I Introduction
Smart grid (SG) is an advanced upgrade to the traditional power grid that aims to facilitate reliable delivery of electricity, optimize grid operation, and engage consumers [18]. Fig. 1 illustrates the model structure of the SG, which comprises of advanced metering infrastructure (AMI) network, electricity generation sources, transmission and distribution systems, and a system operator (SO). AMI enables the bidirectional communication between the smart meters (SMs), which are deployed at consumer premises, and SO for regular load monitoring, energy managment, and billing [15]. Unlike the traditional power grid that collects the power consumption readings monthly, AMI network collects finegrained power consumption readings (every few minutes) measured/sent by SMs. Then, these readings are forwarded to the SO for monitoring the load, controlling the energy supply efficiently, and calculating the consumers’ bills. These bills follow dynamic pricing approach in which the tarrif of electricity consumption changes through the day to stimulate consumers to reduce consumption during peak hours [5].
In SG, electricity theft attacks can be launched by fraudulent consumers who tamper with their SMs so that they report lower consumption readings to reduce energy bill illegally. This deceptive behaviour does not only cause financial losses, but also the false readings used for load monitoring may affect the decisions made by the SO regarding grid management, which may cause the instability of the grid or blackout in severe cases [17]. Electricity theft is a serious problem in the existing power grid that causes hefty financial losses. For instance, the United States loses about $6 billion annually due to electricity thefts [14]. The losses in developing countries also have extremely bad consequences. For example, India suffers from about billion losses every year because of electricity theft [23].
In order to identify the fraudulent consumers, machine learningbased models, which are trained on finegrained power consumption readings, have been proposed [35, 16, 23]. However, revealing the consumers’ finegrained power consumption readings to the SO for electricity theft detection, load monitoring, and billing creates a serious privacy problem. This is because the finegrained readings expose the consumers’ life habits, whether they are at home or onleave, number of people at home, the appliances they are using, etc [19]. This may result in criminal activities, e.g., thieves can break into homes when consumers are absent [16]. On the other side, these private data may be sold to insurance companies to adapt their plans based on the consumers’ activities. In summary, the research problem we address in this paper is how to enable the SO to monitor load, compute bills, and detect fraudulent consumers without learning the finegrained power consumption readings of the consumers to preserve their privacy.
In the literature, the proposed scheme in [26]
“PPETD” tried to address this research problem. It uses secret sharing technique to allow sending the finegrained power consumption readings in a masked manner in such a way that the SO can obtain the aggregated readings for billing and load monitoring without being able to learn the individual readings to preserve consumer privacy. It also employs a convolutional neural network (CNN) machine learning model based on secure multiparty computation protocols using arithmetic and binary circuits. These protocols are executed interactively by the SO and each SM to evaluate the CNN model on the reported masked finegrained power consumption readings without learning the readings to preserve the consumers’ privacy. However, this scheme suffers from the following issues.

The computation and communication overheads are impractically high. The total time needed for the CNN model evaluation using masked readings is around 48 minutes and the amount of exchanged data is 1900 MB. This may be impractical for SMs because costeffective devices tend to have limited computation capability and low bandwidth communication. Moreover, this evaluation is done in an online and interactive communication session between each SM and the SO. Obviously, the requirement of a long session between each SM and the SO and exchanging much amount of data is not practical, scalable, or even costeffective given that cellular communication may be used to enable the communications between the SMs and SO.

There is a tradeoff between the accuracy of the model and overhead due to the approximation done for a nonlinear function (sigmoid function).

The classification of the model is known to both SM and SO, which is supposed to be known only to the SO. By knowing the classification of the model, the fraudulent consumer can return the original software to the SM before the SO sends technicians to inspect it to avoid liability.
Therefore, in this paper, we address these limitations by proposing a privacypreserving and efficient electricity theft detection scheme enabling dynamic billing and load monitoring using functional encryption (FE), named “ETDFE”. The idea is that the SMs encrypt their finegrained readings using functional encryption scheme and send the ciphertexts to the SO. We adapted the functional encryption scheme [2]
to enable aggregating the SMs’ encrypted readings, and revealing only the aggregated readings to the SO for billing and load monitoring without being able to learn the individual readings to preserve consumers’ privacy. Furthermore, we train a deep learningbased electricity theft detection model and leverage the inner product operations on encrypted data supported by the FE to evaluate the model using the encrypted finegrained readings without revealing the readings to the SO to preserve privacy.
Using real dataset, we evaluated the performance of our electricity theft detection model. We also analyzed the security of our scheme and measured the communication and computation overhead. Our evaluations confirm that our scheme is secure and can detect electricity thefts accurately with much less communication and computation overhead comparing to the scheme proposed in [26]. Specifically, our scheme can significantly reduce the computation and communication overheads. Moreover, unlike [26], our proposed scheme does not need both SMs and the SO to involve in online/interactive session to evaluate the electricity theft detection model.
The remainder of this paper is organized as follows. Section II discusses the related works. Then, our system models and design objectives are discussed in section III. Section IV illustrates the preliminaries used in our work. Our envisioned ETDFE scheme is presented in section V. Next, The performance evaluation and security analysis of our scheme are discussed in sections VI and VII, respectively. Finally, the paper is concluded in section VIII.
Ii Related Work
A few works in the literature have tried to address privacypreserving electricity theft detection in SG [26, 32, 34, 30, 31]. Some schemes are based on machine learning techniques [26, 34], while others use different techniques [32, 30, 31].
The work done by Salinas et. al. [32, 30] have attempted to investigate the privacy issue in detecting electricity theft. They proposed three distributed peertopeer (P2P) computing algorithms based on lower–upper decomposition (LUD) to preserve privacy. Such algorithms solve linear system of equations (LSE) for the consumers’ “honesty coefficients” to detect fraudulent consumers who commit energy theft. After a mutual communication between the SMs to solve LSE, the SO receives the honesty coefficient from each SM. If the honesty coefficient is equal to one, this consumer is honest, otherwise, the consumer reported less power consumption. Although this scheme can successfully identify all the energy thieves in a small size network, it may be unstable in large networks due to the rounding errors in LU decomposition. In addition, the scheme fails if the SMs tamper with the messages sent to other parties. Furthermore, the power line losses are assumed to be known, which are difficult to acquire practically. Besides, this scheme takes into consideration only one type of attack in which the fraudulent consumers reduce their power consumption reading with constant reduction rates, where the real consumption readings are multiplied by a constant number that is less than one. However, there are many other energy theft scenarios, such as bypass filters [23]. Finally, the scheme does not consider load monitoring and dynamic billing.
The electricity theft detection scheme presented in [31]
considers consumers’ privacy by using Kalman filterbased P2P state estimation protocol to find the line currents and biases of the consumers. The main idea of this scheme is to use state estimation techniques by the SO to identify the fraudulent consumers after receiving estimations of line segment currents and biases from all SMs. The SMs with biases larger than a predefined threshold are considered fraudulent. The privacy of this scheme is guaranteed by employing a distributed kalman filter, where the SO does not need to access the consumers’ power consumption readings. However, this work significantly varies from ours in three perspectives. First, we use a machine learning model to determine electricity thefts, which usually performs better than state estimation approaches
[23]. Second, the proposed state estimator is based on a set of distributed algorithms executed by SMs, and hence, the scheme may fail if SMs tamper with the messages sent to other peers. Last, our scheme enables dynamic billing and load monitoring, which are not considered in [31].Machine learningbased models have been proposed in [26, 34] to identify electricity thefts. A CNN model is used in [34] to detect fraudulent consumers. In this scheme, SMs send their encrypted electricity consumption readings to two system entities. One entity, which is assumed to be fully trusted, is responsible for running a CNN model (i.e., electricity theft detector) after decrypting the consumer’s finegrained readings, and then reports the output of the model to the SO. Another entity, which is assumed distrusted, aggregates the consumers’ encrypted power consumption readings in a certain residential area to obtain the aggregated reading for load monitoring without being able to learn the individual readings to preserve privacy. Practically, it is difficult to ensure that an entity would not abuse consumers’ information; in addition, this scheme cannot support dynamic billing.
Nabil et. al. [26] have proposed a privacypreserving scheme that enables the SO to detect fraudulent consumers, who steal electricity, by developing a CNN machine learning model based on secure multiparty computation protocols using arithmetic and binary circuits. These protocols are executed by the SO and each SM in an online/interactive session to evaluate the CNN model using the reported masked finegrained power consumption readings. The proposed scheme uses also secret sharing technique to share secrets allowing SMs to send masked readings to the SO such that these readings can be aggregated for the purpose of monitoring and billing. The scheme also enables billing using dynamic pricing rates in which the tariff of the electricity changes during the day to stimulate consumers to not use electricity in peak hours to reduce the demand. However, the scheme suffers from the following drawbacks.

