Efficient and Privacy-Aware Power Injection over AMI and Smart Grid Slice in Future 5 G Networks

Smart grid is critical to the success of next generation of power grid, which is expected to be characterized by efficiency, cleanliness, security, and privacy. In this paper, aiming to tackle the security and privacy issues of power injection, we propose an efficient and privacy-aware power injection (EPPI) scheme suitable for advanced metering infrastructure and 5G smart grid network slice. In EPPI, each power storage unit first blinds its power injection bid and then gives the blinded bid together with a signature to the local gateway. The gateway removes a partial blind factor from each blinded bid and then sends to the utility company aggregated bid and signature by using a novel aggregation technique called hash-then-addition. The utility company can get the total amount of collected power at each time slot by removing a blind factor from the aggregated bid. Throughout the EPPI system, both the gateway and the utility company cannot know individual bids and hence user privacy is preserved. In particular, EPPI allows the utility company to check the integrity and authenticity of the collected data. Finally, extensive evaluations indicate that EPPI is secure and privacy-aware and it is efficient in terms of computation and communication cost.


Introduction
The fifth generation of mobile technology (5G) is positioned to provide a holistic end-to-end infrastructure that will include all aspects of the network.To be specific, the future 5G network is envisioned to provide higher data rates, enhanced end-user experience, and much lower latency and energy consumption.In particular, security and privacy preservation mechanisms are expected to be achieved besides the enhanced performance in 5G networks.Because wireless data services have witnessed an explosive growth driven by mobile Internet and smart devices, the new 5G mobile networks are expected to be deployed around 2020.The 5G architecture should include modular network functions that could be deployed and scaled on demand, to accommodate different use cases in a cost efficient and flexible manner.
As the next generation of power grid, smart grid belongs to a representative use case suggested in the Next Generation Mobile Network (NGMN) association's white paper [1].Smart grid combines traditional grid with communication and information control technologies.It is expected to be characterized by efficiency, cleanliness, consumer involvement, security, privacy, and so forth.Indeed, as one of the main objectives of smart grid, the reduction of greenhouse gas emissions is greatly meaningful for the lives of the people [2].This objective can be realized by widely deploying renewable energy generators and adaptively balancing the power demand and supply.Therefore, smart grid should have a large number of power storage units to store the excess power in certain cases, such as strong wind.Then, they inject the excess power to the grid when the utility company begins to collect energy at the period of reduced production.Both the utility company and the power storage units benefit from this process, where the utility company should be able to communicate with the power storage units.As important components of smart grid, smart meters (SMs) are two-way communication devices which are used to record power consumption periodically and collect realtime information on grid operations.The power storage units can be connected to the network of SMs through the existing 2 Mobile Information Systems network infrastructure Advanced Metering Infrastructure (AMI).SMs can communicate with local gateways based on AMI networks and the communication between the gateways and the utility company could be realized through the 5G smart grid network slice.
Considering the issues of user privacy, communication efficiency, and so forth, it is meaningful for the gateways to aggregate the received requests before sending them to the utility company.Since transactions will be involved during power injection, data security and user privacy are of great importance.For one thing, all the data transmitted in the grid should be authenticated and be secure against unauthorized reading and malicious modifications.For another, user privacy related information must be protected against various attackers.For instance, during the communication process of power injection, individual power injection bids are sensitive and must be hidden.If some power storage units know that the other units do not inject power, they can deny selling power to force the utility company to offer a higher price.Furthermore, computation cost and communication overheads must be taken into account during power injection in smart grid.Therefore, the aggregation technique is important for addressing the above issues.As far as the authors' knowledge, however, most existing solutions cannot tackle the security issues of power injection in smart grid.
To solve the above problems, in this paper, we propose an Efficient and Privacy-aware Power Injection (EPPI) scheme suitable for AMI and 5G smart grid network slice.In EPPI, a novel data aggregation technique, named hash-then-addition, is proposed.Specifically, each power storage unit can generate two secret keys based on bilinear pairings and use the hash values of the keys to blind its power injection bid.Based on AMI networks, each power storage unit sends its blinded power bid and the corresponding signature to the local gateway.It also generates a message authentication code based on exponentiation operations and sends the result to the gateway.Upon receiving packets from all the units, the gateway first removes a partial blind factor from each blinded bid.Then it aggregates the bids and signatures to get an aggregated bid and an aggregated signature.The gateway also aggregates all the message authentication codes to achieve an aggregated code.All the aggregated values are sent by the gateway to the utility company through the 5G smart grid network slice.Upon receiving the packet, the utility company can generate some secret keys and get the total amount of injected power at each time slot by removing the sum of the secret keys from the aggregated bid.In the proposed EPPI system, only the utility company can know the total amount of injected power at each time slot, and it is able to ensure the integrity and authenticity of the data.In particular, individual power bids are hidden during the communications in AMI networks and the 5G smart grid network slice.Through extensive evaluations we show that EPPI is secure and privacy-aware under the discrete logarithm assumption and it is efficient in terms of computation and communication cost.
