Location Privacy in Usage-Based Automotive Insurance: Attacks and Countermeasures

Usage-based insurance (UBI) is regarded as a promising way to provide accurate automotive insurance rates by analyzing the driving behaviors (e.g., speed, mileage, and harsh braking/accelerating) of drivers. The best practice that has been adopted by many insurance programs to protect users’ location privacy is the use of driving speed rather than GPS data. However, in this paper, we challenge this approach by presenting a novel speed-based location trajectory inference framework. The basic strategy of the proposed inference framework is motivated by the following observations. In practice, many environmental factors, such as real-time traffic and traffic regulations, can influence the driving speed. These factors provide side-channel information about the driving route, which can be exploited to infer the vehicle’s trace. We implement our discovered attack on a public data set in New Jersey. The experimental results show that the attacker has a nearly 60% probability of obtaining the real route if he chooses the top 10 candidate routes. To thwart the proposed attack, we design a privacy preserving scoring and data audition framework that enhances drivers’ control on location privacy without affecting the utility of UBI. Our defense framework can also detect users’ dishonest behavior (e.g., modification of speed data) via a probabilistic audition scheme. Extensive experimental results validate the effectiveness of the defense framework.

[1]  Zhenfu Cao,et al.  A Probabilistic Misbehavior Detection Scheme toward Efficient Trust Establishment in Delay-Tolerant Networks , 2014 .

[2]  George Yannis,et al.  Innovative motor insurance schemes: A review of current practices and emerging challenges. , 2017, Accident; analysis and prevention.

[3]  Jiankun Hu,et al.  SOLS: A scheme for outsourced location based service , 2015, J. Netw. Comput. Appl..

[4]  Xiao Lu,et al.  Real-Time and Spatio-Temporal Crowd-Sourced Social Network Data Publishing with Differential Privacy , 2018, IEEE Transactions on Dependable and Secure Computing.

[5]  Wenqi Wei,et al.  Private and Truthful Aggregative Game for Large-Scale Spectrum Sharing , 2017, IEEE Journal on Selected Areas in Communications.

[6]  Triet Vo Huu,et al.  Inferring User Routes and Locations Using Zero-Permission Mobile Sensors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[7]  Sheng Zhong,et al.  Joint Differentially Private Gale–Shapley Mechanisms for Location Privacy Protection in Mobile Traffic Offloading Systems , 2016, IEEE Journal on Selected Areas in Communications.

[8]  Dipak Ghosal,et al.  Security vulnerabilities of connected vehicle streams and their impact on cooperative driving , 2015, IEEE Communications Magazine.

[9]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[10]  Kang G. Shin,et al.  Exploiting Consistency among Heterogeneous Sensors for Vehicle Anomaly Detection , 2017 .

[11]  Haojin Zhu,et al.  All your location are belong to us: breaking mobile social networks for automated user location tracking , 2013, MobiHoc '14.

[12]  Yi Li,et al.  Privacy-Preserving Location Proof for Securing Large-Scale Database-Driven Cognitive Radio Networks , 2016, IEEE Internet of Things Journal.

[13]  Shridatt Sugrim,et al.  Elastic pathing: your speed is enough to track you , 2013, UbiComp.

[14]  Gabi Nakibly,et al.  PowerSpy: Location Tracking Using Mobile Device Power Analysis , 2015, USENIX Security Symposium.

[15]  Rinku Dewri,et al.  Inferring trip destinations from driving habits data , 2013, WPES.

[16]  Keith W. Ross,et al.  You Can Yak but You Can't Hide: Localizing Anonymous Social Network Users , 2016, Internet Measurement Conference.

[17]  Sarvar Patel,et al.  Practical Secure Aggregation for Privacy-Preserving Machine Learning , 2017, IACR Cryptol. ePrint Arch..

[18]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[19]  Xiaohui Liang,et al.  When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals , 2016, CCS.

[20]  Arijit Chowdhury A Novel Approach To Improve Vehicle Speed Estimation Using Smartphone’s INS/GPS Sensors , 2020 .

[21]  Cailian Chen,et al.  Speed-Based Location Tracking in Usage-Based Automotive Insurance , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[22]  Luciano Boquete,et al.  Data Acquisition, Analysis and Transmission Platform for a Pay-As-You-Drive System , 2010, Sensors.

[23]  Reza Shokri,et al.  Synthesizing Plausible Privacy-Preserving Location Traces , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[24]  Isaac Skog,et al.  Smartphone-Based Measurement Systems for Road Vehicle Traffic Monitoring and Usage-Based Insurance , 2014, IEEE Systems Journal.

[25]  Srdjan Capkun,et al.  SPREE: a spoofing resistant GPS receiver , 2016, MobiCom.

[26]  Sheng Zhong,et al.  Privacy-Preserving Data Aggregation in Mobile Phone Sensing , 2016, IEEE Transactions on Information Forensics and Security.

[27]  Kui Ren,et al.  SecHOG: Privacy-Preserving Outsourcing Computation of Histogram of Oriented Gradients in the Cloud , 2016, AsiaCCS.

[28]  Yiyang Bian,et al.  Good drivers pay less: A study of usage-based vehicle insurance models , 2018 .

[29]  Yehuda Lindell,et al.  High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority , 2016, IACR Cryptol. ePrint Arch..

[30]  M. Sako,et al.  Profiting from business model innovation: Evidence from Pay-As-You-Drive auto insurance , 2013 .

[31]  Jingyu Hua,et al.  We Can Track You if You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones , 2015, IEEE Transactions on Information Forensics and Security.

[32]  Carmela Troncoso,et al.  PriPAYD: Privacy-Friendly Pay-As-You-Drive Insurance , 2007, IEEE Transactions on Dependable and Secure Computing.

[33]  Meinard Müller,et al.  Dynamic Time Warping , 2008 .