This Article 
 Bibliographic References 
 Add to: 
PriPAYD: Privacy-Friendly Pay-As-You-Drive Insurance
September/October 2011 (vol. 8 no. 5)
pp. 742-755
Carmela Troncoso, IBBT-Katholieke Universitiet Leuven, Heverlee-Leuven
George Danezis, Microsoft Research Cambridge, Cambridge
Eleni Kosta, K.U.Leuven, Leuven
Josep Balasch, IBBT-Katholieke Universitiet Leuven, Heverlee-Leuven
Bart Preneel, IBBT-Katholieke Universitiet Leuven, Heverlee-Leuven
Pay-As-You-Drive insurance schemes are establishing themselves as the future of car insurance. However, their current implementations, in which fine-grained location data are sent to insurers, entail a serious privacy risk. We present PriPAYD, a system where the premium calculations are performed locally in the vehicle, and only aggregated data are sent to the insurance company, without leaking location information. Our design is based on well-understood security techniques that ensure its correct functioning. We discuss the viability of PriPAYD in terms of cost, security, and ease of certification. We demonstrate that PriPAYD is possible through a proof-of-concept implementation that shows how privacy can be obtained at a very reasonable extra cost.

[1] T. Litman, "Distance-Based Vehicle Insurance Feasibility, Costs and Benefits," technical report, Victoria Transport Policy Inst., http://www.vtpi.orgdbvi_com.pdf, 2007.
[2] F. Zahid and C. Barton, "Pay Per Mile Insurance," technical report, Davenport Univ., 2004.
[3] F. Kelly, "Road Pricing: Addressing Congestion, Pollution and the Financing of Britain's Roads," Ingenia, vol. 29, pp. 34-40, 2006.
[4] Nat'l Motorist Assoc. "NMA's Position on Auto Insurance," http:/, 1998.
[5] Am. Automobile Assoc., http:/, 2009.
[6] Uniqa, http://www.uniqa.atuniqa_at/, 2011.
[7] Hollard Insurance, http:/, 2011.
[8] MAPFRE, http:/, 2011.
[9] Aioi, http:/, 2011.
[10] "Surveillance Fears Force Norwich to Scrap PAYD Car Policies," news848562.html, June 2008.
[11] Octo Telematics S.p.A., solutions insurance-telematics/, 2011.
[12] J. Krumm, "Inference Attacks on Location Tracks," Proc. Fifth Int'l Conf. Pervasive Computing (Pervasive), pp. 127-143, 2007.
[13] P. Golle and K. Partridge, "On the Anonymity of Home/Work Location Pairs," Proc. Seventh Int'l Conf. Pervasive Computing (Pervasive), H. Tokuda, M. Beigl, A. Friday, A.J.B. Brush, and Y. Tobe, eds., pp. 390-397, 2009.
[14] "Alert as 170,000 Blood Donor Files are Stolen," http://www. alert-as-170000-blood-donor-files-are-stolen-1294079.html , Feb. 2008.
[15] "Norwich Union Life Fined 1.26m," , Dec. 2007.
[16] "Big Brother is Keeping Tabs on SatNav Motorists," Big-Brother-keeping-tabs-satnav-motorists.html , 2011.
[17] M.U. Iqbal and S. Lim, "An Automated Real-World Privacy Assessment of GPS Tracking and Profiling," Proc. Second Workshop Social Implications of Nat'l Security: From Dataveillance to Uberveillance, pp. 225-240, 2007.
[18] A.J. Blumberg and P. Eckersley, "On Locational Privacy, and How to Avoid Losing it Forever," technical report, Electronic Frontier Foundation,, 2009.
[19] Corona Direct, http:/, 2011.
[20] Polis Direct, http:/, 2011.
[21] General Motors OnStar, , 2009.
[22] T. Litman, "Pay-As-You-Drive: Recommendations for Implementation," technical report, Victoria Transport Policy Inst., http://www.vtpi.orgpayd_rec.pdf, 2008.
[23] Polis Direct stopt met KM Polis, http://www.autokompas. nl/nieuws/2007/05 Polis-Direct-stopt-met-KM-Polis.html, May 2007.
[24] WGV, http://www.wgv-online.deindex.htm, 2011.