The proposed scheme requires high computation and communication overhead. The SMs and SO should run a machine learning model in an interactive way (i.e., online) to maintain the consumers’ privacy while allowing the SO to detect whether a consumer is honest or fraudulent. Furthermore, to evaluate the model for a single SM, the total time needed is around 48 minutes and the amount of exchanged data is 1900 MB. The scheme also requires another overhead for running a technique to share the secrets needed to mask the readings. This large computation and communication overheads are impractical for SMs because costeffective devices tend to have limited computation capability and low bandwidth communications.

A nonlinear function (sigmoid) is used in the model and in order to evaluate the function on masked readings, it is approximated as a linear function. This creates a tradeoff between the accuracy of the model and overhead, i.e., the better the approximation, the better the accuracy but with more overhead.

The classification of the model is known to both SM and SO, which is supposed to be known only to the SO. By knowing the classification of the model, the fraudulent consumer can return the original software to the SM before the SO sends technicians to inspect it to avoid liability.
Iii System Models and Design Objectives
This section discusses the considered network and threat models as well as the design objectives of our scheme.
Iiia Network Model
As shown in Fig. 2, our considered network model includes the consumerside (smart meters), system operatorside, and an offline key distribution center (KDC). The role of each entity is described below.

Smart Meter (SM): The consumer has smart appliances at his/her home which are connected to the SM. Each SM sends its finegrained power consumption readings periodically (e.g., every 30 minutes) to the SO. A set of SMs, , form an AMI network. The SMs can communicate directly with the SO or they can communicate with the SO via a gateway. In the latter case, the SMs may communicate directly with the gateway, or multihop data transmission is used to connect the SMs to the gateway, where some SMs may act as routers to relay other SMs’ data.

System Operator (SO): The SO uses the finegrained power consumption readings sent by SMs for load monitoring and energy management. Moreover, the SO uses these readings to evaluate a neural network model to detect electricity thefts and compute the bill for each consumer following dynamic pricing approach in which the electricity price increases at peak hours to stimulate consumers to reduce demand in these hours.

Key Distribution Center (KDC): It distributes the public parameters in addition to the private keys, i.e., the encryption and functional decryption keys for both SMs and SO, respectively. KDC can be operated by a national authority such as the Department of Energy.
IiiB Threat Model
The SO may attempt to use the consumers’ finegrained power consumption readings to learn sensitive information including the consumers’ activities, e.g., learning whether a consumer is at home or onleave, and so forth. For consumers, they may conduct the following misbehaviour. First, they may send to the SO false (low) power consumption readings to reduce their bills illegally, which does not only cause financial losses but it may also result in wrong decisions regarding energy management. Second, the consumers may be interested in learning the finegrained power consumption of other consumers to infer sensitive information about the lifestyle of the consumers. Regarding collusion, the SO may collude with consumer(s) to infer the readings of other consumers, but the number of colluding consumers should be fewer than or equal (), where is the number of SMs. Moreover, some consumers may collude with others to infer sensitive information.
Basically, the objective of this paper is to preserve the consumers’ privacy while using their finegrained power consumption readings for load management, billing, and theft detection, i.e., no one including the SO should be able to learn the finegrained readings of individual consumers.
IiiC Design Objectives
Our scheme should achieve the following functionality and security requirements:
IiiC1 Functionality Requirements

[leftmargin=1.25cm]

In an AMI network, ETDFE should enable the SO to obtain the total electricity consumption of the consumers at each reporting period for load monitoring and energy management.

Regarding billing, ETDFE should allow the SO to compute each consumer’s electricity bill efficiently following dynamic pricing.

ETDFE should allow the SO to run an electricity theft detector for each consumer using his/her finegrained power consumption readings to detect whether this consumer is fraudulent or not.
IiiC2 Security and Privacy Requirements

[leftmargin=1.25cm]

Our electricity theft detector should be secure against any misbehaviour from fraudulent consumers who aim at stealing energy without being detected.

