Comment on 'Privacy-Enhanced Data Aggregation Scheme Against Internal Attackers in Smart Grid'

Haiyong Bao; Rongxing Lu

doi:10.1109/TII.2015.2500882

Comment on 'Privacy-Enhanced Data Aggregation Scheme Against Internal Attackers in Smart Grid'

Haiyong Bao
, Rongxing Lu

Research output: Contribution to journal › Article › peer-review

43 Scopus citations

Abstract

Quite recently, Fan et al. (IEEE Trans. Ind. Informat., vol. 10, no. 1, pp. 666-675, 2014) proposed a new data aggregation scheme for smart grid communications, and claimed that it can achieve not only user's privacy-preservation, but also data integrity requirement. However, in this paper, we show that Fan et al.'s scheme has a serious security flaw and cannot meet data integrity requirement at all. Specifically, by observing the user registration procedure in Fan et al.'s scheme, we find that each user's private key can be easily derived from the information published by the aggregator. Then, with the derived private key, an attacker can inject polluted data to user's real data without being detected. As a result, data integrity will be completely violated. We hope that with our comment, similar mistakes can be avoided in future design of privacy-preserving data aggregation with data integrity protection.

Original language	English
Article number	7329980
Pages (from-to)	2-5
Number of pages	4
Journal	IEEE Transactions on Industrial Informatics
Volume	12
Issue number	1
DOIs	https://doi.org/10.1109/TII.2015.2500882
State	Published - Feb 2016
Externally published	Yes

Keywords

Data aggregation
Data integrity
Privacypreserving
Smart grid

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/TII.2015.2500882

Cite this

@article{fdf90dedb3994f8fa833b7c381d952a6,

title = "Comment on 'Privacy-Enhanced Data Aggregation Scheme Against Internal Attackers in Smart Grid'",

abstract = "Quite recently, Fan et al. (IEEE Trans. Ind. Informat., vol. 10, no. 1, pp. 666-675, 2014) proposed a new data aggregation scheme for smart grid communications, and claimed that it can achieve not only user's privacy-preservation, but also data integrity requirement. However, in this paper, we show that Fan et al.'s scheme has a serious security flaw and cannot meet data integrity requirement at all. Specifically, by observing the user registration procedure in Fan et al.'s scheme, we find that each user's private key can be easily derived from the information published by the aggregator. Then, with the derived private key, an attacker can inject polluted data to user's real data without being detected. As a result, data integrity will be completely violated. We hope that with our comment, similar mistakes can be avoided in future design of privacy-preserving data aggregation with data integrity protection.",

keywords = "Data aggregation, Data integrity, Privacypreserving, Smart grid",

author = "Haiyong Bao and Rongxing Lu",

note = "Publisher Copyright: {\textcopyright} 2005-2012 IEEE.",

year = "2016",

month = feb,

doi = "10.1109/TII.2015.2500882",

language = "英语",

volume = "12",

pages = "2--5",

journal = "IEEE Transactions on Industrial Informatics",

issn = "1551-3203",

publisher = "IEEE Computer Society",

number = "1",

}

TY - JOUR

T1 - Comment on 'Privacy-Enhanced Data Aggregation Scheme Against Internal Attackers in Smart Grid'

AU - Bao, Haiyong

AU - Lu, Rongxing

PY - 2016/2

Y1 - 2016/2

N2 - Quite recently, Fan et al. (IEEE Trans. Ind. Informat., vol. 10, no. 1, pp. 666-675, 2014) proposed a new data aggregation scheme for smart grid communications, and claimed that it can achieve not only user's privacy-preservation, but also data integrity requirement. However, in this paper, we show that Fan et al.'s scheme has a serious security flaw and cannot meet data integrity requirement at all. Specifically, by observing the user registration procedure in Fan et al.'s scheme, we find that each user's private key can be easily derived from the information published by the aggregator. Then, with the derived private key, an attacker can inject polluted data to user's real data without being detected. As a result, data integrity will be completely violated. We hope that with our comment, similar mistakes can be avoided in future design of privacy-preserving data aggregation with data integrity protection.

AB - Quite recently, Fan et al. (IEEE Trans. Ind. Informat., vol. 10, no. 1, pp. 666-675, 2014) proposed a new data aggregation scheme for smart grid communications, and claimed that it can achieve not only user's privacy-preservation, but also data integrity requirement. However, in this paper, we show that Fan et al.'s scheme has a serious security flaw and cannot meet data integrity requirement at all. Specifically, by observing the user registration procedure in Fan et al.'s scheme, we find that each user's private key can be easily derived from the information published by the aggregator. Then, with the derived private key, an attacker can inject polluted data to user's real data without being detected. As a result, data integrity will be completely violated. We hope that with our comment, similar mistakes can be avoided in future design of privacy-preserving data aggregation with data integrity protection.

KW - Data aggregation

KW - Data integrity

KW - Privacypreserving

KW - Smart grid

UR - https://www.scopus.com/pages/publications/84962586174

U2 - 10.1109/TII.2015.2500882

DO - 10.1109/TII.2015.2500882

M3 - 文章

AN - SCOPUS:84962586174

SN - 1551-3203

VL - 12

SP - 2

EP - 5

JO - IEEE Transactions on Industrial Informatics

JF - IEEE Transactions on Industrial Informatics

IS - 1

M1 - 7329980

ER -

Comment on 'Privacy-Enhanced Data Aggregation Scheme Against Internal Attackers in Smart Grid'

Abstract

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this