are: ε = k i=1 ε i and δ = k i=1 δ i meaning for the first window we lose from the privacy budget ε 1 = ε/k and δ 1 = δ/k. Therefore, it is important to increase the window size when possible in order to consume less privacy budget.

3) Dynamic Window Differential Privacy
In the SG, the data stream is considered infinite. Therefore, the privacy budget deteriorates over time, and many bounding algorithms exist in the literature to address this [28], [29]. To our knowledge, there is no algorithm in the literature that considers our chosen parameters. In this section we define the parameters used as shown in Table 2. 1) w min : is the minimum window size defined by the Utility Provider, which is the number of power readings in the time series of the fine-grained smart meter or aggregator readings. w min should not be selected to be too small, as that would unnecessarily drain the privacy budget, and it should be larger for the aggregator. In our model, the perturbation algorithm will increase the number of the included power readings beginning at w min until one of the two parameters is reached err max or w max . 2) w max is the maximum number of power reading points allowed by the utility provider. This value is required and set by the utility provider to limit the windows of periodic updates for data statistics. For example, at night, where there could be zero power consumption, our algorithm may increase w and not be bounded by the error for an extended amount of time. It is important to consider that the larger the value of w max , the less privacy budget loss; therefore, this value should consider privacy vs. utility provider updates requirements. 3) P peak is the peak power load, which is calculated by applying noise on increasing similar power values up to maximum allowed power in w max until err max value is reached. The P peak value is used to achieve better performance in the algorithm since if adding the total consumption over w exceeds P peak value, we know that w will break err max without the need to generate noise. Here, it may also be possible for a single reading to exceed P peak we threshold all such readings and add the trimmed values to the virtual battery value. Trimming single outliers that exceed P peak guarantees the value of sensitivity. 4) err max is the maximum error allowed for perturbation by the utility provider. The value of err for each w is calculated by the mean absolute error: w event ε-differential privacy was introduced in [30] and applied in [28] for ε-differential privacy to protect event sequence occurring in a window of w time. We expand on w-event differential privacy for time series data in the smart grid with minimum privacy budget loss.
a: Dynamic Window Differential Privacy Algorithm w-event differential privacy presents a solution for the infinite data stream; here, privacy is applied at sliding windows of size w in the smart grid. However, the fixed window size means unnecessarily sacrificing the privacy budget because of dynamic changes in the time-series power readings of the SMs. For example, the power load may change dramatically when using heavy appliances such as heaters; on the other hand, night power consumption is usually low. Consequently, we use a dynamically changing window size accompanied by specified bounds with differential privacy guarantees.
In w-event differential privacy, the perturbation of data in a single w leads to a consumption of a fixed privacy budget taken from the overall privacy budget. Increasing the window size will lead to a lower privacy budget loss but leads to a high perturbation and more significant error value. We present a dynamic window differential privacy algorithm that uses a dynamic window size w and limits the window size by P peak , err max and w max . Our algorithm ensures that the error resulting from the perturbation err does not exceed a certain amount as it the algorithm selects w in a way that bounds the resulting perturbed data with a maximum values of P peak and err max . At the same time, we bound w by w max for consistent reporting to the aggregator and utility provider. Algorithm 1 describes the implementation of our algorithm.

Algorithm 1: Dynamic Window Differential Privacy Algorithm
Input: w min , w max , err max current window w = w min Calculate P peak while err ≤ err max do while w ≤ w max do while P (t) ≤ P peak do end w++; end Calculate error: err = P (t i )/L(t i ); Apply perturbation on w: Calculate new privacy budget parameters: ε = ε − ε i , δ = δ − δ i ; Output perturbed value for w i−1 : L(t i−1 ); Both SMs and aggregators use the same algorithm; however, the parameters' values will be different for aggregators. w min and w max values will be larger for the aggregator, as we expect the aggregators to collect more coarse-grained data. Smart meters perturb their data only to protect it from the aggregator, since we consider aggregators to be a possible adversary. It is reasonable to assign larger values of ε the privacy budget for the smart meters, since it is less likely for the aggregator to be an adversary. Additionally, the data VOLUME 4, 2016 will be perturbed again by the aggregator before forwarding it to the utility provider. Another benefit of increasing window size is to lower network communication costs, since both SMs and aggregators summarize the windows' power load into a single value before sending it.

