Smart Auto Insurance: High Resolution, Dynamic, Privacy-Driven, Telematic Insurance
Michael Bartholic, Zhengrong Gu, Jianan Su, Justin Goldstein, Shin'ichiro Matsuo
SSmart Auto Insurance: High Resolution,Dynamic, Privacy-Driven, Telematic Insurance
Michael Bartholic , Zhengrong Gu , Jianan Su , Justin Goldstein , andShin’ichiro Matsuo Georgetown University {mwb70,zg120,js4488,jjg130,sm3377}@georgetown.edu
Abstract.
Data driven approaches to problem solving are—in manyregards—the holy grail of evidence backed decision making. Using first-party empirical data to analyze behavior and establish predictions yieldsus the ability to base in-depth analyses on particular individuals andreduce our dependence on generalizations. Modern mobile and embed-ded devices provide a wealth of sensors and means for collecting andtracking individualized data. Applying these assets to the realm of in-surance (which is a statistically backed endeavor at heart) is certainlynothing new; yet doing so in a way that is privacy-driven and secure hasnot been a central focus of implementers. Existing data-driven insurancetechnologies require a certain level of trust in the data tracking agency(i.e. insurer) to not misuse, mishandle, or over-collect user data. Smartcontracts and blockchain technology provide us an opportunity to re-balance these systems such that the blockchain itself is a trusted agentwhich both insurers and the insured can confide in. We propose a "SmartAuto Insurance" system that minimizes data sharing while simultane-ously providing quality-of-life improvements to both sides. Furthermore,we use a simple game theoretical argument to show that the clients usingsuch a system are disincentivized from behaving adversarially.
Keywords:
Smart Contract, Blockchain, Auto Insurance, InformationSecurity, Cyber Security, Privacy Protection, Telematic Insurance
Auto insurance is traditionally inflexible, can often be expensive, and yet is usu-ally a required part of vehicle ownership. The costs go towards paying for dam-ages when accidents/incidents occur. Because of this, the cost of auto insuranceis directly proportional to the risk. Traditionally, this cost is assigned by the ef-forts of actuaries and statisticians based on risk tables of particular categories ofindividuals. However, this type of calculation must look at the average risk in thecategories and thus does not necessarily reflect the particular behavior of a givenindividual. Hence, in order to minimize costs to all parties, it may be desirableto create custom tailored auto insurance based on the behavior and risk level of specific individual or set of individuals [14]. Recently a number of tools havebeen developed by insurance companies that are intended to measure a driversbehavior over a window of time and give them a rating based on performance ofsafe driving. For example: Progressive Snapshot. However, many individuals donot participate in such schemes due to privacy concerns or lack of clear benefit.Even if we assume insurance organizations are not intending to misuse or other-wise share the data they collect (perhaps not a viable assumption), it is unsafeto collect lots of user data in one centralized organization.
Our investigation of data-driven insurance is certainly not alone and there area number of existing works in telematic auto insurance and other insurance do-mains. There are existing data-driven products by well established insurancecompanies such as Progressive’s "Snapshot" [12] program and Allstate’s "Drive-wise" [8] however these are primarily add-ons to existing insurance plans withperiodic savings or adjustments. There are also a number of startups engagingwith this domain, notably Arity [3] whose offerings focus on creating value fororganizations with tracking based analytics. Most similar in premise is likelythe "Smart Cyber Insurance" scheme proposed in [15], where a ledger basedapproach with a searchable encryption scheme is used to dynamically rate risklevels for IoT devices. We investigate these works further in the Evaluation sub-section.