1.1.Related Work.The 5G system deployed initially in 2020 is expected to provide approximately 1000 times higher wireless area capacity compared with the current 4G system [3].The advanced cloud radio access network (C-RAN) has been presented as a potential 5G solution.C-RAN has attracted intense research interest from both academia and industry [4].Combined with cloud computing technologies, the 5G network will extend its capability to provide various cloud services, which provides the user a full smart life experience.Cloud computing security has been well studied [5][6][7][8] and various cloud services are provided [9][10][11].The air interface and spectrum of the 5G system should be combined with the long term evolution (LTE) and WiFi to achieve seamless and consistent user experience across time and space [12].Nikaein et al. [13] presented a slice-based 5G architecture that efficiently manages network slices.NGMN anticipates countless emerging use cases with a high variety of applications will be supported in 5G.As an important use case, smart grid has attracted many scholars' interest.In smart grid, in order to reduce communication overhead, it is essential to aggregate individual users' data at local intermediate nodes.The trivial method of decrypt-aggregateencrypt is computationally expensive and is risky when intermediate nodes are not trusted.Castelluccia et al. [14] enabled efficient encrypted data aggregation based on homomorphic encryption techniques.Westhoff et al. [15] proposed a key predistribution scheme that is suitable for the end-to-end encryption in sensor networks.A symmetric homomorphic encryption can be used together with [15] to improve the efficiency and flexibility of data aggregation.In smart grid, each user has energy consumption data of multiple dimensions and each dimensional data is small in size.If homomorphic encryption techniques are used directly on each dimensional data, the communication overhead will be unaffordable.Lin et al. [16] proposed a multidimensional privacy-preserving data aggregation scheme for saving energy consumption in wireless sensor networks by integrating the super-increasing sequence and perturbation techniques into compressed data aggregation.Lu et al. [17] designed a compressed data aggregation scheme under the public key infrastructure to improve efficiency and achieve high reliability.To improve the performance of the power grid, several schemes have been proposed to coordinate power charging [18,19].
In AMI networks, smart meters periodically send finegrained power consumption data to the utility company.This data has a relation to the users' activities and hence is sensitive.Tonyali et al. [20] developed a meter data obfuscation scheme to protect consumer privacy from eavesdroppers and the utility company.In order to tackle the scalability of AMI networks, Rabieh et al. [21] divided the AMI network into clusters of SMs and proposed two certificate revocation schemes to identify and nullify the false positives when using bloom filters to reduce the size of the certificate revocation lists.Besides, privacy-aware schemes with various security characteristics have been investigated for different network environment and applications [22][23][24][25][26][27].Note that these schemes are not focusing on the security and privacy issues in power injection.Recently, Mahmoud et al. [28] have proposed a power injection querying scheme over AMI and LTE cellular networks.In [28], two aggregation techniques, point addition aggregation and homomorphic encryption based aggregation, are adopted to enable the local gateway to aggregate individuals' power bids, where the homomorphic encryption [29] is used.However, we found that the scheme [28] fails to achieve privacy protection in that it cannot preserve the power storage unit's bid.In fact, in [28], the utility company recovers the total amount of power by exhaustively computing  at different values of  ∈ Z *  until  = ∑  =1   , where  is a bilinear group element and   is an individual power injection bid.Obviously, this computation contradicts with the discrete logarithm assumption.In order to enable the utility company to get ∑  =1   , the authors assume that ∑  =1   is a small number.Unfortunately, if ∑  =1   is a small number, then each   is a small number.In this case, any attacker can get   and hence violates the bid privacy in that   =    is publicly sent by the power storage unit.More details can be found in [28].The proposed EPPI realizes privacy preservation by using hash-then-addition aggregation technique and it does not constrain the power amount in any way.
1.2.Organization.The remaining of this work is organized as follows.We first review some preliminaries in Section 2. In Section 3, we present the system architecture and adversary models.We propose an efficient and privacy-aware power injection scheme over AMI and smart grid slice in 5G networks in Section 4. The security analysis and performance evaluations are described in Sections 5 and 6, respectively.Finally, we draw our conclusions in Section 7.

