Sharing Economy in Future Electricity Markets:Security and Privacy Analysis

Mehdi Montakhabi∗, Akash Madhusudan†, Shenja van der Graaf∗, Aysajan Abidin† and Mustafa A. Mustafa‡†∗imec-SMIT, Vrije Universiteit Brussel, Pleinlaan 9, Brussels, 1050, Belgium

†imec-COSIC, KU Leuven, Kasteelpark Arenberg 10 - bus 2452, 3001 Heverlee, Belgium‡Department of Computer Science, The University of Manchester, Manchester, M13 9PL, UK

Email: mehdi.montakhabi@vub.be, akash.madhusudan@esat.kuleuven.be

Abstract—This paper performs an in-depth security andprivacy analysis of emergent (peer-to-peer) electricity tradingmarkets where individual users (via their smart meters) cantrade electricity with other users and market players in a (semi-)decentralised manner. Firstly, a high-level overview of futureelectricity markets is presented, and a comprehensive explanationis offered concerning the evolution of the current (and future)actors regarding their roles. Secondly, business model matrixanalysis is deployed to develop and discuss in detail four scenariosbased on customers’ information ownership and citizens’ levelof involvement. Lastly, an analysis of security and privacythreats is performed which leads to a specification of necessaryrequirements to mitigate such threats. This paper provides andserves as a benchmark for risk assessment and future design ofsecure peer-to-peer electricity trading markets.

I. INTRODUCTION

Sharing Economy (SE) is a new paradigm shift that movesaway from the traditional business models where there is aclear distinction between service providers (e.g., public/privatecompanies, SMEs, etc.) and consumers. It allows individualusers to be service providers themselves, i.e., it allows users torent/share/trade their own products, assets and services to otherindividuals on a peer-to-peer (p2p) basis (with a third party act-ing as a facilitator) [1]. Examples of such facilitators are Uberand Airbnb – multi-billion-worth companies whose businessmodel is connect (and match) individuals who demand/supplyrides and temporary accommodation, respectively.

The success of SE-based companies is largely contributedto the advancements in ICT such as Internet of Things (IoTs)which allow remote and decentralised sensing and monitoringof various types of assets and commodity. Example of such IoTdevices are Smart Meters (SMs) – advanced metering devicesequipped with capabilities of fine-grained electricity meteringand two-way data communication. Availability of such fine-grained metering data makes possible the introduction of newelectricity markets – local or p2p trading markets that allow in-dividual users trade electricity with each other without (or withminimum) intervention of third party service providers [2].

Although, p2p electricity markets are envisioned to be anintegral part of future electricity trades, there is still no clearvision of how such markets will operate, what future scenarios

will emerge, and what the (new) roles of existing (and new)market players will be. Existing work are mostly focused onfinding applications for specific technologies in consider thefuture electricity market [3] and build scenarios on the basis ofcurrent trends, rather than established business model analysis.

In addition, such p2p electricity trading markets will requireexchange of vast amounts of user data such as transaction data(e.g., traded amount of electricity per trading period, pricing,trading parties, etc.). Such data is highly privacy sensitive as itcould reveal users’ daily activities [4]. Existing work alreadyhighlighted the privacy risks in local electricity markets [5](and SE systems in general [6]), however, the analysis hasonly focused on a generic, rather high-level, market withouttaking into account any emerging new roles in such markets.

The novel contributions of this paper are two-fold. First, itdefines four p2p electricity trading scenarios using businessmodel matrix analysis to identify two sources of uncertaintyin future electricity markets: levels of citizens involvementand type of customer ownership. Second, it performs a se-curity and privacy analysis of these scenarios, highlightingthe privacy risks, specifying security and privacy requirementsas well as suggesting potential mechanisms to achieve theserequirements.

