Günther Eibl

Dejan Radovanovic, Maximilian Schirl, Andreas Unterweger et al.

Smart meter data can reveal sensitive socio-demographic characteristics of households, raising privacy concerns. While this risk has been demonstrated at fixed granularities, the role of temporal resolution in shaping inference performance remains insufficiently explored. This paper addresses this gap by analyzing how load profiles with granularities from 15 minutes to 7 days affect the predictability of eight socio-demographic attributes in a dataset of 1,589 households over one year. We introduce an evaluation framework where classifiers are trained on year-round data but tested on arbitrary weeks, forcing generalization across seasonal and weekly variations. Our results show three main findings. First, while coarsening granularity reduces predictive accuracy, two plateaus emerge: performance is stable between 15 minutes and 1 hour, and again between 1 and 7 days. This reveals opportunities for data minimization without sacrificing utility. Second, interpretable handcrafted and tsfresh features remain competitive with CNN-based autoencoder embeddings, while XGBoost consistently outperforms alternative classifiers. Third, feature importance analysis highlights differences between static and dynamic attributes: dwelling size can be inferred even from coarse data, whereas swimming pool usage requires fine-grained temporal signals. Overall, our study provides new insights into the privacy-utility trade-off in smart metering, showing how temporal resolution, feature extraction, and classifier choice jointly influence socio-demographic inference.

Daniel Bernau, Günther Eibl, Philip W. Grassal et al.

Differential privacy allows bounding the influence that training data records have on a machine learning model. To use differential privacy in machine learning, data scientists must choose privacy parameters $(ε,δ)$. Choosing meaningful privacy parameters is key, since models trained with weak privacy parameters might result in excessive privacy leakage, while strong privacy parameters might overly degrade model utility. However, privacy parameter values are difficult to choose for two main reasons. First, the theoretical upper bound on privacy loss $(ε,δ)$ might be loose, depending on the chosen sensitivity and data distribution of practical datasets. Second, legal requirements and societal norms for anonymization often refer to individual identifiability, to which $(ε,δ)$ are only indirectly related. We transform $(ε,δ)$ to a bound on the Bayesian posterior belief of the adversary assumed by differential privacy concerning the presence of any record in the training dataset. The bound holds for multidimensional queries under composition, and we show that it can be tight in practice. Furthermore, we derive an identifiability bound, which relates the adversary assumed in differential privacy to previous work on membership inference adversaries. We formulate an implementation of this differential privacy adversary that allows data scientists to audit model training and compute empirical identifiability scores and empirical $(ε,δ)$.

Günther Eibl, Sanaz Taheri-Boshrooyeh, Alptekin Küpçü

Smart meter data aggregation protocols have been developed to address rising privacy threats against customers' consumption data. However, these protocols do not work satisfactorily in the presence of failures of smart meters or network communication links. In this paper, we propose a lightweight and fault-tolerant aggregation algorithm that can serve as a solid foundation for further research. We revisit an existing error-resilient privacy-preserving aggregation protocol based on masking and improve it by: (i) performing changes in the cryptographic parts that lead to a reduction of computational costs, (ii) simplifying the behaviour of the protocol in the presence of faults, and showing a proof of proper termination under a well-defined failure model, (iii) decoupling the computation part from the data flow so that the algorithm can also be used with homomorphic encryption as a basis for privacy-preservation. To best of our knowledge, this is the first algorithm that is formulated for both, masking and homomorphic encryption. (iv) Finally, we provide a formal proof of the privacy guarantee under failure. The systematic treatment with strict proofs and the established connection to graph theory may also serve as a starting point for possible generalizations and improvements with respect to increased resilience.

Günther Eibl, Kaibin Bao, Philip-William Grassal et al.

There has been a large number of contributions on privacy-preserving smart metering with Differential Privacy, addressing questions from actual enforcement at the smart meter to billing at the energy provider. However, exploitation is mostly limited to application of cryptographic security means between smart meters and energy providers. We illustrate along the use case of privacy preserving load forecasting that Differential Privacy is indeed a valuable addition that unlocks novel information flows for optimization. We show that (i) there are large differences in utility along three selected forecasting methods, (ii) energy providers can enjoy good utility especially under the linear regression benchmark model, and (iii) households can participate in privacy preserving load forecasting with an individual re-identification risk < 60%, only 10% over random guessing.