Preliminaries
In this section, we give a brief review on some cryptographic backgrounds.
We define that G() outputs (, , G, G  , ê) where  is a security parameter.

Discrete Logarithm Assumption
Definition 2 (discrete logarithm problem [31]).Let G be a group of prime order , given two elements  and , to find an integer  ∈ Z *  , such that  =  whenever such an integer exists.
Definition 3 (discrete logarithm assumption [31]).In group G, it is computationally infeasible to determine  from  and  = .

System Architecture and Adversary Models
3.1.System Architecture.As shown in Figure 1, the system architecture of power injection over AMI and smart grid slice in 5G networks involves a number of communities and a utility company, and they are connected through a smart grid 5G network slice.In a community, there are many power storage units that are connected to AMI.Each AMI network connects to an access node and eventually to the utility company through a smart grid 5G network slice.The details are given as below.
(i) Power Storage Units.The power storage units can be home batteries or charging stations.They store power energy from the smart grid or other renewable energy sources.Each storage unit can buy power from the grid at a low-price period and inject excess power energy to the grid at a high-price period.Note that a storage unit communicates with a SM based on the IEEE 802.11s protocol.
(ii) AMI Network.The AMI network is an architecture for automated, two-way communication between SMs and a utility company.The goal of an AMI is to provides utility companies with real-time data about power consumption and allow users to make informed choices about energy usage based on the price at the time of use.In this paper, for the sake of efficiency, cleanliness, security, and privacy, smart meters communicate indirectly with the utility company by the gateway.The AMI network corresponding to a community comprises a group of SMs and a gateway.Similar to the work [28], two different AMI network topologies are considered: single hop AMI networks and multihop AMI networks.As shown in Figure 1, the SMs in the multihop AMI network are connected through a multihop wireless mesh topology, where each SM plays a role of relaying packets from other SMs.In the single-hop AMI network, the gateway can directly collect power injection related data from corresponding SMs, and then it aggregates the data and sends the result to the utility company.This process is performed periodically, for example, every 15 minutes.It can also receive the latest power data from the utility company and broadcast it to the SMs in the corresponding AMI network.Note that, similar to [28], the AMI network routes are created using the IEEE 802.11s mesh standard.
(iii) Smart Grid Slice in 5G Networks.A 5G network slice supports the communication service of a particular connection type with a specific way of handling the C-and U-plane for this service [1].For this purpose, a 5G slice consists of a series of 5G network functions and specific radio access technology (RAT) settings that are combined together for the particular use case.Therefore, a 5G slice can span all domains of the network.Not all slices contain the same functions, and some functions that seem important for a mobile network might even be missing in other slices.After network function virtualization, the radio access network and the core network are called edge cloud and central cloud (or core cloud), respectively.The front haul between the access node and the edge cloud is based on software-define networking (SDN).The backhaul between the edge cloud and the core cloud is also based on SDN.For a 5G slice supporting smart grid use case, security, privacy, reliability, and latency are of paramount importance.As shown in Figure 1, to tailor the network functions to suit the smart gird slice, all the necessary functions are instantiated at the cloud edge node.
(iv) Utility Company.If the power energy demand from communities is more than the supply, the utility company should contact electricity vendors or power storage units to buy power.Note that the utility company communicates with the power storage units via the AMI and 5G smart grid slice networks.It connects to the 5G slice through an access node.

