Content uploaded by Nadeem Javaid
Author content
All content in this area was uploaded by Nadeem Javaid on Apr 27, 2021
Content may be subject to copyright.
GarliChain: A Privacy Preserving System for Smart
Grid Consumers using Blockchain
Omaji Samuel1, Nadeem Javaid1,∗
1Department of Computer Science, COMSATS University Islamabad, Islamabad 44000, Pakistan,
∗Corresponding author: nadeemjavaidqau@gmail.com, www.njavaid.com
Abstract—This paper proposes a blockchain system, known
as GarliChain, to solve the problems of anonymity and privacy
of consumers during energy trading in the smart grids. It is
inspired by both garlic routing and consortium blockchain. In
the GarliChain, identity based encryption is used to encrypt the
messages of consumers twice before transmitting them to other
nodes. A stochastic path selection model is presented in this
work to route messages from the source node to the destination
node. Furthermore, a trust method is proposed to enhance the
credibility of nodes in the network. Simulation results validate
the effectiveness of the proposed system. From the results, the
proposed system remains stable as the number of path requests
increases. Also, the proposed trust method is 50.56% efficient in
detecting dishonest behavior of nodes in the network as compared
to 49.20% of an existing fuzzy trust model. Under different sizes
of the blocks, the computational cost of the forwarding nodes is
minimum. Security analysis shows that the system is safe from
both passive and active attacks. Malicious nodes are detected
using the path selection model. Moreover, a comparative study
of the proposed system with existing systems in the literature is
provided.
Index Terms—Anonymity, blockchain, energy trading, garlic
routing, GarliChain, onion routing, privacy.
I. INTRODUCTION
The emergence of smart grid has made the power systems
more sophisticated using advanced control technology, two-
way communication and smart meters [1]. A recent review on
the management of energy in the smart grid while considering
the key issues of intermittency, high operation and mainte-
nance cost of distributed energy resources (DERs) has been
discussed in [2]. Smart grids enable consumers to use a large
variety of DERs and storage options. Based on a notion of
optimal sizing of DERs [3], electricity prosumers can deploy
DERs on a large scale, which makes them energy producers
in a decentralized fashion. The prosumers consume as well as
generate energy locally. Moreover, new methods are proposed
for dynamic pricing and demand response in the smart grids.
However, these methods may face a new range of privacy
issues [4]. For instance, in a dynamic energy pricing scenario,
the energy demand and supply data of prosumers are used to
generate the energy price. Therefore, the collection of such
data by unauthorized users creates privacy concerns. Also,
data transmission problem, cyber attack, lack of trust between
users, etc., have hindered the effectiveness of smart grids in
the energy sectors.
Blockchain is one of a series of technologies that offers
solutions to trust and security problems in the smart grids.
It is a distributed ledger technology that allows data to be
recorded in the network. It also sustains trust and provides
network security for the users. Furthermore, it validates the
shared ledger using consensus mechanisms. The consensus
mechanisms ensure the correctness of transactions and present
a non-partisan way of reaching an agreement on a global
state of the network. To date, blockchain is applied in dif-
ferent sectors like health, power, transport, agriculture [5],
etc. However, the blockchain faces criticism due to lack of
standardization, storage issue, high computational overhead
and scalability issues.
The authors in [4] propose a method that preserves the
privacy of electric vehicles (EVs) using dynamic tariffs. In
the method, whenever an EV sends a request on the network,
its original identity is preserved and a new pair of keys is
generated for it. However, generating the multiple key pairs,
i.e., private and public keys may increase storage cost, which
makes the method impractical when a fined granularity is
needed. The authors in [6] use the account mapping mech-
anism to protect the privacy of energy users, such that each
request requires a dummy account. However, mapping of real
account with the dummy account may make record auditing
difficult. Bloom filter and encryption mechanisms are proposed
in [7] for the authentication and privacy preservation of energy
users, respectively. In the mechanisms, the zero-knowledge
proof is used to prove the correctness of the aggregated data
without revealing information about its content. However,
the bloom filter gives two outputs, i.e., true or false, which
do not provide information for items that may be close to
being searched correctly. Also, the issues of false positive
and negative about the information are not addressed. The
method proposed in [7] also includes pseudonyms that may
make the system unable to trace payments made to the wallet
of a particular user [8]. For example, Satoshi Nakamoto is a
pseudonym representing a person or a few people who started
bitcoin as a peer-to-peer (P2P) electronic cash system in 2008.
To date, the real identity of who owned the pseudonym is
unknown [8]. The authors in [8] use a gradient boosting
algorithm to address the traceability issue by de-anonymizing
the blockchain system. However, privacy is not considered. In
our proposed system, the privacy and anonymity of prosumers
are achieved via garlic routing and blockchain.
Other limitations that may hinder the implementation of
the blockchain in the smart grids are lack of privacy, trust
concerns, inefficient energy pricing schemes and supply chain
problems. A blockchain system is proposed in [9] for en-
suring trust, transparency and openness while using DERs.
However, privacy is not considered. The authors in [10]
use the blockchain, multi-signature and anonymous encrypted
message to achieve the privacy of users and a safe transaction
of energy. However, the system is computationally expen-
sive for fine-grained devices. The authors in [11] propose a
blockchain based system for a secure remote energy trading
market. In the system, a double auction mechanism is used
to generate an energy pricing policy. However, the process
of auctioning becomes inefficient, especially when a single
auctioneer engages in the hourly biding process. Moreover,
finding the matching bidders is time consuming. The authors
in [12] use the blockchain to enhance crowdsourcing and P2P
energy trading. However, privacy is not taken into account.
The authors in [13] propose a system that is based on the
blockchain to facilitate microgrid energy auction. Differential
privacy (DP) is used in the system to provide privacy for
the prosumers. In the system, there is a tradeoff between
privacy and accuracy due to the DP and the cumbersomeness
of the auction mechanism. The authors in [14] propose a
framework that enables hybrid P2P interaction of users to
achieve the reduction of both energy cost and peak-to-average
ratio in an energy trading market. Blockchain is used in the
framework to implement the contract rules of energy trading
in the market. However, the privacy and security of prosumers
are not considered. Insufficient scalability and poor efficiency
in blockchain mining processing are the challenges to consider
when implementing this technology for the Internet of things
(IoT) users. Besides, a blockchain based energy system that
offers security for industrial IoT users is proposed by [16].
The authors introduce a credibility based method to boost the
efficiency of the proposed system. The authors in [17] propose
a decentralized energy system to achieve scalable and reli-
able energy management for the IoT blockchain based users.
However, bandwidth and communication degradation arises
when IoT devices are increasingly used, which may result in
the poor quality of service. Addressing this problem involves
encouraging users with incentives to share their edge resources
as explained in a review in [18]. Also, the authors in [19]
suggest that by combining the blockchain and software defined
network, the bandwidth, latency and security issues can be
resolved. The problems identified in this study are privacy and
anonymity of users in the smart grids. Existing works in the
literature provide the methods of multi-key pairs [4], account
mapping [6], pseudonyms [7] and gradient boosting [8] that
are not sufficient to address the above mentioned problems.
The authors in [20] propose a blockchain based decentralized
search system using onion routing. Another work in [21] uses
the same method for vehicular ad hoc network to preserve the
location privacy of vehicles. However, this method also has
some limitations. Firstly, it has a fault tolerance problem, i.e.,
if any intermediate node is defective, the entire onion routing
mechanism would be affected. Secondly, the anonymity of
receiver may be revealed as the last node is aware of the
identity of the receiver. Lastly, there is a problem of frequent
communication link distortion between nodes. The authors
in [22] propose a system using an anonymous multi-receiver
identity based encryption scheme (IBE) and onion routing
for achieving anonymity over public network. However, the
proposed system does not provide trust between nodes in the
network. Table I shows a summary of related works. From the
table, the existing related works are critically analyzed based
on the parameters, such as scenarios, techniques, objectives
and limitations.