Key contributions of this work revolve around the use of the blockchain as neutraltrusted platform in the data collection and computational process. We propose apractical scheme using commonly utilized technologies in the space such a smart-phone and on-board diagnostics (OBD-II) reader [2][9][13] based monitoring.The advancement here is not in the detection of such behaviors or incidents,but instead in the way the data is protected, stored, and utilized securely (whilepossibly producing incentive to act more safely). The use of blockchain makes iteasier to verify and process insurance claims, as well as securely and privatelycollect data from different stakeholders. We introduce an effective means to do,so called, "usage-based insurance" securely in a variety of novel use cases.Both dynamic pricing and offering service to only certain clients are possiblegiven this kind of data scheme. Dynamic pricing of insurance premiums followsmore closely along the lines of the Smart Cyber Insurance system conceived in[15]. However, only offering service to individuals below a certain risk level is abehavior that is already practiced by some companies which explicitly marketas "service for safe drivers". Along with usage-based pricing, these are muchmore interesting use cases to explore because they involves less of a paradigmshift for existing companies. It has been seen that current insurance companiesare reluctant to implement something truly dynamic because of implementationdifficulties and regulatory concerns [15].2
Data Driven Auto Insurance
A number of tools have been developed to measure divers’ behavior and givea score for their drivers’ performance. Plug-in devices or mobile applicationsdo not punish drivers but only offer discounts for good behaviors. These devicesare heavy trackers and generally involve streaming detailed, high resolution dataabout drivers’ personal activities to the insurance company for analysis. Instead,it is safer to only collect what you need and limit high resolution private datato avoid compromising the user. Collecting centralized data is risky because itenables central points of failure. Regulation on data management does not reducethe inherent risk in collecting lots of user data in a single location. When there isa single resource that is being trusted to maintain the privacy of information, youintroduce a situation where the impact of compromising them is highly valuable,therefore dramatically increasing risk of compromise.
Insurance operates as a business and is therefore driven primarily by cost andprofit considerations. The major difficulties with the existing business includeshigh risk of large data disclosure, limited ability of data tracking, low trans-parency of assessment system. The auto insurance industry as a whole experi-ences a number of common challenges: processing insurance claims is a massivelyslow and resource intensive process which involves determining fault assessingvalues, and negotiating between insurance companies as well as individual clients.More specific to data-driven or "telematic" insurance schemes, challengesinclude promoting mass participation, user privacy, and demonstrating clear ad-vantages to users. While there is precedent for their use, participation in existingdata-driven systems such as Progressive Snapshot [12] and Allstate Drivewise [8]is not a widespread practice. These offerings tend to offload data directly to theorganizations with little or no user control over the extent in which their datais used. Clearly these existing technologies are not particularly privacy focused.Likewise, is it scarcely obvious to the user exactly what risk assessment schemesare being employed. In this way these systems are somewhat of a "blackbox"with an unclear value proposition as mere add-ons to traditional schemes.
A fair data-driven insurance system needs to be dynami-cally responsive to user behavior, but also verifiable when necessary and consis-tent in assigning risk. Traditional insurance offerings leave the client with littleability to ensure that the decisions about their insurance fee or claims are beingmade in good faith or actually utilizing the data they are providing. This canlead to inconsistency and arbitrary decision making that is motivated by causesoutside of the user’s immediate circumstances. Insurance organizations mightmake decisions based on profit margins, quotas, or a lack of sufficient evidence.3 .2.2 Privacy
Existing data-driven auto insurance schemes are notably notprivacy focused. These systems encourage the installation of tracking equipmentand applications with little guarantee in the way of data use beyond suggestionsof potential monetary savings. Instead of simply transmitting user data off forexternal computation and data-mining, we believe an ideal embodiment of adata-driven insurance product would perform computations locally and onlytransmit/disclose what is critical to the insurance process. While the existingparadigm is for insurance organizations to process data themselves, it shouldbe possible to move this processing to the user side and limit unnecessary datasharing. In such a system the user’s device could process the risk itself—accordingto predefined rules—and publish risk scores along with related info such as whatspecific rules are violated and evidence that was used to make the assessment. Asspecific violated rules and evidence would be of secondary importance comparedto the risk assessment itself, these ancillary outputs could be protected andreleased in a controlled manner, only when necessary.
An optimal embodiment of data-driven insurance would be one where expen-ditures on either side of the transaction are minimized with the resolution ofinput data directly corresponding to the resolution of costs and fees associatedwith participation in the system [10]. A system where risks and costs can beassessed actively with minute to minute or second to second precision lends it-self to a novel pricing where the expense to the user can be directly associatedwith their use of the insured vehicle. This usage-based pricing structure is some-thing we believe can be embodied by our proposed system. Such usage-basedpricing can also introduce new use cases and product offerings that are presentlyunattainable by traditional pricing and data collection schemes.