Preserving consumers’ privacy: No entity (including the SO) should learn the finegrained power consumption readings of individual consumers at any reporting period.

Confidentiality of AMI’s total power consumption and consumers’ bills: SO should be the only entity that learns the total power consumption of all consumers in an AMI for load monitoring and the billing amount of each consumer as well.
Iv Preliminaries
Iva Functional Encryption
Functional encryption (FE) is a new cryptosystem that allows the encryptor to encrypt a message using an encryption key, and enables the decryptor to perform computations on the encrypted message to learn the output of a predefined function () using a functional decryption key without being able to learn the message itself [8]. Recently, the focus on FE has been increasing, especially how to design efficient schemes for limited classes of functions or polynomials, such as linear [3, 1] or quadratic [6]
. In this paper, we focus on the inner product functional encryption (IPFE) that allows to perform inner product operation over encrypted vector. In an IPFE scheme, given the encryption of a vector
, and a functional decryption key associated with a vector , one can obtain only the dot product result by decrypting the encryption of and without being able to learn . IPFE consists of three parties as follows.
Key Distribution Center (KDC): This generates the encryption and functional decryption keys for both the encryptor and decryptor, respectively.

Encryptor: It encrypts the plaintext vector using the encryption key and sends the ciphertext to the decryptor.

Decryptor: It receives a functional decryption key from the KDC, which is associated with a vector , and evaluates the dot product on the encrypted vector received from the encryptor. It has access only to the result of that dot product evaluation , and of course, it must not collude with KDC.
IvB FeedForward Neural Networks (FFNs)
FFNs are widely used in solving many challenging machine learning problems such as system identification of a biochemical process [9]
, face recognition system
[13], and age identification from voice [10]. This wide adoption of FNNs is due to their high accuracy. FFNs are called feedforward because the information only travels forward in the neural network, from the input nodes and through the hidden layer(s) (single or many layers) and finally through the output nodes. They are also called deep networks, multilayer perceptron (MLP), or simply neural networks
[20].Fig. 3 shows a typical architecture of an FFN that consists of:

Input Layer
: This is the first layer of a neural network. It consists of nodes, called neurons, that receive input data and pass them to the following layers. The number of neurons in the input layer is equal to the number of attributes or features of the input data.

Output Layer
: This is the last layer which gives the prediction (or classification) of the model. The activation function used in this layer depends on the problem. For example, in a binary classifier, the output is either 0 or 1, and thus, a sigmoid activation function is usually used, while for a multiclass classifier, a softmax function is commonly used. On the other hand, for a regression problem, where the output is not a predefined category, we can simply use a linear activation function.

Hidden Layers: Between the input and output layers, there are hidden layer(s) that depend on the type of the model, e.g., the hidden layers of a CNN model typically consist of convolutional layers, pooling layers, etc. Hidden layers contain a vast number of neurons which apply transformations to the inputs before passing them. Every neuron in a layer is connected to all the neurons in the previous layer, and each connection may have a different strength or weight. When the network is trained, the weights are computed and updated in the direction of improving the model accuracy. By having multiple hidden layers, we can compute complex functions by cascading simpler functions. The number of hidden layers is termed as the depth of the neural network.
For a given neuron, the inputs are multiplied by the weights and summed together. This value is referred to as the summed activation of the neuron. The summed activation is then transformed via an activation function and defines the specific output or “activation” of that neuron.
In this paper, we use the FFN to solve a binary classification problem, i.e., to detect whether the consumer is honest or fraudulent. In machine learning, classification is a type of supervised learning method, where the task is to divide the data samples into predefined groups by a decision function. In the following, we discuss the training process of an FFN and the widely used activation functions.
IvB1 FFN Training
The features/input data is fed into the first layer of a neural network (i.e., input layer). Then, these features are gradually mapped to higherlevel abstractions via the iterative update (a.k.a, feedforward and backpropagation) in the hidden layers of the neural network for a predefined number of iterations. These mapping abstractions, known as learned neural network model, can be used to predict the label in the output layer.
The training of such a network is quite complicated, when there exists an output error because it is hard to know how much error comes from the neurons and how to adjust the weights and biases [11]. Thus, the FNN training involves adjusting the weight and the bias parameters by defining a cost function and selecting an optimizer. The problem can only be solved by finding the effect of all the weights in the network. This is done by the backpropagation algorithm [11]
in which the FNN weights are updated using the gradients of the cost function with respect to the neural network’s weights. In an FFN, the output values are compared with the correct prediction for optimizing the cost function. Then, the error is fed back through the network to adjust the weights of each connection in order to reduce the cost (loss) function
[11]. For the cost function, categorical crossentropy is defined to measure the loss due to the difference of two distributions, true distribution and learned distribution , for classes as follows:During training, an optimization method, e.g., ADAM [24], is used for optimizing the cost function. Supervised labeled data are used to train the neural network. In addition, hyperparameters of the neural network such as the number of neurons in each layer, the number of layers, type of the optimizer, etc., can be determined using hyperopt python library [7], kfold cross validation, or any other validation method [27].
IvB2 Activation Functions
In a neural network, the activation function is responsible for transforming the summed weighted input from the neuron into the activation of that neuron. In the following, we explain some common activation functions and their usage.

(ReLU): It allows positive values to pass through it, and maps negative values to zero. The main advantage of ReLU is the computational simplicity because it only requires a simple max() function as follows
[28].Unlike the tanh and sigmoid activation functions that use exponential operations, ReLU mostly acts like a linear activation function, and it is usually easier to optimize the neural network when its behavior is linear or close to linear.

Softmax
: It is often used in the output layer for multiclass classification problems. Softmax outputs a probability vector for a given input vector, i.e., for an input vector
of length , where is the number of classes, the softmax function is defined as follows [28].
V Proposed Scheme
In this section, we first give an overview for the proposed ETDFE and then discuss system initialization, how SMs report their power consumption readings, and how the SO computes the aggregated readings for load monitoring. Next, we explain how the electricity bills are computed following dynamic pricing approach. Finally, we explain the way we train a machine learning model for electricity theft detection and discuss how the SO can use the SMs’ encrypted readings to evaluate the model to detect electricity theft without learning the readings to preserve the consumers’ privacy.
Va Overview
The main phases of our scheme can be summarized as follows.