This paper addresses the important issues of customers’
privacy and anonymity in a smart grid. As the technology
for deploying smart grids advances and more people are
anticipated to be involved, these issues are becoming more
significant to be considered in the design of such systems.
To overcome the above mentioned issues, the main goal of
this paper is to propose a system based on blockchain and
garlic routing, known as GarliChain for providing anonymity
and privacy to consumers during energy trading. The proposed
system enables a sender to encrypt multiple messages twice,
regardless of the number of intermediate nodes. A dynamic
path selection mechanism is proposed in this work to resolve
the fault tolerance problem of [20], [21]. Also, the sender
picks several random paths to forward packets using the
proposed stochastic path selection mechanism. This solves the
problems of anonymity of users and frequent communication
link distortion between nodes. Also, an improved IBE pro-
tocol is introduced to protect the identities of nodes, thus
protecting their privacy. Furthermore, extensive simulations
are performed to validate the theoretical results and prove the
effectiveness of the proposed system. In this system, if an
attacker explores the vulnerability of the destination user in
the system, he cannot track the request of the sender. If he
exploits the vulnerability of the sender in the system, he is
unable to reveal the private information of the sender. The
major contributions of this paper are as follows.
1) To propose a privacy preservation mechanism, which
is based on garlic routing and blockchain, known as
GarliChain.
2) To propose an improved IBE mechanism for securing the
data of prosumers using a double encryption approach.
3) To develop a dynamic path selection algorithm based on
a stochastic mechanism for routing data from the source
node to the destination node.
4) To propose a reputation management system for ensur-
ing trust and credibility between nodes in the proposed
system.
5) To perform a security analysis of the proposed system
for showing that the system is safe from passive and
active attacks.
The rest of the paper is organized as follows. Section II
provides the proposed system model and problem formulation,
which includes the proposed protocols, reputation manage-
TABLE I: A Summary of Related Works.
Scenario (s) Technique (s) Objective (s) Limitation (s)
Prosumers [4] Blockchain based dynamic tariff
and selection system
Preservation of privacy High cost due to the generation of
multiple key pairs for each transac-
tion
Prosumers [6] Blockchain based account mapping
mechanism
Prevention of privacy leakage Record auditing problem
Prosumers [7] Blockchain based pseudonym and
data aggregation scheme
Preservation of privacy Traceability problem
Bitcoin [8] Gradient boosting algorithm De-anonymization of bitcoin Privacy is not considered
DER [9] Blockchain based distributed pho-
tovoltaic energy
Ensure trust, transparent and openness Privacy is not considered
Prosumers [10] Blockchain based multi-signature
and anonymous encryption scheme
Transaction security Computational expensive for fine
grain devices
Prosumers [11] Blockchain based iterative double
auction mechanism
Secure energy trading Auction mechanism is inefficient
when a single auctioneer engages
in hourly bidding process and time
consuming to determine matching
bidders
Crowdsourcing [12] Blockchain based two-phase oper-
ation algorithm
Management of crowdsourcing energy sys-
tem
Privacy of users is not considered
Microgrid [13] Blockchain based energy auction
and DP
Development of optimal trading strategies Tradeoff between privacy and ac-
curacy due to the DP and cum-
bersomeness of the auction mech-
anism
Prosumers [14] Blockchain based hybrid electricity
market
Reduction of cost and peak to average ratio Privacy of users is not considered
Prosumers [15] Blockchain based secure demur-
rage mechanism
Energy trading efficiency and cost mini-
mization
Anonymity of users is not consid-
ered
Industrial IoT [16] Blockchain based credibility sys-
tem
Secure blockchain based energy trading Anonymity of users is not consid-
ered
IoT [17] Blockchain based decentralized au-
tonomous cooperation
Scalable and reliable energy management Privacy and anonymity of users are
not taken into account
IoT [19] Blockchain based software defined
network
Address bandwidth and latency issues Anonymity of users is not regarded
IoT [20] Blockchain based search system
using onion routing
Privacy and security of users Fault tolerance, anonymity and fre-
quent communication link distor-
tion
Vehicular ad hoc net-
work [21]
Onion based anonymous routing
scheme and pseudo identities
Privacy and anonymity Fault tolerance problem
IoT [22] Anonymous multi-receivers based
IBE and onion routing
Anonymity and security Problem of centralization and trust
issue between nodes
Ours (consumers) Blockchain based privacy preserv-
ing system using garlic routing
Preservation of privacy, security and
anonymity
There is a high demanding task for
key requirement from the private
key generator in a large network
ment system, local accountability and penalty mechanism.
Section III discusses the security analysis of the proposed
system. Section IV provides the simulations and discussion
of results while conclusion and future work are provided in
Section V.
II. PRO PO SE D SYS TE M MOD EL
This section describes the proposed GarliChain system.
The system in Fig. 1 consists of multiple smart homes that
have rooftop solar energy to satisfy the immediate energy
demands of users. However, users with energy deficits perform
localized energy trading with other users that have surplus
energy. Moreover, if the energy demand of a user cannot be
satisfied from the local trading, then such amount of energy
is purchased from the power grid on the prices of retailer.
The residential homes with installed smart meters act as the
nodes in the blockchain while aggregator Ag performs the path
selection for the nodes. The GarliChain system is implemented
to achieve anonymity of the users who perform energy trading.
In this paper, anonymity means that the identities of users are
unknown; whereas, privacy implies that the private information
about the users is not intentionally revealed by other users.
A. Characteristics of the Proposed GarliChain
The characteristics of the proposed GarliChain are given
below.
1) Security: Due to the underlying security properties of
blockchain, the transactions of users are transparent,
immutable and anonymous. Also, the problems of a
single point of failure and lack of trust are eliminated
by the proposed blockchain system.
2) Privacy preservation and anonymity: The transaction pri-
vacy of each user is preserved by applying pseudonyms;
whereas, the anonymity of users is ensured using
the proposed GarliChain. It prevents honest-but-curious
nodes with background knowledge of the existing sys-
tem from performing attacks on the transaction of the
user.
ABC
ED
Path Response
Path Request
Energy
Exchange
Residential
Home
Block
Power Grid
Encryption
Transaction
F
Fig. 1: The Proposed Blockchain based Garlic Routing Net-
work.
3) Transaction irreversibility: The original transaction can-
not be completely recovered after the transaction is
verified and authenticated by miners.
4) Imperceptibility: The path set of GarliChain is randomly
chosen. So, an adversary cannot determine the path set
that routes the message from source to destination.
B. Multiple Smart Home Users
The proposed GarliChain consists of a set of source homes
SH={s1, s2, . . . , sn}, set of destination homes DH=
{d1, d2, . . . , dn}and a set of intermediate homes IH=
{i1, i2, . . . , in}. Note that when snwishes to transact energy
trading with dn, the information must pass through the nodes
in IH. In Fig. 1, we denote snto be node Aand dnto be
node Fwhile nodes B, C, D and Eformed the nodes in
IH. Note that the nodes and homes are used interchangeably.
Ag, as a public key generator (PKG), is formed based on its
reputation history. It is responsible to initialize the parameters
of the system and generate the pair of keys, pseudonyms,
blind certificates and IBE. Before node Acommunicates with
node F,Ag must generate the key pairs for both of them.
If node Awants to trade energy with node F, then it must
get path set from Ag for message routing. IHmay contain
nodes that have no previous interaction with dn. Moreover,
the nodes that relay the request of snto dnare IH.dnis any
destination node that receives the request from snand sends
back response via into sn. Fig. 2 shows the sequence diagram
of the proposed system model. From the figure, the source
or destination nodes perform the same operation for either
sending or receiving the message. However, the same path is
not used by either the source or destination nodes. From the
figure, in step (1) the source node requests for the credential
through the registration protocol while step (2) uses bilinear
mapping to generate the master key and system parameters
using the identity of each source node. The source node in
step (3) uses the system parameters to generate a pseudonym
and sends it to the layered encryption protocol. The layered
encryption protocol in step (4) generates the blind signature
and session key using the pseudonym of each source node.