D. CRYPTOGRAPHIC METHODS a: Diffie Hellman Key Exchange
Adopting compute-light cryptographic constructions is essential in IoT environments such as smart meters in the smart grid. Our approach requires two symmetric keys to secure connections to the utility provider and fog-aggregator to send the values of VB and load consumption, respectively. Symmetric keys are exchanged between fog aggregation nodes and every connected smart meter device and upstream utility provider. However, all keys for aggregation and smart meter nodes must be present at the utility provider servers. We utilize Diffie-Hellman key exchange [31] to perform any key exchanges between parties. In addition, we adopt AES [32] as an encryption scheme, although any symmetric algorithm can be used instead if needed in our system. Typically, authentication is accomplished with an asymmetric-key cryptographic scheme. However, we use our own simpler and more light-weight challenge-response between two parties depicted in Fig. 5 due to the inherent heavy computations of public-key schemes and the dependency on trusted authority which is a third party for key distribution. The final secret is obtained by concatenating the Diffie Hellman derived key with a utility-provider-supplied fixed ID. The utility provider sets the utility-provider-supplied fixed ID before SM device distribution. The utility provider shares a secret string for data aggregators instead, similar to the fixed ID of SM devices. This key exchange is performed once to authenticate the secret key to be used for encryption later on and never used to authenticate data. This key bidirectional challenge and response key exchange establishes protection against man-in-the-middle attacks; Whereby an attacker can impersonate both sides of the communication channel, compromising confidentiality and integrity. The utility provider, aggregators, and SM devices store their secrets locally, and they no longer perform any further key exchanges. This approach keeps our protocol light-weight, compute-efficient, and avoids third-party trust compared to other methods such as public-key cryptography.

b: Keyed-Hash Message Authentication Code (HMAC)
HMAC is a variation of the Message Authentication Code (MAC) that uses secret keys and hash functions and provides data integrity and authenticity. HMAC is an improved version of MAC since MAC is known to suffer from length-extension attack where an attacker can append data to the message without knowing the key. The implementation methodology and definitions are presented in [33] and [34]. A shared secret is used in HMAC implementation that does not require a third party's involvement in key distribution, as is the case with public-key cryptography. Following up on the previous section, we assume that the key is already exchanged between parties: 1) The key is used to acquire two separate keys referred to as the inner and outer keys. 2) Two hash rounds are applied; the first round produces a hash from the inner key with the already encrypted message.
3) The resulting hash is hashed again, with the outer key producing the final HMAC code. Usually, HMAC applies iterative hashing functions such as SHA-256 or SHA-512 over multiple fixed-sized blocks; for example, SHA-256 works on blocks of 512-bit. Since we cannot guarantee our communication block size, we truncate our data blocks to the proper size. The encrypted message is then sent alongside the HMAC code to the other party. The other party will then hash the message again, and the computed hashes should match the received hash authenticating the message. The definition of HMAC from [33] and [35] HM AC(K, m) = H((K ′ ⊕ opad) ∥ H((K ′ ⊕ ipad) ∥ m)) When K is larger than block size then K ′ = H(K) otherwise K ′ = K. K ′ is a block-sized key obtained from the secret key K either by padding with zeroes up to the block size or by hashing down to ≤ block size and later padding with zeros. Table 3 contains an explanation of the used symbols.

