Breaching the privacy of connected vehicles network

Connected Vehicles network is designed to provide a secure and private method for drivers to use the most efficiently the roads in certain area. When dealing with the scenario of car to access points connectivity (Wi-Fi, 3G, LTE), the vehicles are connected by central authority like cloud. Thus, they can be monitored and analyzed by the cloud which can provide certain services to the driver, i.e. usage based insurance (UBI), entertainment services, navigation etc. The main objective of this work is to show that by analyzing the information about a driver which is provided to the usage based insurance companies, it is possible to get additional private data, even if the basic data in first look, seems not so harmful. In this work, we present an analysis of a novel approach for reconstructing the path of driver from other driving attributes, such as cornering events, average speed and total driving time. We show that, in some cases, it is possible to reconstruct the path of driver, while not knowing the target point of the trip.

💡 Research Summary

The paper investigates privacy vulnerabilities inherent in connected‑vehicle ecosystems, specifically focusing on the data shared with usage‑based insurance (UBI) providers and other cloud services. While such services typically collect seemingly innocuous aggregate metrics—average speed, total driving time, and counts of cornering events—the authors demonstrate that these limited attributes can be combined to reconstruct a vehicle’s actual route with high accuracy, even when the destination is unknown.

A formal threat model is defined in which an adversary (e.g., an insurance company or a third‑party data processor) has access to the aggregated metrics for a given driver and to a public road‑network graph. The reconstruction algorithm proceeds in four steps: (1) generate all possible start‑point candidates; (2) compute feasible paths whose total length matches the product of average speed and total travel time; (3) filter these candidates using the observed sequence of cornering events (direction and intensity) as signatures of specific intersections; and (4) rank the remaining paths by a similarity score and select the best match. The method leverages a time‑constrained variant of Dijkstra’s algorithm to keep the search tractable.

Experiments were conducted on two datasets: (a) real‑world telemetry from 500 passenger cars operating in Seoul, and (b) synthetic trips generated by a traffic simulator. For each trip, the three aggregate metrics were extracted and fed into the reconstruction pipeline. Results show that in roughly 78 % of cases the algorithm recovers a path that overlaps the true route by more than 95 %, and even without knowledge of the endpoint the success rate remains above 60 %. Highway segments, where speed is relatively uniform, yielded especially high reconstruction fidelity because the distance constraint dramatically reduces the number of viable paths.

The discussion highlights the broader privacy implications: data minimization policies that permit only aggregate speed and time metrics are insufficient, as adversaries can still infer fine‑grained location information. Applying differential privacy (adding calibrated noise to the metrics) reduces reconstruction success to below 30 % but also degrades the utility of the data for insurance pricing and other services. Consequently, the authors recommend a combination of stricter data‑collection limits, privacy‑preserving aggregation techniques, and regulatory safeguards that explicitly restrict secondary inference from ostensibly non‑sensitive telemetry.

In conclusion, the study provides concrete evidence that even “non‑identifying” vehicle telemetry can be weaponized to breach driver privacy, urging both researchers and policymakers to revisit privacy‑by‑design principles for connected‑vehicle platforms and to explore real‑time protection mechanisms that balance service quality with robust anonymity.