Our solution is based on the characteristics of behaviors and events from theview of the insurance company. Behaviors and events are obfuscated from theview of the insurance company as to not reveal precise sensitive details about theinsured party. Data is logged with risk scores analyzed and published activelywhile the specific risk-contributing behaviors and data logs are encrypted andnot shared in real time. This time buffer reduces compromising insight into eachuser’s personal behavior. In order to measure and track risk levels, rules arepredefined by the insurance organization to weight different behaviors and datapoints.Decryption only takes place for particular instances of data with the per-mission of the insured party. By protecting information and making it easilyaccessible when needed (making a claim, etc) we reduce the difficulty of makinga claim when complicated negotiations need claims and faults need proof.4xisting insurance offerings require large amounts of statistical backgroundabout the habits of groups of individuals. We envision several novel use casesbeyond traditional coverage of individuals. First, an insurance product for orga-nizations: for fleets of cars in a set of company owned vehicles, rental companieswith short term coverage, or offered to contractors for fleet organizations suchas Uber(Eats), Postmates, etc. Second, an insurance product for individualswith emphasis on usage-based dynamic pricing. Third, an insurance product forrobots/autonomous vehicles: measuring the risk of a vehicle’s use directly intro-duces the possibility to insure autonomous or remotely operated vehicles basedon corresponding risk factors.
The system is primarily constructed of insured parties and insurance companies.In traditional insurance it is particular individuals who are insured in their useof a given item (i.e. a specific person’s use of a vehicle), as different individualstend to have different risk profiles that affect their likelihood of filing a claim(i.e teenage boys are generally riskier than teenage girls). While this type of feestructure can certainly still be supported, here we put specific focus directly onthe items that are insured because we are more intimately interested in the riskprofiles of the items themselves and how they are used.
The Smart Auto Insurance system is comprised of 1 to N insurance organizationsand any number of individuals enrolled with the organization of their choice.Their system can theoretically be entirely separate between competitor organi-zations, however we will see that there can be certain advantages to operatingwith a combined, interoperable system.Enrollment in the Smart Auto Insurance system identifies a vehicle withthe insurance provider alone. With of this identification, the system may beconsidered as an addition to traditional schemes. Smart Auto Insurance allowsfor factoring in policy type information associated with the account that wouldnot necessarily be conveyed by other data measures (vehicle type, age, etc).We emphasize that being able to utilize high resolution first-person data mayreduce the need to resort to broader actuarial predictions or generalizations.We envision the Smart Auto Insurance system as a product of its own. In thisway, the scheme can be much more personalized to individual behaviors and notnecessarily need a possibly biased "client profile," since risks can be measuredmore directly [4].Upon enrollment in the system, each vehicle will be given an OBD-II orsimilar diagnostics processing device or an individual may install a smartphoneapplication. These diagnostics tools will allow for the logging and processing ofvehicle data to generate EventData (risk values, violated rules, and evidence).Most notably, metrics are not transmitted directly. Risk rules are computedand then results are published as EventData according to its specific use. Since5 ig. 1.
System model of Smart Auto Insurance the insurance fee can be determined without direct data access, it is possiblethat there is no need to reveal the data unless someone is trying to make aninsurance claim or otherwise audit the system. – Parties • Insured Vehicles, Owners of • Insurance Companies – Assumptions • Insured parties seek to insure specific items/vehicles/etc. • Insurance risk rating rules can be predefined • Existence of Blockchain Hosts • Existence of the Cryptography as a Service System (4.1.2) • (Optionally) Existence of global data sources via an oracle of that infor-mation The system can be summarized by four high level procedures split between localand smart contract based execution. These phases include collecting the requisite6ata, securely processing it according to predefined rules, generating disparateoutputs for publishing, and publishing these outputs according to their use andaccess limitations within the system. Procedures include:
Log Data:
Active monitoring for vehicle behaviors and incidents, logging datalocally (off-chain) according to observations for later computation.
Risk Assessment:
Periodic assessment of risk levels and "rule violations" lo-cally (off-chain) utilizing the data that is recorded in previous procedure.Computed using rule table published by insurer ahead of time.
Publish Events:
After RiskAssessment, publish computed risk levels; publish(1) violated rules, and protect this information for controlled release; publish(2) "evidence data" that was used to trigger the given rule, and protect thisuntil joint action with user and insurer.
