From Physical to Cyber: Escalating Protection for Personalized Auto Insurance


Nowadays, auto insurance companies set personalized insurance rate based on data gathered directly from their customers’ cars. In this paper, we show such a personalized insurance mechanism – wildly adopted by many auto insurance companies – is vulnerable to exploit. In particular, we demonstrate that an adversary can leverage off-the-shelf hardware to manipulate the data to the device that collects drivers’ habits for insurance rate customization and obtain a fraudulent insurance discount. In response to this type of attack, we also propose a defense mechanism that escalates the protection for insurers’ data collection. The main idea of this mechanism is to augment the insurer’s data collection device with the ability to gather unforgeable data acquired from the physical world, and then leverage these data to identify manipulated data points. Our defense mechanism leveraged a statistical model built on unmanipulated data and is robust to manipulation methods that are not foreseen previously. We have implemented this defense mechanism as a proof-of-concept prototype and tested its effectiveness in the real world. Our evaluation shows that our defense mechanism exhibits a false positive rate of 0.032 and a false negative rate of 0.013.

Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems, SenSys’16 (Acceptance rate: 21119=17.6%)