Smart cities, utilities, third-parties, and government agencies are having pressure on managing stochastic power generation from distributed rooftop solar photovoltaic arrays, such as accurately predicting solar generation capacity and react to the variations in the electric grid. Recently, there is a rising interest in automatically collecting solar installation information that are critical to manage this stochastic solar generation. Given a geospatial region, the information may include the quantity and locations of solar deployments within the region, and also the profiling information for each deployment such as orientation, size, inverter inefficiency, etc. Traditional approaches such as online assessment and utilities interconnection filings are time-consuming and costly, and also limited in geospatial resolution and thus do not scale up to every location. Significant recent work focuses on using aerial imagery to train machine learning or deep learning models to automatically detect solar arrays. Unfortunately, these approaches all require training data that includes Very High Resolution (VHR) images and human handcrafted image templates, which have a minimum cost of \$15 per km^2 and are not always available at every location.
To address the problem, we design a new system—SolarFinder that can automatically detect distributed solar photovoltaic arrays in a given geospatial region without any extra cost. SolarFinder first automatically fetches low or regular resolution satellite images within the region using publicly-available maps APIs. Then, SolarFinder leverages multi-dimensional K-means algorithm to automatically segment solar arrays on rooftop images. Eventually, SolarFinder employs hybrid linear regression approach that integrates support vectors machine (SVMs-RBF) modeling with a deep convolutional neural network (CNN) approach to accurately identify rooftop solar arrays and also learn the detailed installation information for each solar array simultaneously. We evaluate SolarFinder using 41,683 public satellite images that include 180,833 contours from 11 geospatial regions in the U.S. We find that pre-trained (or unsupervised) SolarFinder yields a MCC of 0.17, which is 3 times better than the most recent pre-trained CNN approach and is the same as a supervised CNN approach.
IoTSpot: Identifying the IoT Devices Using their Anonymous Network Traffic Data
The Internet of Things (IoT) has been erupting the world widely over the decade. Smart homeowners and smart building managers are increasingly deploying IoT devices to monitor and control their environments due to the rapid decline in the price of IoT devices. The network traffic data produced by these IoT devices are collected by Internet Service Providers (ISPs) and telecom providers, and often shared with third-parties to maintain and promote user services. Such network traffic data is considered “anonymous” if it is not associated with identifying device information, e.g., MAC address and DHCP negotiation. Extensive prior work has shown that IoT devices are vulnerable to multiple cyber attacks. However, people do not believe that these attacks can be launched successfully without the knowledge of what IoT devices are deployed in their houses. Our key insight is that the network traffic data is not anonymous: IoT devices have unique network traffic patterns, and they embedded detailed device information. To explore the severity and extent of this privacy threat, we design IoTSpot to identify the IoT devices using their “anonymous” network traffic data. We evaluate IoTSpot on publicly-available network traffic data from 3 homes. We find that IoTSpot is able to identify 19 IoT devices with F1 accuracy of 0.984. More importantly, our approach only requires very limited data for training, as few as 40 minutes. IoTSpot paves the way for operators of smart homes and smart buildings to monitor the functionality, security and privacy threat without requiring any additional devices.
Preventing Occupancy Detection from Smart Meters
Utilities are rapidly deploying smart meters that measure electricity usage in real-time. Unfortunately, smart meters indirectly leak sensitive information about a home’s occupancy, which is easy to detect because it highly correlates with simple statistical metrics, such as power’s mean, variance and range. To prevent occupancy detection, we propose using the thermal energy storage of electric water heaters already present in many homes. In essence, our approach, which we call combined heat and privacy (CHPr), modulates a water heater’s power usage to make it look like someone is always home. We design a CHPr-enabled water heater that regulates its energy usage to thwart a variety of occupancy detection attacks without violating its objective to provide hot water on demand and evaluate it in simulation using real data. Our results show that a standard 50-gal CHPr-enabled water heater prevents a wide range of state-of-the-art occupancy detection attacks.
Weatherman: Exposing Weather-Based Privacy Threats in Big Energy Data
Smart energy meters record electricity consumption and generation at fine-grained intervals and are among the most widely deployed sensors in the world. Energy data embeds detailed information about a building’s energy-efficiency, as well as the behavior of its occupants, which academia and industry are actively working to extract. In many cases, either inadvertently or by design, these third-parties only have access to anonymous energy data without an associated location. We present Weatherman, which leverages a suite of analytics techniques to localize the source of anonymous energy data. Our key insight is that energy consumption data, as well as wind and solar generation data, largely correlates with weather, e.g., temperature, wind speed, and cloud cover and that every location on Earth has a distinct weather signature that uniquely identifies it. Weatherman represents a serious privacy threat, but also a potentially useful tool for researchers working with anonymous smart meter data. We evaluate Weatherman’s potential in both areas by localizing data from over one hundred smart meters using a weather database that includes data from over 35,000 locations.
SunSpot: Exposing the Location of Anonymous Solar-Powered Homes
Homeowners are increasingly deploying grid-tied solar systems due to the rapid decline in solar module prices. The energy produced by these solar-powered homes is monitored by utilities and third parties using networked energy meters, which record and transmit energy data at fine-grained intervals. Such energy data is considered anonymous if it is not associated with identifying account information, e.g., a name and address. Thus, energy data from these “anonymous” homes are often not handled securely: it is routinely transmitted over the Internet in plaintext, stored unencrypted in the cloud, shared with third-party energy analytics companies, and even made publicly available over the Internet. Extensive prior work has shown that energy consumption data is vulnerable to multiple attacks, which analyze it to reveal a range of sensitive private information about occupant activities. However, these attacks are useless without knowledge of a home’s location. Our key insight is that solar energy data is not anonymous: since every location on Earth has a unique solar signature, it embeds detailed location information. To explore the severity and extent of this privacy threat, we design SunSpot to localize “anonymous” solar-powered homes using their solar energy data. We evaluate SunSpot on publicly available energy data from 14 homes with rooftop solar. We find that SunSpot can localize a solar-powered home to a small region of interest that is near the smallest possible area given the energy data resolution, e.g., within a ∼500m and ∼28km radius for per-second and per-minute resolution, respectively. SunSpot then identifies solar-powered homes within this region using crowd-sourced image processing of satellite data before applying additional filters to identify a specific home.