V. EXPERIMENTS AND RESULTS DISCUSSION
This section evaluates our model's performance accuracy and compares it with the traditional Gaussian mechanism. We ap-ply our model to an actual smart home dataset. Our dynamic window model is applied to the individual household electric power consumption dataset [36]. The dataset contains electric power consumption measurements in a household with a one-minute sampling rate for almost four years. We apply our perturbation with the dynamic window differential privacy algorithm on smart meters and then on aggregator nodes. For every window w, we aggregate the values from the smart meters and apply noise, losing an amount of privacy budget ε w . Next, the aggregator receives the perturbed data and applies another perturbation level; the noise added to achieve data perturbation is added to the virtual battery of each smart meter. Error is calculated over the most recent time series values for each time window w. The values for w min , w max , err max and P peak are set for the smart meter and aggregator. Naturally, the values of parameters w min , w max are selected to be larger for the smart meter than those used for the aggregator. Choosing a larger window size for smart meters hides the smart meter's data from the aggregator and consumes less privacy budget for the smart meter windows as the smart meter processes more fine-grained data. On the other hand, err max , P peak values are chosen to be larger for the aggregator as aggregators aggregate larger values for smaller window sizes. The accuracy is visualized and presented by the Mean Relative Error (MRE) for a time period T in percentage as defined below: Fig. 6 shows the aggregation of time series for a single smart meter. The original data is shown in dotted line, the stripped line shows traditional Gaussian mechanism, and the solid line is used to represent our model. The perturbation is applied by consuming values of ε per window size w with fixed w used in traditional Gaussian mechanism and dynamic w size in our model. We can see from the results that we were able to control the error value and achieve a specific error value while consuming less privacy budget since we are using a dynamic window size. The accuracy in our model is evident by the larger range of the traditional Gaussian mechanism signal or the number of outliers. Note that the values are trimmed at the highest values by P peak and at lowest value by minimum noise in our model. These values are trimmed and sent to the virtual battery and do not affect differential privacy due to the differential privacy's post-processing property.
Similarly, Fig. 7 shows the aggregation of time series for the aggregator. In both results, the values of differential privacy parameters per w are set as ε = 1 and δ = 1/n 2 where n is the number of readings in the data set. Table 4 shows a comparison between the MRE difference between using our model and the traditional Gaussian mechanism. Note that the error rate in our model is much lower than the traditional Gaussian mechanism while we kept the differential privacy guarantees. The error is low since  we choose the perturbation window size optimally with the err max and trim the power between P peak and noise applied on zero values. The window size also improved upon the loss of privacy budget as the added noise is applied on a larger window size when possible. We argue that this is better for data analysis and that the only drawback is using more coarse-grained data dynamically. It is important to note here that we could specify err max to achieve better accuracy; however, depending on the application and the required level of accepted error in the data, it is possible to increase the amount of err max as desired. An initial value of err max can be set on the smart meter running as a closed enclave with the ability only to increase this value given to the utility provider.  Fig. 8 shows smart meter perturbation error MRE over various values of differential privacy budget ε. Our test outcomes support differential privacy's theoretical principles; Lower values of privacy budget ε results in more noise and larger error values. Furthermore, we can see that the error value does not exceed 3.1% for ε = 3 while MRE is 79% in Gaussian mechanism with the same ε value. Fig. 9 represents the effect of increasing the window size w on the MRE applied over a monthly period. We can see VOLUME 4, 2016  However, there are some inconsistencies in the graph; for example, at w = 210, this is due to the randomness introduced when applying noise from a Gaussian distribution. We can see that after a certain amount of window size:w = 190 increasing the window size does not decrease the MRE value by much; this is because the MRE is limited by the value of err max . err max value is used on the window size w taken from the overall consumption; therefore, the overall MRE will reduce to a certain level. However, even after reaching this value of w, the increase of w still benefits our model in reducing the consumed privacy budget ε. In the used dataset, we have readings of the power load for every minute. A fixed window size will be, for example, 10 minutes. The applied ε on a fixed window for the monthly period will be the addition of all ε applied on each window by using the total composition property of differential privacy. Therefore, it is trivial that using a larger window size will consume less privacy budget overall. As we discussed previously, larger ε yields less privacy; therefore, it is beneficial to reduce the privacy budget loss. Our model used differential privacy with additive noise from the Gaussian distribution on a dynamic window size w. In our model, the window size w is set to w min and increased until we reach P peak , err max or w max whichever comes first. Fig. 10 represents the loss in the privacy budget ε when applied to the overall monthly period. In 10, the value of w = w max − w min . It is important to note that the actual value of w will vary between w min and w max as mentioned before. Nonetheless, increasing w max , and subsequently w, will consume less privacy budget ε for the overall data.

VI. RELATED WORK
Many approaches were introduced in the literature to preserve privacy and securely aggregate data. These can be categorized as cryptographic approaches [13], [37]- [40], approaches that rely on adding noise [2], [10], [12], [14]- [16], [41], or hybrid approaches [2], [11], [42], [43]. Homomorphic encryption methods are cryptographic approaches that enable data aggregators to compute arithmetic functions directly over the user ciphertext. Public-key cryptography is typically used to provide authenticity in systems. A careful consideration must be made before adopting any cryptographic approach because of the high computation costs these methods incur.