Adversary Models.
It is assumed that all the entities are "honest-but-curious."More precisely, they will honestly execute the tasks assigned by legitimate parties but try to find out as much private information as possible.Each power storage unit is curious to know the other units' bids to judge whether it is more profitable to inject power now.We assume that each power storage unit can only send packets in the corresponding community.The AMI network attackers, the smart grid 5G slice attackers, and outsiders are also interested in other's sensitive information, such as the amount and time of the power injection of each power storage unit.Similarly, the utility company does not disrupt the communication, but it tries to get private information on the owners of the power storage units and any other information that can help gain economic benefits.Note that the utility company does not collude with the power storage units in that they have conflicting interests.The utility wants to buy power at low prices but the storage units want to increase revenues.The power storage units will inject the amount of power as committed in their bids because this is more profitable.

Security Requirements and Design Goals.
Considering the practical application environment, security and privacy are significant for the success of a power injection system.In order to prevent aforementioned adversaries from learning power storage units' individual bid and to detect the adversaries' malicious behaviors, the following security requirements should be satisfied in a secure power injection system.
(i) Confidentiality and Privacy Protection.Even if an adversary eavesdrops the communication on the AMI and smart grid slice networks, it fails to achieve the total amount of power injected from the community.The utility cannot know the contents of individual power storage unit's bid.In our scheme, aggregation at gateways is adopted to achieve these goals.
(ii) Authentication and Integrity.The utility company is able to authenticate the received packets to ensure that the packets are really from legal power storage units and have not been altered during the transmission; that is, if the adversary forges and/or modifies a packet, the malicious behavior should be detected.Besides, the adversary should not impersonate the utility company, the gateway, or the storage units.
In general, under the proposed system architecture and security requirements, our design goal is to design an efficient and privacy-aware power injection scheme based on AMI and smart grid slice in 5G networks.To be specific, the following two objectives should be achieved.Firstly, the security requirements should be guaranteed in the proposed scheme.For one thing, a desirable scheme should provide robust security against various types of attacks including passive eavesdropping, impersonation attack, replay attack, and man-inthe-middle attack.For another, a desirable power injection scheme should enjoy some significant security benefits such as the assurance of session key freshness which enables the forward and backward secrecy.Secondly, the performance-related issue should be taken into consideration.The proposed power injection scheme should enjoy desirable efficiency in terms of the computation cost and the communication overhead.

Proposed EPPI Scheme
In this section, we propose an efficient and privacy-aware power injection scheme over AMI and smart grid slice in 5G networks, which comprises the following six phases: system initialization, registration, power collection request, privacyaware bid generation, privacy-aware bid aggregation, and privacy-aware aggregated bid reading.Figure 2 presents the process of the proposed EPPI system.The details are given in the following.