Reveal Protected Information:
Decrypt the encrypted (1) violated rules or(2) evidence data using the single use symmetric key that encrypted it.
Individuals have an incentive to participate in the system for the possibility ofsaving money and they do not have to reveal personal information. Likewise,insurance organizations have an incentive to participate in the system for theclaim processing ease and possible cost savings. Both parties have an incentive tounlock personal information when an insurance claim is being made. If risks areassessed correctly, this also creates a pressure to drive more safely. The systempermits a variety of possible scoring mechanisms as determined by implementers,which can lead to varied individual incentives and possible market competition.
For our design of Smart Auto Insurance, we strive for the highest privacy privacythat is practically attainable. Under ideal circumstances would we not be sharingany information, but in order to construct a practical system there needs tobe some concessions. We are interested mainly in eliminating the ability forarbitrary use of large amounts of personal information while still supporting therequired computations in throughout the system.
Therefore, our privacy goals are as follows:1. Eliminate the need for offloading raw data to external parties.2. Eliminate the need for black box data processing.3. Do not publicly publish potentially compromising data.4. Do not trust any single party with protecting potentially compromising data.5. Reveal only the information required to perform a given insurance relatedfunction (determining payment amounts, processing claims, etc.).6. Obfuscate the origin of the information that must be shared.7 .1.2 Cryptography as a Service with Evolving-Committee PSS
Akey facet of the privacy protection in the Smart Auto Insurance system relieson the ability to trust a blockchain itself with controlled release of secrets. Inthis way, the system protects data for privacy purposes while operating as anindependent platform that yields information when the right conditions are met.The work by F. Benhamouda et al. describes a robust system for a "Evolving-Committee Proactive Secret Sharing" scheme which introduces the ability forarbitrary secret keeping in a resilient manner [7]. The full applications of such ascheme are beyond the scope of this paper, but our interest for the Smart AutoInsurance system is in how it can enable, as they describe, "Cryptography as aService".Cryptography as a Service in this circumstance is effectively a tool that allowsfor the Smart Auto Insurance system to encrypt data, hand off the key, and trustthat the key will be released in a controlled fashion. The control conditions can bedefined by either a time duration or join action between parties. Once released,the Smart Auto Insurance’s RevealProtectedInformation procedure can accessthe key, download the relevant data (either a violated rules list or evidence data),and decrypt the information for further use. Critically, this scheme allows forthe protection of arbitrary secrets and gives us a means to dynamically protectindividual EventData publications based on their privacy requirements withouttrusting any single party.
Offline computation requires that insurance orga-nizations commit to specific (versionable) breakdowns of risk rules, which canmake analysis less hidden and increase transparency. The actual scoring is some-what arbitrary but would need to be computable offline, from locally recordedmeasurements. There should be joint action from both the user and the companyfor revealing evidence data, which is stored data off-chain in a secure manner.A possible inclusion to the system could allow users to include further evidencethan what is recorded automatically when such as photos and video from adash-cam, smartphone, or other device."EventData" is the collection of computation inputs and results that areproduced and published every time the RiskAssessment procedure is run. Event-Data is composed of three distinct components: a summed risk score, the list ofviolated rules that were triggered to produce the risk score, and the evidencedata that was processed to trigger these rules. Each of these components has adifferent use in the system and protection methodology as described below. – Off-chain Data • Logged data: Data logs are recorded periodically to local storage on theinsured item’s device for processing by the RiskAssessment procedure. • Device signing key: Upon enrollment with their respective insurance or-ganization, a signing key is generated for local storage that will be usedto validate that data contributions originate from the device in question. • External data: (Optional) The system can permit the inclusion of rulesbased on data that originates from an oracle of the information. For8xample, time-based rules with an external time authority seem like anobvious interest; however, risk assessments based on public records offirms such as trulia.com may also be of interest if they can be