Using an FE scheme, each sends its encrypted readings periodically to the SO using the secret key every time slot as shown in Fig. 4.

At every time slot , the SO receives all encrypted readings from all SMs and uses the monitoring functional decryption key to obtain the aggregated reading of SMs in an AMI network for load monitoring without being able to learn the individual readings to preserve consumers’ privacy.

Regarding billing, as shown in Fig. 4, after receiving encrypted readings from each SM (which represent the readings per billing period , where = ), the SO applies dynamic pricing on these readings to compute the bill for each consumer using the billing functional decryption key without learning the individual readings to preserve privacy.

After receiving encrypted readings from the SMs, the SO uses the functional decryption key of each to evaluate an electricity theft machine learning model to detect whether this consumer is honest or fraudulent without learning the readings to preserve privacy.
For better readability, we define the main notations used in this section in Table I.
VB System Initialization
In system initialization^{1}^{1}1We use the standard lowercase notation for elements in and uppercase notation for elements in ., the KDC^{2}^{2}2KDC is needed only to bootstrap the system by distributing the necessary keys. After that, the system is run without involving it should compute and distribute the following: (1) Public parameters; (2) SMs’ encryption keys; and (3) SO’s functional decryption keys.
VB1 Public Parameters
To generate the public parameters, the KDC should:

generate where is a cyclic additive group of prime order and generator .

choose where is a fulldomain hash function onto , i.e., .
Then, the public parameters are published.
VB2 Smart Meters’ Encryption Keys
KDC generates SMs’ encryption keys: , where is the secret key of , for , and denotes the number of SMs in an AMI network.
Notation  Description 

th smart meter  
Reporting period used for billing  
Reporting period used for electricity  
theft detection  
Consumption reading of at time slot  
Input (power consumption readings) of the  
over  
encrypted reading of at time slot  
Encrypted consumption report vector from  
all SMs,  
Secret key of  
Time slot identifier  
Number of readings per billing period  
Number of readings per electricity  
theft detection period  
Encrypted consumption report vector of  
over billing period  
Encrypted consumption report vector of  
over electricity theft detection period  
Number of neurons in the first hidden layer  
Bias vector of size for the first hidden layer  
th hidden layer  
Public parameters for the functional encryption  
Fulldomain hash function onto  
Functional decryption keys for monitoring,  
billing, and electricity theft detection  
Vectors corresponding to monitoring and billing  
Weights of the first hidden layer  
corresponding to electricity theft detection  
Inner/dot product between vectors and  
VB3 SO’s Functional Decryption Keys
, , and are the functional decryption keys set used for monitoring, billing, and electricity theft detection, respectively. The KDC generates these functional decryption keys as follows.

Generating : A vector of ones, , with a length that equals to the number of SMs in an AMI network, is used by the KDC to compute the monitoring functional decryption key . This key is sent to the SO such that it can aggregate all the power consumption readings from all SMs at each time slot . This vector of ones is used so that when inner product is done with the SMs’ readings, the aggregated reading is obtained. The generation of key is as follows.

The KDC performs the following operation to compute the monitoring functional decryption key using the SMs’ secret keys and :
where is the element in . Then the KDC sends the to the SO.


Generating : The SO sends a vector , with a length , to the KDC, where is the number of readings per billing period as shown in Fig. 4. This vector represents the pricing rates the SO sets and it is used for billing following dynamic pricing approach, i.e., each element in is the electricity rate for one consumption time slot. This allows the SO to compute the inner product operation between and the power consumption of each consumer at different time slots. Using , the KDC generates a billing functional decryption key for each for each billing period as follows.

The KDC calculates the following operations for each using the ’s secret key, , and a set of time slot identifiers , as follows:
where is the inner/dot product operation between two vectors, and is the transpose of .

Next, the KDC sends the billing functional decryption keys to the SO, where and is the number of SMs.


Generating : Regarding the evaluation of electricity theft detection model at the SOside, the SO sends the first layer’s weights of the model () to the KDC. Supposing that ’s dimension is rows columns, where is the number of readings per electricity theft detection period =, while is the number of neurons in the first hidden layer in the model. Then, can be represented as:
(1) where is a 2dimensional array and can be represented as , is the column of , and . Therefore, the KDC generates functional decryption keys corresponding to each column of . In our solution, is the same for all SMs, i.e., the SO applies a general model to all SMs. Next, the KDC calculates the electricity theft detection functional decryption keys for each SM for each electricity theft detection period as follows.

For each , the KDC performs the following operation using the ’s secret key, a set of time slot identifiers , and each column of , where }:

Next, the KDC sends the electricity theft detection functional decryption keys to the SO for each :

VC Reporting Finegrained Power Consumption Readings
The consumers’ finegrained electricity consumption readings are encrypted by using secret keys sent by the KDC. The SMs transmit the encrypted readings periodically to the SO for load monitoring, billing, and electricity theft detection. For each reporting period , each generates a power consumption report by executing the following operations.

Each uses its encryption key and the time slot identifier to encrypt its reading in time slot as follows:
(2) where:
VD Aggregating Finegrained Power Consumption Readings for Monitoring
After collecting all the SMs’ encrypted readings () at reporting period , where , the SO uses the monitoring functional decryption key to obtain the total aggregated reading for load monitoring by performing the following steps.

Given the functional decryption key and ciphertexts , the SO can compute:

Next, the SO computes:
(3) 
Finally, the SO uses an approach to compute a discrete logarithm to obtain:
In this case, the discrete logarithm is not a difficult problem because is not a large value. While many methods have been introduced to compute the discrete logarithm such as Shank’s babystep giantstep algorithm [33], we resorted to using a lookup table to compute it efficiently in a lightweight manner.
By performing the above steps, the result is the summation of the power consumption readings of all SMs at each time slot . Therefore, ETDFE can achieve the functional requirement (F1) of reporting aggregated power consumption reading for load monitoring by the SO without being able to learn the individual readings to preserve consumers’ privacy.
Beside the aforementioned steps, the SO should store the ciphertexts of each in vector for calculating bills over each billing interval as will be explained in section VE, where is:
Also, the SO should store the reports of each over electricity theft detection interval in vector to be applied to the electricity theft detector, at the end of each electricity theft detection interval, as will be explained in section VF3, where is defined as follows:
VE Bill Computation Using Dynamic Pricing
In addition to using the finegrained power consumption readings in load monitoring and energy management, they are also used to compute bills following dynamic pricing in which the electricity tarrifs are higher in the peakload periods to stimulate consumers to shift their consumption to offpeak hours to balance electricity supply and demand. In this section, we explain how the SO uses the encrypted power consumption readings to compute bills following dynamic pricing approach.
After collecting encrypted readings ( vector) from each , , the SO computes the bill at the end of each billing interval by using the billing functional decryption key by calculating
(4)  
Hence, the SO uses an approach to compute a discrete logarithm to obtain:
This is the inner product of the ’s power consumption readings and the pricing rates’ vector (), which is equivalent to the weighted summation of the power consumption readings. Therefore, ETDFE can achieve the functionality requirement (F2) of computing each consumer’s bill following dynamic prices.
VF Electricity Theft Detection
In this section, the dataset used for training the electricity theft detection model is presented, then we explain how we train the model as well as its architecture, and finally, we discuss how the SO can detect electricity thefts without violating the consumers’ privacy, i.e., without learning the finegrained power consumption readings.
VF1 Dataset
A real smart meter dataset from the Irish Smart Energy Trials [22] is used for training and evaluating our electricity theft detector. This dataset was produced in January 2012 by the Electric Ireland and Sustainable Energy Authority of Ireland. It contains electricity consumption readings for more than consumers over days from to , in which an electricity consumption reading is reported by each SM every 30 minutes. In our experiment, we used the electricity consumption readings for SMs from the dataset. By preprocessing this data, we build records, where each record corresponds to readings of one SM in a single day (i.e., 48 readings). We define a set of electricity consumption readings (i.e., a record) that are reported by in each day. We assume that each electricity theft detection interval is one day, SO the input size of our FFN () is .
Electricity Theft Attacks: All the readings in the dataset are for honest consumers. Although we need to train our model using both honest and malicious data, it is difficult to collect false readings sent by fraudulent consumers. To solve this problem, we created malicious dataset by using a set of electricity theft attacks which are presented in [23]. We considered three types of attacks: bypass filters, partial reduction, and pricebased load control, as summarized in Table II. For each day, denotes the electricity reading of . As can be seen in Table II, each function aims at reducing the power consumption reading by applying different attack scenarios. The first attack’s objective, i.e., , is to reduce by a flat reduction ratio , where , while the attack dynamically reduces the reading by a value controlled by the time , where . The third attack reports the predicted value (mean value) of a fraudulent consumer’s power consumption readings for a given day. On the other hand, the fourth attack is a Bypass attack, in which the fraudulent consumer sends zero readings during a certain interval (i.e., ), otherwise, it reports the actual consumption reading , where and are the start and end of the electricity theft interval, respectively. Similar to the attack , the attack also uses the predicted value (mean value) of a fraudulent consumer’s power consumption readings for a given day. But the difference between them is that the readings are reduced dynamically from time to time using in , where , while the fraudulent consumer who launch reports a fixed value during the day. Finally, the attack is comparatively smart in reducing the electricity bill as it does not change the actual readings during the day but it reports the higher energy consumption readings during low tariff periods.
Attack Type  Cyber attacks in Jokar et al. 2016 [23] 

Partial Reduction  
Bypass 

Bypass/Partial Reduction  
Pricebased Load Control 
Data Preprocessing: To apply the aforementioned attacks to produce malicious readings, we first set the parameters of each function. For functions , , and , and
are random variables that are uniformly distributed over the interval
[23], while , in , is a uniform random variable in , and the period of the attack, i.e., , is a uniform random variable in , and hence, the maximum value of . Hence, by applying these attacks on the readings of each SM, the corresponding records for each SM now contains honest records (for daily readings) and malicious records (i.e., ). As a result, the dataset is imbalanced because the malicious data is more than the honest data.We tackle the problem of imbalanced data by using adaptive synthetic sampling approach (ADASYN) [21] for each SM’s records to balance the size of honest and malicious classes. Thus, each SM has honest and malicious records, where each record contains electricity consumption readings. Consequently, the total number of records for SMs in our dataset is around million. Each SM’s records are divided into two datasets for training and testing with the ratio of 4:1. The training datasets are combined together from all SMs to form of size about million records. Similarly, the test datasets are combined together from all SMs to form a test dataset of size records. Training a model on variety of synthetic attacks’ records along with a real dataset [22] helps in improving the model detection rate.
VF2 Electricity Theft Detection Model
We train a fully connected multilayer FFN network, i.e., electricity theft detector, with a softmax output layer on . While training the model, regularization is used to limit overfitting, and we adjust the hyperparmaters of our FFN model using hyperopt tool [7] on a validation dataset (which is 33% of
) to tune the number of neurons in each hidden layer, and select activation function for each layer, batch size, and learning rate. Then, our model is evaluated on the test dataset. In the training phase, Adam optimizer is used to train the model for 60 epochs, 250 batch size, 0.0001 learning rate, and categorical cross entropy as the loss function. To train our model, we used Python3 libraries such as Scikitlearn
[29], Numpy, TensorFlow
[25]and Keras
[12]. Table III gives the detailed structure of our electricity theft detection model including number of layers, number of neurons, and activation functions.Layer  No. of neurons  AF 

Input  48  Linear 
40  Linear  
500  ReLU  
350  ReLU  
110  ReLU  
350  ReLU  
110  ReLU  
1536  ReLU  
500  ReLU  
1536  ReLU  
500  ReLU  
1536  ReLU  
500  ReLU  
700  ReLU  
Output  2  Softmax 
VF3 PrivacyPreserving Evaluation of Theft Detection Model
To enable the SO to evaluate the model we trained without learning the readings to preserve the conumers’ privacy, we leverage the inner product operation of FE. As shown in Fig. 5, only the operations of the first layer of our model architecture are executed using the encrypted data. The result is known to the SO to use in the operations of the next layer. Generally, the main operation needed by a neural network’s feedforward layers can be expressed by where is the previous layer input vector, is the weight matrix, and is the bias vector. In our FFN model, the weight matrix of the first layer has dimension () as shown in Eq. 1, where is the number of input neurons (features), and is the number of neurons in the first hidden layer. In our model, the operation () is performed by multiplying the input vector with , and then the result is added to the bias vector . This results in components that are the output of the first hidden layer, which is equivalent to inner product operations between the input and each column in the weight matrix . Therefore, to preserve the consumers’ privacy, we leverage IPFE to do inner product operation on encrypted vectors to obtain the output of the first hidden layer which is:
where is the input (power consumption readings) of the over , and it can be represented as , while is the bias vector of size .
After collecting encrypted readings ( vector) from each , the SO runs the electricity theft detector by using the functional decryption key corresponding to to detect whether consumer is honest or fraudulent. The columns of can be represented as , where is the column of , and . The evaluation of the electricity theft detection model is done as follows.

