Smart Metering De-Pseudonymization

Consumption traces collected by Smart Meters are highly privacy sensitive data.
For this reason, current best practice is to store and process such data in pseudonymized
form, separating identity information from the consumption traces. However,
even the consumption traces alone may provides many valuable clues to an attacker,
if combined with limited external indicators. Based on this observation, we identify
two attack vectors using anomaly detection and behavior pattern matching,
that allow effective de-pseudonymization. Using a practical evaluation with
real-life consumption traces of 53 households,
we verify the feasibility of our techniques and show that the attacks are robust against
common countermeasures, such as resolution reduction or frequent re-pseudonymization.

Author(s):

Marek Jawurek    
SAP Research
Germany

Martin Johns    
SAP Research
Germany

Konrad Rieck    
Technische Universität Berlin
Germany