trusted. • Evidence data: The third component of EventData, evidence data isencrypted with a single use symmetric key and then published every timethe RiskAssessment procedure is run. This data is used to back insuranceclaims as well as validate that the risk assessment is accurate in the eventof an audit. Due to the weight of the data (possibly upwards of megabytesper publication), it is stored off-chain with the URL to the encrypteddata included on-chain. The precise off-chain location is not particularlysignificant, but if a decentralized (and incentivized) storage approachis desirable, then an integration with IPFS [5] and/or Filecoin [6] iscertainly attainable. See Table 2 for some examples. – On-chain Data • User Device UUID: Each insured item/vehicle will have a unique iden-tifier registered with the respective insurance organization upon enroll-ment. This ID is known by the item’s application itself as well as theinsurance organization but obfuscated upon event publication to reducetracking ability of other individuals. • Rule tables: Insurance organizations will publish rule tables that describehow the RiskAssessment procedure should be evaluating the risk of vari-ous data points. Similarly to user contributions, insurance organizationswill sign rule table publications to confirm their validity. As rules tablesare identifiable by organization and version tracked on the ledger, thesystem will be able to identify what the applicable rule set is for a giventime interval. See Table 1 for some examples. • Event risk scores: The first component of EventData, the risk score eval-uations from each run of RiskAssessment are published in plaintext forthe insurance organization to use when billing the user. • Violated rules lists: The second component of EventData, the list ofviolated rules is encrypted with a single use symmetric key. • Encryption key for violated rules list: For each publication following thedata processing by the RiskAssessment procedure, a single use symmetricencryption key (i.e. AES [1]) is generated to encrypt just the list ofviolated rules. This key is then handed off to the Cryptography as aService mechanism for protection of the secret and controlled release(see 4.1.2). • Encryption key for evidence data: For each publication following thedata processing by the RiskAssessment procedure, a single use symmetricencryption key is generated to encrypt just the evidence data that backsthe RiskAssessment results. Likewise, this key is then handed off to the As a part of the service on the website trulia.com, crime maps are integrated fromorganizations such as spotcrime.com that aggregate crime reports from local agenciesin various areas. It is not to say that such reports are unbiased or a perfect charac-terization of risk, but if deemed trustworthy, the conclusions of such organizationsmay be relevant in evaluating situational risk.
Under most circumstances we would have a strictrequirement for ensuring that a user’s data inputs are valid. Aside fromtrusted inputs provided by an oracle, we would be pressed to validate thatuser inputs are honest and correct. However, because of the transactionalnature of such an insurance scheme and the requirement of proof when mak-ing a claim, we effectively create a game where users are disincentivized frombehaving maliciously. The game is constructed as follows:1. The two parties are insured individuals and insurance organizations.2. Both parties seek to minimize costs and maximize self-benefit.3. Insured individuals will be required to pay an insurance fee for partici-pation in the system at all times, not just when there is a claim.4. The fee required from individuals is proportional to the assessed risk oftheir behavior based upon their data inputs.5. Insured individuals will file claims to reduce their financial liability whencertain events (i.e. damages) occur.6. Insurance organizations only accept claims which are accompanied bysubstantiated evidence demonstrating the circumstances of the damages.7. A user only receives a benefit from participating when they can makesuccessful claims.8. Events which require a claim are unpredictable.Statements 2 and 4 imply that a user may have an incentive to provide falseinputs to the system that do not accurately reflect their risk, in order tominimize costs. However, statement 8 implies that a user cannot easily knowone way or the other whether an event requiring a claim will occur and adjusttheir behavior accordingly. Statements 5 and 6 imply that a user must bebehaving honestly in order to make a valid claim and receive a benefit fromthe system. Statements 2 and 7 imply that a user would not participate inthe system if they unable to make successful claims (and receive a benefit).As such a user couldn’t choose to behavior honestly just to make a validclaim without behaving that way overall. In this way, a malicious user hasweak chances of any gain from the system and more so little incentive toparticipate in the system at all due to the cost commitments of participating.