Given the functional decryption key and ciphertexts from each at the end of each electricity theft detection period , the SO can compute the inner product between ’s ciphertexts and each column of by performing the following steps.
(5) 
These equations are computed for . The SO uses an approach to compute a discrete logarithm to obtain:

The results are in clear form. Then the SO adds them to the bias of the first hidden layer to obtain the output of the first hidden layer of the electricity theft detector as follows:
Then, the output of the first hidden layer is the input to the next layer of the model and the operations of next layers are completed until the calculations are done in the last layer and the classification result is obtained.
Note that, the number of neurons in the first hidden layer should be fewer than the number of inputs (i.e., ) because if , the SO may obtain the finegrained readings, since unknowns in equations may be solved to obtain the readings.
Therefore, FFN model is evaluated securely by the SO at the end of each electricity theft detection interval without learning the consumption readings to preserve the consumers’ privacy. Therefore, ETDFE can achieve the functionality requirement (F3) of privacypreserving electricity theft detection.
Vi Performance Evaluation
In this section, we first evaluate the performance of the electricity theft detection model, and then assess our scheme in terms of communication and computation overhead.
Via Electricity Theft Detection
Performance Metrics: In order to evaluate our scheme’s performance, we considered the following metrics. The detection rate () measures the percentage of fraudulent consumers that are detected correctly. The false acceptance rate () measures the percentage of the honest consumers that are falsely recognized as fraudulent. The highest difference () is the difference between and . The accuracy measures the percentage of honest/fraudulent consumers that are correctly detected as honest/fraudulent. The model performance is better when , , and accuracy are high, and is low.
where, , , , and stand for true positive, true negative, false negative, and false positive, respectively.
Results and Discussion:
We have evaluated our model using the confusion matrix which is imported from Scikitlearn python library
[29]. Our baseline is the plaintext FFN model (without privacy preservation) and we also compare it with our privacypreserving model. We compare our results with the proposed scheme in [23] and the three models proposed in PPETD [26], which are MD1 with “28 CNN filters, 1 stride size, 6 units filter size, and 2,048 hidden units”; MD2 with “256 CNN filters, 1 stride size, 5 units filter size, 1,536 hidden units”; and MD3 with “64 CNN filters, 1 stride size, 5 units filter size, 1,536 hidden units”.
Model  Method  DR(%)  FA(%)  HD(%)  Accuracy(%) 