Once the session key is received, the source node in step (5)
requests for path set to route message from the dynamic path
selection protocol while in step (6), dynamic path selection
protocol generates the path set using the proposed stochastic
path selection protocol and sends the path set to the source
node. The source node in step (7) encrypts the message using
the identity of the destination node; afterwards, it encrypts the
ciphertext with the identities of intermediate nodes to generate
a clove. In step (9), the first node in the intermediate nodes
verifies the clove and signature of the certificate received from
the source node. Afterwards, in step (10), it unwraps the upper
layer of the clove by decrypting using the private key and
then forwards the new clove to the next node. The next node
performs the same operation as in step (10) and sends the final
clove to the destination node. The destination node in step (12)
decrypts the clove using its session key.
C. Garlic Routing
Garlic routing [23] is a mechanism adopted by the invisible
internet project (I2P). I2P is an anonymous network that
conceals the identities of both sender and receiver. Multiple
messages are packed into layers of encryption structure within
a garlic routing. It uses the onion routing concept where the
receiver decrypts the packet that is sent to it by unwrapping
one layer of the encryption structure [23]. The packets in the
garlic routing, known as “cloves”, are individually encrypted
by each sender. The encrypted cloves are encapsulated in a
fixed size “garlic” before they are transmitted between the
nodes [23]. Each clove is solely decrypted by the destination
node, which means that it is invisible to the other parties who
only re-translate the clove to the next hop within the network.
To demonstrate the garlic routing structure, Fig. 3 shows the
anonymous file access operation. If a sender wants to access a
file from an application server at the receiver’s end, it adopts
the garlic routing scheme for the route selection using a series
of peers. Messages are repeatedly encrypted by the sender and
then decrypted by the destination node. It means that each
node used as an intermediate node is only aware of routing
information of the next hop during the re-translation process.
D. GarliChain
A dynamic mechanism for path selection is proposed to ad-
dress the onion routing problems of fault tolerance, anonymity
and frequent distortion in the communication between nodes.
Here, the sender selects multiple paths to forward packets. The
IBE is implemented to secure the identities of nodes in SH,IH
and DH, thus ensuring their privacy. The design conditions for
the GarliChain regarding several protocols, such as multiple
homes registration protocol, layered encryption protocol and
dynamic path selection protocol are described below.
(1) Request for
credentials through
the registration
protocol
(2) Use bilinear
mapping to generate
master key and
system parameters
using the identity of
each concerned node
(9) The first node
verifies the clove
and signature of
the certificate
received from the
concerned node
(10) Unwrap the
upper layer of the
clove by
decrypting using
private key and
forward the new
clove to the next
node
Source/
Destination Node
Registration
Protocol
Layered Encryption
Protocol
Dynamic Path
Selection Protocol
Intermediate
Nodes
(6) Generate the path set using the proposed stochastic path
selection mechanism
(8) Encrypt the ciphertext with identities of intermediate nodes to generate a clove
(7) Create a session key and
encrypt the message using the
identity of the destination node
(5) Request for path set to route message
(4) Generate a blind signature and session
key using the pseudonym of each
concerned node
(3) Use the system parameters to generate
pseudonym and send it to the layered
encryption protocol
Source/
Destination Node
(11) Each node
performs the same
operation as in
step (10) and
sends the final
clove to the
concerned node
(12) Decrypt
clove using
session its own
session key
Fig. 2: Sequence Diagram of the Proposed System Model.
Sender Receiver
Request
Garlic
Routing B
Garlic
Routing
C
Garlic
Routing D
Garlic
Routing E
Clove #1: Request
Data
Clove #2: Response
Message
Garlic
Routing A Outbound
Inbound
Sender Receiver
Request
Garlic
Routing B
Garlic
Routing
C
Garlic
Routing D
Garlic
Routing E
Clove #1: Request
Data
Clove #2: Response
Message
Garlic
Routing A Outbound
Inbound
Fig. 3: Example of Connection Setup with Garlic Routing.
1) Multiple Homes Registration Protocol: This protocol al-
lows multiple homes to access the GarliChain system through
registration. The registration process is as follows: (i) each
node creates a key pair, i.e., public and private keys, denoted
as pk and sk, respectively. These keys are used during the
authentication and validation processes. (ii) Ag uses bilinear
mapping algorithm to create master key mk =sk and system
parameters spk ={z, G1, G2, θ, P , pk, H0, H1, H2,Φ}for all
of the nodes, which are used in preventing impersonation
attacks. Where G1and G2are the cyclic groups of order z,P
is a generator of G1and θ:G1×G1→G2is a bilinear map-
ping. H0,H1and H2are hash functions while Φis the path
selection model. mk and spk are used to create pseudonyms
and certificates that are required during encryption. For the
sake of privacy, Ag does not know the actual identity (ID) of
each node and its corresponding certificate. (iii) Given the ID
of a node, Ag computes QID =H0(I D)and SI D =skID ,
and sends SID to the node using a secure channel. Each node
chooses x→Z∗
zand computes its pseudonym as P sm =xP
and sends the masked pseudonym as P sm∗=yH0(P sm)
where y→Z∗
zto Ag.Ag generates a blind certificate of
P sm∗and sends it to the node. (iv) Suppose node Awants to
perform session interaction with node F, it submits a request
to the blockchain. The request is approved by the consensus of
other nodes before it is written onto the blockchain. Approving
the requests of nodes ensures that the falsified requests are
discarded while the honest requests are accepted. To this end,
a consortium blockchain is used in this paper that leverages the
advantages of a permissioned blockchain [24]. In a consortium
blockchain, access to the blockchain is limited based on
permission. The mining nodes are selected using the proof
of authority (PoA) consensus mechanism [25]. The node that
has the highest reputation score is elected as a leader, and it
is responsible for adding transactions into the blockchain.
2) Layered Encryption Protocol: The core foundation of
the proposed GarliChain is the layered encryption protocol.
As shown in Fig. 4, the path selection with two hops, node
Band node C, is considered using the proposed dynamic
path selection mechanism, which is described in Section II-E.
The two hops selected in this paper are for the illustration
purpose; however, the node can select a path set with more
than two nodes to achieve higher anonymity (see Defini-
tion II-E.1). When node Awants to transact energy trading
C
FAg D
Clove # 1 Clove # 2
A
sID(D)
sID(F)
sID(C)
sID(B)
sID(A) Clove # 3
B C
FAg D
Clove # 1 Clove # 2
A
sID(D)
sID(F)
sID(C)
sID(B)
sID(A) Clove # 3
B
Encryption
Blockchain
Communication Full Clove Message
Session
Key
Unwrapped
Clove
GarliChain Communication
Fig. 4: Overview of the Layered Encryption Protocol.
with node F, it sends message mg ={mg1, mg2}where
mg1, mg2∈ {0,1}with SID (F)to Ag using a secure
channel. Node A, which is the sender, performs the following
tasks: 1) it generates a pseudonym P msAand gets certificate
ρAusing IBE and blind signature from Ag. It also creates
a session key kA−F=θ(skA, SID (F)) and encrypts mg
using advanced encryption standard with kA−Fto derive the
ciphertext CA−F. It requests Ag for the list of possible paths
to node Fand selects the preferred path. The IDs of nodes
in the preferred path are sent to node Aby Ag. We denote
their IDs as a subset of garlic routers (i.e., IH), which is
represented as SID (B)and SID(C), 2) node Aencrypts
CA−Fwith sID (B)and SID(C)to generate another cipher-
text as CB→C=EN C(sID(B)||ENC(SID (C)||CA−F)), 3)
afterwards, it transmits GT ={ids, P smA, ρA, CB→C}to the
blockchain where idsis a unique identifier that represents a
sequence of the transmitted packets. Note that only the nodes
whose IDs are used in the encryption process get notified about
the new packet, 4) when node Breceives GT, it performs
two initial operations: (i) it verifies GT from the blockchain
if it has not been transmitted previously using the GT ’s ids;
otherwise, GT is rejected and (ii) it also verifies the signature
on the certificate ρA. If the certificate ρAis authentic, then
idsis incremented; otherwise, GT is rejected. In the proposed
system, the first node in IHperforms such action, 5) node B
in IHunwraps upper layer of GT by decrypting using its
private key. If the decryption is successful, then it forwards
GT to node Cin IH. Once node Creceives the GT , it also
performs decryption using the private key. If the decryption is
successful, then it forwards GT to the dn, i.e., node F. Note
that node Band node Ccannot decrypt CA−Fand 6) once
node Freceives the packet from node C, it decrypts CA−F
using its own session key SID(F)to get the plaintext mg.
