De-pseudonymization of Smart Metering Data: Analysis and Countermeasures

Fine-grained metering data threatens users’ privacy, as it typically reveals the users’ consumption patterns and thereby their behaviour. To address this problem, the use of pseudonyms when sending such fine-grained data has been proposed in the literature. In this paper, we demonstrate experimentally that an adversary who has access to pseudonymized fine-grained data and identifiable billing data can fully de-pseudonymize all users using a simple matching algorithm. Our experiments use realworld metering data collected from ca. 6500 smart meters. As pseudonymization alone is not sufficient to provide privacy, we propose three simple yet effective countermeasures against depseudonymization: deliberately not reporting some of the finegrained metering values, rounding these values before reporting them and regularly changing the pseudonyms. We experimentally demonstrate that our countermeasures considerably improve users’ privacy protection without significantly lowering the usefulness of the data. They also do not affect the billing process.