Exploiting Insurance Telematics for Fun and Profit

Nowadays, auto insurance companies set personalized insurance rate based on data gathered directly from their customers' cars. In this paper, we show such a personalized insurance mechanism -- wildly adopted by many auto insurance companies -- is vulnerable to exploit. In particular, we demonstrate that an adversary can leverage off-the-shelf hardware to manipulate the data to the device that collects drivers' habits for insurance rate customization and obtain a fraudulent insurance discount. In response to this type of attack, we also propose a defense mechanism that escalates the protection for insurers' data collection. The main idea of this mechanism is to augment the insurer's data collection device with the ability to gather unforgeable data acquired from the physical world, and then leverage these data to identify manipulated data points. Our defense mechanism leveraged a statistical model built on unmanipulated data and is robust to manipulation methods that are not foreseen previously. We have implemented this defense mechanism as a proof-of-concept prototype and tested its effectiveness in the real world. Our evaluation shows that our defense mechanism exhibits a false positive rate of 0.032 and a false negative rate of 0.013.

[1]  Gary J. Russell,et al.  A Probabilistic Choice Model for Market Segmentation and Elasticity Structure , 1989 .

[2]  Alec Wolman,et al.  Software abstractions for trusted sensors , 2012, MobiSys '12.

[3]  G. B. Smith,et al.  Preface to S. Geman and D. Geman, “Stochastic relaxation, Gibbs distributions, and the Bayesian restoration of images” , 1987 .

[4]  Ramachandran Ramjee,et al.  Nericell: using mobile smartphones for rich monitoring of road and traffic conditions , 2008, SenSys '08.

[5]  Erhan Akin,et al.  Estimating driving behavior by a smartphone , 2012, 2012 IEEE Intelligent Vehicles Symposium.

[6]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[7]  Yizhou Sun,et al.  On community outliers and their efficient detection in information networks , 2010, KDD.

[8]  Charu C. Aggarwal,et al.  Event Detection in Social Streams , 2012, SDM.

[9]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[10]  Ryan Newton,et al.  The pothole patrol: using a mobile sensor network for road surface monitoring , 2008, MobiSys '08.

[11]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[12]  Minglu Li,et al.  D3: Abnormal driving behaviors detection and identification using smartphone sensors , 2015, 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[13]  Florian Michahelles,et al.  Driving behavior analysis with smartphones: insights from a controlled field study , 2012, MUM.

[14]  Chang-Tien Lu,et al.  Algorithms for spatial outlier detection , 2003, Third IEEE International Conference on Data Mining.

[15]  Rick L. Andrews,et al.  A Comparison of Segment Retention Criteria for Finite Mixture Logit Models , 2003 .

[16]  Flavio D. Garcia,et al.  Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer , 2013, USENIX Security Symposium.

[17]  Charu C. Aggarwal,et al.  On Abnormality Detection in Spuriously Populated Data Streams , 2005, SDM.

[18]  Sivan Toledo,et al.  VTrack: accurate, energy-aware road traffic delay estimation using mobile phones , 2009, SenSys '09.

[19]  Cliburn Chan,et al.  Hierarchical Modeling for Rare Event Detection and Cell Subset Alignment across Flow Cytometry Samples , 2013, PLoS Comput. Biol..

[20]  Karl Koscher,et al.  Exploring Controller Area Networks , 2015, login Usenix Mag..

[21]  Yizhou Sun,et al.  Integrating community matching and outlier detection for mining evolutionary community outliers , 2012, KDD.

[22]  Stefan Savage,et al.  Fast and Vulnerable: A Story of Telematic Failures , 2015, WOOT.

[23]  Mingyan Liu,et al.  Surface street traffic estimation , 2007, MobiSys '07.

[24]  Yee Whye Teh,et al.  Dirichlet Process , 2017, Encyclopedia of Machine Learning and Data Mining.

[25]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[26]  Zvi Eckstein,et al.  Why Youths Drop out of High School: The Impact of Preferences , 1999 .

[27]  Cliburn Chan,et al.  Discriminative variable subsets in Bayesian classification with mixture models, with application in flow cytometry studies , 2015, Biostatistics.

[28]  Philip S. Yu,et al.  Outlier detection for high dimensional data , 2001, SIGMOD '01.

[29]  Donald Geman,et al.  Stochastic Relaxation, Gibbs Distributions, and the Bayesian Restoration of Images , 1984, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[30]  Cliburn Chan,et al.  Hierarchical Bayesian mixture modelling for antigen-specific T-cell subtyping in combinatorially encoded flow cytometry studies , 2013, Statistical applications in genetics and molecular biology.

[31]  Adrian F. M. Smith,et al.  Sampling-Based Approaches to Calculating Marginal Densities , 1990 .

[32]  Philip S. Yu,et al.  Outlier Detection with Uncertain Data , 2008, SDM.

[33]  A. Bayen,et al.  Guaranteed bounds for traffic flow parameters estimation using mixed Lagrangian-Eulerian sensing , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[34]  Sumit Mallik Intelligent transportation system , 2013 .

[35]  James D. Hamilton A New Approach to the Economic Analysis of Nonstationary Time Series and the Business Cycle , 1989 .

[36]  Oliver J. Woodman,et al.  An introduction to inertial navigation , 2007 .

[37]  Adrian E. Raftery,et al.  How Many Clusters? Which Clustering Method? Answers Via Model-Based Cluster Analysis , 1998, Comput. J..

[38]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[39]  Han Zhang,et al.  CELLPHONE PROBES AS AN ATMS TOOL , 2003 .

[40]  J. Sethuraman A CONSTRUCTIVE DEFINITION OF DIRICHLET PRIORS , 1991 .

[41]  Junshui Ma,et al.  Online novelty detection on temporal sequences , 2003, KDD '03.

[42]  Richard B. Langley,et al.  A Single GPS Receiver as a Real-Time, Accurate Velocity and Acceleration Sensor , 2004 .