[25] Milemeter Inc., http:/, 2011.
[26] Aioi, "Telematics Insurance System," 2009.
[27] Progressive Casualty Insurance, TripSensor, https:/tripsense., 2009.
[28] Toyota Motor Corporation, http:/, 2011.
[29] S. Nakagawa, K. Mori, A. Shinada, K. Nunokawa, H. Okajima, and M. Sasaki, "Vehicle Insurance Premium Calculation System, On-Board Apparatus, and Server Apparatus," Mar. 2001.
[30] Skytrax,, 2009.
[31] iPAID, http:/, 2009.
[32] S.M. Perez, "Individual Evaluation System for Motorcar Risk," Dec. 1997.
[33] Norwich Union, http://www.norwichunion.compay-as-you-drive /, 2011.
[34] M.R. John, C.A. Dean, and H.J. Patrick, "Motor Vehicle Monitoring System for Determining a Cost of Insurance," Aug. 1998.
[35] Progressive, http:/, 2011.
[36] Sara Assicurazioni, http:/, 2011.
[37] Movitrack, http:/, 2011.
[38] STOK, http:/, 2011.
[39] Skymeter Corp., http:/, 2011.
[40] Coverbox Wunelli Limited., http:/, 2011.
[41] Autograph, product.php, 2009.
[42] Progressive Casualty Insurance, MyRate, com/progressive-car-insurance, 2011.
[43] Swiss Re, http:/, 2011.
[44] DBV Winterthur, http:/, 2009.
[45] PINCAR AG, http:/, 2011.
[46] iMetrik, http:/, 2011.
[47] S. Minguijon-Perez, "Pay As You Drive Directory," http://terra. es/personal/smp00000/home_archivos Pay_as_you_drive_ directory.htm , 2009.
[48] Directive 2004/52/EC of the European Parliament and of the Council of 29 Apr. 2004 on the interoperability of electronic road toll systems in the Community, Apr. 2004.
[49] Ministry for Urban Development and Roads, "The Controlled Vehicular Access," http:/, 2007.
[50] D. for Transport, introtoroads/ roadcongestionroadpricing demoproject /, 2011.
[51] "Road Pricing: Congestion Pricing, Value Pricing, Toll Roads and Hot Lanes," technical report, Victoria Transport Policy Inst.,, 2007.
[52] Directive 2006/32/EC of the European Parliament and of the Council of 5 Apr. 2006 on Energy End-use Efficiency and Energy Services and Repealing Council Directive 93/76/EEC, Official J. European Union, vol. 114, no. 27.4, pp. 64-85, Apr. 2006.
[53] M. LeMay, G. Gross, C.A. Gunter, and S. Garg, "Unified Architecture for Large-Scale Attested Metering," Proc. 40th Ann. Hawaii Int'l Conf. System Sciences (HICSS '07), p. 115, 2007.
[54] M. LeMay and C.A. Gunter, "Cumulative Attestation Kernels for Embedded Systems," Proc. 14th European Symp. Research in Computer Security (ESORICS), M. Backes and P. Ning, eds., pp. 655-670, 2009.
[55] R. Anderson, Security Engineering. Wiley, 2001.
[56] A. Escudero-Pascual and I. Hosein, "Questioning Lawful Access to Traffic Data," Comm. ACM, vol. 47, no. 3, pp. 77-82, 2004.
[57] E. Barkan, E. Biham, and N. Keller, "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication," J. Cryptology, vol. 21, no. 3, pp. 392-429, 2008.
[58] T. Agrelo, "Segurmovil. Automatic Vehicle Tracking," White paper, MAPFRE S.A, 2009.
[59] D. Bell and L. La Padula, Secure Computer Systems: Math. Foundations and Model. Mitre, 1974.
[60] A. Menezes, Handbook of Applied Cryptography. CRC Press, 1997.
[61] R. Anderson, M. Bond, J. Clulow, and S. Skorobogatov, "Cryptographic Processors—A Survey," Proc. IEEE, vol. 94, no. 2, pp. 357-369, Feb. 2006.
[62] D. Naccache and D. M'Raihi, "Cryptographic Smart Cards," IEEE Micro, vol. 16, no. 3, pp. 14-24, June 1996.