The process of responding to node Ais similar to the process
already described with the exception that the initial path used
by node Awill no longer be valid for node F. Thus, node F
must request another path set from the Ag.
3) Dynamic Path Selection Protocol: The purpose of dy-
namic path selection is to prevent the system from end-to-end
correlation via statistical disclosure, fingerprinting and direct
observation. Path selection is usually performed by selecting
a group of nodes with higher reputation scores, denoted by
Rss. In retrospect, the authors have used threshold value to
define a path set; however, it is not an optimal solution to a
path selection problem. The threshold value may create a large
number of path sets; whereas, some authors have used coin flip
for path selection [26]. In this paper, a stochastic path selection
model is proposed (see Section II-E). Also, a threshold based
on the reputation score is used to limit the number of nodes
in a path set. We use the maximum likelihood estimation to
determine the reputation threshold value, denoted by Rt
s. The
benefits of using Rt
sfor path sets creation are as follows. (1)
Nodes with higher Rsscores belong to multiple path sets and
(2) nodes with Rsscores less than Rt
sdo not belong to any
path set, which potentially limits the number of path sets that
an adversary can corrupt.
E. Dynamic Path Selection Analysis
Fig. 1 shows that multiple paths are selected, especially if
node Awants to communicate with node F. The possible path
sets include: P1={B⇒C},P2={E⇒C},P3={D⇒
E},P4={D⇒E⇒C},P5={D⇒B⇒C}and
P6={D⇒B}. It implies that P1requires two hops to reach
node F. We define the anonymity level of each node in the
selected path using Definition II-E.1.
Definition II-E.1: The anonymity of the path must be
obtained as follows. If node = 1, then low level anonymity is
attained. If node = 2, then medium level anonymity is obtained.
If node = 3, then high level anonymity is achieved.
Theorem II-E.1: Path set reduces the number of key pairs.
Proof II-E.1: A path, which consists of nodes from snto dn,
known as IH, is generated to reduce the number of key pairs
in the network. The ciphertext is encrypted with the public
keys of nodes in IH. The nodes, which are not part of IH
cannot know or forward the ciphertext to the next node in the
network. Thus, the ciphertext is forwarded by the nodes in IH
only.
Motivated by the work in [27], this paper considers a dynamic
strategy for addressing the problem of path selection based on
the stochastic model. The proposed strategy ensures that the
requests for path sets continually arrive at Ag according to
a discrete Poisson process. It also ensures that these requests
remain in the queue of Ag until the path is created. Neverthe-
less, the duration of a path is distributed exponentially. The
rules defining the selection of path are given as follows. (1)
Define a probability P r1, which is the maximum number of
requests an Ag can receive, (2) define a probability P r2that
the current path is not frequently used by a node and (3) define
the maximum congestion vthat is allowed by any node. It is
observed that the path request to dnis selected randomly and
uniformly by all nodes. It is also assumed that the number of
requests in a queue does not increase exponentially over time
and the expected delay of a request remains constant.
Assumption II-E.1: In Fig. 4, it is assumed that the Ag
receives a path request from node Ato communicate with
node F. This means that node Atries to create a path from
node Eto node Fby choosing k=n0log nrandom trajectory
that connects node Eto node F. The number of nodes in the
network is nand the number of nodes in the path from node E
to node Fis n0. If no node with v−1is used by the existing
paths, then a new path is created with that node. Otherwise,
the request remains in the queue. When a connection between
nodes is established, a path is created between them. Once the
communication is done successfully, the path is deleted. Also,
each node in the path sets should not be used concurrently
by more than one path. This means that no node beyond its
capacity is overloaded.
Given the proposed path selection model Φ, the probability of
path selection is defined as:
Φ = min "1
qlog(vn),qv
kv+1
v#,(1)
where qis a constant, such that if P r1≤kΦP r2, then the
system is stable and the time a request is required to wait is
O(1
P r1). We define EN =nP r1to be the expected number
of new requests that arrive in the system at any given time t.
Let ED =1
P r2be the expected duration of a connection. For
the nodes in a system to be stable simultaneously, the expected
number of paths must be at least EN ×ED =nP r1/P r2[27].
To randomly select a path, the number of malicious nodes
mis considered. Therefore, path selection is defined as cp =
1
1−n/ml where cp is the path set, lis the number of trusted
nodes. The random selection of cp implies that the attacker’s
chances to be successful in controlling at least one randomly
selected path in each cp are very low. The probability of cp
is defined as follows.
P rcp =
1−(m/n)cp,if path is selected randomly,
1−((cp
m)
(cp
n−m)),if path is selected only once.
(2)
Assumption II-E.2: From Eq. (2), two cases are considered
when selecting path to forward messages. In the first case,
if the path is randomly selected, then the probability is (1 −
(m/n)cp). In the second case, if the path is selected only once,
then the probability is 1−((cp
m)
(cp
n−m)). Moreover, when cp > 1,
different probabilities of path selections are obtained.
F. Reputation Management System
The reputation method is a realistic solution that builds
confidence in the digitized ecosystem where contract terms
between clients cannot be established. So, in this study, if an
Ag is malicious, then it is impossible to secure the integrity of
nodes. It implies that the system is compromised. Therefore,
it is crucial to implement a reputation management system.
The trust score of each node is generated from the page
rank algorithm (we refer interested readers to read [25]). A
recent survey has highlighted the various methods on the
computation of reputation, such as simple summation, fuzzy
logic, Bayesian systems, discrete trust systems, belief models,
etc [28]. Existing literature in blockchain [29] explains that
adding an extra layer of logic in the smart contract maintains
the reputation of the nodes while ensuring trust between them.
The present architecture of blockchain ensures that reputation
scores can be agreed upon by the consensus protocol. Besides,
the transaction can be categorized as unauthorized or autho-
rized concerning the feedback from the involved entity. On
the other hand, the judgement of the entity from the previous
experience along with the computation of the reputation of the
involved entity is used for evaluating reputation [29].
1) Computation of Reputation: In this study, the output of
the page rank algorithm is a probability distribution, which
represents the likelihood that a node can randomly rate other
nodes. Note that if the number of links pointing towards any
node is more than others, then the node is important. The
page rank score of any node is iteratively defined by the page
rank scores of other nodes that are linked to it. Let P r be the
transition matrix from one node to another. Then, each element
of P r denotes the probability of transiting from one node to
the other. At first, the initial probability of 1
nis assigned to all
nodes. Afterwards, the page rank scores are updated for nth
iteration as R(n) = d×P r ×R(n+ 1) + (1 −d)Z where
Z = {1
n,..., 1
n}T,R(n)is the page rank score of each node,
Tis a transpose and d= 0.85 is a damping factor, which
is given arbitrarily [30]. Also, it denotes a Bernoulli decision
where at each iteration, a node follows an out-bound link. Note
that Pn∈NZ=1is a positive vector. The incentive that each
node will receive for assigning page rank score to other nodes
is defined as IC(n) = θR(n)
Pn∈NR(n)where θis the probability
that the page rank score is not compromised. To prevent
the similarity between two page rank scores from different
nodes, the sum of historical performance [25] of the node is
integrated in page rank score as R(n) = Pn∈NR(n)−→
θ(n)
where −→
θ(n)is the historical performance of a node. Once
R(n)is generated, it is stored in the blockchain to compare
with the latest generated R(n). The comparison creates a
trustworthiness parameter, which accounts for the closeness of
rating with the majority of nodes. Also, a consistency factor is
generated from the comparison. If a node is found trustworthy,
its reputation increases and vice versa. Moreover, the initial
R(n)does not affect the level of honesty of nodes as the
nodes are newly registered into the system. Rsof each node is
calculated using the average weighted trust evaluation method
as follows [31].