The paper is organised as follows. Section II providesbackground and related work on electricity markets. Section IIIgives details on the methodology used to build scenarios forfuture p2p electricity trading. Section IV explains our proposedfour scenarios. Section V describes the threat model used andperforms security and privacy analysis of the proposed sce-narios. Section VI specifies security and privacy requirementsfor each of the scenarios. Section VII concludes the paper.

II. BACKGROUND AND RELATED WORK

Electricity trading is carried out in three markets, namely:wholesale, balancing and retail market [7]. Wholesale marketsinvolve bulk electricity trading between suppliers (i.e. utilitycompanies) and generators of electricity. The balancing marketconcerns (near) real-time electricity trading to ensure properfunctioning of the grid. Retail market involves electricity tradebetween consumers and suppliers, including any electricitygenerated by consumers (from their renewable sources) andinjected to the grid. Depending on the country, there is eithervery low incentive for injecting electricity back to the grid

(UK) or no incentive whatsoever (Belgium) – another motiva-tion for future p2p trading markets. A revamped trading marketfor enabling p2p electricity trade would promote renewables,which indirectly would also promote green energy usage.

There is already existing work on local electricity trading.A market enabling buyers to find sellers with optimal sup-ply and competitive prices was proposed by Yaagoubi andMouftah [8]. The best seller is determined using a modifiedregret matching procedure. A market pricing electricity flowto mitigate congestion was proposed by Vytelingum et al. [9].Lee et al. [10] proposed a distributed market with sellers andbuyers placing independent offers/bids. Ampatzis et al. [11]focused on a market for coordinating renewables. Their studyshows that uniform pricing derived from all supply/demandbids increases revenues for users. A common approach takenby all aforementioned studies is to enable users to trade theirexcess electricity and show incentives that arise from facilitat-ing such a trade. Mustafa et al. [5] enlisted the main functional,security and privacy requirements of a local electricity marketwhere both users and suppliers are allowed to participate in themarket. We invite the interested reader to read them in detail.Although our work bases its analysis on these requirements, itconsiders a future local electricity market with a wide varietyof trading scenarios where new actors are introduced and thepresent actors have an evolved role.

III. METHODOLOGY

A. Scenario Building

Despite different understandings of the meaning of scenar-ios, scenario building has been a dominant method to explorethe future in advance. It has been extensively utilised in publicand private sector in the last 50 years [12], originally used inmilitary, then global-environmental and recently in financial,industrial, and market-related applications. Forecasting on thebasis of probability is the prevalant technique utilised in publicand private sector. While the traditional approach was mostlyfocused on finding the most probable happening in the future,scenario building explores the sources of uncertainty and theprobable answers which can form the future [13]. While mostof the knows are related to the past happenings, all the deci-sions are related to the future. It makes the studies about futuremore based on conjectures rather than facts [14]. Scenariobuilding is a technique for studying possible futures to enhancepresent decisions. By clarifying alternative futures, it enablesdecision makers to have an overview of all possibilities in thefuture, so they can attribute consequences to current decisions.

The scenario analysis is aimed to answer the following ques-tions. What would the electricity market look like in the futurein the case of p2p electricity trading? How the existing roleschange, disrupt, or disappear? Which new roles and actorsemerge in the electricity market? and What opportunities forsharing economy exist in the future electricity market?

B. Key Decision Factors for Scenario Building

To identify the most important uncertainties about valuecreation and control issues in the future electricity market,

business model matrix is used. First of all, twelve elements ofthe business model matrix are critically analysed to determinetheir relevance to our purpose of scenario planning and torecognise the most uncertain elements in the future electricitymarket. In order to make the number of scenarios manageable,two main uncertainties are selected: customer ownership anduser involvement. Scenario framework is constructed based onthe extreme possibilities for these key uncertainties (describedbelow). Figure 1 represents the elements of the business modelmatrix. Ten to fifteen years’ time horizon is selected, i.e.,scenarios are developed for the year 2035.