Against a malicious insurance organization:
Instead of the traditional ac-tuarial process that happens behind closed doors following whatever rulesand principles that the organization sees fit, by requiring that risk be com-puted in real time and off-line, we introduce the need for insurance orga-nizations to predefine rules and publish clearly how risk is computed. Thisoperating principle creates a number of distinct advantages for the securityand soundness of the system. Most significantly, insurance organizations thatseek to participate in such a system will be required to have a certain level10f transparency is their rule definitions. Furthermore, this also decreases theinsurance organization’s ability to misuse the wealth of data it is being pro-vided. In contrast to existing data driven schemes that simply feed data offfor to remote servers for computation, Smart Auto Insurance increases thesecurity and expectation of soundness experienced by the users by reducingan insurer’s ability to leak, sell, or otherwise distribute user data en mass. (Track behaviors/incidents) This procedure is effectively a measure-ment loop which samples values each at its predetermined interval. Not everydata point needs to be collected at the same frequency. In addition to mea-surement tracking there ought to be logging to detect connecting, removingthe device itself, starting, and stopping use of the vehicle. – Input: list of points to measure and their frequencies – Output: log files to be processed by RiskAssessment
Risk Assessment:
At an interval prescribed by the system’s parameters, thelogging device or mobile device runs the RiskAssessment procedure. Thisprocedure utilizes the data logs and predefined rule-sets to determine thedevice’s score in a given interval. Importantly, this process occurs locally onthe measurement device using a rule-set that the insurer has published andsigned. – Input: logged data (local), predefined rule-set (on-chain) – Output:
EventData comprised of the 1) risk score, 2) list of violatedrules, 3) logged evidence data from the interval
Publish Events:
This procedure protects EventData and then publishes Event-Data to the ledger and external database. It generates single use AES sym-metric encryption keys which are used to separately encrypt the violatedrules and evidence. It then hands off these secrets for management by theCryptography as a Service scheme. The mobile device doing the processingalso signs its data contributions with the key registered with the insurer sothat it is possible to identify the origin of the contribution if it ever needs tobe decrypted. Finally the procedure invokes smart contracts to publish theseuser contributions (risk score, encrypted rules, and encrypted evidence). – Input:
All EventData (outputs from RiskAssessment) – Output:
Risk score (on-chain), encrypted list of violated rules (on-chain), single use symmetric key for violated rules, URL to encryptedoff-chain evidence data, single use symmetric key for evidence
Reveal Protected Information:
This procedure runs via a smart contract toaccess and decrypt either or both the list of violated rules and the evidenceof each offense. Following the use of Cryptography as a Service, (see section4.1.2) when a time limit has passed or there is joint action between the clientand insurer, we use the secret to decrypt and return plaintext data. This datacan then be used to process an insurance claim, audit the system, etc. Asviolated rules and evidence are protected separately, they can be revealedseparately: i.e violated rules revealed after a sufficient time as passed toreduce trackability of user; evidence, only upon making a claim.11 rganization ID Rule
CompanyOne R1 Precipitation Boolean value is True + m/s value ≥
30 +10 × ( value − )CompanyOne R3 Acceleration Float m/s | value | ≥ + value ≥ Table 1.
Examples of rule table information
Field Name Data Type Sampling Freq. Output Value Time recorded ISO8601
Precipitation Boolean 0.5 Hz True ’2021-01-31T16:40:44.26’Precipitation Boolean 0.5 Hz True ’2021-01-31T16:40:46.26’Precipitation Boolean 0.5 Hz False ’2021-01-31T16:40:48.26’Velocity Float m/s m/s m/s m/s m/s m/s Table 2.