Rs(n) = α(βR(n)) −γRV (n),(3)
where RV is the risk value initiated by the transaction, and α,
γand βdenote different coefficients. Eq. 3 is a modification
of [31] as only direct trust evaluation is considered in this
study. This means that the recommended trust evaluation is not
required, since the page rank process involves direct linking
to each node. In the proposed GarliChain, Ag decides
under what conditions to degrade the reputation that has
been verified and authenticated by miners especially when
the transaction is generated by a fraudulent user. Moreover,
bitcoin and other public blockchain enabled cryptocurrencies
are known to have the problem of transaction reversibility as
it requires limited time to mitigate and detect an attack. Also,
transaction reversal can undermine confidence in fairness or
impartiality of any system. Furthermore, the immutability of
a blockchain based transaction is a double edge sword that
leads to an increased effect of a defective and fraudulent
transaction. Such a transaction needs to be reversible to sustain
a real life scenario. However, trust can enable the possibility
of a reversible approach. So, in this study, the transaction
of legitimate nodes is impractical to reverse, but reputation
degradation is achieved when a malicious node is detected.
G. Local Accountability and Penalty Mechanism
In GarliChain, accountability is ensured when there is
a report of fraudulent activities from any member of the
network. To describe the process of accountability, a scenario
based on double spending is analyzed. Double spending is a
situation where the same amount of cryptocurrency can be
spent more than once. In the proposed GarliChain, when sn
reports a fraudulent activity about dnto the blockchain, the
following steps are recommended. (1) snreports a fraudulent
activity to the blockchain. Fraud may occur when dnfails
to either supply the required quantity of energy to snor
sells the same quantity of the energy to two or more buyers
simultaneously. On the other hand, fraud may occur when
the buyer fails to remit the said amount of purchased energy.
Such activities are reported to the blockchain for a necessary
action to be taken, which involves a penalty. (2) Ag audits
the blockchain transactions and commits the reports to the
blockchain. The report is validated by miners and sent to nodes
in IH. (3) Nodes in IHaccept the audit report by appending
their signatures and then forward the report to dn.
In this study, a penalty is imposed on a node, which is in-
volved in fraudulent activities. Using the proposed GarliChain,
it is assumed that the penalty is in the form of reputation score
reduction. We consider three scenarios for which a penalty
is applicable. (1) An Ag is penalized if the audit report is
falsely generated, such Ag is removed as the leader of nodes
and its reputation score is decremented in a way it will no
longer participate in the consensus process. (2) Nodes in IH
are penalized, if they disclose the identities of their next hops
to route the cloves. Such nodes will no longer be selected
as nodes in the path selection process and their reputation
scores are decremented. (3) dnand snare penalized if they
provide false information and engage in double spending.
Such nodes are blacklisted while their reputation scores are
decremented. To this end, all of the penalized nodes are re-
garded as malicious nodes. Moreover, the proposed GarliChain
provides an opportunity for the malicious nodes to remedy
their reputations via the attitude enhancement process. In the
process, confidence level values are created for the malicious
nodes and based on these values, they are either allowed
to fully participate in the activities within the blockchain or
remain malicious.
III. SECURITY ANALYSIS
In the smart grids, the issues of anonymity and security are
addressed by the proposed GarliChain. The number of nodes
participating in the network are reduced by the proposed path
selection mechanism and consortium blockchain. Unlike the
existing systems [32], [33], GarliChain achieves low latency,
usability and flexibility. It means that all nodes in the network
have the same local copies of the distributed ledger while the
block creations and validations are performed by miners who
have high reputation scores. Also, the proposed GarliChain
resists website fingerprinting and network traffic analysis
attacks. The website fingerprinting exposes users during rout-
ing [34]. Whereas, the network traffic analysis focuses on
deducing information from a pattern in communication, such
as packet sizes, timing and frequency [35]. For tackling the
traffic analysis attack, machine learning and heuristic methods
have been presented in the literature [20], [36].
In this paper, we assume that all nodes in the proposed
GarliChain can be either honest, honest-but-curious or ma-
licious. Moreover, the proposed system is protected against
external attacks due to the underlying security properties of
the blockchain, such as anonymity, immutability, availability
and confidentiality. Also, the paper focuses on the vulnerability
of the system due to internal attacks. The security analysis of
the proposed GarliChain is shown in Fig. 1 and the dynamic
path selection analysis given in Section II-E. It is assumed that
if any node is compromised, the entire system is under the
control of an adversary. Therefore, the following assumptions
are considered: (1) if the reputation mechanism is compro-
mised, then it implies that an adversary may manipulate its
Rsto be a part of nodes in IH, (2) if nodes in SHand DH
are compromised by network traffic analysis, then the system
is not secure, (3) if the path set between nodes in SHand
DHis corrupt, then the system is not secure and (4) if the
path selection mechanism is compromised, such that the same
path is selected more than once by the same sn, then the
system is not secure. To address the problem of escrow in
the proposed system, the PKG that depends on a trusted third
party is integrated with the GarliChain. Here, all nodes trust
the results from PoA consensus protocol and path selection
mechanism.
Theorem III-.1: GarliChain is safe from both active and
passive attacks.
Proof III-.1: In this study, a one-time session key is used
to encrypt all IDs of nodes in IH. Thus, the attacker cannot
identify the exact IDs of nodes in SH,IHand DHsimply by
examining the plaintext. Therefore, GarliChain is safe from
passive attack. On the other hand, using the one-time session
key, a forward path message attack is discovered by sn. Even
if an attacker modifies the transmitted message, dndetects
it by verifying the signatures of nodes in SHand IHwho
hashed the message. Thus, GarliChain ensures the protection
of nodes against active attacks, such as message modification
and replay attacks.
Theorem III-.2: GarliChain ensures both anonymity and
privacy of the senders and receivers.
Proof III-.2: Suppose all nodes in IHcollude with each
other to reveal the message of sn, then snis known to them.
However, dnis unknown to them. On the other hand, if all
nodes in IHcollude with each other and dn, then the message
of snis known to them. However, snis unknown to them.
Besides, the size of the message each node receives from sn
is similar to the message relayed by nodes in IH. Thus, an
attacker cannot determine the message source based on the
size of the message.
Theorem III-.3: GarliChain identifies a malicious node by
the process of path selection.
Proof III-.3: The path selection ensures that the nodes,
which have lower Rsvalues are dropped from the list of nodes
in IH. Hence, the node that has a lower Rsvalue is identified
as a malicious node.
Theorem III-.4: To relay messages from snto dn, Gar-
liChain creates trustworthy path sets.
Proof III-.4: A path set is created based on the trust level
of nodes, i.e., Rs> Rt
strusted nodes. To this end, during the
message forwarding stage of sn, the first node in IHbroadcasts
cloves to all nodes in IHwhile each node in IHdecrypts and
forwards cloves to the next hop based on the clove information.
Thus, GarliChain provides a path set with trusted nodes.
Theorem III-.5: The proposed PoA consensus mechanism
prevents similarity attack.
Proof III-.5: Suppose that in the proposed system, there are
honest-but-curious nodes that exploit the vulnerability of the
proposed PoA mechanism to manipulate their Rs.Ag may
also collude with one another to falsify the link structures
or the page rank algorithm may provide two nodes with
the same Rsvalue. In such cases, the propose system will
not be safe from similarity attacks. However, the proposed
PoA consensus mechanism is said to be secured, if it is safe
from random honest-but-curious nodes or any sudden faults of
the mechanism. In the PoA consensus mechanism, historical
performance −→
θ(n)is integrated into the system in such a way
that no two nodes will have the same historical performance.
