Nowadays, large quantities of data are produced every minute with the help of devices connected to the Internet. Through their analysis, these large data can offer superior understanding of the sectors where they are collected from, but this comes at a cost: "with big data comes great responsibility". The information that can be extracted from these data raises privacy and ethical concerns which need to be addressed and alleviated in the data collection process in order to minimize their impact on the data producers.

Thesis outline:

The research focus of the thesis is on privacy challenges, solutions and applications related to data collected in large-scale cyber-physical systems such as the Advanced Metering Infrastructure (AMI).

This research has been motivated by:

1. The privacy concerns raised by the large quantities of data collected in the AMI.
2. The need and the benefit of employing these data in practical AMI applications while preserving the privacy of the data producers (energy customers).
3. Balancing the need for protecting the privacy of the data producers with the need for monitoring the behaviour of the devices that comprise the AMI environment.

This research is focused on one section of the Smart Electrical Grid, called the Advanced Metering Infrastructure (AMI), which comprises all the devices that are responsible for monitoring and gathering data from the distribution part of the electrical grid. We investigate privacy concerns that are raised by data collected by these devices and we propose and evaluate solutions that enable practical privacy-preserving AMI data applications. Orthogonal to this, we investigate the security features of the devices themselves and their communication network, and we propose privacy-preserving solutions that can be employed in monitoring the behaviour of AMI devices. The results of this thesis stand on information extracted from AMI data, as this information gives a better understanding of the entities in this environment and how to better employ the collected AMI datasets. These results are a step forward towards early adoption of privacy enhancing technologies by energy companies and enables using the most of what AMI data has to offer while enhancing customers’ privacy. The findings presented in the thesis can be also applied to other large scale domains where fine-grain customer data are employed in privacy sensitive applications, domains such as sensor networks and vehicular networks.

Title: "Enhancing Privacy in the Advanced Metering Infrastructure: Efficient Methods, the Role of Data Characteristics and Applications"

Contributions of the thesis:

1. Understand strengths and limitations of privacy enhancing solutions for the AMI
   • The effect of AMI dataset characteristics on the efficiency of privacy enhancing technologies [1] (preliminary results presented in [6], [7]).
     • We study how AMI datasets' characteristics such as data granularity, retention time and use of pseudonyms, influence the efficiency of previously proposed privacy enhancing technologies such as anonymity and use of pseudonyms.
     • We describe an adversary model which employs two different strategies in an attempt to violate the privacy of the customers by performing de-anonymization and de-pseudonymiztion and we propose a first version of a framework that can be used to study the probabilistic capabilities of this adversary and we test her practical limitations with the help of an extensive AMI dataset.
     • We show that changes in the data collection process can limit the adversarial capabilities of performing de-anonymization and de-pseudonymization.
2. Design large scale privacy-preserving methods and applications for the AMI
   • Differentially-private aggregated AMI statistics with improved utility and their application integration [2], [3] (preliminary results presented in [5]).
     • We provide a method that, based on the trade-offs between the utility maximization and the privacy preservation of data, can maximize the utility of a differentially private statistic by controlling its aggregation parameters. This allows for differential privacy to be practically leveraged in existing large-scale cyber-physical systems such as AMI [2] (preliminary results presented in [5]).
     • We show that differential-privacy can be employed as a solution against de-anonymization attacks of AMI datasets. We implement an earlier published attack and compare the success rate of the de-anonymization by the adversary using our proposed scheme with earlier efforts [2] (preliminary results presented in [5]).
     • We propose a methodology that can be employed to enhance an existing application with data that is processed with privacy-enhancing technologies (PET) and qualitatively and quantitatively evaluate the effect, of this enhancement on the application’s utility. With the help of this methodology we evaluate PET-enabled short-term load forecasting applications [3].
3. Identify challenges and design solutions for securing AMI while preserving privacy
   • Monitor AMI communication network while preserving the privacy of the customers, detecting encrypted commands using side-channel techniques [4].
     • We analyze the properties of the AMI communication network in order to identify traffic features important from a security perspective.
     • We propose a methodology to identify the type of communication based on such features, which can be employed for proprietary and/or encrypted AMI protocols. We validate our approach with the help of collected traffic from two testbeds using different AMI protocols.
     • We present an Encrypted Command Recognition (ECR) sensor which can be a component of a distributed Intrusion Detection System for the AMI communication network and which can be successfully employed in the process of identifying individual AMI encrypted commands without affecting the privacy of customers' data.

List of publications (included in the PhD Thesis) :

1. The Influence of Dataset Characteristics on Privacy Preserving Methods in Advanced Metering Infrastructure. Valentin Tudor, Magnus Almgren, Marina Papatriantafilou Journal version (Under Submission), preliminary results presented in [6], [7]
2. BES: Differentially Private Event Aggregation for IoT-based Systems. Valentin Tudor, Vincenzo Gulisano, Magnus Almgren, Marina Papatriantafilou, Journal version (Under Submission), preliminary results presented in [5]
3. Employing Private Data in AMI Applications: Short Term Load Forecasting Using Differentially Private Aggregated Data. Valentin Tudor, Magnus Almgren, Marina Papatriantafilou, in Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), 2016 Intl IEEE Conferences. IEEE, 2016., Conference Peer Reviewed
4. Harnessing the Unknown in Advanced Metering Infrastructure traffic. Valentin Tudor, Magnus Almgren, Marina Papatriantafilou, in Proceedings of the 30th Annual ACM Symposium on Applied Computing. ACM, 2015, Conference Peer Reviewed

Other publications:

5. BES: Differentially Private and Distributed Event Aggregation in Advanced Metering Infrastructures. Vincenzo Gulisano, Valentin Tudor, Magnus Almgren, Marina Papatriantafilou, in Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security. ACM, 2016., Workshop Peer Reviewed

6. A study on data de-pseudonymization in the smart grid. Valentin Tudor, Magnus Almgren, Marina Papatriantafilou, in Proceedings of the Eighth European Workshop on System Security. ACM, 2015, Workshop Peer Reviewed

7. Analysis of the impact of data granularity on privacy for the smart grid. Valentin Tudor, Magnus Almgren, Marina Papatriantafilou, in Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society. ACM, 2013., Workshop Peer Reviewed

8. Remote control of smart meters: Friend or foe? Mihai Costache, Valentin Tudor, Magnus Almgren, Marina Papatriantafilou , Christopher Saunders, in Computer Network Defense (EC2ND), 2011 Seventh European Conference on. IEEE, 2011. Conference Peer Reviewed