[63] R.J. Anderson, S. Vaudenay, B. Preneel, and K. Nyberg, "The Newton channel," Proc. First Int'l Workshop Information Hiding, R.J. Anderson, ed., pp. 151-156, 1996.
[64] G. Simmons, "Subliminal Communication is Easy Using the DSA," Proc. Workshop Theory and Application of Cryptographic Techniques on Advances in Cryptology (EUROCRYPT '93), T. Helleseth, ed., pp. 218-232, 1993.
[65] V.D. Gligor, A Guide to Understanding Covert Channel Analysis of Trusted Systems. Nat'l Computer Security Center, 1993.
[66] V. Kirtane and C.P. Rangan, "RSA-TBOS Signcryption with Proxy Re-Encryption," Proc. Eighth ACM Workshop Digital Rights Management (DRM '08), pp. 59-66, 2008.
[67] P. Rogaway and T. Shrimpton, "The SIV Mode of Operation for Deterministic Authenticated-Encryption (Key Wrap) and Misuse-Resistant Nonce-Based Authenticated-Encryption," 2007.
[68] A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, pp. 612-613, 1979.
[69] A. Biryukov and E. Kushilevitz, "From Differential Cryptoanalysis to Ciphertext-Only Attacks," Proc. 18th Ann. Int'l Conf. Advances in Cryptology (CRYPTO), pp. 72-88, 1998.
[70] M.G. Kuhn, "An Asymmetric Security Mechanism for Navigation Signals," Proc. Sixth Int'l Workshop Information Hiding, pp. 239-252, 2004.
[71] Analog Devices, 3 Axis ADXL330 Low Power Accelerometer Datasheet, ADXL330_0.pdf, 2009.
[72] Siemens, "Anders Betalen Voor Mobiliteit, Phase 2 Market Consultation Report," , 2009.
[73] J. Balasch, I. Verbauwhede, and B. Preneel, "An Embedded Platform for Privacy-Friendly Road Charging Applications," Proc. Design, Automation and Test in Europe Conf. (DATE '10), pp. 867-872, 2010.
[74] ARM, ARM7TDMI Technical Reference Manual, Revision: r4p3, 2009.
[75] NXP, "LPC23xx User Manual," http://www.standardics.nxp. com/support/ documents/microcontrollers/pdfuser.manual. lpc23xx.pdf , Apr. 2009.
[76] Keil, "MCB2300 Evaluation Board Family," http://www.keil. commcb2300/, Apr. 2009.
[77] Telit, "GM862-GPS Hardware User Guide," http://www.telit. com/module/infopooldownload.php?id=871 , Apr. 2009.
[78] OpenStreetMap, http:/, Apr. 2009.
[79] M. Dworkin, "Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality," Nat'l Inst. of Standards and Technology, NIST Special Publication 800-38C, 800-38CSP800-38C_updated-July20_2007.pdf , 2004.
[80] NIST, Advanced Encryption Standard (AES) (FIPS PUB 197), Nat'l Inst. of Standards and Tech nology, Nov. 2001.
[81] RSA Laboratories, PKCS #1 v2.1: RSA Cryptography Standard, RSA Data Security, Inc., pkcs-1index.html, June 2002.
[82] A.N. Yannacopoulos, C. Lambrinoudakis, S. Gritzalis, S.Z. Xanthopoulos, and S.K. Katsikas, "Modeling Privacy Insurance Contracts and Their Utilization in Risk Management for ICT Firms," Proc. 13th European Symp. Research in Computer Security (ESORICS), pp. 207-222, 2008.
[83] V. Gratzer and D. Naccache, "Alien versus Quine, the Vanishing Circuit and Other Tales from the Industry's Crypt," Proc. 25th Ann. Int'l Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT '06), S. Vaudenay, ed., pp. 48-58, 2006.

Index Terms:
Communication system security, legal factors, privacy.
Carmela Troncoso, George Danezis, Eleni Kosta, Josep Balasch, Bart Preneel, "PriPAYD: Privacy-Friendly Pay-As-You-Drive Insurance," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 5, pp. 742-755, Sept.-Oct. 2011, doi:10.1109/TDSC.2010.71
Usage of this product signifies your acceptance of the Terms of Use.