Survey of Automotive Privacy Regulations and Privacy-Related Attacks
Published April 2, 2019 by SAE International in United States
Downloadable datasets for this paper availableAnnotation of this paper is available
Privacy has been a rising concern. The European Union has established a privacy standard called General Data Protection Regulation (GDPR) in May 2018. Furthermore, the Facebook-Cambridge Analytica data incident made headlines in March 2018. Data collection from vehicles by OEM platforms is increasingly popular and may offer OEMs new business models but it comes with the risk of privacy leakages. Vehicular sensor data shared with third-parties can lead to misuse of the requested data for other purposes than stated/intended. There exists a relevant regulation document introduced by the Alliance of Automobile Manufacturers (“Auto Alliance”), which classifies the vehicular sensors used for data collection as covered and non-sensitive parameters.
This paper reviews existing privacy standards as well as ongoing efforts in the automotive domain, and surveys the landscape of automotive privacy-related attacks which can be classified into three categories: driver fingerprinting, location inferencing and driving-behavior analysis. These three categories are derived from the aforementioned guidelines of covered information. Based on this survey, we define a Privacy Score (PS), quantifying the risk associated with each vehicular sensor. Sensors contributing to multiple privacy attacks will be assigned a higher PS. Furthermore, combinations of sensors used in privacy attacks must be considered and assessed in the PS metric as some attacks cannot be mounted using a single independent sensor alone.
CitationPesé, M. and Shin, K., "Survey of Automotive Privacy Regulations and Privacy-Related Attacks," SAE Technical Paper 2019-01-0479, 2019, https://doi.org/10.4271/2019-01-0479.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
|[Unnamed Dataset 2]|
|[Unnamed Dataset 3]|
- BMW Group launches BMW CarData: new and innova-tive services for customers, safely and transparently, May 2017, https://www.press.bmwgroup.com/global/article/detail/T0271366EN/bmw-group-launches-bmw-cardata:-new-and-innovative-services-for-customers-safely-and-transparently?language=en.
- VEHICLE DATA PRIVACY Industry and Federal Efforts Under Way, but NHTSA Needs to Define Its Role, July 2017. http://www.gao.gov/assets/690/686284.pdf.
- Chen, S.H., Pan, J.S., and Kaixuan, L., “Driving behavior Analysis Based on Vehicle OBD Information and Adaboost Algorithms,” in Proceedings of the International MultiConference of Engineers and Computer Scientists, vol. 1, 18-20, 2015.
- Li, Z., Bao, S., Kolmanovsky, I.V., and Yin, X., “Visual-Manual Distraction Detection Using Driving Performance Indicators with Naturalistic Driving Data,” IEEE Transactions on Intelligent Transportation Systems, 2017.
- Enev, M. et al., “Automobile Driver Fingerprinting,” Proceedings on Privacy Enhancing Technologies 1:34-50, 2016.
- Research Any Vehicle In Seconds, VehicleHistory.com - Vin Check Vehicle History with Our Free Vin Lookup and Make Model Year Search Tools, accessed October 02, 2018, https://www.vehiclehistory.com/
- Kar, Gorkem, Jain Shubham, Gruteser Marco, Chen Jinzhu, Bai Fan, and Govindan Ramesh, “PredriveID: Pre-Trip Driver Identification from In-Vehicle Data,” in Proceedings of the Second ACM/IEEE Symposium on Edge Computing, 2, ACM, 2017.
- Bo, W., Panigrahi, S., Narsude, M., and Mohanty, A., “Driver Identification Using Vehicle Telematics Data,” SAE Technical Paper 2017-01-1372, 2017, doi:10.4271/2017-01-1372.
- Dewri, R., Annadata, P., Eltarjaman, W., and Thurimella, R., “Inferring Trip Destinations from Driving Habits Data,” in Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society, 267-272, ACM, November 2013). .
- Gao, X., Firner, B., Sugrim, S., Kaiser-Pendergrast, V., Yang, Y., and Lindqvist, J., “Elastic Pathing: Your Speed is Enough to Track You,” in Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, 975-986, ACM, September 2014.
- Zhou, L., Chen, Q., Luo, Z., Zhu, H., and Chen, C. (June 2017). Speed-Based Location Tracking in Usage-Based Automotive Insurance, in Distributed Computing Systems (ICDCS), 2017 IEEE 37th International Conference on, 2252-2257, IEEE.
- McKinsey & Company, Monetizing car data: New service business opportunities to create new customer benefits September, September 2016.
- Pesé M. D., Ganesan A., and Shin K. G., “CarLab: Framework for Vehicular Data Collection and Processing,” October 2017, 43-48.
- OBD - Elm Electronics, “Small Solutions from Elm Electronics,” www.elmelectronics.com/products/ics/obd/.
- Progressive, “What Is Snapshot and How You Can Save,” www.progressive.com/auto/discounts/snapshot/.
- Drivewise - Allstate, “Allstate,” https://www.allstate.com/drive-wise/drivewise-device.aspx.
- Drive Safe & Save™ - State Farm®, “State Farm,” https://www.statefarm.com/insurance/auto/discounts/drive-safe-save.
- Frost & Sullivan, “Automotive Data Monetisation Pricing and Business Models,” http://www.frost.com/c/10046/sublib/frost-content.do?sheetName=report-overview&sheetGroup=MD48-01-00-00-00&viewName=virtual-brochure&repid=MD48-01-00-00-00.
- D & R. (2015, December 04). Text - H.R.22 - 114th Congress (2015-2016): FAST Act. Retrieved from https://www.congress.gov/bill/114th-congress/house-bill/22/text#toc-H7E76328B2CD946219201C9FF6470C491.
- Esurance Insurance Company, Esurance, 2018, Accessed October 02, 2018, https://www.esurance.com/drivesense.
- Ezzini, S., Berrada, I., and Ghogho, M., “Who is Behind the Wheel? Driver Identification and Fingerprinting,” Journal of Big Data 5(1):9, 2018.
- Corbett, Cherita, Alexis Jimmy, and Watkins Lanier, “Who's Driving You?,” Consumer Communications & Networking Conference (CCNC), 2018 15th IEEE Annual, 1-4, IEEE, 2018.
- BMW CarData, A sign of things to come for all OEMs, n.d., Retrieved from https://www.ptolemus.com/blog/bmw-cardata-a-sign-of-things-to-come-for-all-oems/.