For each node, if −→
θ(n) = 1, then the page rank score is
the highest; otherwise, −→
θ(n)=0, which means that it is the
lowest [25].
Theorem III-.6: There is no centralization with the proposed
PoA consensus mechanism.
Proof III-.6: If t1is the independent polynomial time when
an Ag is selected based on its reputation score, then the
reputation score of Ag may change at subsequent polynomial
time t2. To this end, a new Ag will be selected at t2; therefore,
the probability that the first Ag emerges as the new Ag at t2
is very slim. Hence, the proposed PoA consensus mechanism
is not centralized.
Theorem III-.7: The proposed PoA consensus mechanism
does not create dead end as the number of network links grow
infinitely.
Proof III-.7: To prove Theorem III-.7, suppose that in the
proposed system, the network links grow in infinite link cycles
and there are chances that some nodes may not participate
in the page rank scoring processes deliberately, which likely
result in a dead end. To address this type of attack, θ(n)
of a node will be updated only when its participation is
confirmed by the miners. Once a node has been detected for
its lack of participation, then it will be penalized via reputation
degradation, denoted as R(n). If R(n−1) ≤θ(n−2), then the
node is penalized via token deduction. Besides, such a node
will no longer benefit from the proposed scheme.
IV. SIMULATION AND RESULTS
The proposed GarliChain is implemented using Python 3.7.
A user interface is also developed, as shown in Fig. 5. The
following are dependencies required to implement GarliChain.
A Charm library [37] is used to generate keys for the IBE,
Crypto library for encryption and hashing [38], Flask library
for web interface [39], and Fast Pagerank library [40] to
generate a reputation score for each node in the PoA consensus
mechanism. The examples, such as path selection probabil-
ity, degree of honesty and computational cost of blockchain
selected in this study are based on our proposed scenario.
The existing scheme [27] uses an entropy based anonymity
solution, which does not include the probability of path set
selected once or path set selected randomly. Therefore, the
entropy based anonymity solution cannot be used in our
scenario. The essence of selecting the examples shown in
the results and discussions is to illustrate the efficiency and
robustness of the proposed system. Besides, the objectives
of the proposed study are to achieve anonymity and privacy
of users in the network, so, path set selection and reputation
management are necessary for evaluating the performance of
the system. Moreover, the proposed system can accept a large
number of examples.
Fig. 5: GarliChain User Interface.
A. Evaluation of the Proposed Reputation Management Sys-
tem
In this study, the proposed trust evaluation method is com-
pared with the exiting trust method of [41]. In [41], the model
is based on fuzzy logic, which is used for detecting dishonest
node in the network. Besides, the fuzzy logic trust method is
based on fuzzy linguistic variables and fuzzy linguistic terms
and membership functions, which are difficult to formulate,
so the result may not be accurate. For the analysis, we set
α= 0.4,γ= 0.4,RV = 0.5and β= 0.2and the result
is given in Fig. 6. From the figure, it is obvious that the
proposed trust model achieves higher Rsas compared to the
fuzzy method of [41]. This means that the proposed method
is able to detect the dynamic behavior of the nodes in the
network. Also, as the number of nodes increases, Rsincreases
as well.
1 1.5 2 2.5 3 3.5 4 4.5 5
Number of Nodes
0.208
0.21
0.212
0.214
0.216
0.218
0.22
0.222
0.224
Rs
Proposed Scheme
Existing Scheme
Fig. 6: Reputation Score Versus Number of Nodes.
In this study, it is obvious that all nodes (including dishonest
nodes) are aware of the types of trust model used in the
network. Fig. 7 shows the degree of dishonest nodes at
different time slots. A dishonest node behaves well during the
first 2-9 time slots for the proposed scheme as compared to
the existing scheme. However, in the subsequent time slot,
it launches some attack by dropping requests with a high
probability of dishonesty. In this study, it is assumed that
a dishonest node is honest at some time slots and becomes
dishonest at other time slots with a higher probability of
dishonesty. Thus, the trust degree changes periodically as the
behavior of nodes changes as shown in Fig. 7. From the
0 5 10 15 20 25
Time (s)
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
Degree of Dishonest Node
Proposed Scheme
Existing Scheme
Fig. 7: Degree of Dishonest Node.
figure, if the trust degree of dishonest nodes approaches 1, it
means that the nodes discard clove by not forwarding clove to
the next node in the network. On the other hand, if the trust
degree of dishonest nodes approaches 0, it implies that the
nodes honestly forward clove to the next hop in the network.
Therefore, the proposed trust model is sensitive to the behavior
of nodes in the network. Also, the proposed trust model detects
dishonest behavior and instantly avert the attack via reputation
degradation. Furthermore, the results show that the proposed
trust method is 50.56% efficient as compared to 49.20% of the
fuzzy trust method for detecting dishonest behavior of nodes.
The percentage is calculated based on the maximum value of
Rsof each method.
B. Evaluation of the Path Selection Protocol
We consider the path selection analysis, given in Sec-
tion II-E to evaluate its performance. In this study, the re-
lationship between either destination or source of users and
anonymity is analyzed regarding how well an adversary can
infer if the destination or source of a user has been used.
An existing literature [27] uses entropy posterior probability
to determine what information the user intends to hide (i.e.,
either source or destination) without being affected by the
information an adversary already has. However, this approach
does not prevent information leakage as the adversary can
learn the behavior of the user. So, the user is expected to know
how secure the system is to decide whether to join the system
or not. Besides, the relationship between the anonymity of the
user and destination or source varies with the number of nodes
in the path trajectory. If the number of nodes in that path
trajectory increases, the anonymity of the user increases as
well. It means that the number of nodes in the path trajectory
has a direct impact on the anonymity of the user. For simplicity
of analysis, this study considers 5 nodes. The essence of using
5 nodes for the analysis is to demonstrate the efficiency and
robustness of the proposed system. Besides, this analysis is
not limited to the above mentioned number of nodes but can
accommodate a larger number of nodes. Using Eq. (1), the
results in Fig. 8 show that the probability of path selection
Φdecreases as the number of nodes increases. It implies that
as the number of nodes that connect the source to destination
increases, the probability of Φdiminishes. To this end, even
if an adversary knows the path trajectory k, it is difficult to
identify either the source or destination node. It means that the
adversary must guess a higher probability of path selection to
predict Φ.
1 1.5 2 2.5 3 3.5 4 4.5 5
Number of Nodes
0
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
0.45
Probability
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5
Trajectory
k
Fig. 8: Path Selection Model Versus the Number of Trajecto-
ries.
This study considers the path selection with bounded con-
gestion and then connects each node to a random path. To
this end, most of the nodes have limited congestion. Besides,
all paths that use an overloaded node are removed via the
random path selection approach. In the proposed GarliChain,
each node is active with a probability of maximum request
greater than P r1. However, an inactive node does not establish
a path even if it has a request in its queues. Besides, if a
node is active; however, its request queue is empty, it tries to
create a virtual path to a random node. So, the lifespan of the
virtual path is the same as the real path. Fig. 9 shows that
as the number of nodes that connect the source to destination
increases, the path selection probability decreases. It implies
that the system will remain stable even if P r1< kΦP r2.
Where P r1is the probability that defines the maximum
requests in the queue and P r2is the probability that the
current path set is not repeatedly used. From the results, we
set P r1= 0.7and P r2= 0.3, which means that even if P r1
is increased or decreased, the stability of the system is not
affected.
1 1.5 2 2.5 3 3.5 4 4.5 5
Number of Nodes
0
0.05
0.1
0.15
0.2
0.25
Path Selection Probability
k
Fig. 9: Path Selection Model versus the Number of Nodes.
In this study, we consider two scenarios: the path is chosen
only once and the path that is randomly chosen. Fig. 10 shows
the comparison of the randomly chosen path with the path
chosen only once. On the basis of Assumption II-E.2, it is
stated that the number of malicious nodes m= 2 and the
trusted nodes l= 3. The chosen path cp = 6, when the
number of nodes n= 5. It shows that the proposed system
accommodates a large number of m,land n. For the random
path selection, the probability of the path selection model
increases with the number of path sets. The converse is not
where the path is selected only once, it has a fixed probability.