A. PRESERVING PRIVACY USING CRYPTOGRAPHY
Lossless data aggregation via task scheduling to aggregate encrypted perturbed data using a Decisional Diffie-Hellman scheme is introduced in [17]. While this approach is scalable and compute-efficient, both utility provider and aggregation points are trusted. A fog-computing with stream cipher cryptography based on layered architecture along with asymmetric-key scheme is given in [11]. Since this work uses homomorphic primitives and asymmetric-key cryptography, it requires high computational cost and third-party trust dependency. The approach in [44] adopts lightweight Elliptic Curve cryptography (ECC) to achieve authenticity between parties. Although it presents promising performance, a trusted party is needed for keys and secret management which introduces maintenance cost as well as single point of failure. The work in [45] describes a system based on distributed ledger technology and fog-computing technology to achieve privacy and security of the SG. They describe a group signatures and covert-channel authorization technique to validate users. Being blockchain-based solution, they implemented a smart contracts system to realize a security strategy that runs on these smart contracts across the blockchain network. Their system provides authenticity and anonymity via the blockchain inherent features.

B. PRESERVING PRIVACY USING A CHARGEABLE BATTERY
By using rechargeable power storage devices, one can mask and perturb actual load data on demand. Although the effect on billing may not be significant for more extended billing periods, changing consumer power load with a considerable noise can comprise data utility. Moreover, these approaches need extra monetary costs to obtain a suitable battery device and works exclusively with electric power as a utility disregarding other utilities such as water and natural gas. Consumer power load signature is masked in [10] via routing the power load utilizing a chargeable battery with an algorithm for mixing power routes. While this approach allowed for adjustable privacy moderation via an algorithm, relying on physical batteries endures extra costs and limits the maximum amount of possible data perturbation depending on the capacity of the physical battery. The work in [13] improved on the model introduced in [10] with 26% better information hiding achieved by introducing a better algorithm and applying perturbation policies. However, the approach still falls short in allowing some consumer data loss in data analytics. Differential privacy with limited-capacity chargeable battery to minimize cost is used in [16]. Although this approach presented improvements over traditional differential privacy mechanisms, maintenance and setup costs were not taken into account.

C. PRESERVING PRIVACY BY ADDITIVE NOISE
Adding noise can effectively mask power load readings, but it is not billing friendly as it forces the billing values to be explicitly sent separately. Sending billing values may work for long-term billing, but it fails when billing happens on daily basis for different times of day and dynamic pricing. Moreover, adding too much noise can be counter productive as it will make the data inaccurate, which affects its utility. It is crucial to keep perturbation levels low as to not render the original data useless. A framework to guarantee the utility of data and simultaneously preserve privacy via methods based on derivations from Markov modeling is shown in [14]. This work improves rechargeable battery-based methods while maintaining data utility and analytics. However, such a framework needs to use batteries which causes it to share similar problems that other battery-based approaches face.

1) Differential Privacy
With its introduction in [23], and [24], differential privacy is a technique where collected data is obfuscated in a privacypreserving manner while maintaining the actual original data properties and semantics for analytical purposes. Differential privacy employs an algorithm that inserts noise into a dataset in such a way that disallows an adversary from learning or obtaining specific information related to a particular user in the dataset. It uses ε as a privacy parameter that specifies the level of privacy. Additive noise can be generated via multiple algorithms. Typically, the Gaussian mechanism and Laplace distribution are commonly adopted to generate noise for time-series data. Historically, service providers or fog aggregation nodes are trusted by the SG consumers to honestly apply differential privacy mechanisms to the original unperturbed consumer generated dataset prior to sharing any consumer data statistics. If those trusted aggregators and service providers are no longer trusted, a distributed differential privacy approach [46] can be adopted. Distributed differential privacy utilizes shares of random noise values obtained from many participants in the distributed system. An investigation was conducted in [15] to explore the trade-off between data privacy and data-utility in a relatively large dataset. This investigation was based on computing the probability of having a successful attack on the perturbed data from [47]. The dataset was inspected after injecting it with both white and colored noises. Their ε-privacy model adopts a Gaussian noise perturbation mechanism to evaluate privacy levels. This ε-Privacy value is adjusted concerning the injected noise over the dataset. Their approach sufficiently addresses their considered adversarial model.
Eibl et al. [12] implemented differential privacy over actual smart meter data, USING differential privacy on large data sets of smart meters readings. Point-wise privacy is used with a privacy budget of ε = 1 spent for each aggregation period with a total budget calculated from the composition property of differential privacy. Additionally, the perturbed data is smoothed to increase utility while keeping it differentially private exploiting the post-processing property of differential privacy. For the usability of data statistics, it was found that a large amount of data from thousands of smart meters is required to achieve a useful utility after applying differential privacy. Such implementation does not consider the deterioration of privacy budget ε. Improving on the work in [12], an advanced algorithm for protecting peak power values for renewable energy resources is introduced by Hassan et al. [29]. Power load is made using a differentiallyprivate real-time load monitoring (DPLM) algorithm with Laplacian noise. Point-wise privacy from [12] is used to apply ε-differential privacy for small periods. Furthermore, the DPLM algorithm limits peak power values by trimming them from the current reading and adding excessive energy for the next iteration period. A promising error rate of 1.5% was achieved for specific peak values. However, similar to the previous model, the point-wise differential privacy does not account for the deterioration of the privacy budget due to the composition properties.

