Smart metering systems (SMSs) are pivotal in modernizing the energy and resource sector, driving efficiency (e.g., energy distribution [1]), reliability (e.g., industrial applications [2]), and sustainability (e.g., water management [3]). Their novelty and contribution lie in providing accurate, real-time or near-real-time data on energy and resource consumption, enabling utilities to provide more reliable services, optimize system operations, identify inefficiencies, and support the integration of renewable energy sources (e.g., smart grid systems) ^[4][5][4,5]. Simultaneously, they contribute to empowering consumers to make informed decisions regarding energy use, leading to demand-side management and cost savings. By supporting infrastructure modernization, SMSs can reduce overall energy consumption, decrease carbon emissions, and advance the transition to a low-carbon and sustainable economy ^[6][7][6,7].

SMSs provide various features such as tracking real-time or near-real-time usage data [8], detection of abnormal usage [9], more accurate billing information [10], and the ability to share the collected fine-grained data with third-party analysts for more comprehensive analysis (e.g., dynamic price prediction [11]). For instance, smart water metering (SWM) systems can generate fine-grained temporal water usage data, which can be used to recognize user behaviors such as tapping, taking a shower [12], and gardening [13].

However, this raises serious privacy concerns, as malicious actors, including service providers, third-party analysts, or neighbors, can eavesdrop and analyze these data without user consent. Their motivations vary from identifying a specific customer to monitoring the billing information or analyzing user behaviors. Therefore, it is crucial to carefully evaluate the security implications of sharing customer data with related entities or outsourcing to third-party analysts in different scenarios. Some smart metering systems, such as SWM, may have sparsity in their fine-grained data sets, with a granularity of 10 s or even longer (i.e., the gap between water usages is usually large), which makes it easier to identify the user by recognizing their behavior and mapping to real-world activities. In addition, installing and implementing a smart metering system requires security considerations and standards [14]. Poor installation practices or unauthorized personnel installing the smart meters may leave them vulnerable to tampering or unauthorized access. Therefore, this research mainly concentrated on making a given SMS more privacy- and security-compliant but did not consider the side effects of the SMS (e.g., the broader implications of SMSs such as energy consumption or reduction, energy sources, sustainability, etc.).

2. A Privacy-Preserving Framework Using Homomorphic Encryption for Smart Metering Systems

Smart metering systems (SMSs) are integral to modern resource management infrastructure, enabling the accurate measurement and monitoring of resource consumption in residential and commercial settings. However, SMSs have raised many security and privacy concerns ^[15][20], such as the fact that SMSs can be attacked through vulnerabilities to bring down the whole system and cause damage to customers and service providers. Particularly, SMSs can generate sensitive consumption data [8] that are used to provide valuable services such as load forecasting [16]. Meanwhile, many regulations and laws (e.g., GDPR ^[17][21]) exist as standards to protect data privacy. As a result, ensuring the security of smart metering systems has become a critical concern for SMSs.

2.1. Privacy Risk and Countermeasures of SMS

Cyber–physical systems (CPS), such as SMSs or IoT systems, combine physical and digital entities and generate enormous volumes of data. The data generated by SMSs can be used to infer customers’ presence ^[18][22] and for activity recognition, including short-term activities (e.g., tapping or taking a shower [12]) or long-term activities (e.g., gardening [13]). Priyadarshini ^[19][23] studied the optimal machine learning methods to reach a high accuracy of 98% in activity recognition using the data from smart wearables, which form an integral part of IoT systems. Because behavioral patterns can be analyzed through activity recognition, privacy concerns are increasingly growing due to customers’ privacy exposure ^[20][24]. A simple solution is to use the energy stored in the households that can later reshape the usage profile. Li et al. proposed a Bayesian detection-operational privacy leakage metric ^[21][25] for evaluating privacy risk and studied an optimal privacy-preserving energy control strategy. Li et al. presented a way ^[22][26] of pruning vulnerable data and randomly selecting database proportions for publishing.

2.2. General Privacy-Preserving Techniques

Some general privacy-preserving techniques have been investigated to address the privacy issues of SMSs. One example is k-anonymity. Alsaid et al. applied the Mondrian algorithm to ensure k-anonymity by excluding personally identifiable information within a smart grid system ^[23][27], which achieves anonymization in nlog(n) time complexity. Stegelmann and Kesdogan proposed using pseudonyms implementing k-anonymization to avoid the service provider identifying a specific customer in a smart grid ^[24][28]. However, k-anonymity does not include randomization, and adversaries can still successfully make inferences if they already know some background knowledge. Therefore, SMSs are vulnerable to adversaries if they can monitor the customers for a long time. Trusted execution environment (TEE), an isolated CPU space for secure computation, is a second choice. Karopoulos et al. chose TEE as trusted computing technology to protect cryptographic keys, sensitive data, and critical operations in the application of smart grids such as remote attestation ^[25][29]. Valadares et al. studied a trusted architecture solution based on TEE and other security mechanisms to protect data in IoT applications ^[26][30]. Although there is the advantage of low communication and computation costs, TEE has a cost for hardware and is highly reliant on hardware implementation. Moreover, TEE is suitable for the data federation rather than the data collection process. MPC is a technique that utilizes an MPC protocol to make participants collaborate on computations over their inputs while keeping them private through protocols. An MPC protocol refers to the rules and procedures that enable each party to compute the function securely and privately. It defines how the parties interact with each other, how they share information, and how they combine their inputs to produce the desired result. MPC comes with the huge cost of communication overhead. Kirschbaum et al. presented a privacy-aware communication protocol ^[27][31] for smart grid systems based on secure multiparty computation, which allows the aggregation of consumption data of a group of smart meters without disclosing individual information. Although this solution can reduce the communication effort through a special initialization phase, this phase increases the system’s complexity, for example, increasing the overhead of pre-computation. Danezis et al. proposed an MPC scheme based on secret sharing ^[28][32] through which they examined the usage of complex functions on smart meters. However, the scheme requires more computing rounds and negatively affects the bandwidth and latency. Differential privacy (DP) is also a widely used privacy-preserving method. However, by adding proper noise, there is always a balance between data utility and privacy protection. Assuming the water provider is honest and trustworthy, Cardell-Oliver and Carter-Turner proposed a solution by sampling differential privacy in SWM systems that use (ϵ,δ)-differential privacy for a sample of Nβ households ^[29][15], which significantly improved the differential privacy guarantees because smaller samples increase the adversary’s uncertainty about which households are in the sample. Gai et al. proposed a data aggregation scheme with local differential privacy (LDP) in smart grids ^[30][33] by discretizing and aggregating these data to meet the privacy guarantees of LDP and finally estimating the total or average power consumption after combining randomized responses. HE is a promising technique that supports computations over encrypted data. Fully homomorphic encryption (FHE) ^[31][34] is regarded as the complete form of HE, as FHE supports an unlimited number of arbitrary computations for potentially complex applications. Tonyali et al. assessed the feasibility of FHE for smart grids by adapting one existing FHE scheme for advanced metering infrastructure (AMI). The data size and delay overheads were acceptable ^[32][35]. As FHE supports arbitrary function evaluation and an unlimited number of operations, it depends on bootstrapping to reduce the noise level of ciphertexts when the level of the computation circuit is deep. Considering privacy protection based on cryptography for the whole process, honest data collectors or third-party analysts are no longer needed; thus, HE is regarded as the most promising method.