From Physical to Cyber: Escalating Protection for Personalized Auto Insurance

Nowadays, auto insurance companies set personalized insurance rate based on data gathered directly from their customers' cars. In this paper, we show such a personalized insurance mechanism -- wildly adopted by many auto insurance companies -- is vulnerable to exploit. In particular, we demonstrate that an adversary can leverage off-the-shelf hardware to manipulate the data to the device that collects drivers' habits for insurance rate customization and obtain a fraudulent insurance discount. In response to this type of attack, we also propose a defense mechanism that escalates the protection for insurers' data collection. The main idea of this mechanism is to augment the insurer's data collection device with the ability to gather unforgeable data acquired from the physical world, and then leverage these data to identify manipulated data points. Our defense mechanism leveraged a statistical model built on unmanipulated data and is robust to manipulation methods that are not foreseen previously. We have implemented this defense mechanism as a proof-of-concept prototype and tested its effectiveness in the real world. Our evaluation shows that our defense mechanism exhibits a false positive rate of 0.032 and a false negative rate of 0.013.

[1]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[2]  Zvi Eckstein,et al.  Why Youths Drop out of High School: The Impact of Preferences , 1999 .

[3]  G. B. Smith,et al.  Preface to S. Geman and D. Geman, “Stochastic relaxation, Gibbs distributions, and the Bayesian restoration of images” , 1987 .

[4]  Ramachandran Ramjee,et al.  Nericell: using mobile smartphones for rich monitoring of road and traffic conditions , 2008, SenSys '08.

[5]  Cliburn Chan,et al.  Discriminative variable subsets in Bayesian classification with mixture models, with application in flow cytometry studies , 2015, Biostatistics.

[6]  Philip S. Yu,et al.  Outlier detection for high dimensional data , 2001, SIGMOD '01.

[7]  Donald Geman,et al.  Stochastic Relaxation, Gibbs Distributions, and the Bayesian Restoration of Images , 1984, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[8]  Adrian E. Raftery,et al.  How Many Clusters? Which Clustering Method? Answers Via Model-Based Cluster Analysis , 1998, Comput. J..

[9]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[10]  Sivan Toledo,et al.  VTrack: accurate, energy-aware road traffic delay estimation using mobile phones , 2009, SenSys '09.

[11]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[12]  Han Zhang,et al.  CELLPHONE PROBES AS AN ATMS TOOL , 2003 .

[13]  Gary J. Russell,et al.  A Probabilistic Choice Model for Market Segmentation and Elasticity Structure , 1989 .

[14]  Erhan Akin,et al.  Estimating driving behavior by a smartphone , 2012, 2012 IEEE Intelligent Vehicles Symposium.

[15]  Yizhou Sun,et al.  Integrating community matching and outlier detection for mining evolutionary community outliers , 2012, KDD.

[16]  Stefan Savage,et al.  Fast and Vulnerable: A Story of Telematic Failures , 2015, WOOT.

[17]  J. Sethuraman A CONSTRUCTIVE DEFINITION OF DIRICHLET PRIORS , 1991 .

[18]  Junshui Ma,et al.  Online novelty detection on temporal sequences , 2003, KDD '03.

[19]  Richard B. Langley,et al.  A Single GPS Receiver as a Real-Time, Accurate Velocity and Acceleration Sensor , 2004 .

[20]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[21]  Alec Wolman,et al.  Software abstractions for trusted sensors , 2012, MobiSys '12.

[22]  Mingyan Liu,et al.  Surface street traffic estimation , 2007, MobiSys '07.

[23]  Oliver J. Woodman,et al.  An introduction to inertial navigation , 2007 .

[24]  Ryan Newton,et al.  The pothole patrol: using a mobile sensor network for road surface monitoring , 2008, MobiSys '08.

[25]  Charu C. Aggarwal,et al.  On Abnormality Detection in Spuriously Populated Data Streams , 2005, SDM.

[26]  Yizhou Sun,et al.  On community outliers and their efficient detection in information networks , 2010, KDD.

[27]  Charu C. Aggarwal,et al.  Event Detection in Social Streams , 2012, SDM.

[28]  Chang-Tien Lu,et al.  Algorithms for spatial outlier detection , 2003, Third IEEE International Conference on Data Mining.

[29]  Rick L. Andrews,et al.  A Comparison of Segment Retention Criteria for Finite Mixture Logit Models , 2003 .

[30]  Flavio D. Garcia,et al.  Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer , 2013, USENIX Security Symposium.

[31]  Cliburn Chan,et al.  Hierarchical Bayesian mixture modelling for antigen-specific T-cell subtyping in combinatorially encoded flow cytometry studies , 2013, Statistical applications in genetics and molecular biology.

[32]  Adrian F. M. Smith,et al.  Sampling-Based Approaches to Calculating Marginal Densities , 1990 .

[33]  Cliburn Chan,et al.  Hierarchical Modeling for Rare Event Detection and Cell Subset Alignment across Flow Cytometry Samples , 2013, PLoS Comput. Biol..

[34]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[35]  Minglu Li,et al.  D3: Abnormal driving behaviors detection and identification using smartphone sensors , 2015, 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[36]  Florian Michahelles,et al.  Driving behavior analysis with smartphones: insights from a controlled field study , 2012, MUM.

[37]  James D. Hamilton A New Approach to the Economic Analysis of Nonstationary Time Series and the Business Cycle , 1989 .

[38]  A. Bayen,et al.  Guaranteed bounds for traffic flow parameters estimation using mixed Lagrangian-Eulerian sensing , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[39]  Karl Koscher,et al.  Exploring Controller Area Networks , 2015, login Usenix Mag..

[40]  Yee Whye Teh,et al.  Dirichlet Process , 2017, Encyclopedia of Machine Learning and Data Mining.

[41]  Philip S. Yu,et al.  Outlier Detection with Uncertain Data , 2008, SDM.

[42]  Sumit Mallik Intelligent transportation system , 2013 .