24 days ago

Innovation in Inner Space

  Long-time readers know that I have a rather varied set of interests and that I’ve got a “thing” for history, particularly military history. Knowing that, it shouldn’t come as a surprise that I was recently reading an article titled “Cyber is the fourth dimension of war” (ground, sea and air being the first three […]

4 months, 1 day ago

What is Open FAIR™?

By Jim Hietala, VP, Business Development and Security, The Open Group Risk Practitioners should be informed about the Open FAIR body of knowledge, and the role that The Open Group has played in creating a set of open and vendor-neutral … Continue reading

4 months, 9 days ago

Form Follows Function on SPaMCast 426

One of the benefits of being a regular on Tom Cagley’s Software Process and Measurement (SPaMCast) podcast is getting to take part in the year-end round table (episode 426). Jeremy Berriault, Steve Tendon, Jon M. Quigley and I joined Tom for a discussion of: Whether software quality would be a focus of IT in 2017 […]

4 months, 14 days ago

Looking Forward to a New Year

By Steve Nunn, President & CEO, The Open Group As another new year begins, I would like to wish our members and The Open Group community a happy, healthy and prosperous 2017! It’s been nearly 15 months since I transitioned … Continue reading

6 months, 17 days ago

China’s Cybersecurity Law Challenges Foreign Companies To Accelerate Their Digital Transformation

On November 7, China’s top legislature adopted a cybersecurity law to safeguard the sovereignty on cyberspace, national security, and the rights of citizens. The law has seven chapters that define specific regulations in various areas, such as network …

7 months, 4 days ago

EAdirections Tenth Anniversary Observations

Through ten years of working with dozens of companies, we have seen a lot of good and some not so good developments related to Enterprise Architecture. In recognition of those 10 years, those dozens of companies, and continued success, we would like t…

8 months, 5 days ago

The Open Group Paris Event to Take Place in October 2016

The Open Group, the vendor-neutral IT consortium, is hosting its next global event in Paris, France, between October 24-27, 2016. The event, taking place at the Hyatt Regency Paris Étoile, will focus on e-Government, as well as how to address … Continue reading

9 months, 28 days ago

The Open Group Austin 2016 Event Highlights

By Loren K. Baynes, Director, Global Marketing Communications, The Open Group During the week of July 18th, The Open Group hosted over 200  attendees from 12 countries at the Four Seasons hotel on the beautiful banks of Lady Bird Lake … Continue reading

11 months, 21 days ago

As How You Drive

I have been discussing Pay As You Drive (PAYD) insurance schemes on this blog for nearly ten years.

The simplest version of the concept varies your insurance premium according to the quantity of driving – Pay As How Much You Drive. But for obvious reasons, insurance companies are also interested in the quality of driving – Pay As How Well You Drive – and several companies now offer a discount for “safe” driving, based on avoiding events such as hard braking, sudden swerves, and speed violations.

Researchers at the University of Washington argue that each driver has a unique style of driving, including steering, acceleration and braking, which they call a “driver fingerprint”. They claim that drivers can be quickly and reliably identified from the braking event stream alone.

Bruce Schneier posted a brief summary of this research on his blog without further comment, but a range of comments were posted by his readers. Some expressed scepticism about the reliability of the algorithm, while others pointed out that driver behaviour varies according to context – people drive differently when they have their children in the car, or when they are driving home from the pub.

“Drunk me drives really differently too. Sober me doesn’t expect trees to get out of the way when I honk.”

Although the algorithm produced by the researchers may not allow for this kind of complexity, there is no reason in principle why a more sophisticated algorithm couldn’t allow for it. I have long argued that JOHN-SOBER and JOHN-DRUNK should be understood as two different identities, with recognizably different patterns of behaviour and risk. (See my post on Identity Differentiation.)

However, the researchers are primarily interested in the opportunities and threats created by the possibility of using the “driver fingerprint” as a reliable identification mechanism.

  • Insurance companies and car rental companies could use “driver fingerprint” data to detect unauthorized drivers.
  • When a driver denies being involved in an incident, “driver fingerprint” data could provide relevant evidence.
  • The police could remotely identify the driver of a vehicle during an incident.
  • “Driver fingerprint” data could be used to enforce safety regulations, such as the maximum number of hours driven by any driver in a given period.

While some of these use cases might be justifiable, the researchers outline various scenarios where this kind of “fingerprinting” would represent an unjustified invasion of privacy, observe how easy it is for a third party to obtain and abuse driver-related data, and call for a permission-based system for controlling data access between multiple devices and applications connected to the CAN bus within a vehicle. (CAN is a low-level protocol, and does not support any security features intrinsically.)


Sources

Miro Enev, Alex Takakuwa, Karl Koscher, and Tadayoshi Kohno, Automobile Driver Fingerprinting Proceedings on Privacy Enhancing Technologies; 2016 (1):34–51

Andy Greenberg, A Car’s Computer Can ‘Fingerprint’ You in Minutes Based on How You Drive (Wired, 25 May 2016)

Bruce Schneier, Identifying People from their Driving Patterns (30 May 2016)

See also John H.L. Hansen, Pinar Boyraz, Kazuya Takeda, Hüseyin Abut, Digital Signal Processing for In-Vehicle Systems and Safety. Springer Science and Business Media, 21 Dec 2011

Wikipedia: CAN bus, Vehicle bus


Related Posts

Identity Differentiation (May 2006)

Pay As You Drive (October 2006) (June 2008) (June 2009)