**1. Introduction**

The smart grid is a newly evolving next-generation intelligent power grid, and many technological research works were conducted in different countries over the last decade to increase the efficiency of their power grids. The primary consideration in adopting the smart grid should be protection of the users privacy [1–3]. In other words, unlike existing security measures, the smart grid system should basically focus on the security of users rather than suppliers. More personal and specific information can be exposed in the smart grid environment by smart devices or hacking attacks when diverse types of information are combined [4–6]. The major issue of personal information protection in the distribution of smart grid technology is that it is possible to infer a user's behavioral pattern based on his/her energy consumption data by collecting and analyzing more detailed personal data, such as the characteristics of the user's energy usage or the frequency of energy production obtained, by applying the latest electric meters and other related equipment and technologies. In addition, the data read by smart meters inevitably require a certain monitoring or surveillance scheme as they are electronically collected and transmitted, rather than manually processed as in the past. The capacity of a meter capable of assessing consumer patterns or types of appliance depends on the frequency with which it collects data and the types of data being collected. Also, the user's behavior at home can make it is easier to infer his/her activity patterns in other places.

The factors associated with privacy intrusion scenarios in a smart grid environment include the following: (1) information concerning the use of a particular medical device or piece of electronic equipment which indicates their activation times and personal patterns, segmented data pertaining to the power consumption of each household appliance and its measurement location, and detailed information on the use of the appliances or equipment in use at a specific location; (2) the possibility of tracking a physical location through newly consumed energy, for instance, the charging of an electric automobile; (3) the activities in a certain house or building can be inferred from the electronic signature or use time pattern upon activation of a device or piece of equipment, which can form the basis for understanding a specific user's activities. Thus, the collection of a consumer's energy use data by a third party should be limited to the information required to serve the third party's purpose and which is authorized by the consumer.

The anonymous signature scheme comprises a function for authenticating signed messages while hiding the actual identity of the signer, which in itself is a common method in current systems that require the input signature to be authenticated. This scheme was developed by Chaum and Heyst in 1991 [7]. As for the group signature scheme, a member of a certain group is able to attach his/her signature in a message to prove that he is actually a member, and the verifier of the message will be able to confirm that person's membership only, without actually identifying the signer. However, it is possible for the opener, who authenticates the input signature, to identify the signer with the information of the signer previously stored in the system. The opener can be an organization or institution that deals with incidents associated with signatures. The group signature scheme is widely used as an anonymous signature scheme because of its reliability [8]. Despite its reliable performance, however, the security of personal information is called into question as many users consider that the opener has sufficient power to identify the signer and obtain the latter's personal information or information on anonymous activities for other purposes. To resolve this problem, Sakai et al. [9] introduced a complementary scheme by adding an "admitter" to the anonymous signature scheme. Thus, Sakai added the admitter and limited the opener's access to the signer's identification only by obtaining the consent of the admitter. In 2013, Ohara et al. [10] resolved the problem raised by Sakai (2012), which was the admitter's limited amount of token issuance.

The group signature scheme is often used when it is necessary for the authenticator to verify that the signer is a member of a particular group without revealing the actual identity. The real identity of the signer can be disclosed to the authenticator only if there are incidents or disputes that need to be solved. Nevertheless, it is quite clear that the signer will feel the burden of revealing his/her identity or anonymous activities to the authenticator without his/her consent and consider that the authority of the authenticator is too great. Thus, to limit the authority of the authenticator while maintaining the effectiveness of the group signature schemes, an anonymous signature scheme which authorizes the authenticator to identify the signer only with the token issued by the signer him/herself when generating a signature is proposed in this study.

#### **2. Related Research**

In a conventional power grid where electric power is delivered to the end users via substations (Figure 1), the power generation and distribution processes are centralized by the system, which assumes the role of mapping and visualizing the routine operations while controlling these processes to meet the power supply/demand schedule and its storage.

**Figure 1.** A typical power grid structure.

However, following the rapid development of information technology (IT), such a grid architecture transformed in a way that can provide a more efficient and effective means of power managemen<sup>t</sup> by integrating with Internet Protocol (IP)-based technologies. The network convergence based on these technologies [11] allows the grid to interwork with an external network(s) by adopting the Transmission Control Protocol (TCP)/IP for a more efficient power managemen<sup>t</sup> and provision of flexible but efficient service operations.