System
Initialization.The proposed EPPI system is initialized by the utility company.Specifically, in the system initialization phase, given the security parameter , the utility company first generates (,  0 , G, G  , ê) by running G().It computes  = ê( 0 ,  0 ) and chooses two random elements ,  ∈ G and four secure cryptographic hash functions ,  1 ,  2 , and  3 , where  : {0, 1} * → Z *  ,  1 : {0, 1} * → G,  2 : G  → Z *  , and  3 : G  → {0, 1} * .Then, the utility company chooses a random element sk  ∈ Z *  as its secret key and calculates PK  = sk   0 as its public key.Finally, the utility company keeps sk  secret and publishes the global public parameters GPK = (G, G  , ê, ,  0 , , , PK  , ,  1 ,  2 ,  3 , ) .(1) 4.2.Registration.In order to join the EPPI system, each gateway chooses a random element sk  ∈ Z *  as its secret key and calculates PK  = sk   0 as its public key.A power storage unit with identity ID  chooses a random element sk  ∈ Z *  as its secret key and calculates PK  = sk   0 as its public key.Similar to [28], in the proposed EPPI system, all the gateways and power storage units should contact the utility company to receive corresponding certificates for public keys.Note that the existing public key infrastructure (PKI) can be used to generate certificates.Besides PKI, in the proposed scheme, the aggregated message authentication code and the aggregated signatures are necessary to ensure the authenticity and integrity of transaction data, which are shown in the privacy-aware bid aggregation phase.

Power Collection Request.
During the peak hours, the utility company can collect power from related communities.To be specific, the utility company sends power collection request ( ) packets to corresponding gateways.Upon receiving the packet, each gateway verifies the freshness and validity of the packet.Then the gateway broadcasts the valid packet in its community.
Suppose the utility company wants to collect power in the community corresponding to the gateway ID  .As shown in Figure 2, the packet contains the identities of the utility company and the gateway, that is, ID  and ID  .It also has the power collection information of price per unit in each time slot, that is, Info  = ( 1 ,  2 , . . .,   ), where  is the number of time slots.Then the utility company randomly chooses   ∈ Z *  , computes    0 , and attaches    0 in the packet  .Note that    0 is used by each power storage unit covered by the gateway ID  in establishing a one-time key shared with the utility company.Besides, the packet contains a timestamp TS and a signature   , where Both TS and   will be used by the gateway in verification of the packet.
In fact, after receiving the packet  , the gateway ID  first checks the freshness of   according to the difference between the current time and the timestamp TS.Then, it verifies the signature by checking if ê(  ,  0 ) = ê( 1 (ID  ‖ ID  ‖ Info  ‖    0 ‖ TS), PK  ) holds.If and only if the equation holds, the gateway ID  randomly chooses   ∈ Z *  , computes    0 , and attaches    0 in the packet  .Note that    0 is used by each power storage unit covered by the gateway ID  in establishing a one-time key shared with the gateway.Then, the gateway broadcasts the packet in its community.

4.4.
Privacy-Aware Bid Generation.Upon receiving the power collection request, each power storage unit should prepare a bid with the amount of power it can inject in each time slot.Then, it sends a power request response   packet to the corresponding gateway or its upstream smart meter.The bid format of the power storage unit ID  is   = ( ,1 ,  ,2 , . . .,  , ), where  , represents the number of power units the power storage unit ID  can inject in the -th time slot at price   for 1 ≤  ≤ .As shown in Figure 2, the packet   contains the identities of the gateway and the utility company, that is, ID  and ID  .The power storage unit ID  randomly chooses   ∈ Z *  , computes    0 , and attaches    0 in the packet  .Note that    0 is used by ID  in establishing a shared one-time key between ID  and ID  .The power storage unit ID  computes two shared keys as k =  2 (ê(PK  , sk       0 )) and   =  2 (ê(PK  , sk       0 )), which will be used to mask ID  's bid and   can enable the utility company to ensure the authenticity and integrity of the aggregated bids without needing to read the individual bid.