User Involvement

Cus

tom

erO

wne

rshi

p

Active CitizenPassive Citizen

DirectCustomer Ownership

IntermediatedCustomer Ownership

S1S2

S3 S4

Fig. 1. Future scenarios based on two key uncertainties: customer ownershipand user involvement.

1) Customer Ownership: Generally, it refers to which mar-ket player is in direct contact with customers. For the purposeof this study, customer ownership refers to the access tothe citizens’ information, especially their electricity produc-tion/consumption. When discussing about a future market, itis an important question to answer which actor is in directrelation with customers. It is expected that every player tendsto occupy the nearest position to customers in a new market.The winner to take the customer ownership is the actor thatcan guarantee the value proposition in the service [15].

It is an important trade-off in business modeling to char-acterise customer ownership as direct or intermediate. Directcustomer ownership is a situation where producers are in directcontact with consumers, whereas in intermediated customerownership an intermediary is located between the producersand consumers [16], [17]. The customer ownership in thecurrent electricity markets is indirect. Suppliers are in directcontact with consumers, positioning themselves between theproducers and consumers. Due to scale considerations, it is notcost-effective for consumers and generators to trade electricitydirectly with each other. However, an increased number ofprosumers (consumers who can also generate electricity) who(i) are not constrained to have large scale production capacityand (ii) have the possibility to use storage devices (bothnot possible for large scale power plants) makes technicallypossible such prosumers to trade their electricity with theirfellows in a p2p trading structure.

2

Privacy threats stemmed from the high value of customers’information in this specific market makes predicting the cus-tomer ownership situation in the future electricity marketuncertain. Customer ownership is a serious dilemma in thefuture electricity markets. The following two main questionsare worth considering regarding privacy threats of a director indirect customer ownership. In a direct/indirect customerownership how privacy threats could be overcome? In an indi-rect/direct customer ownership structure, who is a trustworthyplayer to undertake the customer ownership?

2) Customer involvement: It is a defining factor in the suc-cess of business models for value creation through a networkof actors with information ingredient involved. Web services,SMS, and p2p file sharing are well known cases in whicha considerable share of value is created by the involvementof customers. Activeness or passiveness of citizens in valueassignment to new services has a crucial role in service inno-vation and the success of the service [16], [18], [19]. Activecitizens can play other roles rather than just consumers in valuenetworks. They can be a source for new products and servicesthrough their level of involvement [20]. The main trade-offin business modeling to characterize customer involvement ashigh or low. It is high when customers are actively involvedand it is low when customers behave passively in creatingvalue through their involvement in the value creation [16].

Citizens’ willingness to play an active role in tradingelectricity or to behave passively is a defining factor fromthe business model perspective. Whether consumers activelyparticipate in trading or they prefer to behave passively abouttheir electricity production and consumption is an influencingfactor which reflects itself directly on the technical aspects.

IV. FUTURE ELECTRICITY MARKET SCENARIOS

This section devises four scenarios for future p2p electricitytrading markets based on different levels of user involvementand customer ownership, as discussed in the previous section.First, we describe the key actors and emerging new roles infuture electricity markets, followed by scenarios description.

A. Key Actors and Emerging Roles

• Prosumers: The role of a prosumer is a concoction of alocal electricity producer and consumer. Prosumers haveaccess to renewables (e.g., solar panels) that produce elec-tricity for them on a local level. They can buy electricityfrom other prosumers in a p2p electricity trading marketor from suppliers in the retail market.

• Broker: This is an intermediate actor that facilitates (i.e.,supports prosumers to perform) trading in the p2p elec-tricity market. It has access to information of all citizensparticipating in the trading market and their transactions.It may share this information with the distribution andtransmission grid operators, contributing towards balanc-ing the grid. It is also worth mentioning that the role ofa broker can be played by the grid operators.

• Representatives: They manage their clients’ assets (i.e.,battery, solar panels, flexibility) and information as well

as represent them in electricity markets (including the p2pmarket). In other words, they transform passive citizenrole to an active one. The role of a representative couldbe played by an aggregator or supplier.