The novelty of the proposed path selection model is that the
path to route messages from snto dnis not used twice by
the same forwarding node, i.e., sn, instead, a random path set
is selected from the list of probabilities in descending order.
mis determined based on its history of fraudulent activities.
Moreover, mmay be honest-but-curious. It means that at a
certain time it behaves honestly; whereas, in subsequent time
it behaves dishonestly.
123456
Number of Path Selections
0.55
0.6
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
Probability
Path Randomly Chosen
Path Chosen Once
Fig. 10: Randomly Chosen Path versus Path Chosen Only
Once.
C. Evaluation of GarliChain Performance Metrics
The security of GarliChain depends on the set of random
paths and the proposed method of anonymity. Fig. 11 depicts
the comparison of the clove sizes and their corresponding cost
of the system per second. The size of the clove per block is
256 MB and the cost of the system is 2784 s. Despite the
high number of forwarding nodes in IHthat have performed
cryptographic and hashing operations, the computational cost
is minimal. However, the number of block sizes increases with
the cost of the system.
400 600 800 1000 1200 1400 1600 1800 2000
Block Size (Megabytes)
0
1
2
3
4
5
6
Computational Cost (s)
104
1
2
3
4
5
6
7
Transaction per second
System Cost
Block Hash
Throughput
Fig. 11: Comparison of Cost of the System versus Transaction
per Second.
The block hash determines the size of the message being
committed to the blockchain. Moreover, the cost of the system
is calculated as the number of correct nonces divided by the
elapsed time. The nonce is used to determine the level of
difficulty that is required to mine a block. The throughput is the
number of committed transaction divided by the elapsed time
measured in transaction per second. Note that the transmitted
message is 256-bit and we consider this because the concate-
nation of two messages during the cryptographic process is
required. Here, GarliChain enables double encryption of the
message.
D. Comparison of GarliChain with Existing Schemes
We perform a qualitative analysis of the proposed Gar-
liChain with other existing schemes that are closely related to
our model. Using the performance metrics defined in Table II,
the performance of our proposed model is compared with
existing literature. Based on the comparison, it is obvious that
the proposed GarliChain is better than the existing schemes.
V. CONCLUSION
This paper proposes a system that ensures the anonymity
and privacy of prosumers in the smart grids, known as
GarliChain. It is a combination of garlic routing and con-
sortium blockchain. In the GarliChain system, an improved
IBE is proposed to encrypt the messages of prosumers and a
stochastic path selection mechanism is designed to route the
messages from the source node to the destination node. Also,
a reputation management system is proposed to improve the
credibility of nodes in the network using the average weighted
trust method. Simulation results validate the effectiveness of
the proposed system. From the results, the probability of the
path selection model decreases with the increase in the number
of nodes from source to destination. It implies that even if
a malicious node knows the path trajectory, it is difficult to
distinguish between source and destination nodes. Also, the
path selection probability of a randomly chosen path increases
with the number of path sets; whereas, the path selection
probability of a fixed path set remains the same. It means that
the randomly chosen path set with higher probability provides
a higher level of anonymity. Also, the proposed trust method
is compared with the existing fuzzy trust method. The results
of the trust evaluation show that the proposed trust method
is 50.56% efficient as compared to 49.20% of the existing
fuzzy method in terms of detecting dishonest nodes in the
network. Furthermore, the results show that the honest nodes
may become dishonest at certain time slots by refusing to
forward clove to the next hop in the network. Under different
sizes of the blocks, the computational cost of the forwarding
nodes is minimal. The security analysis shows that the system
is safe from passive and active attacks. Also, malicious nodes
are detected using the process of path selection model. In
terms of energy trading, trust platform, local accountability,
anonymity, penalty and consensus mechanisms, a comparative
study of the proposed system with the existing systems in the
literature is presented. It also reveals that the proposed system
is efficient for the prosumers in the smart grids.
The present architecture of blockchain does not support
transaction reversibility as there is a short time to mitigate
and address any attack. Also, the immutability of a blockchain
based transaction is a double edge sword that leads to an
increased effect of a defective and fraudulent transaction. Such
a transaction needs to be reversible to sustain a real life
scenario. In future, we hope to address the above mentioned
limitation.
TABLE II: Qualitative Analysis of the Proposed Scheme with the Existing Schemes.
Ref. Energy trading Trust platform Local
accountability
Anonymity Penalty
mechanism
Blockchain based Consensus proto-
col
[20] 777Onion routing 7 7 PoR
[21] 777Onion routing 7X7
[22] 777Improved onion
routing (AIB-
OR)
777
Ours XXXGarlic routing
(GarliChain)
X X PoA
X: Considered, 7: Not considered, PoA: Proof of authority, PoR: Proof of randomness.
REFERENCES
[1] Mollah MB, Zhao J, Niyato D, Lam KY, Zhang X, Ghias AM, Koh LH,
Yang L. Blockchain for future smart grid: A comprehensive survey. IEEE
Internet of Things Journal. 2020; 8(1):18-43. https://ieeexplore.ieee.org/
abstract/document/9090812
[2] Rathor SK, Saxena D. Energy management system for smart grid: An
overview and key issues. International Journal of Energy Research. 2020;
1(1):1–43. https://doi.org/10.1002/er.4883
[3] Khan A, Javaid N. Jaya Learning-Based Optimization for Optimal Siz-
ing of Stand-Alone Photovoltaic, Wind Turbine, and Battery Systems.
Engineering. 2020; 6(7):812-26. https://www.sciencedirect.com/science/
article/pii/S2095809918312761
[4] Knirsch F, Unterweger A, Engel D. Privacy-preserving blockchain-
based electric vehicle charging with dynamic tariff decisions. Com-
puter Science-Research and Development. 2018; 33(1):71-9. https://link.
springer.com/article/10.1007/s00450-017-0348- 5
[5] Shahid A, Almogren A, Javaid N, Al-Zahrani FA, Zuair M, Alam M.
Blockchain-based agri-food supply chain: A complete solution. IEEE
Access. 2020; 8:69230-43. https://ieeexplore.ieee.org/abstract/document/
9058674
[6] Gai K, Wu Y, Zhu L, Qiu M, Shen M. Privacy-preserving energy
trading using consortium blockchain in smart grid. IEEE Transactions
on Industrial Informatics. 2019; 15(6):3548-58. https://ieeexplore.ieee.
org/abstract/document/8613816
[7] Guan Z, Si G, Zhang X, Wu L, Guizani N, Du X, Ma Y. Privacy-
preserving and efficient aggregation based on blockchain for power grid
communications in smart communities. IEEE Communications Magazine.
2018; 56(7):82-8. https://ieeexplore.ieee.org/abstract/document/8419184
[8] Sun Yin HH, Langenheldt K, Harlev M, Mukkamala RR, Vatrapu R.
Regulating cryptocurrencies: a supervised machine learning approach to
de-anonymizing the bitcoin blockchain. Journal of Management Informa-
tion Systems. 2019; 36(1):37-73. https://doi.org/10.1080/07421222.2018.
1550550
[9] Hou J, Wang H, Liu P. Applying the blockchain technology to promote the
development of distributed photovoltaic in China. International Journal of
Energy Research. 2018; 42(6):2050-2069. https://doi.org/10.1002/er.3984
[10] Aitzhan NZ, Svetinovic D. Security and privacy in decentralized energy
trading through multi-signatures, blockchain and anonymous messaging
streams. IEEE Transactions on Dependable and Secure Computing. 2016;
15(5):840-52. https://ieeexplore.ieee.org/abstract/document/7589035
[11] Kang J, Yu R, Huang X, Maharjan S, Zhang Y, Hossain E. En-
abling localized peer-to-peer electricity trading among plug-in hybrid
electric vehicles using consortium blockchains. IEEE Transactions on
Industrial Informatics. 2017; 13(6):3154-64. https://ieeexplore.ieee.org/
abstract/document/7935397
[12] Wang S, Taha AF, Wang J, Kvaternik K, Hahn A. Energy crowdsourc-
ing and peer-to-peer energy trading in blockchain-enabled smart grids.