Privacy-Aware Bid Aggregation.
Upon receiving all the power request response packets, the gateway ID  aggregates these packets and sends an aggregated response packet to the utility company ID  .The aggregated packet enjoys the following benefits.Firstly, the power storage unit's bid privacy is preserved, which is very important in practical applications.For example, it can prevent the utility company from manipulating the power collection price.In fact, what the utility company needs is not the power storage units' individual power injection data, but the total power amount that can be collected from the community in each time slot.Secondly, the aggregated packet has smaller packet size and hence reduces the required bandwidth for transmitting the data to the utility company.Thirdly, instead of sending one message for each bid, all the bids in different time slots can be collected in one message.In the following, we show how to aggregate the packets considering two different scenarios: a single-hop AMI network and a multihop AMI network.
In the case of a single-hop AMI network, upon receiving all the   packets, ID  computes a secret key k =  2 (ê(PK  , sk       0 )) shared with the power storage unit ID  for 1 ≤  ≤ .We note that k =  2 (ê(PK  , sk       0 )) =  2 (ê(PK  , sk       0 )).Then, ID  aggregates the signatures, masked bids, and message authentication codes to generate an aggregated signature , an aggregated masked bid , and an aggregated message authentication code MAC().The aggregated signature is  = ∑ 1≤≤   .The aggregated bid is  = ( (1) ,  (2) , . . .,  () ), where  () = ∑ 1≤≤ ( , −( ‖ k )) for 1 ≤  ≤ .The aggregated message authentication code is MAC() = ∏ 1≤≤ MAC(  ).Additionally, the gateway ID  randomly chooses  ∈ Z *  and calculates the final message authentication code MAC  = (MAC 1 , MAC 2 ), where MAC 1 = ( ‖ ) ⊕  3 (MAC()) and MAC 2 =  ()   () .MAC  will be used by the utility company ID  to ensure that the aggregated bid in each time slot stems from the intended power storage units and it has not been modified in transit.Note that during the verification process, ID  does not need to access the individual bid and hence the power storage unit's privacy is preserved.
In any cases, the gateway ID  attaches {   0 } 1≤≤ to the aggregated response packet, where  is the number of power storage units covered by ID  .Finally, the aggregated response packet is sent to the utility company.Note that only the final message authentication code MAC  is sent to the utility company by the gateway.4.6.Privacy-Aware Aggregated Bid Reading.After receiving the power request response packet from the gateway ID  , the utility company computes a secret key   =  2 (ê(PK  , sk       0 )) shared with the power storage unit ID  for 1 ≤  ≤ .We note that   =  2 (ê(PK  , sk       0 )) =  2 (ê(PK  , sk       0 )).For 1 ≤  ≤ , the utility company computes  () =  () − ∑ 1≤≤ ( ‖   ) = ∑ 1≤≤  , , which is the power amount the utility company can collect from the community of ID  in the -th time slot at price   .Then, the utility company ensures the authenticity and integrity of the recovered data by checking if ê(,  0 ) = ∏ 1≤≤ ê( 1 ((  ) ‖ ID  ‖ ID  ‖    0 ‖ TS), PK  ).Finally, in order to ensure that the recovered aggregated bids stem from the intended power storage units and they have not been modified in transition, the utility company computes ) and checks whether MAC 2 =  (  )  (  ) .

Security and Privacy Analysis
In this section, we show EPPI can achieve the expected security and privacy goals.

Confidentiality.
In the privacy-aware aggregated bid reading phase, for 1 ≤  ≤ , the utility company computes Bottom-up way the power amount the utility company can collect from the community of ID  in the -th time slot at price   .Then the utility company can know the total amount of power ∑ 1≤≤  () injected from the community of ID  .Obviously, the secret keys {  } 1≤≤ are necessary for the computation of the total amount of power.Therefore, adversaries cannot know the total amount of power.On the other hand, based on the discrete logarithm assumption, it is infeasible for attackers to compute ∑ 1≤≤  , from MAC(  ) =  ∑ 1≤≤  , .Also, the gateway fails to recover ∑ 1≤≤  () from MAC() =  ∑ 1≤≤  () .

