As a smart grid is becoming a promising technology to control and save power generation and consumption, smart grid security should be a preliminary consideration to prevent from catastrophic failures. Especially, excessive power consumption can be a significant issue, because power provider cannot react quickly to such massive demand that can cause blackouts through wide regions. Many studies, such as DDoS prevention schemes, have been done to solve excessive resource consumption for the legacy networks (e.g., the Internet). However, power management in the smart grid needs its own requirements: reliable power supply, privacy preservation, efficient data communication and malicious behavior detection. Existing smart grid schemes consider some of the requirements, but do not address all the requirements. In order to satisfy the four requirements, we propose a secure and efficient power management mechanism leveraging a homomorphic data aggregation and capability-based power distribution. The proposed mechanism enables to gather the power demands of customers securely and efficiently, and to distribute power to customers who have the capability. Furthermore, each customer can verify whether one's request is correctly delivered to the utility, and each distributor can detect misbehaving customers exceeding their capabilities. From our evaluation, we show that a power provider consumes 11.12 seconds until power distribution. It is a tolerably short time for a power provider to endure against excessive power consumption. Through this paper, we proposes the first concept of secure and efficient power management in the smart grid.