For the last decade, the development in the hardware, software, and communication technologies led to more advanced and sophisticated information and communications technology (ICT) which were the major factor of widespread mobile smart devices, software applications, or communication architectures [12,13].

The next-generation (21st century) power grid being called the smart grid (Figure 2) enables a smarter, interactive, and dynamic grid managemen<sup>t</sup> and services based on the ubiquitous computing and advanced ICT technology to respond to the era of the fourth industrial revolution. One of the major advantages of the smart grid is that its bi-directional communication capability can not only improve the power managemen<sup>t</sup> or operating process but also be utilized for establishing an Internet of things (IoT) system for the users' residences.

The conceptual smart grid model developed by the United States (US) National Institute of Standards and Technology (NIST) defined a smart grid as a complex infrastructure based on a set of seven chief domains [14], namely bulk generation, energy distribution, power transmission, operation and control, market, service providers, and customers and individual domains, composed of heterogeneous elements (e.g., organizations, buildings, individuals, and systems, including system resources and other entities). Also, the backhaul network is essential for achieving smooth but efficient communications between customers and utility companies when advanced power managemen<sup>t</sup> systems such as advanced metering infrastructure (AMI) are to be embedded into the smart grid [15,16].

**Figure 2.** The architecture of a smart grid.

The problem pertaining to breach of privacy is one of the major issues when people are using a service which requires the user to be authenticated. A series of privacy protection schemes were introduced to let users remain anonymous by allowing only encrypted information or minimum user information to be disclosed to the system administrators; however, the security levels and the means of protection provided by those schemes vary and can be inadequate sometimes. The blind signature [17] or the homomorphic encryption [18] scheme is mainly used [19]. To simply describe them, for instance, the former is a scheme where the first party (Party 1) attaches his signature to the message generated by the second party (Party 2) without having any knowledge about the content of the message. Then, the third party (Party 3) can receive the message but the identity of the message sender (Party 2) will remain secure as his/her signature will not be authenticated. Meanwhile, in the latter scheme, a specific mathematical or a computational manipulation is applied to the message or the text to create a ciphertext so that only the authorized party with the right decryption key will be able to decipher the encrypted message. The smart meters usually adopt the latter scheme to encryp<sup>t</sup> and transmit their requirements to their central control system (utility company administrator) along with a specific encryption function to let the system to decrypt the contents of the requirement with an appropriate decryption key. These schemes were originally developed for the electronic voting systems to conceal the voters' information in the application layer but did not consider the possibility leaking the information from the lower layers (i.e., link layer or network layer) of the protocol stack. It is quite possible that the repeated use of the same IP address overtime may provide access to the identities of the communicating parties or a means for hackers to analyze the traffic [20].

Nonetheless, it is also true that such benefits may be provided at the cost of breaching privacy. That is, a large volume of generated data and its high granularity in which more information is contained would allow any third party with malicious intent to grasp the lifestyles of the customers. Also, there were some claims in some countries that the use of smart meters further endangered the security/privacy of the customers [21]. The balance between achieving an efficient and effective smart metering and guaranteeing the adequate level of personal information protection is always the focus of such a controversy. Using the terminology from Reference [22], the solutions that aim to protect the privacy should guarantee the customers a suitable level of anonymity together with a temporary unlinkability which disconnects them from the metering infrastructure (i.e., disabling power usage reading, etc.). However, the question here is whether the unlinkability can or should be fully achieved even when customers are required to settle their bills at some time or another. The same question can be addressed to unobservability, which refers to the condition where one's power usage cannot be observed by others. Although it is possible to keep the record of the total aggregated amount of one's power usage at the substation level, it still needs to be delivered to the main system for the smart metering system to be fully functional [22,23].