Privacy Protection.
In the privacy-aware bid generation phase, the power storage unit ID  computes its masked bid as   = ( ,1 ,  ).In this case, the individual bid privacy is still preserved.Furthermore, The use of one-time keys k and   in hashthen-addition aggregation can boost the privacy protection because when the power storage units send the same bids in different cases, the masked bids are completely different and the attacker cannot distinguish the bids.In particular, the time slot parameter  is used in the generation of  , , which makes it impossible for the attacker to calculate the difference between related bids.

Authentication and Integrity.
The utility company ensures the authenticity and integrity of the recovered data by checking if ê(,  0 ) = ∏ 1≤≤ ê( 1 ((  ) ‖ ID  ‖ ID  ‖    0 ‖ TS), PK  ).Any modification to a packet content, such as power price, will result in the failure of the signature verification.Signatures can also be used to resist impersonation attacks and external attacks such as denial of service by sending false packets.The attackers cannot impersonate the utility, gateway, or the power storage units because the generation of a valid signature needs a secret key.Based on the discrete logarithm assumption, it is infeasible to compute the secret key sk  from the corresponding public key PK  = sk   0 and the signature   = sk   1 ((  ) ‖ ID  ‖ ID  ‖    0 ‖ TS).Besides, we developed a message authentication code based on signature techniques.The gateway ID  randomly chooses  ∈ Z *  and calculates the final message authentication code MAC  = (MAC 1 , MAC 2 ), where MAC 1 = ( ‖ ) ⊕  3 (MAC()) and MAC 2 =  ()   () .MAC  can be used by the utility company ID  to ensure that the aggregated bid in each time slot stems from the intended power storage units and it has not been modified in transit.

Replay Attacks.
In the proposed EPPI system, if attackers record valid packets and replay them in a different community or time slot, these replayed packets will be identified and dropped.For one thing, time stamps are used to protect against this replay attacks.For another, the verification of MAC  fails if an attacker replays packets associated with old secret keys.In EPPI, we adopt a key management procedure to enable the utility company to share keys with power storage units.The attackers cannot calculate the keys because the secret number   is used, which is selected by each power storage unit.It is infeasible to retrieve   from    0 .Particularly, even if the gateway and some power storage units collude, they cannot achieve the shared secret key between the utility company and a victim because the secret key computation is controlled jointly by the power storage unit and the utility company.

Man-in-the-Middle Attacks.
In the proposed EPPI system, suppose an attacker resides between a power storage unit and the utility company.It tries to establish two secret keys to fool the power storage unit and the utility company to believe that they communicate directly, where one key is shared with the utility company and the other is shared with the power storage unit.The secret key agreement procedure is resilient to this attack because    0 and    0 are signed by the power storage unit and the utility company, respectively.5.6.Session Key Freshness.It is a very desirable practice to periodically refresh the shared secret keys.In the proposed EPPI system, the secret key management procedure can achieve both forward and backward secrecy, where the attacker cannot derive the previously used session keys nor the future session keys even if the current key is exposed.This is because each time the utility company requests power injection, a new key is computed using one-time random numbers   and   .Therefore, if an attacker could get one key, this does not help him to know the old or new ones.

Performance Evaluation
In this section, we evaluate the performance of the proposed EPPI scheme in terms of the computation complexity and the communication overhead.