B. Scenarios and Involved Actors

Based on customer involvement and customer ownership,we can distinguish four different scenarios for future electricitytrading markets, as illustrated in Fig. 1. The four scenarios are:

(S1) Direct peers: Active citizens and direct customer owner-ship, involving only prosumers.

(S2) Direct customers: Passive citizens with direct customerownership, involving prosumers and representatives.

(S3) Indirect customers: Passive citizens with intermediatedcustomer ownership, involving prosumers, representa-tives, and a broker.

(S4) Indirect peers: Active citizens with intermediated cus-tomer ownership, involving prosumers and a broker.

1) (S1) Direct peers: Active citizens and direct customerownership: An illustration of Scenario 1 is given in Fig. 2. Inthis scenario citizens are actively participating in the electricitytrading. Active prosumers get involved in the market to sellor purchase their electricity. They directly contact and tradeelectricity with each other, so they would have direct accessto their fellows’ information. Citizens have direct commercialrelationships with each other.

ProsumerSM

ProsumerSM

ProsumerSM

ProsumerSM

Smart MeterSM

Fig. 2. Scenario 1: Prosumers participate directly in p2p electricity trading.

2) (S2) Direct customers: Passive citizens with direct cus-tomer ownership: In this scenario citizens are not activelyinvolved in trading electricity with each other despite theyhave the possibility to do so. Instead, their representativestrade on the p2p electricity market on their behalf. If theyare willing, they can directly trade electricity with each other,so they would have direct access to their fellows’ information.Citizens have direct commercial relationships with each other.This scenario is depicted in Fig. 3.

3) (S3) Indirect customers: Passive citizens with interme-diated customer ownership: In this scenario, citizens involve-ment in trading electricity is low. They cannot trade electricitydirectly with each other. Instead, the trade is facilitated byan intermediary party (i.e., broker) who access the involved

3

ProsumerSM

R

R

R

ProsumerSM

ProsumerSM

ProsumerSM

ProsumerSM

ProsumerSM

RepresentativeSmart Meter

RSM

Fig. 3. Scenario 2: Representatives for passive prosumers participate in p2pelectricity trading on behalf of the prosumers.

parties’ information in trading their distributed produced elec-tricity by prosumers. It is the intermediary party who is incontact with the representatives of prosumers who act on theirbehalf. Figure 4 illustrates this scenario.

ProsumerSM

Broker

ProsumerSM

ProsumerSM

ProsumerSM

R R

RepresentativeSmart Meter

RSM

Broker

Fig. 4. Scenario 3: Representatives for passive prosumers trade electricity forthem via a broker.

4) (S4) Indirect peers: Active citizens with intermediatedcustomer ownership: In this scenario citizens are activelyinvolved in trading distributed produced electricity via an inter-mediary. There is an intermediary party involved who accessthe involved parties’ information in trading their distributedproduced electricity by prosumers. It is the intermediary partywho is in contact with consumers and prosumers.

ProsumerSM

Broker

ProsumerSM

ProsumerSM

ProsumerSM

Smart MeterSM

Fig. 5. Scenario 4: Prosumers trade electricity with each other via a broker.

V. THREAT ANALYSIS

We describe our threat model, and then present an analysisof potential security and privacy threats in the four scenarios.

A. Threat ModelExternal entities are malicious (or dishonest, or active): they

may eavesdrop on the communication between the internalentities, and may attempt to modify the data in transit to learnconfidential information about the communicating parties orto disrupt the market. Prosumers are dishonest. They mayattempt to tamper with their metering data to gain financialadvantage. They may also cheat by impersonating each otherto gain market advantage, e.g., by means of influencing theircompetitors’ bids. Representatives and the broker are semi-honest. They follow the prescribed (protocol) rules, but mayattempt to learn more than what is allowed (by the protocoltranscripts). In our case, the transcript would be the informa-tion that the representatives and the broker need to have aboutprosumers for the electricity trading to take place.

B. Security and Privacy Threat AnalysisIn [5], Mustafa et al. considered the following security and

privacy threats to a local electricity trading market.• Impersonation: A malicious prosumer may impersonate

another prosumer to gain (financial) advantage.• Data Manipulation: A malicious prosumer may intercept

and modify the data sent by another prosumer to eithercause reputational damage or win a trade.

• Eavesdropping: A malicious market participant or exter-nal entity may eavesdrop on the communication betweenthe market players to learn sensitive information.

• Disputes: Prosumers may dispute over the agreed uponprice or the volume of electricity consumed or traded.

• Denial-of-Service (DoS): An external entity (be it acompetitor or a malicious supplier) may launch a DoSattack (e.g., by targeting smart meters) to disrupt thenormal market operations.

• Privacy Breaches: The information exchanged among thetrading prosumers can be privacy sensitive, as it maycontain the identity, address, the volume of electricitysold or bought, etc. The amount of electricity sold orbought can over time reveal some unique patterns aboutprosumers or be correlated with their actual consumptionpatterns, privacy of which should be protected.

We refer the interested reader to [5] for details on thesethreats. Unlike the analysis performed by Mustafa et al. [5],our work does not consider information to be holisticallyavailable in the local market, but rather only to the participantsof a particular trade operation. For instance, we assumethat when a prosumer sells electricity to a consumer, theinformation is only exchanged between these two actors (ortheir representatives) and no external party should be able toaccess to it. Nevertheless, all four scenarios are vulnerableto these threats, as they are quite general. Here we analysewhether any of the four market scenarios is vulnerable toadditional threats. A common threat that persists in eachscenario is collusion between dishonest prosumers, as it mightlead to privacy implications such as learning information abouttargeted households (prosumers), and financial gain althoughthere might be little incentive.

4

1) S1: In S1, prosumers trade electricity with each other ina completely p2p fashion. So each prosumer has informationabout other prosumers with whom it has previously traded.Since the trading market in S1 utilises a p2p network, thereare additional security threats, such as blocking or throttlingof the network traffic by a malicious external entity. Althoughblocking of the network traffic can be regarded as a DoS attackon the entire p2p network, we differentiate it from a DoS attacka malicious prosumer mounts on its competitors’ smart meters.

2) S2: In S2, prosumers are passive and represented bythird party representatives, who trade electricity in a p2pfashion on behalf of the prosumers. Prosumers share theirinformation with their representatives for them to be able tobuy or sell electricity for the prosumers. Representatives aresemi-honest, so they may use the information about prosumersand their buying or selling history to deduce even more,potentially sensitive, information about them. Representativesmay also attempt to target each other to be able to attract moreprosumers to represent. In this scenario, the representativescan be a target of a malicious external attacker as they haveinformation about more than one prosumer.

3) S3: In S3, representatives of the passive prosumerstrade electricity for them via a broker. Since the broker hasinformation about all prosumers participating in the tradingmarket through their representatives, the broker can be a singlepoint of failure. Hackers may target the broker to steal allprosumers’ information. Needless to say that representativescan also be an attack target for gaining more information aboutthe prosumers that they represent. Just as the representatives,the broker can use the information it has about the prosumersto glean more information about them than what is allowed.

4) S4: In this last scenario, prosumers are active, but theytrade electricity with each other via a broker. Therefore, in thiscase the broker is the single point of failure.

VI. SECURITY AND PRIVACY REQUIREMENTS

Based on the threat analysis done in Section V, here wedefine the basic security and privacy requirements for eachscenario. An assumption for each scenario is that the datagenerated by smart meters is immutable and their hardware istamper-proof. Each scenario also requires collusion resistanttechniques to mitigate threats from colluding prosumers.

A. Requirements for all scenarios

Secure authentication is a requirement for each scenario asthe parties involved in the trading market can be sure about theidentities of their counterparts, hence mitigating impersonationattacks. The threat of data manipulation in these scenarioscan be mitigated by using message authentication code ordigital signature to provide data integrity. Confidentiality isrequired to protect against eavesdropping attacks. This couldbe achieved with secure communication channels utilising astrong encryption scheme. In terms of privacy requirements,anonymity and unlinkability can be provided by requiring theuse of one-time pseudonyms (as in [21]) as well as anonymoussignatures enabled by using ring signature schemes.

B. Requirements for Scenario 1

This scenario symbolises the true p2p nature of localelectricity trading, and hence, is vulnerable to various networklevel attacks such as Sybil and DoS attacks. Although secureauthentication mitigates the possibility of Sybil attacks to someextent, DoS attacks pose a real threat, both from a maliciousexternal attacker, and a dishonest prosumer. A basic counter-measure against DoS attacks is a strong firewall, but complexDoS attacks require secure congestion policing feedback asexplained in [22]. Being a pure p2p scenario, disputes pose areal threat to the availability of such a trading market. Hence, adecentralized consensus protocol, such as proof-of-work whichis used in Bitcoin, is a way of ensuring consensus amongstthousands of anonymous, unknown-to-each-other participantsto the final state of a network. Such a consensus mechanismis required for dispute resolution as seen in various otherapplications involving p2p trading or sharing [23], [24], [25].

C. Requirements for Scenario 2

In this scenario, the responsibilities of representatives makethem an easy target for attackers. As explained in Section V,the representatives act as a single point of failure in termsof the information they store about prosumers they represent.Hence, each representative needs to have secure local storage.A better alternative to storing data centrally is securely storingdata over distributed devices, enabled by technologies suchas IPFS [26]. From the perspective of a semi-honest repre-sentative inferring information from data of prosumers, eachprosumer could be required to split their total demand/supplyover multiple representatives. Another approach could be torequest all prosumers aggregate their total demand and supply,and act as a single group (as in [27], [28], [29]). This approachwould increase the anonymity set and make inference attacksharder. Such groups would require a group signature schemein order to ensure non-repudiation of messages as a collectiveentity. In terms of dispute resolution, to avoid the need oftrust between the prosumers and representatives, a distributedprivacy preserving ledger, such as ZCash [30], is requiredwhich provides anonymity and confidentiality while ensuringintegrity for dispute resolution.

D. Requirements for Scenario 3

The addition of a broker in this scenario, who has access toall trading information in the market poses a real threat to thesecurity and availability in this scenario. Hence, just like in theprevious scenario, a secure and distributed form of storage isrequired. IPFS [26] and other protocols which behave similarlycan solve the issue of the broker being a single point of failurefor information leak. DoS attacks pose another serious threatin this market, although techniques such as secure congestionpolicing feedback [22] offer a promising solution to suchthreats. In addition, the broker should not be able to inferany confidential prosumer information from their bids/offers.As in the previous scenario, prosumers could aggregate theirsupply/demand bids and provide only the aggregate bids totheir representatives. As there is no direct link between the

5

users and the broker, and if the representatives submit onlyaggregate bids to the the broker, the broker should not be ableto infer any user information.

E. Requirements for Scenario 4

In addition to requiring a secure distributed storage, thisscenario enables direct trade between prosumers with thebroker acting as an intermediary. Hence, in this scenario, thebroker is capable of doing inference attacks on the prosumersby analysing their bids/offers. In order to tackle this issue,the broker should use secure computation techniques suchas homomorphic encryption and multiparty computation (asin [31], [32]) to be able to perform various operations (e.g.,bid-to-offer matching) in a privacy-preserving way.

Another way to prevent the broker from analysing theprosumers’ bids/offers to breach their privacy is to use zero-knowledge proofs (ZKPs). In this case, the prosumers wouldencrypt their bids/offers and use ZKP to prove that thebids/offers are encrypted correctly. Indeed, ZKP has been usedtogether with distributed homomorphic encryption in privacy-preserving protocols for multi-agent auctions [33].

VII. CONCLUSION

In this paper we first applied business model matrix toidentify the most important uncertainties in future peer-to-peerelectricity markets, and defined four different future electricitymarket scenarios based on the level of user involvement andcustomer ownership. We then performed security and privacythreat analysis on each of the defined scenarios. Furthermore,we specified a set of security and privacy requirements foreach scenario. In future, we will use the specified requirementsas a guideline to design privacy-preserving protocols for thedefined scenarios.

ACKNOWLEDGMENT

This work was supported in part by the Research CouncilKU Leuven: C16/15/058 and by the Flemish Governmentthrough FWO SBO project SNIPPET S007619. Mustafa A.Mustafa is funded by the Dame Kathleen Ollerenshaw Fel-lowship awarded by The University of Manchester.

REFERENCES

[1] T. Puschmann and R. Alt, “Sharing economy,” Business & InformationSystems Engineering, vol. 58, no. 1, pp. 93–99, Feb 2016.

[2] T. Morstyn, N. Farrell, S. J. Darby, and M. D. McCulloch, “Usingpeer-to-peer energy-trading platforms to incentivize prosumers to formfederated power plants,” Nature Energy, vol. 3, no. 2, pp. 94–101, 2018.

[3] A. Voets, “Blockchain technology in the energy ecosystem: An ex-plorative study on the disruptive power of blockchain technology inthe Dutch energy ecosystem,” Master’s thesis, Delft University ofTechnology, the Netherlands, 2017.

[4] G. Kalogridis, M. Sooriyabandara, Z. Fan, and M. A. Mustafa, “Towardunified security and privacy protection for smart meter networks,” IEEESystems Journal, vol. 8, no. 2, pp. 641–654, June 2014.

[5] M. A. Mustafa, S. Cleemput, and A. Abidin, “A local electricity tradingmarket: Security analysis,” in 2016 IEEE PES Innovative Smart GridTechnologies Conference Europe (ISGT-Europe). IEEE, 2016, pp. 1–6.

[6] I. Symeonidis, J. Schroers, M. A. Mustafa, and G. Biczok, “Towardssystematic specification of non-functional requirements for sharing econ-omy systems,” in 2019 15th International Conference on DistributedComputing in Sensor Systems (DCOSS), May 2019, pp. 423–429.

[7] Elexon, “The electricity trading arrangements: A beginners guide,”http://bit.ly/1MBHc5s, technical Report, November 2015. [Online], ac-cessed Dec. 20, 2019.

[8] N. Yaagoubi and H. T. Mouftah, “A distributed game theoretic approachto energy trading in the smart grid,” 2015 IEEE Electrical Power andEnergy Conference (EPEC), pp. 203–208, 2015.

[9] P. Vytelingum, S. D. Ramchurn, T. D. Voice, A. Rogers, and N. R.Jennings, “Trading agents for the smart electricity grid,” in 9th Int. Conf.on Autonomous Agents and Multiagent Systems, 2010, pp. 897–904.

[10] D. J. Lee, J. Guo, J. Choi, and M. Zukerman, “Distributed energy tradingin microgrids: A game theoretic model and its equilibrium analysis,”IEEE Transactions on Industrial Electronics, vol. 62, pp. 1–1, 06 2015.

[11] M. Ampatzis, P. Nguyen, and W. Kling, “Local electricity market designfor the coordination of distributed energy resources at district level,” inIEEE PES Innovative Smart Grid Technologies Conf. Europe, 2015.

[12] J. Ratcliffe, “Scenario building: a suitable method for strategic propertyplanning?” Property management, vol. 18, no. 2, pp. 127–144, 2000.