IEEE Transactions on Systems, Man, and Cybernetics: Systems. 2019;
49(8):1612-23. https://ieeexplore.ieee.org/abstract/document/8730528
[13] Hassan MU, Rehmani MH, Chen J. DEAL: Differentially private auc-
tion for blockchain-based microgrids energy trading. IEEE Transactions
on Services Computing. 2019; 13(2):263-75. https://ieeexplore.ieee.org/
abstract/document/8869938
[14] Khalid R, Javaid N, Almogren A, Javed MU, Javaid S, Zuair M. A
blockchain-based load balancing in decentralized hybrid P2P energy
trading market in smart grid. IEEE Access. 2020; 8:47047-62. https:
//ieeexplore.ieee.org/abstract/document/9026929
[15] Samuel O, Javaid N. A secure blockchain-based demurrage mechanism
for energy trading in smart communities. International Journal of Energy
Research. 2021; 45(1):297-315. https://onlinelibrary.wiley.com/doi/abs/
10.1002/er.5424
[16] Guan Z, Lu X, Wang N, Wu J, Du X, Guizani M. Towards secure and
efficient energy trading in IIoT-enabled energy internet: A blockchain
approach. Future Generation Computer Systems. 2020; 110:686-695.
https://doi.org/10.1016/j.future.2019.09.027
[17] Zhang Y, Wen J. The IoT electric business model: Using blockchain
technology for the internet of things. Peer-to-Peer Networking and Ap-
plications. 2017; 10(4):983-994. https://link.springer.com/article/10.1007/
s12083-016- 0456-1
[18] Yeow K, Gani A, Ahmad RW, Rodrigues JJ, Ko K. Decentralized
consensus for edge-centric internet of things: A review, taxonomy, and
research issues. IEEE Access. 2017; 6:1513-1524. https://doi.org/10.1109/
ACCESS.2017.2779263
[19] Sharma PK, Park JH. Blockchain based hybrid network architecture for
the smart city. Future Generation Computer Systems. 2018; 86:650-655.
https://doi.org/10.1016/j.future.2018.04.060
[20] Raza A, Han K, Hwang SO. A Framework for Privacy Preserving, Dis-
tributed Search Engine Using Topology of DLT and Onion Routing. IEEE
Access. 2020; 8:43001-12. https://ieeexplore.ieee.org/abstract/document/
9022972
[21] Haghighi MS, Aziminejad Z. Highly anonymous mobility-tolerant
location-based onion routing for VANETs. IEEE Internet of Things Jour-
nal. 2019; 7(4):2582-90. https://ieeexplore.ieee.org/abstract/document/
8876611
[22] Wang C, Shi D, Xu X. AIB-OR: Improving Onion Routing Circuit
Construction Using Anonymous Identity-Based Cryptosystems. Plos one.
2015; 10(3): 1-15. https://doi.org/10.1371/journal.pone.0121226
[23] Ye L, Yu X, Zhao J, Zhan D, Du X, Guizani M. Deciding your own
anonymity: user-oriented node selection in I2P. IEEE Access. 2018 Nov
16;6:71350-9. https://ieeexplore.ieee.org/abstract/document/8537903
[24] Putz B, Menges F, Pernul G. A secure and auditable logging infrastruc-
ture based on a permissioned blockchain. Computers & Security. 2019;
87:101602. https://doi.org/10.1016/j.cose.2019.101602
[25] Samuel O, Javaid N, Awais M, Ahmed Z, Imran M, Guizani M. A
blockchain model for fair data sharing in deregulated smart grids. In
IEEE Global Communications Conference (GLOBCOM 2019) 2019 Dec
9, Waikoloa, HI, USA, 1-7. https://ieeexplore.ieee.org/abstract/document/
9013372
[26] Shirazi F, Simeonovski M, Asghar MR, Backes M, Diaz C. A survey
on routing in anonymous communication protocols. ACM Computing
Surveys (CSUR). 2018; 51(3):1-39. https://doi.org/10.1145/3182658
[27] Feigenbaum J, Johnson A, Syverson P. Probabilistic analysis of onion
routing in a black-box model. ACM Transactions on Information and
System Security (TISSEC). 2012; 15(3):1-28. https://doi.org/10.1145/
2382448.2382452
[28] Bellini E, Iraqi Y, Damiani E. Blockchain-based distributed trust and
reputation management systems: A survey. IEEE Access. 2020; 8:21127-
51. https://doi.org/10.1109/ACCESS.2020.2969820
[29] Debe M, Salah K, Rehman MH, Svetinovic D. IoT public fog nodes
reputation system: A decentralized solution using Ethereum blockchain.
IEEE Access. 2019; 7:178082-93. https://doi.org/10.1109/ACCESS.2019.
2958355
[30] Zhang M, Li Y, Li X, Chen L, Zhang Y, Zhang L, Khurshid S.
An empirical study of boosting spectrum-based fault localization via
pagerank. IEEE Transactions on Software Engineering. 2019; 1-23.
https://doi.org/10.1109/TSE.2019.2911283
[31] Liu Q, Zou X. Research on trust mechanism of coopera-
tion innovation with big data processing based on blockchain.
EURASIP Journal on Wireless Communications and Networking. 2019;
2019(1):1-11. https://jwcn-eurasipjournals.springeropen.com/articles/10.
1186/s13638-019- 1340-5
[32] Sadhu V, Zonouz S, Sritapan V, Pompili D. CollabLoc: Privacy-
preserving multi-modal collaborative mobile phone localization. IEEE
Transactions on Mobile Computing. 2019; 20(1):104-16. https://
ieeexplore.ieee.org/abstract/document/8815848
[33] Dingledine R, Mathewson N, Syverson P. Deploying low-latency
anonymity: Design challenges and social factors. IEEE Security &
Privacy. 2007; 5(5):83-7. https://ieeexplore.ieee.org/abstract/document/
4336287
[34] Al-Naami K, El Ghamry A, Islam MS, Khan L, Thuraisingham BM,
Hamlen KW, Alrahmawy M, Rashad M. BiMorphing: A bi-directional
bursting defense against website fingerprinting attacks. IEEE Transactions
on Dependable and Secure Computing. 2019 1-15. https://ieeexplore.ieee.
org/abstract/document/8673645
[35] Shi Y, Ross A, Biswas S. Source identification of encrypted video traffic
in the presence of heterogeneous network traffic. Computer Communica-
tions. 2018; 129:101-10. https://doi.org/10.1016/j.comcom.2018.07.019
[36] Machlica L, Vejman M, inventors; Cisco Technology Inc, assignee. Fil-
tering onion routing traffic from malicious domain generation algorithm
(DGA)-based traffic classification. United States patent US 10,375,096.
2019: 1-25. https://patents.justia.com/patent/10375096
[37] Akinyele JA, Garman C, Miers I, Pagano MW, Rushanan M, Green M,
Rubin AD. Charm: a framework for rapidly prototyping cryptosystems.
Journal of Cryptographic Engineering. 2013; 3(2):111-28. https://link.
springer.com/article/10.1007\%252Fs13389-013-0057- 3
[38] Crypto:[Online] Available on: http://chrissimpkins.github.io/crypto/, Ac-
cessed on September 21, 2020.
[39] Flask: [Online], Available on:https://pypi.org/project/Flask/, Accessed
on September 21, 2020.
[40] Fast Page Rank: [Online], Available on:https://pypi.org/project/
fast-pagerank/, Accessed on September 21, 2020.
[41] Alnasser A, Sun H. A fuzzy logic trust model for secure routing in smart
grid networks. IEEE Access. 2017; 5:17896-903. https://link.springer.
com/article/10.1007\%252Fs13389-013- 0057-3
