Driver privacy can be compromised in usage-based insurance systems
Ben-Gurion University of the Negev (BGU) researchers have demonstrated that is possible to compromise a driver's private information stored in the cloud for Usage-Based Insurance (UBI) programs based on only part of the data collected.
Source: Ben-Gurion University of the Negev
UBI programs determine a consumer or fleet insurance premium rate based on several driving parameters that are collected, including total driving time, cornering and average speed. As part of the burgeoning Internet of Things (IoT) connected-device functionality in vehicles, driver data is gradually being stored in the cloud, rather than onboard a vehicle's computer.
Using an algorithm, the researchers were able to demonstrate that it is possible to garner additional private data beyond what is supplied to UBI companies without the use of GPS information. The research was conducted by BGU student Vladimir Kaplun Peled as part of his master's thesis, along with his advisor, Prof. Michael Segal, of the BGU Department of Communication Systems Engineering.
According to Prof. Segal, "Based on our research, an attacker only needs one part of the information provided to a UBI company to discover a driver's whereabouts, home, work, or who they met with. As connected vehicle networks become more widely used to collect driver data and provide information or entertainment, the opportunity for someone to uncover private information will also increase."
The research was supported by the IBM Cyber Security Center of Excellence at BGU. IBM (NYSE: IBM) and BGU established a Center of Excellence for Security and Protection of Infrastructure and Assets at the University in 2014. This joint venture has developed a curriculum that will help train the next generation of professionals, as well as perform leading scientific research on emerging areas, such as big data and cloud computing.