[13] P. Drucker, Managing in a time of great change. Routledge, 2012.[14] B. De Jouvenel, The art of conjecture. Routledge, 2017.[15] A. Lee, “Business system architecture process (BSAP): the reference

meta model,” in WWI Workshop, Int. Conf. of Mobile Business, 2006.[16] P. Ballon, “Business modelling revisited: the configuration of control

and value,” info, vol. 9, no. 5, pp. 6–19, 2007.[17] N. Walravens, “Qualitative indicators for smart city business models:

The case of mobile services and applications,” TelecommunicationsPolicy, vol. 39, no. 3-4, pp. 218–240, 2015.

[18] R. Silverstone and L. Haddon, “Design and the domestication ofinformation and communication technologies: Technical change andeveryday life,” Communication by Design: The Politics of Informationand Communication Technologies, pp. 44–74, 1996.

[19] E. Von Hippel, “The sources of innovation,” in Das Summa Summarumdes Management. Springer, 2007, pp. 111–120.

[20] E. von Hippel, “Democratizing innovation: Users take center stage,”2005.

[21] M. A. Mustafa, N. Zhang, G. Kalogridis, and Z. Fan, “Roaming electricvehicle charging and billing: An anonymous multi-user protocol,” inIEEE Int. Conf. on Smart Grid Communications, 2014, pp. 939–945.

[22] X. Liu, X. Yang, and Y. Xia, “Netfence: Preventing internet denial ofservice from inside out,” SIGCOMM Comput. Commun. Rev., vol. 40,no. 4, pp. 255–266, Aug. 2010.

[23] A. Madhusudan, I. Symeonidis, M. A. Mustafa, R. Zhang, and B. Pre-neel, “Sc2share: Smart contract for secure car sharing,” in Int. Conf. onInformation Systems Security and Privacy (ICISSP), 2019.

[24] C. Brunner, F. Knirsch, and D. Engel, “Sproof: A platform for issuingand verifying documents in a public blockchain,” in Int. Conf. onInformation Systems Security and Privacy (ICISSP), 2019, pp. 15–25.

[25] M. Green and I. Miers, “Bolt: Anonymous payment channels fordecentralized currencies,” in ACM SIGSAC Conference on Computerand Communications Security, ser. CCS’17. ACM, 2017, pp. 473–489.

[26] J. Benet, “IPFS - content addressed, versioned, P2P file system,” CoRR,vol. abs/1407.3561, 2014.

[27] M. A. Mustafa, N. Zhang, G. Kalogridis, and Z. Fan, “DEP2SA:a decentralized efficient privacy-preserving and selective aggregationscheme in advanced metering infrastructure,” IEEE Access, vol. 3, pp.2828–2846, 2015.

[28] M. A. Mustafa, S. Cleemput, A. Aly, and A. Abidin, “An MPC-basedprotocol for secure and privacy-preserving smart metering,” in IEEEPES ISGT-Europe, 2017, pp. 1–6.

[29] ——, “A secure and privacy-preserving protocol for smart meteringoperational data collection,” IEEE Transactions on Smart Grid, vol. 10,no. 6, pp. 6481–6490, 2019.

[30] E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer,and Virza, “Zerocash: Decentralized anonymous payments from bitcoin,”IEEE Symposium on Security & Privacy (Oakland), pp. 459–474, 2014.

[31] A. Abidin, A. Aly, S. Cleemput, and M. A. Mustafa, “An MPC-basedprivacy-preserving protocol for a local electricity trading market,” in15th Int. Conf. on Cryptology and Network Security (CANS 2016), ser.LNCS, vol. 10052. Springer, 2016, pp. 615–625.

[32] ——, “Secure and privacy-friendly local electricity trading and billingin smart grid,” CoRR, vol. abs/1801.08354, 2018. [Online]. Available:http://arxiv.org/abs/1801.08354

[33] F. Brandt and T. Sandholm, “Efficient privacy-preserving protocols formulti-unit auctions,” in International Conference on Financial Cryptog-raphy and Data Security. Springer, 2005, pp. 298–312.

6