#### *2.1. Anonymous Authentication and Anonymous Signature Schemes*

The term "anonymous authentication" refers to a cryptographic technology that allows the person or entity requesting authentication to authenticate him or herself as a legitimate entity while remaining anonymous. Commonly, simple aliases designed to preserve anonymity cannot be used for this type of authentication as the user trail can be traced easily; thus, using them cannot be considered an anonymous authentication scheme. A group signature, anonymous letter of credit, and more were introduced for the purpose of anonymous authentication in a number of research works. The group signature is an electronic signature scheme which the signer can verify him/herself as a member of a particular group without having to reveal his/her identity, thus enabling the authenticator to determine that the person concerned is actually a member without being able to identify him/her. Also, the group signature scheme often involves a credible third-party organization referred to as an "opener", e.g., the police or an internet-related authority. The opener is authorized to identify a signer from the group signature and can track the identity of any user who displays inappropriate behavior (or commits illegal acts) while using anonymous services. The group signature scheme is

currently considered the most practical for real-world applications such as web application services as it offers traceable anonymity. In general, the group signature scheme offers anonymity, traceability, and linkability.

Figure 3 shows a schematic representation of the group signature scheme, whose members are normally distinguished as the group manager who sets the parameters, the opener who is authorized to trace a specific signature in a group, the signer, and the authenticator. Each signer in the same group has his/her own private signature key, whereas the authenticator can verify the signatures with an open group key. Also, information that can be used to identify a signer is encrypted in the signature value so that only the opener can trace the identity of a group signer with his open group key.

**Figure 3.** Diagram of the group signature scheme.

Figure 4 represents a group signature scheme that provides linkability, which was studied with a view of applying it to a variety of applications. Linkability is a basis for determining uniformity in a number of signatures so as to determine whether the signatures were written by the same person. Although the linker may detect uniformity in the signatures, he/she is not able to identify the signer.

**Figure 4.** Diagram of group signature scheme with linkability.

In the smart grid environment, service providers can enhance the quality of their services by performing big data analyses of users' data, such as their real-time power usage patterns, etc., and then processing them into meaningful information. Thus, the level of privacy protection can be increased by offering anonymity through group signatures, while the service providers are able to provide flexible services by linking with the data of an anonymous user (signer). Jeong-Yeon Hwang et al. introduced a group signature scheme that provides local linkability [6]; however, in this study, the linker refers to an organization or institution that has a linking key generated by the group manager so that, in general, it becomes the service provider. The linker has the authority to check the link status for all signature values.

Figure 5 shows a group signature scheme offering limited linkability. Unlike existing group signature schemes where the opener is a credible third-party organization, the linker in this scheme is the service provider itself or the organization or institution designated by the service provider, with could result in privacy violations of the service users. For example, let us assume that an anonymous user in the smart grid environment uses a power usage analysis service along with an IoT service. In this case, the service provider will be able to link the power usage information of person A (who just entered his/her signature with the group signature key) with the information about his/her IoT service use. At this time, the service provider does not know the identity of A but it is able to determine whether the user currently using these two services is one and the same, potentially leading to an undesirable breach of privacy. As such, while studies related to existing group signature schemes focused on managing the system for the designated linker so as to be able to test the linkability of all signature values, this study aims to secure a fundamental technology capable of preventing unnecessary information exposures by developing a group signature scheme that allows the designated linker to test the linkability only for those signatures desired by the signer. Thus, in the example shown above, an anonymous signer A can transfer the power usage values to the linker for the linkability test, using a group signature key while transmitting the IoT usage information separately with the same key for the same test. Thus, this scheme can provide a more secure method of preventing privacy breaches by minimizing the level of personal information exposure.

**Figure 5.** Diagram of group signature scheme with limited linkability.

#### **3. Anonymous Signature with Signer-Controlled Opening Capability**

The anonymous signature scheme allows authentication of the signer without revealing his/her identity, whereas the group signature scheme is a method of verifying that the signer is a member of a certain group, also without exposing the signer's identity. Nevertheless, it is possible for an opener to identify an anonymous signer based on the information of the signer, which is neither desirable nor favorable for the signer who wishes his/her signature to be authenticated but does not want to reveal his/her actual identity. Thus, this section discusses a solution whereby the signer obtains a (security) token upon entering his/her signature so that the opener is not able to find the information of the signer without permission.