Examples of log data – Input: single use symmetric keys from Cryptography as a Service, vio-lated rules ciphertext (on-chain), URL to evidence data – Output: violated rules plaintext or evidence plaintext
To demonstrate the viability of the system proposed here, a simple proof-of-concept was implemented using Java and Ethereum (Solidity). This implemen-tation simulates the processes of logging data; accessing the data logs to runa RiskAssessment; collecting, encrypting, and publishing results; and finally re-trieving encrypted data. To conduct the experimental we ran the simulationprocess described above 100,000 times while timing each phase and collectedstatistics about the mean, maximum, minimum, and standard deviation of run-times for each stage. The log files for each test represent a 5 minutes (300 second)interval with the frequencies denoted in table 1. Log files are pseudo-randomlygenerated in the LogData phase with weights that produce data that are qualita-tively similar to their practical values. Table 1 denotes examples of the types ofrules that could be computed by the RiskAssessment procedure. Table 2 demon-strates what data outputs of the system look like.12
Evaluation
Finally, we evaluate the success of our proposed Smart Auto Insurance systemagainst the identified weaknesses of traditional insurance, our privacy goals, andthe limitations of the similarly motivated work Smart Cyber Insurance [15].Compared to the status quo, we believe Smart Auto Insurance represents animprovement to both privacy and data handling. By taking advantage of readilyavailable data sources (OBD-II/diagnostics/etc) and well defined risks, we areconfident that existing technologies can support the novel aspects of the system.By establishing methodologies for trusted processing of data on the user sideand conveying the minimum information for billing, we adequately protect userinformation and only reveal protected details when the user makes a claim.Both our system and the Smart Cyber Insurance system heavily emphasizethe utility of dynamic score of risk for particular environments with the goal ofcreating a dynamic risk scoring system. A dynamic risk scoring system enablesadvanced pricing of insurance schemes. Both schemes measure the level of risk inan environment based on observed risk factors and both have sets of risk factorsthat can be assigned varying levels of severity.A distinction between these systems is the nature their risks. Smart CyberInsurance has an extremely broad set of possible risks that require constant up-dates from a trusted data source in order to remain viable. Smart Auto Insurancehas a rather well defined and closed class of risk factors. It may be possible toexhaustively prescribe risk levels for relevant factors without routine updating.Furthermore, Smart Cyber Insurance has what can be described as a datainput problem. In order to operate, the system has to presuppose some datainput through the "device manager" and the administrator of the network. Thismay be a significant assumption because there are not necessarily simple andwell defined ways to ensure comprehensive data tracking and input. More so,the collection of these data by the manager creates a risky data-pool. Ideally, anetwork administrator would know what is installed and would control it, butthis can be a point of difficulty in any practical implementation. With SmartAuto Insurance, insurance offerings have already demonstrated effective datacollection through of OBD-II readers and smartphones.In Smart Cyber Insurance, the scheme is only specifically described in termsof a network of devices controlled by a single organization. This is not directlyapplicable to individuals and the individuals who participate under the orga-nization are not in control of their data contributions. One of the main issuesis that the data input methodologies that are most likely feasible for organiza-tions do not necessarily work for individuals. Additionally, there is greater risk inspecifically pairing risk levels to individuals in cyber insurance because you cancreate inadvertent targets for attacks. That is, in order to assign risks one needsto match vulnerabilities to devices, which can be compromising to individuals.The scheme works in collections of devices to reduce this exposure.In Smart Auto Insurance, there is not the same concern for creating targets asthere is for Smart Cyber Insurance because the nature of the risk is different. Forauto insurance, the risk is almost exclusively the danger of monetary loss for the13river, company, and other drivers through operation of a vehicle. Furthermore,the Smart Auto Insurance risk is circumstantial or transient and not necessarilya trait which increases an individual’s chance of being a target. Due to this,knowing of one’s "unsafe" behavior in vehicle operation is unlikely to create ascenario that makes them a greater target for further risk in the way havingmany software vulnerabilities would in the realm of cyber insurance.
The main concern of the Smart Auto Insurance system is ele-vating and emphasizing privacy in the (data-driven) insurance process. Notably,the system succeeds in minimizing data sharing and the resulting privacy risks.
We find the system to be at minimal risk of ma-licious users gaining any practical benefit. Our analysis suggests that undertypical operating circumstances a user would be unconfident in their abilityto make dishonest successful insurance claims. Without the ability to makeinsurance claims to receive a benefit, malicious users have no incentive toparticipate in the system as participating has an associated monetary cost.
Against a malicious insurance organization:
While the nature of insuranceclaims makes it difficult to fully remove an insurance organization’s ability tomake arbitrary, closed-door decisions, we believe the Smart Auto Insurancesystem represents an improvement on the status quo by requiring the pre-definition of evaluation rules. Furthermore, by not sending data directly tothe insurance organization and processing data locally, we achieve a systemthat dramatically reduces the ability for an insurer to mishandle user data.
To demonstrate the system is both feasible and practical, it is important toshow that it is efficient enough to run in real time without disproportionatelylarge computational resources. Efficiency of the secret storage, protection, andmanagement is demonstrated by [7], where it is shown that complexity followson the order of the relatively small committee size with each party’s computationon the order of log(N total parties). Therefore, our main concerns are with theperformance of the logging, risk analysis, and encryption processes.
