Towards a holistic privacy engineering approach for smart grid systems

Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011

Volumn , Issue , 2011, Pages 234-241

  Fhom, Hervais Simo ^a   Bayarou, Kpatcha M ^a  

^a FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY SIT   (Germany)

Author keywords

Privacy Engineering; Privacy Enhancing Technologies; Privacy Principles; Smart Grid

Indexed keywords

ADOPTION AND DIFFUSION; CONTEXT OF USE; ENERGY CONSUMER; ENGINEERING CHALLENGES; GUIDING PRINCIPLES; KEY FACTORS; METHODOLOGICAL FRAMEWORKS; MODELING SYSTEMS; PRIVACY CONCERNS; PRIVACY ENHANCING TECHNOLOGIES; PRIVACY PRINCIPLES; SMART GRID; SYSTEM DEVELOPMENT; TECHNICAL SECURITY;

EMBEDDED SOFTWARE; EMBEDDED SYSTEMS; SYSTEMS ANALYSIS; TECHNOLOGY;

SMART POWER GRIDS;

EID: 84856207966     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/TrustCom.2011.32     Document Type: Conference Paper

References (59)

1. National Energy Technology Laboratory (NETL), "The Modern Grid Strategy Vision," 2009. [Online]. Available: http://www.netl.doe.gov/ moderngrid/vision.html
2. The Smart Grid Interoperability Panel-Cyber Security Working Group, "Smart grid cyber security strategy and requirements (draft nistir 7628),"The National Institute of Standards and Technology (NIST), Tech. Rep., February 2010.
3. E. L. Quinn, "Privacy and the new energy infrastructure," February 2009, http://ssrn.com/abstract=1370731.
4. K. D. Catherine Thompson, Jim Hall, "Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart Grid," June 2010.
5. P. Guarda and N. Zannone, "Towards the development of privacy-aware systems," Inf. Softw. Technol., vol. 51, pp. 337-350, February 2009.
6. R. Anderson and S. Fuloria, "Who controls the off switch?" 2010, http: //www.cl.cam.ac.uk/~rja14/Papers/meters-offswitch.pdf.
7. S. Spiekermann and L. F. Cranor, "Engineering privacy," IEEE Transactions on Software Engineering, vol. 35, pp. 67-82, 2009.
8. C. Kalloniatis, E. Kavakli, and S. Gritzalis, "Methods for designing privacy aware information systems: A review," in Informatics, 2009. PCI '09. 13th Panhellenic Conference on, sept. 2009, pp. 185-194.
9. D. J. Solove, "Understanding Privacy," Harvard University Press, May 2008.
10. D. Solove, "A Taxonomy of Privacy," University of Pennsylvania Law Review, vol. 154, pp. 477+, January 2006.
11. S. D. Warren and L. D. Brandeis, "The right to privacy," Social Science Research Network Working Paper Series, vol. 4, p. 193196, Feb. 1890.
12. A. Westin, Privacy and Freedom. The Bod-ley Head, 1967.
13. H. F. Nissenbaum, "Privacy as Contextual Integrity," Washington Law Review, vol. 79, June 2004.
14. Organisation for Economic Co-operation and Development, "Oecd guidelines on the protection of privacy and transborder flows of personal data," Tech. Rep., 1980.
15. U.S. Federal Trade Commission, "Privacy online: Fair information practices in the electronic marketplace: A federal trade commission report to congress," FTC, Washington, DC, USA, Tech. Rep., 2000.
16. US Department Of Energy, "Data access and privacy issues related to smart grid technologies," Tech. Rep., October 2010.
17. S. Wicker and D. Schrader, "Privacy-aware design principles for information networks," Proceedings of the IEEE, vol. 99, no. 2, pp. 330-350, feb. 2011.
18. Open Smart Grid User Group, "AMI System Security Requirements v.1.01," Tech. Rep., 2008.
19. B. Brown, J. Ivers, and D. Highfill, AMI Security Implementation Guide V0.4, Advanced Metering Infrastructure Security (AMI-SEC) Task Force, February 2009.
20. R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd ed. Wiley Publishing, 2008.
21. R. Clarke, "Privacy impact assessment: Its origins and development,"Computer Law & Security Review, vol. 25, no. 2, pp. 123-135, 2009.
22. A. Pfitzmann and M. Hansen, "A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, v0.32." 2009. [Online]. Available: http://dud.inf.tu-dresden.de/AnonTerminology.shtml
23. J.-M. Bohli, O. Ugus, and C. Sorge, "A privacy model for smart metering," in Proceedings of the First IEEE Inter. Workshop on Smart Grid Communications (in conjunction with IEEE ICC 2010), 2010.
24. C. Diaz, S. Seys, J. Claessens, and B. Preneel, "Towards measuring anonymity," in Workshop on Privacy Enhancing Technologies, ser. LNCS, vol. 2482, 2002.
25. A. Datta, J. Franklin, D. Garg, L. Jia, and D. Kaynar, "On adversary models and compositional security," Security Privacy, IEEE, vol. PP, no. 99, p. 1, 2010.
26. A. Fuchs, S. Gürgens, and C. Rudolph, "Towards a Generic Process for Security Pattern Integration," in Trust, Privacy and Security in Digital Business 6th International Conference, TrustBus 2009, Linz, Austria, September 3-4, 2009, Proceedings. Springer, 2009.
27. The Trusted Computing Group, 2011. [Online]. Available: https: //www.trustedcomputinggroup.org/
28. V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," in Proceedings of the 13th ACM conference on Computer and communications security, ser. CCS '06. New York, NY, USA: ACM, 2006, pp. 89-98.
29. E. Shen, E. Shi, and B. Waters, "Predicate privacy in encryption systems." in TCC, 2009, pp. 457-473.
30. T. Moses, "extensible access control markup language tc v2.0 (xacml),"OASIS, February 2005. [Online]. Available: http://docs.oasis-open. org/xacml/2.0/access control-xacml-2.0-core-spec-os.pdf
31. P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter, "Enterprise privacy authorization language (epal 1.2)," IBM, 2003.
32. Q. Ni, A. Trombetta, E. Bertino, and J. Lobo, "Privacy-aware role based access control," in Proceedings of the 12th ACM symposium on Access control models and technologies, ser. SACMAT '07. New York, NY, USA: ACM, 2007, pp. 41-50.
33. J. Camenisch and A. Lysyanskaya, "An efficient system for nontransferable anonymous credentials with optional anonymity revocation,"in Advances in Cryptology EUROCRYPT 2001, ser. Lecture Notes in Computer Science, B. Pfitzmann, Ed. Springer Berlin / Heidelberg, 2001, vol. 2045, pp. 93-118.
34. S. A. Brands, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. Cambridge, MA, USA: MIT Press, 2000.
35. J. Camenisch, M. Dubovitskaya, and G. Neven, "Oblivious transfer with access control," in Proceedings of the 16th ACM conference on Computer and communications security, ser. CCS '09. New York, NY, USA: ACM, 2009, pp. 131-140.
36. B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan, "Private information retrieval," J. ACM, vol. 45, pp. 965-981, November 1998.
37. C. Dwork, "Differential privacy in new settings," in SODA, 2010, pp. 174-183.
38. M. Backes, J. Camenisch, and D. Sommer, "Anonymous yet accountable access control," in Proc. of the 2005 ACM workshop on Privacy in the electronic society, ser. WPES '05. New York: ACM, 2005, pp. 40-46.
39. L. Sweeney, "k-anonymity: a model for protecting privacy," Int. J. Uncertain. Fuzziness Knowl.-Based Syst., vol. 10, pp. 557-570, October 2002.
40. N. Li, T. Li, and S. Venkatasubramanian, "t-closeness: Privacy beyond k-anonymity and l-diversity," in In ICDE, 2007.
41. G. Kalogridis, C. Efthymiou, S. Denic, T. Lewis, and R. Cepeda, "Privacy for smart meters: Towards undetectable appliance load signatures,"in Smart Grid Communications, 2010 First IEEE International Conference on, oct. 2010, pp. 232-237.
42. W. He, X. Liu, H. Nguyen, K. Nahrstedt, and T. Abdelzaher, "Pda: Privacy-preserving data aggregation in wireless sensor networks," in INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, May 2007, pp. 2045-2053.
43. F. Li, B. Luo, and P. Liu, "Secure information aggregation for smart grids using homomorphic encryption," in Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on, oct. 2010, pp. 327-332.
44. R. Bobba, H. Khurana, M. AlTurki, and F. Ashraf, "Pbes: a policy based encryption system with application to data sharing in the power grid," in Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ser. ASIACCS '09. New York, NY, USA: ACM, 2009, pp. 262-275.
45. E. Brickell and J. Li, "Enhanced privacy id from bilinear pairing for hardware authentication and attestation," Social Computing / IEEE International Conference on Privacy, Security, Risk and Trust, 2010 IEEE International Conference on, vol. 0, pp. 768-775, 2010.
46. C. Efthymiou and G. Kalogridis, "Smart grid privacy via anonymization of smart metering data," in Smart Grid Communications, 2010 First IEEE International Conference on, oct. 2010, pp. 238-243.
47. G. Danezis and C. Diaz, "A survey of anonymous communication channels," Microsoft Research, Tech. Rep., 2008.
48. A. Parate and G. Miklau, "A framework for safely publishing communication traces," in Proceeding of the 18th ACM conference on Information and knowledge management, ser. CIKM '09. New York, NY, USA: ACM, 2009, pp. 1469-1472.
49. B. Priem, E. Kosta, A. Kuczerawy, J. Dumortier, and R. Leenes, "User-Centric Privacy-Enhancing Identity Management," in Digital Privacy, ser. Lecture Notes in Computer Science, J. Camenisch, R. Leenes, and D. Sommer, Eds. Springer Berlin / Heidelberg, 2011, vol. 6545, pp. 91-106.
50. P. Otto and A. Anton, "Addressing legal requirements in requirements engineering," in Requirements Engineering Conference, 2007. RE '07. 15th IEEE International, oct. 2007, pp. 5-14.
51. H. DeYoung, D. Garg, L. Jia, D. Kaynar, and A. Datta, "Experiences in the logical specification of the hipaa and glba privacy laws," in Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, ser. WPES '10. New York: ACM, 2010, pp. 73-82.
52. L. Cranor et al., "The platform for privacy preferences 1.1 (p3p1.1) specification," World Wide Web Consortium (W3C), November 2006.
53. S. Trabelsi, V. Salzgeber, M. Bezzi, and G. Montagnon, "Data disclosure risk evaluation," in Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on, oct. 2009, pp. 35-72.
54. D. Garg, L. Jia, and A. Datta, "A logical method for policy enforcement over evolving audit logs," CoRR, vol. abs/1102.2521, 2011.
55. R. Berthier, W. Sanders, and H. Khurana, "Intrusion detection for advanced metering infrastructures: Requirements and architectural directions,"in Smart Grid Communications, 2010 First IEEE International Conference on, oct. 2010, pp. 350-355.
56. M. Deng, K. Wuyts, R. Scandariato, B. Preneel, and W. Joosen, "A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements," Requirements Engineering, vol. 16, pp. 3-32, 2011.
57. P. Guarda and N. Zannone, "Towards the development of privacy-aware systems," Inf. Softw. Technol., vol. 51, pp. 337-350, February 2009.
58. M. Howard and S. Lipner, "The Security Development Lifecycle," 2006.
59. M. LeMay, G. Gross, C. A. Gunter, and S. Garg, "Unified architecture for large-scale attested metering," in in Hawaii International Conference on System Sciences. Big Island. ACM, 2007.