2) Differential Privacy with Fog Aggregation
In [11], a privacy-preserving fog aggregation method is introduced using differential privacy in a distributed deployment in the smart grid. Data aggregators in this distributed system receive metrics from SM devices and then forward their aggregates to the utility provider, where a distributed Gaussian differential privacy deployment is used. The Gaussian additive noise is generated in relation to (ε, δ)-differential privacy [24] at the smart meter nodes, and encryption used is based on one-time-pad and asymmetric-key schemes for noisy data and authentication, respectively. Although their approach preserves both privacy and utility of the data while being advantageous in terms of power and bandwidth costs, a third-party trusted authority is required to distribute keys.
The work in [28] presented a solution that aggregates data of IoT deployments. It utilizes an adaptive w-event DP by performing DP on changing w points in time over time-series in an edge-computing aggregation system. They employed a stream data aggregation that maintains privacy with an adaptive time window size (w) which is based on a quality of privacy metric that they proposed as well. Moreover, machine learning models were utilized to get better accuracy of data aggregation, cluster IoT devices and inject perturbation noise. Although the grouping does provide improved privacy, it does not benefit billing use-cases unless power consumption cost data is sent explicitly.

VII. CONCLUSION
This paper presented a model to guarantee consumer information privacy in a power grid based on a non-physical (virtual) battery. The proposed differential privacy model offers privacy and retains data utility. The proposed system is agnostic to the perturbation mechanism. Deducting the additive noise from the VB guarantees accurate consumer billing regardless of how aggressively the data was perturbed. Because our model is virtual, it is applicable in areas other than the electrical power grid, including natural gas and water utilities. The proposed system avoids reliance on a trusted third party for key distributions to achieve authentication and utilizes light cryptographic schemes for confidentiality. Data aggregation based on edge-computing architecture is utilized, where intermediate compute nodes aggregate SM generated readings for a less granular data aggregation. Our data obfuscation technique is based on employing differential privacy with the Gaussian mechanism over infinite time series data. We describe model setup parameters which can control privacy levels and keep the amount of error under control using a dynamic window algorithm. The novel algorithm uses a varying window size of the SM power consumption readings to maintain the privacy budget. Our system offers multiple enhancements over traditional methods that do not use our dynamic approach. More specifically, our system is adjusting the error with lower values compared to the traditional Gaussian mechanism, consuming less privacy budget, and enabling correct billing of customers without loss of accuracy. Ultimately, our findings are that by utilizing some extra parameters, we can control the level of error. Furthermore, we observed that by setting the size of SM readings time window to be high, we obtained a lower MRE value and a lower privacy budget consumption. However, having a static time window size is affecting the error rate, and therefore, we used a maximum limit value with our dynamic time window size algorithm to ensure accurate and private updates to the service provider.
Another potential future study can explore a different approach to solve the same problem by pushing all analytics and calculations to the edge IoT devices rather than collecting and aggregating data in a potentially privacy-violating centralized manner at the utility provider or aggregator premises. Considering that approach, methods of confidential computing [26] may be worth adopting and exploring. Finally, estimating privacy budget loss over a long period is very important since it is one of the most challenging tasks to achieve in a differentially-private model. A possible direction to solving this is the use of temporally discounted differential privacy for evolving data sets presented in [48].