Space requirements of the system are not of particular concernbecause there is precedent for this type of data logging procedures. Smartphonesand OBD-II based devices in insurance already work in the way we’re propos-ing. Logs only need to persist for the duration preceding their processing: here,about 42 kilobytes per interval on average. On-chain storage is limited to a riskscore value, a string containing the list of violated rules per interval, and a string14roviding the URL of evidence data off-chain: easily under 1 kilobyte per publi-cation even with many rules. Uploads of encrypted evidence data are similarlyreasonable being always less than or equal to the amount of data logged in aninterval: no more than a few megabytes per interval even with 100 times thepoints. The practicality of the Smart Auto Insurance system relies on thelogging, processing, and publication of data being able to happen actively with-out a processing backlog. As established, the quantities of data which need to bepublished and uploaded are certainly reasonable so our main concern is regard-ing RiskAssessment and data encryption. These are worth highlighting becausethe data processing involves running r rules against a point at frequency f Hzfor the entire interval of I seconds for each data series s . This requires a mini-mum of O ( rf Is ) basic operations, and then encrypting each series that containsrules offending points. Our proof of concept finds that these processes take onaverage 5.36 ms and 1.49 ms, respectively. While the example only processedfour distinct rules on four separate series, this performance suggests we couldhave four orders of magnitude slower performance without risking falling behindthe 300 second RiskAssessment interval. Performance will decrease through useof a slower processor (such as an embedded device) or greater distinct rules. We have presented a system which can, in principle, enable cost-minimized,usage-based, telematic insurance with claims that are easier to process and ne-gotiate through managed data commitments. The Smart Auto Insurance systemallows for controlling the release of sensitive data to aid in both data privacyand fault negotiation endeavors while also serving as a global record for riskrating rules. It does so while introducing minimal computational or storage re-quirements. While initial assumptions about the validity of input data may seemstrong, we maintain that enforcing the highly transactional nature of the SmartAuto Insurance system creates a game in which users must play fairly to beconfident they can gain. Future investigation may include more deeply explor-ing nuances of the game at hand to ensure assumptions about player behaviorhold in practical insurance schemes and more rigorously evaluating what rulestructures are permissible (i.e. if there are any practical limitations). Moreover,possible extensions to the protocol such as an active driver feedback mecha-nism or more direct financial incentivization of lower risk driving through OCCapproved stablecoin [11] collateral/payments may be considered. With the exception of instances when a user includes audio, image, or video data asevidence, though these are not expected to be a constant inclusion like other data. The phrasing of distinct rules is particular because related rules with shared inter-mediaries or fewer rules with more complex conditions may process faster. eferences Advanced encryption standard (AES)
Risks , 4:10, 04 2016.5. Juan Benet. IPFS - content addressed, versioned, P2P file system.
CoRR ,abs/1407.3561, 2014.6. Juan Benet and Nicola Greco. Filecoin: A decentralized storage network.
ProtocolLabs, San Francisco, CA, USA, Tech. Rep. , 2018.7. Fabrice Benhamouda, Craig Gentry, Sergey Gorbunov, Shai Halevi, HugoKrawczyk, Chengyu Lin, Tal Rabin, and Leonid Reyzin. Can a public blockchainkeep a secret? In Rafael Pass and Krzysztof Pietrzak, editors,
Theory of Cryptog-raphy - 18th International Conference, TCC 2020, Durham, NC, USA, November16-19, 2020, Proceedings, Part I , volume 12550 of
Lecture Notes in Computer Sci-ence
Intelligent Data analysis and its Applications, Volume I , pages 413–420,Cham, 2014. Springer International Publishing.10. Dimitris Karapiperis. Usage-based insurance and vehicle telematics: Insurancemarket and regulatory implications.
NAIC CIPR Study , pages 1–4, 2018.14. Casualty Actuarial Society. Making the economics of telematics work for insurers.
Insurance Journal , 2014.15. Jianan Su, Michael Bartholic, Andrew Stange, Ryosuke Ushida, and Shin’ichiroMatsuo. How to dynamically incentivize sufficient level of iot security. In
FinancialCryptography and Data Security - FC 2020 International Workshops , volume 12063of
Lecture Notes in Computer Science , pages 451–465. Springer, 2020., pages 451–465. Springer, 2020.