Without privacy preservation  92.56  5.84  86.72  93.36  
ETDFE  With privacy preservation  92.56  5.84  86.72  93.36 
Without privacy preservation  93.6  8.00  85.6  93.2  
PPETD MD1 [26]  With privacy preservation  91.5  7.40  84.1  91.8 
Without privacy preservation  92.9  8.80  84.0  92.4  
PPETD MD2 [26]  With privacy preservation  90.0  8.79  81.2  90.2 
without privacy preservation  91.5  4.80  86.7  92.4  
PPETD MD3 [26]  With privacy preservation  88.6  3.90  84.6  90.3 
Jokar et al. 2016 [23]  without privacy preservation  94.0  11.0  83.0  – 
Table IV provides the evaluation results for our proposed model and the existing models in the literature with and without privacy preservation. Considering privacypreserving electricity theft detection, our scheme ETDFE offers higher accuracy and , 93.36% and 92.56%, respectively, compared to PPETD MD1 [26] which has 91.8% accuracy and 91.5% . PPETD MD3 [26] has the lowest which equals to 3.9%, while ETDFE has 5.84%, which is slightly higher but it is still acceptable. Furthermore, unlike [23] that creates one model for each consumer, our detector is a general model that does not rely on specific consumer’s data, and can be applied to new consumers who have no history of power consumption. Moreover, our scheme has higher than [23] and [26].
In addition, Fig. 6 shows the Receiver Operating Characteristics (ROC) curves for our model with and without privacy preservation. ROC curve is often used to evaluate the classification accuracy, which is measured by the area under the ROC curve (AUC). This area indicates how much the model can distinguish between the classes, where a higher AUC represents a better performance. The given results indicate that the overall accuracy of our model does not degrade when using our privacypreserving evaluation technique because the results of the inner product of the encrypted vectors using FE is similar to the result of the inner product of the plaintext vectors. This is different from the proposed scheme in [26] that suffers from accuracy reduction when considering privacy preservation. This reduction occurs because a nonlinear function (sigmoid) is approximated as a linear function in order to be able to evaluate the model on masked readings.
ViB Computation and Communication Overhead
Our scheme is implemented using Python “Charm” cryptographic library [4] running on a standard desktop computer with an Intel Core Central Processing Unit (CPU) operating at 2GHz and 8GB of Random Access Memory (RAM). We used elliptic curve of size 160 bits (MNT159 curve).
ViB1 Computation Overhead
To evaluate ETDFE, we compare our scheme’s computation overhead with the one presented in [26] for load monitoring, billing, and electricity theft detection. For power consumption reporting, the SMs’ computation overhead needed to encrypt the power consumption reading by using Eq. 2 is 0.009 ms, compared to 0.35 ms in PPETD [26], as can be seen in Table V. The results confirm that the computation overhead on the SMs is low which is important because the SMs are resourceconstrained devices. On the other hand, the overhead of aggregating readings by the SO is 47.2 s using our scheme, while it is 0.071 s in PPETD. Although our scheme need more time for aggregating the SMs’ readings, it is still low. Therefore, the comparison with PPETD demonstrates that our ETDFE scheme can reduce the computation overhead of reporting a power consumption reading on SMs by 97.4%.
For our privacypreserving FFN model evaluation, the total time needed to evaluate 8,318 hidden units over 15 layers FFN model is around 0.82 seconds for each consumer at the end of the electricity theft interval, while PPETD requires 48 minutes to evaluate the model. Therefore, our scheme provides 99.9% improvement in evaluating the electricity theft detection model by the SO. It is worth nothing that this 0.82 seconds includes the decryption of the first layer and obtaining the result of the classifier. Moreover, unlike PPETD, our scheme does not need each SM and the SO to be engaged in online/interactive session for evaluating the electricity theft detection model.
ViB2 Communication Overhead
We used elliptic curve, in the cryptography operations needed for our scheme, which provides 160 bits security level. As can be seen from Eq. 2, each SM sends an encrypted finegrained reading of total size of 40 bytes. For privacypreserving evaluation of electricity theft detection model, the SO uses the stored ciphertexts sent by each SM; therefore, no additional communication overhead is needed between the SO and the SMs. On the other hand, PPETD uses masked readings to preserve consumers’ privacy, and also uses secure multiplication, secure evaluation of , and garbled circuit for privacypreserving evaluation of a CNN model. This leads to a high communication overhead of around 1900 MB per SM. As a result, Our scheme offers a significantly lower communication overhead in comparison with PPETD.
Vii Security and Privacy Analysis
Our scheme can achieve the following desirable security/privacy requirements that can counter the attacks mentioned in section IIIB.
Theft detection: To ensure the secure evaluation of our electricity theft detector, each SM first encrypts its finegrained power consumption readings using FE, and then, the SO uses the functional decryption keys to get the output of the first layer without being able to learn the individual readings of the SM. Then, this output can be used to obtain the classification of the model. In addition, our scheme ensures that only the SO knows the result of the electricity theft detector, unlike PPETD [26] in which the result is revealed to both the SO and SM. This may give the consumer enough time to change the malicious software of the SM before the SO sends technicians to inspect it to avoid liability.
On the other hand, the SO uses the same encrypted readings for monitoring, billing, and evaluation of the electricity theft detector. Thus, our scheme ensures that a consumer will not be able to fool the detector by sending two readings; one false reading for billing/monitoring and another true reading for theft detection. Therefore, our scheme is secured against this misbehaviour, and hence, it can satisfy the security requirement of privacypreserving theft detection (S1).
Consumers’ privacy preservation: The consumers’ finegrained power consumption readings are encrypted and no entity (including SO) is able to learn the individual readings to preserve consumers’ privacy. In addition, if the same reading is repeated at different times, the ciphertext looks different because each time the encryption is done using different time slot identifier and thus cannot be repeated. If is reused, the ciphertexts of two readings of the ( and ) are: and , respectively. Hence, by subtracting the two ciphertexts: , by knowing one reading, the other can be obtained. To learn a certain consumer’s power consumption reading, the SO must collude with (1) consumers. This can be done by subtracting the total power consumption of the colluding SMs from the total power consumption known to the SO. This attack is not feasible when the number of SMs in an AMI network is large. In addition, although the SO has , , and for the billing process, it is difficult to obtain the ’s secret key and using it to compute the ’s future readings, because changes, and thus it is infeasible to solve the discrete logarithmic problem. Therefore, ETDFE satisfies the security requirement of privacy preservation (S2).
Confidentiality of AMI’s total power consumption and consumers’ bills: After receiving the encrypted finegrained power consumption readings from SMs, the SO can aggregate the readings to obtain the total power consumption for load monitoring. Attackers, who may be able to intercept the encrypted readings, learn nothing about the total consumption of an AMI because a private key known only to the SO is needed to calculate the aggregated power consumption readings. Also, the SO is the only entity which is capable of computing the bill of each consumer since a secret key known only to the SO is needed. Thus, ETDFE satisfies the security requirement of the aggregated power confidentiality (S3).
Viii Conclusion
In this paper, we have proposed ETDFE, a novel scheme that uses encrypted finegrained power consumption readings reported by the SMs for electricity theft detection, load monitoring, and computation of electricity bills following dynamic pricing while preserving consumers’ privacy. To preserve privacy, no entity is able to learn the finegrained power consumption readings of individual consumers. Functional encryption is used by each consumer to encrypt the power consumption readings and the SO uses a functional decryption key to compute bills and total power consumption for load management, and evaluate a machine learning model using a set of encrypted power consumption readings to detect electricity theft. Moreover, extensive simulations have been conducted using real dataset to evaluate our scheme. The given results indicate that our scheme can detect fraudulent consumers accurately and preserve consumers’ privacy with acceptable communication and computation overhead. Unlike [26], our scheme does not suffer from accuracy degradation due to the privacypreserving evaluation of the model. Furthermore, the comparison with [26] demonstrates that our scheme can reduce the computation overhead of reporting a power consumption reading on SMs by 97.4%, while offering a significantly lower communication overhead. Unlike [26], the SO and SMs do not need to establish an online/interactive session to evaluate the electricity theft detection model, and we also reduce the computation and communication overhead from 48 minutes to only 0.82 seconds, and from 1900 MB per SM to only 40 bytes, respectively.
Acknowledgement
This project was funded by the Deanship of Scientific Research (DSR) at King Abdulaziz University, Jeddah, under grant no. DF7456111441. The authors, therefore, acknowledge with thanks DSR for technical and financial support.
References
 [1] (2015Mar.) Simple functional encryption schemes for inner products. in PublicKey Cryptography – PKC 2015: Springer Berlin Heidelberg, pp. 733–751. External Links: ISBN 9783662464472 Cited by: §IVA.
 [2] (2018) Multiinput functional encryption for inner products: functionhiding realizations and constructions without pairings. Advances in Cryptology – CRYPTO, Cham: Springer International Publishing, pp. 597–627. External Links: ISBN 9783319968841 Cited by: §I.
 [3] (2016Jul.) Fully secure functional encryption for inner products, from standard assumptions. in Advances in Cryptology – CRYPTO 2016: Springer Berlin Heidelberg, pp. 333–362. External Links: ISBN 9783662530153 Cited by: §IVA.
 [4] (2013Jun.01) Charm: a framework for rapidly prototyping cryptosystems. Journal of Cryptographic Engineering 3 (2), pp. 111–128. External Links: ISSN 21908516, Document Cited by: §VIB.
 [5] (2019Apr.) EPIC: efficient privacypreserving scheme with EtoE data integrity and authenticity for AMI networks. IEEE Internet of Things Journal 6 (2), pp. 3309–3321. External Links: Document, ISSN 23274662 Cited by: §I.
 [6] (2017Jul.) Practical functional encryption for quadratic functions with applications to predicate encryption. in Advances in Cryptology – CRYPTO 2017, Cham: Springer International Publishing, pp. 67–98. External Links: ISBN 9783319636887 Cited by: §IVA.

