PRICAR: Privacy Framework for Vehicular Data Sharing with Third Parties


In-vehicle infotainment (IVI) platforms are getting increasingly connected. Besides Original Equipment Manufacturer (OEM) apps and services, the next generation of IVI platforms are expected to allow integration of third-party apps, such as usage-based insurance (UBI). Under this anticipated business model, vehicular sensor and event data can be collected and shared with selected third-party apps. However, third-parties can be malicious and have easier access to the driver’s data. Several research projects and commercial products also show the possibility of leaking sensitive private information such as vehicle location via seemingly benign vehicular sensors, which can, in turn, harm the driver’s privacy. Furthermore, increasing privacy regulations worldwide, such as GDPR, make privacy a major issue for the automotive industry. To overcome these problems, we present PRICAR, a framework for privacy-preserving vehicular data collection and sharing with third-parties. It enforces three data privacy goals — minimization, anonymization and sanitization — while focusing on the last one. We describe and evaluate how to sanitize user data before sharing it with a third-party by adapting two well-known techniques from anomaly detection, Change-Point Detection (CPD) and Entropy-Based Detection (EBD).

In 2023 IEEE Secure Development Conference (SecDev)
Mert D. Pesé
Mert D. Pesé
Assistant Professor

My research interests include automotive security and privacy.