Computation Complexity.
As for computation complexity, we will focus on measuring the time required for performing the cryptographic operations in EPPI.Denote the computational costs of a bilinear pairing operation, an exponentiation operation in G, an exponentiation operation in G  , a multiplication operation in G, a multiplication operation in G  , and an addition operation in G by   ,   ,   ,   ,   , and   , respectively.
In the proposed EPPI scheme, in order to generate a power collection request   = ID  ‖ ID  ‖ Info  ‖    0 ‖ TS ‖   , the utility company needs 2  computation cost.In the privacy-aware aggregated bid reading phase, the computation cost for the utility company is (2 + 1)  +( + 2)  +  +  .In fact, the computation of the secret key   =  2 (ê(PK  , sk       0 )) shared with the power storage unit ID  involves one   and one   .The authenticity and integrity of the recovered data based on ê(, ), one   is needed.The verification based on MAC 2 =  (  )  (  ) involves 2  and   .After receiving the packet  , the gateway verifies the signature by checking if ê(  ,  0 ) = ê( 1 (ID  ‖ ID  ‖ Info  ‖    0 ‖ TS), PK  ) holds.Then it computes    0 .The computation cost in this process is 2  +  .In the privacy-aware bid aggregation phase, the computation cost for the gateway is   +( + 2)  +  +( − 1)  +( − 1)  .Specifically, the aggregated signature is  = ∑ 1≤≤   and it needs ( − 1)  .The computation of the secret key k =  2 (ê(PK  , sk       0 )) involves one   and one   .The aggregated message authentication code is MAC() = ∏ 1≤≤ MAC(  ) and it needs ( − 1)  .The In EPPI, the computation cost for each power storage units is 2  +4  +  .We present the computation cost in Table 1, where UC, GW, and PSU represent the utility company, the gateway, and a power storage unit, respectively.

Communication Overhead.
In the proposed EPPI system, the communications can be divided into four parts, that is, UC-to-GW communication, GW-to-PSU communication, PSU-to-GW communication, and GW-to-UC communication.We assign two bytes for each identity, four bits for each price   , five bytes for TS, 20 bytes for , and 40 bytes for each group element in G and G  .We first consider the UC-to-GW communication, where the utility company generates a power collection request   and delivers the request to the gateway.The   packet is of the form ID  ‖ ID  ‖ Info  ‖    0 ‖ TS ‖   .Its size should be /2 + 89 bytes if  time slots are adopted.In the GW-to-PSU communication, the   packet is of the form ID  ‖ ID  ‖ Info  ‖    0 ‖    0 ‖ TS ‖   and the size is /2 + 129 bytes.In the PSU-to-GW communication, the power request response   packet is of the form ID  ‖ ID  ‖    0 ‖ TS ‖   ‖   ‖ MAC(  ) for the -th power storage unit.The packet size should be 20 + 129 bytes.It is noted that, instead of sending  signatures with a total of 56 bytes, the aggregated signature needs only 56 bytes for any number of storage units.In the GW-to-UC communication, the response message is of the form ID  ‖ ID  ‖ {   0 } 1≤≤ ‖ TS ‖  ‖  ‖ MAC  and the size is 40+40+109 bytes where  represents the number of power storage units.We present the communication cost in Table 2.As shown in Figures 4 and  5, we plot the communication overhead in terms of the time slot number  and the power storage unit number .
In general, the proposed EPPI scheme is the first secure and privacy-aware power injection scheme and the above analysis indicates that EPPI is efficient in terms of computation and communication cost.

Conclusions
Aiming to tackle the security and privacy issues of power injection over AMI and 5G, we propose an efficient and privacy-aware power injection scheme based on 5G smart  grid network slice.The proposed scheme allows the utility company to recover the total amount of collected power and resists any attacker to read individual power injection bid.Each power storage unit blinds its power injection bid, and all the bids will be aggregated by the local gateway based on a novel aggregation technique called hash-then-addition.In particular, the utility company can ensure the integrity and authenticity of the collected data.Extensive evaluations indicate that our scheme is secure and privacy-aware and it is efficient in terms of computation and communication cost.

Figure 1 :
Figure 1: System architecture of power injection in future 5G networks.

Figure 2 :
Figure 2: Six phases of the proposed EPPI system.

Figure 3 :
Figure 3: The aggregation way in multihop AMI networks.

Figure 5 :
Figure 5: The GW-to-UC communication overhead of EPPI.

Table 2 :
Communication overhead of EPPI.final message authentication code MAC  needs 2  and   .