[7]
(2015Jul.)
Hyperopt: a Python library for model selection and hyperparameter optimization
. Computational Science & Discovery 8 (1), pp. 014008. Cited by: §IVB1, §VF2.  [8] (2011Mar.) Functional encryption: definitions and challenges. in Theory of Cryptography: Springer Berlin Heidelberg, pp. 253–273. External Links: ISBN 9783642195716 Cited by: §IVA.
 [9] (1991Nov.) Application of feedforward neural networks for system identification of a biochemical process. in [Proceedings] 1991 IEEE International Joint Conference on Neural Networks (), pp. 1224–1229 vol.2. External Links: Document, ISSN null Cited by: §IVB.
 [10] (2018May.) Age identification from voice using feedforward deep neural networks. in 26th Signal Processing and Communications Applications Conference (SIU) (), pp. 1–4. External Links: Document, ISSN null Cited by: §IVB.

[11]
(2014Jan.)
Review of handwritten pattern recognition of digits and special characters using feed forward neural network and izhikevich neural model
. in International Conference on Electronic Systems, Signal Processing and Computing Technologies (), pp. 425–428. External Links: Document, ISSN null Cited by: §IVB1.  [12] (2015) Keras. GitHub. Note: https://github.com/fchollet/keras Cited by: §VF2.
 [13] (2012Dec.) Performance comparison of cascade and feed forward neural network for face recognition system. in International Conference on Software Engineering and Mobile Application Modelling and Development (ICSEMA 2012) (), pp. 1–6. External Links: Document, ISSN null Cited by: §IVB.
 [14] Electricity Thefts Surge in Bad Times. Note: last accessed: Mar. 2020 External Links: Link Cited by: §I.
 [15] (2011Apr.) Toward intelligent machinetomachine communications in smart grid. IEEE Communications Magazine 49 (4), pp. 60–65. External Links: Document, ISSN 15581896 Cited by: §I.
 [16] (2018Sep.) Revealing household characteristics from electricity meter data with grade analysis and machine learning algorithms. Applied Sciences 8 (9), pp. 1654. Cited by: §I.
 [17] (2019Jul.) Privacyaware authenticated key agreement scheme for secure smart grid communication. IEEE Transactions on Smart Grid 10 (4), pp. 3953–3962. External Links: Document, ISSN 19493061 Cited by: §I.
 [18] (2013Feb.) A survey on smart grid potential applications and communication requirements. IEEE Transactions on Industrial Informatics 9 (1), pp. 28–42. External Links: Document, ISSN 19410050 Cited by: §I.
 [19] (1992) Nonintrusive appliance load monitoring. Proceedings of the IEEE 80 (12), pp. 1870–1891. Cited by: §I.
 [20] (Nov. 2008) Neural networks and learning machines: a comprehensive foundation (3rd edition). PrenticeHall, Inc., USA. External Links: ISBN 0131471392 Cited by: §IVB.
 [21] (2008Jun.) ADASYN: adaptive synthetic sampling approach for imbalanced learning. In Proc. of IEEE International Joint Conference on Computational Intelligence, pp. 1322–1328. Cited by: §VF1.
 [22] Irish Social Science Data Archive. Note: last accessed: Mar. 2020 External Links: Link Cited by: §VF1, §VF1.
 [23] (2016Jan.) Electricity theft detection in AMI using customers’ consumption patterns. IEEE Transactions on Smart Grid 7 (1), pp. 216–226. External Links: Document, ISSN 19493061 Cited by: §I, §I, §II, §II, §VF1, §VF1, TABLE II, §VIA, §VIA, TABLE IV.
 [24] (2014) ADAM: a method for stochastic optimization. arXiv preprint arXiv:1412.6980. Cited by: §IVB1.
 [25] (2015) TensorFlow: largescale machine learning on heterogeneous systems. Note: Software available from tensorflow.org External Links: Link Cited by: §VF2.
 [26] (2019Jun.) PPETD: privacypreserving electricity theft detection scheme with load monitoring and billing for AMI networks. IEEE Access 7 (), pp. 96334–96348. External Links: Document, ISSN 21693536 Cited by: §I, §I, §II, §II, §II, §VIA, §VIA, §VIA, §VIB1, TABLE IV, TABLE V, §VII, §VIII.
 [27] (2018Aug.) Deep recurrent electricity theft detection in AMI networks with random tuning of hyperparameters. in 24th International Conference on Pattern Recognition (ICPR) (), pp. 740–745. External Links: Document, ISSN 10514651 Cited by: §IVB1.
 [28] (2018) Activation functions: comparison of trends in practice and research for deep learning. arXiv preprint arXiv:1811.03378. Cited by: 1st item, 2nd item.
 [29] (2011Oct.) Scikitlearn: machine learning in Python. Journal of Machine Learning Research 12, pp. 2825–2830. Cited by: §VF2, §VIA.
 [30] (2013Sep.) Privacypreserving energy theft detection in smart grids: a P2P computing approach. IEEE Journal on Selected Areas in Communications 31 (9), pp. 257–267. External Links: Document, ISSN 15580008 Cited by: §II, §II.
 [31] (2016Mar.) Privacypreserving energy theft detection in microgrids: a state estimation approach. IEEE Transactions on Power Systems 31 (2), pp. 883–894. External Links: Document, ISSN 15580679 Cited by: §II, §II.
 [32] (2012Jun.) Privacypreserving energy theft detection in smart grids. In Proc. of 9th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), pp. 605–613. Cited by: §II, §II.
 [33] (1997Jul.) Lower bounds for discrete logarithms and related problems. in Advances in Cryptology — EUROCRYPT ’97: Springer Berlin Heidelberg, pp. 256–266. External Links: ISBN 9783540690535 Cited by: §VD.
 [34] (2019Oct.) Energy theft detection with energy privacy preservation in the smart grid. IEEE Internet of Things Journal 6 (5), pp. 7659–7669. External Links: Document, ISSN 23722541 Cited by: §II, §II.
 [35] (2018Apr.) Wide and deep convolutional neural networks for electricitytheft detection to secure smart grids. IEEE Transactions on Industrial Informatics 14 (4), pp. 1606–1615. External Links: Document, ISSN 19410050 Cited by: §I.
Comments
There are no comments yet.