Drivers’ private information can be compromised when stored in the cloud for usage-based insurance (UBI) programs, according to researchers.

Using connected-device, or telematics, functions in vehicles, UBI programs determine a consumer’s or fleet’s insurance premium rate by considering several driving parameters, such as total driving time, cornering and average speed, explained researchers at Ben-Gurion University of the Negev (BGU), which is based in Beer-Sheva, Israel.

Such driver data is gradually being stored in the cloud, rather than on board a vehicle’s computer.

Using an algorithm, the researchers were able to demonstrate that it is possible to garner additional private data beyond what is supplied to UBI companies without the use of GPS information.

The research was conducted by BGU student Vladimir Kaplun Peled as part of his master’s thesis, along with his adviser, Prof. Michael Segal of the BGU Department of Communication Systems Engineering.

“Based on our research, an attacker only needs one part of the information provided to a UBI company to discover a driver’s whereabouts, home, work or who they met with,” according to Segal.

“As connected vehicle networks become more widely used to collect driver data and provide information or entertainment, the opportunity for someone to uncover private information will also increase,” he added.

The research was supported by the IBM Cyber Security Center of Excellence at BGU. IBM and BGU established a Center of Excellence for Security and Protection of Infrastructure and Assets at the university in 2014. This joint venture has developed a curriculum that will help train the next generation of professionals, as well as perform leading scientific research on emerging areas, such as big data and cloud computing.

Source: Ben-Gurion University of the Negev