Skip to main content
Springer Nature Link
Log in

kUBI: A Framework for Privacy and Transparency in Sensor-Based Business Models for Consumers: A Pay-How-You-Drive Example

  • Conference paper
  • First Online:
Computer Security (ESORICS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12580))

Included in the following conference series:

  • 975 Accesses

Abstract

Ubiquitous computing has fundamentally redefined many existing business models. The collected sensor data has great potential, which is being recognized by more and more industries, including car insurance companies with Usage-Based Insurance (UBI). However, most of these business models are very privacy-invasive and must be constructed with care. For a data processor, the integrity of the data is particularly important. With kUBI, we present a framework that takes into account the interests of the providers as well as the privacy of the users, using the example of Android. It is fully integrated into the Android system architecture. It uses hybrid data processing in both stakeholder domains. Protected enclaves, whose function can be transparently traced by a user at any time, protect company secrets in the hostile environment, i.e. a user’s smartphone. The framework is theoretically outlined and its integration into Android is shown. An evaluation shows that the user in the exemplary use case UBI can be protected by kUBI.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    We use \(\{\}\) to denote such an ordered set and [] to specify an unordered list.

References

  1. Android: Trusty TEE | Android Open Source Project (2016). https://source.android.com/security/trusty

  2. Android: Sensors | Android Open Source Project (2020). https://source.android.com/devices/sensors

  3. Bai, X., Yin, J., Wang, Y.-P.: Sensor guardian: prevent privacy inference on Android sensors. EURASIP J. Inf. Secur. 2017(1), 1–17 (2017). https://doi.org/10.1186/s13635-017-0061-8

    Article  Google Scholar 

  4. Bal, G., Rannenberg, K., Hong, J.I.: Styx: privacy risk communication for the Android smartphone platform based on apps’ data-access behavior patterns. Comput. Secur. 53, 187–202 (2015)

    Article  Google Scholar 

  5. Benndorf, V., Normann, H.T.: The willingness to sell personal data. Scand. J. Econ. 120, 1260–1278 (2018)

    Article  Google Scholar 

  6. Bugiel, S., Heuser, S., Sadeghi, A.R.: Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In: Proceedings of the 22nd USENIX Security Symposium, pp. 131–146 (2013)

    Google Scholar 

  7. Chakraborty, S., Raghavan, K.R., Johnson, M.P., Srivastava, M.B.: A framework for context-aware privacy of sensor data on mobile systems. In: Proceedings of the 14th Workshop on Mobile Computing Systems and Applications - HotMobile ’13, p. 1. ACM Press, New York (2013)

    Google Scholar 

  8. EY: Introducing ‘Pay How You Drive’ (PHYD) Insurance - Insurance that rewards safe driving (2016)

    Google Scholar 

  9. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: SOUPS 2012 - Proceedings of the 8th Symposium on Usable Privacy and Security (2012)

    Google Scholar 

  10. Greaves, S., De Gruyter, C.: Profiling driving behaviour using passive global positioning system (GPS) technology. In: Outside the Square, Operations, Transport and Safety (2002)

    Google Scholar 

  11. Hemminki, S., Nurmi, P., Tarkoma, S.: Accelerometer-based transportation mode detection on smartphones. In: SenSys 2013 - Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems. Association for Computing Machinery (2013)

    Google Scholar 

  12. Hong, S.K., Gurjar, K., Kim, H.S., Moon, Y.S.: A survey on privacy preserving time-series data mining. In: 3rd International Conference on Intelligent Computational Systems (ICICS’2013) (2013)

    Google Scholar 

  13. Kang, R., Dabbish, L., Fruchter, N., Kiesler, S.: “My data just goes everywhere”: user mental models of the internet and implications for privacy and security. Symp. Usable Priv. Secur. (SOUPS) 2015, 39–52 (2015)

    Google Scholar 

  14. Kreuter, F., Haas, G.C., Keusch, F., Bähr, S., Trappmann, M.: Collecting survey and smartphone sensor data with an app: opportunities and challenges around privacy and informed Consent. Soc. Sci. Comput. Rev. 38, 533–549 (2018)

