On the effectiveness of re-identification attacks and local differential privacy-based solutions for smart meter data

Abstract

Smart meters are increasing the ability to collect, store and share households' energy consumption data. On the other hand, the availability of such data raises novel privacy concerns. Although the data can be de-identified or pseudonymized, a critical question remains: How unique are households' energy consumptions, and is it possible to re-identify households based on partial or imperfect knowledge of their consumption? In this paper, we aim to answer this question, and make two main contributions. First, we develop an adversary model in which an adversary who observes a pseudonymized dataset and knows a limited number of consumption readings from a target household aims to infer which record in the dataset corresponds to the target. We characterize the adversary's knowledge by two parameters: number of known readings and precision of readings. Using experiments conducted on three real-world datasets, we demonstrate that the adversary can indeed achieve high inference rates. Second, we propose a local differential privacy (LDP) based solution for protecting the privacy of energy consumption data. We evaluate the impact of our LDP solution on three datasets using two utility metrics, three LDP protocols, and various parameter settings. Results show that our solution can attain high accuracy and low estimation error under strong privacy guarantees.