TY - GEN
T1 - From physical to cyber
T2 - 14th ACM Conference on Embedded Networked Sensor Systems, SenSys 2016
AU - Guan, Le
AU - Xu, Jun
AU - Wang, Shuai
AU - Xing, Xinyu
AU - Lin, Lin
AU - Huang, Heqing
AU - Liu, Peng
AU - Lee, Wenke
N1 - Funding Information:
National Science Foundation under Grants No. CNS-1505664 %blankline%
Publisher Copyright:
© 2016 Copyright held by the owner/author(s).
PY - 2016/11/14
Y1 - 2016/11/14
N2 - Nowadays, auto insurance companies set personalized insurance rate based on data gathered directly from their customers' cars. In this paper, we show such a personalized insurance mechanism-wildly adopted by many auto insurance companies-is vulnerable to exploit. In particular, we demonstrate that an adversary can leverage o-The-shelf hardware to manipulate the data to the device that collects drivers' habits for insurance rate customization and obtain a fraudulent insurance discount. In response to this type of attack, we also propose a defense mechanism that escalates the protection for insurers' data collection. The main idea of this mechanism is to augment the insurer's data collection device with the ability to gather unforgeable data acquired from the physical world, and then leverage these data to identify manipulated data points. Our defense mechanism leveraged a statistical model built on unmanipulated data and is robust to manipulation methods that are not foreseen previously. We have implemented this defense mechanism as a proof-of-concept prototype and tested its effectiveness in the real world. Our evaluation shows that our defense mechanism exhibits a false positive rate of 0.032 and a false negative rate of 0.013.
AB - Nowadays, auto insurance companies set personalized insurance rate based on data gathered directly from their customers' cars. In this paper, we show such a personalized insurance mechanism-wildly adopted by many auto insurance companies-is vulnerable to exploit. In particular, we demonstrate that an adversary can leverage o-The-shelf hardware to manipulate the data to the device that collects drivers' habits for insurance rate customization and obtain a fraudulent insurance discount. In response to this type of attack, we also propose a defense mechanism that escalates the protection for insurers' data collection. The main idea of this mechanism is to augment the insurer's data collection device with the ability to gather unforgeable data acquired from the physical world, and then leverage these data to identify manipulated data points. Our defense mechanism leveraged a statistical model built on unmanipulated data and is robust to manipulation methods that are not foreseen previously. We have implemented this defense mechanism as a proof-of-concept prototype and tested its effectiveness in the real world. Our evaluation shows that our defense mechanism exhibits a false positive rate of 0.032 and a false negative rate of 0.013.
UR - http://www.scopus.com/inward/record.url?scp=85007039883&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85007039883&partnerID=8YFLogxK
U2 - 10.1145/2994551.2994573
DO - 10.1145/2994551.2994573
M3 - Conference contribution
AN - SCOPUS:85007039883
T3 - Proceedings of the 14th ACM Conference on Embedded Networked Sensor Systems, SenSys 2016
SP - 42
EP - 55
BT - Proceedings of the 14th ACM Conference on Embedded Networked Sensor Systems, SenSys 2016
PB - Association for Computing Machinery, Inc
Y2 - 14 November 2016 through 16 November 2016
ER -