    Article  Google Scholar 

  15. Li, Z., Pei, Q., Markwood, I., Liu, Y., Pan, M., Li, H.: Location privacy violation via GPS-agnostic smart phone car tracking. IEEE Trans. Veh. Technol. 67, 5042–5053 (2018)

    Google Scholar 

  16. Litman, T.A.: Pay-as-you-drive pricing for insurance affordability. Victoria Transp. Policy Inst. 10(June), 19 (2011)

    Google Scholar 

  17. Martínez, M.V., Echanobe, J., Del Campo, I.: Driver identification and impostor detection based on driving behavior signals. In: IEEE Conference on Intelligent Transportation Systems, Proceedings, ITSC, pp. 372–378 (2016)

    Google Scholar 

  18. Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in android: a user-centric approach. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, M.-F. (eds.) RISK 2013. LNCS, vol. 8418, pp. 21–37. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07076-6_2

    Chapter  Google Scholar 

  19. Pfitzmann, A., Pfitzmann, B., Schunter, M., Waidner, M.: Trusting mobile user devices and security modules. Computer 30(2), 61–68 (1997)

    Article  Google Scholar 

  20. Roth, C., Aringer, S., Petersen, J., Nitschke, M.: Are sensor-based business models a threat to privacy? the case of pay-how-you-drive insurance models. In: Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) TrustBus 2020. LNCS, vol. 12395, pp. 75–85. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58986-8_6

    Chapter  Google Scholar 

  21. Solove, D.J.: Nothing to Hide: The False Tradeoff Between Privacy and Security. Yale University Press, New Haven (2011)

    Google Scholar 

  22. Troncoso, C., Danezis, G., Kosta, E., Preneel, B.: PriPAYD: privacy friendly pay-as-you-drive insurance. In: WPES 2007 - Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, vol. 8, pp. 742–755 (2007)

    Google Scholar 

  23. Tselentis, D.I., Yannis, G., Vlahogianni, E.I.: Innovative insurance schemes: pay as/how you drive. Transp. Res. Procedia 14, 362–371 (2016)

    Article  Google Scholar 

  24. Weydert, V., Desmet, P., Lancelot-Miltgen, C.: Convincing consumers to share personal data: double-edged effect of offering money. J. Consum. Mark. 37, 1–9 (2019)

    Article  Google Scholar 

  25. Zhang, J., Beresford, A.R., Sheret, I.: SensorID: sensor calibration fingerprinting for smartphones. In: Proceedings of the 40th IEEE Symposium on Security and Privacy (SP). IEEE (2019)

    Google Scholar 

  26. Zhang, L., Pathak, P.H., Wu, M., Zhao, Y., Mohapatra, P.: AccelWord: energy efficient hotword detection through accelerometer. In: MobiSys 2015 - Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, pp. 301–315. Association for Computing Machinery Inc, New York (May 2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Regensburg, Regensburg, Germany

    Christian Roth, Mario Saur & Dogan Kesdogan

Authors
  1. Christian Roth
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mario Saur
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dogan Kesdogan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Roth .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, UK

    Ioana Boureanu

  2. University of Surrey, Guildford, UK

    Constantin Cătălin Drăgan

  3. University of Surrey, Guildford, UK

    Mark Manulis

  4. Technical University of Denmark, Kongens Lyngby, Denmark

    Thanassis Giannetsos

  5. Ionian University, Kerkira, Greece

    Christoforos Dadoyan

  6. UBITECH Ltd., Chalandri, Greece

    Panagiotis Gouvas

  7. Dartmouth College and Naval Information Warfare Center, Hanover, NH, USA

    Roger A. Hallman

  8. University of Kent, Canterbury, Kent, UK

    Shujun Li

  9. Teessside University, Middlesbrough, UK

    Victor Chang

  10. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  11. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  12. Ruhr University Bochum, Bochum, Germany

    Angela Sasse

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Roth, C., Saur, M., Kesdogan, D. (2020). kUBI: A Framework for Privacy and Transparency in Sensor-Based Business Models for Consumers: A Pay-How-You-Drive Example. In: Boureanu, I., et al. Computer Security. ESORICS 2020. Lecture Notes in Computer Science(), vol 12580. Springer, Cham. https://doi.org/10.1007/978-3-030-66504-3_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-66504-3_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-66503-6

  • Online ISBN: 978-3-030-66504-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation