Sunday, February 5, 2012

Secure metrology: From theory to practice

Here's another blog post about a talk at the "Is Cryptographic Theory Practically Relevant?" workshop. "Secure metrology: From theory to practice" by George Danezis was in the very spirit of this workshop. Danezis works for Microsoft Research and talked about his experiences from working on a current hot topic: smart metering.

Metrology is the science of measuring things, and the question here is whether this can be done securely. The main use case is electricity meters, which are planned to be substituted by smart meters in the near future in the US and in Europe (which includes the UK). These would allow to meter remotely, in more fine-grained intervals (which could give incentives to avoid peak times) and give the electricity provider a complete profile facilitating consumption forecasts.

The main challenge is privacy: if the current energy consumption is sent in real time and unsecured (as happened in Italy) this might be interesting information for burglars for example. While this can be achieved by encrypting the information sent to the provider, the consumption patterns of particular users should also be hidden from the provider.

Employing available cryptographic tools, solutions addressing all these concerns can be constructed, and even more: George talked about a scheme, where using e-cash, the providers would not even know how much a user pays, but still be assured that the user does pay his bills. More efficient (and realistic) schemes combine encryption, signatures and zero-knowledge proofs to ensure privacy and assurance.

But as often, what's possible in theory is not always applicable in practice: smart meters must be cheap (less than 20$), and so have very limited computational power; moreover, existing standards must be respected, which is increasingly important as the industry becomes more diverse with new suppliers and distributors.

Another issue is user self-determination, that is, the users should have control over their data and be able to give it to third parties. And of course there is the question of trust: do I trust my device to do the zero-knowledge proofs correctly? All in all, as there are so many goals to be achieved simultaneously, smart metering will certainly remain a hot topic at the confluence of theory and practice.

No comments:

Post a Comment